Bumped hash on master to 6.0.4

Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	config/version.php

.all-contributorsrc

@@ -135,7 +135,8 @@
       "avatar_url": "https://avatars0.githubusercontent.com/u/10137?v=3",
       "profile": "https://github.com/ghost",
       "contributions": [
-        "translation"
+        "translation",
+        "code"
       ]
     },
     {
@@ -1956,6 +1957,677 @@
       "contributions": [
         "code"
       ]
+    },
+    {
+      "login": "giannello",
+      "name": "Giuseppe Iannello",
+      "avatar_url": "https://avatars.githubusercontent.com/u/551789?v=4",
+      "profile": "https://github.com/giannello",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "PeterDaveHello",
+      "name": "Peter Dave Hello",
+      "avatar_url": "https://avatars.githubusercontent.com/u/3691490?v=4",
+      "profile": "https://www.peterdavehello.org/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "sigmoidal",
+      "name": "sigmoidal",
+      "avatar_url": "https://avatars.githubusercontent.com/u/6106332?v=4",
+      "profile": "https://github.com/sigmoidal",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "phenixdotnet",
+      "name": "Vincent Lainé",
+      "avatar_url": "https://avatars.githubusercontent.com/u/2082554?v=4",
+      "profile": "https://github.com/phenixdotnet",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "derlucas",
+      "name": "Lucas Pleß",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1943040?v=4",
+      "profile": "http://www.lucas-pless.com",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "iansltx",
+      "name": "Ian Littman",
+      "avatar_url": "https://avatars.githubusercontent.com/u/472804?v=4",
+      "profile": "http://twitter.com/iansltx",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "PauloLuna",
+      "name": "João Paulo",
+      "avatar_url": "https://avatars.githubusercontent.com/u/3519029?v=4",
+      "profile": "https://github.com/PauloLuna",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "ThoBur",
+      "name": "ThoBur",
+      "avatar_url": "https://avatars.githubusercontent.com/u/70443365?v=4",
+      "profile": "https://github.com/ThoBur",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "alek13",
+      "name": "Alexander Chibrikin",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1972329?v=4",
+      "profile": "http://phpprofi.ru/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "winstan",
+      "name": "Anthony Winstanley",
+      "avatar_url": "https://avatars.githubusercontent.com/u/438332?v=4",
+      "profile": "https://github.com/winstan",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "fashberg",
+      "name": "Folke",
+      "avatar_url": "https://avatars.githubusercontent.com/u/3075214?v=4",
+      "profile": "https://github.com/fashberg",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "benwa",
+      "name": "Bennett Blodinger",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1351571?v=4",
+      "profile": "https://github.com/benwa",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "ncareau",
+      "name": "NMC",
+      "avatar_url": "https://avatars.githubusercontent.com/u/2974631?v=4",
+      "profile": "https://nmc.dev",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "andres-baller",
+      "name": "andres-baller",
+      "avatar_url": "https://avatars.githubusercontent.com/u/52182449?v=4",
+      "profile": "https://github.com/andres-baller",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "sean-borg",
+      "name": "sean-borg",
+      "avatar_url": "https://avatars.githubusercontent.com/u/67109348?v=4",
+      "profile": "https://github.com/sean-borg",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "EDVLeer",
+      "name": "EDVLeer",
+      "avatar_url": "https://avatars.githubusercontent.com/u/32170051?v=4",
+      "profile": "https://github.com/EDVLeer",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Kurokat",
+      "name": "Kurokat",
+      "avatar_url": "https://avatars.githubusercontent.com/u/23075196?v=4",
+      "profile": "https://github.com/Kurokat",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "koelle25",
+      "name": "Kevin Köllmann",
+      "avatar_url": "https://avatars.githubusercontent.com/u/915514?v=4",
+      "profile": "https://www.kevinkoellmann.de",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "sw-mreyes",
+      "name": "sw-mreyes",
+      "avatar_url": "https://avatars.githubusercontent.com/u/49025941?v=4",
+      "profile": "https://github.com/sw-mreyes",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "joelpittet",
+      "name": "Joel Pittet",
+      "avatar_url": "https://avatars.githubusercontent.com/u/70129?v=4",
+      "profile": "https://pittet.ca",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "elyscape",
+      "name": "Eli Young",
+      "avatar_url": "https://avatars.githubusercontent.com/u/792695?v=4",
+      "profile": "https://elyscape.com",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "raelldottin",
+      "name": "Raell Dottin",
+      "avatar_url": "https://avatars.githubusercontent.com/u/317015?v=4",
+      "profile": "https://github.com/raelldottin",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "misilot",
+      "name": "Tom Misilo",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1446856?v=4",
+      "profile": "https://github.com/misilot",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "JuustoMestari",
+      "name": "David Davenne",
+      "avatar_url": "https://avatars.githubusercontent.com/u/4496300?v=4",
+      "profile": "http://david.davenne.be",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "ocelotsloth",
+      "name": "Mark Stenglein",
+      "avatar_url": "https://avatars.githubusercontent.com/u/9255772?v=4",
+      "profile": "https://markstenglein.com",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "ajsy",
+      "name": "ajsy",
+      "avatar_url": "https://avatars.githubusercontent.com/u/35658596?v=4",
+      "profile": "https://github.com/ajsy",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "t3easy",
+      "name": "Jan Kiesewetter",
+      "avatar_url": "https://avatars.githubusercontent.com/u/3628035?v=4",
+      "profile": "https://github.com/t3easy",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Tetrachloromethane250",
+      "name": "Tetrachloromethane250",
+      "avatar_url": "https://avatars.githubusercontent.com/u/79449630?v=4",
+      "profile": "https://github.com/Tetrachloromethane250",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "kajes",
+      "name": "Lars Kajes",
+      "avatar_url": "https://avatars.githubusercontent.com/u/22004482?v=4",
+      "profile": "https://www.kajes.se/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Joly0",
+      "name": "Joly0",
+      "avatar_url": "https://avatars.githubusercontent.com/u/13993216?v=4",
+      "profile": "https://github.com/Joly0",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "limeless",
+      "name": "theburger",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1501022?v=4",
+      "profile": "https://github.com/limeless",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "deivishome",
+      "name": "David Valin Alonso",
+      "avatar_url": "https://avatars.githubusercontent.com/u/36065681?v=4",
+      "profile": "https://github.com/deivishome",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "andreaci",
+      "name": "andreaci",
+      "avatar_url": "https://avatars.githubusercontent.com/u/8290389?v=4",
+      "profile": "https://github.com/andreaci",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Jelle-S",
+      "name": "Jelle Sebreghts",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1828542?v=4",
+      "profile": "http://www.jellesebreghts.be",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Skywalker-11",
+      "name": "Michael Pietsch",
+      "avatar_url": "https://avatars.githubusercontent.com/u/11180862?v=4",
+      "profile": "https://github.com/Skywalker-11",
+      "contributions": []
+    },
+    {
+      "login": "sh1hab",
+      "name": "Masudul Haque Shihab",
+      "avatar_url": "https://avatars.githubusercontent.com/u/22068886?v=4",
+      "profile": "https://github.com/sh1hab",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "zybersup",
+      "name": "Supapong Areeprasertkul",
+      "avatar_url": "https://avatars.githubusercontent.com/u/16099942?v=4",
+      "profile": "http://www.freedomdive.com/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "psarossy",
+      "name": "Peter Sarossy",
+      "avatar_url": "https://avatars.githubusercontent.com/u/207358?v=4",
+      "profile": "https://github.com/psarossy",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "nepella",
+      "name": "Renee Margaret McConahy",
+      "avatar_url": "https://avatars.githubusercontent.com/u/11823649?v=4",
+      "profile": "https://github.com/nepella",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "JohnnyPicnic",
+      "name": "JohnnyPicnic",
+      "avatar_url": "https://avatars.githubusercontent.com/u/5553884?v=4",
+      "profile": "https://github.com/JohnnyPicnic",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "markbrule",
+      "name": "markbrule",
+      "avatar_url": "https://avatars.githubusercontent.com/u/8799594?v=4",
+      "profile": "https://github.com/markbrule",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "mikecmpbll",
+      "name": "Mike Campbell",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1962801?v=4",
+      "profile": "https://github.com/mikecmpbll",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "tbrconnect",
+      "name": "tbrconnect",
+      "avatar_url": "https://avatars.githubusercontent.com/u/11973217?v=4",
+      "profile": "https://github.com/tbrconnect",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "kcoyo",
+      "name": "kcoyo",
+      "avatar_url": "https://avatars.githubusercontent.com/u/12447225?v=4",
+      "profile": "https://github.com/kcoyo",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "travismiller",
+      "name": "Travis Miller",
+      "avatar_url": "https://avatars.githubusercontent.com/u/494017?v=4",
+      "profile": "https://travismiller.com/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Delta5",
+      "name": "Evan Taylor",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1975640?v=4",
+      "profile": "https://github.com/Delta5",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "PetriAsi",
+      "name": "Petri Asikainen",
+      "avatar_url": "https://avatars.githubusercontent.com/u/8735148?v=4",
+      "profile": "https://github.com/PetriAsi",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "derdeagle",
+      "name": "derdeagle",
+      "avatar_url": "https://avatars.githubusercontent.com/u/11424540?v=4",
+      "profile": "https://github.com/derdeagle",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "vapier",
+      "name": "Mike Frysinger",
+      "avatar_url": "https://avatars.githubusercontent.com/u/176950?v=4",
+      "profile": "https://wh0rd.org/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "AL4AL",
+      "name": "ALPHA",
+      "avatar_url": "https://avatars.githubusercontent.com/u/22044358?v=4",
+      "profile": "https://github.com/AL4AL",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "FliegenKLATSCH",
+      "name": "FliegenKLATSCH",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1042587?v=4",
+      "profile": "https://www.ifern.de",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "jerm",
+      "name": "Jeremy Price",
+      "avatar_url": "https://avatars.githubusercontent.com/u/442138?v=4",
+      "profile": "https://github.com/jerm",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Toreg87",
+      "name": "Toreg87",
+      "avatar_url": "https://avatars.githubusercontent.com/u/84392209?v=4",
+      "profile": "https://github.com/Toreg87",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Computroniks",
+      "name": "Matthew Nickson",
+      "avatar_url": "https://avatars.githubusercontent.com/u/67638596?v=4",
+      "profile": "https://github.com/Computroniks",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "jethron",
+      "name": "Jethro Nederhof",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1646397?v=4",
+      "profile": "https://jethron.id.au",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "01ste02",
+      "name": "Oskar Stenberg",
+      "avatar_url": "https://avatars.githubusercontent.com/u/23289826?v=4",
+      "profile": "https://github.com/01ste02",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Robert-Azelis",
+      "name": "Robert-Azelis",
+      "avatar_url": "https://avatars.githubusercontent.com/u/82208283?v=4",
+      "profile": "https://github.com/Robert-Azelis",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "alwism",
+      "name": "Alexander William Smith",
+      "avatar_url": "https://avatars.githubusercontent.com/u/60648387?v=4",
+      "profile": "https://github.com/alwism",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "leitwerk-ag",
+      "name": "LEITWERK AG",
+      "avatar_url": "https://avatars.githubusercontent.com/u/24418301?v=4",
+      "profile": "https://www.leitwerk.de/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "adamboutcher",
+      "name": "Adam",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1911435?v=4",
+      "profile": "http://www.aboutcher.co.uk",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "sneak-it",
+      "name": "Ian",
+      "avatar_url": "https://avatars.githubusercontent.com/u/16104273?v=4",
+      "profile": "https://snksrv.com",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "bestlong",
+      "name": "Shao Yu-Lung (Allen)",
+      "avatar_url": "https://avatars.githubusercontent.com/u/4023909?v=4",
+      "profile": "http://blog.bestlong.idv.tw/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Haxatron",
+      "name": "Haxatron",
+      "avatar_url": "https://avatars.githubusercontent.com/u/76475453?v=4",
+      "profile": "https://github.com/Haxatron",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "PlaneNuts",
+      "name": "PlaneNuts",
+      "avatar_url": "https://avatars.githubusercontent.com/u/88776392?v=4",
+      "profile": "https://github.com/PlaneNuts",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "exula",
+      "name": "Bradley Coudriet",
+      "avatar_url": "https://avatars.githubusercontent.com/u/3842948?v=4",
+      "profile": "http://bjcpgd.cias.rit.edu",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "UniversalSuperBox",
+      "name": "Dalton Durst",
+      "avatar_url": "https://avatars.githubusercontent.com/u/21966173?v=4",
+      "profile": "https://daltondur.st",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "adagioajanes",
+      "name": "Alex Janes",
+      "avatar_url": "https://avatars.githubusercontent.com/u/38761237?v=4",
+      "profile": "https://adagiohealth.org",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "nuraeil",
+      "name": "Nuraeil",
+      "avatar_url": "https://avatars.githubusercontent.com/u/32387849?v=4",
+      "profile": "https://github.com/nuraeil",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "TenOfTens",
+      "name": "TenOfTens",
+      "avatar_url": "https://avatars.githubusercontent.com/u/48162670?v=4",
+      "profile": "https://github.com/TenOfTens",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "insert-waffle",
+      "name": "waffle",
+      "avatar_url": "https://avatars.githubusercontent.com/u/9415391?v=4",
+      "profile": "https://ditisjens.be/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "QveenSi",
+      "name": "Yevhenii Huzii",
+      "avatar_url": "https://avatars.githubusercontent.com/u/19945501?v=4",
+      "profile": "https://github.com/QveenSi",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "veenone",
+      "name": "Achmad Fienan Rahardianto",
+      "avatar_url": "https://avatars.githubusercontent.com/u/3839381?v=4",
+      "profile": "https://github.com/veenone",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "QveenSi",
+      "name": "Yevhenii Huzii",
+      "avatar_url": "https://avatars.githubusercontent.com/u/19945501?v=4",
+      "profile": "https://github.com/QveenSi",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "chrisweirich",
+      "name": "Christian Weirich",
+      "avatar_url": "https://avatars.githubusercontent.com/u/97299851?v=4",
+      "profile": "https://github.com/chrisweirich",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "denzfarid",
+      "name": "denzfarid",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1294403?v=4",
+      "profile": "https://github.com/denzfarid",
+      "contributions": []
     }
   ]
 }

.env.docker

@@ -0,0 +1,164 @@
+# --------------------------------------------
+# REQUIRED: DB SETUP
+# --------------------------------------------
+MYSQL_DATABASE=snipeit
+MYSQL_USER=snipeit
+MYSQL_PASSWORD=changeme1234
+MYSQL_ROOT_PASSWORD=changeme1234
+# --------------------------------------------
+# REQUIRED: BASIC APP SETTINGS
+# --------------------------------------------
+APP_ENV=develop
+APP_DEBUG=false
+# please regenerate the APP_KEY value by calling `docker-compose run --rm snipeit bash` and then `php artisan key:generate --show` and then copy paste the value here
+APP_KEY=base64:3ilviXqB9u6DX1NRcyWGJ+sjySF+H18CPDGb3+IVwMQ=
+APP_URL=http://localhost:8000
+APP_TIMEZONE='UTC'
+APP_LOCALE=en
+MAX_RESULTS=500
+
+# --------------------------------------------
+# REQUIRED: UPLOADED FILE STORAGE SETTINGS
+# --------------------------------------------
+PRIVATE_FILESYSTEM_DISK=local
+PUBLIC_FILESYSTEM_DISK=local_public
+
+# --------------------------------------------
+# REQUIRED: DATABASE SETTINGS
+# --------------------------------------------
+DB_CONNECTION=mysql
+DB_HOST=mariadb
+DB_DATABASE=snipeit
+DB_USERNAME=snipeit
+DB_PASSWORD=changeme1234
+DB_PREFIX=null
+DB_DUMP_PATH='/usr/bin'
+DB_CHARSET=utf8mb4
+DB_COLLATION=utf8mb4_unicode_ci
+
+# --------------------------------------------
+# OPTIONAL: SSL DATABASE SETTINGS
+# --------------------------------------------
+DB_SSL=false
+DB_SSL_IS_PAAS=false
+DB_SSL_KEY_PATH=null
+DB_SSL_CERT_PATH=null
+DB_SSL_CA_PATH=null
+DB_SSL_CIPHER=null
+
+# --------------------------------------------
+# REQUIRED: OUTGOING MAIL SERVER SETTINGS
+# --------------------------------------------
+MAIL_DRIVER=smtp
+MAIL_HOST=mailhog
+MAIL_PORT=1025
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+MAIL_FROM_ADDR=you@example.com
+MAIL_FROM_NAME='Snipe-IT'
+MAIL_REPLYTO_ADDR=you@example.com
+MAIL_REPLYTO_NAME='Snipe-IT'
+MAIL_AUTO_EMBED_METHOD='attachment'
+
+# --------------------------------------------
+# REQUIRED: IMAGE LIBRARY
+# This should be gd or imagick
+# --------------------------------------------
+IMAGE_LIB=gd
+
+
+# --------------------------------------------
+# OPTIONAL: BACKUP SETTINGS
+# --------------------------------------------
+MAIL_BACKUP_NOTIFICATION_DRIVER=null
+MAIL_BACKUP_NOTIFICATION_ADDRESS=null
+BACKUP_ENV=true
+
+
+# --------------------------------------------
+# OPTIONAL: SESSION SETTINGS
+# --------------------------------------------
+SESSION_LIFETIME=12000
+EXPIRE_ON_CLOSE=false
+ENCRYPT=false
+COOKIE_NAME=snipeit_session
+COOKIE_DOMAIN=null
+SECURE_COOKIES=false
+API_TOKEN_EXPIRATION_YEARS=40
+
+# --------------------------------------------
+# OPTIONAL: SECURITY HEADER SETTINGS
+# --------------------------------------------
+APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
+ALLOW_IFRAMING=false
+REFERRER_POLICY=same-origin
+ENABLE_CSP=false
+CORS_ALLOWED_ORIGINS=null
+ENABLE_HSTS=false
+
+# --------------------------------------------
+# OPTIONAL: CACHE SETTINGS
+# --------------------------------------------
+CACHE_DRIVER=file
+SESSION_DRIVER=file
+QUEUE_DRIVER=sync
+CACHE_PREFIX=snipeit
+
+# --------------------------------------------
+# OPTIONAL: REDIS SETTINGS
+# --------------------------------------------
+REDIS_HOST=redis
+REDIS_PASSWORD=null
+REDIS_PORT=6379
+
+# --------------------------------------------
+# OPTIONAL: MEMCACHED SETTINGS
+# --------------------------------------------
+MEMCACHED_HOST=null
+MEMCACHED_PORT=null
+
+# --------------------------------------------
+# OPTIONAL: PUBLIC S3 Settings
+# --------------------------------------------
+PUBLIC_AWS_SECRET_ACCESS_KEY=null
+PUBLIC_AWS_ACCESS_KEY_ID=null
+PUBLIC_AWS_DEFAULT_REGION=null
+PUBLIC_AWS_BUCKET=null
+PUBLIC_AWS_URL=null
+PUBLIC_AWS_BUCKET_ROOT=null
+
+# --------------------------------------------
+# OPTIONAL: PRIVATE S3 Settings
+# --------------------------------------------
+PRIVATE_AWS_ACCESS_KEY_ID=null
+PRIVATE_AWS_SECRET_ACCESS_KEY=null
+PRIVATE_AWS_DEFAULT_REGION=null
+PRIVATE_AWS_BUCKET=null
+PRIVATE_AWS_URL=null
+PRIVATE_AWS_BUCKET_ROOT=null
+
+# --------------------------------------------
+# OPTIONAL: AWS Settings
+# --------------------------------------------
+AWS_ACCESS_KEY_ID=null
+AWS_SECRET_ACCESS_KEY=null
+AWS_DEFAULT_REGION=null
+
+# --------------------------------------------
+# OPTIONAL: LOGIN THROTTLING
+# --------------------------------------------
+LOGIN_MAX_ATTEMPTS=5
+LOGIN_LOCKOUT_DURATION=60
+RESET_PASSWORD_LINK_EXPIRES=900
+
+# --------------------------------------------
+# OPTIONAL: MISC
+# --------------------------------------------
+APP_LOG=stderr
+APP_LOG_MAX_FILES=10
+APP_LOCKED=false
+APP_CIPHER=AES-256-CBC
+GOOGLE_MAPS_API=
+LDAP_MEM_LIM=500M
+LDAP_TIME_LIM=600

.env.dusk.local

@@ -0,0 +1,105 @@
+# --------------------------------------------
+# REQUIRED: BASIC APP SETTINGS
+# --------------------------------------------
+APP_ENV=local
+APP_DEBUG=false
+APP_KEY=base64:hTUIUh9CP6dQx+6EjSlfWTgbaMaaRvlpEwk45vp+xmk=
+APP_URL=http://127.0.0.1:8000
+APP_TIMEZONE='US/Eastern'
+APP_LOCALE=en
+APP_LOCKED=false
+MAX_RESULTS=200
+
+# --------------------------------------------
+# REQUIRED: UPLOADED FILE STORAGE SETTINGS
+# --------------------------------------------
+PRIVATE_FILESYSTEM_DISK=local
+PUBLIC_FILESYSTEM_DISK=local_public
+
+# --------------------------------------------
+# REQUIRED: DATABASE SETTINGS
+# --------------------------------------------
+DB_CONNECTION=mysql
+DB_HOST=localhost
+DB_DATABASE=snipeit-local
+DB_USERNAME=snipeit-local
+DB_PASSWORD=snipeit-local
+DB_PREFIX=null
+DB_DUMP_PATH='/Applications/MAMP/Library/bin'
+
+# --------------------------------------------
+# OPTIONAL: SSL DATABASE SETTINGS
+# --------------------------------------------
+DB_SSL=false
+DB_SSL_KEY_PATH=null
+DB_SSL_CERT_PATH=null
+DB_SSL_CA_PATH=null
+DB_SSL_CIPHER=null
+
+# --------------------------------------------
+# REQUIRED: OUTGOING MAIL SERVER SETTINGS
+# --------------------------------------------
+MAIL_DRIVER="log"
+
+
+# --------------------------------------------
+# REQUIRED: IMAGE LIBRARY
+# This should be gd or imagick
+# --------------------------------------------
+IMAGE_LIB=gd
+
+
+# --------------------------------------------
+# OPTIONAL: SESSION SETTINGS
+# --------------------------------------------
+SESSION_LIFETIME=12000
+EXPIRE_ON_CLOSE=false
+ENCRYPT=true
+COOKIE_NAME=snipeit_v5_local
+SECURE_COOKIES=true
+
+# --------------------------------------------
+# OPTIONAL: SECURITY HEADER SETTINGS
+# --------------------------------------------
+REFERRER_POLICY=same-origin
+ENABLE_CSP=true
+CORS_ALLOWED_ORIGINS="*"
+
+# --------------------------------------------
+# OPTIONAL: CACHE SETTINGS
+# --------------------------------------------
+CACHE_DRIVER=file
+SESSION_DRIVER=file
+QUEUE_DRIVER=sync
+
+# --------------------------------------------
+# OPTIONAL: LOGIN THROTTLING
+# --------------------------------------------
+LOGIN_MAX_ATTEMPTS=50000
+LOGIN_LOCKOUT_DURATION=1000
+RESET_PASSWORD_LINK_EXPIRES=15
+
+# --------------------------------------------
+# OPTIONAL: API
+# --------------------------------------------
+API_MAX_REQUESTS_PER_HOUR=200
+
+# --------------------------------------------
+# OPTIONAL: SAML SETTINGS
+# --------------------------------------------
+DISABLE_NOSAML_LOCAL_LOGIN=true
+
+
+# --------------------------------------------
+# OPTIONAL: MISC
+# --------------------------------------------
+APP_LOG=single
+LOG_LEVEL=debug
+LOG_CHANNEL=stack
+LOG_SLACK_WEBHOOK_URL=null
+APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
+ALLOW_IFRAMING=true
+ENABLE_HSTS=false
+WARN_DEBUG=false
+APP_CIPHER=AES-256-CBC
+

.env.example

@@ -15,6 +15,10 @@ MAX_RESULTS=500
 PRIVATE_FILESYSTEM_DISK=local
 PUBLIC_FILESYSTEM_DISK=local_public
 
+#PRIVATE_FILESYSTEM_DISK=s3_private
+#PUBLIC_FILESYSTEM_DISK=s3_public
+
+
 # --------------------------------------------
 # REQUIRED: DATABASE SETTINGS
 # --------------------------------------------
@@ -51,6 +55,7 @@ MAIL_FROM_ADDR=you@example.com
 MAIL_FROM_NAME='Snipe-IT'
 MAIL_REPLYTO_ADDR=you@example.com
 MAIL_REPLYTO_NAME='Snipe-IT'
+MAIL_AUTO_EMBED_METHOD='attachment'
 
 # --------------------------------------------
 # REQUIRED: IMAGE LIBRARY
@@ -76,7 +81,7 @@ ENCRYPT=false
 COOKIE_NAME=snipeit_session
 COOKIE_DOMAIN=null
 SECURE_COOKIES=false
-API_TOKEN_EXPIRATION_YEARS=40
+API_TOKEN_EXPIRATION_YEARS=15
 
 # --------------------------------------------
 # OPTIONAL: SECURITY HEADER SETTINGS
@@ -129,6 +134,13 @@ PRIVATE_AWS_BUCKET=null
 PRIVATE_AWS_URL=null
 PRIVATE_AWS_BUCKET_ROOT=null
 
+# --------------------------------------------
+# OPTIONAL: AWS Settings
+# --------------------------------------------
+AWS_ACCESS_KEY_ID=null
+AWS_SECRET_ACCESS_KEY=null
+AWS_DEFAULT_REGION=null
+
 # --------------------------------------------
 # OPTIONAL: LOGIN THROTTLING
 # --------------------------------------------
@@ -143,6 +155,13 @@ APP_LOG=single
 APP_LOG_MAX_FILES=10
 APP_LOCKED=false
 APP_CIPHER=AES-256-CBC
+APP_FORCE_TLS=false
+APP_ALLOW_INSECURE_HOSTS=false
 GOOGLE_MAPS_API=
 LDAP_MEM_LIM=500M
 LDAP_TIME_LIM=600
+IMPORT_TIME_LIMIT=600
+IMPORT_MEMORY_LIMIT=500M
+REPORT_TIME_LIMIT=12000
+REQUIRE_SAML=false
+API_THROTTLE_PER_MINUTE=120

.env.testing

@@ -38,7 +38,7 @@ IMAGE_LIB=gd
 
 
 # --------------------------------------------
-# OPTIONAL: AWS S3 SETTINGS
+# OPTIONAL: AWS SETTINGS
 # --------------------------------------------
 AWS_SECRET_ACCESS_KEY=null
 AWS_ACCESS_KEY_ID=null

.env.testing-ci

@@ -1,10 +1,10 @@
 # --------------------------------------------
 # REQUIRED: BASIC APP SETTINGS
 # --------------------------------------------
-APP_ENV=testing-ci
+APP_ENV='testing-ci'
 APP_DEBUG=false
-APP_KEY=ChangeMe
-APP_URL=http://localhost:8000
+APP_KEY='base64:glJpcM7BYwWiBggp3SQ/+NlRkqsBQMaGEOjemXqJzOU='
+APP_URL='http://localhost:8000'
 APP_TIMEZONE='US/Pacific'
 APP_LOCALE=en
 FILESYSTEM_DISK=local
@@ -12,9 +12,9 @@ FILESYSTEM_DISK=local
 # --------------------------------------------
 # REQUIRED: DATABASE SETTINGS
 # --------------------------------------------
-DB_CONNECTION=mysql
+DB_CONNECTION=sqlite
 DB_HOST=localhost
-DB_DATABASE=snipeit_unit
+DB_DATABASE='sqlite_testing'
 DB_USERNAME=root
 DB_PASSWORD=null
 
@@ -22,13 +22,7 @@ DB_PASSWORD=null
 # REQUIRED: OUTGOING MAIL SERVER SETTINGS
 # --------------------------------------------
 MAIL_DRIVER=log
-MAIL_HOST=email-smtp.us-west-2.amazonaws.com
-MAIL_PORT=587
-MAIL_USERNAME=YOURUSERNAME
-MAIL_PASSWORD=YOURPASSWORD
-MAIL_ENCRYPTION=null
-MAIL_FROM_ADDR=you@example.com
-MAIL_FROM_NAME=Snipe-IT
+
 
 # --------------------------------------------
 # REQUIRED: IMAGE LIBRARY
@@ -37,37 +31,7 @@ MAIL_FROM_NAME=Snipe-IT
 IMAGE_LIB=gd
 
 
-# --------------------------------------------
-# OPTIONAL: AWS S3 SETTINGS
-# --------------------------------------------
-AWS_SECRET_ACCESS_KEY=null
-AWS_ACCESS_KEY_ID=null
-AWS_DEFAULT_REGION=null
-AWS_BUCKET=null
-AWS_BUCKET_ROOT=null
-AWS_URL=null
-
-
-# --------------------------------------------
-# OPTIONAL: CACHE SETTINGS
-# --------------------------------------------
-CACHE_DRIVER=file
-SESSION_DRIVER=file
-QUEUE_DRIVER=sync
-
-
-# --------------------------------------------
-# OPTIONAL: SESSION SETTINGS
-# --------------------------------------------
-SESSION_LIFETIME=12000
-EXPIRE_ON_CLOSE=false
-ENCRYPT=false
-COOKIE_NAME=snipeittest_session
-COOKIE_DOMAIN=null
-SECURE_COOKIES=false
-
-
 # --------------------------------------------
 # OPTIONAL: APP LOG FORMAT
 # --------------------------------------------
-APP_LOG=single
+APP_LOG=single

.github/ISSUE_TEMPLATE/Bug_report.md

@@ -1,62 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-
----
-
-#### Please confirm you have done the following before posting your bug report:
-
-- [ ] I have enabled debug mode 
-- [ ] I have read [checked the Common Issues page](https://snipe-it.readme.io/docs/common-issues)
-
-**Describe the bug**
-A clear and concise description of what the bug is.
-
-**To Reproduce**
-Steps to reproduce the behavior:
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
-
-**Expected behavior**
-A clear and concise description of what you expected to happen.
-
-**Screenshots**
-If applicable, add screenshots to help explain your problem.
-
-**Server (please complete the following information):**
- - Snipe-IT Version 
- - OS: [e.g. Ubuntu, CentOS]
- - Web Server: [e.g. Apache, IIS]
- - PHP Version 
-
-**Desktop (please complete the following information):**
- - OS: [e.g. iOS]
- - Browser [e.g. chrome, safari]
- - Version [e.g. 22]
-
-**Smartphone (please complete the following information):**
- - Device: [e.g. iPhone6]
- - OS: [e.g. iOS8.1]
- - Browser [e.g. stock browser, safari]
- - Version [e.g. 22]
-
-**Error Messages**
-- WITH DEBUG TURNED ON, if you're getting an error in your browser, include that error
-- If a stacktrace is provided in the error, include that too.
-- Any errors that appear in your browser's error console.
-- Confirm whether the error is reproducible on the demo: https://snipeitapp.com/demo.
-- Include any additional information you can find in `storage/logs` and your webserver's logs.
-- Include the output from `php -m` (this should display what modules you have enabled.)
-
-**Additional context**
-- Is this a fresh install or an upgrade? 
-- What OS and web server you're running Snipe-IT on
-- What method you used to install Snipe-IT (install.sh, manual installation, docker, etc)
-- Include what you've done so far in the installation, and if you got any error messages along the way.
-- Indicate whether or not you've manually edited any data directly in the database
-
-Add any other context about the problem here.
-
-Please do not post an issue without answering the related questions above. If you have opened a different issue and already answered these questions, answer them again, once for every ticket. It will be next to impossible for us to help you.

.github/ISSUE_TEMPLATE/Feature_request.md

@@ -1,23 +0,0 @@
----
-name: Feature request
-about: Suggest an idea for this project
-
----
-
-**Server (please complete the following information):**
- - Snipe-IT Version 
- - OS: [e.g. Ubuntu, CentOS]
- - Web Server: [e.g. Apache, IIS]
- - PHP Version 
-
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
-
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
-
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,129 @@
+name: Bug Report
+description: Create a report to help us improve
+body:
+  - type: checkboxes
+    attributes:
+      label: Debug mode
+      description: Please confirm you have done the following before posting your bug report
+      options:
+        - label: I have enabled debug mode
+          required: true
+        - label: I have read [checked the Common Issues page](https://snipe-it.readme.io/docs/common-issues)
+          required: true
+  - type: textarea
+    attributes:
+      label: Describe the bug
+      description: A clear and concise description of what the bug is.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Reproduction steps
+      description: Steps to reproduce the behavior.
+      value: |
+        1.
+        2.
+        3.
+        ...
+    validations:
+        required: true
+  - type: textarea
+    attributes:
+      label: Expected behavior
+      description: A clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Screenshots
+      description: 'If applicable, add screenshots to help explain your problem.'
+  - type: markdown
+    attributes:
+      value: "### Server"
+  - type: input
+    attributes:
+      label: Snipe-IT Version
+    validations:
+      required: true
+  - type: input
+    id: server_operatingSystem
+    attributes:
+      label: Operating System
+      description: 'e.g. Ubuntu, Windows'
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: Web Server
+      description: 'e.g. Apache, IIS'
+    validations:
+      required: true
+  - type: input
+    attributes:
+      label: PHP Version
+    validations:
+      required: true
+  - type: markdown
+    attributes:
+      value: "### Desktop"
+  - type: input
+    id: desktop_operatingSystem
+    attributes:
+      label: Operating System
+      description: 'e.g. Ubuntu, Windows'
+  - type: input
+    id: desktop_browser
+    attributes:
+      label: Browser
+      description: 'e.g. Google Chrome, Safari'
+  - type: input
+    id: desktop_version
+    attributes:
+      label: Version
+      description: 'e.g. 93'
+  - type: markdown
+    attributes:
+      value: "### Mobile"
+  - type: input
+    attributes:
+      label: Device
+      description: 'e.g. iPhone 6, Pixel 4a'
+  - type: input
+    id: mobile_operatingSystem
+    attributes:
+      label: Operating System
+      description: 'e.g. iOS 8.1, Android 9'
+  - type: input
+    id: mobile_browser
+    attributes:
+      label: Browser
+      description: 'e.g. Google Chrome, Safari'
+  - type: input
+    id: mobile_version
+    attributes:
+      label: Version
+      description: 'e.g. 93'
+  - type: textarea
+    attributes:
+      label: Error messages
+      description: |
+        WITH DEBUG TURNED ON, if you're getting an error in your browser, include that error
+        If a stacktrace is provided in the error, include that too.
+        Any errors that appear in your browser's error console.
+        Confirm whether the error is reproducible on the demo: https://snipeitapp.com/demo.
+        Include any additional information you can find in `storage/logs` and your webserver's logs.
+        Include the output from `php -m` (this should display what modules you have enabled.)
+      render: shell
+  - type: textarea
+    attributes:
+      label: Additional context
+      description: |
+        Is this a fresh install or an upgrade?
+        What OS and web server you're running Snipe-IT on
+        What method you used to install Snipe-IT (install.sh, manual installation, docker, etc)
+        Include what you've done so far in the installation, and if you got any error messages along the way.
+        Indicate whether or not you've manually edited any data directly in the database
+        Add any other context about the problem here.
+  - type: markdown
+    attributes:
+      value: Please do not post an issue without answering the related questions above. If you have opened a different issue and already answered these questions, answer them again, once for every ticket. It will be next to impossible for us to help you.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1 @@
+blank_issues_enabled: false

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,27 @@
+name: Feature Request
+description: Suggest an idea for this project
+title: "[Feature Request]: "
+labels: ["feature request"]
+assignees:
+  - snipe
+body:
+  - type: textarea
+    attributes:
+      label: Is your feature request related to a problem? Please describe.
+      description: A clear and concise description of what the problem is. The more information you can provide about your use-case, the more liklely we are to consider your feature.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Describe the solution you'd like
+      description: A clear and concise description of what you want to happen.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Describe alternatives you've considered
+      description: A clear and concise description of any alternative solutions or features you've considered.
+  - type: textarea
+    attributes:
+      label: Additional context
+      description: Add any other context or screenshots about the feature request here.

.github/workflows/SA-codeql.yml

@@ -0,0 +1,39 @@
+# This workflow checks out code, performs a CodeQL analysis (for JavaScript) and integrates the results
+# with the GitHub Advanced Security code scanning feature.
+# More information: https://codeql.github.com/
+name: CodeQL Security Scan
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+#   schedule:
+#     - cron: '15 17 * * 1'
+
+jobs:
+  analyze:
+    name: CodeQL Security Scan
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/codacy-analysis.yml

@@ -0,0 +1,51 @@
+# This workflow checks out code, performs a Codacy security scan
+# and integrates the results with the
+# GitHub Advanced Security code scanning feature.  For more information on
+# the Codacy security scan action usage and parameters, see
+# https://github.com/codacy/codacy-analysis-cli-action.
+# For more information on Codacy Analysis CLI in general, see
+# https://github.com/codacy/codacy-analysis-cli.
+
+name: Codacy Security Scan
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '36 23 * * 3'
+
+jobs:
+  codacy-security-scan:
+    # Ensure schedule job never runs on forked repos. It's only executed for 'snipe/snipe-it'
+    if: (github.repository == 'snipe/snipe-it') || ((github.repository != 'snipe/snipe-it') && (github.event_name != 'schedule'))
+    name: Codacy Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout the repository to the GitHub Actions runner
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
+      - name: Run Codacy Analysis CLI
+        uses: codacy/codacy-analysis-cli-action@1.1.0
+        with:
+          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
+          # You can also omit the token and run the tools that support default configurations
+          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+          verbose: true
+          output: results.sarif
+          format: sarif
+          # Adjust severity of non-security issues
+          gh-code-scanning-compat: true
+          # Force 0 exit code to allow SARIF file generation
+          # This will handover control about PR rejection to the GitHub side
+          max-allowed-issues: 2147483647
+
+      # Upload the SARIF file generated in the previous step
+      - name: Upload SARIF results file
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: results.sarif

.github/workflows/docker-alpine.yml

@@ -0,0 +1,82 @@
+# Snipe-IT (Alpine) Docker image build for hub.docker.com
+name: Docker images (Alpine)
+
+# Run this Build for all pushes to 'master' or develop branch, or tagged releases.
+# Also run for PRs to ensure PR doesn't break Docker build process
+on:
+  push:
+    branches:
+      - master
+      - develop
+    tags:
+      - 'v**'
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+  pull_request:
+
+jobs:
+  docker:
+    # Ensure this job never runs on forked repos. It's only executed for 'snipe/snipe-it'
+    if: github.repository == 'snipe/snipe-it'
+    runs-on: ubuntu-latest
+    env:
+      # Define tags to use for Docker images based on Git tags/branches (for docker/metadata-action)
+      # For a new commit on default branch (master), use the literal tag 'latest' on Docker image.
+      # For a new commit on other branches, use the branch name as the tag for Docker image.
+      # For a new tag, copy that tag name as the tag for Docker image.
+      IMAGE_TAGS: |
+        type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }},suffix=-alpine
+        type=ref,event=branch,enable=${{ !endsWith(github.ref, github.event.repository.default_branch) }},suffix=-alpine
+        type=ref,event=tag,suffix=-alpine
+      # Define default tag "flavor" for docker/metadata-action per
+      # https://github.com/docker/metadata-action#flavor-input
+      # We turn off 'latest' tag by default.
+      TAGS_FLAVOR: |
+        latest=false
+
+    steps:
+      # https://github.com/actions/checkout
+      - name: Checkout codebase
+        uses: actions/checkout@v2
+
+      # https://github.com/docker/setup-buildx-action
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      # https://github.com/docker/login-action
+      - name: Login to DockerHub
+        # Only login if not a PR, as PRs only trigger a Docker build and not a push
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+
+      ###############################################
+      # Build/Push the 'snipe/snipe-it' image
+      ###############################################
+      # https://github.com/docker/metadata-action
+      # Get Metadata for docker_build step below
+      - name: Sync metadata (tags, labels) from GitHub to Docker for 'snipe-it' image
+        id: meta_build
+        uses: docker/metadata-action@v3
+        with:
+          images: snipe/snipe-it
+          tags: ${{ env.IMAGE_TAGS }}
+          flavor: ${{ env.TAGS_FLAVOR }}
+
+      # https://github.com/docker/build-push-action
+      - name: Build and push 'snipe-it' image
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile.alpine
+          platforms: linux/amd64
+          # For pull requests, we run the Docker build (to ensure no PR changes break the build),
+          # but we ONLY do an image push to DockerHub if it's NOT a PR
+          push: ${{ github.event_name != 'pull_request' }}
+          # Use tags / labels provided by 'docker/metadata-action' above
+          tags: ${{ steps.meta_build.outputs.tags }}
+          labels: ${{ steps.meta_build.outputs.labels }}

.github/workflows/docker.yml

@@ -0,0 +1,82 @@
+# Snipe-IT Docker image build for hub.docker.com
+name: Docker images
+
+# Run this Build for all pushes to 'master' or develop branch, or tagged releases.
+# Also run for PRs to ensure PR doesn't break Docker build process
+on:
+  push:
+    branches:
+      - master
+      - develop
+    tags:
+      - 'v**'
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+  pull_request:
+
+jobs:
+  docker:
+    # Ensure this job never runs on forked repos. It's only executed for 'snipe/snipe-it'
+    if: github.repository == 'snipe/snipe-it'
+    runs-on: ubuntu-latest
+    env:
+      # Define tags to use for Docker images based on Git tags/branches (for docker/metadata-action)
+      # For a new commit on default branch (master), use the literal tag 'latest' on Docker image.
+      # For a new commit on other branches, use the branch name as the tag for Docker image.
+      # For a new tag, copy that tag name as the tag for Docker image.
+      IMAGE_TAGS: |
+        type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }}
+        type=ref,event=branch,enable=${{ !endsWith(github.ref, github.event.repository.default_branch) }}
+        type=ref,event=tag
+      # Define default tag "flavor" for docker/metadata-action per
+      # https://github.com/docker/metadata-action#flavor-input
+      # We turn off 'latest' tag by default.
+      TAGS_FLAVOR: |
+        latest=false
+
+    steps:
+      # https://github.com/actions/checkout
+      - name: Checkout codebase
+        uses: actions/checkout@v2
+
+      # https://github.com/docker/setup-buildx-action
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      # https://github.com/docker/login-action
+      - name: Login to DockerHub
+        # Only login if not a PR, as PRs only trigger a Docker build and not a push
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+
+      ###############################################
+      # Build/Push the 'snipe/snipe-it' image
+      ###############################################
+      # https://github.com/docker/metadata-action
+      # Get Metadata for docker_build step below
+      - name: Sync metadata (tags, labels) from GitHub to Docker for 'snipe-it' image
+        id: meta_build
+        uses: docker/metadata-action@v3
+        with:
+          images: snipe/snipe-it
+          tags: ${{ env.IMAGE_TAGS }}
+          flavor: ${{ env.TAGS_FLAVOR }}
+
+      # https://github.com/docker/build-push-action
+      - name: Build and push 'snipe-it' image
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64
+          # For pull requests, we run the Docker build (to ensure no PR changes break the build),
+          # but we ONLY do an image push to DockerHub if it's NOT a PR
+          push: ${{ github.event_name != 'pull_request' }}
+          # Use tags / labels provided by 'docker/metadata-action' above
+          tags: ${{ steps.meta_build.outputs.tags }}
+          labels: ${{ steps.meta_build.outputs.labels }}

.gitignore

@@ -48,10 +48,12 @@ tests/_support/_generated/*
 /npm-debug.log
 /storage/oauth-private.key
 /storage/oauth-public.key
-
+logs/*
 *.cache
 
 .vagrant
+*.log
+*.retry
 
 \.php_cs\.dist
 
@@ -60,3 +62,6 @@ phpmd\.xml
 _ide_helper.php
 .phpstorm.meta.php
 _ide_helper_models.php
+/.phplint-cache
+storage/ldap_client_tls.cert
+storage/ldap_client_tls.key

.htaccess

@@ -5,7 +5,15 @@
 
     # Make sure .env files not not browseable if in a sub-directory.
     <FilesMatch "\.env$">
-    Deny from all
+       # Apache 2.2
+       <IfModule !authz_core_module>
+          Deny from all
+       </IfModule>
+       
+       # Apache 2.4+
+       <IfModule authz_core_module>
+          Require all denied
+       </IfModule>
     </FilesMatch>
     
 </IfModule>

.nvmrc

@@ -1 +1 @@
-v10.15.1
+v12.22.1

Dockerfile

@@ -1,5 +1,9 @@
-FROM ubuntu:bionic
-LABEL maintainer Brady Wetherington <uberbrady@gmail.com>
+FROM ubuntu:20.04
+LABEL maintainer="Brady Wetherington <bwetherington@grokability.com>"
+
+# No need to add `apt-get clean` here, reference:
+# - https://github.com/snipe/snipe-it/pull/9201
+# - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#apt-get
 
 RUN export DEBIAN_FRONTEND=noninteractive; \
     export DEBCONF_NONINTERACTIVE_SEEN=true; \
@@ -10,15 +14,16 @@ RUN export DEBIAN_FRONTEND=noninteractive; \
 apt-utils \
 apache2 \
 apache2-bin \
-libapache2-mod-php7.2 \
-php7.2-curl \
-php7.2-ldap \
-php7.2-mysql \
-php7.2-gd \
-php7.2-xml \
-php7.2-mbstring \
-php7.2-zip \
-php7.2-bcmath \
+libapache2-mod-php7.4 \
+php7.4-curl \
+php7.4-ldap \
+php7.4-mysql \
+php7.4-gd \
+php7.4-xml \
+php7.4-mbstring \
+php7.4-zip \
+php7.4-bcmath \
+php7.4-redis \
 patch \
 curl \
 wget  \
@@ -34,26 +39,26 @@ autoconf \
 libc-dev \
 pkg-config \
 libmcrypt-dev \
-php7.2-dev \
+php7.4-dev \
 ca-certificates \
 unzip \
-&& apt-get clean \
+dnsutils \
 && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 
 RUN curl -L -O https://github.com/pear/pearweb_phars/raw/master/go-pear.phar
 RUN php go-pear.phar
 
-RUN pecl install mcrypt-1.0.2
+RUN pecl install mcrypt-1.0.3
 
-RUN bash -c "echo extension=/usr/lib/php/20170718/mcrypt.so > /etc/php/7.2/mods-available/mcrypt.ini"
+RUN bash -c "echo extension=/usr/lib/php/20190902/mcrypt.so > /etc/php/7.4/mods-available/mcrypt.ini"
 
 RUN phpenmod mcrypt
 RUN phpenmod gd
 RUN phpenmod bcmath
 
-RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.2/apache2/php.ini
-RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.2/cli/php.ini
+RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.4/apache2/php.ini
+RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.4/cli/php.ini
 
 RUN useradd -m --uid 1000 --gid 50 docker
 
@@ -74,6 +79,8 @@ COPY . /var/www/html
 
 RUN a2enmod rewrite
 
+COPY docker/column-statistics.cnf /etc/mysql/conf.d/column-statistics.cnf
+
 ############ INITIAL APPLICATION SETUP #####################
 
 WORKDIR /var/www/html
@@ -93,7 +100,10 @@ RUN \
       && rm -r "/var/www/html/storage/app/backups" && ln -fs "/var/lib/snipeit/dumps" "/var/www/html/storage/app/backups" \
       && mkdir -p "/var/lib/snipeit/keys" && ln -fs "/var/lib/snipeit/keys/oauth-private.key" "/var/www/html/storage/oauth-private.key" \
       && ln -fs "/var/lib/snipeit/keys/oauth-public.key" "/var/www/html/storage/oauth-public.key" \
+      && ln -fs "/var/lib/snipeit/keys/ldap_client_tls.cert" "/var/www/html/storage/ldap_client_tls.cert" \
+      && ln -fs "/var/lib/snipeit/keys/ldap_client_tls.key" "/var/www/html/storage/ldap_client_tls.key" \
       && chown docker "/var/lib/snipeit/keys/" \
+      && chown -h docker "/var/www/html/storage/" \
       && chmod +x /var/www/html/artisan \
       && echo "Finished setting up application in /var/www/html"
 
@@ -129,4 +139,4 @@ RUN chmod +x /startup.sh /usr/bin/supervisor-exit-event-listener
 CMD ["/startup.sh"]
 
 EXPOSE 80
-EXPOSE 443
+EXPOSE 443

Dockerfile.alpine

@@ -1,6 +1,6 @@
-FROM alpine:3.8
+FROM alpine:3.14.2
 # Apache + PHP
-RUN  apk add --update --no-cache \
+RUN  apk add --no-cache \
         apache2 \
         php7 \
         php7-common \
@@ -23,6 +23,11 @@ RUN  apk add --update --no-cache \
         php7-fileinfo \
         php7-simplexml \
         php7-session \
+        php7-dom \
+        php7-xmlwriter \
+        php7-xmlreader \
+        php7-sodium \
+        php7-redis \
         curl \
         wget \
         vim \
@@ -30,6 +35,8 @@ RUN  apk add --update --no-cache \
         mysql-client \
         tini
 
+COPY docker/column-statistics.cnf /etc/mysql/conf.d/column-statistics.cnf
+
 # Where apache's PID lives
 RUN mkdir -p /run/apache2 && chown apache:apache /run/apache2
 
@@ -55,6 +62,7 @@ RUN \
     && mkdir -p "/var/lib/snipeit/dumps" && rm -r "/var/www/html/storage/app/backups" && ln -fs "/var/lib/snipeit/dumps" "/var/www/html/storage/app/backups" \
     && mkdir -p "/var/lib/snipeit/keys" && ln -fs "/var/lib/snipeit/keys/oauth-private.key" "/var/www/html/storage/oauth-private.key" \
     && ln -fs "/var/lib/snipeit/keys/oauth-public.key" "/var/www/html/storage/oauth-public.key" \
+    && chown -hR apache "/var/www/html/storage/" \
     && chown -R apache "/var/lib/snipeit"
 
 # Install composer
@@ -77,4 +85,4 @@ ENTRYPOINT ["/sbin/tini", "--"]
 
 CMD ["/entrypoint.sh"]
 
-EXPOSE 80
+EXPOSE 80

Dockerfile.fpm-alpine

@@ -0,0 +1,103 @@
+ARG ENVIRONMENT=production
+ARG SNIPEIT_RELEASE=5.1.3
+ARG PHP_VERSION=7.4.16
+ARG PHP_ALPINE_VERSION=3.13
+ARG COMPOSER_VERSION=2.0.11
+
+# Cannot use arguments with 'COPY --from' workaround
+# https://github.com/moby/moby/issues/34482#issuecomment-454716952
+FROM composer:${COMPOSER_VERSION} AS composer
+
+# Final stage
+FROM php:${PHP_VERSION}-fpm-alpine${PHP_ALPINE_VERSION} AS source
+LABEL maintainer="Mateus Villar <mromeravillar@gmail.com>"
+
+ARG PACKAGES="\
+		mysql-client \
+"
+ARG DEV_PACKAGES="\
+		git \
+"
+ARG ENVIRONMENT
+ENV ENVIRONMENT ${ENVIRONMENT}
+ARG SNIPEIT_RELEASE
+ENV SNIPEIT_RELEASE ${SNIPEIT_RELEASE}
+
+# Cribbed from wordpress-fpm-alpine image
+# set recommended PHP.ini settings
+# see https://secure.php.net/manual/en/opcache.installation.php
+RUN set -eux; \
+	docker-php-ext-enable opcache; \
+	{ \
+		echo 'opcache.memory_consumption=128'; \
+		echo 'opcache.interned_strings_buffer=8'; \
+		echo 'opcache.max_accelerated_files=4000'; \
+		echo 'opcache.revalidate_freq=2'; \
+		echo 'opcache.fast_shutdown=1'; \
+	} > /usr/local/etc/php/conf.d/opcache-recommended.ini
+# https://wordpress.org/support/article/editing-wp-config-php/#configure-error-logging
+RUN { \
+# https://www.php.net/manual/en/errorfunc.constants.php
+# https://github.com/docker-library/wordpress/issues/420#issuecomment-517839670
+		echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; \
+		echo 'display_errors = Off'; \
+		echo 'display_startup_errors = Off'; \
+		echo 'log_errors = On'; \
+		echo 'error_log = /dev/stderr'; \
+		echo 'log_errors_max_len = 1024'; \
+		echo 'ignore_repeated_errors = On'; \
+		echo 'ignore_repeated_source = Off'; \
+		echo 'html_errors = Off'; \
+	} > /usr/local/etc/php/conf.d/error-logging.ini
+
+# Install php extensions inside docker containers easily
+# https://github.com/mlocati/docker-php-extension-installer
+COPY --from=mlocati/php-extension-installer:1.2.19 /usr/bin/install-php-extensions /usr/local/bin/
+RUN set -eux; \
+    install-php-extensions \
+        bcmath \
+        gd \
+        ldap \
+        mysqli \
+        pdo_mysql \
+        zip; \
+    rm -f /usr/local/bin/install-php-extensions; \
+# Install prerequisites packages
+    apk add --no-cache \
+        ${PACKAGES};
+
+COPY --from=composer /usr/bin/composer /usr/local/bin
+ARG COMPOSER_ALLOW_SUPERUSER=1
+RUN set -eux; \
+# Download and extract snipeit tarball
+	curl -o snipeit.tar.gz -fL "https://github.com/snipe/snipe-it/archive/v$SNIPEIT_RELEASE.tar.gz"; \
+	tar -xzf snipeit.tar.gz --strip-components=1 -C /var/www/html/; \
+	rm snipeit.tar.gz; \
+# Install composer php dependencies
+    if [ "$ENVIRONMENT" = "production" ]; then \
+        echo "production enviroment detected!"; \
+        composer update \
+            --no-cache \
+            --no-dev \
+            --optimize-autoloader \
+            --working-dir=/var/www/html; \
+    else \
+        echo "development enviroment detected!"; \
+        apk add --no-cache \
+            ${DEV_PACKAGES}; \
+        composer update \
+            --no-cache \
+			--prefer-source \
+            --optimize-autoloader \
+            --working-dir=/var/www/html; \
+    fi; \
+	rm -f /usr/local/bin/composer; \
+	chown -R www-data:www-data /var/www/html;
+
+VOLUME [ "/var/lib/snipeit" ]
+
+COPY --chown=www-data:www-data docker/docker-secrets.env /var/www/html/.env
+COPY --chmod=655 docker/docker-entrypoint.sh /usr/local/bin/docker-snipeit-entrypoint
+COPY docker/column-statistics.cnf /etc/mysql/conf.d/column-statistics.cnf
+ENTRYPOINT [ "/usr/local/bin/docker-snipeit-entrypoint" ]
+CMD [ "/usr/local/bin/docker-php-entrypoint", "php-fpm" ]

Procfile

@@ -0,0 +1 @@
+web: php heroku/startup.php && heroku-php-apache2 public/

README.md

@@ -1,11 +1,11 @@
-![Build Status](https://app.chipperci.com/projects/0e5f8979-31eb-4ee6-9abf-050b76ab0383/status/master) [![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/snipe/snipe-it?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeitapp.svg?style=social)](https://twitter.com/snipeitapp)  [![Codacy Badge](https://api.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://www.codacy.com/app/snipe/snipe-it?utm_source=github.com&utm_medium=referral&utm_content=snipe/snipe-it&utm_campaign=Badge_Grade)
-[![All Contributors](https://img.shields.io/badge/all_contributors-214-orange.svg?style=flat-square)](#contributors) 
+![Build Status](https://app.chipperci.com/projects/0e5f8979-31eb-4ee6-9abf-050b76ab0383/status/master) [![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeitapp.svg?style=social)](https://twitter.com/snipeitapp)  [![Codacy Badge](https://api.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://www.codacy.com/app/snipe/snipe-it?utm_source=github.com&utm_medium=referral&utm_content=snipe/snipe-it&utm_campaign=Badge_Grade)
+[![All Contributors](https://img.shields.io/badge/all_contributors-289-orange.svg?style=flat-square)](#contributors) [![Discord](https://badgen.net/badge/icon/discord?icon=discord&label)](https://discord.gg/yZFtShAcKk) [![huntr](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev)
 
 ## Snipe-IT - Open Source Asset Management System
 
 This is a FOSS project for asset management in IT Operations. Knowing who has which laptop, when it was purchased in order to depreciate it correctly, handling software licenses, etc.
 
-It is built on [Laravel 6](http://laravel.com).
+It is built on [Laravel 8](http://laravel.com).
 
 Snipe-IT is actively developed and we [release quite frequently](https://github.com/snipe/snipe-it/releases). ([Check out the live demo here](https://snipeitapp.com/demo/).)
 
@@ -19,6 +19,8 @@ For instructions on installing and configuring Snipe-IT on your server, check ou
 
 If you're having trouble with the installation, please check the [Common Issues](https://snipe-it.readme.io/docs/common-issues) and [Getting Help](https://snipe-it.readme.io/docs/getting-help) documentation, and search this repository's open *and* closed issues for help.
 
+[![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy)
+
 -----
 ### User's Manual
 For help using Snipe-IT, check out the [user's manual](https://snipe-it.readme.io/docs/overview).
@@ -55,11 +57,11 @@ Since the release of the JSON REST API, several third-party developers have been
 
 - [Python Module](https://github.com/jbloomer/SnipeIT-PythonAPI) by [@jbloomer](https://github.com/jbloomer)
 - [SnipeSharp - .NET module in C#](https://github.com/barrycarey/SnipeSharp) by [@barrycarey](https://github.com/barrycarey)
-- [InQRy](https://github.com/Microsoft/InQRy) by [@Microsoft](https://github.com/Microsoft)
+- [InQRy -unmaintained-](https://github.com/Microsoft/InQRy) by [@Microsoft](https://github.com/Microsoft)
 - [SnipeitPS](https://github.com/snazy2000/SnipeitPS) by [@snazy2000](https://github.com/snazy2000) - Powershell API Wrapper for Snipe-it
 - [jamf2snipe](https://github.com/ParadoxGuitarist/jamf2snipe) by [@ParadoxGuitarist](https://github.com/ParadoxGuitarist) - Python script to sync assets between a JAMFPro instance and a Snipe-IT instance
 - [Marksman](https://github.com/Scope-IT/marksman) - A Windows agent for Snipe-IT
-- [Snipe-IT plugin for Jira Service Desk (beta)](https://marketplace.atlassian.com/apps/1220379/snipe-it-for-jira-service-desk-beta?hosting=cloud&tab=overview) - for the upcoming Snipe-IT v5 only
+- [Snipe-IT plugin for Jira Service Desk](https://marketplace.atlassian.com/apps/1220964/snipe-it-for-jira)
 - [Python 3 CSV importer](https://github.com/gastamper/snipeit-csvimporter) - allows importing assets into Snipe-IT based on Item Name rather than Asset Tag.
 - [Snipe-IT Kubernetes Helm Chart](https://github.com/t3n/helm-charts/tree/master/snipeit) - For more information, [click here](https://hub.helm.sh/charts/t3n/snipeit).
 - [Snipe-IT Bulk Edit](https://github.com/bricelabelle/snipe-it-bulkedit) - Google Script files to use Google Sheets as a bulk checkout/checkin/edit tool for Snipe-it.
@@ -90,7 +92,7 @@ Thanks goes to all of these wonderful people ([emoji key](https://github.com/ken
 <!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
 | [<img src="https://avatars3.githubusercontent.com/u/197404?v=3" width="110px;"/><br /><sub>snipe</sub>](http://www.snipe.net)<br />[💻](https://github.com/snipe/snipe-it/commits?author=snipe "Code") [🚇](#infra-snipe "Infrastructure (Hosting, Build-Tools, etc)") [📖](https://github.com/snipe/snipe-it/commits?author=snipe "Documentation") [⚠️](https://github.com/snipe/snipe-it/commits?author=snipe "Tests") [🐛](https://github.com/snipe/snipe-it/issues?q=author%3Asnipe "Bug reports") [🎨](#design-snipe "Design") [👀](#review-snipe "Reviewed Pull Requests") | [<img src="https://avatars0.githubusercontent.com/u/36335?v=3" width="110px;"/><br /><sub>Brady Wetherington</sub>](http://www.uberbrady.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=uberbrady "Code") [📖](https://github.com/snipe/snipe-it/commits?author=uberbrady "Documentation") [🚇](#infra-uberbrady "Infrastructure (Hosting, Build-Tools, etc)") [👀](#review-uberbrady "Reviewed Pull Requests") | [<img src="https://avatars0.githubusercontent.com/u/3803132?v=3" width="110px;"/><br /><sub>Daniel Meltzer</sub>](https://github.com/dmeltzer)<br />[💻](https://github.com/snipe/snipe-it/commits?author=dmeltzer "Code") [⚠️](https://github.com/snipe/snipe-it/commits?author=dmeltzer "Tests") [📖](https://github.com/snipe/snipe-it/commits?author=dmeltzer "Documentation") | [<img src="https://avatars0.githubusercontent.com/u/1609106?v=3" width="110px;"/><br /><sub>Michael T</sub>](http://www.tuckertechonline.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=mtucker6784 "Code") | [<img src="https://avatars2.githubusercontent.com/u/3274937?v=3" width="110px;"/><br /><sub>madd15</sub>](https://github.com/madd15)<br />[📖](https://github.com/snipe/snipe-it/commits?author=madd15 "Documentation") [💬](#question-madd15 "Answering Questions") | [<img src="https://avatars2.githubusercontent.com/u/894126?v=3" width="110px;"/><br /><sub>Vincent Sposato</sub>](https://github.com/vsposato)<br />[💻](https://github.com/snipe/snipe-it/commits?author=vsposato "Code") | [<img src="https://avatars0.githubusercontent.com/u/1639757?v=3" width="110px;"/><br /><sub>Andrea Bergamasco</sub>](https://github.com/vjandrea)<br />[💻](https://github.com/snipe/snipe-it/commits?author=vjandrea "Code") |
 | :---: | :---: | :---: | :---: | :---: | :---: | :---: |
-| [<img src="https://avatars0.githubusercontent.com/u/10640152?v=3" width="110px;"/><br /><sub>Karol</sub>](https://github.com/kpawelski)<br />[🌍](#translation-kpawelski "Translation") [💻](https://github.com/snipe/snipe-it/commits?author=kpawelski "Code") | [<img src="https://avatars3.githubusercontent.com/u/600106?v=3" width="110px;"/><br /><sub>morph027</sub>](http://blog.morph027.de/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=morph027 "Code") | [<img src="https://avatars3.githubusercontent.com/u/22935755?v=3" width="110px;"/><br /><sub>fvleminckx</sub>](https://github.com/fvleminckx)<br />[🚇](#infra-fvleminckx "Infrastructure (Hosting, Build-Tools, etc)") | [<img src="https://avatars2.githubusercontent.com/u/15633547?v=3" width="110px;"/><br /><sub>itsupportcmsukorg</sub>](https://github.com/itsupportcmsukorg)<br />[💻](https://github.com/snipe/snipe-it/commits?author=itsupportcmsukorg "Code") [🐛](https://github.com/snipe/snipe-it/issues?q=author%3Aitsupportcmsukorg "Bug reports") | [<img src="https://avatars3.githubusercontent.com/u/12373799?v=3" width="110px;"/><br /><sub>Frank</sub>](https://override.io)<br />[💻](https://github.com/snipe/snipe-it/commits?author=base-zero "Code") | [<img src="https://avatars0.githubusercontent.com/u/10137?v=3" width="110px;"/><br /><sub>Deleted user</sub>](https://github.com/ghost)<br />[🌍](#translation-ghost "Translation") | [<img src="https://avatars1.githubusercontent.com/u/10802313?v=3" width="110px;"/><br /><sub>tiagom62</sub>](https://github.com/tiagom62)<br />[💻](https://github.com/snipe/snipe-it/commits?author=tiagom62 "Code") [🚇](#infra-tiagom62 "Infrastructure (Hosting, Build-Tools, etc)") |
+| [<img src="https://avatars0.githubusercontent.com/u/10640152?v=3" width="110px;"/><br /><sub>Karol</sub>](https://github.com/kpawelski)<br />[🌍](#translation-kpawelski "Translation") [💻](https://github.com/snipe/snipe-it/commits?author=kpawelski "Code") | [<img src="https://avatars3.githubusercontent.com/u/600106?v=3" width="110px;"/><br /><sub>morph027</sub>](http://blog.morph027.de/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=morph027 "Code") | [<img src="https://avatars3.githubusercontent.com/u/22935755?v=3" width="110px;"/><br /><sub>fvleminckx</sub>](https://github.com/fvleminckx)<br />[🚇](#infra-fvleminckx "Infrastructure (Hosting, Build-Tools, etc)") | [<img src="https://avatars2.githubusercontent.com/u/15633547?v=3" width="110px;"/><br /><sub>itsupportcmsukorg</sub>](https://github.com/itsupportcmsukorg)<br />[💻](https://github.com/snipe/snipe-it/commits?author=itsupportcmsukorg "Code") [🐛](https://github.com/snipe/snipe-it/issues?q=author%3Aitsupportcmsukorg "Bug reports") | [<img src="https://avatars3.githubusercontent.com/u/12373799?v=3" width="110px;"/><br /><sub>Frank</sub>](https://override.io)<br />[💻](https://github.com/snipe/snipe-it/commits?author=base-zero "Code") | [<img src="https://avatars0.githubusercontent.com/u/10137?v=3" width="110px;"/><br /><sub>Deleted user</sub>](https://github.com/ghost)<br />[🌍](#translation-ghost "Translation") [💻](https://github.com/snipe/snipe-it/commits?author=ghost "Code") | [<img src="https://avatars1.githubusercontent.com/u/10802313?v=3" width="110px;"/><br /><sub>tiagom62</sub>](https://github.com/tiagom62)<br />[💻](https://github.com/snipe/snipe-it/commits?author=tiagom62 "Code") [🚇](#infra-tiagom62 "Infrastructure (Hosting, Build-Tools, etc)") |
 | [<img src="https://avatars3.githubusercontent.com/u/2389047?v=3" width="110px;"/><br /><sub>Ryan Stafford</sub>](https://github.com/rystaf)<br />[💻](https://github.com/snipe/snipe-it/commits?author=rystaf "Code") | [<img src="https://avatars2.githubusercontent.com/u/10345935?v=3" width="110px;"/><br /><sub>Eammon Hanlon</sub>](https://github.com/ehanlon)<br />[💻](https://github.com/snipe/snipe-it/commits?author=ehanlon "Code") | [<img src="https://avatars0.githubusercontent.com/u/441924?v=3" width="110px;"/><br /><sub>zjean</sub>](https://github.com/zjean)<br />[💻](https://github.com/snipe/snipe-it/commits?author=zjean "Code") | [<img src="https://avatars0.githubusercontent.com/u/12660103?v=3" width="110px;"/><br /><sub>Matthias Frei</sub>](http://www.frei.media)<br />[💻](https://github.com/snipe/snipe-it/commits?author=FREImedia "Code") | [<img src="https://avatars0.githubusercontent.com/u/3767518?v=3" width="110px;"/><br /><sub>opsydev</sub>](https://github.com/opsydev)<br />[💻](https://github.com/snipe/snipe-it/commits?author=opsydev "Code") | [<img src="https://avatars1.githubusercontent.com/u/82290?v=3" width="110px;"/><br /><sub>Daniel Dreier</sub>](http://www.ddreier.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=ddreier "Code") | [<img src="https://avatars0.githubusercontent.com/u/23448?v=3" width="110px;"/><br /><sub>Nikolai Prokoschenko</sub>](http://rassie.org)<br />[💻](https://github.com/snipe/snipe-it/commits?author=rassie "Code") |
 | [<img src="https://avatars0.githubusercontent.com/u/13452757?v=3" width="110px;"/><br /><sub>Drew</sub>](https://github.com/YetAnotherCodeMonkey)<br />[💻](https://github.com/snipe/snipe-it/commits?author=YetAnotherCodeMonkey "Code") | [<img src="https://avatars0.githubusercontent.com/u/1342320?v=3" width="110px;"/><br /><sub>Walter</sub>](https://github.com/merid14)<br />[💻](https://github.com/snipe/snipe-it/commits?author=merid14 "Code") | [<img src="https://avatars3.githubusercontent.com/u/11254614?v=3" width="110px;"/><br /><sub>Petr Baloun</sub>](https://github.com/balous)<br />[💻](https://github.com/snipe/snipe-it/commits?author=balous "Code") | [<img src="https://avatars0.githubusercontent.com/u/6117660?v=3" width="110px;"/><br /><sub>reidblomquist</sub>](https://github.com/reidblomquist)<br />[📖](https://github.com/snipe/snipe-it/commits?author=reidblomquist "Documentation") | [<img src="https://avatars0.githubusercontent.com/u/539914?v=3" width="110px;"/><br /><sub>Mathieu Kooiman</sub>](https://github.com/mathieuk)<br />[💻](https://github.com/snipe/snipe-it/commits?author=mathieuk "Code") | [<img src="https://avatars3.githubusercontent.com/u/6606421?v=3" width="110px;"/><br /><sub>csayre</sub>](https://github.com/csayre)<br />[📖](https://github.com/snipe/snipe-it/commits?author=csayre "Documentation") | [<img src="https://avatars1.githubusercontent.com/u/768488?v=3" width="110px;"/><br /><sub>Adam Dunson</sub>](https://github.com/adamdunson)<br />[💻](https://github.com/snipe/snipe-it/commits?author=adamdunson "Code") |
 | [<img src="https://avatars0.githubusercontent.com/u/5547470?v=3" width="110px;"/><br /><sub>Hereward</sub>](https://github.com/thehereward)<br />[💻](https://github.com/snipe/snipe-it/commits?author=thehereward "Code") | [<img src="https://avatars0.githubusercontent.com/u/5802977?v=3" width="110px;"/><br /><sub>swoopdk</sub>](https://github.com/swoopdk)<br />[💻](https://github.com/snipe/snipe-it/commits?author=swoopdk "Code") | [<img src="https://avatars1.githubusercontent.com/u/3470403?v=3" width="110px;"/><br /><sub>Abdullah Alansari</sub>](https://linkedin.com/in/ahimta)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Ahimta "Code") | [<img src="https://avatars0.githubusercontent.com/u/796443?v=3" width="110px;"/><br /><sub>Micael Rodrigues</sub>](https://github.com/MicaelRodrigues)<br />[💻](https://github.com/snipe/snipe-it/commits?author=MicaelRodrigues "Code") | [<img src="https://avatars0.githubusercontent.com/u/614564?v=3" width="110px;"/><br /><sub>Patrick Gallagher</sub>](http://macadmincorner.com)<br />[📖](https://github.com/snipe/snipe-it/commits?author=patgmac "Documentation") | [<img src="https://avatars3.githubusercontent.com/u/7165922?v=3" width="110px;"/><br /><sub>Miliamber</sub>](https://github.com/Miliamber)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Miliamber "Code") | [<img src="https://avatars3.githubusercontent.com/u/861766?v=3" width="110px;"/><br /><sub>hawk554</sub>](https://github.com/hawk554)<br />[💻](https://github.com/snipe/snipe-it/commits?author=hawk554 "Code") |
@@ -119,7 +121,18 @@ Thanks goes to all of these wonderful people ([emoji key](https://github.com/ken
 | [<img src="https://avatars0.githubusercontent.com/u/6609453?v=4" width="110px;"/><br /><sub>Sxderp</sub>](https://github.com/Sxderp)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Sxderp "Code") | [<img src="https://avatars1.githubusercontent.com/u/4807843?v=4" width="110px;"/><br /><sub>fanta8897</sub>](https://github.com/fanta8897)<br />[💻](https://github.com/snipe/snipe-it/commits?author=fanta8897 "Code") | [<img src="https://avatars2.githubusercontent.com/u/2576509?v=4" width="110px;"/><br /><sub>Andrey Bolonin</sub>](https://andreybolonin.com/phpconsulting/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=andreybolonin "Code") | [<img src="https://avatars3.githubusercontent.com/u/2173307?v=4" width="110px;"/><br /><sub>shinayoshi</sub>](http://www.shinayoshi.net/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=shinayoshi "Code") | [<img src="https://avatars3.githubusercontent.com/u/2130159?v=4" width="110px;"/><br /><sub>Hubert</sub>](https://github.com/reuser)<br />[💻](https://github.com/snipe/snipe-it/commits?author=reuser "Code") | [<img src="https://avatars0.githubusercontent.com/u/6865789?v=4" width="110px;"/><br /><sub>KeenRivals</sub>](https://brashear.me)<br />[💻](https://github.com/snipe/snipe-it/commits?author=KeenRivals "Code") | [<img src="https://avatars3.githubusercontent.com/u/2902513?v=4" width="110px;"/><br /><sub>omyno</sub>](https://github.com/omyno)<br />[💻](https://github.com/snipe/snipe-it/commits?author=omyno "Code") |
 | [<img src="https://avatars1.githubusercontent.com/u/6271335?v=4" width="110px;"/><br /><sub>Evgeny</sub>](https://github.com/jackka)<br />[💻](https://github.com/snipe/snipe-it/commits?author=jackka "Code") | [<img src="https://avatars2.githubusercontent.com/u/1169963?v=4" width="110px;"/><br /><sub>Colin Campbell</sub>](https://digitalist.se)<br />[💻](https://github.com/snipe/snipe-it/commits?author=colin-campbell "Code") | [<img src="https://avatars3.githubusercontent.com/u/2872098?v=4" width="110px;"/><br /><sub>Ľubomír Kučera</sub>](https://github.com/lubo)<br />[💻](https://github.com/snipe/snipe-it/commits?author=lubo "Code") | [<img src="https://avatars3.githubusercontent.com/u/570639?v=4" width="110px;"/><br /><sub>Martin Meredith</sub>](https://www.sourceguru.net)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Mezzle "Code") | [<img src="https://avatars1.githubusercontent.com/u/7632599?v=4" width="110px;"/><br /><sub>Tim Farmer</sub>](https://github.com/timothyfarmer)<br />[💻](https://github.com/snipe/snipe-it/commits?author=timothyfarmer "Code") | [<img src="https://avatars0.githubusercontent.com/u/17459600?v=4" width="110px;"/><br /><sub>Marián Skrip</sub>](https://github.com/mskrip)<br />[💻](https://github.com/snipe/snipe-it/commits?author=mskrip "Code") | [<img src="https://avatars2.githubusercontent.com/u/47435081?v=4" width="110px;"/><br /><sub>Godfrey Martinez</sub>](https://github.com/Godmartinz)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Godmartinz "Code") |
 | [<img src="https://avatars1.githubusercontent.com/u/2075128?v=4" width="110px;"/><br /><sub>bigtreeEdo</sub>](https://github.com/bigtreeEdo)<br />[💻](https://github.com/snipe/snipe-it/commits?author=bigtreeEdo "Code") | [<img src="https://avatars0.githubusercontent.com/u/5000430?v=4" width="110px;"/><br /><sub>Colin  McNeil</sub>](https://colinmcneil.me/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=ColinMcNeil "Code") | [<img src="https://avatars0.githubusercontent.com/u/421625?v=4" width="110px;"/><br /><sub>JoKneeMo</sub>](https://github.com/JoKneeMo)<br />[💻](https://github.com/snipe/snipe-it/commits?author=JoKneeMo "Code") | [<img src="https://avatars0.githubusercontent.com/u/54849013?v=4" width="110px;"/><br /><sub>Joshi</sub>](http://www.redbridge.se)<br />[💻](https://github.com/snipe/snipe-it/commits?author=joshi-redbridge "Code") | [<img src="https://avatars2.githubusercontent.com/u/15731458?v=4" width="110px;"/><br /><sub>Anthony Burns</sub>](https://github.com/anthonypburns)<br />[💻](https://github.com/snipe/snipe-it/commits?author=anthonypburns "Code") | [<img src="https://avatars1.githubusercontent.com/u/63399474?v=4" width="110px;"/><br /><sub>johnson-yi</sub>](https://github.com/johnson-yi)<br />[💻](https://github.com/snipe/snipe-it/commits?author=johnson-yi "Code") | [<img src="https://avatars1.githubusercontent.com/u/1862720?v=4" width="110px;"/><br /><sub>Sanjay Govind</sub>](https://tangentmc.net)<br />[💻](https://github.com/snipe/snipe-it/commits?author=sanjay900 "Code") |
-| [<img src="https://avatars0.githubusercontent.com/u/1255375?v=4" width="110px;"/><br /><sub>Peter Upfold</sub>](https://peter.upfold.org.uk/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=PeterUpfold "Code") | [<img src="https://avatars2.githubusercontent.com/u/961717?v=4" width="110px;"/><br /><sub>Jared Biel</sub>](https://github.com/jbiel)<br />[💻](https://github.com/snipe/snipe-it/commits?author=jbiel "Code") | [<img src="https://avatars1.githubusercontent.com/u/1733625?v=4" width="110px;"/><br /><sub>Dampfklon</sub>](https://github.com/dampfklon)<br />[💻](https://github.com/snipe/snipe-it/commits?author=dampfklon "Code") | [<img src="https://avatars2.githubusercontent.com/u/52973156?v=4" width="110px;"/><br /><sub>Charles Hamilton</sub>](https://communityclosing.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=chamilton-ccn "Code") |
+| [<img src="https://avatars0.githubusercontent.com/u/1255375?v=4" width="110px;"/><br /><sub>Peter Upfold</sub>](https://peter.upfold.org.uk/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=PeterUpfold "Code") | [<img src="https://avatars2.githubusercontent.com/u/961717?v=4" width="110px;"/><br /><sub>Jared Biel</sub>](https://github.com/jbiel)<br />[💻](https://github.com/snipe/snipe-it/commits?author=jbiel "Code") | [<img src="https://avatars1.githubusercontent.com/u/1733625?v=4" width="110px;"/><br /><sub>Dampfklon</sub>](https://github.com/dampfklon)<br />[💻](https://github.com/snipe/snipe-it/commits?author=dampfklon "Code") | [<img src="https://avatars2.githubusercontent.com/u/52973156?v=4" width="110px;"/><br /><sub>Charles Hamilton</sub>](https://communityclosing.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=chamilton-ccn "Code") | [<img src="https://avatars.githubusercontent.com/u/551789?v=4" width="110px;"/><br /><sub>Giuseppe Iannello</sub>](https://github.com/giannello)<br />[💻](https://github.com/snipe/snipe-it/commits?author=giannello "Code") | [<img src="https://avatars.githubusercontent.com/u/3691490?v=4" width="110px;"/><br /><sub>Peter Dave Hello</sub>](https://www.peterdavehello.org/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=PeterDaveHello "Code") | [<img src="https://avatars.githubusercontent.com/u/6106332?v=4" width="110px;"/><br /><sub>sigmoidal</sub>](https://github.com/sigmoidal)<br />[💻](https://github.com/snipe/snipe-it/commits?author=sigmoidal "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/2082554?v=4" width="110px;"/><br /><sub>Vincent Lainé</sub>](https://github.com/phenixdotnet)<br />[💻](https://github.com/snipe/snipe-it/commits?author=phenixdotnet "Code") | [<img src="https://avatars.githubusercontent.com/u/1943040?v=4" width="110px;"/><br /><sub>Lucas Pleß</sub>](http://www.lucas-pless.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=derlucas "Code") | [<img src="https://avatars.githubusercontent.com/u/472804?v=4" width="110px;"/><br /><sub>Ian Littman</sub>](http://twitter.com/iansltx)<br />[💻](https://github.com/snipe/snipe-it/commits?author=iansltx "Code") | [<img src="https://avatars.githubusercontent.com/u/3519029?v=4" width="110px;"/><br /><sub>João Paulo</sub>](https://github.com/PauloLuna)<br />[💻](https://github.com/snipe/snipe-it/commits?author=PauloLuna "Code") | [<img src="https://avatars.githubusercontent.com/u/70443365?v=4" width="110px;"/><br /><sub>ThoBur</sub>](https://github.com/ThoBur)<br />[💻](https://github.com/snipe/snipe-it/commits?author=ThoBur "Code") | [<img src="https://avatars.githubusercontent.com/u/1972329?v=4" width="110px;"/><br /><sub>Alexander Chibrikin</sub>](http://phpprofi.ru/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=alek13 "Code") | [<img src="https://avatars.githubusercontent.com/u/438332?v=4" width="110px;"/><br /><sub>Anthony Winstanley</sub>](https://github.com/winstan)<br />[💻](https://github.com/snipe/snipe-it/commits?author=winstan "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/3075214?v=4" width="110px;"/><br /><sub>Folke</sub>](https://github.com/fashberg)<br />[💻](https://github.com/snipe/snipe-it/commits?author=fashberg "Code") | [<img src="https://avatars.githubusercontent.com/u/1351571?v=4" width="110px;"/><br /><sub>Bennett Blodinger</sub>](https://github.com/benwa)<br />[💻](https://github.com/snipe/snipe-it/commits?author=benwa "Code") | [<img src="https://avatars.githubusercontent.com/u/2974631?v=4" width="110px;"/><br /><sub>NMC</sub>](https://nmc.dev)<br />[💻](https://github.com/snipe/snipe-it/commits?author=ncareau "Code") | [<img src="https://avatars.githubusercontent.com/u/52182449?v=4" width="110px;"/><br /><sub>andres-baller</sub>](https://github.com/andres-baller)<br />[💻](https://github.com/snipe/snipe-it/commits?author=andres-baller "Code") | [<img src="https://avatars.githubusercontent.com/u/67109348?v=4" width="110px;"/><br /><sub>sean-borg</sub>](https://github.com/sean-borg)<br />[💻](https://github.com/snipe/snipe-it/commits?author=sean-borg "Code") | [<img src="https://avatars.githubusercontent.com/u/32170051?v=4" width="110px;"/><br /><sub>EDVLeer</sub>](https://github.com/EDVLeer)<br />[💻](https://github.com/snipe/snipe-it/commits?author=EDVLeer "Code") | [<img src="https://avatars.githubusercontent.com/u/23075196?v=4" width="110px;"/><br /><sub>Kurokat</sub>](https://github.com/Kurokat)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Kurokat "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/915514?v=4" width="110px;"/><br /><sub>Kevin Köllmann</sub>](https://www.kevinkoellmann.de)<br />[💻](https://github.com/snipe/snipe-it/commits?author=koelle25 "Code") | [<img src="https://avatars.githubusercontent.com/u/49025941?v=4" width="110px;"/><br /><sub>sw-mreyes</sub>](https://github.com/sw-mreyes)<br />[💻](https://github.com/snipe/snipe-it/commits?author=sw-mreyes "Code") | [<img src="https://avatars.githubusercontent.com/u/70129?v=4" width="110px;"/><br /><sub>Joel Pittet</sub>](https://pittet.ca)<br />[💻](https://github.com/snipe/snipe-it/commits?author=joelpittet "Code") | [<img src="https://avatars.githubusercontent.com/u/792695?v=4" width="110px;"/><br /><sub>Eli Young</sub>](https://elyscape.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=elyscape "Code") | [<img src="https://avatars.githubusercontent.com/u/317015?v=4" width="110px;"/><br /><sub>Raell Dottin</sub>](https://github.com/raelldottin)<br />[💻](https://github.com/snipe/snipe-it/commits?author=raelldottin "Code") | [<img src="https://avatars.githubusercontent.com/u/1446856?v=4" width="110px;"/><br /><sub>Tom Misilo</sub>](https://github.com/misilot)<br />[💻](https://github.com/snipe/snipe-it/commits?author=misilot "Code") | [<img src="https://avatars.githubusercontent.com/u/4496300?v=4" width="110px;"/><br /><sub>David Davenne</sub>](http://david.davenne.be)<br />[💻](https://github.com/snipe/snipe-it/commits?author=JuustoMestari "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/9255772?v=4" width="110px;"/><br /><sub>Mark Stenglein</sub>](https://markstenglein.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=ocelotsloth "Code") | [<img src="https://avatars.githubusercontent.com/u/35658596?v=4" width="110px;"/><br /><sub>ajsy</sub>](https://github.com/ajsy)<br />[💻](https://github.com/snipe/snipe-it/commits?author=ajsy "Code") | [<img src="https://avatars.githubusercontent.com/u/3628035?v=4" width="110px;"/><br /><sub>Jan Kiesewetter</sub>](https://github.com/t3easy)<br />[💻](https://github.com/snipe/snipe-it/commits?author=t3easy "Code") | [<img src="https://avatars.githubusercontent.com/u/79449630?v=4" width="110px;"/><br /><sub>Tetrachloromethane250</sub>](https://github.com/Tetrachloromethane250)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Tetrachloromethane250 "Code") | [<img src="https://avatars.githubusercontent.com/u/22004482?v=4" width="110px;"/><br /><sub>Lars Kajes</sub>](https://www.kajes.se/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=kajes "Code") | [<img src="https://avatars.githubusercontent.com/u/13993216?v=4" width="110px;"/><br /><sub>Joly0</sub>](https://github.com/Joly0)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Joly0 "Code") | [<img src="https://avatars.githubusercontent.com/u/1501022?v=4" width="110px;"/><br /><sub>theburger</sub>](https://github.com/limeless)<br />[💻](https://github.com/snipe/snipe-it/commits?author=limeless "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/36065681?v=4" width="110px;"/><br /><sub>David Valin Alonso</sub>](https://github.com/deivishome)<br />[💻](https://github.com/snipe/snipe-it/commits?author=deivishome "Code") | [<img src="https://avatars.githubusercontent.com/u/8290389?v=4" width="110px;"/><br /><sub>andreaci</sub>](https://github.com/andreaci)<br />[💻](https://github.com/snipe/snipe-it/commits?author=andreaci "Code") | [<img src="https://avatars.githubusercontent.com/u/1828542?v=4" width="110px;"/><br /><sub>Jelle Sebreghts</sub>](http://www.jellesebreghts.be)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Jelle-S "Code") | [<img src="https://avatars.githubusercontent.com/u/11180862?v=4" width="110px;"/><br /><sub>Michael Pietsch</sub>](https://github.com/Skywalker-11)<br /> | [<img src="https://avatars.githubusercontent.com/u/22068886?v=4" width="110px;"/><br /><sub>Masudul Haque Shihab</sub>](https://github.com/sh1hab)<br />[💻](https://github.com/snipe/snipe-it/commits?author=sh1hab "Code") | [<img src="https://avatars.githubusercontent.com/u/16099942?v=4" width="110px;"/><br /><sub>Supapong Areeprasertkul</sub>](http://www.freedomdive.com/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=zybersup "Code") | [<img src="https://avatars.githubusercontent.com/u/207358?v=4" width="110px;"/><br /><sub>Peter Sarossy</sub>](https://github.com/psarossy)<br />[💻](https://github.com/snipe/snipe-it/commits?author=psarossy "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/11823649?v=4" width="110px;"/><br /><sub>Renee Margaret McConahy</sub>](https://github.com/nepella)<br />[💻](https://github.com/snipe/snipe-it/commits?author=nepella "Code") | [<img src="https://avatars.githubusercontent.com/u/5553884?v=4" width="110px;"/><br /><sub>JohnnyPicnic</sub>](https://github.com/JohnnyPicnic)<br />[💻](https://github.com/snipe/snipe-it/commits?author=JohnnyPicnic "Code") | [<img src="https://avatars.githubusercontent.com/u/8799594?v=4" width="110px;"/><br /><sub>markbrule</sub>](https://github.com/markbrule)<br />[💻](https://github.com/snipe/snipe-it/commits?author=markbrule "Code") | [<img src="https://avatars.githubusercontent.com/u/1962801?v=4" width="110px;"/><br /><sub>Mike Campbell</sub>](https://github.com/mikecmpbll)<br />[💻](https://github.com/snipe/snipe-it/commits?author=mikecmpbll "Code") | [<img src="https://avatars.githubusercontent.com/u/11973217?v=4" width="110px;"/><br /><sub>tbrconnect</sub>](https://github.com/tbrconnect)<br />[💻](https://github.com/snipe/snipe-it/commits?author=tbrconnect "Code") | [<img src="https://avatars.githubusercontent.com/u/12447225?v=4" width="110px;"/><br /><sub>kcoyo</sub>](https://github.com/kcoyo)<br />[💻](https://github.com/snipe/snipe-it/commits?author=kcoyo "Code") | [<img src="https://avatars.githubusercontent.com/u/494017?v=4" width="110px;"/><br /><sub>Travis Miller</sub>](https://travismiller.com/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=travismiller "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/1975640?v=4" width="110px;"/><br /><sub>Evan Taylor</sub>](https://github.com/Delta5)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Delta5 "Code") | [<img src="https://avatars.githubusercontent.com/u/8735148?v=4" width="110px;"/><br /><sub>Petri Asikainen</sub>](https://github.com/PetriAsi)<br />[💻](https://github.com/snipe/snipe-it/commits?author=PetriAsi "Code") | [<img src="https://avatars.githubusercontent.com/u/11424540?v=4" width="110px;"/><br /><sub>derdeagle</sub>](https://github.com/derdeagle)<br />[💻](https://github.com/snipe/snipe-it/commits?author=derdeagle "Code") | [<img src="https://avatars.githubusercontent.com/u/176950?v=4" width="110px;"/><br /><sub>Mike Frysinger</sub>](https://wh0rd.org/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=vapier "Code") | [<img src="https://avatars.githubusercontent.com/u/22044358?v=4" width="110px;"/><br /><sub>ALPHA</sub>](https://github.com/AL4AL)<br />[💻](https://github.com/snipe/snipe-it/commits?author=AL4AL "Code") | [<img src="https://avatars.githubusercontent.com/u/1042587?v=4" width="110px;"/><br /><sub>FliegenKLATSCH</sub>](https://www.ifern.de)<br />[💻](https://github.com/snipe/snipe-it/commits?author=FliegenKLATSCH "Code") | [<img src="https://avatars.githubusercontent.com/u/442138?v=4" width="110px;"/><br /><sub>Jeremy Price</sub>](https://github.com/jerm)<br />[💻](https://github.com/snipe/snipe-it/commits?author=jerm "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/84392209?v=4" width="110px;"/><br /><sub>Toreg87</sub>](https://github.com/Toreg87)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Toreg87 "Code") | [<img src="https://avatars.githubusercontent.com/u/67638596?v=4" width="110px;"/><br /><sub>Matthew Nickson</sub>](https://github.com/Computroniks)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Computroniks "Code") | [<img src="https://avatars.githubusercontent.com/u/1646397?v=4" width="110px;"/><br /><sub>Jethro Nederhof</sub>](https://jethron.id.au)<br />[💻](https://github.com/snipe/snipe-it/commits?author=jethron "Code") | [<img src="https://avatars.githubusercontent.com/u/23289826?v=4" width="110px;"/><br /><sub>Oskar Stenberg</sub>](https://github.com/01ste02)<br />[💻](https://github.com/snipe/snipe-it/commits?author=01ste02 "Code") | [<img src="https://avatars.githubusercontent.com/u/82208283?v=4" width="110px;"/><br /><sub>Robert-Azelis</sub>](https://github.com/Robert-Azelis)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Robert-Azelis "Code") | [<img src="https://avatars.githubusercontent.com/u/60648387?v=4" width="110px;"/><br /><sub>Alexander William Smith</sub>](https://github.com/alwism)<br />[💻](https://github.com/snipe/snipe-it/commits?author=alwism "Code") | [<img src="https://avatars.githubusercontent.com/u/24418301?v=4" width="110px;"/><br /><sub>LEITWERK AG</sub>](https://www.leitwerk.de/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=leitwerk-ag "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/1911435?v=4" width="110px;"/><br /><sub>Adam</sub>](http://www.aboutcher.co.uk)<br />[💻](https://github.com/snipe/snipe-it/commits?author=adamboutcher "Code") | [<img src="https://avatars.githubusercontent.com/u/16104273?v=4" width="110px;"/><br /><sub>Ian</sub>](https://snksrv.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=sneak-it "Code") | [<img src="https://avatars.githubusercontent.com/u/4023909?v=4" width="110px;"/><br /><sub>Shao Yu-Lung (Allen)</sub>](http://blog.bestlong.idv.tw/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=bestlong "Code") | [<img src="https://avatars.githubusercontent.com/u/76475453?v=4" width="110px;"/><br /><sub>Haxatron</sub>](https://github.com/Haxatron)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Haxatron "Code") | [<img src="https://avatars.githubusercontent.com/u/88776392?v=4" width="110px;"/><br /><sub>PlaneNuts</sub>](https://github.com/PlaneNuts)<br />[💻](https://github.com/snipe/snipe-it/commits?author=PlaneNuts "Code") | [<img src="https://avatars.githubusercontent.com/u/3842948?v=4" width="110px;"/><br /><sub>Bradley Coudriet</sub>](http://bjcpgd.cias.rit.edu)<br />[💻](https://github.com/snipe/snipe-it/commits?author=exula "Code") | [<img src="https://avatars.githubusercontent.com/u/21966173?v=4" width="110px;"/><br /><sub>Dalton Durst</sub>](https://daltondur.st)<br />[💻](https://github.com/snipe/snipe-it/commits?author=UniversalSuperBox "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/38761237?v=4" width="110px;"/><br /><sub>Alex Janes</sub>](https://adagiohealth.org)<br />[💻](https://github.com/snipe/snipe-it/commits?author=adagioajanes "Code") | [<img src="https://avatars.githubusercontent.com/u/32387849?v=4" width="110px;"/><br /><sub>Nuraeil</sub>](https://github.com/nuraeil)<br />[💻](https://github.com/snipe/snipe-it/commits?author=nuraeil "Code") | [<img src="https://avatars.githubusercontent.com/u/48162670?v=4" width="110px;"/><br /><sub>TenOfTens</sub>](https://github.com/TenOfTens)<br />[💻](https://github.com/snipe/snipe-it/commits?author=TenOfTens "Code") | [<img src="https://avatars.githubusercontent.com/u/9415391?v=4" width="110px;"/><br /><sub>waffle</sub>](https://ditisjens.be/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=insert-waffle "Code") | [<img src="https://avatars.githubusercontent.com/u/19945501?v=4" width="110px;"/><br /><sub>Yevhenii Huzii</sub>](https://github.com/QveenSi)<br />[💻](https://github.com/snipe/snipe-it/commits?author=QveenSi "Code") | [<img src="https://avatars.githubusercontent.com/u/3839381?v=4" width="110px;"/><br /><sub>Achmad Fienan Rahardianto</sub>](https://github.com/veenone)<br />[💻](https://github.com/snipe/snipe-it/commits?author=veenone "Code") | [<img src="https://avatars.githubusercontent.com/u/19945501?v=4" width="110px;"/><br /><sub>Yevhenii Huzii</sub>](https://github.com/QveenSi)<br />[💻](https://github.com/snipe/snipe-it/commits?author=QveenSi "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/97299851?v=4" width="110px;"/><br /><sub>Christian Weirich</sub>](https://github.com/chrisweirich)<br />[💻](https://github.com/snipe/snipe-it/commits?author=chrisweirich "Code") | [<img src="https://avatars.githubusercontent.com/u/1294403?v=4" width="110px;"/><br /><sub>denzfarid</sub>](https://github.com/denzfarid)<br /> |
 <!-- ALL-CONTRIBUTORS-LIST:END -->
 
 This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind welcome!

SECURITY.md

@@ -0,0 +1,27 @@
+# Security Policy
+
+We take security issues very seriously, and will always attempt to address any 
+vulnerabilities as quickly as possible. 
+
+## Supported Versions
+
+We try to make a reasonable effort to support older versions of Snipe-IT, 
+however there are times when library dependencies and/or PHP/MySQL dependencies 
+make it impossible to backport security fixes on older versions. 
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Security vulnerabilities should be sent to security@snipeitapp.com. You can typically expect a 
+response within two business days, and we typically have fixes out in under a week from the initial disclosure.
+
+This obviously varies based on the severity of the  security issue and the difficulty in remediation, 
+but those have historically been the timelines we worm around.
+
+For a full breakdown of our security policies, please see https://snipeitapp.com/security.

Vagrantfile

@@ -8,25 +8,34 @@ Vagrant.configure("2") do |config|
   config.vm.define "bionic" do |bionic|
     bionic.vm.box = "ubuntu/bionic64"
     bionic.vm.hostname = 'bionic'
-    bionic.vm.network "public_network", bridge: NETWORK_BRIDGE
-    bionic.vm.provision :shell, :inline => "wget #{SNIPEIT_SH_URL}"
-    bionic.vm.provision :shell, :inline => "chmod 755 snipeit.sh"
+    bionic.vm.network "forwarded_port", guest: 80, host: 8080
+    bionic.vm.synced_folder ".", "/vagrant", :owner => 'www-data',
+      :group => 'vagrant', :mount_options => ['dmode=775', 'fmode=775']
+    bionic.vm.provision "ansible_local" do |ansible|
+      ansible.playbook = "ansible/ubuntu/vagrant_playbook.yml"
+    end
   end
 
   config.vm.define "xenial" do |xenial|
     xenial.vm.box = "ubuntu/xenial64"
     xenial.vm.hostname = 'xenial'
-    xenial.vm.network "public_network", bridge: NETWORK_BRIDGE
-    xenial.vm.provision :shell, :inline => "wget #{SNIPEIT_SH_URL}"
-    xenial.vm.provision :shell, :inline => "chmod 755 snipeit.sh"
+    xenial.vm.network "forwarded_port", guest: 80, host: 8080
+    xenial.vm.synced_folder ".", "/vagrant", :owner => 'www-data',
+      :group => 'vagrant', :mount_options => ['dmode=775', 'fmode=775']
+    xenial.vm.provision "ansible_local" do |ansible|
+      ansible.playbook = "ansible/ubuntu/vagrant_playbook.yml"
+    end
   end
 
   config.vm.define "trusty" do |trusty|
     trusty.vm.box = "ubuntu/trusty32"
     trusty.vm.hostname = 'trusty'
-    trusty.vm.network "public_network", bridge: NETWORK_BRIDGE
-    trusty.vm.provision :shell, :inline => "wget #{SNIPEIT_SH_URL}"
-    trusty.vm.provision :shell, :inline => "chmod 755 snipeit.sh"
+    trusty.vm.network "forwarded_port", guest: 80, host: 8080
+    trusty.vm.synced_folder ".", "/vagrant", :owner => 'www-data',
+      :group => 'vagrant', :mount_options => ['dmode=775', 'fmode=775']
+    trusty.vm.provision "ansible_local" do |ansible|
+      ansible.playbook = "ansible/ubuntu/vagrant_playbook.yml"
+    end
   end
 
   config.vm.define "centos7" do |centos7|

ansible/ubuntu/apachevirtualhost.conf.j2

@@ -0,0 +1,10 @@
+<VirtualHost *:80>
+    <Directory {{ app_path }}/public>
+        Allow From All
+        AllowOverride All
+        Options -Indexes
+    </Directory>
+
+    DocumentRoot {{ app_path }}/public
+    ServerName {{ fqdn }}
+</VirtualHost>

ansible/ubuntu/vagrant_playbook.yml

@@ -0,0 +1,226 @@
+---
+- name: Set up local server
+  hosts: all
+  remote_user: vagrant
+  become_user: root
+  become_method: sudo
+  vars:
+    app_path: "/var/www/snipeit"
+    fqdn: "localhost"
+  tasks:
+    - name: Update and upgrade existing apt packages
+      become: true
+      apt:
+        upgrade: yes
+        update_cache: yes
+    - name: Install Utilities
+      become: true          
+      apt:
+        name: "{{ packages }}"
+        state: present 
+      vars: 
+        packages:
+          - nano
+          - vim
+    - name: Installing Apache httpd, PHP, MariaDB and other requirements.
+      become: true
+      apt:
+        name: "{{ packages }}"
+        state: present
+      vars:
+        packages:
+          - mariadb-client
+          - php
+          - php-curl
+          - php-mysql
+          - php-gd
+          - php-ldap
+          - php-zip
+          - php-mbstring
+          - php-xml
+          - php-bcmath
+          - curl
+          - git
+          - unzip
+          - python-pymysql
+    #
+    # Install the lastest version of composer
+    #
+    - name: Composer check
+      stat:
+        path: /usr/local/bin/composer
+      register: composer_exits
+    - name: Install Composer
+      shell: |
+        EXPECTED_SIGNATURE=$(wget -q -O - https://composer.github.io/installer.sig)
+        php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+        ACTUAL_SIGNATURE=$(php -r "echo hash_file('SHA384', 'composer-setup.php');")
+
+        if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]
+        then
+            >&2 echo 'ERROR: Invalid installer signature'
+            rm composer-setup.php
+            exit 1
+        fi
+
+        php composer-setup.php --quiet
+        RESULT=$?
+        rm composer-setup.php
+        mv composer.phar /usr/local/bin/composer
+        exit $RESULT
+      when: not composer_exits.stat.exists
+      args:
+        creates: /usr/local/bin/composer
+      become: true
+    #
+    # Install and Configure MariaDB
+    #
+    - name: Install MariaDB
+      become: true
+      apt:
+        name: mariadb-server
+        state: present
+      register: sql_server
+    - name: Start and Enable MySQL server
+      become: true 
+      systemd:
+        state: started
+        enabled: yes
+        name: mariadb
+    - name: Create Vagrant mysql password
+      become: true
+      mysql_user:
+        name: vagrant
+        password: vagrant
+        login_unix_socket: /var/run/mysqld/mysqld.sock
+        priv: "*.*:ALL"
+        state: present
+    - name: Enable remote mysql
+      replace:
+        path: /etc/mysql/mariadb.conf.d/50-server.cnf
+        regexp: "127.0.0.1"
+        replace: "0.0.0.0" 
+      become: true         
+      notify:
+        - restart mysql
+    - name: Create snipeit database
+      become: true
+      mysql_db:
+        name: snipeit
+        state: present
+        login_unix_socket: /var/run/mysqld/mysqld.sock
+    #  
+    # Install Apache Web Server
+    #
+    - name: Install Apache 2.4
+      apt:
+        name: "{{ packages }}"
+        state: present
+      vars:
+        packages:
+          - apache2
+          - libapache2-mod-php
+      become: true    
+      register: apache2_server     
+    - name: Start and Enable Apache2 Server
+      become: true
+      systemd:
+        name: apache2
+        state: started
+        enabled: yes
+    #- name: Disable Apache modules
+    #  become: true 
+    #  apache2_module:
+    #    state: absent
+    #    name: "{{ item }}"
+    #  with_items: 
+    #    #- mpm_prefork
+    #  notify:
+    #    - restart apache2
+    - name: Enable Apache modules
+      become: true
+      apache2_module:
+        state: present
+        name: "{{ item }}"
+      with_items:
+        - rewrite
+        - vhost_alias
+        - deflate
+        - expires
+        - proxy_fcgi
+        - proxy
+      notify:
+        - restart apache2
+    - name: Install Apache VirtualHost File
+      become: true
+      template:
+        src: apachevirtualhost.conf.j2
+        dest: "/etc/apache2/sites-available/snipeit.conf"
+    - name: Enable VirtualHost
+      become: true
+      command: a2ensite snipeit
+      args:
+        creates: /etc/apache2/sites-enabled/snipeit.conf
+      notify:
+        - restart apache2
+    - name: Map apache dir to local folder
+      become: true
+      file:
+        src: /vagrant
+        dest: "{{ app_path }}"
+        state: link
+      notify:
+        - restart apache2
+    #
+    # Install dependencies from composer
+    #
+    - name: Install dependencies from composer
+      composer:
+        command: install
+        working_dir: "{{ app_path }}"
+      notify:
+        - restart apache2
+    #
+    # Configure .env file
+    #
+    - name: Copy .env file
+      copy:
+        src: "{{ app_path }}/.env.example"
+        dest: "{{ app_path }}/.env"
+    - name: Configure .env file
+      lineinfile:
+        path: "{{ app_path }}/.env"
+        regexp: "{{ item.regexp }}"
+        line: "{{ item.line }}"
+      with_items:
+        - { regexp: '^DB_HOST=', line: 'DB_HOST=127.0.0.1'}
+        - { regexp: '^DB_DATABASE=', line: 'DB_DATABASE=snipeit' }
+        - { regexp: '^DB_USERNAME=', line: 'DB_USERNAME=vagrant' }
+        - { regexp: '^DB_PASSWORD=', line: 'DB_PASSWORD=vagrant' }
+        - { regexp: '^APP_URL=', line: "APP_URL=http://{{ fqdn }}" }
+        - { regexp: '^APP_ENV=', line: "APP_ENV=development" }
+        - { regexp: '^APP_DEBUG=', line: "APP_DEBUG=true" }
+    - name: Generate application key
+      shell: "php {{ app_path }}/artisan key:generate --force"
+    - name: Artisan Migrate
+      shell: "php {{ app_path }}/artisan migrate --force"
+    #
+    # Create Cron Job
+    #
+    - name: Create scheduler cron job
+      become: true
+      cron:
+        name: "Snipe-IT Artisan Scheduler"
+        job: "/usr/bin/php {{ app_path }}/artisan schedule:run"
+  handlers:
+    - name: restart apache2
+      become: true
+      systemd:
+        name: apache2
+        state: restarted
+    - name: restart mysql
+      become: true
+      systemd:
+        name: mysql
+        state: restarted
+

app.json

@@ -0,0 +1,154 @@
+{
+    "name": "Snipe-IT",
+    "description": "Open source asset management.",
+    "keywords": [
+      "asset management",
+      "it asset"
+    ],
+    "website": "https://snipeitapp.com/",
+    "repository": "https://github.com/snipe/snipe-it",
+    "logo": "https://pbs.twimg.com/profile_images/976748875733020672/K-HnZCCK_400x400.jpg",
+    "success_url": "/setup",
+    "env": {
+      "APP_ENV": {
+        "description": "Laravel environment mode. Unless developing the application, this should be production.",
+        "value": "production"
+      },
+      "APP_DEBUG": {
+        "description": "Laravel debug mode. Unless developing the application or actively debugging a problem, this should be set to false.",
+        "value": "false"
+      },
+      "APP_KEY": {
+        "description": "A secret key for verifying the integrity of signed cookies. (See either https://snipe-it.readme.io/docs/generate-your-app-key or generate at https://coderstoolbox.online/toolbox/generate-symfony-secret)",
+        "value": ""
+      },
+      "APP_URL": {
+        "description": "URL where your Snipe-IT install will be available at.",
+        "value": "https://your-app-name.herokuapp.com"
+      },
+      "APP_TIMEZONE": {
+        "description": "Which timezone do you want to use for your install? (http://php.net/manual/en/timezones.php)",
+        "value": "UTC"
+      },
+      "APP_LOCALE": {
+        "description": "Which language do you want to use for your install? (https://snipe-it.readme.io/docs/configuration#setting-a-language)",
+        "value": "en"
+      },
+      "MAX_RESULTS": {
+        "description": "The maximum number of search results that can be returned at one time.",
+        "value": "500"
+      },
+      "MAIL_DRIVER": {
+        "description": "Mail driver - Generally SMTP on Heroku - https://snipe-it.readme.io/docs/configuration#required-outgoing-mail-settings",
+        "value": "smtp"
+      },
+      "MAIL_HOST": {
+        "description": "SMTP Server Hostname",
+        "value": "smtp.your.domain.name"
+      },
+      "MAIL_PORT": {
+        "description": "SMTP Server Port",
+        "value": "25"
+      },
+      "MAIL_USERNAME": {
+        "description": "SMTP Server Username",
+        "value": "YOURUSERNAME"
+      },
+      "MAIL_PASSWORD": {
+        "description": "SMTP Server Password",
+        "value": "YOURPASSWORD"
+      },
+      "MAIL_ENCRYPTION": {
+        "description": "Encryption protocol for email sending.",
+        "value": "null"
+      },
+      "MAIL_FROM_ADDR": {
+        "description": "Email from address",
+        "value": "no-reply@domain.name"
+      },
+      "MAIL_FROM_NAME": {
+        "description": "Email from Name",
+        "value": "Snipe-IT"
+      },
+      "MAIL_REPLYTO_ADDR": {
+        "description": "Email Reply-To address",
+        "value": "your@domain.name"
+      },
+      "MAIL_REPLYTO_NAME": {
+        "description": "Email Reply-To Name",
+        "value": "Snipe-IT"
+      },
+      "MAIL_AUTO_EMBED": {
+        "description": "Whether or not to embed images in emails (via CID or base64) versus linking to them.",
+        "value": "true"
+      },
+      "MAIL_AUTO_EMBED_METHOD": {
+        "description": "Method that should be used for attaching inline images.",
+        "value": "base64"
+      },
+      "SESSION_LIFETIME": {
+        "description": "Specify the time in minutes that the session should remain valid.",
+        "value": "12000"
+      },
+      "EXPIRE_ON_CLOSE": {
+        "description": "Specify whether or not the logged in session should be expired when the user closes their browser window.",
+        "value": "false"
+      },
+      "ENCRYPT": {
+        "description": "Specify whether you wish to use encrypted cookies for your Snipe-IT sessions.",
+        "value": "true"
+      },
+      "COOKIE_NAME": {
+        "description": "The name of the cookie set by Snipe-IT for session management.",
+        "value": "snipeit_session"
+      },
+      "COOKIE_DOMAIN": {
+        "description": "The domain name that the session cookie should be sent for.",
+        "value": "your-app-name.herokuapp.com"
+      },
+      "SECURE_COOKIES": {
+        "description": "Should cookies only be sent for HTTPS connections? Generally true on Heroku.",
+        "value": "true"
+      },
+      "LOGIN_MAX_ATTEMPTS": {
+        "description": "The maximum number of failed attempts allowed before the user is throttled.",
+        "value": "5"
+      },
+      "LOGIN_LOCKOUT_DURATION": {
+        "description": "The duration (in seconds) that the user should be blocked from attempting to authenticate again.",
+        "value": "60"
+      },
+      "APP_LOG": {
+        "description": "Driver to send logs to. (errorlog for stderr)",
+        "value": "errorlog"
+      },
+      "ALLOW_IFRAMING": {
+        "description": "Allow Snipe-IT to be loaded using an iFrame?",
+        "value": "false"
+      },
+      "GOOGLE_MAPS_API": {
+        "description": "Include your Google Maps API key here if you'd like Snipe-IT to load maps from Google on your locations and suppliers pages.",
+        "required": false
+      },
+      "BACKUP_ENV": {
+        "description": "Set this to true if you wish to backup your .env file in your Admin > Backups process.",
+        "value": "true"
+      },
+      "ENABLE_HSTS": {
+        "description": "Whether or not to send the HSTS security policy header.",
+        "value": "false"
+      }
+    },
+    "formation": {
+      "web": {
+        "quantity": 1,
+        "size": "free"
+      }
+    },
+    "image": "heroku/php",
+    "addons": [
+      "cleardb:ignite",
+      "heroku-redis:hobby-dev",
+      "papertrail:choklad"
+    ]
+  }

app/Console/Commands/CheckinLicensesFromAllUsers.php

@@ -2,10 +2,10 @@
 
 namespace App\Console\Commands;
 
-use App\Models\LicenseSeat;
-use Illuminate\Console\Command;
-use App\Models\User;
 use App\Models\License;
+use App\Models\LicenseSeat;
+use App\Models\User;
+use Illuminate\Console\Command;
 use Illuminate\Database\Eloquent\Model;
 
 class CheckinLicensesFromAllUsers extends Command
@@ -41,55 +41,48 @@ class CheckinLicensesFromAllUsers extends Command
      */
     public function handle()
     {
-
         $license_id = $this->option('license_id');
         $notify = $this->option('notify');
 
-        if (!$license_id) {
+        if (! $license_id) {
             $this->error('ERROR: License ID is required.');
+
             return false;
         }
 
-
-        if (!$license = License::where('id','=',$license_id)->first()) {
+        if (! $license = License::where('id', '=', $license_id)->first()) {
             $this->error('Invalid license ID');
+
             return false;
         }
 
         $this->info('Checking in ALL seats for '.$license->name);
 
-
         $licenseSeats = LicenseSeat::where('license_id', '=', $license_id)
             ->whereNotNull('assigned_to')
             ->with('user')
             ->get();
 
-        $this->info(' There are ' .$licenseSeats->count(). ' seats checked out: ');
+        $this->info(' There are '.$licenseSeats->count().' seats checked out: ');
 
-        if (!$notify) {
+        if (! $notify) {
             $this->info('No mail will be sent.');
         }
 
         foreach ($licenseSeats as $seat) {
-            $this->info($seat->user->username .' has a license seat for '.$license->name);
+            $this->info($seat->user->username.' has a license seat for '.$license->name);
             $seat->assigned_to = null;
 
             if ($seat->save()) {
 
                 // Override the email address so we don't notify on checkin
-                if (!$notify) {
+                if (! $notify) {
                     $seat->user->email = null;
                 }
 
                 // Log the checkin
                 $seat->logCheckin($seat->user, 'Checked in via cli tool');
             }
-
-
-
-
         }
-        
-
     }
 }

app/Console/Commands/CheckoutLicenseToAllUsers.php

@@ -2,10 +2,10 @@
 
 namespace App\Console\Commands;
 
-use App\Models\LicenseSeat;
-use Illuminate\Console\Command;
-use App\Models\User;
 use App\Models\License;
+use App\Models\LicenseSeat;
+use App\Models\User;
+use Illuminate\Console\Command;
 use Illuminate\Database\Eloquent\Model;
 
 class CheckoutLicenseToAllUsers extends Command
@@ -41,18 +41,18 @@ class CheckoutLicenseToAllUsers extends Command
      */
     public function handle()
     {
-
         $license_id = $this->option('license_id');
         $notify = $this->option('notify');
 
-        if (!$license_id) {
-             $this->error('ERROR: License ID is required.');
-             return false;
+        if (! $license_id) {
+            $this->error('ERROR: License ID is required.');
+
+            return false;
         }
 
-
-        if (!$license = License::where('id','=',$license_id)->with('assignedusers')->first()) {
+        if (! $license = License::where('id', '=', $license_id)->with('assignedusers')->first()) {
             $this->error('Invalid license ID');
+
             return false;
         }
 
@@ -64,7 +64,7 @@ class CheckoutLicenseToAllUsers extends Command
 
         $this->info('Checking out '.$users->count().' of '.$license->getAvailSeatsCountAttribute().' seats for '.$license->name);
 
-        if (!$notify) {
+        if (! $notify) {
             $this->info('No mail will be sent.');
         }
 
@@ -74,14 +74,14 @@ class CheckoutLicenseToAllUsers extends Command
             // to them
 
             if ($user->licenses->where('id', '=', $license_id)->count()) {
-                $this->info($user->username .' already has this license checked out to them. Skipping... ');
+                $this->info($user->username.' already has this license checked out to them. Skipping... ');
                 continue;
             }
 
-            
             // If the license is valid, check that there is an available seat
             if ($license->availCount()->count() < 1) {
                 $this->error('ERROR: No available seats');
+
                 return false;
             }
 
@@ -89,13 +89,12 @@ class CheckoutLicenseToAllUsers extends Command
             // Get the seat ID
             $licenseSeat = $license->freeSeat();
 
-
             // Update the seat with checkout info,
-           $licenseSeat->assigned_to = $user->id;
+            $licenseSeat->assigned_to = $user->id;
             if ($licenseSeat->save()) {
 
                 // Temporarily null the user's email address so we don't send mail if we're not supposed to
-                if (!$notify) {
+                if (! $notify) {
                     $user->email = null;
                 }
 
@@ -103,10 +102,6 @@ class CheckoutLicenseToAllUsers extends Command
                 $licenseSeat->logCheckout('Checked out via cli tool', $user);
                 $this->info('License '.$license_id.' seat '.$licenseSeat->id.' checked out to '.$user->username);
             }
-
         }
-
-
-
     }
 }

app/Console/Commands/CreateAdmin.php

@@ -37,7 +37,6 @@ class CreateAdmin extends Command
      */
     public function handle()
     {
-
         $first_name = $this->option('first_name');
         $last_name = $this->option('last_name');
         $username = $this->option('username');
@@ -45,7 +44,7 @@ class CreateAdmin extends Command
         $password = $this->option('password');
         $show_in_list = $this->argument('show_in_list');
 
-        if (($first_name=='') || ($last_name=='') || ($username=='') || ($email=='') || ($password=='')) {
+        if (($first_name == '') || ($last_name == '') || ($username == '') || ($email == '') || ($password == '')) {
             $this->info('ERROR: All fields are required.');
         } else {
             $user = new \App\Models\User;
@@ -68,12 +67,9 @@ class CreateAdmin extends Command
                 $errors = $user->getErrors();
 
                 foreach ($errors->all() as $error) {
-                    $this->info('ERROR:'. $error);
+                    $this->info('ERROR:'.$error);
                 }
-
             }
         }
-
     }
-
 }

app/Console/Commands/DisableLDAP.php

@@ -38,9 +38,7 @@ class DisableLDAP extends Command
      */
     public function handle()
     {
-
         if ($this->confirm("\n****************************************************\nThis will disable LDAP support. You will not be able \nto login with an account that does not exist \nlocally in the Snipe-IT local database. \n****************************************************\n\nDo you wish to continue? [y|N]")) {
-
             $setting = Setting::getSettings();
             $setting->ldap_enabled = 0;
             if ($setting->save()) {
@@ -51,6 +49,5 @@ class DisableLDAP extends Command
         } else {
             $this->info('Canceled. No actions taken.');
         }
-
     }
 }

app/Console/Commands/FixDoubleEscape.php

@@ -37,49 +37,43 @@ class FixDoubleEscape extends Command
      */
     public function handle()
     {
-
         $tables = [
-            '\App\Models\Asset' => ['name'],
-            '\App\Models\License' => ['name'],
-            '\App\Models\Consumable' => ['name'],
-            '\App\Models\Accessory' => ['name'],
-            '\App\Models\Component' => ['name'],
-            '\App\Models\Company' => ['name'],
-            '\App\Models\Manufacturer' => ['name'],
-            '\App\Models\Supplier' => ['name'],
-            '\App\Models\Statuslabel' => ['name'],
-            '\App\Models\Depreciation' => ['name'],
-            '\App\Models\AssetModel' => ['name'],
-            '\App\Models\Group' => ['name'],
-            '\App\Models\Department' => ['name'],
-            '\App\Models\Location' => ['name'],
-            '\App\Models\User' => ['first_name', 'last_name'],
+            \App\Models\Asset::class => ['name'],
+            \App\Models\License::class => ['name'],
+            \App\Models\Consumable::class => ['name'],
+            \App\Models\Accessory::class => ['name'],
+            \App\Models\Component::class => ['name'],
+            \App\Models\Company::class => ['name'],
+            \App\Models\Manufacturer::class => ['name'],
+            \App\Models\Supplier::class => ['name'],
+            \App\Models\Statuslabel::class => ['name'],
+            \App\Models\Depreciation::class => ['name'],
+            \App\Models\AssetModel::class => ['name'],
+            \App\Models\Group::class => ['name'],
+            \App\Models\Department::class => ['name'],
+            \App\Models\Location::class => ['name'],
+            \App\Models\User::class => ['first_name', 'last_name'],
         ];
 
-        $count = array();
+        $count = [];
 
+        foreach ($tables as $classname => $fields) {
+            $count[$classname] = [];
+            $count[$classname]['classname'] = 0;
 
+            foreach ($fields as $field) {
+                $count[$classname]['classname']++;
+                $count[$classname][$field] = 0;
 
-            foreach ($tables as $classname => $fields) {
-                $count[$classname] = array();
-                $count[$classname]['classname'] = 0;
-
-                foreach($fields as $field) {
-
-                    $count[$classname]['classname']++;
-                    $count[$classname][$field] = 0;
-
-                    foreach($classname::where("$field",'LIKE','%&%')->get() as $row) {
-                        $this->info('Updating '.$field.' for '.$classname);
-                        $row->{$field} = html_entity_decode($row->{$field},ENT_QUOTES);
-                        $row->save();
-                        $count[$classname][$field]++;
-
-                    }
+                foreach ($classname::where("$field", 'LIKE', '%&%')->get() as $row) {
+                    $this->info('Updating '.$field.' for '.$classname);
+                    $row->{$field} = html_entity_decode($row->{$field}, ENT_QUOTES);
+                    $row->save();
+                    $count[$classname][$field]++;
                 }
             }
+        }
 
         $this->info('Update complete');
-
     }
 }

app/Console/Commands/FixMismatchedAssetsAndLogs.php

@@ -29,7 +29,6 @@ class FixMismatchedAssetsAndLogs extends Command
      */
     private $dryrun = false;
 
-
     /**
      * Create a new command instance.
      *
@@ -47,30 +46,29 @@ class FixMismatchedAssetsAndLogs extends Command
      */
     public function handle()
     {
-
         if ($this->option('dryrun')) {
             $this->dryrun = true;
         }
 
         if ($this->dryrun) {
-            $this->info('This is a DRY RUN - no changes will be saved.' );
+            $this->info('This is a DRY RUN - no changes will be saved.');
         }
 
         $mismatch_count = 0;
         $assets = Asset::whereNotNull('assigned_to')
-            ->where('assigned_type', '=', 'App\\Models\\User')
+            ->where('assigned_type', '=', \App\Models\User::class)
             ->orderBy('id', 'ASC')->get();
         foreach ($assets as $asset) {
 
             // get the last checkout of the asset
-            if ($checkout_log = Actionlog::where('target_type', '=', 'App\\Models\\User')
+            if ($checkout_log = Actionlog::where('target_type', '=', \App\Models\User::class)
                 ->where('action_type', '=', 'checkout')
                 ->where('item_id', '=', $asset->id)
                 ->orderBy('created_at', 'DESC')
                 ->first()) {
 
                     // Now check for a subsequent checkin log - we want to ignore those
-                    if (!$checkin_log = Actionlog::where('target_type', '=', 'App\\Models\\User')
+                if (! $checkin_log = Actionlog::where('target_type', '=', \App\Models\User::class)
                         ->where('action_type', '=', 'checkin from')
                         ->where('item_id', '=', $asset->id)
                         ->whereDate('created_at', '>', $checkout_log->created_at)
@@ -78,28 +76,24 @@ class FixMismatchedAssetsAndLogs extends Command
                         ->first()) {
 
                         //print_r($asset);
-                        if ($checkout_log->target_id != $asset->assigned_to) {
-                            $this->error('Log ID: '.$checkout_log->id.' -- Asset ID '. $checkout_log->item_id.' SHOULD BE checked out to User '.$checkout_log->target_id.' but its assigned_to is '.$asset->assigned_to );
+                    if ($checkout_log->target_id != $asset->assigned_to) {
+                        $this->error('Log ID: '.$checkout_log->id.' -- Asset ID '.$checkout_log->item_id.' SHOULD BE checked out to User '.$checkout_log->target_id.' but its assigned_to is '.$asset->assigned_to);
 
-                            if (!$this->dryrun) {
-                                $asset->assigned_to = $checkout_log->target_id;
-                                if ($asset->save()) {
-                                    $this->info('Asset record updated.');
-                                } else {
-                                    $this->error('Error updating asset: '.$asset->getErrors());
-                                }
+                        if (! $this->dryrun) {
+                            $asset->assigned_to = $checkout_log->target_id;
+                            if ($asset->save()) {
+                                $this->info('Asset record updated.');
+                            } else {
+                                $this->error('Error updating asset: '.$asset->getErrors());
                             }
-                            $mismatch_count++;
                         }
-                    } else {
-                        //$this->info('Asset ID '.$asset->id.': There is a checkin '.$checkin_log->created_at.' after this checkout '.$checkout_log->created_at);
-
+                        $mismatch_count++;
                     }
-
+                } else {
+                    //$this->info('Asset ID '.$asset->id.': There is a checkin '.$checkin_log->created_at.' after this checkout '.$checkout_log->created_at);
+                }
             }
-
         }
         $this->info($mismatch_count.' mismatched assets.');
-
     }
 }

app/Console/Commands/ImportLocations.php

@@ -2,9 +2,9 @@
 
 namespace App\Console\Commands;
 
+use App\Models\Location;
 use Illuminate\Console\Command;
 use League\Csv\Reader;
-use App\Models\Location;
 
 class ImportLocations extends Command
 {
@@ -39,10 +39,8 @@ class ImportLocations extends Command
      */
     public function handle()
     {
-
-
-        if (!ini_get("auto_detect_line_endings")) {
-            ini_set("auto_detect_line_endings", '1');
+        if (! ini_get('auto_detect_line_endings')) {
+            ini_set('auto_detect_line_endings', '1');
         }
 
         $filename = $this->argument('filename');
@@ -53,18 +51,17 @@ class ImportLocations extends Command
 
         // Import parent location names first if they don't exist
         foreach ($results as $parent_index => $parent_row) {
-
             if (array_key_exists('Parent Name', $parent_row)) {
                 $parent_name = trim($parent_row['Parent Name']);
                 if (array_key_exists('Name', $parent_row)) {
-                    $this->info('- Parent: ' . $parent_name . ' in row as: ' . trim($parent_row['Parent Name']));
+                    $this->info('- Parent: '.$parent_name.' in row as: '.trim($parent_row['Parent Name']));
                 }
 
                 // Save parent location name
                 // This creates a sort of name-stub that we'll update later on in this script
-                $parent_location = Location::firstOrCreate(array('name' => $parent_name));
+                $parent_location = Location::firstOrCreate(['name' => $parent_name]);
                 if (array_key_exists('Name', $parent_row)) {
-                    $this->info('Parent for ' . $parent_row['Name'] . ' is ' . $parent_name . '. Attempting to save ' . $parent_name . '.');
+                    $this->info('Parent for '.$parent_row['Name'].' is '.$parent_name.'. Attempting to save '.$parent_name.'.');
                 }
 
                 // Check if the record was updated or created.
@@ -74,29 +71,29 @@ class ImportLocations extends Command
                 } else {
                     $this->info('- Parent location '.$parent_name.' was created.');
                 }
-
             } else {
                 $this->info('- No Parent Name provided, so no parent location will be created.');
             }
-
         }
 
         $this->info('----- Parents Created.... backfilling additional details... --------');
         // Loop through ALL records and add/update them if there are additional fields
         // besides name
         foreach ($results as $index => $row) {
-
             if (array_key_exists('Parent Name', $row)) {
                 $parent_name = trim($row['Parent Name']);
+            } else {
+                $parent_name = null;
             }
 
             // Set the location attributes to save
             if (array_key_exists('Name', $row)) {
-                $location = Location::firstOrNew(array('name' => trim($row['Name'])));
+                $location = Location::firstOrCreate(['name' => trim($row['Name'])]);
                 $location->name = trim($row['Name']);
                 $this->info('Checking location: '.$location->name);
             } else {
                 $this->error('Location name is required and is missing from at least one row in this dataset. Check your CSV for extra trailing rows and try again.');
+
                 return false;
             }
             if (array_key_exists('Currency', $row)) {
@@ -124,7 +121,6 @@ class ImportLocations extends Command
                 $location->ldap_ou = trim($row['OU']);
             }
 
-
             // If a parent name is provided, we created it earlier in the script,
             // so let's grab that ID
             if ($parent_name) {
@@ -140,21 +136,15 @@ class ImportLocations extends Command
                 // Check if the record was updated or created.
                 // This is mostly for clearer debugging.
                 if ($location->exists) {
-                    $this->info('Location ' . $location->name . ' already exists. Updating...');
+                    $this->info('Location '.$location->name.' already exists. Updating...');
                 } else {
                     $this->info('- Location '.$location->name.' was created. ');
                 }
 
-            // If there's a validation error, display that
+                // If there's a validation error, display that
             } else {
-                $this->error('- Non-parent Location '.$location->name.' could not be created: '.$location->getErrors() );
+                $this->error('- Non-parent Location '.$location->name.' could not be created: '.$location->getErrors());
             }
-
-
-
-
         }
-
-
     }
 }

app/Console/Commands/KillAllSessions.php

@@ -0,0 +1,59 @@
+<?php
+
+namespace App\Console\Commands;
+
+use Illuminate\Console\Command;
+
+class KillAllSessions extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'snipeit:global-logout  {--force : Skip the danger prompt; assuming you enter "y"} ';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'This command will destroy all web sessions on disk and will force a re-login for all users.';
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+
+        if (!$this->option('force') && !$this->confirm("****************************************************\nTHIS WILL FORCE A LOGIN FOR ALL LOGGED IN USERS.\n\nAre you SURE you wish to continue? ")) {
+            return $this->error("Session loss not confirmed");
+        }
+
+        $session_files = glob(storage_path("framework/sessions/*"));
+
+        $count = 0;
+        foreach ($session_files as $file) {
+
+            if (is_file($file))
+                unlink($file);
+                $count++;
+        }
+        \DB::table('users')->update(['remember_token' => null]);
+
+        $this->info($count. ' sessions cleared!');
+
+    }
+}

app/Console/Commands/LdapSync.php

@@ -1,24 +1,15 @@
 <?php
 
-declare(strict_types=1);
-
 namespace App\Console\Commands;
 
-use Log;
-use Exception;
-use App\Models\User;
-use App\Services\LdapAd;
-use App\Models\Location;
+use App\Models\Department;
 use Illuminate\Console\Command;
-use Adldap\Models\User as AdldapUser;
+use App\Models\Setting;
+use App\Models\Ldap;
+use App\Models\User;
+use App\Models\Location;
+use Log;
 
-/**
- * LDAP / AD sync command.
- *
- * @author Wes Hulette <jwhulette@gmail.com>
- *
- * @since 5.0.0
- */
 class LdapSync extends Command
 {
     /**
@@ -26,79 +17,23 @@ class LdapSync extends Command
      *
      * @var string
      */
-    protected $signature = 'snipeit:ldap-sync 
-                {--location= : A location name } 
-                {--location_id= : A location id} 
-                {--base_dn= : A diffrent base DN to use } 
-                {--summary : Print summary } 
-                {--json_summary : Print summary in json format } 
-                {--dryrun : Run the sync process but don\'t update the database}';
+    protected $signature = 'snipeit:ldap-sync {--location=} {--location_id=} {--base_dn=} {--summary} {--json_summary}';
 
     /**
      * The console command description.
      *
      * @var string
      */
-    protected $description = 'Command line LDAP/AD sync';
-
-    /**
-     * An LdapAd instance.
-     *
-     * @var \App\Models\LdapAd
-     */
-    private $ldap;
-
-    /**
-     * LDAP settings collection.
-     *
-     * @var \Illuminate\Support\Collection
-     */
-    private $settings = null;
-
-    /**
-     * A default location collection.
-     *
-     * @var \Illuminate\Support\Collection
-     */
-    private $defaultLocation = null;
-
-    /**
-     * Mapped locations collection.
-     *
-     * @var \Illuminate\Support\Collection
-     */
-    private $mappedLocations = null;
-
-    /**
-     * The summary collection.
-     *
-     * @var \Illuminate\Support\Collection
-     */
-    private $summary;
-
-    /**
-     * Is dry-run?
-     *
-     * @var bool
-     */
-    private $dryrun = false;
-
-    /**
-     * Show users to be imported.
-     *
-     * @var array
-     */
-    private $userlist = [];
+    protected $description = 'Command line LDAP sync';
 
     /**
      * Create a new command instance.
+     *
+     * @return void
      */
-    public function __construct(LdapAd $ldap)
+    public function __construct()
     {
         parent::__construct();
-        $this->ldap     = $ldap;
-        $this->settings = $this->ldap->ldapSettings;
-        $this->summary  = collect();
     }
 
     /**
@@ -108,275 +43,268 @@ class LdapSync extends Command
      */
     public function handle()
     {
-        ini_set('max_execution_time', env('LDAP_TIME_LIM', "600")); //600 seconds = 10 minutes
-        ini_set('memory_limit', '500M');
-        $old_error_reporting = error_reporting(); // grab old error_reporting .ini setting, for later re-enablement
-        error_reporting($old_error_reporting & ~E_DEPRECATED); // disable deprecation warnings, for LDAP in PHP 7.4 (and greater)
+        ini_set('max_execution_time', env('LDAP_TIME_LIM', 600)); //600 seconds = 10 minutes
+        ini_set('memory_limit', env('LDAP_MEM_LIM', '500M'));
+        $ldap_result_username = Setting::getSettings()->ldap_username_field;
+        $ldap_result_last_name = Setting::getSettings()->ldap_lname_field;
+        $ldap_result_first_name = Setting::getSettings()->ldap_fname_field;
 
-        if ($this->option('dryrun')) {
-            $this->dryrun = true;
-        }
-        $this->checkIfLdapIsEnabled();
-        $this->checkLdapConnection();
-        $this->setBaseDn();
-        $this->getUserDefaultLocation();
-        /*
-         * Use the default location if set, this is needed for the LDAP users sync page
-         */
-        if (!$this->option('base_dn') && null == $this->defaultLocation) {
-            $this->getMappedLocations();
-        }
-        $this->processLdapUsers();
-        // Print table of users
-        if ($this->dryrun) {
-            $this->info('The following users will be synced!');
-            $headers = ['First Name', 'Last Name', 'Username', 'Email', 'Employee #', 'Location Id', 'Status'];
-            $this->table($headers, $this->summary->toArray());
+        $ldap_result_active_flag = Setting::getSettings()->ldap_active_flag_field;
+        $ldap_result_emp_num = Setting::getSettings()->ldap_emp_num;
+        $ldap_result_email = Setting::getSettings()->ldap_email;
+        $ldap_result_phone = Setting::getSettings()->ldap_phone_field;
+        $ldap_result_jobtitle = Setting::getSettings()->ldap_jobtitle;
+        $ldap_result_country = Setting::getSettings()->ldap_country;
+        $ldap_result_dept = Setting::getSettings()->ldap_dept;
+        $ldap_result_manager = Setting::getSettings()->ldap_manager;
+
+        try {
+            $ldapconn = Ldap::connectToLdap();
+            Ldap::bindAdminToLdap($ldapconn);
+        } catch (\Exception $e) {
+            if ($this->option('json_summary')) {
+                $json_summary = ['error' => true, 'error_message' => $e->getMessage(), 'summary' => []];
+                $this->info(json_encode($json_summary));
+            }
+            LOG::info($e);
+
+            return [];
         }
 
-        error_reporting($old_error_reporting); // re-enable deprecation warnings.
-        return $this->getSummary();
-    }
+        $summary = [];
 
-    /**
-     * Generate the LDAP sync summary.
-     *
-     * @author Wes Hulette <jwhulette@gmail.com>
-     *
-     * @since 5.0.0
-     *
-     * @return string
-     */
-    private function getSummary(): string
-    {
-        if ($this->option('summary') && null === $this->dryrun) {
-            $this->summary->each(function ($item) {
-                $this->info('USER: '.$item['note']);
+        try {
+            if ($this->option('base_dn') != '') {
+                $search_base = $this->option('base_dn');
+                LOG::debug('Importing users from specified base DN: \"'.$search_base.'\".');
+            } else {
+                $search_base = null;
+            }
+            $results = Ldap::findLdapUsers($search_base);
+        } catch (\Exception $e) {
+            if ($this->option('json_summary')) {
+                $json_summary = ['error' => true, 'error_message' => $e->getMessage(), 'summary' => []];
+                $this->info(json_encode($json_summary));
+            }
+            LOG::info($e);
 
-                if ('ERROR' === $item['status']) {
-                    $this->error('ERROR: '.$item['note']);
-                }
-            });
-        } elseif ($this->option('json_summary')) {
-            $json_summary = [
-                'error' => false,
-                'error_message' => '',
-                'summary' => $this->summary->toArray(),
-            ];
-            $this->info(json_encode($json_summary));
+            return [];
         }
 
-        return '';
-    }
+        /* Determine which location to assign users to by default. */
+        $location = null; // TODO - this would be better called "$default_location", which is more explicit about its purpose
 
-    /**
-     * Create a new user or update an existing user.
-     *
-     * @author Wes Hulette <jwhulette@gmail.com>
-     *
-     * @since 5.0.0
-     *
-     * @param \Adldap\Models\User $snipeUser
-     */
-    private function updateCreateUser(AdldapUser $snipeUser): void
-    {
-        $user = $this->ldap->processUser($snipeUser, $this->defaultLocation, $this->mappedLocations);
-        $summary = [
-            'firstname'       => $user->first_name,
-            'lastname'        => $user->last_name,
-            'username'        => $user->username,
-            'employee_number' => $user->employee_num,
-            'email'           => $user->email,
-            'location_id'     => $user->location_id,
-        ];
-        // Only update the database if is not a dry run
-        if (!$this->dryrun) {
-            if ($user->isDirty()) { //if nothing on the user changed, don't bother trying to save anything nor put anything in the summary
-                if ($user->save()) {
-                    $summary['note']   = ($user->wasRecentlyCreated ? 'CREATED' : 'UPDATED');
-                    $summary['status'] = 'SUCCESS';
-                } else {
-                    $errors = '';
-                    foreach ($user->getErrors()->getMessages() as  $error) {
-                        $errors .= implode(", ",$error);
+        if ($this->option('location') != '') {
+            $location = Location::where('name', '=', $this->option('location'))->first();
+            LOG::debug('Location name '.$this->option('location').' passed');
+            LOG::debug('Importing to '.$location->name.' ('.$location->id.')');
+        } elseif ($this->option('location_id') != '') {
+            $location = Location::where('id', '=', $this->option('location_id'))->first();
+            LOG::debug('Location ID '.$this->option('location_id').' passed');
+            LOG::debug('Importing to '.$location->name.' ('.$location->id.')');
+        }
+
+        if (! isset($location)) {
+            LOG::debug('That location is invalid or a location was not provided, so no location will be assigned by default.');
+        }
+
+        /* Process locations with explicitly defined OUs, if doing a full import. */
+        if ($this->option('base_dn') == '') {
+            // Retrieve locations with a mapped OU, and sort them from the shallowest to deepest OU (see #3993)
+            $ldap_ou_locations = Location::where('ldap_ou', '!=', '')->get()->toArray();
+            $ldap_ou_lengths = [];
+
+            foreach ($ldap_ou_locations as $ou_loc) {
+                $ldap_ou_lengths[] = strlen($ou_loc['ldap_ou']);
+            }
+
+            array_multisort($ldap_ou_lengths, SORT_ASC, $ldap_ou_locations);
+
+            if (count($ldap_ou_locations) > 0) {
+                LOG::debug('Some locations have special OUs set. Locations will be automatically set for users in those OUs.');
+            }
+
+            // Inject location information fields
+            for ($i = 0; $i < $results['count']; $i++) {
+                $results[$i]['ldap_location_override'] = false;
+                $results[$i]['location_id'] = 0;
+            }
+
+            // Grab subsets based on location-specific DNs, and overwrite location for these users.
+            foreach ($ldap_ou_locations as $ldap_loc) {
+                try {
+                    $location_users = Ldap::findLdapUsers($ldap_loc['ldap_ou']);
+                } catch (\Exception $e) { // TODO: this is stolen from line 77 or so above
+                    if ($this->option('json_summary')) {
+                        $json_summary = ['error' => true, 'error_message' => trans('admin/users/message.error.ldap_could_not_search').' Location: '.$ldap_loc['name'].' (ID: '.$ldap_loc['id'].') cannot connect to "'.$ldap_loc['ldap_ou'].'" - '.$e->getMessage(), 'summary' => []];
+                        $this->info(json_encode($json_summary));
                     }
-                    $summary['note']   = $snipeUser->getDN().' was not imported. REASON: '.$errors;
-                    $summary['status'] = 'ERROR';
+                    LOG::info($e);
+
+                    return [];
                 }
-            } else {
-                $summary = null;
-            }
-        }
-
-        // $summary['note'] = ($user->getOriginal('username') ? 'UPDATED' : 'CREATED'); // this seems, kinda, like, superfluous, relative to the $summary['note'] thing above, yeah?
-        if($summary) { //if the $user wasn't dirty, $summary was set to null so that we will skip the following push()
-            $this->summary->push($summary);
-        }
-    }
-
-    /**
-     * Process the users to update / create.
-     *
-     * @author Wes Hulette <jwhulette@gmail.com>
-     *
-     * @since 5.0.0
-     *
-     */
-    private function processLdapUsers(): void
-    {
-        try {
-            $ldapUsers = $this->ldap->getLdapUsers();
-        } catch (Exception $e) {
-            $this->outputError($e);
-            exit($e->getMessage());
-        }
-
-        if (0 == $ldapUsers->count()) {
-            $msg = 'ERROR: No users found!';
-            Log::error($msg);
-            if ($this->dryrun) {
-                $this->error($msg);
-            }
-            exit($msg);
-        }
-
-        // Process each individual users
-        foreach ($ldapUsers->getResults() as $user) { // AdLdap2's paginate() method is weird, it gets *everything* and ->getResults() returns *everything*
-            $this->updateCreateUser($user);
-        }
-    }
-
-    /**
-     * Get the mapped locations if a base_dn is provided.
-     *
-     * @author Wes Hulette <jwhulette@gmail.com>
-     *
-     * @since 5.0.0
-     */
-    private function getMappedLocations()
-    {
-        $ldapOuLocation = Location::where('ldap_ou', '!=', '')->select(['id', 'ldap_ou'])->get();
-        $locations = $ldapOuLocation->sortBy(function ($ou, $key) {
-            return strlen($ou->ldap_ou);
-        });
-        if ($locations->count() > 0) {
-            $msg = 'Some locations have special OUs set. Locations will be automatically set for users in those OUs.';
-            LOG::debug($msg);
-            if ($this->dryrun) {
-                $this->info($msg);
-            }
-
-            $this->mappedLocations = $locations->pluck('ldap_ou', 'id'); // TODO: this seems ok-ish, but the key-> value is going location_id -> OU name, and the primary action here is the opposite of that - going from OU's to location ID's.
-        }
-    }
-
-    /**
-     * Set the base dn if supplied.
-     *
-     * @author Wes Hulette <jwhulette@gmail.com>
-     *
-     * @since 5.0.0
-     */
-    private function setBaseDn(): void
-    {
-        if ($this->option('base_dn')) {
-            $this->ldap->baseDn = $this->option('base_dn');
-            $msg = sprintf('Importing users from specified base DN: "%s"', $this->ldap->baseDn);
-            LOG::debug($msg);
-            if ($this->dryrun) {
-                $this->info($msg);
-            }
-        }
-    }
-
-    /**
-     * Get a default location id for imported users.
-     *
-     * @author Wes Hulette <jwhulette@gmail.com>
-     *
-     * @since 5.0.0
-     */
-    private function getUserDefaultLocation(): void
-    {
-        $location = $this->option('location_id') ?? $this->option('location');
-        if ($location) {
-            $userLocation = Location::where('name', '=', $location)
-                ->orWhere('id', '=', intval($location))
-                ->select(['name', 'id'])
-                ->first();
-            if ($userLocation) {
-                $msg = 'Importing users with default location: '.$userLocation->name.' ('.$userLocation->id.')';
-                LOG::debug($msg);
-
-                if ($this->dryrun) {
-                    $this->info($msg);
+                $usernames = [];
+                for ($i = 0; $i < $location_users['count']; $i++) {
+                    if (array_key_exists($ldap_result_username, $location_users[$i])) {
+                        $location_users[$i]['ldap_location_override'] = true;
+                        $location_users[$i]['location_id'] = $ldap_loc['id'];
+                        $usernames[] = $location_users[$i][$ldap_result_username][0];
+                    }
                 }
 
-                $this->defaultLocation = collect([
-                    $userLocation->id => $userLocation->name,
+                // Delete located users from the general group.
+                foreach ($results as $key => $generic_entry) {
+                    if ((is_array($generic_entry)) && (array_key_exists($ldap_result_username, $generic_entry))) {
+                        if (in_array($generic_entry[$ldap_result_username][0], $usernames)) {
+                            unset($results[$key]);
+                        }
+                    }
+                }
+
+                $global_count = $results['count'];
+                $results = array_merge($location_users, $results);
+                $results['count'] = $global_count;
+            }
+        }
+
+        /* Create user account entries in Snipe-IT */
+        $tmp_pass = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, 20);
+        $pass = bcrypt($tmp_pass);
+
+        for ($i = 0; $i < $results['count']; $i++) {
+            if (empty($ldap_result_active_flag) || $results[$i][$ldap_result_active_flag][0] == 'TRUE') {
+                $item = [];
+                $item['username'] = isset($results[$i][$ldap_result_username][0]) ? $results[$i][$ldap_result_username][0] : '';
+                $item['employee_number'] = isset($results[$i][$ldap_result_emp_num][0]) ? $results[$i][$ldap_result_emp_num][0] : '';
+                $item['lastname'] = isset($results[$i][$ldap_result_last_name][0]) ? $results[$i][$ldap_result_last_name][0] : '';
+                $item['firstname'] = isset($results[$i][$ldap_result_first_name][0]) ? $results[$i][$ldap_result_first_name][0] : '';
+                $item['email'] = isset($results[$i][$ldap_result_email][0]) ? $results[$i][$ldap_result_email][0] : '';
+                $item['ldap_location_override'] = isset($results[$i]['ldap_location_override']) ? $results[$i]['ldap_location_override'] : '';
+                $item['location_id'] = isset($results[$i]['location_id']) ? $results[$i]['location_id'] : '';
+                $item['telephone'] = isset($results[$i][$ldap_result_phone][0]) ? $results[$i][$ldap_result_phone][0] : '';
+                $item['jobtitle'] = isset($results[$i][$ldap_result_jobtitle][0]) ? $results[$i][$ldap_result_jobtitle][0] : '';
+                $item['country'] = isset($results[$i][$ldap_result_country][0]) ? $results[$i][$ldap_result_country][0] : '';
+                $item['department'] = isset($results[$i][$ldap_result_dept][0]) ? $results[$i][$ldap_result_dept][0] : '';
+                $item['manager'] = isset($results[$i][$ldap_result_manager][0]) ? $results[$i][$ldap_result_manager][0] : '';
+
+                $department = Department::firstOrCreate([
+                    'name' => $item['department'],
                 ]);
-            } else {
-                $msg = 'The supplied location is invalid!';
-                LOG::error($msg);
-                if ($this->dryrun) {
-                    $this->error($msg);
+
+                $user = User::where('username', $item['username'])->first();
+                if ($user) {
+                    // Updating an existing user.
+                    $item['createorupdate'] = 'updated';
+                } else {
+                    // Creating a new user.
+                    $user = new User;
+                    $user->password = $pass;
+                    $user->activated = 0;
+                    $item['createorupdate'] = 'created';
                 }
-                exit(0);
+
+                $user->first_name = $item['firstname'];
+                $user->last_name = $item['lastname'];
+                $user->username = $item['username'];
+                $user->email = $item['email'];
+                $user->employee_num = e($item['employee_number']);
+                $user->phone = $item['telephone'];
+                $user->jobtitle = $item['jobtitle'];
+                $user->country = $item['country'];
+                $user->department_id = $department->id;
+
+                if($item['manager'] != null) {
+                    //Captures only the Canonical Name
+                    $item['manager'] = ltrim($item['manager'], "CN=");
+                    $item['manager'] = substr($item['manager'],0, strpos($item['manager'], ','));
+                    $ldap_manager = User::where('username', $item['manager'])->first();
+                    if ( $ldap_manager && isset($ldap_manager->id) ) {
+                        $user->manager_id = $ldap_manager->id;
+                    }
+                }
+
+
+                // Sync activated state for Active Directory.
+                if (array_key_exists('useraccountcontrol', $results[$i])) {
+                    /* The following is _probably_ the correct logic, but we can't use it because
+                       some users may have been dependent upon the previous behavior, and this
+                       could cause additional access to be available to users they don't want
+                       to allow to log in.
+
+                    $useraccountcontrol = $results[$i]['useraccountcontrol'][0];
+                    if(
+                        // based on MS docs at: https://support.microsoft.com/en-us/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties
+                        ($useraccountcontrol & 0x200) && // is a NORMAL_ACCOUNT
+                        !($useraccountcontrol & 0x02) && // *and* _not_ ACCOUNTDISABLE
+                        !($useraccountcontrol & 0x10)    // *and* _not_ LOCKOUT
+                    ) {
+                        $user->activated = 1;
+                    } else {
+                        $user->activated = 0;
+                    } */
+                    $enabled_accounts = [
+                    '512',    // 0x200    NORMAL_ACCOUNT
+                    '544',    // 0x220    NORMAL_ACCOUNT, PASSWD_NOTREQD
+                    '66048',  // 0x10200  NORMAL_ACCOUNT, DONT_EXPIRE_PASSWORD
+                    '66080',  // 0x10220  NORMAL_ACCOUNT, PASSWD_NOTREQD, DONT_EXPIRE_PASSWORD
+                    '262656', // 0x40200  NORMAL_ACCOUNT, SMARTCARD_REQUIRED
+                    '262688', // 0x40220  NORMAL_ACCOUNT, PASSWD_NOTREQD, SMARTCARD_REQUIRED
+                    '328192', // 0x50200  NORMAL_ACCOUNT, SMARTCARD_REQUIRED, DONT_EXPIRE_PASSWORD
+                    '328224', // 0x50220  NORMAL_ACCOUNT, PASSWD_NOT_REQD, SMARTCARD_REQUIRED, DONT_EXPIRE_PASSWORD
+                    '4194816',// 0x400200 NORMAL_ACCOUNT, DONT_REQ_PREAUTH
+                    '4260352', // 0x410200 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWORD, DONT_REQ_PREAUTH
+                    '1049088', // 0x100200 NORMAL_ACCOUNT, NOT_DELEGATED
+                  ];
+                    $user->activated = (in_array($results[$i]['useraccountcontrol'][0], $enabled_accounts)) ? 1 : 0;
+                }
+
+                // If we're not using AD, and there isn't an activated flag set, activate all users
+                elseif (empty($ldap_result_active_flag)) {
+                    $user->activated = 1;
+                }
+
+                if ($item['ldap_location_override'] == true) {
+                    $user->location_id = $item['location_id'];
+                } elseif ((isset($location)) && (! empty($location))) {
+                    if ((is_array($location)) && (array_key_exists('id', $location))) {
+                        $user->location_id = $location['id'];
+                    } elseif (is_object($location)) {
+                        $user->location_id = $location->id;
+                    }
+                }
+
+                $user->ldap_import = 1;
+
+                $errors = '';
+
+                if ($user->save()) {
+                    $item['note'] = $item['createorupdate'];
+                    $item['status'] = 'success';
+                } else {
+                    foreach ($user->getErrors()->getMessages() as $key => $err) {
+                        $errors .= $err[0];
+                    }
+                    $item['note'] = $errors;
+                    $item['status'] = 'error';
+                }
+
+                array_push($summary, $item);
             }
         }
-    }
 
-    /**
-     * Check if LDAP intergration is enabled.
-     *
-     * @author Wes Hulette <jwhulette@gmail.com>
-     *
-     * @since 5.0.0
-     */
-    private function checkIfLdapIsEnabled(): void
-    {
-        if (false === $this->settings['ldap_enabled']) {
-            $msg = 'LDAP intergration is not enabled. Exiting sync process.';
-            $this->info($msg);
-            Log::info($msg);
-            exit(0);
-        }
-    }
-
-    /**
-     * Check to make sure we can access the server.
-     *
-     * @author Wes Hulette <jwhulette@gmail.com>
-     *
-     * @since 5.0.0
-     */
-    private function checkLdapConnection(): void
-    {
-        try {
-            $this->ldap->testLdapAdUserConnection();
-            $this->ldap->testLdapAdBindConnection();
-        } catch (Exception $e) {
-            $this->outputError($e);
-            exit(0);
-        }
-    }
-
-    /**
-     * Output the json summary to the screen if enabled.
-     *
-     * @param Exception $error
-     */
-    private function outputError($error): void
-    {
-        if ($this->option('json_summary')) {
-            $json_summary = [
-                'error' => true,
-                'error_message' => $error->getMessage(),
-                'summary' => [],
-            ];
+        if ($this->option('summary')) {
+            for ($x = 0; $x < count($summary); $x++) {
+                if ($summary[$x]['status'] == 'error') {
+                    $this->error('ERROR: '.$summary[$x]['firstname'].' '.$summary[$x]['lastname'].' (username:  '.$summary[$x]['username'].') was not imported: '.$summary[$x]['note']);
+                } else {
+                    $this->info('User '.$summary[$x]['firstname'].' '.$summary[$x]['lastname'].' (username:  '.$summary[$x]['username'].') was '.strtoupper($summary[$x]['createorupdate']).'.');
+                }
+            }
+        } elseif ($this->option('json_summary')) {
+            $json_summary = ['error' => false, 'error_message' => '', 'summary' => $summary]; // hardcoding the error to false and the error_message to blank seems a bit weird
             $this->info(json_encode($json_summary));
+        } else {
+            return $summary;
         }
-        $this->error($error->getMessage());
-        LOG::error($error);
     }
 }

app/Console/Commands/LdapTroubleshooter.php

@@ -0,0 +1,503 @@
+<?php
+
+namespace App\Console\Commands;
+
+use Illuminate\Console\Command;
+use App\Models\Setting;
+use Exception;
+use Crypt;
+
+/**
+ * Check if a given ip is in a network
+ * @param  string $ip    IP to check in IPV4 format eg. 127.0.0.1
+ * @param  string $range IP/CIDR netmask eg. 127.0.0.0/24, also 127.0.0.1 is accepted and /32 assumed
+ * @return boolean true if the ip is in this range / false if not.
+ */
+function ip_in_range( $ip, $range ) {
+	if ( strpos( $range, '/' ) == false ) {
+		$range .= '/32';
+	}
+	// $range is in IP/CIDR format eg 127.0.0.1/24
+	list( $range, $netmask ) = explode( '/', $range, 2 );
+	$range_decimal = ip2long( $range );
+	$ip_decimal = ip2long( $ip );
+	$wildcard_decimal = pow( 2, ( 32 - $netmask ) ) - 1;
+	$netmask_decimal = ~ $wildcard_decimal;
+	return ( ( $ip_decimal & $netmask_decimal ) == ( $range_decimal & $netmask_decimal ) );
+}
+// NOTE - this function was shamelessly stolen from this gist: https://gist.github.com/tott/7684443
+
+class LdapTroubleshooter extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'ldap:troubleshoot
+                            {--ldap-search : Output an ldapsearch command-line for testing your LDAP config}
+                            {--force : Skip the interactive yes/no prompt for confirmation}
+                            {--debug : Include debugging output (verbose)}
+                            {--trace : Include extremely verbose LDAP trace output}
+                            {--timeout=15 : Timeout for LDAP Bind operations}';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Runs a series of non-destructive LDAP commands to help try and determine correct LDAP settings for your environment.';
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Output something *only* if debug is enabled
+     * 
+     * @return void
+     */
+    public function debugout($string)
+    {
+        if($this->option('debug')) {
+            $this->line($string);
+        }
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+        if($this->option('trace')) {
+    	    ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
+        }
+
+        $settings = Setting::getSettings();
+        $this->settings = $settings;
+        if($this->option('ldap-search')) {
+            if(!$this->option('force')) {
+                $confirmation = $this->confirm('WARNING: This command will display your LDAP password on your terminal. Are you sure this is ok?');
+                if(!$confirmation) {
+                    $this->error('ABORTING');
+                    exit(-1);
+                }
+            }
+            $output = [];
+            if($settings->ldap_server_cert_ignore) {
+                $this->line("# Ignoring server certificate validity");
+                $output[] = "LDAPTLS_REQCERT=never";
+            }
+            if($settings->ldap_client_tls_cert && $settings->ldap_client_tls_key) {
+                $this->line("# Adding LDAP Client Certificate and Key");
+                $output[] = "LDAPTLS_CERT=storage/ldap_client_tls.cert";
+                $output[] = "LDAPTLS_KEY=storage/ldap_client_tls.key";
+            }
+            $output[] = "ldapsearch";
+            $output[] = $settings->ldap_server;
+            $output[] = "-x";
+            $output[] = "-b ".escapeshellarg($settings->ldap_basedn);
+            $output[] = "-D ".escapeshellarg($settings->ldap_uname);
+            $output[] = "-w ".escapeshellarg(\Crypt::Decrypt($settings->ldap_pword));
+            if(substr($settings->ldap_filter,0,1) == "(" ) {
+                $output[] = escapeshellarg($settings->ldap_filter);
+            } else {
+                $output[] = escapeshellarg("(".$settings->ldap_filter.")");
+            }
+            if($settings->ldap_tls) {
+                $this->line("# adding STARTTLS option");
+                $output[] = "-Z";
+            }
+            $output[] = "-v";
+            $this->line("\n");
+            $this->line(implode(" \\\n",$output));
+            exit(0);
+        }
+        if(!$this->option('force')) {
+            $confirmation = $this->confirm('WARNING: This command will make several attempts to connect to your LDAP server. Are you sure this is ok?');
+            if(!$confirmation) {
+                $this->error('ABORTING');
+                exit(-1);
+            }
+        }
+        //$this->line(print_r($settings,true));
+        $this->info("STAGE 1: Checking settings");
+        if(!$settings->ldap_enabled) {
+            $this->error("WARNING: Snipe-IT's LDAP setting is not turned on. (That may be OK if you're still trying to figure out settings)");
+        }
+
+        $ldap_conn = false;
+        try {
+            $ldap_conn = ldap_connect($settings->ldap_server);
+        } catch (Exception $e) {
+            $this->error("WARNING: Exception caught when executing 'ldap_connect()' - ".$e->getMessage().". We will try to guess.");
+        }
+
+        if(!$ldap_conn) {
+            $this->error("WARNING: LDAP Server setting of: ".$settings->ldap_server." cannot be parsed. We will try to guess.");
+            //exit(-1);
+        }
+        //since we never use $ldap_conn again, we don't have to ldap_unbind() it (it's not even connected, tbh - that only happens at bind-time)
+
+        $parsed = parse_url($settings->ldap_server);
+
+        if(@$parsed['scheme'] != 'ldap' && @$parsed['scheme'] != 'ldaps') {
+            $this->error("WARNING: LDAP URL Scheme of '".@$parsed['scheme']."' is probably incorrect; should usually be ldap or ldaps");
+        }
+
+        if(!@$parsed['host']) {
+            $this->error("ERROR: Cannot determine hostname or IP from ldap URL: ".$settings->ldap_server.". ABORTING.");
+            exit(-1);
+        } else {
+            $this->info("Determined LDAP hostname to be: ".$parsed['host']);
+        }
+
+        $this->info("Performing DNS lookup of: ".$parsed['host']);
+        $ips = dns_get_record($parsed['host']);
+        $raw_ips = [];
+
+        //$this->info("Host IP is: ".print_r($ips,true));
+
+        if(!$ips || count($ips) == 0) {
+            $this->error("ERROR: DNS lookup of host: ".$parsed['host']." has failed. ABORTING.");
+            exit(-1);
+        }
+        $this->debugout("IP's? ".print_r($ips,true));
+        foreach($ips as $ip) {
+            if(!isset($ip['ip'])) {
+                continue;
+            }
+            $raw_ips[]=$ip['ip'];
+            if($ip['ip'] == "127.0.0.1") {
+                $this->error("WARNING: Using the localhost IP as the LDAP server. This is usually wrong");
+            }
+            if(ip_in_range($ip['ip'],'10.0.0.0/8') || ip_in_range($ip['ip'],'192.168.0.0/16') || ip_in_range($ip['ip'], '172.16.0.0/12')) {
+                $this->error("WARNING: Using an RFC1918 Private address for LDAP server. This may be correct, but it can be a problem if your Snipe-IT instance is not hosted on your private network");
+            }
+        }
+
+        $this->info("STAGE 2: Checking basic network connectivity");
+        $ports = [389,636];
+        if(@$parsed['port'] && !in_array($parsed['port'],$ports)) {
+            $ports[] = $parsed['port'];
+        }
+
+        $open_ports=[];
+        foreach($ports as $port ) {
+            $errno = 0;
+            $errstr = '';
+            $timeout = 30.0;
+            $result = '';
+            $this->info("Attempting to connect to port: ".$port." - may take up to $timeout seconds");
+            try {
+                $result = fsockopen($parsed['host'], $port, $errno, $errstr, 30.0);
+            } catch(Exception $e) {
+                $this->error("Exception: ".$e->getMessage());
+            }
+            if($result) {
+                $this->info("Success!");
+                $open_ports[] = $port;
+            } else {
+                $this->error("WARNING: Cannot connect to port: $port - $errstr ($errno)");
+            }
+        }
+
+        if(count($open_ports) == 0) {
+            $this->error("ERROR - no open ports. ABORTING.");
+            exit(-1);
+        }
+
+        $this->info("STAGE 3: Determine encryption algorithm, if any");
+
+        $ldap_urls = [];
+        $pretty_ldap_urls = [];
+        foreach($open_ports as $port) {
+            $this->line("Trying TLS first for port $port");
+            $ldap_url = "ldaps://".$parsed['host'].":$port";
+            if($this->test_anonymous_bind($ldap_url)) {
+                $this->info("Anonymous bind succesful to $ldap_url!");
+                $ldap_urls[] = [ $ldap_url, true, false ];
+                $pretty_ldap_urls[] = [ $ldap_url, "YES", "no" ];
+                continue; // TODO - lots of copypasta in these if(test_anonymous_bind()) routines...
+            } else {
+                $this->error("WARNING: Failed to bind to $ldap_url - trying without certificate checks.");
+            }
+
+            if($this->test_anonymous_bind($ldap_url, false)) {
+                $this->info("Anonymous bind succesful to $ldap_url with certifcate-checks disabled");
+                $ldap_urls[] = [ $ldap_url, false, false ]; 
+                $pretty_ldap_urls[] = [ $ldap_url, "no", "no" ]; 
+                continue;
+            } else {
+                $this->error("WARNING: Failed to bind to $ldap_url with certificate checks disabled. Trying unencrypted with STARTTLS");
+            }
+
+            $ldap_url = "ldap://".$parsed['host'].":$port";
+            if($this->test_anonymous_bind($ldap_url, true, true)) {
+                $this->info("Plain connection to $ldap_url with STARTTLS succesful!");
+                $ldap_urls[] = [ $ldap_url, true, true ];
+                $pretty_ldap_urls[] = [ $ldap_url, "YES", "YES" ];
+                continue;
+            } else {
+                $this->error("WARNING: Failed to bind to $ldap_url with STARTTLS enabled. Trying without STARTTLS");
+            }
+
+            if($this->test_anonymous_bind($ldap_url)) {
+                $this->info("Plain connection to $ldap_url succesful!");
+                $ldap_urls[] = [ $ldap_url, true, false ];
+                $pretty_ldap_urls[] = [ $ldap_url, "YES", "no" ];
+                continue;
+            } else {
+                $this->error("WARNING: Failed to bind to $ldap_url. Giving up on port $port");
+            }
+        }
+
+        $this->debugout(print_r($ldap_urls,true));
+
+        if(count($ldap_urls) > 0 ) {
+            $this->info("Found working LDAP URL's: ");
+            foreach($ldap_urls as $ldap_url) { // TODO maybe do this as a $this->table() instead?
+                $this->info("LDAP URL: ".$ldap_url[0]);
+                $this->info($ldap_url[0]. ($ldap_url[1] ? " certificate checks enabled" : " certificate checks disabled"). ($ldap_url[2] ? " STARTTLS Enabled ": " STARTTLS Disabled"));
+            }
+            $this->table(["URL", "Cert Checks Enabled?", "STARTTLS Enabled?"],$pretty_ldap_urls);
+        } else {
+            $this->error("ERROR - no valid LDAP URL's available - ABORTING");
+            exit(1);
+        }
+
+        $this->info("STAGE 4: Test Administrative Bind for LDAP Sync");
+        foreach($ldap_urls AS $ldap_url) {
+            $this->test_authed_bind($ldap_url[0], $ldap_url[1], $ldap_url[2], $settings->ldap_uname, Crypt::decrypt($settings->ldap_pword));
+        }
+
+        $this->info("STAGE 5: Test BaseDN");
+        //grab all LDAP_ constants and fill up a reversed array mapping from weird LDAP dotted-strings to (Constant Name)
+        $all_defined_constants = get_defined_constants();
+        $ldap_constants = [];
+        foreach($all_defined_constants AS $key => $val) {
+            if(starts_with($key,"LDAP_") && is_string($val)) {
+                $ldap_constants[$val] = $key; // INVERT the meaning here!
+            }
+        }
+        $this->debugout("LDAP constants are: ".print_r($ldap_constants,true));
+
+        // recursive function that 'cleans' the returned array from ldap_get_entries which are formatted awfully
+        $cleaner = function ($array) {
+            $cleaned = [];
+            for($i = 0; $i < $array['count']; $i++) {
+                $row = $array[$i];
+                $clean_row = [];
+                foreach($row AS $key => $val ) {
+                    $this->debugout("Key is: ".$key);
+                    if($key == "count" || is_int($key) || $key == "dn") {
+                        $this->debugout(" and we're gonna skip it\n");
+                        continue;
+                    }
+                    $this->debugout(" And that seems fine.\n");
+                    if(array_key_exists('count',$val)) {
+                        if($val['count'] == 1) {
+                            $clean_row[$key] = $val[0];
+                        } else {
+                            unset($val['count']); //these counts are annoying
+                            $elements = [];
+                            foreach($val as $entry) {
+                                if(isset($ldap_constants[$entry])) {
+                                    $elements[] = $ldap_constants[$entry];
+                                } else {
+                                    $elements[] = $entry;
+                                }
+                            }
+                            $clean_row[$key] = $elements;
+                        }
+                    } else {
+                        $clean_row[$key] = $val;
+                    }
+                }
+                $cleaned[$i] = $clean_row;
+            }
+            return $cleaned;
+        };
+        
+        foreach($ldap_urls AS $ldap_url) {
+            if($this->test_informational_bind($ldap_url[0],$ldap_url[1],$ldap_url[2],$settings->ldap_uname,Crypt::decrypt($settings->ldap_pword))) {
+                $this->info("Success getting informational bind!");
+            } else {
+                $this->error("Unable to get information from bind.");
+            }
+        }
+
+        $this->info("STAGE 6: Test LDAP Login to Snipe-IT");
+        foreach($ldap_urls AS $ldap_url) {
+            $this->info("Starting auth to ".$ldap_url[0]);
+            while(true) {
+                $with_tls = $ldap_url[1] ? "with": "without";
+                $with_startssl = $ldap_url[2] ? "using": "not using";
+                if(!$this->confirm('Do you wish to try to authenticate to this directory: '.$ldap_url[0]." $with_tls TLS and $with_startssl STARTSSL?")) {
+                    break;
+                }
+                $username = $this->ask("Username");
+                $password = $this->secret("Password");
+                $this->test_authed_bind($ldap_url[0], $ldap_url[1], $ldap_url[2], $username, $password); // FIXME - should do some other stuff here, maybe with the concatenating or something? maybe? and/or should put up some results?
+            }
+        }
+
+        $this->info("LDAP TROUBLESHOOTING COMPLETE!");
+    }
+
+    public function connect_to_ldap($ldap_url, $check_cert, $start_tls) 
+    {
+        $lconn = ldap_connect($ldap_url);
+        ldap_set_option($lconn, LDAP_OPT_PROTOCOL_VERSION, 3); // should we 'test' different protocol versions here? Does anyone even use anything other than LDAPv3?
+                                                             // no - it's formally deprecated: https://tools.ietf.org/html/rfc3494
+        if(!$check_cert) {
+            putenv('LDAPTLS_REQCERT=never'); // This is horrible; is this *really* the only way to do it?
+        } else {
+            putenv('LDAPTLS_REQCERT'); // have to very explicitly and manually *UN* set the env var here to ensure it works
+        }
+        if($this->settings->ldap_client_tls_cert && $this->settings->ldap_client_tls_key) {
+            // client-side TLS certificate support for LDAP (Google Secure LDAP)
+            putenv('LDAPTLS_CERT=storage/ldap_client_tls.cert');
+            putenv('LDAPTLS_KEY=storage/ldap_client_tls.key');
+        }
+        if($start_tls) {
+            if(!ldap_start_tls($lconn)) {
+                $this->error("WARNING: Unable to start TLS");
+                return false;
+            }
+        }
+        if(!$lconn) {
+            $this->error("WARNING: Failed to generate connection string - using: ".$ldap_url);
+            return false;
+        }
+        $net = ldap_set_option($lconn, LDAP_OPT_NETWORK_TIMEOUT, $this->option('timeout'));
+        $time = ldap_set_option($lconn, LDAP_OPT_TIMELIMIT, $this->option('timeout'));
+        if(!$net || !$time) {
+            $this->error("Unable to set timeouts!");
+        }
+        return $lconn;
+    }
+
+    public function test_anonymous_bind($ldap_url, $check_cert = true, $start_tls = false)
+    {
+        return $this->timed_boolean_execute(function () use ($ldap_url, $check_cert , $start_tls) {
+            try {
+                $lconn = $this->connect_to_ldap($ldap_url, $check_cert, $start_tls);
+                $this->info("gonna try to bind now, this can take a while if we mess it up");
+                $bind_results = ldap_bind($lconn);
+                $this->info("Bind results are: ".$bind_results." which translate into boolean: ".(bool)$bind_results);
+                return (bool)$bind_results;
+            } catch (Exception $e) {
+                $this->error("WARNING: Exception caught during bind - ".$e->getMessage());
+                return false;
+            }
+        });
+    }
+
+    public function test_authed_bind($ldap_url, $check_cert, $start_tls, $username, $password) 
+    {
+        return $this->timed_boolean_execute(function () use ($ldap_url, $check_cert, $start_tls, $username, $password) {
+            try {
+                $lconn = $this->connect_to_ldap($ldap_url, $check_cert, $start_tls);
+                $bind_results = ldap_bind($lconn, $username, $password);
+                if(!$bind_results) {
+                    $this->error("WARNING: Failed to bind to $ldap_url as $username");
+                    return false;
+                } else {
+                    $this->info("SUCCESS - Able to bind to $ldap_url as $username");
+                    return (bool)$lconn;
+                }
+            } catch (Exception $e) {
+                $this->error("WARNING: Exception caught during Authed bind to $username - ".$e->getMessage());
+                return false;
+            }
+        });
+    }
+
+    public function test_informational_bind($ldap_url, $check_cert, $start_tls, $username, $password)
+    {
+        return $this->timed_boolean_execute(function () use ($ldap_url, $check_cert, $start_tls, $username, $password) {
+            try { // TODO - copypasta'ed from test_authed_bind
+                $conn = $this->connect_to_ldap($ldap_url, $check_cert, $start_tls);
+                $bind_results = ldap_bind($conn, $username, $password);
+                if(!$bind_results) {
+                    $this->error("WARNING: Failed to bind to $ldap_url as $username");
+                    return false;
+                }
+                $this->info("SUCCESS - Able to bind to $ldap_url as $username");
+                $result = ldap_read($conn, '', '(objectClass=*)'/* , ['supportedControl']*/);
+                $results = ldap_get_entries($conn, $result);
+                $cleaned_results = $cleaner($results);
+                $this->line(print_r($cleaned_results,true));
+                //okay, great - now how do we display those results? I have no idea.
+                // I don't see why this throws an Exception for Google LDAP, but I guess we ought to try and catch it?
+                $this->comment("I guess we're trying to do the ldap search here, but sometimes it takes too long?");
+                $search_results = ldap_search($conn, $settings->base_dn, $settings->filter);
+                $this->info("Printing first 10 results: ");
+                for($i=0;$i<10;$i++) {
+                    $this->info($search_results[$i]);
+                }
+            } catch (\Exception $e) {
+                $this->error("WARNING: Exception caught during Authed bind to $username - ".$e->getMessage());
+                return false;
+            }
+        });
+    }
+
+    /***********************************************
+     * 
+     * This function executes $function - which is expected to be some kind of executable function - 
+     * with a timeout set. It respects the timeout by forking execution and setting a strict timer
+     * for which to get back a SIGUSR1 or SIGUSR2 signal from the forked process.
+     * 
+     ***********************************************/
+    private function timed_boolean_execute($function)
+    {
+        if(!(function_exists('pcntl_sigtimedwait') && function_exists('posix_getpid') && function_exists('pcntl_fork') && function_exists('posix_kill') && function_exists('pcntl_wifsignaled'))) {
+            // POSIX functions needed for forking aren't present, just run the function inline (ignoring timeout)
+            $this->info('WARNING: Unable to execute POSIX fork() commands, timeout may not be respected');
+            return $function();
+        } else {
+            $parent_pid = posix_getpid();
+            $pid = pcntl_fork();
+            switch($pid) {
+                case 0:
+                    //we're the 'child'
+                    if($function()) {
+                        //SUCCESS = SIGUSR1
+                        posix_kill($parent_pid, SIGUSR1);
+                    } else {
+                        //FAILURE = SIGUSR2
+                        posix_kill($parent_pid, SIGUSR2);
+                    }
+                    exit();
+                    break; //yes I know we don't need it.
+                case -1:
+                    //couldn't fork
+                    $this->error("COULD NOT FORK - assuming failure");
+                    return false;
+                    break; //I still know that we don't need it
+                default:
+                    //we remain the 'parent', $pid is the PID of the forked process.
+                    $siginfo = [];
+                    $exit_status = pcntl_sigtimedwait ([SIGUSR1, SIGUSR2], $siginfo, $this->option('timeout'));
+                    if ($exit_status == SIGUSR1) {
+                        return true;
+                    } else {
+                        posix_kill($pid, SIGKILL); //make sure we don't have processes hanging around that might try and send signals during later executions, confusing us
+                        return false;
+                    }
+                    break; //Yeah I get it already, shush.
+            }
+        }
+
+    }
+}

app/Console/Commands/MergeUsersByUsername.php

@@ -2,10 +2,9 @@
 
 namespace App\Console\Commands;
 
-use Illuminate\Console\Command;
 use App\Models\User;
 use Carbon\Carbon;
-
+use Illuminate\Console\Command;
 
 class MergeUsersByUsername extends Command
 {
@@ -42,71 +41,75 @@ class MergeUsersByUsername extends Command
     {
         // Get the list of users who have an email address as their username
         $users = User::where('username', 'LIKE', '%@%')->whereNull('deleted_at')->get();
+        $this->info($users->count().' total non-deleted users whose usernames contain a @ symbol.');
+
 
         foreach ($users as $user) {
-            $parts = explode("@", $user->username);
-            $bad_users = User::where('username', '=', $parts[0])->whereNull('deleted_at')->with('assets', 'manager', 'userlog', 'licenses', 'consumables', 'accessories', 'managedLocations')->get();
+            $parts = explode('@', trim($user->username));
+            $this->info('Checking against username '.trim($parts[0]).'.');
+
+
+            $bad_users = User::where('username', '=', trim($parts[0]))
+                ->whereNull('deleted_at')
+                ->with('assets', 'manager', 'userlog', 'licenses', 'consumables', 'accessories', 'managedLocations')
+                ->get();
+
+
 
             foreach ($bad_users as $bad_user) {
                 $this->info($bad_user->username.' ('.$bad_user->id.')  will be merged into '.$user->username.'  ('.$user->id.') ');
 
                 // Walk the list of assets
                 foreach ($bad_user->assets as $asset) {
-                    $this->info( 'Updating asset '.$asset->asset_tag.' '.$asset->id.' to user '.$user->id);
+                    $this->info('Updating asset '.$asset->asset_tag.' '.$asset->id.' to user '.$user->id);
                     $asset->assigned_to = $user->id;
-                    if (!$asset->save()) {
-                        $this->error( 'Could not update assigned_to field on asset '.$asset->asset_tag.' '.$asset->id.' to user '.$user->id);
-                        $this->error( 'Error saving: '.$asset->getErrors());
+                    if (! $asset->save()) {
+                        $this->error('Could not update assigned_to field on asset '.$asset->asset_tag.' '.$asset->id.' to user '.$user->id);
+                        $this->error('Error saving: '.$asset->getErrors());
                     }
                 }
 
                 // Walk the list of licenses
                 foreach ($bad_user->licenses as $license) {
-                    $this->info( 'Updating license '.$license->name.' '.$license->id.' to user '.$user->id);
+                    $this->info('Updating license '.$license->name.' '.$license->id.' to user '.$user->id);
                     $bad_user->licenses()->updateExistingPivot($license->id, ['assigned_to' => $user->id]);
                 }
 
                 // Walk the list of consumables
                 foreach ($bad_user->consumables as $consumable) {
-                    $this->info( 'Updating consumable '.$consumable->id.' to user '.$user->id);
+                    $this->info('Updating consumable '.$consumable->id.' to user '.$user->id);
                     $bad_user->consumables()->updateExistingPivot($consumable->id, ['assigned_to' => $user->id]);
                 }
 
                 // Walk the list of accessories
                 foreach ($bad_user->accessories as $accessory) {
-                    $this->info( 'Updating accessory '.$accessory->id.' to user '.$user->id);
+                    $this->info('Updating accessory '.$accessory->id.' to user '.$user->id);
                     $bad_user->accessories()->updateExistingPivot($accessory->id, ['assigned_to' => $user->id]);
                 }
 
                 // Walk the list of logs
                 foreach ($bad_user->userlog as $log) {
-                    $this->info( 'Updating action log record '.$log->id.' to user '.$user->id);
+                    $this->info('Updating action log record '.$log->id.' to user '.$user->id);
                     $log->target_id = $user->id;
                     $log->save();
                 }
 
                 // Update any manager IDs
-                $this->info( 'Updating managed user records to user '.$user->id);
+                $this->info('Updating managed user records to user '.$user->id);
                 User::where('manager_id', '=', $bad_user->id)->update(['manager_id' => $user->id]);
 
-
                 // Update location manager IDs
                 foreach ($bad_user->managedLocations as $managedLocation) {
-                    $this->info( 'Updating managed location record '.$managedLocation->name.' to manager '.$user->id);
+                    $this->info('Updating managed location record '.$managedLocation->name.' to manager '.$user->id);
                     $managedLocation->manager_id = $user->id;
                     $managedLocation->save();
                 }
 
                 // Mark the user as deleted
-                $this->info( 'Marking the user as deleted');
+                $this->info('Marking the user as deleted');
                 $bad_user->deleted_at = Carbon::now()->timestamp;
                 $bad_user->save();
-
-
             }
-
         }
-
-
     }
 }

app/Console/Commands/MoveUploadsToNewDisk.php

@@ -2,7 +2,6 @@
 
 namespace App\Console\Commands;
 
-
 use Illuminate\Console\Command;
 use Illuminate\Support\Facades\Storage;
 
@@ -39,49 +38,46 @@ class MoveUploadsToNewDisk extends Command
      */
     public function handle()
     {
-
-        if (config('filesystems.default')=='local') {
+        if (config('filesystems.default') == 'local') {
             $this->error('Your current disk is set to local so we cannot proceed.');
             $this->warn("Please configure your .env settings for S3. \nChange your PUBLIC_FILESYSTEM_DISK value to 's3_public' and your PRIVATE_FILESYSTEM_DISK to s3_private.");
+
             return false;
         }
         $delete_local = $this->argument('delete_local');
 
-        $public_uploads['accessories'] = glob('public/accessories'."/*.*");
-        $public_uploads['assets'] = glob('public/assets'."/*.*");
-        $public_uploads['avatars'] = glob('public/avatars'."/*.*");
-        $public_uploads['categories'] = glob('public/categories'."/*.*");
-        $public_uploads['companies'] = glob('public/companies'."/*.*");
-        $public_uploads['components'] = glob('public/components'."/*.*");
-        $public_uploads['consumables'] = glob('public/consumables'."/*.*");
-        $public_uploads['departments'] = glob('public/departments'."/*.*");
-        $public_uploads['locations'] = glob('public/locations'."/*.*");
-        $public_uploads['manufacturers'] = glob('public/manufacturers'."/*.*");
-        $public_uploads['suppliers'] = glob('public/suppliers'."/*.*");
-        $public_uploads['assetmodels'] = glob('public/models'."/*.*");
+        $public_uploads['accessories'] = glob('public/uploads/accessories'."/*.*");
+        $public_uploads['assets'] = glob('public/uploads/assets'."/*.*");
+        $public_uploads['avatars'] = glob('public/uploads/avatars'."/*.*");
+        $public_uploads['categories'] = glob('public/uploads/categories'."/*.*");
+        $public_uploads['companies'] = glob('public/uploads/companies'."/*.*");
+        $public_uploads['components'] = glob('public/uploads/components'."/*.*");
+        $public_uploads['consumables'] = glob('public/uploads/consumables'."/*.*");
+        $public_uploads['departments'] = glob('public/uploads/departments'."/*.*");
+        $public_uploads['locations'] = glob('public/uploads/locations'."/*.*");
+        $public_uploads['manufacturers'] = glob('public/uploads/manufacturers'."/*.*");
+        $public_uploads['suppliers'] = glob('public/uploads/suppliers'."/*.*");
+        $public_uploads['assetmodels'] = glob('public/uploads/models'."/*.*");
 
 
         // iterate files
-        foreach($public_uploads as $public_type => $public_upload)
-        {
+        foreach ($public_uploads as $public_type => $public_upload) {
             $type_count = 0;
-            $this->info("- There are ".count($public_upload).' PUBLIC '.$public_type.' files.');
+            $this->info('- There are ' . count($public_upload) . ' PUBLIC ' . $public_type . ' files.');
 
             for ($i = 0; $i < count($public_upload); $i++) {
                 $type_count++;
                 $filename = basename($public_upload[$i]);
 
                 try  {
-                    Storage::disk('public')->put('uploads/'.public_type.'/'.$filename, file_get_contents($public_upload[$i]));
+                    Storage::disk('public')->put('uploads/'.$public_type.'/'.$filename, file_get_contents($public_upload[$i]));
                     $new_url = Storage::disk('public')->url('uploads/'.$public_type.'/'.$filename, $filename);
                     $this->info($type_count.'. PUBLIC: '.$filename.' was copied to '.$new_url);
                 } catch (\Exception $e) {
                     \Log::debug($e);
                     $this->error($e);
                 }
-
             }
-
         }
 
         $logos = glob("public/uploads/setting*.*");
@@ -92,8 +88,8 @@ class MoveUploadsToNewDisk extends Command
             $this->info($logo);
             $type_count++;
             $filename = basename($logo);
-            Storage::disk('public')->put('uploads/'.$filename, file_get_contents($logo));
-            $this->info($type_count.'. LOGO: '.$filename.' was copied to '.env('PUBLIC_AWS_URL').'/uploads/'.$filename);
+            Storage::disk('public')->put('uploads/' . $filename, file_get_contents($logo));
+            $this->info($type_count . '. LOGO: ' . $filename . ' was copied to ' . env('PUBLIC_AWS_URL') . '/uploads/' . $filename);
         }
 
         $private_uploads['assets'] = glob('storage/private_uploads/assets'."/*.*");
@@ -103,81 +99,69 @@ class MoveUploadsToNewDisk extends Command
         $private_uploads['imports'] = glob('storage/private_uploads/imports'."/*.*");
         $private_uploads['licenses'] = glob('storage/private_uploads/licenses'."/*.*");
         $private_uploads['users'] = glob('storage/private_uploads/users'."/*.*");
-        $private_uploads['backups'] = glob('storage/private_uploads/users'."/*.*");
+        $private_uploads['backups'] = glob('storage/private_uploads/backups'."/*.*");
+        
 
+        foreach ($private_uploads as $private_type => $private_upload) {
+            {
+                $this->info('- There are ' . count($private_upload) . ' PRIVATE ' . $private_type . ' files.');
 
-        foreach($private_uploads as $private_type => $private_upload)
-        {
-            $this->info("- There are ".count($private_upload).' PRIVATE '.$private_type.' files.');
-
-            $type_count = 0;
-            for ($x = 0; $x < count($private_upload); $x++) {
-                $type_count++;
-                $filename = basename($private_upload[$x]);
-
-                try  {
-                    Storage::put($private_type.'/'.$filename, file_get_contents($private_upload[$i]));
-                    $new_url = Storage::url($private_type.'/'.$filename, $filename);
-                    $this->info($type_count.'. PRIVATE: '.$filename.' was copied to '.$new_url);
-
-                } catch (\Exception $e) {
-                    \Log::debug($e);
-                    $this->error($e);
-                }
-
-            }
-
-        }
-
-
-        if ($delete_local=='true') {
-            $public_delete_count = 0;
-            $private_delete_count = 0;
-
-            $this->info("\n\n");
-            $this->error('!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!');
-            $this->warn("\nTHIS WILL DELETE ALL OF YOUR LOCAL UPLOADED FILES. \n\nThis cannot be undone, so you should take a backup of your system before you proceed.\n");
-            $this->error('!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!');
-
-            if ($this->confirm("Do you wish to continue?")) {
-
-                foreach($public_uploads as $public_type => $public_upload) {
-
-                    for ($i = 0; $i < count($public_upload); $i++) {
-                        $filename = $public_upload[$i];
-                        try {
-                            unlink($filename);
-                            $public_delete_count++;
-                        } catch (\Exception $e) {
-                            \Log::debug($e);
-                            $this->error($e);
-                        }
+                $type_count = 0;
+                for ($x = 0; $x < count($private_upload); $x++) {
+                    $type_count++;
+                    $filename = basename($private_upload[$x]);
 
+                    try {
+                        Storage::put($private_type . '/' . $filename, file_get_contents($private_upload[$i]));
+                        $new_url = Storage::url($private_type . '/' . $filename, $filename);
+                        $this->info($type_count . '. PRIVATE: ' . $filename . ' was copied to ' . $new_url);
+                    } catch (\Exception $e) {
+                        \Log::debug($e);
+                        $this->error($e);
                     }
                 }
+            }
 
-                foreach($private_uploads as $private_type => $private_upload)
-                {
 
-                    for ($i = 0; $i < count($private_upload); $i++) {
-                        $filename = $private_upload[$i];
-                        try {
-                            unlink($filename);
-                            $private_delete_count++;
-                        } catch (\Exception $e) {
-                            \Log::debug($e);
-                            $this->error($e);
+            if ($delete_local == 'true') {
+                $public_delete_count = 0;
+                $private_delete_count = 0;
+
+                $this->info("\n\n");
+                $this->error('!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!');
+                $this->warn("\nTHIS WILL DELETE ALL OF YOUR LOCAL UPLOADED FILES. \n\nThis cannot be undone, so you should take a backup of your system before you proceed.\n");
+                $this->error('!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!');
+
+                if ($this->confirm('Do you wish to continue?')) {
+                    foreach ($public_uploads as $public_type => $public_upload) {
+                        for ($i = 0; $i < count($public_upload); $i++) {
+                            $filename = $public_upload[$i];
+                            try {
+                                unlink($filename);
+                                $public_delete_count++;
+                            } catch (\Exception $e) {
+                                \Log::debug($e);
+                                $this->error($e);
+                            }
                         }
-
                     }
-                }
 
-                $this->info($public_delete_count." PUBLIC local files and ".$private_delete_count." PRIVATE local files were deleted from your filesystem.");
+                    foreach ($private_uploads as $private_type => $private_upload) {
+                        for ($i = 0; $i < count($private_upload); $i++) {
+                            $filename = $private_upload[$i];
+                            try {
+                                unlink($filename);
+                                $private_delete_count++;
+                            } catch (\Exception $e) {
+                                \Log::debug($e);
+                                $this->error($e);
+                            }
+                        }
+                    }
+
+                    $this->info($public_delete_count . ' PUBLIC local files and ' . $private_delete_count . ' PRIVATE local files were deleted from your filesystem.');
+                }
             }
         }
-
-
-
-
     }
 }

app/Console/Commands/ObjectImportCommand.php

@@ -1,19 +1,19 @@
 <?php
+
 namespace App\Console\Commands;
 
 use Illuminate\Console\Command;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputOption;
 
-ini_set('max_execution_time', 600); //600 seconds = 10 minutes
-ini_set('memory_limit', '500M');
+ini_set('max_execution_time', env('IMPORT_TIME_LIMIT', 600)); //600 seconds = 10 minutes
+ini_set('memory_limit', env('IMPORT_MEMORY_LIMIT', '500M'));
 
 /**
  * Class ObjectImportCommand
  */
 class ObjectImportCommand extends Command
 {
-
     /**
      * The console command name.
      *
@@ -37,7 +37,9 @@ class ObjectImportCommand extends Command
     {
         parent::__construct();
     }
+
     private $bar;
+
     /**
      * Execute the console command.
      *
@@ -55,7 +57,6 @@ class ObjectImportCommand extends Command
                  ->setShouldNotify($this->option('send-welcome'))
                  ->setUsernameFormat($this->option('username_format'));
 
-
         // This $logFile/useFiles() bit is currently broken, so commenting it out for now
         // $logFile = $this->option('logfile');
         // \Log::useFiles($logFile);
@@ -64,29 +65,28 @@ class ObjectImportCommand extends Command
 
         $this->bar = null;
 
-        if (!empty($this->errors)) {
-            $this->comment("The following Errors were encountered.");
+        if (! empty($this->errors)) {
+            $this->comment('The following Errors were encountered.');
             foreach ($this->errors as $asset => $error) {
-                $this->comment('Error: Item: ' . $asset . ' failed validation: ' . json_encode($error));
+                $this->comment('Error: Item: '.$asset.' failed validation: '.json_encode($error));
             }
         } else {
-            $this->comment("All Items imported successfully!");
+            $this->comment('All Items imported successfully!');
         }
-        $this->comment("");
-
-        return;
+        $this->comment('');
     }
 
     public function errorCallback($item, $field, $errorString)
     {
         $this->errors[$item->name][$field] = $errorString;
     }
+
     public function progress($count)
     {
-        if (!$this->bar) {
+        if (! $this->bar) {
             $this->bar = $this->output->createProgressBar($count);
         }
-        static $index =0;
+        static $index = 0;
         $index++;
         if ($index < $count) {
             $this->bar->advance();
@@ -94,12 +94,12 @@ class ObjectImportCommand extends Command
             $this->bar->finish();
         }
     }
+
     // Tracks the current item for error messages
     private $updating;
     // An array of errors encountered while parsing
     private $errors;
 
-
     /**
      * Log a message to file, configurable by the --log-file parameter.
      * If a warning message is passed, we'll spit it to the console as well.
@@ -108,7 +108,7 @@ class ObjectImportCommand extends Command
      * @since 3.0
      * @param string $string
      * @param string $level
-    */
+     */
     public function log($string, $level = 'info')
     {
         if ($level === 'warning') {
@@ -121,6 +121,7 @@ class ObjectImportCommand extends Command
             }
         }
     }
+
     /**
      * Get the console command arguments.
      *
@@ -130,12 +131,11 @@ class ObjectImportCommand extends Command
      */
     protected function getArguments()
     {
-        return array(
-            array('filename', InputArgument::REQUIRED, 'File for the CSV import.'),
-        );
+        return [
+            ['filename', InputArgument::REQUIRED, 'File for the CSV import.'],
+        ];
     }
 
-
     /**
      * Get the console command options.
      *
@@ -145,16 +145,15 @@ class ObjectImportCommand extends Command
      */
     protected function getOptions()
     {
-        return array(
-        array('email_format', null, InputOption::VALUE_REQUIRED, 'The format of the email addresses that should be generated. Options are firstname.lastname, firstname, filastname', null),
-        array('username_format', null, InputOption::VALUE_REQUIRED, 'The format of the username that should be generated. Options are firstname.lastname, firstname, filastname, email', null),
-        array('logfile', null, InputOption::VALUE_REQUIRED, 'The path to log output to.  storage/logs/importer.log by default', storage_path('logs/importer.log') ),
-        array('item-type', null, InputOption::VALUE_REQUIRED, 'Item Type To import.  Valid Options are Asset, Consumable, Accessory, License, or User', 'Asset'),
-        array('web-importer', null, InputOption::VALUE_NONE, 'Internal: packages output for use with the web importer'),
-        array('user_id', null, InputOption::VALUE_REQUIRED, 'ID of user creating items', 1),
-        array('update', null, InputOption::VALUE_NONE, 'If a matching item is found, update item information'),
-        array('send-welcome', null, InputOption::VALUE_NONE, 'Whether to send a welcome email to any new users that are created.'),
-        );
-
+        return [
+        ['email_format', null, InputOption::VALUE_REQUIRED, 'The format of the email addresses that should be generated. Options are firstname.lastname, firstname, filastname', null],
+        ['username_format', null, InputOption::VALUE_REQUIRED, 'The format of the username that should be generated. Options are firstname.lastname, firstname, filastname, email', null],
+        ['logfile', null, InputOption::VALUE_REQUIRED, 'The path to log output to.  storage/logs/importer.log by default', storage_path('logs/importer.log')],
+        ['item-type', null, InputOption::VALUE_REQUIRED, 'Item Type To import.  Valid Options are Asset, Consumable, Accessory, License, or User', 'Asset'],
+        ['web-importer', null, InputOption::VALUE_NONE, 'Internal: packages output for use with the web importer'],
+        ['user_id', null, InputOption::VALUE_REQUIRED, 'ID of user creating items', 1],
+        ['update', null, InputOption::VALUE_NONE, 'If a matching item is found, update item information'],
+        ['send-welcome', null, InputOption::VALUE_NONE, 'Whether to send a welcome email to any new users that are created.'],
+        ];
     }
 }

app/Console/Commands/PaveIt.php

@@ -2,23 +2,9 @@
 
 namespace App\Console\Commands;
 
-use App\Models\Accessory;
 use App\Models\Asset;
-use App\Models\AssetModel;
-use App\Models\Category;
-use App\Models\Company;
-use App\Models\Component;
-use App\Models\Consumable;
-use App\Models\Department;
-use App\Models\Depreciation;
-use App\Models\Group;
-use App\Models\Import;
-use App\Models\License;
-use App\Models\LicenseSeat;
-use App\Models\Location;
-use App\Models\Manufacturer;
-use App\Models\Statuslabel;
-use App\Models\Supplier;
+use App\Models\CustomField;
+use Schema;
 use DB;
 use Illuminate\Console\Command;
 
@@ -29,15 +15,14 @@ class PaveIt extends Command
      *
      * @var string
      */
-    protected $signature = 'snipeit:pave
-              {--soft : Perform a "Soft" Delete, leaving all migrations, table structure, and the first user in place.}';
+    protected $signature = 'snipeit:pave  {--force : Skip the interactive yes/no prompt for confirmation}';
 
     /**
      * The console command description.
      *
      * @var string
      */
-    protected $description = 'Pave the database to start over. This should ALMOST NEVER BE USED. (It is primarily a quick tool for developers.)';
+    protected $description = 'Clear the database tables, leaving all migrations, table structure, and the first user in place. (It is primarily a quick tool for developers.) If you want to destroy all tables as well, use php artisan db:wipe.';
 
     /**
      * Create a new command instance.
@@ -56,106 +41,51 @@ class PaveIt extends Command
      */
     public function handle()
     {
-        if ($this->confirm("\n****************************************************\nTHIS WILL DELETE ALL OF THE DATA IN YOUR DATABASE. \nThere is NO undo. This WILL destroy ALL of your data. \n****************************************************\n\nDo you wish to continue? No backsies! [y|N]")) {
-            if ($this->option('soft')) {
-                Accessory::getQuery()->delete();
-                Asset::getQuery()->delete();
-                Category::getQuery()->delete();
-                Company::getQuery()->delete();
-                Component::getQuery()->delete();
-                Consumable::getQuery()->delete();
-                Department::getQuery()->delete();
-                Depreciation::getQuery()->delete();
-                License::getQuery()->delete();
-                LicenseSeat::getQuery()->delete();
-                Location::getQuery()->delete();
-                Manufacturer::getQuery()->delete();
-                AssetModel::getQuery()->delete();
-                Statuslabel::getQuery()->delete();
-                Supplier::getQuery()->delete();
-                Group::getQuery()->delete();
-                Import::getQuery()->delete();
 
-                DB::statement('delete from accessories_users');
-                DB::statement('delete from asset_logs');
-                DB::statement('delete from asset_maintenances');
-                DB::statement('delete from login_attempts');
-                DB::statement('delete from asset_uploads');
-                DB::statement('delete from action_logs');
-                DB::statement('delete from checkout_requests');
-                DB::statement('delete from checkout_acceptances');
-                DB::statement('delete from consumables_users');
-                DB::statement('delete from custom_field_custom_fieldset');
-                DB::statement('delete from custom_fields');
-                DB::statement('delete from custom_fieldsets');
-                DB::statement('delete from components_assets');
-                DB::statement('delete from kits');
-                DB::statement('delete from kits_accessories');
-                DB::statement('delete from kits_consumables');
-                DB::statement('delete from kits_licenses');
-                DB::statement('delete from kits_models');
-                DB::statement('delete from login_attempts');
-                DB::statement('delete from models_custom_fields');
-                DB::statement('delete from permission_groups');
-                DB::statement('delete from password_resets');
-                DB::statement('delete from requested_assets');
-                DB::statement('delete from requests');
-                DB::statement('delete from throttle');
-                DB::statement('delete from users_groups');
-                DB::statement('delete from users WHERE id!=1');
-            } else {
-                \DB::statement('drop table IF EXISTS accessories_users');
-                \DB::statement('drop table IF EXISTS accessories');
-                \DB::statement('drop table IF EXISTS asset_logs');
-                \DB::statement('drop table IF EXISTS action_logs');
-                \DB::statement('drop table IF EXISTS asset_maintenances');
-                \DB::statement('drop table IF EXISTS asset_uploads');
-                \DB::statement('drop table IF EXISTS assets');
-                \DB::statement('drop table IF EXISTS categories');
-                \DB::statement('drop table IF EXISTS checkout_requests');
-                \DB::statement('drop table IF EXISTS checkout_acceptances');
-                \DB::statement('drop table IF EXISTS companies');
-                \DB::statement('drop table IF EXISTS components');
-                \DB::statement('drop table IF EXISTS components_assets');
-                \DB::statement('drop table IF EXISTS consumables_users');
-                \DB::statement('drop table IF EXISTS consumables');
-                \DB::statement('drop table IF EXISTS custom_field_custom_fieldset');
-                \DB::statement('drop table IF EXISTS custom_fields');
-                \DB::statement('drop table IF EXISTS custom_fieldsets');
-                \DB::statement('drop table IF EXISTS depreciations');
-                \DB::statement('drop table IF EXISTS departments');
-                \DB::statement('drop table IF EXISTS groups');
-                \DB::statement('drop table IF EXISTS history');
-                \DB::statement('drop table IF EXISTS kits');
-                \DB::statement('drop table IF EXISTS kits_accessories');
-                \DB::statement('drop table IF EXISTS kits_consumables');
-                \DB::statement('drop table IF EXISTS kits_licenses');
-                \DB::statement('drop table IF EXISTS kits_models');
-                \DB::statement('drop table IF EXISTS models_custom_fields');
-                \DB::statement('drop table IF EXISTS permission_groups');
-                \DB::statement('drop table IF EXISTS license_seats');
-                \DB::statement('drop table IF EXISTS licenses');
-                \DB::statement('drop table IF EXISTS locations');
-                \DB::statement('drop table IF EXISTS login_attempts');
-                \DB::statement('drop table IF EXISTS manufacturers');
-                \DB::statement('drop table IF EXISTS models');
-                \DB::statement('drop table IF EXISTS migrations');
-                \DB::statement('drop table IF EXISTS oauth_access_tokens');
-                \DB::statement('drop table IF EXISTS oauth_auth_codes');
-                \DB::statement('drop table IF EXISTS oauth_clients');
-                \DB::statement('drop table IF EXISTS oauth_personal_access_clients');
-                \DB::statement('drop table IF EXISTS oauth_refresh_tokens');
-                \DB::statement('drop table IF EXISTS password_resets');
-                \DB::statement('drop table IF EXISTS requested_assets');
-                \DB::statement('drop table IF EXISTS requests');
-                \DB::statement('drop table IF EXISTS settings');
-                \DB::statement('drop table IF EXISTS status_labels');
-                \DB::statement('drop table IF EXISTS suppliers');
-                \DB::statement('drop table IF EXISTS throttle');
-                \DB::statement('drop table IF EXISTS users_groups');
-                \DB::statement('drop table IF EXISTS users');
-                \DB::statement('drop table IF EXISTS imports');
+        if (!$this->option('force')) {
+            $confirmation = $this->confirm("\n****************************************************\nTHIS WILL DELETE ALL OF THE DATA IN YOUR DATABASE. \nThere is NO undo. This WILL destroy ALL of your data, \nINCLUDING ANY non-Snipe-IT tables you have in this database. \n****************************************************\n\nDo you wish to continue? No backsies! ");
+            if (!$confirmation) {
+                $this->error('ABORTING');
+                exit(-1);
             }
         }
+
+        // List all the tables in the database so we don't have to worry about missing some as the app grows
+        $tables = DB::connection()->getDoctrineSchemaManager()->listTableNames();
+
+        $except_tables = [
+            'oauth_access_tokens',
+            'oauth_clients',
+            'oauth_personal_access_clients',
+            'migrations',
+            'settings',
+            'users',
+        ];
+
+        // We only need to find out what these are so we can nuke these columns on the assets table.
+        $custom_fields = CustomField::get();
+        foreach ($custom_fields as $custom_field) {
+            $this->info('DROP the '.$custom_field->db_column.' column from assets as well.');
+
+            if (\Schema::hasColumn('assets', $custom_field->db_column)) {
+                \Schema::table('assets', function ($table) use ($custom_field) {
+                    $table->dropColumn($custom_field->db_column);
+                });
+            }
+        }
+
+        foreach ($tables as $table) {
+            if (in_array($table, $except_tables)) {
+                $this->info($table. ' is SKIPPED.');
+            } else {
+                \DB::statement('truncate '.$table);
+                $this->info($table. ' is TRUNCATED.');
+            }
+        }
+
+        // Leave in the demo oauth keys so we don't have to reset them every day in the demos
+        \DB::statement('delete from oauth_clients WHERE id > 2');
+        \DB::statement('delete from oauth_access_tokens WHERE id > 2');
+    
     }
-}
+}

app/Console/Commands/Purge.php

@@ -50,7 +50,7 @@ class Purge extends Command
     public function handle()
     {
         $force = $this->option('force');
-        if (($this->confirm("\n****************************************************\nTHIS WILL PURGE ALL SOFT-DELETED ITEMS IN YOUR SYSTEM. \nThere is NO undo. This WILL permanently destroy \nALL of your deleted data. \n****************************************************\n\nDo you wish to continue? No backsies! [y|N]")) ||  $force == 'true') {
+        if (($this->confirm("\n****************************************************\nTHIS WILL PURGE ALL SOFT-DELETED ITEMS IN YOUR SYSTEM. \nThere is NO undo. This WILL permanently destroy \nALL of your deleted data. \n****************************************************\n\nDo you wish to continue? No backsies! [y|N]")) || $force == 'true') {
 
             /**
              * Delete assets
@@ -80,9 +80,8 @@ class Purge extends Command
                 $location->forceDelete();
             }
 
-
             $accessories = Accessory::whereNotNull('deleted_at')->withTrashed()->get();
-            $accessory_assoc=0;
+            $accessory_assoc = 0;
             $this->info($accessories->count().' accessories purged.');
             foreach ($accessories as $accessory) {
                 $this->info('- Accessory "'.$accessory->name.'" deleted.');
@@ -92,7 +91,6 @@ class Purge extends Command
             }
             $this->info($accessory_assoc.' corresponding log records purged.');
 
-
             $consumables = Consumable::whereNotNull('deleted_at')->withTrashed()->get();
             $this->info($consumables->count().' consumables purged.');
             foreach ($consumables as $consumable) {
@@ -101,7 +99,6 @@ class Purge extends Command
                 $consumable->forceDelete();
             }
 
-
             $components = Component::whereNotNull('deleted_at')->withTrashed()->get();
             $this->info($components->count().' components purged.');
             foreach ($components as $component) {
@@ -126,7 +123,6 @@ class Purge extends Command
                 $model->forceDelete();
             }
 
-
             $categories = Category::whereNotNull('deleted_at')->withTrashed()->get();
             $this->info($categories->count().' categories purged.');
             foreach ($categories as $category) {
@@ -165,11 +161,8 @@ class Purge extends Command
                 $this->info('- Status Label "'.$status_label->name.'" deleted.');
                 $status_label->forceDelete();
             }
-
-
         } else {
             $this->info('Action canceled. Nothing was purged.');
         }
-
     }
 }

app/Console/Commands/PurgeLoginAttempts.php

@@ -38,7 +38,7 @@ class PurgeLoginAttempts extends Command
     public function handle()
     {
         if ($this->confirm("\n****************************************************\nTHIS WILL DELETE ALL OF THE YOUR LOGIN ATTEMPT RECORDS. \nThere is NO undo! \n****************************************************\n\nDo you wish to continue? No backsies! [y|N]")) {
-                \DB::statement('delete from login_attempts');
+            \DB::statement('delete from login_attempts');
         }
     }
 }

app/Console/Commands/ReEncodeCustomFieldNames.php

@@ -48,15 +48,13 @@ class ReEncodeCustomFieldNames extends Command
      */
     public function handle()
     {
-
-        if ($this->confirm('This will regenerate all of the custom field database fieldnames in your database. THIS WILL CHANGE YOUR SCHEMA AND SHOULD NOT BE DONE WITHOUT MAKING A BACKUP FIRST. Do you wish to continue?'))
-        {
+        if ($this->confirm('This will regenerate all of the custom field database fieldnames in your database. THIS WILL CHANGE YOUR SCHEMA AND SHOULD NOT BE DONE WITHOUT MAKING A BACKUP FIRST. Do you wish to continue?')) {
 
             /** Get all of the custom fields */
             $fields = CustomField::get();
 
             $asset_columns = \DB::getSchemaBuilder()->getColumnListing('assets');
-            $custom_field_columns = array();
+            $custom_field_columns = [];
 
             /** Loop through the columns on the assets table */
             foreach ($asset_columns as $asset_column) {
@@ -71,18 +69,16 @@ class ReEncodeCustomFieldNames extends Command
                      * Then use that ID as the array key for use comparing the actual assets field name
                      * and the db_column value from the custom fields table.
                      */
-                    $last_part = substr(strrchr($asset_column, "_snipeit_"), 1);
+                    $last_part = substr(strrchr($asset_column, '_snipeit_'), 1);
                     $custom_field_columns[$last_part] = $asset_column;
                 }
             }
 
             foreach ($fields as $field) {
-
-                $this->info($field->name .' ('.$field->id.') column should be '. $field->convertUnicodeDbSlug().'');
+                $this->info($field->name.' ('.$field->id.') column should be '.$field->convertUnicodeDbSlug().'');
 
                 /** The assets table has the column it should have, all is well */
-                if (\Schema::hasColumn('assets', $field->convertUnicodeDbSlug()))
-                {
+                if (\Schema::hasColumn('assets', $field->convertUnicodeDbSlug())) {
                     $this->info('-- ✓ This field exists - all good');
 
                 /**
@@ -90,24 +86,23 @@ class ReEncodeCustomFieldNames extends Command
                  * what $field->convertUnicodeDbSlug() is *now* expecting.
                  */
                 } else {
-                        $this->warn('-- X Field mismatch: updating... ');
+                    $this->warn('-- X Field mismatch: updating... ');
 
-                        /** Make sure the custom_field_columns array has the ID */
-                        if (array_key_exists($field->id, $custom_field_columns)) {
+                    /** Make sure the custom_field_columns array has the ID */
+                    if (array_key_exists($field->id, $custom_field_columns)) {
 
-                            /**
-                             * Update the asset schema to the corrected fieldname that will be recognized by the
-                             *  system elsewhere that we use $field->convertUnicodeDbSlug()
-                             */
-                            \Schema::table('assets', function($table) use ($custom_field_columns, $field) {
-                                $table->renameColumn($custom_field_columns[$field->id], $field->convertUnicodeDbSlug());
-                            });
+                        /**
+                         * Update the asset schema to the corrected fieldname that will be recognized by the
+                         *  system elsewhere that we use $field->convertUnicodeDbSlug()
+                         */
+                        \Schema::table('assets', function ($table) use ($custom_field_columns, $field) {
+                            $table->renameColumn($custom_field_columns[$field->id], $field->convertUnicodeDbSlug());
+                        });
 
-                            $this->warn('-- ✓ Field updated from '.$custom_field_columns[$field->id].' to '.$field->convertUnicodeDbSlug());
-
-                        } else {
-                            $this->warn('-- X WARNING: There is no field on the assets table ending in  '.$field->id.'. This may require more in-depth investigation and may mean the schema was altered manually.');
-                        }
+                        $this->warn('-- ✓ Field updated from '.$custom_field_columns[$field->id].' to '.$field->convertUnicodeDbSlug());
+                    } else {
+                        $this->warn('-- X WARNING: There is no field on the assets table ending in  '.$field->id.'. This may require more in-depth investigation and may mean the schema was altered manually.');
+                    }
                 }
 
                 /** Update the db_column property in the custom fields table, just in case it doesn't match the other
@@ -115,12 +110,7 @@ class ReEncodeCustomFieldNames extends Command
                  */
                 $field->db_column = $field->convertUnicodeDbSlug();
                 $field->save();
-
-
             }
-
         }
-
-
     }
 }

app/Console/Commands/RecryptFromMcrypt.php

@@ -44,37 +44,35 @@ class RecryptFromMcrypt extends Command
     public function handle()
     {
 
-
         // Check and see if they have a legacy app key listed in their .env
         // If not, we can try to use the current APP_KEY if looks like it's old
         $legacy_key = env('LEGACY_APP_KEY');
         $key_parts = explode(':', $legacy_key);
         $legacy_cipher = env('LEGACY_CIPHER', 'rijndael-256');
-        $errors = array();
+        $errors = [];
 
-        if (!$legacy_key) {
+        if (! $legacy_key) {
             $this->error('ERROR: You do not have a LEGACY_APP_KEY set in your .env file. Please locate your old APP_KEY and ADD a line to your .env file like: LEGACY_APP_KEY=YOUR_OLD_APP_KEY');
+
             return false;
         }
 
-
         // Do some basic legacy app key length checks
         if (strlen($legacy_key) == 32) {
             $legacy_length_check = true;
-        } elseif (array_key_exists('1', $key_parts) && (strlen($key_parts[1])==44)) {
-            $legacy_key = base64_decode($key_parts[1],true);
+        } elseif (array_key_exists('1', $key_parts) && (strlen($key_parts[1]) == 44)) {
+            $legacy_key = base64_decode($key_parts[1], true);
             $legacy_length_check = true;
         } else {
             $legacy_length_check = false;
         }
-   
-
 
         // Check that the app key is 32 characters
         if ($legacy_length_check === true) {
             $this->comment('INFO: Your LEGACY_APP_KEY looks correct. Okay to continue.');
         } else {
             $this->error('ERROR: Your LEGACY_APP_KEY is not the correct length (32 characters or base64 followed by 44 characters for later versions). Please locate your old APP_KEY and use that as your LEGACY_APP_KEY in your .env file to continue.');
+
             return false;
         }
 
@@ -84,8 +82,7 @@ class RecryptFromMcrypt extends Command
 
         $force = ($this->option('force')) ? true : false;
 
-        if ($force || ($this->confirm("Are you SURE you wish to continue?"))) {
-
+        if ($force || ($this->confirm('Are you SURE you wish to continue?'))) {
             $backup_file = 'backups/env-backups/'.'app_key-'.date('Y-m-d-gis');
 
             try {
@@ -95,15 +92,14 @@ class RecryptFromMcrypt extends Command
                 $this->info('WARNING: Could not backup app keys');
             }
 
-
-            if ($legacy_cipher){
-                $mcrypter = new McryptEncrypter($legacy_key,$legacy_cipher);
-            }else{
+            if ($legacy_cipher) {
+                $mcrypter = new McryptEncrypter($legacy_key, $legacy_cipher);
+            } else {
                 $mcrypter = new McryptEncrypter($legacy_key);
             }
             $settings = Setting::getSettings();
 
-            if ($settings->ldap_pword=='') {
+            if ($settings->ldap_pword == '') {
                 $this->comment('INFO: No LDAP password found. Skipping... ');
             } else {
                 $decrypted_ldap_pword = $mcrypter->decrypt($settings->ldap_pword);
@@ -111,30 +107,28 @@ class RecryptFromMcrypt extends Command
                 $settings->save();
             }
             /** @var CustomField[] $custom_fields */
-            $custom_fields = CustomField::where('field_encrypted','=', 1)->get();
+            $custom_fields = CustomField::where('field_encrypted', '=', 1)->get();
             $this->comment('INFO: Retrieving encrypted custom fields...');
 
             $query = Asset::withTrashed();
 
             foreach ($custom_fields as $custom_field) {
-                $this->comment('FIELD TO RECRYPT:  '.$custom_field->name .' ('.$custom_field->db_column.')');
+                $this->comment('FIELD TO RECRYPT:  '.$custom_field->name.' ('.$custom_field->db_column.')');
                 $query->orWhereNotNull($custom_field->db_column);
             }
 
-
             // Get all assets with a value in any of the fields that were encrypted
             /** @var Asset[] $assets */
             $assets = $query->get();
 
             $bar = $this->output->createProgressBar(count($assets));
 
-
             foreach ($assets as $asset) {
                 foreach ($custom_fields as $encrypted_field) {
                     $columnName = $encrypted_field->db_column;
 
                     // Make sure the value isn't null
-                    if ($asset->{$columnName}!='') {
+                    if ($asset->{$columnName} != '') {
                         // Try to decrypt the payload using the legacy app key
                         try {
                             $decrypted_field = $mcrypter->decrypt($asset->{$columnName});
@@ -144,14 +138,11 @@ class RecryptFromMcrypt extends Command
                             $errors[] = ' - ERROR: Could not decrypt field ['.$encrypted_field->name.']: '.$e->getMessage();
                         }
                     }
-
                 }
                 $asset->save();
                 $bar->advance();
             }
 
-
-
             $bar->finish();
 
             if (count($errors) > 0) {
@@ -162,6 +153,5 @@ class RecryptFromMcrypt extends Command
                 }
             }
         }
-
     }
 }

app/Console/Commands/RegenerateAssetTags.php

@@ -40,31 +40,27 @@ class RegenerateAssetTags extends Command
      */
     public function handle()
     {
-
-        if ($this->confirm('This will regenerate all of the asset tags within your system. This action is data-destructive and should be used with caution. Do you wish to continue?'))
-        {
-
+        if ($this->confirm('This will regenerate all of the asset tags within your system. This action is data-destructive and should be used with caution. Do you wish to continue?')) {
             $output['info'] = [];
             $output['warn'] = [];
             $output['error'] = [];
             $settings = Setting::getSettings();
 
-            $start_tag = ($this->option('start')) ? $this->option('start') : (($settings->next_auto_tag_base) ? Setting::getSettings()->next_auto_tag_base : 1) ;
+            $start_tag = ($this->option('start')) ? $this->option('start') : (($settings->next_auto_tag_base) ? Setting::getSettings()->next_auto_tag_base : 1);
 
             $this->info('Starting at '.$start_tag);
 
-            $total_assets = Asset::orderBy('id','asc')->get();
+            $total_assets = Asset::orderBy('id', 'asc')->get();
             $bar = $this->output->createProgressBar(count($total_assets));
 
-            try  {
+            try {
                 Artisan::call('backup:run');
             } catch (\Exception $e) {
                 $output['error'][] = $e;
             }
 
             foreach ($total_assets as $asset) {
-                
-                $start_tag++;
+
                 $output['info'][] = 'Asset tag:'.$asset->asset_tag;
                 $asset->asset_tag = $settings->auto_increment_prefix.$settings->auto_increment_prefix.$start_tag;
 
@@ -76,29 +72,33 @@ class RegenerateAssetTags extends Command
 
                 // Use forceSave here to override model level validation
                 $asset->forceSave();
+                $start_tag++;
+                if ($bar) {
+                    $bar->advance();
+                }
             }
 
+            $settings->next_auto_tag_base = Asset::zerofill($start_tag, $settings->zerofill_count);
+            $settings->save();
+
             $bar->finish();
             $this->info("\n");
 
-
-            if (($this->option('output')=='all') || ($this->option('output')=='info')) {
+            if (($this->option('output') == 'all') || ($this->option('output') == 'info')) {
                 foreach ($output['info'] as $key => $output_text) {
                     $this->info($output_text);
                 }
             }
-            if (($this->option('output')=='all') || ($this->option('output')=='warn')) {
+            if (($this->option('output') == 'all') || ($this->option('output') == 'warn')) {
                 foreach ($output['warn'] as $key => $output_text) {
                     $this->warn($output_text);
                 }
             }
-            if (($this->option('output')=='all') || ($this->option('output')=='error')) {
+            if (($this->option('output') == 'all') || ($this->option('output') == 'error')) {
                 foreach ($output['error'] as $key => $output_text) {
                     $this->error($output_text);
                 }
             }
         }
-
-
     }
 }

app/Console/Commands/ResetDemoSettings.php

@@ -48,6 +48,7 @@ class ResetDemoSettings extends Command
         $settings->auto_increment_assets = 1;
         $settings->logo = 'snipe-logo.png';
         $settings->alert_email = 'service@snipe-it.io';
+        $settings->login_note = 'Use `admin` / `password` to login to the demo.';
         $settings->header_color = null;
         $settings->barcode_type = 'QRCODE';
         $settings->default_currency = 'USD';
@@ -66,9 +67,6 @@ class ResetDemoSettings extends Command
         $settings->version_footer = 'on';
         $settings->support_footer = null;
         $settings->saml_enabled = '0';
-        $settings->saml_sp_entitiyid = '0';
-        $settings->saml_sp_acs_url = null;
-        $settings->saml_sp_sls_url = null;
         $settings->saml_sp_x509cert = null;
         $settings->saml_idp_metadata = null;
         $settings->saml_attr_mapping_username = null;
@@ -84,7 +82,9 @@ class ResetDemoSettings extends Command
             $user->save();
         }
 
-        
+        \Storage::disk('public')->put('snipe-logo.png', file_get_contents(public_path('img/demo/snipe-logo.png')));
+        \Storage::disk('public')->put('snipe-logo-lg.png', file_get_contents(public_path('img/demo/snipe-logo-lg.png')));
+
     }
 
 }

app/Console/Commands/RestoreDeletedUsers.php

@@ -43,16 +43,15 @@ class RestoreDeletedUsers extends Command
      */
     public function handle()
     {
-
         $start_date = $this->option('start_date');
         $end_date = $this->option('end_date');
         $asset_totals = 0;
         $license_totals = 0;
         $user_count = 0;
 
-
-        if (($start_date=='') || ($end_date=='')) {
+        if (($start_date == '') || ($end_date == '')) {
             $this->info('ERROR: All fields are required.');
+
             return false;
         }
 
@@ -63,15 +62,15 @@ class RestoreDeletedUsers extends Command
 
         foreach ($users as $user) {
             $user_count++;
-            $user_logs = Actionlog::where('target_id', $user->id)->where('target_type',User::class)
-                ->where('action_type','checkout')->with('item')->get();
+            $user_logs = Actionlog::where('target_id', $user->id)->where('target_type', User::class)
+                ->where('action_type', 'checkout')->with('item')->get();
 
-            $this->info($user_count.'. '.$user->username.' ('.$user->id.') was deleted at '.$user->deleted_at. ' and has '.$user_logs->count().' checkouts associated.');
+            $this->info($user_count.'. '.$user->username.' ('.$user->id.') was deleted at '.$user->deleted_at.' and has '.$user_logs->count().' checkouts associated.');
 
             foreach ($user_logs as $user_log) {
                 $this->info('  * '.$user_log->item_type.': '.$user_log->item->name.' - item_id: '.$user_log->item_id);
 
-                if ($user_log->item_type==Asset::class) {
+                if ($user_log->item_type == Asset::class) {
                     $asset_totals++;
 
                     DB::table('assets')
@@ -79,11 +78,10 @@ class RestoreDeletedUsers extends Command
                         ->update(['assigned_to' => $user->id, 'assigned_type'=> User::class]);
 
                     $this->info('      ** Asset '.$user_log->item->id.' ('.$user_log->item->asset_tag.') restored to user '.$user->id.'');
-
-                } elseif ($user_log->item_type==License::class) {
+                } elseif ($user_log->item_type == License::class) {
                     $license_totals++;
 
-                    $avail_seat = DB::table('license_seats')->where('license_id','=',$user_log->item->id)
+                    $avail_seat = DB::table('license_seats')->where('license_id', '=', $user_log->item->id)
                         ->whereNull('assigned_to')->whereNull('asset_id')->whereBetween('updated_at', [$start_date, $end_date])->first();
                     if ($avail_seat) {
                         $this->info('      ** Allocating seat '.$avail_seat->id.' for this License');
@@ -91,27 +89,17 @@ class RestoreDeletedUsers extends Command
                         DB::table('license_seats')
                             ->where('id', $avail_seat->id)
                             ->update(['assigned_to' => $user->id]);
-
                     } else {
                         $this->warn('ERROR: No available seats for '.$user_log->item->name);
                     }
-
                 }
-
             }
 
             $this->warn('Restoring user '.$user->username.'!');
             $user->restore();
-
-
         }
 
         $this->info($asset_totals.' assets affected');
         $this->info($license_totals.' licenses affected');
-
-
-
     }
-
-
 }

app/Console/Commands/RestoreFromBackup.php

@@ -0,0 +1,325 @@
+<?php
+
+namespace App\Console\Commands;
+
+use Illuminate\Console\Command;
+use ZipArchive;
+
+class RestoreFromBackup extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'snipeit:restore 
+                                            {--force : Skip the danger prompt; assuming you enter "y"} 
+                                            {filename : The zip file to be migrated}
+                                            {--no-progress : Don\'t show a progress bar}';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Restore from a previously created Snipe-IT backup file';
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    public static $buffer_size = 1024 * 1024;  // use a 1MB buffer, ought to work fine for most cases?
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+        $dir = getcwd();
+        if( $dir != base_path() ) { // usually only the case when running via webserver, not via command-line
+            \Log::debug("Current working directory is: $dir, changing directory to: ".base_path());
+            chdir(base_path()); // TODO - is this *safe* to change on a running script?!
+        }
+        //
+        $filename = $this->argument('filename');
+
+        if (! $filename) {
+            return $this->error('Missing required filename');
+        }
+
+        if (! $this->option('force') && ! $this->confirm('Are you sure you wish to restore from the given backup file? This can lead to MASSIVE DATA LOSS!')) {
+            return $this->error('Data loss not confirmed');
+        }
+
+        if (config('database.default') != 'mysql') {
+            return $this->error('DB_CONNECTION must be MySQL in order to perform a restore. Detected: '.config('database.default'));
+        }
+
+        $za = new ZipArchive();
+
+        $errcode = $za->open($filename/* , ZipArchive::RDONLY */); // that constant only exists in PHP 7.4 and higher
+        if ($errcode !== true) {
+            $errors = [
+                ZipArchive::ER_EXISTS => 'File already exists.',
+                ZipArchive::ER_INCONS => 'Zip archive inconsistent.',
+                ZipArchive::ER_INVAL => 'Invalid argument.',
+                ZipArchive::ER_MEMORY => 'Malloc failure.',
+                ZipArchive::ER_NOENT => 'No such file ('.$filename.') in directory '.$dir.'.',
+                ZipArchive::ER_NOZIP => 'Not a zip archive.',
+                ZipArchive::ER_OPEN => "Can't open file.",
+                ZipArchive::ER_READ => 'Read error.',
+                ZipArchive::ER_SEEK => 'Seek error.',
+            ];
+
+            return $this->error('Could not access file: '.$filename.' - '.array_key_exists($errcode, $errors) ? $errors[$errcode] : " Unknown reason: $errcode");
+        }
+
+
+        $private_dirs = [
+            'storage/private_uploads/assets', // these are asset _files_, not the pictures.
+            'storage/private_uploads/audits',
+            'storage/private_uploads/imports',
+            'storage/private_uploads/assetmodels',
+            'storage/private_uploads/users',
+            'storage/private_uploads/licenses',
+            'storage/private_uploads/signatures',
+        ];
+        $private_files = [
+            'storage/oauth-private.key',
+            'storage/oauth-public.key',
+        ];
+        $public_dirs = [
+            'public/uploads/companies',
+            'public/uploads/components',
+            'public/uploads/categories',
+            'public/uploads/manufacturers',
+            //'public/uploads/barcodes', // we don't want this, let the barcodes be regenerated
+            'public/uploads/consumables',
+            'public/uploads/departments',
+            'public/uploads/avatars',
+            'public/uploads/suppliers',
+            'public/uploads/assets', // these are asset _pictures_, not asset files
+            'public/uploads/locations',
+            'public/uploads/accessories',
+            'public/uploads/models',
+            'public/uploads/categories',
+            'public/uploads/avatars',
+            'public/uploads/manufacturers',
+        ];
+
+        $public_files = [
+            'public/uploads/logo.*',
+            'public/uploads/setting-email_logo*',
+            'public/uploads/setting-label_logo*',
+            'public/uploads/setting-logo*',
+            'public/uploads/favicon.*',
+            'public/uploads/favicon-uploaded.*',
+        ];
+
+        $all_files = $private_dirs + $public_dirs;
+
+        $sqlfiles = [];
+        $sqlfile_indices = [];
+
+        $interesting_files = [];
+        $boring_files = [];
+
+        for ($i = 0; $i < $za->numFiles; $i++) {
+            $stat_results = $za->statIndex($i);
+            // echo "index: $i\n";
+            // print_r($stat_results);
+
+            $raw_path = $stat_results['name'];
+            if (strpos($raw_path, '\\') !== false) { //found a backslash, swap it to forward-slash
+                $raw_path = strtr($raw_path, '\\', '/');
+                //print "Translating file: ".$stat_results['name']." to: ".$raw_path."\n";
+            }
+
+            // skip macOS resource fork files (?!?!?!)
+            if (strpos($raw_path, '__MACOSX') !== false && strpos($raw_path, '._') !== false) {
+                //print "SKIPPING macOS Resource fork file: $raw_path\n";
+                $boring_files[] = $raw_path;
+                continue;
+            }
+            if (@pathinfo($raw_path)['extension'] == 'sql') {
+                \Log::debug("Found a sql file!");
+                $sqlfiles[] = $raw_path;
+                $sqlfile_indices[] = $i;
+                continue;
+            }
+
+            foreach (array_merge($private_dirs, $public_dirs) as $dir) {
+                $last_pos = strrpos($raw_path, $dir.'/');
+                if ($last_pos !== false) {
+                    //print("INTERESTING - last_pos is $last_pos when searching $raw_path for $dir - last_pos+strlen(\$dir) is: ".($last_pos+strlen($dir))." and strlen(\$rawpath) is: ".strlen($raw_path)."\n");
+                    //print("We would copy $raw_path to $dir.\n"); //FIXME append to a path?
+                    $interesting_files[$raw_path] = ['dest' =>$dir, 'index' => $i];
+                    continue 2;
+                    if ($last_pos + strlen($dir) + 1 == strlen($raw_path)) {
+                        // we don't care about that; we just want files with the appropriate prefix
+                        //print("FOUND THE EXACT DIRECTORY: $dir AT: $raw_path!!!\n");
+                    }
+                }
+            }
+            $good_extensions = ['png', 'gif', 'jpg', 'svg', 'jpeg', 'doc', 'docx', 'pdf', 'txt',
+                                'zip', 'rar', 'xls', 'xlsx', 'lic', 'xml', 'rtf', 'webp', 'key', 'ico', ];
+            foreach (array_merge($private_files, $public_files) as $file) {
+                $has_wildcard = (strpos($file, '*') !== false);
+                if ($has_wildcard) {
+                    $file = substr($file, 0, -1); //trim last character (which should be the wildcard)
+                }
+                $last_pos = strrpos($raw_path, $file); // no trailing slash!
+                if ($last_pos !== false) {
+                    $extension = strtolower(pathinfo($raw_path, PATHINFO_EXTENSION));
+                    if (! in_array($extension, $good_extensions)) {
+                        $this->warn('Potentially unsafe file '.$raw_path.' is being skipped');
+                        $boring_files[] = $raw_path;
+                        continue 2;
+                    }
+                    //print("INTERESTING - last_pos is $last_pos when searching $raw_path for $file - last_pos+strlen(\$file) is: ".($last_pos+strlen($file))." and strlen(\$rawpath) is: ".strlen($raw_path)."\n");
+                    //no wildcards found in $file, process 'normally'
+                    if ($last_pos + strlen($file) == strlen($raw_path) || $has_wildcard) { //again, no trailing slash. or this is a wildcard and we just take it.
+                        // print("FOUND THE EXACT FILE: $file AT: $raw_path!!!\n"); //we *do* care about this, though.
+                        $interesting_files[$raw_path] = ['dest' => dirname($file), 'index' => $i];
+                        continue 2;
+                    }
+                }
+            }
+            $boring_files[] = $raw_path; //if we've gotten to here and haven't continue'ed our way into the next iteration, we don't want this file
+        } // end of pre-processing the ZIP file for-loop
+
+        // print_r($interesting_files);exit(-1);
+
+        if (count($sqlfiles) != 1) {
+            return $this->error('There should be exactly *one* sql backup file found, found: '.(count($sqlfiles) == 0 ? 'None' : implode(', ', $sqlfiles)));
+        }
+
+        if (strpos($sqlfiles[0], 'db-dumps') === false) {
+            //return $this->error("SQL backup file is missing 'db-dumps' component of full pathname: ".$sqlfiles[0]);
+            //older Snipe-IT installs don't have the db-dumps subdirectory component
+        }
+
+        //how to invoke the restore?
+        $pipes = [];
+
+        $env_vars = getenv();
+        $env_vars['MYSQL_PWD'] = config('database.connections.mysql.password');
+        // TODO notes: we are stealing the dump_binary_path (which *probably* also has your copy of the mysql binary in it. But it might not, so we might need to extend this)
+        //             we unilaterally prepend a slash to the `mysql` command. This might mean your path could look like /blah/blah/blah//mysql - which should be fine. But maybe in some environments it isn't?
+        $mysql_binary = config('database.connections.mysql.dump.dump_binary_path').'/mysql';
+        if( ! file_exists($mysql_binary) ) {
+            return $this->error("mysql tool at: '$mysql_binary' does not exist, cannot restore. Please edit DB_DUMP_PATH in your .env to point to a directory that contains the mysqldump and mysql binary");
+        }
+        $proc_results = proc_open("$mysql_binary -h ".escapeshellarg(config('database.connections.mysql.host')).' -u '.escapeshellarg(config('database.connections.mysql.username')).' '.escapeshellarg(config('database.connections.mysql.database')), // yanked -p since we pass via ENV
+                                  [0 => ['pipe', 'r'], 1 => ['pipe', 'w'], 2 => ['pipe', 'w']],
+                                  $pipes,
+                                  null,
+                                  $env_vars); // this is not super-duper awesome-secure, but definitely more secure than showing it on the CLI, or dropping temporary files with passwords in them.
+        if ($proc_results === false) {
+            return $this->error('Unable to invoke mysql via CLI');
+        }
+
+        stream_set_blocking($pipes[1], false); // use non-blocking reads for stdout
+        stream_set_blocking($pipes[2], false); // use non-blocking reads for stderr
+
+        // $this->info("Stdout says? ".fgets($pipes[1])); //FIXME: I think we might need to set non-blocking mode to use this properly?
+        // $this->info("Stderr says? ".fgets($pipes[2])); //FIXME: ditto, same.
+        // should we read stdout?
+        // fwrite($pipes[0],config("database.connections.mysql.password")."\n"); //this doesn't work :(
+
+        //$sql_contents = fopen($sqlfiles[0], "r"); //NOPE! This isn't a real file yet, silly-billy!
+
+        $sql_stat = $za->statIndex($sqlfile_indices[0]);
+        //$this->info("SQL Stat is: ".print_r($sql_stat,true));
+        $sql_contents = $za->getStream($sql_stat['name']);
+        if ($sql_contents === false) {
+            $stdout = fgets($pipes[1]);
+            $this->info($stdout);
+            $stderr = fgets($pipes[2]);
+            $this->info($stderr);
+
+            return false;
+        }
+        $bytes_read = 0;
+
+        try {
+            while (($buffer = fgets($sql_contents, self::$buffer_size)) !== false) {
+                $bytes_read += strlen($buffer);
+                // \Log::debug("Buffer is: '$buffer'");
+                    $bytes_written = fwrite($pipes[0], $buffer);
+
+                if ($bytes_written === false) {
+                    throw new Exception("Unable to write to pipe");
+                }
+            }
+        } catch (\Exception $e) {
+            \Log::error("Error during restore!!!! ".$e->getMessage());
+            $err_out = fgets($pipes[1]);
+            $err_err = fgets($pipes[2]);
+            \Log::error("Error OUTPUT: ".$err_out);
+            $this->info($err_out);
+            \Log::error("Error ERROR : ".$err_err);
+            $this->error($err_err);
+            throw $e;
+        }
+        
+        if (!feof($sql_contents) || $bytes_read == 0) {
+            return $this->error("Not at end of file for sql file, or zero bytes read. aborting!");
+        }
+    
+        fclose($pipes[0]);
+        fclose($sql_contents);
+        
+        $this->line(stream_get_contents($pipes[1]));
+        fclose($pipes[1]);
+
+        $this->error(stream_get_contents($pipes[2]));
+        fclose($pipes[2]);
+
+        //wait, have to do fclose() on all pipes first?
+        $close_results = proc_close($proc_results);
+        if ($close_results != 0) {
+            return $this->error('There may have been a problem with the database import: Error number '.$close_results);
+        }
+
+        //and now copy the files over too (right?)
+        //FIXME - we don't prune the filesystem space yet!!!!
+        if ($this->option('no-progress')) {
+            $bar = null;
+        } else {
+            $bar = $this->output->createProgressBar(count($interesting_files));
+        }
+        foreach ($interesting_files as $pretty_file_name => $file_details) {
+            $ugly_file_name = $za->statIndex($file_details['index'])['name'];
+            $fp = $za->getStream($ugly_file_name);
+            //$this->info("Weird problem, here are file details? ".print_r($file_details,true));
+            $migrated_file = fopen($file_details['dest'].'/'.basename($pretty_file_name), 'w');
+            while (($buffer = fgets($fp, self::$buffer_size)) !== false) {
+                fwrite($migrated_file, $buffer);
+            }
+            fclose($migrated_file);
+            fclose($fp);
+            //$this->info("Wrote $ugly_file_name to $pretty_file_name");
+            if ($bar) {
+                $bar->advance();
+            }
+        }
+        if ($bar) {
+            $bar->finish();
+            $this->line('');
+        } else {
+            $this->info(count($interesting_files).' files were succesfully transferred');
+        }
+        foreach ($boring_files as $boring_file) {
+            $this->warn($boring_file.' was skipped.');
+        }
+    }
+}

app/Console/Commands/RotateAppKey.php

@@ -2,12 +2,12 @@
 
 namespace App\Console\Commands;
 
-use Illuminate\Console\Command;
-use Artisan;
-use App\Models\CustomField;
 use App\Models\Asset;
+use App\Models\CustomField;
 use App\Models\Setting;
-use \Illuminate\Encryption\Encrypter;
+use Artisan;
+use Illuminate\Console\Command;
+use Illuminate\Encryption\Encrypter;
 
 class RotateAppKey extends Command
 {
@@ -42,9 +42,7 @@ class RotateAppKey extends Command
      */
     public function handle()
     {
-        if ($this->confirm("\n****************************************************\nTHIS WILL MODIFY YOUR APP_KEY AND DE-CRYPT YOUR ENCRYPTED CUSTOM FIELDS AND \nRE-ENCRYPT THEM WITH A NEWLY GENERATED KEY. \n\nThere is NO undo. \n\nMake SURE you have a database backup and a backup of your .env generated BEFORE running this command. \n\nIf you do not save the newly generated APP_KEY to your .env in this process, \nyour encrypted data will no longer be decryptable. \n\nAre you SURE you wish to continue, and have confirmed you have a database backup and an .env backup? "))  {
-
-
+        if ($this->confirm("\n****************************************************\nTHIS WILL MODIFY YOUR APP_KEY AND DE-CRYPT YOUR ENCRYPTED CUSTOM FIELDS AND \nRE-ENCRYPT THEM WITH A NEWLY GENERATED KEY. \n\nThere is NO undo. \n\nMake SURE you have a database backup and a backup of your .env generated BEFORE running this command. \n\nIf you do not save the newly generated APP_KEY to your .env in this process, \nyour encrypted data will no longer be decryptable. \n\nAre you SURE you wish to continue, and have confirmed you have a database backup and an .env backup? ")) {
 
             // Get the existing app_key and ciphers
             // We put them in a variable since we clear the cache partway through here.
@@ -73,33 +71,26 @@ class RotateAppKey extends Command
 
             $fields = CustomField::where('field_encrypted', '1')->get();
 
-
             foreach ($fields as $field) {
-
                 $assets = Asset::whereNotNull($field->db_column)->get();
 
                 foreach ($assets as $asset) {
-
                     $asset->{$field->db_column} = $oldEncrypter->decrypt($asset->{$field->db_column});
-                    $this->line('DECRYPTED: '. $field->db_column);
+                    $this->line('DECRYPTED: '.$field->db_column);
                     $asset->{$field->db_column} = $newEncrypter->encrypt($asset->{$field->db_column});
                     $this->line('ENCRYPTED: '.$field->db_column);
                     $asset->save();
-
                 }
-
             }
 
             // Handle the LDAP password if one is provided
             $setting = Setting::first();
-            if ($setting->ldap_pword!='') {
-                $setting->ldap_pword =  $oldEncrypter->decrypt($setting->ldap_pword);
-                $setting->ldap_pword =  $newEncrypter->encrypt($setting->ldap_pword);
+            if ($setting->ldap_pword != '') {
+                $setting->ldap_pword = $oldEncrypter->decrypt($setting->ldap_pword);
+                $setting->ldap_pword = $newEncrypter->encrypt($setting->ldap_pword);
                 $setting->save();
                 $this->warn('LDAP password has been re-encrypted.');
             }
-
-
         } else {
             $this->info('This operation has been canceled. No changes have been made.');
         }
@@ -113,7 +104,6 @@ class RotateAppKey extends Command
      */
     protected function writeNewEnvironmentFileWith($key)
     {
-
         file_put_contents($this->laravel->environmentFilePath(), preg_replace(
             $this->keyReplacementPattern(),
             'APP_KEY='.$key,
@@ -129,7 +119,7 @@ class RotateAppKey extends Command
     protected function keyReplacementPattern()
     {
         $escaped = preg_quote('='.$this->laravel['config']['app.key'], '/');
+
         return "/^APP_KEY{$escaped}/m";
     }
-
 }

app/Console/Commands/SendCurrentInventoryToUsers.php

@@ -39,22 +39,16 @@ class SendCurrentInventoryToUsers extends Command
      */
     public function handle()
     {
-
         $users = User::whereNull('deleted_at')->whereNotNull('email')->with('assets', 'accessories', 'licenses')->get();
 
         $count = 0;
         foreach ($users as $user) {
-
-            if (($user->assets->count() > 0) || ($user->accessories->count() > 0) || ($user->licenses->count() > 0))
-            {
+            if (($user->assets->count() > 0) || ($user->accessories->count() > 0) || ($user->licenses->count() > 0)) {
                 $count++;
                 $user->notify((new CurrentInventory($user)));
             }
-
         }
 
         $this->info($count.' users notified.');
-
-
     }
 }

app/Console/Commands/SendExpectedCheckinAlerts.php

@@ -3,6 +3,7 @@
 namespace App\Console\Commands;
 
 use App\Models\Asset;
+use App\Models\Recipients\AlertRecipient;
 use App\Models\Setting;
 use App\Notifications\ExpectedCheckinAdminNotification;
 use App\Notifications\ExpectedCheckinNotification;
@@ -40,12 +41,12 @@ class SendExpectedCheckinAlerts extends Command
      */
     public function handle()
     {
-        $settings   = Setting::getSettings();
+        $settings = Setting::getSettings();
         $whenNotify = Carbon::now()->addDays(7);
-        $assets     = Asset::with('assignedTo')->whereNotNull('assigned_to')->whereNotNull('expected_checkin')->where('expected_checkin', '<=', $whenNotify)->get();
+        $assets = Asset::with('assignedTo')->whereNotNull('assigned_to')->whereNotNull('expected_checkin')->where('expected_checkin', '<=', $whenNotify)->get();
 
-        $this->info($whenNotify . ' is deadline');
-        $this->info($assets->count() . ' assets');
+        $this->info($whenNotify.' is deadline');
+        $this->info($assets->count().' assets');
 
         foreach ($assets as $asset) {
             if ($asset->assigned && $asset->checkedOutToUser()) {

app/Console/Commands/SendExpirationAlerts.php

@@ -41,7 +41,7 @@ class SendExpirationAlerts extends Command
      */
     public function handle()
     {
-        $settings  = Setting::getSettings();
+        $settings = Setting::getSettings();
         $threshold = $settings->alert_interval;
 
         if (($settings->alert_email != '') && ($settings->alerts_enabled == 1)) {

app/Console/Commands/SendUpcomingAuditReport.php

@@ -4,13 +4,13 @@ namespace App\Console\Commands;
 
 use App\Models\Asset;
 use App\Models\License;
+use App\Models\Recipients;
 use App\Models\Setting;
 use App\Notifications\ExpiringAssetsNotification;
-use App\Models\Recipients;
-use DB;
-use Illuminate\Console\Command;
 use App\Notifications\SendUpcomingAuditNotification;
 use Carbon\Carbon;
+use DB;
+use Illuminate\Console\Command;
 
 class SendUpcomingAuditReport extends Command
 {
@@ -54,7 +54,6 @@ class SendUpcomingAuditReport extends Command
                 return new \App\Models\Recipients\AlertRecipient($item);
             });
 
-
             // Assets due for auditing
 
             $assets = Asset::whereNotNull('next_audit_date')
@@ -62,7 +61,6 @@ class SendUpcomingAuditReport extends Command
                     ->orderBy('last_audit_date', 'asc')->get();
 
             if ($assets->count() > 0) {
-
                 $this->info(trans_choice('mail.upcoming-audits', $assets->count(),
                     ['count' => $assets->count(), 'threshold' => $settings->audit_warning_days]));
                 \Notification::send($recipients, new SendUpcomingAuditNotification($assets, $settings->audit_warning_days));
@@ -70,14 +68,11 @@ class SendUpcomingAuditReport extends Command
             } else {
                 $this->info('No assets to be audited. No report sent.');
             }
-
-
-
-        } elseif ($settings->alert_email=='') {
+        } elseif ($settings->alert_email == '') {
             $this->error('Could not send email. No alert email configured in settings');
-        } elseif (!$settings->audit_warning_days) {
+        } elseif (! $settings->audit_warning_days) {
             $this->error('No audit warning days set in Admin Notifications. No mail will be sent.');
-        } elseif ($settings->alerts_enabled!=1) {
+        } elseif ($settings->alerts_enabled != 1) {
             $this->info('Alerts are disabled in the settings. No mail will be sent');
         } else {
             $this->error('Something went wrong. :( ');
@@ -85,7 +80,5 @@ class SendUpcomingAuditReport extends Command
             $this->error('Admin Audit Warning Setting: '.$settings->audit_warning_days);
             $this->error('Admin Alerts Emnabled: '.$settings->alerts_enabled);
         }
-
-
     }
 }

app/Console/Commands/SyncAssetCounters.php

@@ -45,14 +45,14 @@ class SyncAssetCounters extends Command
         if ($assets) {
             if ($assets->count() > 0) {
                 $bar = $this->output->createProgressBar($assets->count());
-                
+
                 foreach ($assets as $asset) {
                     $asset->checkin_counter = (int) $asset->checkins_count;
                     $asset->checkout_counter = (int) $asset->checkouts_count;
                     $asset->requests_counter = (int) $asset->user_requests_count;
                     $asset->unsetEventDispatcher();
                     $asset->save();
-                    $output['info'][] = 'Asset: ' . $asset->id . ' has ' . $asset->checkin_counter . ' checkins, ' . $asset->checkout_counter . ' checkouts, and ' . $asset->requests_counter . ' requests';
+                    $output['info'][] = 'Asset: '.$asset->id.' has '.$asset->checkin_counter.' checkins, '.$asset->checkout_counter.' checkouts, and '.$asset->requests_counter.' requests';
                     $bar->advance();
                 }
                 $bar->finish();
@@ -62,15 +62,10 @@ class SyncAssetCounters extends Command
                 }
 
                 $time_elapsed_secs = microtime(true) - $start;
-                $this->info('Sync executed in ' . $time_elapsed_secs . ' seconds');
-
+                $this->info('Sync executed in '.$time_elapsed_secs.' seconds');
             } else {
                 $this->info('No assets to sync');
             }
-
         }
-
-
-
     }
 }

app/Console/Commands/SyncAssetLocations.php

@@ -38,7 +38,6 @@ class SyncAssetLocations extends Command
      */
     public function handle()
     {
-
         $output['info'] = [];
         $output['warn'] = [];
         $output['error'] = [];
@@ -51,96 +50,89 @@ class SyncAssetLocations extends Command
         $output['info'][] = 'There are '.$rtd_assets->count().' unassigned assets.';
 
         foreach ($rtd_assets as $rtd_asset) {
-             $output['info'][] = 'Setting Unassigned Asset ' . $rtd_asset->id . ' ('.$rtd_asset->asset_tag.') to  location: ' . $rtd_asset->rtd_location_id . " because their default location is: " . $rtd_asset->rtd_location_id;
-            $rtd_asset->location_id=$rtd_asset->rtd_location_id;
+            $output['info'][] = 'Setting Unassigned Asset '.$rtd_asset->id.' ('.$rtd_asset->asset_tag.') to  location: '.$rtd_asset->rtd_location_id.' because their default location is: '.$rtd_asset->rtd_location_id;
+            $rtd_asset->location_id = $rtd_asset->rtd_location_id;
             $rtd_asset->unsetEventDispatcher();
             $rtd_asset->save();
             $bar->advance();
         }
 
-        $assigned_user_assets = Asset::where('assigned_type','App\Models\User')->whereNotNull('assigned_to')->whereNull('deleted_at')->get();
+        $assigned_user_assets = Asset::where('assigned_type', \App\Models\User::class)->whereNotNull('assigned_to')->whereNull('deleted_at')->get();
         $output['info'][] = 'There are '.$assigned_user_assets->count().' assets checked out to users.';
         foreach ($assigned_user_assets as $assigned_user_asset) {
             if (($assigned_user_asset->assignedTo) && ($assigned_user_asset->assignedTo->userLoc)) {
                 $new_location = $assigned_user_asset->assignedTo->userLoc->id;
-                $output['info'][] ='Setting User Asset ' . $assigned_user_asset->id . ' ('.$assigned_user_asset->asset_tag.') to  ' . $assigned_user_asset->assignedTo->userLoc->name . ' which is id: ' . $new_location;
+                $output['info'][] = 'Setting User Asset '.$assigned_user_asset->id.' ('.$assigned_user_asset->asset_tag.') to  '.$assigned_user_asset->assignedTo->userLoc->name.' which is id: '.$new_location;
             } else {
-                $output['warn'][] ='Asset ' . $assigned_user_asset->id . ' ('.$assigned_user_asset->asset_tag.') still has no location! ';
+                $output['warn'][] = 'Asset '.$assigned_user_asset->id.' ('.$assigned_user_asset->asset_tag.') still has no location! ';
                 $new_location = $assigned_user_asset->rtd_location_id;
             }
-            $assigned_user_asset->location_id=$new_location;
+            $assigned_user_asset->location_id = $new_location;
             $assigned_user_asset->unsetEventDispatcher();
             $assigned_user_asset->save();
             $bar->advance();
-
         }
 
-        $assigned_location_assets = Asset::where('assigned_type','App\Models\Location')
+        $assigned_location_assets = Asset::where('assigned_type', \App\Models\Location::class)
             ->whereNotNull('assigned_to')->whereNull('deleted_at')->get();
         $output['info'][] = 'There are '.$assigned_location_assets->count().' assets checked out to locations.';
 
         foreach ($assigned_location_assets as $assigned_location_asset) {
             if ($assigned_location_asset->assignedTo) {
                 $assigned_location_asset->location_id = $assigned_location_asset->assignedTo->id;
-                $output['info'][] ='Setting Location Assigned  asset ' . $assigned_location_asset->id . ' ('.$assigned_location_asset->asset_tag.') that is checked out to '.$assigned_location_asset->assignedTo->name.' (#'.$assigned_location_asset->assignedTo->id.') to location: ' . $assigned_location_asset->assetLoc()->id;
+                $output['info'][] = 'Setting Location Assigned  asset '.$assigned_location_asset->id.' ('.$assigned_location_asset->asset_tag.') that is checked out to '.$assigned_location_asset->assignedTo->name.' (#'.$assigned_location_asset->assignedTo->id.') to location: '.$assigned_location_asset->assetLoc()->id;
                 $assigned_location_asset->unsetEventDispatcher();
                 $assigned_location_asset->save();
             } else {
-                $output['warn'][] ='Asset ' . $assigned_location_asset->id . ' ('.$assigned_location_asset->asset_tag.') did not return a valid associated location - perhaps it was deleted?';
+                $output['warn'][] = 'Asset '.$assigned_location_asset->id.' ('.$assigned_location_asset->asset_tag.') did not return a valid associated location - perhaps it was deleted?';
             }
             $bar->advance();
-
         }
 
-
         // Assigned to assets
-        $assigned_asset_assets = Asset::where('assigned_type','App\Models\Asset')
+        $assigned_asset_assets = Asset::where('assigned_type', \App\Models\Asset::class)
             ->whereNotNull('assigned_to')->whereNull('deleted_at')->get();
-            $output['info'][] ='Asset-assigned assets: '.$assigned_asset_assets->count();
+        $output['info'][] = 'Asset-assigned assets: '.$assigned_asset_assets->count();
 
-            foreach ($assigned_asset_assets as $assigned_asset_asset) {
+        foreach ($assigned_asset_assets as $assigned_asset_asset) {
 
                 // Check to make sure there aren't any invalid relationships
-                if ($assigned_asset_asset->assetLoc()) {
-                    $assigned_asset_asset->location_id = $assigned_asset_asset->assetLoc()->id;
-                    $output['info'][] ='Setting Asset Assigned asset ' . $assigned_asset_asset->assetLoc()->id. ' ('.$assigned_asset_asset->asset_tag.') location to: ' . $assigned_asset_asset->assetLoc()->id;
-                    $assigned_asset_asset->unsetEventDispatcher();
-                    $assigned_asset_asset->save();
-                } else {
-                    $output['warn'][] ='Asset Assigned asset ' . $assigned_asset_asset->id. ' ('.$assigned_asset_asset->asset_tag.') does not seem to have a valid location';
-                }
-
-                $bar->advance();
-
+            if ($assigned_asset_asset->assetLoc()) {
+                $assigned_asset_asset->location_id = $assigned_asset_asset->assetLoc()->id;
+                $output['info'][] = 'Setting Asset Assigned asset '.$assigned_asset_asset->assetLoc()->id.' ('.$assigned_asset_asset->asset_tag.') location to: '.$assigned_asset_asset->assetLoc()->id;
+                $assigned_asset_asset->unsetEventDispatcher();
+                $assigned_asset_asset->save();
+            } else {
+                $output['warn'][] = 'Asset Assigned asset '.$assigned_asset_asset->id.' ('.$assigned_asset_asset->asset_tag.') does not seem to have a valid location';
             }
 
-        $unlocated_assets = Asset::whereNull("location_id")->whereNull('deleted_at')->get();
-        $output['info'][] ='Assets still without a location: '.$unlocated_assets->count();
-        foreach($unlocated_assets as $unlocated_asset) {
-            $output['warn'][] ='Asset: '.$unlocated_asset->id.' still has no location. ';
+            $bar->advance();
+        }
+
+        $unlocated_assets = Asset::whereNull('location_id')->whereNull('deleted_at')->get();
+        $output['info'][] = 'Assets still without a location: '.$unlocated_assets->count();
+        foreach ($unlocated_assets as $unlocated_asset) {
+            $output['warn'][] = 'Asset: '.$unlocated_asset->id.' still has no location. ';
             $bar->advance();
         }
 
         $bar->finish();
         $this->info("\n");
 
-
-        if (($this->option('output')=='all') || ($this->option('output')=='info')) {
+        if (($this->option('output') == 'all') || ($this->option('output') == 'info')) {
             foreach ($output['info'] as $key => $output_text) {
                 $this->info($output_text);
             }
         }
-        if (($this->option('output')=='all') || ($this->option('output')=='warn')) {
+        if (($this->option('output') == 'all') || ($this->option('output') == 'warn')) {
             foreach ($output['warn'] as $key => $output_text) {
                 $this->warn($output_text);
             }
         }
-        if (($this->option('output')=='all') || ($this->option('output')=='error')) {
+        if (($this->option('output') == 'all') || ($this->option('output') == 'error')) {
             foreach ($output['error'] as $key => $output_text) {
                 $this->error($output_text);
             }
         }
-
-
     }
 }

app/Console/Commands/SystemBackup.php

@@ -6,7 +6,6 @@ use Illuminate\Console\Command;
 
 class SystemBackup extends Command
 {
-
     /**
      * The console command name.
      *
@@ -40,6 +39,5 @@ class SystemBackup extends Command
     {
         //
         $this->call('backup:run');
-
     }
 }

app/Console/Commands/Version.php

@@ -37,7 +37,6 @@ class Version extends Command
      */
     public function handle()
     {
-
         $use_branch = $this->option('branch');
         $use_type = $this->option('type');
         $git_branch = trim(shell_exec('git rev-parse --abbrev-ref HEAD'));
@@ -54,72 +53,66 @@ class Version extends Command
         $this->line('Type is: '.$use_type);
         $this->line('Current version is: '.$full_hash_version);
 
-        if (count($version)==3) {
+        if (count($version) == 3) {
             $this->line('This does not look like an alpha/beta release.');
         } else {
-            if (array_key_exists('3',$version)) {
+            if (array_key_exists('3', $version)) {
                 $this->line('The current version looks like a beta release.');
                 $prerelease_version = $version[1];
                 $hash_version = $version[3];
             }
         }
 
-
         $app_version_raw = explode('.', $app_version);
 
         $maj = str_replace('v', '', $app_version_raw[0]);
         $min = $app_version_raw[1];
         $patch = '';
 
-
-
         // This is a major release that might not have a third .0
         if (array_key_exists(2, $app_version_raw)) {
             $patch = $app_version_raw[2];
         }
 
-        if ($use_type=='major') {
-            $app_version = "v".($maj + 1).".$min.$patch";
-        } elseif ($use_type=='minor') {
-            $app_version = "v"."$maj.".($min + 1).".$patch";
-        } elseif ($use_type=='pre') {
-            $pre_raw = str_replace('beta','', $prerelease_version);
-            $pre_raw = str_replace('alpha','', $pre_raw);
-            $pre_raw = str_ireplace('rc','', $pre_raw);
+        if ($use_type == 'major') {
+            $app_version = 'v'.($maj + 1).".$min.$patch";
+        } elseif ($use_type == 'minor') {
+            $app_version = 'v'."$maj.".($min + 1).".$patch";
+        } elseif ($use_type == 'pre') {
+            $pre_raw = str_replace('beta', '', $prerelease_version);
+            $pre_raw = str_replace('alpha', '', $pre_raw);
+            $pre_raw = str_ireplace('rc', '', $pre_raw);
             $pre_raw = $pre_raw++;
-            $this->line('Setting the pre-release to '. $prerelease_version.'-'.$pre_raw);
-            $app_version = "v"."$maj.".($min + 1).".$patch";
-        } elseif ($use_type=='patch') {
-            $app_version = "v" . "$maj.$min." . ($patch + 1);
+            $this->line('Setting the pre-release to '.$prerelease_version.'-'.$pre_raw);
+            $app_version = 'v'."$maj.".($min + 1).".$patch";
+        } elseif ($use_type == 'patch') {
+            $app_version = 'v'."$maj.$min.".($patch + 1);
         // If nothing is passed, leave the version as it is, just increment the build
         } else {
-            $app_version = "v" . "$maj.$min." . $patch;
+            $app_version = 'v'."$maj.$min.".$patch;
         }
 
         // Determine if this tag already exists, or if this prior to a release
         $this->line('Running: git rev-parse master '.$current_app_version);
         // $pre_release = trim(shell_exec('git rev-parse '.$use_branch.' '.$current_app_version.' 2>&1 1> /dev/null'));
 
-        if ($use_branch=='develop') {
+        if ($use_branch == 'develop') {
             $app_version = $app_version.'-pre';
         }
 
         $full_app_version = $app_version.' - build '.$build_version.'-'.$hash_version;
 
-
         $array = var_export(
-            array(
+            [
                 'app_version' => $app_version,
                 'full_app_version' => $full_app_version,
                 'build_version' => $build_version,
                 'prerelease_version' => $prerelease_version,
                 'hash_version' => $hash_version,
                 'full_hash' => $full_hash_version,
-                'branch' => $git_branch),
+                'branch' => $git_branch, ],
             true
         );
-        
-
 
         // Construct our file content
         $content = <<<CON
@@ -129,7 +122,6 @@ CON;
 
         // And finally write the file and output the current version
         \File::put($versionFile, $content);
-        $this->info('Setting NEW version: '. $full_app_version.' ('.$git_branch.')');
+        $this->info('Setting NEW version: '.$full_app_version.' ('.$git_branch.')');
     }
-
 }

app/Console/Kernel.php

@@ -10,7 +10,6 @@ use Illuminate\Foundation\Console\Kernel as ConsoleKernel;
 
 class Kernel extends ConsoleKernel
 {
-
     /**
      * Define the application's command schedule.
      *

app/Events/CheckoutAccepted.php

@@ -18,6 +18,6 @@ class CheckoutAccepted
      */
     public function __construct(CheckoutAcceptance $acceptance)
     {
-        $this->acceptance       = $acceptance;
+        $this->acceptance = $acceptance;
     }
 }

app/Events/CheckoutDeclined.php

@@ -10,7 +10,7 @@ use Illuminate\Queue\SerializesModels;
 class CheckoutDeclined
 {
     use Dispatchable, SerializesModels;
-    
+
     /**
      * Create a new event instance.
      *
@@ -18,6 +18,6 @@ class CheckoutDeclined
      */
     public function __construct(CheckoutAcceptance $acceptance)
     {
-        $this->acceptance       = $acceptance;
+        $this->acceptance = $acceptance;
     }
 }

app/Events/CheckoutableCheckedIn.php

@@ -25,8 +25,8 @@ class CheckoutableCheckedIn
     {
         $this->checkoutable = $checkoutable;
         $this->checkedOutTo = $checkedOutTo;
-        $this->checkedInBy  = $checkedInBy;
-        $this->note         = $note;
-        $this->action_date  = $action_date ?? date('Y-m-d');
+        $this->checkedInBy = $checkedInBy;
+        $this->note = $note;
+        $this->action_date = $action_date ?? date('Y-m-d');
     }
 }

app/Events/CheckoutableCheckedOut.php

@@ -25,6 +25,6 @@ class CheckoutableCheckedOut
         $this->checkoutable = $checkoutable;
         $this->checkedOutTo = $checkedOutTo;
         $this->checkedOutBy = $checkedOutBy;
-        $this->note         = $note;
+        $this->note = $note;
     }
 }

app/Exceptions/CheckoutNotAllowed.php

@@ -6,17 +6,17 @@ use Exception;
 
 class CheckoutNotAllowed extends Exception
 {
-
     private $errorMessage;
 
-    function __construct($errorMessage = null)
+    public function __construct($errorMessage = null)
     {
         $this->errorMessage = $errorMessage;
 
         parent::__construct($errorMessage);
     }
+
     public function __toString()
     {
-       return is_null($this->errorMessage) ? "A checkout is not allowed under these circumstances" : $this->errorMessage;
+        return is_null($this->errorMessage) ? 'A checkout is not allowed under these circumstances' : $this->errorMessage;
     }
 }

app/Exceptions/Handler.php

@@ -2,18 +2,19 @@
 
 namespace App\Exceptions;
 
-use Exception;
-use Illuminate\Auth\AuthenticationException;
 use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
 use App\Helpers\Helper;
 use Illuminate\Validation\ValidationException;
+use Illuminate\Auth\AuthenticationException;
 use Log;
+use Throwable;
+use JsonException;
 
 
 class Handler extends ExceptionHandler
 {
     /**
-     * A list of the exception types that should not be reported.
+     * A list of the exception types that are not reported.
      *
      * @var array
      */
@@ -25,6 +26,8 @@ class Handler extends ExceptionHandler
         \Illuminate\Session\TokenMismatchException::class,
         \Illuminate\Validation\ValidationException::class,
         \Intervention\Image\Exception\NotSupportedException::class,
+        \League\OAuth2\Server\Exception\OAuthServerException::class,
+        JsonException::class,
     ];
 
     /**
@@ -32,25 +35,25 @@ class Handler extends ExceptionHandler
      *
      * This is a great spot to send exceptions to Sentry, Bugsnag, etc.
      *
-     * @param  \Exception  $exception
+     * @param  \Throwable  $exception
      * @return void
      */
-    public function report(Exception $exception)
+    public function report(Throwable $exception)
     {
         if ($this->shouldReport($exception)) {
-            Log::error($exception);
+            \Log::error($exception);
             return parent::report($exception);
         }
     }
 
     /**
      * Render an exception into an HTTP response.
-     *
+     * 
      * @param  \Illuminate\Http\Request  $request
      * @param  \Exception  $e
      * @return \Illuminate\Http\Response
      */
-    public function render($request, Exception $e)
+    public function render($request, Throwable $e)
     {
 
 
@@ -59,6 +62,12 @@ class Handler extends ExceptionHandler
             return redirect()->back()->with('error', trans('general.token_expired'));
         }
 
+        // Invalid JSON exception
+        // TODO: don't understand why we have to do this when we have the invalidJson() method, below, but, well, whatever
+        if ($e instanceof JsonException) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'invalid JSON'), 422);
+        }
+
 
         // Handle Ajax requests that fail because the model doesn't exist
         if ($request->ajax() || $request->wantsJson()) {
@@ -75,10 +84,12 @@ class Handler extends ExceptionHandler
                 switch ($e->getStatusCode()) {
                     case '404':
                        return response()->json(Helper::formatStandardApiResponse('error', null, $statusCode . ' endpoint not found'), 404);
-                    case '405':
+                    case '429':
+                        return response()->json(Helper::formatStandardApiResponse('error', null, 'Too many requests'), 429);
+                     case '405':
                         return response()->json(Helper::formatStandardApiResponse('error', null, 'Method not allowed'), 405);
                     default:
-                        return response()->json(Helper::formatStandardApiResponse('error', null, $statusCode), 405);
+                        return response()->json(Helper::formatStandardApiResponse('error', null, $statusCode), $statusCode);
 
                 }
             }
@@ -95,7 +106,7 @@ class Handler extends ExceptionHandler
 
     }
 
-    /**
+ /**
      * Convert an authentication exception into an unauthenticated response.
      *
      * @param  \Illuminate\Http\Request  $request
@@ -105,21 +116,33 @@ class Handler extends ExceptionHandler
     protected function unauthenticated($request, AuthenticationException $exception)
     {
         if ($request->expectsJson()) {
-            return response()->json(['error' => 'Unauthorized.'], 401);
+            return response()->json(['error' => 'Unauthorized or unauthenticated.'], 401);
         }
 
         return redirect()->guest('login');
     }
 
-    /**
-     * Convert a validation exception into a JSON response.
+
+    /** 
+     * A list of the inputs that are never flashed for validation exceptions.
      *
-     * @param  \Illuminate\Http\Request  $request
-     * @param  \Illuminate\Validation\ValidationException  $exception
-     * @return \Illuminate\Http\JsonResponse
+     * @var array
      */
-    protected function invalidJson($request, ValidationException $exception)
+    protected $dontFlash = [
+        'current_password',
+        'password',
+        'password_confirmation',
+    ];
+
+    /**
+     * Register the exception handling callbacks for the application.
+     *
+     * @return void
+     */
+    public function register()
     {
-        return response()->json(Helper::formatStandardApiResponse('error', null, $exception->errors(), 400));
+        $this->reportable(function (Throwable $e) {
+            //
+        });
     }
-}
+}

app/Helpers/StorageHelper.php

@@ -0,0 +1,25 @@
+<?php
+
+namespace App\Helpers;
+
+use Illuminate\Support\Facades\Storage;
+
+class StorageHelper
+{
+    public static function downloader($filename, $disk = 'default')
+    {
+        if ($disk == 'default') {
+            $disk = config('filesystems.default');
+        }
+        switch (config("filesystems.disks.$disk.driver")) {
+            case 'local':
+                return response()->download(Storage::disk($disk)->path($filename)); //works for PRIVATE or public?!
+
+            case 's3':
+                return redirect()->away(Storage::disk($disk)->temporaryUrl($filename, now()->addMinutes(5))); //works for private or public, I guess?
+
+            default:
+                return Storage::disk($disk)->download($filename);
+        }
+    }
+}

app/Http/Controllers/Accessories/AccessoriesController.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace App\Http\Controllers\Accessories;
 
 use App\Helpers\Helper;
@@ -8,6 +9,7 @@ use App\Models\Accessory;
 use App\Models\Company;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Facades\Validator;
 use Redirect;
 
 /** This controller handles all actions related to Accessories for
@@ -30,10 +32,10 @@ class AccessoriesController extends Controller
     public function index()
     {
         $this->authorize('index', Accessory::class);
+
         return view('accessories/index');
     }
 
-
     /**
      * Returns a view with a form to create a new Accessory.
      *
@@ -45,11 +47,11 @@ class AccessoriesController extends Controller
     {
         $this->authorize('create', Accessory::class);
         $category_type = 'accessory';
+
         return view('accessories/edit')->with('category_type', $category_type)
           ->with('item', new Accessory);
     }
 
-
     /**
      * Validate and save new Accessory from form post
      *
@@ -74,18 +76,21 @@ class AccessoriesController extends Controller
         $accessory->manufacturer_id         = request('manufacturer_id');
         $accessory->model_number            = request('model_number');
         $accessory->purchase_date           = request('purchase_date');
-        $accessory->purchase_cost           = Helper::ParseFloat(request('purchase_cost'));
+        $accessory->purchase_cost           = Helper::ParseCurrency(request('purchase_cost'));
         $accessory->qty                     = request('qty');
         $accessory->user_id                 = Auth::user()->id;
         $accessory->supplier_id             = request('supplier_id');
+        $accessory->notes                   = request('notes');
+
 
         $accessory = $request->handleImages($accessory);
-        
+
         // Was the accessory created?
         if ($accessory->save()) {
             // Redirect to the new accessory  page
             return redirect()->route('accessories.index')->with('success', trans('admin/accessories/message.create.success'));
         }
+
         return redirect()->back()->withInput()->withErrors($accessory->getErrors());
     }
 
@@ -102,6 +107,7 @@ class AccessoriesController extends Controller
 
         if ($item = Accessory::find($accessoryId)) {
             $this->authorize($item);
+
             return view('accessories/edit', compact('item'))->with('category_type', 'accessory');
         }
 
@@ -125,6 +131,17 @@ class AccessoriesController extends Controller
             return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.does_not_exist'));
         }
 
+        $min = $accessory->numCheckedOut();
+        $validator = Validator::make($request->all(), [
+            "qty" => "required|numeric|min:$min"
+        ]);
+
+        if ($validator->fails()) {
+            return redirect()->back()
+                ->withErrors($validator)
+                ->withInput();
+        }
+
         $this->authorize($accessory);
 
         // Update the accessory data
@@ -137,9 +154,10 @@ class AccessoriesController extends Controller
         $accessory->order_number            = request('order_number');
         $accessory->model_number            = request('model_number');
         $accessory->purchase_date           = request('purchase_date');
-        $accessory->purchase_cost           = request('purchase_cost');
+        $accessory->purchase_cost           = Helper::ParseCurrency(request('purchase_cost'));
         $accessory->qty                     = request('qty');
         $accessory->supplier_id             = request('supplier_id');
+        $accessory->notes                   = request('notes');
 
         $accessory = $request->handleImages($accessory);
 
@@ -147,6 +165,7 @@ class AccessoriesController extends Controller
         if ($accessory->save()) {
             return redirect()->route('accessories.index')->with('success', trans('admin/accessories/message.update.success'));
         }
+
         return redirect()->back()->withInput()->withErrors($accessory->getErrors());
     }
 
@@ -168,11 +187,11 @@ class AccessoriesController extends Controller
 
 
         if ($accessory->hasUsers() > 0) {
-             return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.assoc_users', array('count'=> $accessory->hasUsers())));
+            return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.assoc_users', ['count'=> $accessory->hasUsers()]));
         }
 
         if ($accessory->image) {
-            try  {
+            try {
                 Storage::disk('public')->delete('accessories'.'/'.$accessory->image);
             } catch (\Exception $e) {
                 \Log::debug($e);
@@ -180,6 +199,7 @@ class AccessoriesController extends Controller
         }
 
         $accessory->delete();
+
         return redirect()->route('accessories.index')->with('success', trans('admin/accessories/message.delete.success'));
     }
 
@@ -202,6 +222,7 @@ class AccessoriesController extends Controller
         if (isset($accessory->id)) {
             return view('accessories/view', compact('accessory'));
         }
+
         return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.does_not_exist', ['id' => $accessoryID]));
     }
 }

app/Http/Controllers/Accessories/AccessoryCheckinController.php

@@ -17,7 +17,7 @@ class AccessoryCheckinController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param Request $request
-     * @param integer $accessoryUserId
+     * @param int $accessoryUserId
      * @param string $backto
      * @return View
      * @internal param int $accessoryId
@@ -33,6 +33,7 @@ class AccessoryCheckinController extends Controller
 
         $accessory = Accessory::find($accessory_user->accessory_id);
         $this->authorize('checkin', $accessory);
+
         return view('accessories/checkin', compact('accessory'))->with('backto', $backto);
     }
 
@@ -49,7 +50,7 @@ class AccessoryCheckinController extends Controller
      */
     public function store(Request $request, $accessoryUserId = null, $backto = null)
     {
-      // Check if the accessory exists
+        // Check if the accessory exists
         if (is_null($accessory_user = DB::table('accessories_users')->find($accessoryUserId))) {
             // Redirect to the accessory management page with error
             return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.does_not_exist'));
@@ -60,7 +61,7 @@ class AccessoryCheckinController extends Controller
         $this->authorize('checkin', $accessory);
 
         $checkin_at = date('Y-m-d');
-        if($request->filled('checkin_at')){
+        if ($request->filled('checkin_at')) {
             $checkin_at = $request->input('checkin_at');
         }
 
@@ -70,7 +71,7 @@ class AccessoryCheckinController extends Controller
 
             event(new CheckoutableCheckedIn($accessory, User::find($return_to), Auth::user(), $request->input('note'), $checkin_at));
 
-            return redirect()->route("accessories.show", $accessory->id)->with('success', trans('admin/accessories/message.checkin.success'));
+            return redirect()->route('accessories.show', $accessory->id)->with('success', trans('admin/accessories/message.checkin.success'));
         }
         // Redirect to the accessory management page with error
         return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.checkin.error'));

app/Http/Controllers/Accessories/AccessoryCheckoutController.php

@@ -14,7 +14,6 @@ use Illuminate\Support\Facades\Input;
 
 class AccessoryCheckoutController extends Controller
 {
-
     /**
      * Return the form to checkout an Accessory to a user.
      *
@@ -32,7 +31,6 @@ class AccessoryCheckoutController extends Controller
         }
 
         if ($accessory->category) {
-
             $this->authorize('checkout', $accessory);
 
             // Get the dropdown of users and then pass it to the checkout view
@@ -56,7 +54,7 @@ class AccessoryCheckoutController extends Controller
      */
     public function store(Request $request, $accessoryId)
     {
-      // Check if the accessory exists
+        // Check if the accessory exists
         if (is_null($accessory = Accessory::find($accessoryId))) {
             // Redirect to the accessory management page with error
             return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.user_not_found'));
@@ -64,11 +62,11 @@ class AccessoryCheckoutController extends Controller
 
         $this->authorize('checkout', $accessory);
 
-        if (!$user = User::find($request->input('assigned_to'))) {
+        if (! $user = User::find($request->input('assigned_to'))) {
             return redirect()->route('checkout/accessory', $accessory->id)->with('error', trans('admin/accessories/message.checkout.user_does_not_exist'));
         }
 
-      // Update the accessory data
+        // Update the accessory data
         $accessory->assigned_to = e($request->input('assigned_to'));
 
         $accessory->users()->attach($accessory->id, [
@@ -76,14 +74,14 @@ class AccessoryCheckoutController extends Controller
             'created_at' => Carbon::now(),
             'user_id' => Auth::id(),
             'assigned_to' => $request->get('assigned_to'),
-            'note' => $request->input('note')
+            'note' => $request->input('note'),
         ]);
 
         DB::table('accessories_users')->where('assigned_to', '=', $accessory->assigned_to)->where('accessory_id', '=', $accessory->id)->first();
 
         event(new CheckoutableCheckedOut($accessory, $user, Auth::user(), $request->input('note')));
 
-      // Redirect to the new accessory page
+        // Redirect to the new accessory page
         return redirect()->route('accessories.index')->with('success', trans('admin/accessories/message.checkout.success'));
     }
 }

app/Http/Controllers/Account/AcceptanceController.php

@@ -1,4 +1,5 @@
-<?php 
+<?php
+
 namespace App\Http\Controllers\Account;
 
 use App\Events\CheckoutAccepted;
@@ -6,22 +7,32 @@ use App\Events\CheckoutDeclined;
 use App\Events\ItemAccepted;
 use App\Events\ItemDeclined;
 use App\Http\Controllers\Controller;
+use App\Models\Actionlog;
+use App\Models\Asset;
 use App\Models\CheckoutAcceptance;
 use App\Models\Company;
 use App\Models\Contracts\Acceptable;
+use App\Models\User;
+use App\Models\AssetModel;
+use App\Models\Accessory;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Storage;
 use Illuminate\Support\Str;
+use App\Http\Controllers\SettingsController;
+use Barryvdh\DomPDF\Facade\Pdf;
+use Carbon\Carbon;
 
-class AcceptanceController extends Controller {
-	
+class AcceptanceController extends Controller
+{
     /**
      * Show a listing of pending checkout acceptances for the current user
-     * 
+     *
      * @return View
      */
-    public function index() {
+    public function index()
+    {
         $acceptances = CheckoutAcceptance::forUser(Auth::user())->pending()->get();
 
         return view('account/accept.index', compact('acceptances'));
@@ -29,42 +40,43 @@ class AcceptanceController extends Controller {
 
     /**
      * Shows a form to either accept or decline the checkout acceptance
-     * 
+     *
      * @param  int  $id
      * @return mixed
      */
-	public function create($id) {
-
+    public function create($id)
+    {
         $acceptance = CheckoutAcceptance::find($id);
 
+
         if (is_null($acceptance)) {
             return redirect()->route('account.accept')->with('error', trans('admin/hardware/message.does_not_exist'));
         }
 
         if (! $acceptance->isPending()) {
             return redirect()->route('account.accept')->with('error', trans('admin/users/message.error.asset_already_accepted'));
-        }        
+        }
 
         if (! $acceptance->isCheckedOutTo(Auth::user())) {
             return redirect()->route('account.accept')->with('error', trans('admin/users/message.error.incorrect_user_accepted'));
         }
 
-        if (!Company::isCurrentUserHasAccess($acceptance->checkoutable)) {
+        if (! Company::isCurrentUserHasAccess($acceptance->checkoutable)) {
             return redirect()->route('account.accept')->with('error', trans('general.insufficient_permissions'));
-        }        
+        }
 
         return view('account/accept.create', compact('acceptance'));
-	}
+    }
 
     /**
      * Stores the accept/decline of the checkout acceptance
-     * 
+     *
      * @param  Request $request
      * @param  int  $id
      * @return Redirect
      */
-    public function store(Request $request, $id) {
-        
+    public function store(Request $request, $id)
+    {
         $acceptance = CheckoutAcceptance::find($id);
 
         if (is_null($acceptance)) {
@@ -73,55 +85,113 @@ class AcceptanceController extends Controller {
 
         if (! $acceptance->isPending()) {
             return redirect()->route('account.accept')->with('error', trans('admin/users/message.error.asset_already_accepted'));
-        }        
+        }
 
         if (! $acceptance->isCheckedOutTo(Auth::user())) {
             return redirect()->route('account.accept')->with('error', trans('admin/users/message.error.incorrect_user_accepted'));
         }
 
-        if (!Company::isCurrentUserHasAccess($acceptance->checkoutable)) {
+        if (! Company::isCurrentUserHasAccess($acceptance->checkoutable)) {
             return redirect()->route('account.accept')->with('error', trans('general.insufficient_permissions'));
-        }   
+        }
 
-        if (!$request->filled('asset_acceptance')) {
+        if (! $request->filled('asset_acceptance')) {
             return redirect()->back()->with('error', trans('admin/users/message.error.accept_or_decline'));
         }
 
         /**
          * Get the signature and save it
          */
-
-        if (!Storage::exists('private_uploads/signatures'))  Storage::makeDirectory('private_uploads/signatures', 775);
-
-
-        $sig_filename = '';
-        if ($request->filled('signature_output')) {
-            $sig_filename = "siglog-" .Str::uuid() . '-'.date('Y-m-d-his').".png";
-            $data_uri = e($request->input('signature_output'));
-            $encoded_image = explode(",", $data_uri);
-            $decoded_image = base64_decode($encoded_image[1]);
-            Storage::put('private_uploads/signatures/'.$sig_filename, (string)$decoded_image);
+        if (! Storage::exists('private_uploads/signatures')) {
+            Storage::makeDirectory('private_uploads/signatures', 775);
         }
 
+        /**
+         * Check for the eula-pdfs directory
+         */
+        if (! Storage::exists('private_uploads/eula-pdfs')) {
+            Storage::makeDirectory('private_uploads/eula-pdfs', 775);
+        }
+
+        $item = $acceptance->checkoutable_type::find($acceptance->checkoutable_id);
+        $display_model = '';
+        $pdf_view_route = '';
+        $pdf_filename = 'accepted-eula-'.date('Y-m-d-h-i-s').'.pdf';
+        $sig_filename='';
+
 
         if ($request->input('asset_acceptance') == 'accepted') {
 
-            $acceptance->accept($sig_filename);
+            // The item was accepted, check for a signature
+            if ($request->filled('signature_output')) {
+                $sig_filename = 'siglog-'.Str::uuid().'-'.date('Y-m-d-his').'.png';
+                $data_uri = $request->input('signature_output');
+                $encoded_image = explode(',', $data_uri);
+                $decoded_image = base64_decode($encoded_image[1]);
+                Storage::put('private_uploads/signatures/'.$sig_filename, (string) $decoded_image);
+            }
 
+
+            // this is horrible
+            if ($acceptance->checkoutable_type == 'App\Models\Asset') {
+                $pdf_view_route ='account.accept.accept-asset-eula';
+                $asset_model = AssetModel::find($item->model_id);
+                $display_model = $asset_model->name;
+                $assigned_to = User::find($item->assigned_to)->present()->fullName;
+
+            } elseif ($acceptance->checkoutable_type== 'App\Models\Accessory') {
+                $pdf_view_route ='account.accept.accept-accessory-eula';
+                $accessory = Accessory::find($item->id);
+                $display_model = $accessory->name;
+                $assigned_to = User::find($item->assignedTo);
+
+            }
+
+            /**
+             * Gather the data for the PDF. We fire this whether there is a signature required or not,
+             * since we want the moment-in-time proof of what the EULA was when they accepted it.
+             */
+            $branding_settings = SettingsController::getPDFBranding();
+
+            if (is_null($branding_settings->logo)){
+                $path_logo = "";
+            } else {
+                $path_logo = public_path() . '/uploads/' . $branding_settings->logo;
+            }
+            
+            $data = [
+                'item_tag' => $item->asset_tag,
+                'item_model' => $display_model,
+                'item_serial' => $item->serial,
+                'eula' => $item->getEula(),
+                'check_out_date' => Carbon::parse($acceptance->created_at)->format($branding_settings->date_display_format),
+                'accepted_date' => Carbon::parse($acceptance->accepted_at)->format($branding_settings->date_display_format),
+                'assigned_to' => $assigned_to,
+                'company_name' => $branding_settings->site_name,
+                'signature' => ($sig_filename) ? storage_path() . '/private_uploads/signatures/' . $sig_filename : null,
+                'logo' => $path_logo,
+                'date_settings' => $branding_settings->date_display_format,
+            ];
+
+            if ($pdf_view_route!='') {
+                \Log::debug($pdf_filename.' is the filename, and the route was specified.');
+                $pdf = Pdf::loadView($pdf_view_route, $data);
+                Storage::put('private_uploads/eula-pdfs/' .$pdf_filename, $pdf->output());
+            }
+
+            $acceptance->accept($sig_filename, $item->getEula(), $pdf_filename);
             event(new CheckoutAccepted($acceptance));
 
             $return_msg = trans('admin/users/message.accepted');
 
         } else {
-
-            $acceptance->decline($sig_filename);         
-
+            $acceptance->decline($sig_filename);
             event(new CheckoutDeclined($acceptance));
-
             $return_msg = trans('admin/users/message.declined');
-
         }
 
+
         return redirect()->to('account/accept')->with('success', $return_msg);
-    }	
-}
+
+    }
+}

app/Http/Controllers/ActionlogController.php

@@ -3,16 +3,34 @@
 namespace App\Http\Controllers;
 
 use App\Helpers\Helper;
+use App\Models\Actionlog;
 use Response;
 
 class ActionlogController extends Controller
 {
     public function displaySig($filename)
     {
+        // PHP doesn't let you handle file not found errors well with 
+        // file_get_contents, so we set the error reporting for just this class
+        error_reporting(0);
+
         $this->authorize('view', \App\Models\Asset::class);
-        $file = config('app.private_uploads') . '/signatures/' . $filename;
+        $file = config('app.private_uploads').'/signatures/'.$filename;
         $filetype = Helper::checkUploadIsImage($file);
-        $contents = file_get_contents($file);
-        return Response::make($contents)->header('Content-Type', $filetype);
+
+        $contents = file_get_contents($file, false, stream_context_create(['http' => ['ignore_errors' => true]]));
+        if ($contents === false) {
+            \Log::warn('File '.$file.' not found');
+            return false;
+        } else {
+            return Response::make($contents)->header('Content-Type', $filetype);
+        }
+       
+    }
+    public function getStoredEula($filename){
+        $this->authorize('view', \App\Models\Asset::class);
+        $file = config('app.private_uploads').'/eula-pdfs/'.$filename;
+
+        return Response::download($file);
     }
 }

app/Http/Controllers/Api/AccessoriesController.php

@@ -9,10 +9,11 @@ use App\Http\Transformers\SelectlistTransformer;
 use App\Models\Accessory;
 use App\Models\Company;
 use App\Models\User;
-use Carbon\Carbon;
 use Auth;
+use Carbon\Carbon;
 use DB;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 
 class AccessoriesController extends Controller
 {
@@ -26,28 +27,52 @@ class AccessoriesController extends Controller
     public function index(Request $request)
     {
         $this->authorize('view', Accessory::class);
-        $allowed_columns = ['id','name','model_number','eol','notes','created_at','min_amt','company_id'];
+        $allowed_columns = ['id', 'name', 'model_number', 'eol', 'notes', 'created_at', 'min_amt', 'company_id'];
+        
+        // This array is what determines which fields should be allowed to be sorted on ON the table itself, no relations
+        // Relations will be handled in query scopes a little further down.
+        $allowed_columns = 
+            [
+                'id',
+                'name',
+                'model_number',
+                'eol',
+                'notes',
+                'created_at',
+                'min_amt',
+                'company_id',
+                'notes',
+            ];
 
-        $accessories = Accessory::with('category', 'company', 'manufacturer', 'users', 'location');
+
+        $accessories = Accessory::select('accessories.*')->with('category', 'company', 'manufacturer', 'users', 'location', 'supplier');
 
         if ($request->filled('search')) {
             $accessories = $accessories->TextSearch($request->input('search'));
         }
 
         if ($request->filled('company_id')) {
-            $accessories->where('company_id','=',$request->input('company_id'));
+            $accessories->where('company_id', '=', $request->input('company_id'));
         }
 
         if ($request->filled('category_id')) {
-            $accessories->where('category_id','=',$request->input('category_id'));
+            $accessories->where('category_id', '=', $request->input('category_id'));
         }
 
         if ($request->filled('manufacturer_id')) {
-            $accessories->where('manufacturer_id','=',$request->input('manufacturer_id'));
+            $accessories->where('manufacturer_id', '=', $request->input('manufacturer_id'));
         }
 
         if ($request->filled('supplier_id')) {
-            $accessories->where('supplier_id','=',$request->input('supplier_id'));
+            $accessories->where('supplier_id', '=', $request->input('supplier_id'));
+        }
+
+        if ($request->filled('location_id')) {
+            $accessories->where('location_id','=',$request->input('location_id'));
+        }
+
+        if ($request->filled('notes')) {
+            $accessories->where('notes','=',$request->input('notes'));
         }
 
         // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
@@ -57,26 +82,34 @@ class AccessoriesController extends Controller
         // Check to make sure the limit is not higher than the max allowed
         ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
 
-
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
+        $sort_override =  $request->input('sort');
+        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'created_at';
 
-        switch ($sort) {
+        switch ($sort_override) {
             case 'category':
                 $accessories = $accessories->OrderCategory($order);
                 break;
             case 'company':
                 $accessories = $accessories->OrderCompany($order);
                 break;
+            case 'location':
+                $accessories = $accessories->OrderLocation($order);
+                break;
+            case 'manufacturer':
+                $accessories = $accessories->OrderManufacturer($order);
+                break;    
+            case 'supplier':
+                $accessories = $accessories->OrderSupplier($order);
+                break;       
             default:
-                $accessories = $accessories->orderBy($sort, $order);
+                $accessories = $accessories->orderBy($column_sort, $order);
                 break;
         }
-
-        $accessories->orderBy($sort, $order);
-
+ 
         $total = $accessories->count();
         $accessories = $accessories->skip($offset)->take($limit)->get();
+
         return (new AccessoriesTransformer)->transformAccessories($accessories, $total);
     }
 
@@ -86,18 +119,20 @@ class AccessoriesController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest $request
      * @return \Illuminate\Http\Response
      */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
     {
         $this->authorize('create', Accessory::class);
         $accessory = new Accessory;
         $accessory->fill($request->all());
+        $accessory = $request->handleImages($accessory);
 
         if ($accessory->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $accessory, trans('admin/accessories/message.create.success')));
         }
+
         return response()->json(Helper::formatStandardApiResponse('error', null, $accessory->getErrors()));
 
     }
@@ -114,6 +149,7 @@ class AccessoriesController extends Controller
     {
         $this->authorize('view', Accessory::class);
         $accessory = Accessory::findOrFail($id);
+
         return (new AccessoriesTransformer)->transformAccessory($accessory);
     }
 
@@ -130,6 +166,7 @@ class AccessoriesController extends Controller
     {
         $this->authorize('view', Accessory::class);
         $accessory = Accessory::findOrFail($id);
+
         return (new AccessoriesTransformer)->transformAccessory($accessory);
     }
 
@@ -147,7 +184,7 @@ class AccessoriesController extends Controller
         $this->authorize('view', Accessory::class);
 
         $accessory = Accessory::with('lastCheckout')->findOrFail($id);
-        if (!Company::isCurrentUserHasAccess($accessory)) {
+        if (! Company::isCurrentUserHasAccess($accessory)) {
             return ['total' => 0, 'rows' => []];
         }
 
@@ -157,7 +194,7 @@ class AccessoriesController extends Controller
         $accessory_users = $accessory->users;
         $total = $accessory_users->count();
 
-        if($total < $offset){
+        if ($total < $offset) {
             $offset = 0;
         }
 
@@ -165,9 +202,13 @@ class AccessoriesController extends Controller
 
         if ($request->filled('search')) {
             $accessory_users = $accessory->users()
-                                ->where('first_name', 'like', '%'.$request->input('search').'%')
-                                ->orWhere('last_name', 'like', '%'.$request->input('search').'%')
-                                ->get();
+                                         ->where(function ($query) use ($request) {
+                                             $search_str = '%' . $request->input('search') . '%';
+                                             $query->where('first_name', 'like', $search_str)
+                                                   ->orWhere('last_name', 'like', $search_str)
+                                                   ->orWhere('note', 'like', $search_str);
+                                         })
+                                         ->get();
             $total = $accessory_users->count();
         }
 
@@ -180,15 +221,16 @@ class AccessoriesController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest $request
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
     {
         $this->authorize('update', Accessory::class);
         $accessory = Accessory::findOrFail($id);
         $accessory->fill($request->all());
+        $accessory = $request->handleImages($accessory);
 
         if ($accessory->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $accessory, trans('admin/accessories/message.update.success')));
@@ -212,12 +254,12 @@ class AccessoriesController extends Controller
         $this->authorize($accessory);
 
         if ($accessory->hasUsers() > 0) {
-            return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/accessories/message.assoc_users', array('count'=> $accessory->hasUsers()))));
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.assoc_users', ['count'=> $accessory->hasUsers()])));
         }
 
         $accessory->delete();
-        return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/accessories/message.delete.success')));
 
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/accessories/message.delete.success')));
     }
 
 
@@ -243,7 +285,7 @@ class AccessoriesController extends Controller
 
         if ($accessory->numRemaining() > 0) {
 
-            if (!$user = User::find($request->input('assigned_to'))) {
+            if (! $user = User::find($request->input('assigned_to'))) {
                 return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.checkout.user_does_not_exist')));
             }
 
@@ -254,12 +296,13 @@ class AccessoriesController extends Controller
                 'accessory_id' => $accessory->id,
                 'created_at' => Carbon::now(),
                 'user_id' => Auth::id(),
-                'assigned_to' => $request->get('assigned_to')
+                'assigned_to' => $request->get('assigned_to'),
+                'note' => $request->get('note'),
             ]);
 
             $accessory->logCheckout($request->input('note'), $user);
 
-            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/accessories/message.checkout.success')));
+            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/accessories/message.checkout.success')));
         }
 
         return response()->json(Helper::formatStandardApiResponse('error', null, 'No accessories remaining'));
@@ -272,7 +315,7 @@ class AccessoriesController extends Controller
      * @uses Accessory::checkin_email() to determine if an email can and should be sent
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param Request $request
-     * @param integer $accessoryUserId
+     * @param int $accessoryUserId
      * @param string $backto
      * @return Redirect
      * @internal param int $accessoryId
@@ -286,11 +329,11 @@ class AccessoriesController extends Controller
         $accessory = Accessory::find($accessory_user->accessory_id);
         $this->authorize('checkin', $accessory);
 
-        $logaction = $accessory->logCheckin(User::find($accessoryUserId), $request->input('note'));
+        $logaction = $accessory->logCheckin(User::find($accessory_user->user_id), $request->input('note'));
 
         // Was the accessory updated?
         if (DB::table('accessories_users')->where('id', '=', $accessory_user->id)->delete()) {
-            if (!is_null($accessory_user->assigned_to)) {
+            if (! is_null($accessory_user->assigned_to)) {
                 $user = User::find($accessory_user->assigned_to);
             }
 
@@ -305,7 +348,7 @@ class AccessoriesController extends Controller
             return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/accessories/message.checkin.success')));
         }
 
-        return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/accessories/message.checkin.error')));
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.checkin.error')));
 
     }
 
@@ -321,7 +364,7 @@ class AccessoriesController extends Controller
 
         $accessories = Accessory::select([
             'accessories.id',
-            'accessories.name'
+            'accessories.name',
         ]);
 
         if ($request->filled('search')) {
@@ -330,10 +373,7 @@ class AccessoriesController extends Controller
 
         $accessories = $accessories->orderBy('name', 'ASC')->paginate(50);
 
-
         return (new SelectlistTransformer)->transformSelectlist($accessories);
     }
 
-
-
 }

app/Http/Controllers/Api/AssetMaintenancesController.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace App\Http\Controllers\Api;
 
 use App\Helpers\Helper;
@@ -29,11 +30,12 @@ class AssetMaintenancesController extends Controller
      * @author  Vincent Sposato <vincent.sposato@gmail.com>
      * @version v1.0
      * @since [v1.8]
-     * @return String JSON
+     * @return string JSON
      */
     public function index(Request $request)
     {
-        $maintenances = AssetMaintenance::with('asset', 'asset.model','asset.location', 'supplier', 'asset.company', 'admin');
+        $this->authorize('view', Asset::class);
+        $maintenances = AssetMaintenance::with('asset', 'asset.model', 'asset.location', 'supplier', 'asset.company', 'admin');
 
         if ($request->filled('search')) {
             $maintenances = $maintenances->TextSearch($request->input('search'));
@@ -50,7 +52,6 @@ class AssetMaintenancesController extends Controller
         // Check to make sure the limit is not higher than the max allowed
         ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
 
-
         $allowed_columns = [
                                 'id',
                                 'title',
@@ -62,7 +63,7 @@ class AssetMaintenancesController extends Controller
                                 'notes',
                                 'asset_tag',
                                 'asset_name',
-                                'user_id'
+                                'user_id',
                             ];
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'created_at';
@@ -97,36 +98,37 @@ class AssetMaintenancesController extends Controller
      * @author  Vincent Sposato <vincent.sposato@gmail.com>
      * @version v1.0
      * @since [v1.8]
-     * @return String JSON
+     * @return string JSON
      */
     public function store(Request $request)
     {
+        $this->authorize('update', Asset::class);
         // create a new model instance
         $assetMaintenance = new AssetMaintenance();
         $assetMaintenance->supplier_id = $request->input('supplier_id');
         $assetMaintenance->is_warranty = $request->input('is_warranty');
-        $assetMaintenance->cost =  e($request->input('cost'));
+        $assetMaintenance->cost =  Helper::ParseCurrency($request->input('cost'));
         $assetMaintenance->notes = e($request->input('notes'));
         $asset = Asset::find(e($request->input('asset_id')));
 
-        if (!Company::isCurrentUserHasAccess($asset)) {
+        if (! Company::isCurrentUserHasAccess($asset)) {
             return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot add a maintenance for that asset'));
         }
 
         // Save the asset maintenance data
-        $assetMaintenance->asset_id               = $request->input('asset_id');
+        $assetMaintenance->asset_id = $request->input('asset_id');
         $assetMaintenance->asset_maintenance_type = $request->input('asset_maintenance_type');
-        $assetMaintenance->title                  = $request->input('title');
-        $assetMaintenance->start_date             = $request->input('start_date');
-        $assetMaintenance->completion_date        = $request->input('completion_date');
-        $assetMaintenance->user_id                = Auth::id();
+        $assetMaintenance->title = $request->input('title');
+        $assetMaintenance->start_date = $request->input('start_date');
+        $assetMaintenance->completion_date = $request->input('completion_date');
+        $assetMaintenance->user_id = Auth::id();
 
-        if (( $assetMaintenance->completion_date !== null )
-            && ( $assetMaintenance->start_date !== "" )
-            && ( $assetMaintenance->start_date !== "0000-00-00" )
+        if (($assetMaintenance->completion_date !== null)
+            && ($assetMaintenance->start_date !== '')
+            && ($assetMaintenance->start_date !== '0000-00-00')
         ) {
-            $startDate                                = Carbon::parse($assetMaintenance->start_date);
-            $completionDate                           = Carbon::parse($assetMaintenance->completion_date);
+            $startDate = Carbon::parse($assetMaintenance->start_date);
+            $completionDate = Carbon::parse($assetMaintenance->completion_date);
             $assetMaintenance->asset_maintenance_time = $completionDate->diffInDays($startDate);
         }
 
@@ -140,7 +142,6 @@ class AssetMaintenancesController extends Controller
 
     }
 
-
     /**
      *  Validates and stores an update to an asset maintenance
      *
@@ -149,59 +150,60 @@ class AssetMaintenancesController extends Controller
      * @param int $request
      * @version v1.0
      * @since [v4.0]
-     * @return String JSON
+     * @return string JSON
      */
     public function update(Request $request, $assetMaintenanceId = null)
     {
+        $this->authorize('update', Asset::class);
         // Check if the asset maintenance exists
         $assetMaintenance = AssetMaintenance::findOrFail($assetMaintenanceId);
 
-        if (!Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
+        if (! Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
             return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot edit a maintenance for that asset'));
         }
 
         $assetMaintenance->supplier_id = e($request->input('supplier_id'));
         $assetMaintenance->is_warranty = e($request->input('is_warranty'));
-        $assetMaintenance->cost =  Helper::ParseFloat(e($request->input('cost')));
+        $assetMaintenance->cost =  Helper::ParseCurrency($request->input('cost'));
         $assetMaintenance->notes = e($request->input('notes'));
 
         $asset = Asset::find(request('asset_id'));
 
-        if (!Company::isCurrentUserHasAccess($asset)) {
+        if (! Company::isCurrentUserHasAccess($asset)) {
             return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot edit a maintenance for that asset'));
         }
 
         // Save the asset maintenance data
-        $assetMaintenance->asset_id               = $request->input('asset_id');
+        $assetMaintenance->asset_id = $request->input('asset_id');
         $assetMaintenance->asset_maintenance_type = $request->input('asset_maintenance_type');
-        $assetMaintenance->title                  = $request->input('title');
-        $assetMaintenance->start_date             = $request->input('start_date');
-        $assetMaintenance->completion_date        = $request->input('completion_date');
+        $assetMaintenance->title = $request->input('title');
+        $assetMaintenance->start_date = $request->input('start_date');
+        $assetMaintenance->completion_date = $request->input('completion_date');
 
-        if (( $assetMaintenance->completion_date == null )
+        if (($assetMaintenance->completion_date == null)
         ) {
-            if (( $assetMaintenance->asset_maintenance_time !== 0 )
-                || ( !is_null($assetMaintenance->asset_maintenance_time) )
+            if (($assetMaintenance->asset_maintenance_time !== 0)
+                || (! is_null($assetMaintenance->asset_maintenance_time))
             ) {
                 $assetMaintenance->asset_maintenance_time = null;
             }
         }
 
-        if (( $assetMaintenance->completion_date !== null )
-            && ( $assetMaintenance->start_date !== "" )
-            && ( $assetMaintenance->start_date !== "0000-00-00" )
+        if (($assetMaintenance->completion_date !== null)
+            && ($assetMaintenance->start_date !== '')
+            && ($assetMaintenance->start_date !== '0000-00-00')
         ) {
-            $startDate                                = Carbon::parse($assetMaintenance->start_date);
-            $completionDate                           = Carbon::parse($assetMaintenance->completion_date);
+            $startDate = Carbon::parse($assetMaintenance->start_date);
+            $completionDate = Carbon::parse($assetMaintenance->completion_date);
             $assetMaintenance->asset_maintenance_time = $completionDate->diffInDays($startDate);
         }
 
         // Was the asset maintenance created?
         if ($assetMaintenance->save()) {
-
             return response()->json(Helper::formatStandardApiResponse('success', $assetMaintenance, trans('admin/asset_maintenances/message.edit.success')));
 
         }
+
         return response()->json(Helper::formatStandardApiResponse('error', null, $assetMaintenance->getErrors()));
     }
 
@@ -212,14 +214,15 @@ class AssetMaintenancesController extends Controller
      * @param int $assetMaintenanceId
      * @version v1.0
      * @since [v4.0]
-     * @return String JSON
+     * @return string JSON
      */
     public function destroy($assetMaintenanceId)
     {
+        $this->authorize('update', Asset::class);
         // Check if the asset maintenance exists
         $assetMaintenance = AssetMaintenance::findOrFail($assetMaintenanceId);
 
-        if (!Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
+        if (! Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
             return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot delete a maintenance for that asset'));
         }
 
@@ -237,14 +240,16 @@ class AssetMaintenancesController extends Controller
      * @param int $assetMaintenanceId
      * @version v1.0
      * @since [v4.0]
-     * @return String JSON
+     * @return string JSON
      */
     public function show($assetMaintenanceId)
     {
+        $this->authorize('view', Asset::class);
         $assetMaintenance = AssetMaintenance::findOrFail($assetMaintenanceId);
-        if (!Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
+        if (! Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
             return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot view a maintenance for that asset'));
         }
+
         return (new AssetMaintenancesTransformer())->transformAssetMaintenance($assetMaintenance);
 
     }

app/Http/Controllers/Api/AssetModelsController.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace App\Http\Controllers\Api;
 
 use App\Helpers\Helper;
@@ -9,6 +10,7 @@ use App\Http\Transformers\SelectlistTransformer;
 use App\Models\Asset;
 use App\Models\AssetModel;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;
 
 /**
@@ -30,7 +32,20 @@ class AssetModelsController extends Controller
     public function index(Request $request)
     {
         $this->authorize('view', AssetModel::class);
-        $allowed_columns = ['id','image','name','model_number','eol','notes','created_at','manufacturer','requestable', 'assets_count'];
+        $allowed_columns =
+            [
+                'id',
+                'image',
+                'name',
+                'model_number',
+                'eol',
+                'notes',
+                'created_at',
+                'manufacturer',
+                'requestable',
+                'assets_count',
+                'category',
+            ];
 
         $assetmodels = AssetModel::select([
             'models.id',
@@ -48,15 +63,17 @@ class AssetModelsController extends Controller
             'models.deleted_at',
             'models.updated_at',
          ])
-            ->with('category','depreciation', 'manufacturer','fieldset')
+            ->with('category', 'depreciation', 'manufacturer', 'fieldset')
             ->withCount('assets as assets_count');
 
-
-
-        if ($request->filled('status')) {
+        if ($request->input('status')=='deleted') {
             $assetmodels->onlyTrashed();
         }
 
+        if ($request->filled('category_id')) {
+            $assetmodels = $assetmodels->where('models.category_id', '=', $request->input('category_id'));
+        }
+
         if ($request->filled('search')) {
             $assetmodels->TextSearch($request->input('search'));
         }
@@ -75,15 +92,17 @@ class AssetModelsController extends Controller
             case 'manufacturer':
                 $assetmodels->OrderManufacturer($order);
                 break;
+            case 'category':
+                $assetmodels->OrderCategory($order);
+                break;
             default:
                 $assetmodels->orderBy($sort, $order);
                 break;
         }
 
-
-
         $total = $assetmodels->count();
         $assetmodels = $assetmodels->skip($offset)->take($limit)->get();
+
         return (new AssetModelsTransformer)->transformAssetModels($assetmodels, $total);
     }
 
@@ -93,20 +112,22 @@ class AssetModelsController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
      * @return \Illuminate\Http\Response
      */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
     {
         $this->authorize('create', AssetModel::class);
         $assetmodel = new AssetModel;
         $assetmodel->fill($request->all());
+        $assetmodel = $request->handleImages($assetmodel);
 
         if ($assetmodel->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $assetmodel, trans('admin/models/message.create.success')));
         }
         return response()->json(Helper::formatStandardApiResponse('error', null, $assetmodel->getErrors()));
 
+
     }
 
     /**
@@ -121,6 +142,7 @@ class AssetModelsController extends Controller
     {
         $this->authorize('view', AssetModel::class);
         $assetmodel = AssetModel::withCount('assets as assets_count')->findOrFail($id);
+
         return (new AssetModelsTransformer)->transformAssetModel($assetmodel);
     }
 
@@ -135,7 +157,8 @@ class AssetModelsController extends Controller
     public function assets($id)
     {
         $this->authorize('view', AssetModel::class);
-        $assets = Asset::where('model_id','=',$id)->get();
+        $assets = Asset::where('model_id', '=', $id)->get();
+
         return (new AssetsTransformer)->transformAssets($assets, $assets->count());
     }
 
@@ -145,16 +168,17 @@ class AssetModelsController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
     {
         $this->authorize('update', AssetModel::class);
         $assetmodel = AssetModel::findOrFail($id);
         $assetmodel->fill($request->all());
-
+        $assetmodel = $request->handleImages($assetmodel);
+        
         /**
          * Allow custom_fieldset_id to override and populate fieldset_id.
          * This is stupid, but required for legacy API support.
@@ -164,7 +188,7 @@ class AssetModelsController extends Controller
          * it, but I'll be damned if I can think of one. - snipe
          */
         if ($request->filled('custom_fieldset_id')) {
-            $assetmodel->fieldset_id = $request->get("custom_fieldset_id");
+            $assetmodel->fieldset_id = $request->get('custom_fieldset_id');
         }
 
 
@@ -190,11 +214,11 @@ class AssetModelsController extends Controller
         $this->authorize('delete', $assetmodel);
 
         if ($assetmodel->assets()->count() > 0) {
-            return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/models/message.assoc_users')));
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/models/message.assoc_users')));
         }
 
         if ($assetmodel->image) {
-            try  {
+            try {
                 Storage::disk('public')->delete('assetmodels/'.$assetmodel->image);
             } catch (\Exception $e) {
                 \Log::info($e);
@@ -202,8 +226,8 @@ class AssetModelsController extends Controller
         }
 
         $assetmodel->delete();
-        return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/models/message.delete.success')));
 
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/models/message.delete.success')));
     }
 
     /**
@@ -212,11 +236,11 @@ class AssetModelsController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0.16]
      * @see \App\Http\Transformers\SelectlistTransformer
-     *
      */
     public function selectlist(Request $request)
     {
 
+        $this->authorize('view.selectlists');
         $assetmodels = AssetModel::select([
             'models.id',
             'models.name',
@@ -224,7 +248,7 @@ class AssetModelsController extends Controller
             'models.model_number',
             'models.manufacturer_id',
             'models.category_id',
-        ])->with('manufacturer','category');
+        ])->with('manufacturer', 'category');
 
         $settings = \App\Models\Setting::getSettings();
 
@@ -235,21 +259,20 @@ class AssetModelsController extends Controller
         $assetmodels = $assetmodels->OrderCategory('ASC')->OrderManufacturer('ASC')->orderby('models.name', 'asc')->orderby('models.model_number', 'asc')->paginate(50);
 
         foreach ($assetmodels as $assetmodel) {
-
             $assetmodel->use_text = '';
 
             if ($settings->modellistCheckedValue('category')) {
-                $assetmodel->use_text .= (($assetmodel->category) ? e($assetmodel->category->name).' - ' : '');
+                $assetmodel->use_text .= (($assetmodel->category) ? $assetmodel->category->name.' - ' : '');
             }
 
             if ($settings->modellistCheckedValue('manufacturer')) {
-                $assetmodel->use_text .= (($assetmodel->manufacturer) ? e($assetmodel->manufacturer->name).' ' : '');
+                $assetmodel->use_text .= (($assetmodel->manufacturer) ? $assetmodel->manufacturer->name.' ' : '');
             }
 
-            $assetmodel->use_text .=  e($assetmodel->name);
+            $assetmodel->use_text .= $assetmodel->name;
 
-            if (($settings->modellistCheckedValue('model_number')) && ($assetmodel->model_number!='')) {
-                $assetmodel->use_text .=  ' (#'.e($assetmodel->model_number).')';
+            if (($settings->modellistCheckedValue('model_number')) && ($assetmodel->model_number != '')) {
+                $assetmodel->use_text .= ' (#'.$assetmodel->model_number.')';
             }
 
             $assetmodel->use_image = ($settings->modellistCheckedValue('image') && ($assetmodel->image)) ? Storage::disk('public')->url('models/'.e($assetmodel->image)) : null;
@@ -257,5 +280,4 @@ class AssetModelsController extends Controller
 
         return (new SelectlistTransformer)->transformSelectlist($assetmodels);
     }
-
 }

app/Http/Controllers/Api/AssetsController.php

@@ -1,13 +1,17 @@
 <?php
+
 namespace App\Http\Controllers\Api;
 
+use App\Events\CheckoutableCheckedIn;
 use Illuminate\Support\Facades\Gate;
 use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\AssetCheckoutRequest;
 use App\Http\Transformers\AssetsTransformer;
+use App\Http\Transformers\DepreciationReportTransformer;
 use App\Http\Transformers\LicensesTransformer;
 use App\Http\Transformers\SelectlistTransformer;
+use App\Models\Actionlog;
 use App\Models\Asset;
 use App\Models\AssetModel;
 use App\Models\Company;
@@ -20,13 +24,14 @@ use Auth;
 use Carbon\Carbon;
 use DB;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 use Input;
 use Paginator;
 use Slack;
 use Str;
 use TCPDF;
 use Validator;
-
+use Route;
 
 /**
  * This class controls all actions related to assets for
@@ -37,7 +42,6 @@ use Validator;
  */
 class AssetsController extends Controller
 {
-
     /**
      * Returns JSON listing of all assets
      *
@@ -46,10 +50,32 @@ class AssetsController extends Controller
      * @since [v4.0]
      * @return JsonResponse
      */
-    public function index(Request $request, $audit = null)
+    public function index(Request $request, $audit = null) 
     {
 
-        $this->authorize('index', Asset::class);
+        $filter_non_deprecable_assets = false;
+
+        /**
+         * This looks MAD janky (and it is), but the AssetsController@index does a LOT of heavy lifting throughout the 
+         * app. This bit here just makes sure that someone without permission to view assets doesn't 
+         * end up with priv escalations because they asked for a different endpoint. 
+         * 
+         * Since we never gave the specification for which transformer to use before, it should default 
+         * gracefully to just use the AssetTransformer by default, which shouldn't break anything. 
+         * 
+         * It was either this mess, or repeating ALL of the searching and sorting and filtering code, 
+         * which would have been far worse of a mess. *sad face*  - snipe (Sept 1, 2021)
+         */
+        if (Route::currentRouteName()=='api.depreciation-report.index') {
+            $filter_non_deprecable_assets = true;
+            $transformer = 'App\Http\Transformers\DepreciationReportTransformer';
+            $this->authorize('reports.view');
+        } else {
+            $transformer = 'App\Http\Transformers\AssetsTransformer';
+            $this->authorize('index', Asset::class);          
+        }
+        
+       
         $settings = Setting::getSettings();
 
         $allowed_columns = [
@@ -76,7 +102,7 @@ class AssetsController extends Controller
             'requests_counter',
         ];
 
-        $filter = array();
+        $filter = [];
 
         if ($request->filled('filter')) {
             $filter = json_decode($request->input('filter'), true);
@@ -84,22 +110,38 @@ class AssetsController extends Controller
 
         $all_custom_fields = CustomField::all(); //used as a 'cache' of custom fields throughout this page load
         foreach ($all_custom_fields as $field) {
-            $allowed_columns[]=$field->db_column_name();
+            $allowed_columns[] = $field->db_column_name();
         }
 
-        $assets = Company::scopeCompanyables(Asset::select('assets.*'),"company_id","assets")
-            ->with('location', 'assetstatus', 'assetlog', 'company', 'defaultLoc','assignedTo',
-                'model.category', 'model.manufacturer', 'model.fieldset','supplier');
+        $assets = Company::scopeCompanyables(Asset::select('assets.*'), 'company_id', 'assets')
+            ->with('location', 'assetstatus', 'company', 'defaultLoc','assignedTo',
+                'model.category', 'model.manufacturer', 'model.fieldset','supplier'); //it might be tempting to add 'assetlog' here, but don't. It blows up update-heavy users.
 
 
+        if ($filter_non_deprecable_assets) {
+            $non_deprecable_models = AssetModel::select('id')->whereNotNull('depreciation_id')->get();
+
+            $assets->InModelList($non_deprecable_models->toArray());
+        }
+
         // These are used by the API to query against specific ID numbers.
         // They are also used by the individual searches on detail pages like
         // locations, etc.
+
+
+        // Search custom fields by column name
+        foreach ($all_custom_fields as $field) {
+            if ($request->filled($field->db_column_name())) {
+                $assets->where($field->db_column_name(), '=', $request->input($field->db_column_name()));
+            }
+        }
+
+
         if ($request->filled('status_id')) {
             $assets->where('assets.status_id', '=', $request->input('status_id'));
         }
 
-        if ($request->input('requestable')=='true') {
+        if ($request->input('requestable') == 'true') {
             $assets->where('assets.requestable', '=', '1');
         }
 
@@ -141,8 +183,6 @@ class AssetsController extends Controller
         }
 
         $request->filled('order_number') ? $assets = $assets->where('assets.order_number', '=', e($request->get('order_number'))) : '';
-        $offset = (($assets) && (request('offset') > $assets->count())) ? 0 : request('offset', 0);
-
 
         // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
         // case we override with the actual count, so we should return 0 items.
@@ -156,7 +196,6 @@ class AssetsController extends Controller
 
         // This is used by the audit reporting routes
         if (Gate::allows('audit', Asset::class)) {
-
             switch ($audit) {
                 case 'due':
                     $assets->DueOrOverdueForAudit($settings);
@@ -179,19 +218,19 @@ class AssetsController extends Controller
                 $assets->onlyTrashed();
                 break;
             case 'Pending':
-                $assets->join('status_labels AS status_alias',function ($join) {
-                    $join->on('status_alias.id', "=", "assets.status_id")
-                        ->where('status_alias.deployable','=',0)
-                        ->where('status_alias.pending','=',1)
+                $assets->join('status_labels AS status_alias', function ($join) {
+                    $join->on('status_alias.id', '=', 'assets.status_id')
+                        ->where('status_alias.deployable', '=', 0)
+                        ->where('status_alias.pending', '=', 1)
                         ->where('status_alias.archived', '=', 0);
                 });
                 break;
             case 'RTD':
                 $assets->whereNull('assets.assigned_to')
-                    ->join('status_labels AS status_alias',function ($join) {
-                        $join->on('status_alias.id', "=", "assets.status_id")
-                            ->where('status_alias.deployable','=',1)
-                            ->where('status_alias.pending','=',0)
+                    ->join('status_labels AS status_alias', function ($join) {
+                        $join->on('status_alias.id', '=', 'assets.status_id')
+                            ->where('status_alias.deployable', '=', 1)
+                            ->where('status_alias.pending', '=', 0)
                             ->where('status_alias.archived', '=', 0);
                     });
                 break;
@@ -199,19 +238,19 @@ class AssetsController extends Controller
                 $assets->Undeployable();
                 break;
             case 'Archived':
-                $assets->join('status_labels AS status_alias',function ($join) {
-                    $join->on('status_alias.id', "=", "assets.status_id")
-                        ->where('status_alias.deployable','=',0)
-                        ->where('status_alias.pending','=',0)
+                $assets->join('status_labels AS status_alias', function ($join) {
+                    $join->on('status_alias.id', '=', 'assets.status_id')
+                        ->where('status_alias.deployable', '=', 0)
+                        ->where('status_alias.pending', '=', 0)
                         ->where('status_alias.archived', '=', 1);
                 });
                 break;
             case 'Requestable':
                 $assets->where('assets.requestable', '=', 1)
-                    ->join('status_labels AS status_alias',function ($join) {
-                        $join->on('status_alias.id', "=", "assets.status_id")
-                            ->where('status_alias.deployable','=',1)
-                            ->where('status_alias.pending','=',0)
+                    ->join('status_labels AS status_alias', function ($join) {
+                        $join->on('status_alias.id', '=', 'assets.status_id')
+                            ->where('status_alias.deployable', '=', 1)
+                            ->where('status_alias.pending', '=', 0)
                             ->where('status_alias.archived', '=', 0);
                     });
 
@@ -222,24 +261,24 @@ class AssetsController extends Controller
                 break;
             default:
 
-                if ((!$request->filled('status_id')) && ($settings->show_archived_in_list!='1')) {
+                if ((! $request->filled('status_id')) && ($settings->show_archived_in_list != '1')) {
                     // terrible workaround for complex-query Laravel bug in fulltext
-                    $assets->join('status_labels AS status_alias',function ($join) {
-                        $join->on('status_alias.id', "=", "assets.status_id")
+                    $assets->join('status_labels AS status_alias', function ($join) {
+                        $join->on('status_alias.id', '=', 'assets.status_id')
                             ->where('status_alias.archived', '=', 0);
                     });
 
                     // If there is a status ID, don't take show_archived_in_list into consideration
                 } else {
-                    $assets->join('status_labels AS status_alias',function ($join) {
-                        $join->on('status_alias.id', "=", "assets.status_id");
+                    $assets->join('status_labels AS status_alias', function ($join) {
+                        $join->on('status_alias.id', '=', 'assets.status_id');
                     });
                 }
 
         }
 
 
-        if ((!is_null($filter)) && (count($filter)) > 0) {
+        if ((! is_null($filter)) && (count($filter)) > 0) {
             $assets->ByFilter($filter);
         } elseif ($request->filled('search')) {
             $assets->TextSearch($request->input('search'));
@@ -249,7 +288,7 @@ class AssetsController extends Controller
         // This is kinda gross, but we need to do this because the Bootstrap Tables
         // API passes custom field ordering as custom_fields.fieldname, and we have to strip
         // that out to let the default sorter below order them correctly on the assets table.
-        $sort_override = str_replace('custom_fields.','', $request->input('sort')) ;
+        $sort_override = str_replace('custom_fields.', '', $request->input('sort'));
 
         // This handles all of the pivot sorting (versus the assets.* fields
         // in the allowed_columns array)
@@ -294,8 +333,24 @@ class AssetsController extends Controller
 
         $total = $assets->count();
         $assets = $assets->skip($offset)->take($limit)->get();
-        // dd($assets);
-        return (new AssetsTransformer)->transformAssets($assets, $total);
+        
+
+        /**
+         * Include additional associated relationships
+         */  
+        if ($request->input('components')) {
+            $assets->loadMissing(['components' => function ($query) {
+                $query->orderBy('created_at', 'desc');
+            }]);
+        }
+
+
+
+        /**
+         * Here we're just determining which Transformer (via $transformer) to use based on the 
+         * variables we set earlier on in this method - we default to AssetsTransformer.
+         */
+        return (new $transformer)->transformAssets($assets, $total, $request);
     }
 
 
@@ -307,11 +362,12 @@ class AssetsController extends Controller
      * @since [v4.2.1]
      * @return JsonResponse
      */
-    public function showByTag($tag)
+    public function showByTag(Request $request, $tag)
     {
-        if ($asset = Asset::with('assetstatus')->with('assignedTo')->where('asset_tag',$tag)->first()) {
+        if ($asset = Asset::with('assetstatus')->with('assignedTo')->where('asset_tag', $tag)->first()) {
             $this->authorize('view', $asset);
-            return (new AssetsTransformer)->transformAsset($asset);
+
+            return (new AssetsTransformer)->transformAsset($asset, $request);
         }
         return response()->json(Helper::formatStandardApiResponse('error', null, 'Asset not found'), 200);
 
@@ -325,17 +381,28 @@ class AssetsController extends Controller
      * @since [v4.2.1]
      * @return JsonResponse
      */
-    public function showBySerial($serial)
+    public function showBySerial(Request $request, $serial)
     {
         $this->authorize('index', Asset::class);
         if ($assets = Asset::with('assetstatus')->with('assignedTo')
-            ->withTrashed()->where('serial',$serial)->get()) {
+            ->withTrashed()->where('serial', $serial)->get()) {
                 return (new AssetsTransformer)->transformAssets($assets, $assets->count());
         }
         return response()->json(Helper::formatStandardApiResponse('error', null, 'Asset not found'), 200);
 
+        $assets = Asset::with('assetstatus')->with('assignedTo');
+
+        if ($request->input('deleted', 'false') === 'true') {
+            $assets = $assets->withTrashed();
     }
 
+        $assets = $assets->where('serial', $serial)->get();
+        if ($assets) {
+            return (new AssetsTransformer)->transformAssets($assets, $assets->count());
+        } else {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Asset not found'), 200);
+        }
+    }
 
     /**
      * Returns JSON with information about an asset for detail view.
@@ -345,22 +412,25 @@ class AssetsController extends Controller
      * @since [v4.0]
      * @return JsonResponse
      */
-    public function show($id)
+    public function show(Request $request, $id)
     {
         if ($asset = Asset::with('assetstatus')->with('assignedTo')->withTrashed()
             ->withCount('checkins as checkins_count', 'checkouts as checkouts_count', 'userRequests as user_requests_count')->findOrFail($id)) {
             $this->authorize('view', $asset);
-            return (new AssetsTransformer)->transformAsset($asset);
+
+            return (new AssetsTransformer)->transformAsset($asset, $request->input('components') );
         }
 
 
     }
-    public function licenses($id)
+
+    public function licenses(Request $request, $id)
     {
         $this->authorize('view', Asset::class);
         $this->authorize('view', License::class);
         $asset = Asset::where('id', $id)->withTrashed()->first();
         $licenses = $asset->licenses()->get();
+
         return (new LicensesTransformer())->transformLicenses($licenses, $licenses->count());
      }
 
@@ -383,7 +453,7 @@ class AssetsController extends Controller
             'assets.model_id',
             'assets.assigned_to',
             'assets.assigned_type',
-            'assets.status_id'
+            'assets.status_id',
             ])->with('model', 'assetstatus', 'assignedTo')->NotArchived(), 'company_id', 'assets');
 
         if ($request->filled('assetStatusType') && $request->input('assetStatusType') === 'RTD') {
@@ -410,15 +480,14 @@ class AssetsController extends Controller
             }
 
 
-            if ($asset->assetstatus->getStatuslabelType()=='pending') {
-                $asset->use_text .=  '('.$asset->assetstatus->getStatuslabelType().')';
+            if ($asset->assetstatus->getStatuslabelType() == 'pending') {
+                $asset->use_text .= '('.$asset->assetstatus->getStatuslabelType().')';
             }
 
             $asset->use_image = ($asset->getImageUrl()) ? $asset->getImageUrl() : null;
         }
 
         return (new SelectlistTransformer)->transformSelectlist($assets);
-
     }
 
 
@@ -426,13 +495,12 @@ class AssetsController extends Controller
      * Accepts a POST request to create a new asset
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
-     * @param Request $request
+     * @param \App\Http\Requests\ImageUploadRequest $request
      * @since [v4.0]
      * @return JsonResponse
      */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
     {
-
         $this->authorize('create', Asset::class);
 
         $asset = new Asset();
@@ -451,47 +519,61 @@ class AssetsController extends Controller
         $asset->depreciate              = '0';
         $asset->status_id               = $request->get('status_id', 0);
         $asset->warranty_months         = $request->get('warranty_months', null);
-        $asset->purchase_cost           = Helper::ParseFloat($request->get('purchase_cost'));
+        $asset->purchase_cost           = Helper::ParseCurrency($request->get('purchase_cost')); // this is the API's store method, so I don't know that I want to do this? Confusing. FIXME (or not?!)
         $asset->purchase_date           = $request->get('purchase_date', null);
         $asset->assigned_to             = $request->get('assigned_to', null);
-        $asset->supplier_id             = $request->get('supplier_id', 0);
+        $asset->supplier_id             = $request->get('supplier_id');
         $asset->requestable             = $request->get('requestable', 0);
         $asset->rtd_location_id         = $request->get('rtd_location_id', null);
         $asset->location_id             = $request->get('rtd_location_id', null);
 
-        if ($request->has('image_source') && $request->input('image_source') != "") {
-            $saved_image_path = Helper::processUploadedImage(
-                $request->input('image_source'), 'uploads/assets/'
-            );
+        /**
+        * this is here just legacy reasons. Api\AssetController
+        * used image_source  once to allow encoded image uploads.
+        */
+        if ($request->has('image_source')) {
+            $request->offsetSet('image', $request->offsetGet('image_source'));
+        }     
 
-            if (!$saved_image_path) {
-                return response()->json(Helper::formatStandardApiResponse(
-                        'error',
-                        null,
-                        trans('admin/hardware/message.create.error')
-                    ), 200);
-            }
-
-            $asset->image = $saved_image_path;
-        }
+        $asset = $request->handleImages($asset);
 
         // Update custom fields in the database.
         // Validation for these fields is handled through the AssetRequest form request
         $model = AssetModel::find($request->get('model_id'));
         if (($model) && ($model->fieldset)) {
             foreach ($model->fieldset->fields as $field) {
-                if ($field->field_encrypted=='1') {
-                    if (Gate::allows('admin')) {
-                        $asset->{$field->convertUnicodeDbSlug()} = \Crypt::encrypt($request->input($field->convertUnicodeDbSlug()));
-                    }
-                } else {
-                    $asset->{$field->convertUnicodeDbSlug()} = $request->input($field->convertUnicodeDbSlug());
+
+                // Set the field value based on what was sent in the request
+                $field_val = $request->input($field->convertUnicodeDbSlug(), null);
+
+                // If input value is null, use custom field's default value
+                if ($field_val == null) {
+                    \Log::debug('Field value for '.$field->convertUnicodeDbSlug().' is null');
+                    $field_val = $field->defaultValue($request->get('model_id'));
+                    \Log::debug('Use the default fieldset value of '.$field->defaultValue($request->get('model_id')));
                 }
+
+                // if the field is set to encrypted, make sure we encrypt the value
+                if ($field->field_encrypted == '1') {
+                    \Log::debug('This model field is encrypted in this fieldset.');
+
+                    if (Gate::allows('admin')) {
+
+                        // If input value is null, use custom field's default value
+                        if (($field_val == null) && ($request->has('model_id') != '')) {
+                            $field_val = \Crypt::encrypt($field->defaultValue($request->get('model_id')));
+                        } else {
+                            $field_val = \Crypt::encrypt($request->input($field->convertUnicodeDbSlug()));
+                        }
+                    }
+                }
+
+
+                $asset->{$field->convertUnicodeDbSlug()} = $field_val;
             }
         }
 
         if ($asset->save()) {
-
             if ($request->get('assigned_user')) {
                 $target = User::find(request('assigned_user'));
             } elseif ($request->get('assigned_asset')) {
@@ -518,11 +600,11 @@ class AssetsController extends Controller
      * Accepts a POST request to update an asset
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
-     * @param Request $request
+     * @param \App\Http\Requests\ImageUploadRequest $request
      * @since [v4.0]
      * @return JsonResponse
      */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
     {
         $this->authorize('update', Asset::class);
 
@@ -536,37 +618,24 @@ class AssetsController extends Controller
             ($request->filled('company_id')) ?
                 $asset->company_id = Company::getIdForCurrentUser($request->get('company_id')) : '';
 
-($request->filled('rtd_location_id')) ?
-                $asset->location_id = $request->get('rtd_location_id') : null;
-
-
-            if ($request->filled('image_source')) {
-                if ($request->input('image_source') == "") {
             ($request->filled('rtd_location_id')) ?
                 $asset->location_id = $request->get('rtd_location_id') : null;
-                    $asset->image = null;
-                } else {
-                    $saved_image_path = Helper::processUploadedImage(
-                        $request->input('image_source'), 'uploads/assets/'
-                    );
 
-                    if (!$saved_image_path) {
-                        return response()->json(Helper::formatStandardApiResponse(
-                            'error',
-                            null,
-                            trans('admin/hardware/message.update.error')
-                        ), 200);
-                    }
-
-                    $asset->image = $saved_image_path;
-                }
-            }
+            /**
+            * this is here just legacy reasons. Api\AssetController
+            * used image_source  once to allow encoded image uploads.
+            */
+            if ($request->has('image_source')) {
+                $request->offsetSet('image', $request->offsetGet('image_source'));
+            }     
 
+            $asset = $request->handleImages($asset); 
+            
             // Update custom fields
             if (($model = AssetModel::find($asset->model_id)) && (isset($model->fieldset))) {
                 foreach ($model->fieldset->fields as $field) {
                     if ($request->has($field->convertUnicodeDbSlug())) {
-                        if ($field->field_encrypted=='1') {
+                        if ($field->field_encrypted == '1') {
                             if (Gate::allows('admin')) {
                                 $asset->{$field->convertUnicodeDbSlug()} = \Crypt::encrypt($request->input($field->convertUnicodeDbSlug()));
                             }
@@ -579,15 +648,13 @@ class AssetsController extends Controller
 
 
             if ($asset->save()) {
-
                 if (($request->filled('assigned_user')) && ($target = User::find($request->get('assigned_user')))) {
                         $location = $target->location_id;
                 } elseif (($request->filled('assigned_asset')) && ($target = Asset::find($request->get('assigned_asset')))) {
                     $location = $target->location_id;
 
-                    Asset::where('assigned_type', '\\App\\Models\\Asset')->where('assigned_to', $id)
+                    Asset::where('assigned_type', \App\Models\Asset::class)->where('assigned_to', $id)
                         ->update(['location_id' => $target->location_id]);
-
                 } elseif (($request->filled('assigned_location')) && ($target = Location::find($request->get('assigned_location')))) {
                     $location = $target->id;
                 }
@@ -602,8 +669,10 @@ class AssetsController extends Controller
 
                 return response()->json(Helper::formatStandardApiResponse('success', $asset, trans('admin/hardware/message.update.success')));
             }
+
             return response()->json(Helper::formatStandardApiResponse('error', null, $asset->getErrors()), 200);
         }
+
         return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 200);
     }
 
@@ -621,12 +690,11 @@ class AssetsController extends Controller
         $this->authorize('delete', Asset::class);
 
         if ($asset = Asset::find($id)) {
-
             $this->authorize('delete', $asset);
 
             DB::table('assets')
                 ->where('id', $asset->id)
-                ->update(array('assigned_to' => null));
+                ->update(['assigned_to' => null]);
 
             $asset->delete();
 
@@ -636,6 +704,48 @@ class AssetsController extends Controller
         return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 200);
     }
 
+    
+
+    /**
+     * Restore a soft-deleted asset.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param int $assetId
+     * @since [v5.1.18]
+     * @return JsonResponse
+     */
+    public function restore(Request $request, $assetId = null)
+    {
+        // Get asset information
+        $asset = Asset::withTrashed()->find($assetId);
+        $this->authorize('delete', $asset);
+
+        if (isset($asset->id)) {
+
+            if ($asset->deleted_at=='') {
+               $message = 'Asset was not deleted. No data was changed.';
+
+            } else {
+
+                $message = trans('admin/hardware/message.restore.success');
+                // Restore the asset
+                Asset::withTrashed()->where('id', $assetId)->restore();
+
+                $logaction = new Actionlog();
+                $logaction->item_type = Asset::class;
+                $logaction->item_id = $asset->id;
+                $logaction->created_at =  date("Y-m-d H:i:s");
+                $logaction->user_id = Auth::user()->id;
+                $logaction->logaction('restored');
+            }
+
+            return response()->json(Helper::formatStandardApiResponse('success', (new AssetsTransformer)->transformAsset($asset, $request), $message));
+        
+
+        }
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 200);
+    }
+
 
 
     /**
@@ -651,7 +761,7 @@ class AssetsController extends Controller
         $this->authorize('checkout', Asset::class);
         $asset = Asset::findOrFail($asset_id);
 
-        if (!$asset->availableForCheckout()) {
+        if (! $asset->availableForCheckout()) {
             return response()->json(Helper::formatStandardApiResponse('error', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkout.not_available')));
         }
 
@@ -665,21 +775,21 @@ class AssetsController extends Controller
 
 
         // This item is checked out to a location
-        if (request('checkout_to_type')=='location') {
+        if (request('checkout_to_type') == 'location') {
             $target = Location::find(request('assigned_location'));
             $asset->location_id = ($target) ? $target->id : '';
             $error_payload['target_id'] = $request->input('assigned_location');
             $error_payload['target_type'] = 'location';
 
-        } elseif (request('checkout_to_type')=='asset') {
-            $target = Asset::where('id','!=',$asset_id)->find(request('assigned_asset'));
+        } elseif (request('checkout_to_type') == 'asset') {
+            $target = Asset::where('id', '!=', $asset_id)->find(request('assigned_asset'));
             $asset->location_id = $target->rtd_location_id;
             // Override with the asset's location_id if it has one
             $asset->location_id = (($target) && (isset($target->location_id))) ? $target->location_id : '';
             $error_payload['target_id'] = $request->input('assigned_asset');
             $error_payload['target_type'] = 'asset';
 
-        } elseif (request('checkout_to_type')=='user') {
+        } elseif (request('checkout_to_type') == 'user') {
             // Fetch the target and set the asset's new location_id
             $target = User::find(request('assigned_user'));
             $asset->location_id = (($target) && (isset($target->location_id))) ? $target->location_id : '';
@@ -687,15 +797,18 @@ class AssetsController extends Controller
             $error_payload['target_type'] = 'user';
         }
 
+        if ($request->filled('status_id')) {
+            $asset->status_id = $request->get('status_id');
+        }
 
 
-        if (!isset($target)) {
+        if (! isset($target)) {
             return response()->json(Helper::formatStandardApiResponse('error', $error_payload, 'Checkout target for asset '.e($asset->asset_tag).' is invalid - '.$error_payload['target_type'].' does not exist.'));
         }
 
 
 
-        $checkout_at = request('checkout_at', date("Y-m-d H:i:s"));
+        $checkout_at = request('checkout_at', date('Y-m-d H:i:s'));
         $expected_checkin = request('expected_checkin', null);
         $note = request('note', null);
         $asset_name = request('name', null);
@@ -734,8 +847,8 @@ class AssetsController extends Controller
         $this->authorize('checkin', $asset);
 
 
-        $user = $asset->assignedUser;
-        if (is_null($target = $asset->assignedTo)) {
+        $target = $asset->assignedTo;
+        if (is_null($target)) {
             return response()->json(Helper::formatStandardApiResponse('error', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkin.already_checked_in')));
         }
 
@@ -748,23 +861,50 @@ class AssetsController extends Controller
         if ($request->filled('name')) {
             $asset->name = $request->input('name');
         }
-        
-        $asset->location_id =  $asset->rtd_location_id;
+
+        $asset->location_id = $asset->rtd_location_id;
 
         if ($request->filled('location_id')) {
-            $asset->location_id =  $request->input('location_id');
+            $asset->location_id = $request->input('location_id');
         }
 
         if ($request->has('status_id')) {
-            $asset->status_id =  $request->input('status_id');
+            $asset->status_id = $request->input('status_id');
+        }
+
+        $checkin_at = null;
+        if ($request->filled('checkin_at')) {
+            $checkin_at = $request->input('checkin_at');
         }
 
         if ($asset->save()) {
-            $asset->logCheckin($target, e($request->input('note')));
+            event(new CheckoutableCheckedIn($asset, $target, Auth::user(), $request->input('note'), $checkin_at));
+
             return response()->json(Helper::formatStandardApiResponse('success', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkin.success')));
         }
 
-        return response()->json(Helper::formatStandardApiResponse('success', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkin.error')));
+        return response()->json(Helper::formatStandardApiResponse('error', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkin.error')));
+    }
+
+    /**
+     * Checkin an asset by asset tag
+     *
+     * @author [A. Janes] [<ajanes@adagiohealth.org>]
+     * @since [v6.0]
+     * @return JsonResponse
+     */
+    public function checkinByTag(Request $request)
+    {
+        $this->authorize('checkin', Asset::class);
+        $asset = Asset::where('asset_tag', $request->input('asset_tag'))->first();
+
+        if($asset) {
+            return $this->checkin($request, $asset->id);
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', [
+            'asset'=> e($request->input('asset_tag'))
+        ], 'Asset with tag '.e($request->input('asset_tag')).' not found'));
     }
 
 
@@ -776,15 +916,15 @@ class AssetsController extends Controller
      * @since [v4.0]
      * @return JsonResponse
      */
-    public function audit(Request $request) {
-
+    public function audit(Request $request)
 
+    {
         $this->authorize('audit', Asset::class);
-        $rules = array(
+        $rules = [
             'asset_tag' => 'required',
             'location_id' => 'exists:locations,id|nullable|numeric',
-            'next_audit_date' => 'date|nullable'
-        );
+            'next_audit_date' => 'date|nullable',
+        ];
 
         $validator = Validator::make($request->all(), $rules);
         if ($validator->fails()) {
@@ -794,7 +934,7 @@ class AssetsController extends Controller
         $settings = Setting::getSettings();
         $dt = Carbon::now()->addMonths($settings->audit_interval)->toDateString();
 
-        $asset = Asset::where('asset_tag','=', $request->input('asset_tag'))->first();
+        $asset = Asset::where('asset_tag', '=', $request->input('asset_tag'))->first();
 
 
         if ($asset) {
@@ -808,28 +948,24 @@ class AssetsController extends Controller
 
             // Check to see if they checked the box to update the physical location,
             // not just note it in the audit notes
-            if ($request->input('update_location')=='1') {
+            if ($request->input('update_location') == '1') {
                 $asset->location_id = $request->input('location_id');
             }
 
-            $asset->last_audit_date = date('Y-m-d h:i:s');
+            $asset->last_audit_date = date('Y-m-d H:i:s');
 
             if ($asset->save()) {
-                $log = $asset->logAudit(request('note'),request('location_id'));
+                $log = $asset->logAudit(request('note'), request('location_id'));
+
                 return response()->json(Helper::formatStandardApiResponse('success', [
                     'asset_tag'=> e($asset->asset_tag),
                     'note'=> e($request->input('note')),
-                    'next_audit_date' => Helper::getFormattedDateObject($asset->next_audit_date)
+                    'next_audit_date' => Helper::getFormattedDateObject($asset->next_audit_date),
                 ], trans('admin/hardware/message.audit.success')));
             }
         }
 
-        return response()->json(Helper::formatStandardApiResponse('error', ['asset_tag'=> e($request->input('asset_tag'))], 'Asset with tag '.$request->input('asset_tag').' not found'));
-
-
-
-
-
+        return response()->json(Helper::formatStandardApiResponse('error', ['asset_tag'=> e($request->input('asset_tag'))], 'Asset with tag '.e($request->input('asset_tag')).' not found'));
     }
 
 
@@ -845,14 +981,16 @@ class AssetsController extends Controller
     {
         $this->authorize('viewRequestable', Asset::class);
 
-        $assets = Company::scopeCompanyables(Asset::select('assets.*'),"company_id","assets")
+        $assets = Company::scopeCompanyables(Asset::select('assets.*'), 'company_id', 'assets')
             ->with('location', 'assetstatus', 'assetlog', 'company', 'defaultLoc','assignedTo',
-                'model.category', 'model.manufacturer', 'model.fieldset','supplier')->where('assets.requestable', '=', '1');
+                'model.category', 'model.manufacturer', 'model.fieldset', 'supplier')->requestableAssets();
 
         $offset = request('offset', 0);
         $limit = $request->input('limit', 50);
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-        $assets->TextSearch($request->input('search'));
+        if ($request->filled('search')) {
+            $assets->TextSearch($request->input('search'));
+        }
 
         switch ($request->input('sort')) {
             case 'model':
@@ -872,9 +1010,9 @@ class AssetsController extends Controller
                 break;
         }
 
-
         $total = $assets->count();
         $assets = $assets->skip($offset)->take($limit)->get();
+
         return (new AssetsTransformer)->transformRequestedAssets($assets, $total);
     }
 }

app/Http/Controllers/Api/CategoriesController.php

@@ -8,6 +8,7 @@ use App\Http\Transformers\CategoriesTransformer;
 use App\Http\Transformers\SelectlistTransformer;
 use App\Models\Category;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;
 
 class CategoriesController extends Controller
@@ -22,10 +23,10 @@ class CategoriesController extends Controller
     public function index(Request $request)
     {
         $this->authorize('view', Category::class);
-        $allowed_columns = ['id', 'name','category_type', 'category_type','use_default_eula','eula_text', 'require_acceptance','checkin_email', 'assets_count', 'accessories_count', 'consumables_count', 'components_count','licenses_count', 'image'];
+        $allowed_columns = ['id', 'name', 'category_type', 'category_type', 'use_default_eula', 'eula_text', 'require_acceptance', 'checkin_email', 'assets_count', 'accessories_count', 'consumables_count', 'components_count', 'licenses_count', 'image'];
 
-        $categories = Category::select(['id', 'created_at', 'updated_at', 'name','category_type','use_default_eula','eula_text', 'require_acceptance','checkin_email','image'])
-            ->withCount('assets as assets_count', 'accessories as accessories_count', 'consumables as consumables_count', 'components as components_count','licenses as licenses_count');
+        $categories = Category::select(['id', 'created_at', 'updated_at', 'name', 'category_type', 'use_default_eula', 'eula_text', 'require_acceptance', 'checkin_email', 'image'])
+            ->withCount('assets as assets_count', 'accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'licenses as licenses_count');
 
         if ($request->filled('search')) {
             $categories = $categories->TextSearch($request->input('search'));
@@ -44,6 +45,7 @@ class CategoriesController extends Controller
 
         $total = $categories->count();
         $categories = $categories->skip($offset)->take($limit)->get();
+
         return (new CategoriesTransformer)->transformCategories($categories, $total);
 
     }
@@ -54,14 +56,16 @@ class CategoriesController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest $request
      * @return \Illuminate\Http\Response
      */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
     {
         $this->authorize('create', Category::class);
         $category = new Category;
         $category->fill($request->all());
+        $category->category_type = strtolower($request->input('category_type'));
+        $category = $request->handleImages($category);
 
         if ($category->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $category, trans('admin/categories/message.create.success')));
@@ -92,15 +96,17 @@ class CategoriesController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
     {
         $this->authorize('update', Category::class);
         $category = Category::findOrFail($id);
         $category->fill($request->all());
+        $category->category_type = strtolower($request->input('category_type'));
+        $category = $request->handleImages($category);
 
         if ($category->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $category, trans('admin/categories/message.update.success')));
@@ -122,14 +128,14 @@ class CategoriesController extends Controller
         $this->authorize('delete', Category::class);
         $category = Category::findOrFail($id);
 
-        if (!$category->isDeletable()) {
+        if (! $category->isDeletable()) {
             return response()->json(
-                Helper::formatStandardApiResponse('error', null,  trans('admin/categories/message.assoc_items', ['asset_type'=>$category->category_type]))
+                Helper::formatStandardApiResponse('error', null, trans('admin/categories/message.assoc_items', ['asset_type'=>$category->category_type]))
             );
         }
         $category->delete();
-        return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/categories/message.delete.success')));
 
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/categories/message.delete.success')));
     }
 
 
@@ -139,11 +145,10 @@ class CategoriesController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0.16]
      * @see \App\Http\Transformers\SelectlistTransformer
-     *
      */
     public function selectlist(Request $request, $category_type = 'asset')
     {
-
+        $this->authorize('view.selectlists');
         $categories = Category::select([
             'id',
             'name',
@@ -164,7 +169,5 @@ class CategoriesController extends Controller
         }
 
         return (new SelectlistTransformer)->transformSelectlist($categories);
-
     }
-
 }

app/Http/Controllers/Api/CompaniesController.php

@@ -8,6 +8,7 @@ use App\Http\Transformers\CompaniesTransformer;
 use App\Http\Transformers\SelectlistTransformer;
 use App\Models\Company;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;
 
 class CompaniesController extends Controller
@@ -36,7 +37,7 @@ class CompaniesController extends Controller
             'components_count',
         ];
 
-        $companies = Company::withCount('assets as assets_count','licenses as licenses_count','accessories as accessories_count','consumables as consumables_count','components as components_count','users as users_count');
+        $companies = Company::withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'users as users_count');
 
         if ($request->filled('search')) {
             $companies->TextSearch($request->input('search'));
@@ -65,21 +66,22 @@ class CompaniesController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest $request
      * @return \Illuminate\Http\Response
      */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
     {
         $this->authorize('create', Company::class);
         $company = new Company;
         $company->fill($request->all());
-
+        $company = $request->handleImages($company);
+        
         if ($company->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', (new CompaniesTransformer)->transformCompany($company), trans('admin/companies/message.create.success')));
         }
+
         return response()
             ->json(Helper::formatStandardApiResponse('error', null, $company->getErrors()));
-
     }
 
     /**
@@ -104,15 +106,16 @@ class CompaniesController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
     {
         $this->authorize('update', Company::class);
         $company = Company::findOrFail($id);
         $company->fill($request->all());
+        $company = $request->handleImages($company);
 
         if ($company->save()) {
             return response()
@@ -137,13 +140,14 @@ class CompaniesController extends Controller
         $company = Company::findOrFail($id);
         $this->authorize('delete', $company);
 
-        if ( !$company->isDeletable() ) {
+        if (! $company->isDeletable()) {
             return response()
-                    ->json(Helper::formatStandardApiResponse('error', null,  trans('admin/companies/message.assoc_users')));
+                    ->json(Helper::formatStandardApiResponse('error', null, trans('admin/companies/message.assoc_users')));
         }
         $company->delete();
+
         return response()
-            ->json(Helper::formatStandardApiResponse('success', null,  trans('admin/companies/message.delete.success')));
+            ->json(Helper::formatStandardApiResponse('success', null, trans('admin/companies/message.delete.success')));
     }
 
     /**
@@ -152,11 +156,10 @@ class CompaniesController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0.16]
      * @see \App\Http\Transformers\SelectlistTransformer
-     *
      */
     public function selectlist(Request $request)
     {
-
+        $this->authorize('view.selectlists');
         $companies = Company::select([
             'companies.id',
             'companies.name',

app/Http/Controllers/Api/ComponentsController.php

@@ -8,6 +8,10 @@ use App\Http\Transformers\ComponentsTransformer;
 use App\Models\Company;
 use App\Models\Component;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
+use App\Events\CheckoutableCheckedIn;
+use App\Events\ComponentCheckedIn;
+use App\Models\Asset;
 
 class ComponentsController extends Controller
 {
@@ -22,23 +26,45 @@ class ComponentsController extends Controller
     public function index(Request $request)
     {
         $this->authorize('view', Component::class);
+
+        // This array is what determines which fields should be allowed to be sorted on ON the table itself, no relations
+        // Relations will be handled in query scopes a little further down.
+        $allowed_columns = 
+            [
+                'id',
+                'name',
+                'min_amt',
+                'order_number',
+                'serial',
+                'purchase_date',
+                'purchase_cost',
+                'qty',
+                'image',
+                'notes',
+            ];
+
+
         $components = Company::scopeCompanyables(Component::select('components.*')
-            ->with('company', 'location', 'category'));
+            ->with('company', 'location', 'category', 'assets'));
 
         if ($request->filled('search')) {
             $components = $components->TextSearch($request->input('search'));
         }
 
         if ($request->filled('company_id')) {
-            $components->where('company_id','=',$request->input('company_id'));
+            $components->where('company_id', '=', $request->input('company_id'));
         }
 
         if ($request->filled('category_id')) {
-            $components->where('category_id','=',$request->input('category_id'));
+            $components->where('category_id', '=', $request->input('category_id'));
         }
 
         if ($request->filled('location_id')) {
-            $components->where('location_id','=',$request->input('location_id'));
+            $components->where('location_id', '=', $request->input('location_id'));
+        }
+
+        if ($request->filled('notes')) {
+            $components->where('notes','=',$request->input('notes'));
         }
 
         // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
@@ -48,11 +74,12 @@ class ComponentsController extends Controller
         // Check to make sure the limit is not higher than the max allowed
         ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
 
-        $allowed_columns = ['id','name','min_amt','order_number','serial','purchase_date','purchase_cost','company','category','qty','location','image'];
+        
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
+        $sort_override =  $request->input('sort');
+        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'created_at';
 
-        switch ($sort) {
+        switch ($sort_override) {
             case 'category':
                 $components = $components->OrderCategory($order);
                 break;
@@ -63,12 +90,13 @@ class ComponentsController extends Controller
                 $components = $components->OrderCompany($order);
                 break;
             default:
-                $components = $components->orderBy($sort, $order);
+                $components = $components->orderBy($column_sort, $order);
                 break;
         }
 
         $total = $components->count();
         $components = $components->skip($offset)->take($limit)->get();
+
         return (new ComponentsTransformer)->transformComponents($components, $total);
     }
 
@@ -78,18 +106,20 @@ class ComponentsController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
      * @return \Illuminate\Http\Response
      */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
     {
         $this->authorize('create', Component::class);
         $component = new Component;
         $component->fill($request->all());
+        $component = $request->handleImages($component);
 
         if ($component->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $component, trans('admin/components/message.create.success')));
         }
+
         return response()->json(Helper::formatStandardApiResponse('error', null, $component->getErrors()));
     }
 
@@ -110,21 +140,22 @@ class ComponentsController extends Controller
         }
     }
 
-
     /**
      * Update the specified resource in storage.
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param   \App\Http\Requests\ImageUploadRequest  $request
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
     {
         $this->authorize('update', Component::class);
         $component = Component::findOrFail($id);
         $component->fill($request->all());
+        $component = $request->handleImages($component);
+        
 
         if ($component->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $component, trans('admin/components/message.update.success')));
@@ -147,6 +178,7 @@ class ComponentsController extends Controller
         $component = Component::findOrFail($id);
         $this->authorize('delete', $component);
         $component->delete();
+
         return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/components/message.delete.success')));
     }
 
@@ -170,6 +202,122 @@ class ComponentsController extends Controller
         $limit = $request->input('limit', 50);
         $total = $assets->count();
         $assets = $assets->skip($offset)->take($limit)->get();
+
         return (new ComponentsTransformer)->transformCheckedoutComponents($assets, $total);
     }
+
+
+    /**
+     * Validate and checkout the component.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * t
+     * @since [v5.1.8]
+     * @param Request $request
+     * @param int $componentId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function checkout(Request $request, $componentId)
+    {
+        // Check if the component exists
+        if (is_null($component = Component::find($componentId))) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.does_not_exist')));
+        }
+
+        $this->authorize('checkout', $component);
+
+
+        if ($component->numRemaining() >= $request->get('assigned_qty')) {
+
+            if (!$asset = Asset::find($request->input('assigned_to'))) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')));
+            }
+
+            // Update the accessory data
+            $component->assigned_to = $request->input('assigned_to');
+
+            $component->assets()->attach($component->id, [
+                'component_id' => $component->id,
+                'created_at' => \Carbon::now(),
+                'assigned_qty' => $request->get('assigned_qty', 1),
+                'user_id' => \Auth::id(),
+                'asset_id' => $request->get('assigned_to')
+            ]);
+
+            $component->logCheckout($request->input('note'), $asset);
+
+            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/components/message.checkout.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, 'Not enough components remaining: '.$component->numRemaining().' remaining, '.$request->get('assigned_qty').' requested.'));
+    }
+
+    /**
+     * Validate and store checkin data.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v5.1.8]
+     * @param Request $request
+     * @param $component_asset_id
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function checkin(Request $request, $component_asset_id)
+    {
+        if ($component_assets = \DB::table('components_assets')->find($component_asset_id)) {
+
+            if (is_null($component = Component::find($component_assets->component_id))) {
+
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.not_found')));
+            }
+
+            $this->authorize('checkin', $component);
+
+            $max_to_checkin = $component_assets->assigned_qty;
+
+            if ($max_to_checkin > 1) {
+                
+                $validator = \Validator::make($request->all(), [
+                    "checkin_qty" => "required|numeric|between:1,$max_to_checkin"
+                ]);
+    
+                if ($validator->fails()) {
+                    return response()->json(Helper::formatStandardApiResponse('error', null, 'Checkin quantity must be between 1 and '.$max_to_checkin));
+                }
+            }
+            
+
+            // Validation passed, so let's figure out what we have to do here.
+            $qty_remaining_in_checkout = ($component_assets->assigned_qty - (int)$request->input('checkin_qty', 1));
+
+            // We have to modify the record to reflect the new qty that's
+            // actually checked out.
+            $component_assets->assigned_qty = $qty_remaining_in_checkout;
+
+            \Log::debug($component_asset_id.' - '.$qty_remaining_in_checkout.' remaining in record '.$component_assets->id);
+            
+            \DB::table('components_assets')->where('id',
+                $component_asset_id)->update(['assigned_qty' => $qty_remaining_in_checkout]);
+
+            // If the checked-in qty is exactly the same as the assigned_qty,
+            // we can simply delete the associated components_assets record
+            if ($qty_remaining_in_checkout == 0) {
+                \DB::table('components_assets')->where('id', '=', $component_asset_id)->delete();
+            }
+            
+
+            $asset = Asset::find($component_assets->asset_id);
+
+            event(new CheckoutableCheckedIn($component, $asset, \Auth::user(), $request->input('note'), \Carbon::now()));
+
+            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/components/message.checkin.success')));
+
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, 'No matching checkouts for that component join record'));
+
+    
+    }
+
 }

app/Http/Controllers/Api/ConsumablesController.php

@@ -10,6 +10,7 @@ use App\Models\Company;
 use App\Models\Consumable;
 use App\Models\User;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 
 class ConsumablesController extends Controller
 {
@@ -24,6 +25,27 @@ class ConsumablesController extends Controller
     public function index(Request $request)
     {
         $this->authorize('index', Consumable::class);
+
+        // This array is what determines which fields should be allowed to be sorted on ON the table itself, no relations
+        // Relations will be handled in query scopes a little further down.
+        $allowed_columns = 
+            [
+                'id',
+                'name',
+                'order_number',
+                'min_amt',
+                'purchase_date',
+                'purchase_cost',
+                'company',
+                'category',
+                'model_number', 
+                'item_no', 
+                'qty',
+                'image',
+                'notes',
+                ];
+
+
         $consumables = Company::scopeCompanyables(
             Consumable::select('consumables.*')
                 ->with('company', 'location', 'category', 'users', 'manufacturer')
@@ -34,15 +56,27 @@ class ConsumablesController extends Controller
         }
 
         if ($request->filled('company_id')) {
-            $consumables->where('company_id','=',$request->input('company_id'));
+            $consumables->where('company_id', '=', $request->input('company_id'));
         }
 
         if ($request->filled('category_id')) {
-            $consumables->where('category_id','=',$request->input('category_id'));
+            $consumables->where('category_id', '=', $request->input('category_id'));
+        }
+
+        if ($request->filled('model_number')) {
+            $consumables->where('model_number','=',$request->input('model_number'));
         }
 
         if ($request->filled('manufacturer_id')) {
-            $consumables->where('manufacturer_id','=',$request->input('manufacturer_id'));
+            $consumables->where('manufacturer_id', '=', $request->input('manufacturer_id'));
+        }
+
+        if ($request->filled('location_id')) {
+            $consumables->where('location_id','=',$request->input('location_id'));
+        }
+
+        if ($request->filled('notes')) {
+            $consumables->where('notes','=',$request->input('notes'));
         }
 
 
@@ -53,12 +87,14 @@ class ConsumablesController extends Controller
         // Check to make sure the limit is not higher than the max allowed
         ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
 
-        $allowed_columns = ['id','name','order_number','min_amt','purchase_date','purchase_cost','company','category','model_number', 'item_no', 'manufacturer','location','qty','image'];
+        $allowed_columns = ['id', 'name', 'order_number', 'min_amt', 'purchase_date', 'purchase_cost', 'company', 'category', 'model_number', 'item_no', 'manufacturer', 'location', 'qty', 'image'];
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
+
+        $sort_override =  $request->input('sort');
+        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'created_at';
 
 
-        switch ($sort) {
+        switch ($sort_override) {
             case 'category':
                 $consumables = $consumables->OrderCategory($order);
                 break;
@@ -72,36 +108,35 @@ class ConsumablesController extends Controller
                 $consumables = $consumables->OrderCompany($order);
                 break;
             default:
-                $consumables = $consumables->orderBy($sort, $order);
+                $consumables = $consumables->orderBy($column_sort, $order);
                 break;
         }
 
-
-
         $total = $consumables->count();
         $consumables = $consumables->skip($offset)->take($limit)->get();
+
         return (new ConsumablesTransformer)->transformConsumables($consumables, $total);
-
     }
 
-
     /**
      * Store a newly created resource in storage.
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request $request
+     * @param  \App\Http\Requests\ImageUploadRequest $request
      * @return \Illuminate\Http\Response
      */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
     {
         $this->authorize('create', Consumable::class);
         $consumable = new Consumable;
         $consumable->fill($request->all());
+        $consumable = $request->handleImages($consumable);
 
         if ($consumable->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $consumable, trans('admin/consumables/message.create.success')));
         }
+
         return response()->json(Helper::formatStandardApiResponse('error', null, $consumable->getErrors()));
     }
 
@@ -116,25 +151,26 @@ class ConsumablesController extends Controller
     {
         $this->authorize('view', Consumable::class);
         $consumable = Consumable::findOrFail($id);
+
         return (new ConsumablesTransformer)->transformConsumable($consumable);
     }
 
-
     /**
      * Update the specified resource in storage.
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request $request
+     * @param  \App\Http\Requests\ImageUploadRequest $request
      * @param  int $id
      * @return \Illuminate\Http\Response
      */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
     {
         $this->authorize('update', Consumable::class);
         $consumable = Consumable::findOrFail($id);
         $consumable->fill($request->all());
-
+        $consumable = $request->handleImages($consumable);
+        
         if ($consumable->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $consumable, trans('admin/consumables/message.update.success')));
         }
@@ -156,7 +192,8 @@ class ConsumablesController extends Controller
         $consumable = Consumable::findOrFail($id);
         $this->authorize('delete', $consumable);
         $consumable->delete();
-        return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/consumables/message.delete.success')));
+
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/consumables/message.delete.success')));
     }
 
     /**
@@ -170,21 +207,20 @@ class ConsumablesController extends Controller
      */
     public function getDataView($consumableId)
     {
-        $consumable = Consumable::with(array('consumableAssignments'=>
-        function ($query) {
+        $consumable = Consumable::with(['consumableAssignments'=> function ($query) {
             $query->orderBy($query->getModel()->getTable().'.created_at', 'DESC');
         },
         'consumableAssignments.admin'=> function ($query) {
         },
         'consumableAssignments.user'=> function ($query) {
         },
-        ))->find($consumableId);
+        ])->find($consumableId);
 
-        if (!Company::isCurrentUserHasAccess($consumable)) {
+        if (! Company::isCurrentUserHasAccess($consumable)) {
             return ['total' => 0, 'rows' => []];
         }
         $this->authorize('view', Consumable::class);
-        $rows = array();
+        $rows = [];
 
         foreach ($consumable->consumableAssignments as $consumable_assignment) {
             $rows[] = [
@@ -195,7 +231,8 @@ class ConsumablesController extends Controller
         }
 
         $consumableCount = $consumable->users->count();
-        $data = array('total' => $consumableCount, 'rows' => $rows);
+        $data = ['total' => $consumableCount, 'rows' => $rows];
+
         return $data;
     }
 
@@ -231,7 +268,7 @@ class ConsumablesController extends Controller
             $consumable->users()->attach($consumable->id, [
                 'consumable_id' => $consumable->id,
                 'user_id' => $user->id,
-                'assigned_to' => $assigned_to
+                'assigned_to' => $assigned_to,
             ]);
 
             // Log checkout event
@@ -244,7 +281,7 @@ class ConsumablesController extends Controller
             $data['note'] = $logaction->note;
             $data['require_acceptance'] = $consumable->requireAcceptance();
 
-            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/consumables/message.checkout.success')));
+            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/consumables/message.checkout.success')));
         }
 
         return response()->json(Helper::formatStandardApiResponse('error', null, 'No consumables remaining'));
@@ -254,14 +291,12 @@ class ConsumablesController extends Controller
     * Gets a paginated collection for the select2 menus
     *
     * @see \App\Http\Transformers\SelectlistTransformer
-    *
     */
     public function selectlist(Request $request)
     {
-
         $consumables = Consumable::select([
             'consumables.id',
-            'consumables.name'
+            'consumables.name',
         ]);
 
         if ($request->filled('search')) {
@@ -270,7 +305,6 @@ class ConsumablesController extends Controller
 
         $consumables = $consumables->orderBy('name', 'ASC')->paginate(50);
 
-
         return (new SelectlistTransformer)->transformSelectlist($consumables);
     }
 }

app/Http/Controllers/Api/CustomFieldsController.php

@@ -18,26 +18,26 @@ class CustomFieldsController extends Controller
      * @author [Brady Wetherington] [<uberbrady@gmail.com>]
      * @param  int  $id
      * @since [v3.0]
-     * @return Array
+     * @return array
      */
-
     public function index()
     {
         $this->authorize('index', CustomField::class);
         $fields = CustomField::get();
+
         return (new CustomFieldsTransformer)->transformCustomFields($fields, $fields->count());
     }
 
     /**
-    * Shows the given field
-    * @author [V. Cordes] [<volker@fdatek.de>]
-    * @param int $id
-    * @since [v4.1.10]
-    * @return View
-    */
+     * Shows the given field
+     * @author [V. Cordes] [<volker@fdatek.de>]
+     * @param int $id
+     * @since [v4.1.10]
+     * @return View
+     */
     public function show($id)
     {
-      $this->authorize('view', CustomField::class);
+        $this->authorize('view', CustomField::class);
         if ($field = CustomField::find($id)) {
             return (new CustomFieldsTransformer)->transformCustomField($field);
         }
@@ -45,7 +45,7 @@ class CustomFieldsController extends Controller
         return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/custom_fields/message.field.invalid')), 200);
     }
 
-     /**
+    /**
      * Update the specified field
      *
      * @author [V. Cordes] [<volker@fdatek.de>]
@@ -80,7 +80,6 @@ class CustomFieldsController extends Controller
         return response()->json(Helper::formatStandardApiResponse('error', null, $field->getErrors()));
     }
 
-
     /**
      * Store a newly created field.
      *
@@ -95,7 +94,14 @@ class CustomFieldsController extends Controller
         $field = new CustomField;
 
         $data = $request->all();
-        $validator = Validator::make($data, $field->validationRules());
+        $regex_format = null;
+
+        if (str_contains($data['format'], 'regex:')) {
+            $regex_format = $data['format'];
+        }
+
+        $validator = Validator::make($data, $field->validationRules($regex_format));
+
         if ($validator->fails()) {
             return response()->json(Helper::formatStandardApiResponse('error', null, $validator->errors()));
         }
@@ -104,8 +110,8 @@ class CustomFieldsController extends Controller
         if ($field->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $field, trans('admin/custom_fields/message.field.create.success')));
         }
-        return response()->json(Helper::formatStandardApiResponse('error', null, $field->getErrors()));
 
+        return response()->json(Helper::formatStandardApiResponse('error', null, $field->getErrors()));
     }
 
     public function postReorder(Request $request, $id)
@@ -114,8 +120,8 @@ class CustomFieldsController extends Controller
 
         $this->authorize('update', $fieldset);
 
-        $fields = array();
-        $order_array = array();
+        $fields = [];
+        $order_array = [];
 
         $items = $request->input('item');
 
@@ -128,7 +134,6 @@ class CustomFieldsController extends Controller
         }
 
         return $fieldset->fields()->sync($fields);
-
     }
 
     public function associate(Request $request, $field_id)
@@ -145,7 +150,8 @@ class CustomFieldsController extends Controller
         }
 
         $fieldset = CustomFieldset::findOrFail($fieldset_id);
-        $fieldset->fields()->attach($field->id, ["required" => ($request->input('required') == "on"), "order" => $request->input('order', $fieldset->fields->count())]);
+        $fieldset->fields()->attach($field->id, ['required' => ($request->input('required') == 'on'), 'order' => $request->input('order', $fieldset->fields->count())]);
+
         return response()->json(Helper::formatStandardApiResponse('success', $fieldset, trans('admin/custom_fields/message.fieldset.update.success')));
     }
 
@@ -159,10 +165,12 @@ class CustomFieldsController extends Controller
         foreach ($field->fieldset as $fieldset) {
             if ($fieldset->id == $fieldset_id) {
                 $fieldset->fields()->detach($field->id);
+
                 return response()->json(Helper::formatStandardApiResponse('success', $fieldset, trans('admin/custom_fields/message.fieldset.update.success')));
             }
         }
         $fieldset = CustomFieldset::findOrFail($fieldset_id);
+
         return response()->json(Helper::formatStandardApiResponse('success', $fieldset, trans('admin/custom_fields/message.fieldset.update.success')));
     }
 
@@ -179,13 +187,12 @@ class CustomFieldsController extends Controller
 
         $this->authorize('delete', $field);
 
-        if ($field->fieldset->count() >0) {
+        if ($field->fieldset->count() > 0) {
             return response()->json(Helper::formatStandardApiResponse('error', null, 'Field is in use.'));
         }
 
         $field->delete();
-        return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/custom_fields/message.field.delete.success')));
 
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/custom_fields/message.field.delete.success')));
     }
-
 }

app/Http/Controllers/Api/CustomFieldsetsController.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace App\Http\Controllers\Api;
 
 use App\Helpers\Helper;
@@ -20,47 +21,43 @@ use View;
  * @author [Brady Wetherington] [<uberbrady@gmail.com>]
  * @author [Josh Gibson]
  */
-
 class CustomFieldsetsController extends Controller
 {
-
     /**
-    * Shows the given fieldset and its fields
-    * @author [A. Gianotto] [<snipe@snipe.net>]
-    * @author [Josh Gibson]
-    * @param int $id
-    * @since [v1.8]
-    * @return View
-    */
+     * Shows the given fieldset and its fields
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @author [Josh Gibson]
+     * @param int $id
+     * @since [v1.8]
+     * @return View
+     */
     public function index()
     {
         $this->authorize('index', CustomFieldset::class);
         $fieldsets = CustomFieldset::withCount('fields as fields_count', 'models as models_count')->get();
-        return (new CustomFieldsetsTransformer)->transformCustomFieldsets($fieldsets, $fieldsets->count());
 
+        return (new CustomFieldsetsTransformer)->transformCustomFieldsets($fieldsets, $fieldsets->count());
     }
 
     /**
-    * Shows the given fieldset and its fields
-    * @author [A. Gianotto] [<snipe@snipe.net>]
-    * @author [Josh Gibson]
-    * @param int $id
-    * @since [v1.8]
-    * @return View
-    */
+     * Shows the given fieldset and its fields
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @author [Josh Gibson]
+     * @param int $id
+     * @since [v1.8]
+     * @return View
+     */
     public function show($id)
     {
-      $this->authorize('view', CustomFieldset::class);
+        $this->authorize('view', CustomFieldset::class);
         if ($fieldset = CustomFieldset::find($id)) {
             return (new CustomFieldsetsTransformer)->transformCustomFieldset($fieldset);
         }
 
         return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/custom_fields/message.fieldset.does_not_exist')), 200);
-
     }
 
-
-     /**
+    /**
      * Update the specified resource in storage.
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
@@ -82,7 +79,6 @@ class CustomFieldsetsController extends Controller
         return response()->json(Helper::formatStandardApiResponse('error', null, $fieldset->getErrors()));
     }
 
-
     /**
      * Store a newly created resource in storage.
      *
@@ -100,11 +96,10 @@ class CustomFieldsetsController extends Controller
         if ($fieldset->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $fieldset, trans('admin/custom_fields/message.fieldset.create.success')));
         }
+
         return response()->json(Helper::formatStandardApiResponse('error', null, $fieldset->getErrors()));
-
     }
 
-
     /**
      * Delete a custom fieldset.
      *
@@ -120,18 +115,15 @@ class CustomFieldsetsController extends Controller
         $modelsCount = $fieldset->models->count();
         $fieldsCount = $fieldset->fields->count();
 
-        if (($modelsCount > 0) || ($fieldsCount > 0) ){
+        if (($modelsCount > 0) || ($fieldsCount > 0)) {
             return response()->json(Helper::formatStandardApiResponse('error', null, 'Fieldset is in use.'));
         }
 
-         if ($fieldset->delete()) {
-             return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/custom_fields/message.fieldset.delete.success')));
-         }
+        if ($fieldset->delete()) {
+            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/custom_fields/message.fieldset.delete.success')));
+        }
 
         return response()->json(Helper::formatStandardApiResponse('error', null, 'Unspecified error'));
-
-
-
     }
 
     /**
@@ -147,6 +139,7 @@ class CustomFieldsetsController extends Controller
         $this->authorize('view', CustomFieldset::class);
         $set = CustomFieldset::findOrFail($id);
         $fields = $set->fields;
+
         return (new CustomFieldsTransformer)->transformCustomFields($fields, $fields->count());
     }
 

app/Http/Controllers/Api/DepartmentsController.php

@@ -6,9 +6,11 @@ use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Http\Transformers\DepartmentsTransformer;
 use App\Http\Transformers\SelectlistTransformer;
+use App\Models\Company;
 use App\Models\Department;
 use Auth;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;
 
 class DepartmentsController extends Controller
@@ -23,9 +25,9 @@ class DepartmentsController extends Controller
     public function index(Request $request)
     {
         $this->authorize('view', Department::class);
-        $allowed_columns = ['id','name','image','users_count'];
+        $allowed_columns = ['id', 'name', 'image', 'users_count'];
 
-        $departments = Department::select([
+        $departments = Company::scopeCompanyables(Department::select(
             'departments.id',
             'departments.name',
             'departments.location_id',
@@ -33,8 +35,8 @@ class DepartmentsController extends Controller
             'departments.manager_id',
             'departments.created_at',
             'departments.updated_at',
-            'departments.image'
-        ])->with('users')->with('location')->with('manager')->with('company')->withCount('users as users_count');
+            'departments.image'),
+             "company_id", "departments")->with('users')->with('location')->with('manager')->with('company')->withCount('users as users_count');
 
         if ($request->filled('search')) {
             $departments = $departments->TextSearch($request->input('search'));
@@ -73,16 +75,18 @@ class DepartmentsController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
      * @return \Illuminate\Http\Response
      */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
     {
         $this->authorize('create', Department::class);
         $department = new Department;
         $department->fill($request->all());
+        $department = $request->handleImages($department);
+
         $department->user_id = Auth::user()->id;
-        $department->manager_id = ($request->filled('manager_id' ) ? $request->input('manager_id') : null);
+        $department->manager_id = ($request->filled('manager_id') ? $request->input('manager_id') : null);
 
         if ($department->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $department, trans('admin/departments/message.create.success')));
@@ -103,6 +107,7 @@ class DepartmentsController extends Controller
     {
         $this->authorize('view', Department::class);
         $department = Department::findOrFail($id);
+
         return (new DepartmentsTransformer)->transformDepartment($department);
     }
 
@@ -111,15 +116,16 @@ class DepartmentsController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v5.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
     {
         $this->authorize('update', Department::class);
         $department = Department::findOrFail($id);
         $department->fill($request->all());
+        $department = $request->handleImages($department);
 
         if ($department->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $department, trans('admin/departments/message.update.success')));
@@ -129,7 +135,6 @@ class DepartmentsController extends Controller
     }
 
 
-
     /**
      * Validates and deletes selected department.
      *
@@ -159,11 +164,11 @@ class DepartmentsController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0.16]
      * @see \App\Http\Transformers\SelectlistTransformer
-     *
      */
     public function selectlist(Request $request)
     {
 
+        $this->authorize('view.selectlists');
         $departments = Department::select([
             'id',
             'name',
@@ -184,7 +189,5 @@ class DepartmentsController extends Controller
         }
 
         return (new SelectlistTransformer)->transformSelectlist($departments);
-
     }
-
 }

app/Http/Controllers/Api/DepreciationsController.php

@@ -20,9 +20,9 @@ class DepreciationsController extends Controller
     public function index(Request $request)
     {
         $this->authorize('view', Depreciation::class);
-        $allowed_columns = ['id','name','created_at'];
+        $allowed_columns = ['id','name','months','depreciation_min','created_at'];
 
-        $depreciations = Depreciation::select('id','name','months','user_id','created_at','updated_at');
+        $depreciations = Depreciation::select('id','name','months','depreciation_min','user_id','created_at','updated_at');
 
         if ($request->filled('search')) {
             $depreciations = $depreciations->TextSearch($request->input('search'));
@@ -41,10 +41,10 @@ class DepreciationsController extends Controller
 
         $total = $depreciations->count();
         $depreciations = $depreciations->skip($offset)->take($limit)->get();
+
         return (new DepreciationsTransformer)->transformDepreciations($depreciations, $total);
     }
 
-
     /**
      * Store a newly created resource in storage.
      *
@@ -62,8 +62,8 @@ class DepreciationsController extends Controller
         if ($depreciation->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $depreciation, trans('admin/depreciations/message.create.success')));
         }
-        return response()->json(Helper::formatStandardApiResponse('error', null, $depreciation->getErrors()));
 
+        return response()->json(Helper::formatStandardApiResponse('error', null, $depreciation->getErrors()));
     }
 
     /**
@@ -78,10 +78,10 @@ class DepreciationsController extends Controller
     {
         $this->authorize('view', Depreciation::class);
         $depreciation = Depreciation::findOrFail($id);
+
         return (new DepreciationsTransformer)->transformDepreciation($depreciation);
     }
 
-
     /**
      * Update the specified resource in storage.
      *
@@ -123,10 +123,7 @@ class DepreciationsController extends Controller
         }
 
         $depreciation->delete();
-        return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/depreciations/message.delete.success')));
 
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/depreciations/message.delete.success')));
     }
-
-
-
 }

app/Http/Controllers/Api/GroupsController.php

@@ -20,9 +20,9 @@ class GroupsController extends Controller
     public function index(Request $request)
     {
         $this->authorize('view', Group::class);
-        $allowed_columns = ['id','name','created_at', 'users_count'];
+        $allowed_columns = ['id', 'name', 'created_at', 'users_count'];
 
-        $groups = Group::select('id','name','permissions','created_at','updated_at')->withCount('users as users_count');
+        $groups = Group::select('id', 'name', 'permissions', 'created_at', 'updated_at')->withCount('users as users_count');
 
         if ($request->filled('search')) {
             $groups = $groups->TextSearch($request->input('search'));
@@ -41,10 +41,10 @@ class GroupsController extends Controller
 
         $total = $groups->count();
         $groups = $groups->skip($offset)->take($limit)->get();
+
         return (new GroupsTransformer)->transformGroups($groups, $total);
     }
 
-
     /**
      * Store a newly created resource in storage.
      *
@@ -62,8 +62,8 @@ class GroupsController extends Controller
         if ($group->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.create.success')));
         }
-        return response()->json(Helper::formatStandardApiResponse('error', null, $group->getErrors()));
 
+        return response()->json(Helper::formatStandardApiResponse('error', null, $group->getErrors()));
     }
 
     /**
@@ -78,10 +78,10 @@ class GroupsController extends Controller
     {
         $this->authorize('view', Group::class);
         $group = Group::findOrFail($id);
+
         return (new GroupsTransformer)->transformGroup($group);
     }
 
-
     /**
      * Update the specified resource in storage.
      *
@@ -118,9 +118,7 @@ class GroupsController extends Controller
         $group = Group::findOrFail($id);
         $this->authorize('delete', $group);
         $group->delete();
-        return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/groups/message.delete.success')));
 
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/groups/message.delete.success')));
     }
-
-
 }

app/Http/Controllers/Api/ImportController.php

@@ -27,8 +27,8 @@ class ImportController extends Controller
     {
         $this->authorize('import');
         $imports = Import::latest()->get();
-        return (new ImportsTransformer)->transformImports($imports);
 
+        return (new ImportsTransformer)->transformImports($imports);
     }
 
     /**
@@ -40,25 +40,28 @@ class ImportController extends Controller
     public function store()
     {
         $this->authorize('import');
-        if (!config('app.lock_passwords')) {
+        if (! config('app.lock_passwords')) {
             $files = Request::file('files');
             $path = config('app.private_uploads').'/imports';
             $results = [];
             $import = new Import;
             foreach ($files as $file) {
-                if (!in_array($file->getMimeType(), array(
+                if (! in_array($file->getMimeType(), [
                     'application/vnd.ms-excel',
                     'text/csv',
+                    'application/csv',
+                    'text/x-Algol68', // because wtf CSV files?
                     'text/plain',
                     'text/comma-separated-values',
-                    'text/tsv'))) {
-                    $results['error']='File type must be CSV';
+                    'text/tsv', ])) {
+                    $results['error'] = 'File type must be CSV. Uploaded file is '.$file->getMimeType();
+
                     return response()->json(Helper::formatStandardApiResponse('error', null, $results['error']), 500);
                 }
 
                 //TODO: is there a lighter way to do this?
-                if (! ini_get("auto_detect_line_endings")) {
-                    ini_set("auto_detect_line_endings", '1');
+                if (! ini_get('auto_detect_line_endings')) {
+                    ini_set('auto_detect_line_endings', '1');
                 }
                 $reader = Reader::createFromFileObject($file->openFile('r')); //file pointer leak?
                 $import->header_row = $reader->fetchOne(0);
@@ -66,20 +69,20 @@ class ImportController extends Controller
                 //duplicate headers check
                 $duplicate_headers = [];
 
-                for($i = 0; $i<count($import->header_row); $i++) {
+                for ($i = 0; $i < count($import->header_row); $i++) {
                     $header = $import->header_row[$i];
-                    if(in_array($header, $import->header_row)) {
+                    if (in_array($header, $import->header_row)) {
                         $found_at = array_search($header, $import->header_row);
-                        if($i > $found_at) {
+                        if ($i > $found_at) {
                             //avoid reporting duplicates twice, e.g. "1 is same as 17! 17 is same as 1!!!"
                             //as well as "1 is same as 1!!!" (which is always true)
                             //has to be > because otherwise the first result of array_search will always be $i itself(!)
-                            array_push($duplicate_headers,"Duplicate header '$header' detected, first at column: ".($found_at+1).", repeats at column: ".($i+1));
+                            array_push($duplicate_headers, "Duplicate header '$header' detected, first at column: ".($found_at + 1).', repeats at column: '.($i + 1));
                         }
                     }
                 }
-                if(count($duplicate_headers) > 0) {
-                    return response()->json(Helper::formatStandardApiResponse('error',null, implode("; ",$duplicate_headers)), 500); //should this be '4xx'?
+                if (count($duplicate_headers) > 0) {
+                    return response()->json(Helper::formatStandardApiResponse('error', null, implode('; ', $duplicate_headers)), 500); //should this be '4xx'?
                 }
 
                 // Grab the first row to display via ajax as the user picks fields
@@ -90,10 +93,11 @@ class ImportController extends Controller
                 try {
                     $file->move($path, $date.'-'.$fixed_filename);
                 } catch (FileException $exception) {
-                    $results['error']=trans('admin/hardware/message.upload.error');
+                    $results['error'] = trans('admin/hardware/message.upload.error');
                     if (config('app.debug')) {
-                        $results['error'].= ' ' . $exception->getMessage();
+                        $results['error'] .= ' '.$exception->getMessage();
                     }
+
                     return response()->json(Helper::formatStandardApiResponse('error', null, $results['error']), 500);
                 }
                 $file_name = date('Y-m-d-his').'-'.$fixed_filename;
@@ -103,12 +107,15 @@ class ImportController extends Controller
                 $results[] = $import;
             }
             $results = (new ImportsTransformer)->transformImports($results);
+
             return [
                 'files' => $results,
             ];
         }
+
         return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.feature_disabled')), 500);
     }
+
     /**
      * Processes the specified Import.
      *
@@ -127,26 +134,33 @@ class ImportController extends Controller
             \Log::debug('NO BACKUP requested via importer');
         }
 
-        $errors = $request->import(Import::find($import_id));
-        $redirectTo = "hardware.index";
+        $import = Import::find($import_id);
+
+        if(is_null($import)){
+            $error[0][0] = trans("validation.exists", ["attribute" => "file"]);
+            return response()->json(Helper::formatStandardApiResponse('import-errors', null, $error), 500);
+        }
+
+        $errors = $request->import($import);
+        $redirectTo = 'hardware.index';
         switch ($request->get('import-type')) {
-            case "asset":
-                $redirectTo = "hardware.index";
+            case 'asset':
+                $redirectTo = 'hardware.index';
                 break;
-            case "accessory":
-                $redirectTo = "accessories.index";
+            case 'accessory':
+                $redirectTo = 'accessories.index';
                 break;
-            case "consumable":
-                $redirectTo = "consumables.index";
+            case 'consumable':
+                $redirectTo = 'consumables.index';
                 break;
-            case "component":
-                $redirectTo = "components.index";
+            case 'component':
+                $redirectTo = 'components.index';
                 break;
-            case "license":
-                $redirectTo = "licenses.index";
+            case 'license':
+                $redirectTo = 'licenses.index';
                 break;
-            case "user":
-                $redirectTo = "users.index";
+            case 'user':
+                $redirectTo = 'users.index';
                 break;
         }
 
@@ -155,8 +169,8 @@ class ImportController extends Controller
         }
         //Flash message before the redirect
         Session::flash('success', trans('admin/hardware/message.import.success'));
-        return response()->json(Helper::formatStandardApiResponse('success', null, ['redirect_url' => route($redirectTo)]));
 
+        return response()->json(Helper::formatStandardApiResponse('success', null, ['redirect_url' => route($redirectTo)]));
     }
 
     /**
@@ -168,20 +182,20 @@ class ImportController extends Controller
     public function destroy($import_id)
     {
         $this->authorize('create', Asset::class);
-        
+
         if ($import = Import::find($import_id)) {
             try {
                 // Try to delete the file
                 Storage::delete('imports/'.$import->file_path);
                 $import->delete();
-                return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/hardware/message.import.file_delete_success')));
 
+                return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/hardware/message.import.file_delete_success')));
             } catch (\Exception $e) {
                 // If the file delete didn't work, remove it from the database anyway and return a warning
                 $import->delete();
+
                 return response()->json(Helper::formatStandardApiResponse('warning', null, trans('admin/hardware/message.import.file_not_deleted_warning')));
             }
         }
-
     }
 }

app/Http/Controllers/Api/LicenseSeatsController.php

@@ -0,0 +1,148 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\LicenseSeatsTransformer;
+use App\Models\Asset;
+use App\Models\License;
+use App\Models\LicenseSeat;
+use App\Models\User;
+use Auth;
+use Illuminate\Http\Request;
+
+class LicenseSeatsController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $licenseId
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request, $licenseId)
+    {
+        //
+        if ($license = License::find($licenseId)) {
+            $this->authorize('view', $license);
+
+            $seats = LicenseSeat::with('license', 'user', 'asset', 'user.department')
+                ->where('license_seats.license_id', $licenseId);
+
+            $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+
+            if ($request->input('sort') == 'department') {
+                $seats->OrderDepartments($order);
+            } else {
+                $seats->orderBy('id', $order);
+            }
+
+            $total = $seats->count();
+            $offset = (($seats) && (request('offset') > $total)) ? 0 : request('offset', 0);
+            $limit = request('limit', 50);
+
+            $seats = $seats->skip($offset)->take($limit)->get();
+
+            if ($seats) {
+                return (new LicenseSeatsTransformer)->transformLicenseSeats($seats, $total);
+            }
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/licenses/message.does_not_exist')), 200);
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @param  int  $licenseId
+     * @param  int  $seatId
+     * @return \Illuminate\Http\Response
+     */
+    public function show($licenseId, $seatId)
+    {
+        //
+        $this->authorize('view', License::class);
+        // sanity checks:
+        // 1. does the license seat exist?
+        if (! $licenseSeat = LicenseSeat::find($seatId)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Seat not found'));
+        }
+        // 2. does the seat belong to the specified license?
+        if (! $license = $licenseSeat->license()->first() || $license->id != intval($licenseId)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Seat does not belong to the specified license'));
+        }
+
+        return (new LicenseSeatsTransformer)->transformLicenseSeat($licenseSeat);
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $licenseId
+     * @param  int  $seatId
+     * @return \Illuminate\Http\Response
+     */
+    public function update(Request $request, $licenseId, $seatId)
+    {
+        $this->authorize('checkout', License::class);
+
+        // sanity checks:
+        // 1. does the license seat exist?
+        if (! $licenseSeat = LicenseSeat::find($seatId)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Seat not found'));
+        }
+        // 2. does the seat belong to the specified license?
+        if (! $license = $licenseSeat->license()->first() || $license->id != intval($licenseId)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Seat does not belong to the specified license'));
+        }
+
+        $oldUser = $licenseSeat->user()->first();
+        $oldAsset = $licenseSeat->asset()->first();
+
+        // attempt to update the license seat
+        $licenseSeat->fill($request->all());
+        $licenseSeat->user_id = Auth::user()->id;
+
+        // check if this update is a checkin operation
+        // 1. are relevant fields touched at all?
+        $touched = $licenseSeat->isDirty('assigned_to') || $licenseSeat->isDirty('asset_id');
+        // 2. are they cleared? if yes then this is a checkin operation
+        $is_checkin = ($touched && $licenseSeat->assigned_to === null && $licenseSeat->asset_id === null);
+
+        if (! $touched) {
+            // nothing to update
+            return response()->json(Helper::formatStandardApiResponse('success', $licenseSeat, trans('admin/licenses/message.update.success')));
+        }
+
+        // the logging functions expect only one "target". if both asset and user are present in the request,
+        // we simply let assets take precedence over users...
+        if ($licenseSeat->isDirty('assigned_to')) {
+            $target = $is_checkin ? $oldUser : User::find($licenseSeat->assigned_to);
+        }
+        if ($licenseSeat->isDirty('asset_id')) {
+            $target = $is_checkin ? $oldAsset : Asset::find($licenseSeat->asset_id);
+        }
+
+        if (is_null($target)){
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Target not found'));
+        }
+
+        if ($licenseSeat->save()) {
+
+            if ($is_checkin) {
+                $licenseSeat->logCheckin($target, $request->input('note'));
+
+                return response()->json(Helper::formatStandardApiResponse('success', $licenseSeat, trans('admin/licenses/message.update.success')));
+            }
+
+            // in this case, relevant fields are touched but it's not a checkin operation. so it must be a checkout operation.
+            $licenseSeat->logCheckout($request->input('note'), $target);
+
+            return response()->json(Helper::formatStandardApiResponse('success', $licenseSeat, trans('admin/licenses/message.update.success')));
+        }
+
+        return Helper::formatStandardApiResponse('error', null, $licenseSeat->getErrors());
+    }
+}

app/Http/Controllers/Api/LicensesController.php

@@ -26,62 +26,76 @@ class LicensesController extends Controller
     public function index(Request $request)
     {
         $this->authorize('view', License::class);
-        $licenses = Company::scopeCompanyables(License::with('company', 'manufacturer', 'freeSeats', 'supplier','category')->withCount('freeSeats as free_seats_count'));
+        $licenses = Company::scopeCompanyables(License::with('company', 'manufacturer', 'supplier','category')->withCount('freeSeats as free_seats_count'));
 
 
         if ($request->filled('company_id')) {
-            $licenses->where('company_id','=',$request->input('company_id'));
+            $licenses->where('company_id', '=', $request->input('company_id'));
         }
 
         if ($request->filled('name')) {
-            $licenses->where('licenses.name','=',$request->input('name'));
+            $licenses->where('licenses.name', '=', $request->input('name'));
         }
 
         if ($request->filled('product_key')) {
-            $licenses->where('licenses.serial','=',$request->input('product_key'));
+            $licenses->where('licenses.serial', '=', $request->input('product_key'));
         }
 
         if ($request->filled('order_number')) {
-            $licenses->where('order_number','=',$request->input('order_number'));
+            $licenses->where('order_number', '=', $request->input('order_number'));
         }
 
         if ($request->filled('purchase_order')) {
-            $licenses->where('purchase_order','=',$request->input('purchase_order'));
+            $licenses->where('purchase_order', '=', $request->input('purchase_order'));
         }
 
         if ($request->filled('license_name')) {
-            $licenses->where('license_name','=',$request->input('license_name'));
+            $licenses->where('license_name', '=', $request->input('license_name'));
         }
 
         if ($request->filled('license_email')) {
-            $licenses->where('license_email','=',$request->input('license_email'));
+            $licenses->where('license_email', '=', $request->input('license_email'));
         }
 
         if ($request->filled('manufacturer_id')) {
-            $licenses->where('manufacturer_id','=',$request->input('manufacturer_id'));
+            $licenses->where('manufacturer_id', '=', $request->input('manufacturer_id'));
         }
 
         if ($request->filled('supplier_id')) {
-            $licenses->where('supplier_id','=',$request->input('supplier_id'));
+            $licenses->where('supplier_id', '=', $request->input('supplier_id'));
         }
 
         if ($request->filled('category_id')) {
-            $licenses->where('category_id','=',$request->input('category_id'));
+            $licenses->where('category_id', '=', $request->input('category_id'));
         }
 
         if ($request->filled('depreciation_id')) {
-            $licenses->where('depreciation_id','=',$request->input('depreciation_id'));
+            $licenses->where('depreciation_id', '=', $request->input('depreciation_id'));
         }
 
         if ($request->filled('supplier_id')) {
-            $licenses->where('supplier_id','=',$request->input('supplier_id'));
+            $licenses->where('supplier_id', '=', $request->input('supplier_id'));
         }
 
+        if (($request->filled('maintained')) && ($request->input('maintained')=='true')) {
+            $licenses->where('maintained','=',1);
+        } elseif (($request->filled('maintained')) && ($request->input('maintained')=='false')) {
+            $licenses->where('maintained','=',0);
+        }
+
+        if (($request->filled('expires')) && ($request->input('expires')=='true')) {
+            $licenses->whereNotNull('expiration_date');
+        } elseif (($request->filled('expires')) && ($request->input('expires')=='false')) {
+            $licenses->whereNull('expiration_date');
+        }
 
         if ($request->filled('search')) {
             $licenses = $licenses->TextSearch($request->input('search'));
         }
 
+        if ($request->input('deleted')=='true') {
+            $licenses->onlyTrashed();
+        }
 
         // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
         // case we override with the actual count, so we should return 0 items.
@@ -92,7 +106,6 @@ class LicensesController extends Controller
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
 
-
         switch ($request->input('sort')) {
                 case 'manufacturer':
                     $licenses = $licenses->leftJoin('manufacturers', 'licenses.manufacturer_id', '=', 'manufacturers.id')->orderBy('manufacturers.name', $order);
@@ -103,18 +116,38 @@ class LicensesController extends Controller
             case 'category':
                 $licenses = $licenses->leftJoin('categories', 'licenses.category_id', '=', 'categories.id')->orderBy('categories.name', $order);
                 break;
+            case 'depreciation':
+                $licenses = $licenses->leftJoin('depreciations', 'licenses.depreciation_id', '=', 'depreciations.id')->orderBy('depreciations.name', $order);
+                break;
             case 'company':
                 $licenses = $licenses->leftJoin('companies', 'licenses.company_id', '=', 'companies.id')->orderBy('companies.name', $order);
                 break;
             default:
-                $allowed_columns = ['id','name','purchase_cost','expiration_date','purchase_order','order_number','notes','purchase_date','serial','company','category','license_name','license_email','free_seats_count','seats'];
+                $allowed_columns =
+                    [
+                        'id',
+                        'name',
+                        'purchase_cost',
+                        'expiration_date',
+                        'purchase_order',
+                        'order_number',
+                        'notes',
+                        'purchase_date',
+                        'serial',
+                        'company',
+                        'category',
+                        'license_name',
+                        'license_email',
+                        'free_seats_count',
+                        'seats',
+                        'termination_date',
+                        'depreciation_id',
+                    ];
                 $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'created_at';
                 $licenses = $licenses->orderBy($sort, $order);
                 break;
         }
 
-
-
         $total = $licenses->count();
 
         $licenses = $licenses->skip($offset)->take($limit)->get();
@@ -122,9 +155,6 @@ class LicensesController extends Controller
 
     }
 
-
-
-
     /**
      * Store a newly created resource in storage.
      *
@@ -140,9 +170,10 @@ class LicensesController extends Controller
         $license = new License;
         $license->fill($request->all());
 
-        if($license->save()) {
+        if ($license->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $license, trans('admin/licenses/message.create.success')));
         }
+
         return response()->json(Helper::formatStandardApiResponse('error', null, $license->getErrors()));
     }
 
@@ -158,10 +189,10 @@ class LicensesController extends Controller
         $this->authorize('view', License::class);
         $license = License::withCount('freeSeats')->findOrFail($id);
         $license = $license->load('assignedusers', 'licenseSeats.user', 'licenseSeats.asset');
+
         return (new LicensesTransformer)->transformLicense($license);
     }
 
-
     /**
      * Update the specified resource in storage.
      *
@@ -200,66 +231,23 @@ class LicensesController extends Controller
         $license = License::findOrFail($id);
         $this->authorize('delete', $license);
 
-        if($license->assigned_seats_count == 0) {
+        if ($license->assigned_seats_count == 0) {
             // Delete the license and the associated license seats
             DB::table('license_seats')
                 ->where('id', $license->id)
-                ->update(array('assigned_to' => null,'asset_id' => null));
+                ->update(['assigned_to' => null, 'asset_id' => null]);
 
             $licenseSeats = $license->licenseseats();
             $licenseSeats->delete();
             $license->delete();
 
             // Redirect to the licenses management page
-            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/licenses/message.delete.success')));
+            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/licenses/message.delete.success')));
         }
+
         return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/licenses/message.assoc_users')));
     }
 
-    /**
-     * Get license seat listing
-     *
-     * @author [A. Gianotto] [<snipe@snipe.net>]
-     * @since [v1.0]
-     * @param int $licenseId
-     * @return \Illuminate\Contracts\View\View
-     */
-    public function seats(Request $request, $licenseId)
-    {
-
-        if ($license = License::find($licenseId)) {
-
-            $this->authorize('view', $license);
-
-            $seats = LicenseSeat::with('license', 'user', 'asset', 'user.department')
-                ->where('license_seats.license_id', $licenseId);
-
-            $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-
-            if ($request->input('sort')=='department') {
-                $seats->OrderDepartments($order);
-            } else {
-                $seats->orderBy('id', $order);
-            }
-
-            $offset = (($seats) && (request('offset') > $seats->count())) ? 0 : request('offset', 0);
-            $limit = request('limit', 50);
-            
-            $total = $seats->count();
-
-            $seats = $seats->skip($offset)->take($limit)->get();
-
-            if ($seats) {
-                return (new LicenseSeatsTransformer)->transformLicenseSeats($seats, $total);
-            }
-
-        }
-
-        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/licenses/message.does_not_exist')), 200);
-
-    }
-
-    
     /**
      * Gets a paginated collection for the select2 menus
      *
@@ -267,10 +255,9 @@ class LicensesController extends Controller
      */
     public function selectlist(Request $request)
     {
-
         $licenses = License::select([
             'licenses.id',
-            'licenses.name'
+            'licenses.name',
         ]);
 
         if ($request->filled('search')) {
@@ -279,9 +266,6 @@ class LicensesController extends Controller
 
         $licenses = $licenses->orderBy('name', 'ASC')->paginate(50);
 
-
         return (new SelectlistTransformer)->transformSelectlist($licenses);
     }
-
-
 }

app/Http/Controllers/Api/LocationsController.php

@@ -2,12 +2,13 @@
 
 namespace App\Http\Controllers\Api;
 
-use Illuminate\Http\Request;
-use App\Http\Controllers\Controller;
 use App\Helpers\Helper;
-use App\Models\Location;
+use App\Http\Requests\ImageUploadRequest;
+use App\Http\Controllers\Controller;
 use App\Http\Transformers\LocationsTransformer;
 use App\Http\Transformers\SelectlistTransformer;
+use App\Models\Location;
+use Illuminate\Http\Request;
 use Illuminate\Pagination\LengthAwarePaginator;
 use Illuminate\Support\Collection;
 
@@ -24,9 +25,9 @@ class LocationsController extends Controller
     {
         $this->authorize('view', Location::class);
         $allowed_columns = [
-            'id','name','address','address2','city','state','country','zip','created_at',
-            'updated_at','manager_id','image',
-            'assigned_assets_count','users_count','assets_count','currency'];
+            'id', 'name', 'address', 'address2', 'city', 'state', 'country', 'zip', 'created_at',
+            'updated_at', 'manager_id', 'image',
+            'assigned_assets_count', 'users_count', 'assets_count', 'currency', 'ldap_ou', ];
 
         $locations = Location::with('parent', 'manager', 'children')->select([
             'locations.id',
@@ -42,7 +43,8 @@ class LocationsController extends Controller
             'locations.created_at',
             'locations.updated_at',
             'locations.image',
-            'locations.currency'
+            'locations.ldap_ou',
+            'locations.currency',
         ])->withCount('assignedAssets as assigned_assets_count')
             ->withCount('assets as assets_count')
             ->withCount('users as users_count');
@@ -51,9 +53,7 @@ class LocationsController extends Controller
             $locations = $locations->TextSearch($request->input('search'));
         }
 
-
-
-        $offset = (($locations) && (request('offset') > $locations->count())) ? 0 : request('offset', 0);
+        $offset = (($locations) && (request('offset') > $locations->count())) ? $locations->count() : request('offset', 0);
 
         // Check to make sure the limit is not higher than the max allowed
         ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
@@ -76,6 +76,7 @@ class LocationsController extends Controller
 
         $total = $locations->count();
         $locations = $locations->skip($offset)->take($limit)->get();
+
         return (new LocationsTransformer)->transformLocations($locations, $total);
     }
 
@@ -85,18 +86,20 @@ class LocationsController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
      * @return \Illuminate\Http\Response
      */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
     {
         $this->authorize('create', Location::class);
         $location = new Location;
         $location->fill($request->all());
+        $location = $request->handleImages($location);
 
         if ($location->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', (new LocationsTransformer)->transformLocation($location), trans('admin/locations/message.create.success')));
         }
+
         return response()->json(Helper::formatStandardApiResponse('error', null, $location->getErrors()));
     }
 
@@ -126,11 +129,12 @@ class LocationsController extends Controller
                 'locations.created_at',
                 'locations.updated_at',
                 'locations.image',
-                'locations.currency'
+                'locations.currency',
             ])
             ->withCount('assignedAssets as assigned_assets_count')
             ->withCount('assets as assets_count')
             ->withCount('users as users_count')->findOrFail($id);
+
         return (new LocationsTransformer)->transformLocation($location);
     }
 
@@ -140,17 +144,17 @@ class LocationsController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
      * @param  int  $id
      * @return \Illuminate\Http\JsonResponse
      */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
     {
         $this->authorize('update', Location::class);
         $location = Location::findOrFail($id);
 
         $location->fill($request->all());
-
+        $location = $request->handleImages($location);
 
         if ($location->isValid()) {
 
@@ -179,12 +183,13 @@ class LocationsController extends Controller
     {
         $this->authorize('delete', Location::class);
         $location = Location::findOrFail($id);
-        if(!$location->isDeletable()) {
+        if (! $location->isDeletable()) {
             return response()
-                    ->json(Helper::formatStandardApiResponse('error', null,  trans('admin/companies/message.assoc_users')));
+                    ->json(Helper::formatStandardApiResponse('error', null, trans('admin/companies/message.assoc_users')));
         }
         $this->authorize('delete', $location);
         $location->delete();
+
         return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/locations/message.delete.success')));
     }
 
@@ -215,11 +220,12 @@ class LocationsController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0.16]
      * @see \App\Http\Transformers\SelectlistTransformer
-     *
      */
     public function selectlist(Request $request)
     {
 
+        $this->authorize('view.selectlists');
+
         $locations = Location::select([
             'locations.id',
             'locations.name',
@@ -241,26 +247,22 @@ class LocationsController extends Controller
         $locations_with_children = [];
 
         foreach ($locations as $location) {
-            if (!array_key_exists($location->parent_id, $locations_with_children)) {
+            if (! array_key_exists($location->parent_id, $locations_with_children)) {
                 $locations_with_children[$location->parent_id] = [];
             }
             $locations_with_children[$location->parent_id][] = $location;
         }
 
         if ($request->filled('search')) {
-            $locations_formatted =  $locations;
+            $locations_formatted = $locations;
         } else {
             $location_options = Location::indenter($locations_with_children);
             $locations_formatted = new Collection($location_options);
-
         }
 
-        $paginated_results =  new LengthAwarePaginator($locations_formatted->forPage($page, 500), $locations_formatted->count(), 500, $page, []);
+        $paginated_results = new LengthAwarePaginator($locations_formatted->forPage($page, 500), $locations_formatted->count(), 500, $page, []);
 
         //return [];
         return (new SelectlistTransformer)->transformSelectlist($paginated_results);
-
     }
-
-
 }

app/Http/Controllers/Api/ManufacturersController.php

@@ -8,6 +8,7 @@ use App\Http\Transformers\ManufacturersTransformer;
 use App\Http\Transformers\SelectlistTransformer;
 use App\Models\Manufacturer;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;
 
 class ManufacturersController extends Controller
@@ -22,13 +23,13 @@ class ManufacturersController extends Controller
     public function index(Request $request)
     {
         $this->authorize('view', Manufacturer::class);
-        $allowed_columns = ['id','name','url','support_url','support_email','support_phone','created_at','updated_at','image', 'assets_count', 'consumables_count', 'components_count', 'licenses_count'];
+        $allowed_columns = ['id', 'name', 'url', 'support_url', 'support_email', 'support_phone', 'created_at', 'updated_at', 'image', 'assets_count', 'consumables_count', 'components_count', 'licenses_count'];
 
         $manufacturers = Manufacturer::select(
-            array('id','name','url','support_url','support_email','support_phone','created_at','updated_at','image', 'deleted_at')
+            ['id', 'name', 'url', 'support_url', 'support_email', 'support_phone', 'created_at', 'updated_at', 'image', 'deleted_at']
         )->withCount('assets as assets_count')->withCount('licenses as licenses_count')->withCount('consumables as consumables_count')->withCount('accessories as accessories_count');
 
-        if ($request->input('deleted')=='true') {
+        if ($request->input('deleted') == 'true') {
             $manufacturers->onlyTrashed();
         }
 
@@ -36,7 +37,6 @@ class ManufacturersController extends Controller
             $manufacturers = $manufacturers->TextSearch($request->input('search'));
         }
 
-
         // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
         // case we override with the actual count, so we should return 0 items.
         $offset = (($manufacturers) && ($request->get('offset') > $manufacturers->count())) ? $manufacturers->count() : $request->get('offset', 0);
@@ -50,23 +50,24 @@ class ManufacturersController extends Controller
 
         $total = $manufacturers->count();
         $manufacturers = $manufacturers->skip($offset)->take($limit)->get();
+
         return (new ManufacturersTransformer)->transformManufacturers($manufacturers, $total);
     }
 
-
     /**
      * Store a newly created resource in storage.
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest $request
      * @return \Illuminate\Http\Response
      */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
     {
         $this->authorize('create', Manufacturer::class);
         $manufacturer = new Manufacturer;
         $manufacturer->fill($request->all());
+        $manufacturer = $request->handleImages($manufacturer);
 
         if ($manufacturer->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $manufacturer, trans('admin/manufacturers/message.create.success')));
@@ -87,24 +88,25 @@ class ManufacturersController extends Controller
     {
         $this->authorize('view', Manufacturer::class);
         $manufacturer = Manufacturer::withCount('assets as assets_count')->withCount('licenses as licenses_count')->withCount('consumables as consumables_count')->withCount('accessories as accessories_count')->findOrFail($id);
+
         return (new ManufacturersTransformer)->transformManufacturer($manufacturer);
     }
 
-
     /**
      * Update the specified resource in storage.
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
     {
         $this->authorize('update', Manufacturer::class);
         $manufacturer = Manufacturer::findOrFail($id);
         $manufacturer->fill($request->all());
+        $manufacturer = $request->handleImages($manufacturer);
 
         if ($manufacturer->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $manufacturer, trans('admin/manufacturers/message.update.success')));
@@ -123,7 +125,6 @@ class ManufacturersController extends Controller
      */
     public function destroy($id)
     {
-
         $this->authorize('delete', Manufacturer::class);
         $manufacturer = Manufacturer::findOrFail($id);
         $this->authorize('delete', $manufacturer);
@@ -135,10 +136,6 @@ class ManufacturersController extends Controller
 
         return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/manufacturers/message.assoc_users')));
 
-
-
-
-
     }
 
     /**
@@ -147,11 +144,11 @@ class ManufacturersController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0.16]
      * @see \App\Http\Transformers\SelectlistTransformer
-     *
      */
     public function selectlist(Request $request)
     {
 
+        $this->authorize('view.selectlists');
         $manufacturers = Manufacturer::select([
             'id',
             'name',
@@ -173,6 +170,5 @@ class ManufacturersController extends Controller
         }
 
         return (new SelectlistTransformer)->transformSelectlist($manufacturers);
-
     }
 }

app/Http/Controllers/Api/PredefinedKitsController.php

@@ -31,17 +31,16 @@ class PredefinedKitsController extends Controller
 
         $offset = $request->input('offset', 0);
         $limit = $request->input('limit', 50);
-        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'assets_count';
+        $order = $request->input('order') === 'desc' ? 'desc' : 'asc';
+        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'name';
         $kits->orderBy($sort, $order);
 
         $total = $kits->count();
         $kits = $kits->skip($offset)->take($limit)->get();
+
         return (new PredefinedKitsTransformer)->transformPredefinedKits($kits, $total);
-
     }
 
-
     /**
      * Store a newly created resource in storage.
      *
@@ -57,8 +56,8 @@ class PredefinedKitsController extends Controller
         if ($kit->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.create_success')));
         }
-        return response()->json(Helper::formatStandardApiResponse('error', null, $kit->getErrors()));
 
+        return response()->json(Helper::formatStandardApiResponse('error', null, $kit->getErrors()));
     }
 
     /**
@@ -71,10 +70,10 @@ class PredefinedKitsController extends Controller
     {
         $this->authorize('view', PredefinedKit::class);
         $kit = PredefinedKit::findOrFail($id);
+
         return (new PredefinedKitsTransformer)->transformPredefinedKit($kit);
     }
 
-
     /**
      * Update the specified resource in storage.
      *
@@ -89,7 +88,7 @@ class PredefinedKitsController extends Controller
         $kit->fill($request->all());
 
         if ($kit->save()) {
-            return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.update_success')));      // TODO: trans
+            return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.update_success')));
         }
 
         return response()->json(Helper::formatStandardApiResponse('error', null, $kit->getErrors()));
@@ -113,23 +112,20 @@ class PredefinedKitsController extends Controller
         $kit->accessories()->detach();
 
         $kit->delete();
-        return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/kits/general.delete_success')));     // TODO: trans
 
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/kits/general.delete_success')));
     }
 
-
     /**
      * Gets a paginated collection for the select2 menus
      *
      * @see \App\Http\Transformers\SelectlistTransformer
-     *
      */
     public function selectlist(Request $request)
     {
-
         $kits = PredefinedKit::select([
             'id',
-            'name'
+            'name',
         ]);
 
         if ($request->filled('search')) {
@@ -139,7 +135,6 @@ class PredefinedKitsController extends Controller
         $kits = $kits->orderBy('name', 'ASC')->paginate(50);
 
         return (new SelectlistTransformer)->transformSelectlist($kits);
-
     }
 
     /**
@@ -148,38 +143,40 @@ class PredefinedKitsController extends Controller
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
-    public function indexLicenses($kit_id) {
+    public function indexLicenses($kit_id)
+    {
         $this->authorize('view', PredefinedKit::class);
         $kit = PredefinedKit::findOrFail($kit_id);
         $licenses = $kit->licenses;
+
         return (new PredefinedKitsTransformer)->transformElements($licenses, $licenses->count());
     }
 
-    
     /**
      * Store the specified resource.
      *
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
-     public function storeLicense(Request $request, $kit_id)
-     {
-         $this->authorize('update', PredefinedKit::class);
-         
-         $kit = PredefinedKit::findOrFail($kit_id);        
-         $quantity = $request->input('quantity', 1);
-         if( $quantity < 1) {
-             $quantity = 1;
-         }
+    public function storeLicense(Request $request, $kit_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
 
-         $license_id = $request->get('license');
-         $relation = $kit->licenses();
-         if( $relation->find($license_id) ) {
-             return response()->json(Helper::formatStandardApiResponse('error', null, ['license' => 'License already attached to kit']));
-         }
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $quantity = $request->input('quantity', 1);
+        if ($quantity < 1) {
+            $quantity = 1;
+        }
 
-         $relation->attach( $license_id, ['quantity' => $quantity]);
-         return response()->json(Helper::formatStandardApiResponse('success', $kit, 'License added successfull'));     // TODO: trans
+        $license_id = $request->get('license');
+        $relation = $kit->licenses();
+        if ($relation->find($license_id)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, ['license' => trans('admin/kits/general.license_error')]));
+        }
+
+        $relation->attach($license_id, ['quantity' => $quantity]);
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.license_added_success')));
     }
 
     /**
@@ -189,20 +186,20 @@ class PredefinedKitsController extends Controller
      * @param  int  $kit_id
      * @return \Illuminate\Http\Response
      */
-     public function updateLicense(Request $request, $kit_id, $license_id)
-     {
-         $this->authorize('update', PredefinedKit::class);
-         $kit = PredefinedKit::findOrFail($kit_id);
-         $quantity = $request->input('quantity', 1);
-         if( $quantity < 1) {
-             $quantity = 1;
-         }
-         $kit->licenses()->syncWithoutDetaching([$license_id => ['quantity' =>  $quantity]]);
- 
-         return response()->json(Helper::formatStandardApiResponse('success', $kit, 'License updated'));  // TODO: trans
-     }
+    public function updateLicense(Request $request, $kit_id, $license_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $quantity = $request->input('quantity', 1);
+        if ($quantity < 1) {
+            $quantity = 1;
+        }
+        $kit->licenses()->syncWithoutDetaching([$license_id => ['quantity' =>  $quantity]]);
 
-     /**
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.license_updated')));
+    }
+
+    /**
      * Remove the specified resource from storage.
      *
      * @param  int  $kit_id
@@ -214,48 +211,49 @@ class PredefinedKitsController extends Controller
         $kit = PredefinedKit::findOrFail($kit_id);
 
         $kit->licenses()->detach($license_id);
-        return response()->json(Helper::formatStandardApiResponse('success', $kit,  trans('admin/kits/general.delete_success')));
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.delete_success')));
     }
-    
+
     /**
      * Display the specified resource.
      *
      * @param  int  $kit_id
      * @return \Illuminate\Http\Response
      */
-     public function indexModels($kit_id) {
+    public function indexModels($kit_id)
+    {
         $this->authorize('view', PredefinedKit::class);
         $kit = PredefinedKit::findOrFail($kit_id);
         $models = $kit->models;
+
         return (new PredefinedKitsTransformer)->transformElements($models, $models->count());
     }
-    
+
     /**
      * Store the specified resource.
      *
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
-     public function storeModel(Request $request, $kit_id)
-     {
-
-
+    public function storeModel(Request $request, $kit_id)
+    {
         $this->authorize('update', PredefinedKit::class);
-        
-        $kit = PredefinedKit::findOrFail($kit_id);        
-        
+
+        $kit = PredefinedKit::findOrFail($kit_id);
+
         $model_id = $request->get('model');
         $quantity = $request->input('quantity', 1);
-        if( $quantity < 1) {
+        if ($quantity < 1) {
             $quantity = 1;
         }
-        
+
         $relation = $kit->models();
-        if( $relation->find($model_id) ) {
+        if ($relation->find($model_id)) {
             return response()->json(Helper::formatStandardApiResponse('error', null, ['model' => 'Model already attached to kit']));
         }
         $relation->attach($model_id, ['quantity' => $quantity]);
-        
+
         return response()->json(Helper::formatStandardApiResponse('success', $kit, 'Model added successfull'));
     }
 
@@ -266,20 +264,20 @@ class PredefinedKitsController extends Controller
      * @param  int  $kit_id
      * @return \Illuminate\Http\Response
      */
-     public function updateModel(Request $request, $kit_id, $model_id)
-     {
-         $this->authorize('update', PredefinedKit::class);
-         $kit = PredefinedKit::findOrFail($kit_id);
-         $quantity = $request->input('quantity', 1);
-         if( $quantity < 1) {
-             $quantity = 1;
-         }
-         $kit->models()->syncWithoutDetaching([$model_id => ['quantity' =>  $quantity]]);
- 
-         return response()->json(Helper::formatStandardApiResponse('success', $kit, 'License updated'));  // TODO: trans
-     }
+    public function updateModel(Request $request, $kit_id, $model_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $quantity = $request->input('quantity', 1);
+        if ($quantity < 1) {
+            $quantity = 1;
+        }
+        $kit->models()->syncWithoutDetaching([$model_id => ['quantity' =>  $quantity]]);
 
-     /**
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.license_updated')));
+    }
+
+    /**
      * Remove the specified resource from storage.
      *
      * @param  int  $kit_id
@@ -291,49 +289,50 @@ class PredefinedKitsController extends Controller
         $kit = PredefinedKit::findOrFail($kit_id);
 
         $kit->models()->detach($model_id);
-        return response()->json(Helper::formatStandardApiResponse('success', $kit,  trans('admin/kits/general.model_removed_success')));
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.model_removed_success')));
     }
 
-
-    
     /**
      * Display the specified resource.
      *
      * @param  int  $kit_id
      * @return \Illuminate\Http\Response
      */
-    public function indexConsumables($kit_id) {
+    public function indexConsumables($kit_id)
+    {
         $this->authorize('view', PredefinedKit::class);
         $kit = PredefinedKit::findOrFail($kit_id);
         $consumables = $kit->consumables;
+
         return (new PredefinedKitsTransformer)->transformElements($consumables, $consumables->count());
     }
 
-    
     /**
      * Store the specified resource.
      *
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
-     public function storeConsumable(Request $request, $kit_id)
-     {
-         $this->authorize('update', PredefinedKit::class);
-         
-         $kit = PredefinedKit::findOrFail($kit_id);        
-         $quantity = $request->input('quantity', 1);
-         if( $quantity < 1) {
-             $quantity = 1;
-         }
+    public function storeConsumable(Request $request, $kit_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
 
-         $consumable_id = $request->get('consumable');
-         $relation = $kit->consumables();
-         if( $relation->find($consumable_id) ) {
-             return response()->json(Helper::formatStandardApiResponse('error', null, ['consumable' => 'Consumable already attached to kit']));
-         }
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $quantity = $request->input('quantity', 1);
+        if ($quantity < 1) {
+            $quantity = 1;
+        }
 
-         $relation->attach( $consumable_id, ['quantity' => $quantity]);
-         return response()->json(Helper::formatStandardApiResponse('success', $kit, 'Consumable added successfull'));     // TODO: trans
+        $consumable_id = $request->get('consumable');
+        $relation = $kit->consumables();
+        if ($relation->find($consumable_id)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, ['consumable' => trans('admin/kits/general.consumable_error')]));
+        }
+
+        $relation->attach($consumable_id, ['quantity' => $quantity]);
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.consumable_added_success')));
     }
 
     /**
@@ -343,20 +342,20 @@ class PredefinedKitsController extends Controller
      * @param  int  $kit_id
      * @return \Illuminate\Http\Response
      */
-     public function updateConsumable(Request $request, $kit_id, $consumable_id)
-     {
-         $this->authorize('update', PredefinedKit::class);
-         $kit = PredefinedKit::findOrFail($kit_id);
-         $quantity = $request->input('quantity', 1);
-         if( $quantity < 1) {
-             $quantity = 1;
-         }
-         $kit->consumables()->syncWithoutDetaching([$consumable_id => ['quantity' =>  $quantity]]);
- 
-         return response()->json(Helper::formatStandardApiResponse('success', $kit, 'Consumable updated'));  // TODO: trans
-     }
+    public function updateConsumable(Request $request, $kit_id, $consumable_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $quantity = $request->input('quantity', 1);
+        if ($quantity < 1) {
+            $quantity = 1;
+        }
+        $kit->consumables()->syncWithoutDetaching([$consumable_id => ['quantity' =>  $quantity]]);
 
-     /**
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.consumable_updated')));
+    }
+
+    /**
      * Remove the specified resource from storage.
      *
      * @param  int  $kit_id
@@ -368,48 +367,50 @@ class PredefinedKitsController extends Controller
         $kit = PredefinedKit::findOrFail($kit_id);
 
         $kit->consumables()->detach($consumable_id);
-        return response()->json(Helper::formatStandardApiResponse('success', $kit,  'Delete was successfull'));     // TODO: trans
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.consumable_deleted')));
     }
 
-    
     /**
      * Display the specified resource.
      *
      * @param  int  $kit_id
      * @return \Illuminate\Http\Response
      */
-    public function indexAccessories($kit_id) {
+    public function indexAccessories($kit_id)
+    {
         $this->authorize('view', PredefinedKit::class);
         $kit = PredefinedKit::findOrFail($kit_id);
         $accessories = $kit->accessories;
+
         return (new PredefinedKitsTransformer)->transformElements($accessories, $accessories->count());
     }
 
-    
     /**
      * Store the specified resource.
      *
      * @param  int  $kit_id
      * @return \Illuminate\Http\Response
      */
-     public function storeAccessory(Request $request, $kit_id)
-     {
-         $this->authorize('update', PredefinedKit::class);
-         
-         $kit = PredefinedKit::findOrFail($kit_id);        
-         $quantity = $request->input('quantity', 1);
-         if( $quantity < 1) {
-             $quantity = 1;
-         }
+    public function storeAccessory(Request $request, $kit_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
 
-         $accessory_id = $request->get('accessory');
-         $relation = $kit->accessories();
-         if( $relation->find($accessory_id) ) {
-             return response()->json(Helper::formatStandardApiResponse('error', null, ['accessory' => 'Accessory already attached to kit']));
-         }
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $quantity = $request->input('quantity', 1);
+        if ($quantity < 1) {
+            $quantity = 1;
+        }
 
-         $relation->attach( $accessory_id, ['quantity' => $quantity]);
-         return response()->json(Helper::formatStandardApiResponse('success', $kit, 'Accessory added successfull'));     // TODO: trans
+        $accessory_id = $request->get('accessory');
+        $relation = $kit->accessories();
+        if ($relation->find($accessory_id)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, ['accessory' => trans('admin/kits/general.accessory_error')]));
+        }
+
+        $relation->attach($accessory_id, ['quantity' => $quantity]);
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.accessory_added_success')));
     }
 
     /**
@@ -419,20 +420,20 @@ class PredefinedKitsController extends Controller
      * @param  int  $kit_id
      * @return \Illuminate\Http\Response
      */
-     public function updateAccessory(Request $request, $kit_id, $accessory_id)
-     {
-         $this->authorize('update', PredefinedKit::class);
-         $kit = PredefinedKit::findOrFail($kit_id);
-         $quantity = $request->input('quantity', 1);
-         if( $quantity < 1) {
-             $quantity = 1;
-         }
-         $kit->accessories()->syncWithoutDetaching([$accessory_id => ['quantity' =>  $quantity]]);
- 
-         return response()->json(Helper::formatStandardApiResponse('success', $kit, 'Accessory updated'));  // TODO: trans
-     }
+    public function updateAccessory(Request $request, $kit_id, $accessory_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $quantity = $request->input('quantity', 1);
+        if ($quantity < 1) {
+            $quantity = 1;
+        }
+        $kit->accessories()->syncWithoutDetaching([$accessory_id => ['quantity' =>  $quantity]]);
 
-     /**
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.accessory_updated')));
+    }
+
+    /**
      * Remove the specified resource from storage.
      *
      * @param  int  $kit_id
@@ -444,6 +445,7 @@ class PredefinedKitsController extends Controller
         $kit = PredefinedKit::findOrFail($kit_id);
 
         $kit->accessories()->detach($accessory_id);
-        return response()->json(Helper::formatStandardApiResponse('success', $kit,  'Delete was successfull'));     // TODO: trans
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.accessory_deleted')));
     }
 }

app/Http/Controllers/Api/ProfileController.php

@@ -15,7 +15,7 @@ class ProfileController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.3.0]
      *
-     * @return Array
+     * @return array
      */
     public function requestedAssets()
     {
@@ -24,25 +24,22 @@ class ProfileController extends Controller
         $results = [];
         $results['total'] = $checkoutRequests->count();
 
-
         foreach ($checkoutRequests as $checkoutRequest) {
 
             // Make sure the asset and request still exist
             if ($checkoutRequest && $checkoutRequest->itemRequested()) {
                 $results['rows'][] = [
-                    'image' => $checkoutRequest->itemRequested()->present()->getImageUrl(),
-                    'name' => $checkoutRequest->itemRequested()->present()->name(),
-                    'type' => $checkoutRequest->itemType(),
-                    'qty' => $checkoutRequest->quantity,
-                    'location' => ($checkoutRequest->location()) ? $checkoutRequest->location()->name : null,
+                    'image' => e($checkoutRequest->itemRequested()->present()->getImageUrl()),
+                    'name' => e($checkoutRequest->itemRequested()->present()->name()),
+                    'type' => e($checkoutRequest->itemType()),
+                    'qty' => (int) $checkoutRequest->quantity,
+                    'location' => ($checkoutRequest->location()) ? e($checkoutRequest->location()->name) : null,
                     'expected_checkin' => Helper::getFormattedDateObject($checkoutRequest->itemRequested()->expected_checkin, 'datetime'),
                     'request_date' => Helper::getFormattedDateObject($checkoutRequest->created_at, 'datetime'),
                 ];
             }
-
         }
+
         return $results;
     }
-
-
 }

app/Http/Controllers/Api/ReportsController.php

@@ -19,25 +19,25 @@ class ReportsController extends Controller
     public function index(Request $request)
     {
         $this->authorize('reports.view');
-        
-        $actionlogs = Actionlog::with('item', 'user', 'target','location');
+
+        $actionlogs = Actionlog::with('item', 'user', 'target', 'location');
 
         if ($request->filled('search')) {
             $actionlogs = $actionlogs->TextSearch(e($request->input('search')));
         }
 
-        if (($request->filled('target_type'))  && ($request->filled('target_id'))) {
-            $actionlogs = $actionlogs->where('target_id','=',$request->input('target_id'))
-                ->where('target_type','=',"App\\Models\\".ucwords($request->input('target_type')));
+        if (($request->filled('target_type')) && ($request->filled('target_id'))) {
+            $actionlogs = $actionlogs->where('target_id', '=', $request->input('target_id'))
+                ->where('target_type', '=', 'App\\Models\\'.ucwords($request->input('target_type')));
         }
 
-        if (($request->filled('item_type'))  && ($request->filled('item_id'))) {
-            $actionlogs = $actionlogs->where('item_id','=',$request->input('item_id'))
-                ->where('item_type','=',"App\\Models\\".ucwords($request->input('item_type')));
+        if (($request->filled('item_type')) && ($request->filled('item_id'))) {
+            $actionlogs = $actionlogs->where('item_id', '=', $request->input('item_id'))
+                ->where('item_type', '=', 'App\\Models\\'.ucwords($request->input('item_type')));
         }
 
         if ($request->filled('action_type')) {
-            $actionlogs = $actionlogs->where('action_type','=',$request->input('action_type'))->orderBy('created_at', 'desc');
+            $actionlogs = $actionlogs->where('action_type', '=', $request->input('action_type'))->orderBy('created_at', 'desc');
         }
 
         if ($request->filled('uploads')) {
@@ -51,9 +51,9 @@ class ReportsController extends Controller
             'user_id',
             'accept_signature',
             'action_type',
-            'note'
+            'note',
         ];
-        
+
         $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'created_at';
         $order = ($request->input('order') == 'asc') ? 'asc' : 'desc';
         $offset = request('offset', 0);
@@ -62,6 +62,5 @@ class ReportsController extends Controller
         $actionlogs = $actionlogs->orderBy($sort, $order)->skip($offset)->take($limit)->get();
 
         return response()->json((new ActionlogsTransformer)->transformActionlogs($actionlogs, $total), 200, ['Content-Type' => 'application/json;charset=utf8'], JSON_UNESCAPED_UNICODE);
-
     }
 }

app/Http/Controllers/Api/SettingsController.php

@@ -2,102 +2,93 @@
 
 namespace App\Http\Controllers\Api;
 
-use App\Http\Controllers\Controller;
-use App\Http\Transformers\LoginAttemptsTransformer;
-use App\Models\Setting;
-use App\Notifications\MailTest;
-use App\Services\LdapAd;
-use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
+use App\Http\Controllers\Controller;
+use App\Models\Ldap;
+use App\Models\Setting;
+use Mail;
+use App\Notifications\SlackTest;
+use App\Notifications\MailTest;
+use GuzzleHttp\Client;
+use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Response;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Notification;
-use GuzzleHttp\Client;
 use Illuminate\Support\Facades\Storage;
-use Illuminate\Support\Facades\Validator;
+use Illuminate\Support\Facades\Validator; 
+use App\Http\Requests\SlackSettingsRequest;
+use App\Http\Transformers\LoginAttemptsTransformer;
+
 
 class SettingsController extends Controller
 {
 
-    /**
-     * Test the ldap settings
-     * 
-     * @author Wes Hulette <jwhulette@gmail.com>
-     * 
-     * @since 5.0.0
-     * 
-     * @param App\Models\LdapAd $ldap
-     * 
-     * @return \Illuminate\Http\JsonResponse
-     */
-    public function ldapAdSettingsTest(LdapAd $ldap): JsonResponse
+
+    public function ldaptest()
     {
-        if(!$ldap->init()) {
-            Log::info('LDAP is not enabled cannot test.');
+        $settings = Setting::getSettings();
+
+        if ($settings->ldap_enabled!='1') {
+            \Log::debug('LDAP is not enabled cannot test.');
             return response()->json(['message' => 'LDAP is not enabled, cannot test.'], 400);
         }
 
-        // The connect, bind and resulting users message
-        $message = [];
+        \Log::debug('Preparing to test LDAP connection');
 
-        Log::info('Preparing to test LDAP user login');
-        // Test user can connect to the LDAP server
+        $message = []; //where we collect together test messages
         try {
-            $ldap->testLdapAdUserConnection();
-            $message['login'] = [
-                'message' => 'Successfully connected to LDAP server.'
-            ];
-        } catch (\Exception $ex) {
-                \Log::debug('LDAP connected but Bind failed. Please check your LDAP settings and try again.');
-            return response()->json([
-                'message' => 'Error logging into LDAP server, error: ' . $ex->getMessage() . ' - Verify your that your username and password are correct']);
+            $connection = Ldap::connectToLdap();
+            try {
+                $message['bind'] = ['message' => 'Successfully bound to LDAP server.'];
+                \Log::debug('attempting to bind to LDAP for LDAP test');
+                Ldap::bindAdminToLdap($connection);
+                $message['login'] = [
+                    'message' => 'Successfully connected to LDAP server.',
+                ];
 
+                $users = collect(Ldap::findLdapUsers(null,10))->filter(function ($value, $key) {
+                    return is_int($key);
+                })->slice(0, 10)->map(function ($item) use ($settings) {
+                    return (object) [
+                        'username'        => $item[$settings['ldap_username_field']][0] ?? null,
+                        'employee_number' => $item[$settings['ldap_emp_num']][0] ?? null,
+                        'lastname'        => $item[$settings['ldap_lname_field']][0] ?? null,
+                        'firstname'       => $item[$settings['ldap_fname_field']][0] ?? null,
+                        'email'           => $item[$settings['ldap_email']][0] ?? null,
+                    ];
+                });
+                if ($users->count() > 0) {
+                    $message['user_sync'] = [
+                        'users' => $users,
+                    ];
+                } else {
+                    $message['user_sync'] = [
+                        'message' => 'Connection to LDAP was successful, however there were no users returned from your query. You should confirm the Base Bind DN above.',
+                    ];
+    
+                    return response()->json($message, 400);
+                }
+
+                return response()->json($message, 200);
+            } catch (\Exception $e) {
+                \Log::debug('Bind failed');
+                \Log::debug("Exception was: ".$e->getMessage());
+                return response()->json(['message' => $e->getMessage()], 400);
+                //return response()->json(['message' => $e->getMessage()], 500);
+            }
         } catch (\Exception $e) {
-            \Log::info('LDAP connection failed but we cannot debug it any further on our end.');
-            return response()->json(['message' => 'The LDAP connection failed but we cannot debug it any further on our end. The error from the server is: '.$e->getMessage()], 500);
-        }
-
-        Log::info('Preparing to test LDAP bind connection');
-        // Test user can bind to the LDAP server
-        try {
-            Log::info('Testing Bind');
-            $ldap->testLdapAdBindConnection();
-            $message['bind'] = [
-                'message' => 'Successfully binded to LDAP server.'
-            ];
-        } catch (\Exception $ex) {
-            Log::info('LDAP Bind failed');
-            return response()->json([
-                'message' => 'Error binding to LDAP server, error: ' . $ex->getMessage()
-            ], 400);
+            \Log::debug('Connection failed but we cannot debug it any further on our end.');
+            return response()->json(['message' => $e->getMessage()], 500);
         }
 
 
-        Log::info('Preparing to get sample user set from LDAP directory');
-        // Get a sample of 10 users so user can verify the data is correct
-        try {
-            Log::info('Testing LDAP sync');
-            error_reporting(E_ALL & ~E_DEPRECATED); // workaround for php7.4, which deprecates ldap_control_paged_result
-            $users = $ldap->testUserImportSync();
-            $message['user_sync']  = [
-                'users' => $users
-            ];
-        } catch (\Exception $ex) {
-            Log::info('LDAP sync failed');
-            $message['user_sync']  = [
-                'message' => 'Error getting users from LDAP directory, error: ' . $ex->getMessage()
-            ];
-            return response()->json($message, 400);
-        }
-
-        return response()->json($message, 200);
     }
 
-    public function ldaptestlogin(Request $request, LdapAd $ldap)
+    public function ldaptestlogin(Request $request)
     {
 
-        if (Setting::getSettings()->ldap_enabled!='1') {
+        if (Setting::getSettings()->ldap_enabled != '1') {
             \Log::debug('LDAP is not enabled. Cannot test.');
             return response()->json(['message' => 'LDAP is not enabled, cannot test.'], 400);
         }
@@ -116,57 +107,77 @@ class SettingsController extends Controller
         }
         
 
+
         \Log::debug('Preparing to test LDAP login');
         try {
-            DB::beginTransaction(); //this was the easiest way to invoke a full test of an LDAP login without adding new users to the DB (which may not be desired)
+            $connection = Ldap::connectToLdap();
+            try {
+                Ldap::bindAdminToLdap($connection);
+                \Log::debug('Attempting to bind to LDAP for LDAP test');
+                try {
+                    $ldap_user = Ldap::findAndBindUserLdap($request->input('ldaptest_user'), $request->input('ldaptest_password'));
+                    if ($ldap_user) {
+                        \Log::debug('It worked! '. $request->input('ldaptest_user').' successfully binded to LDAP.');
+                        return response()->json(['message' => 'It worked! '. $request->input('ldaptest_user').' successfully binded to LDAP.'], 200);
+                    }
+                    return response()->json(['message' => 'Login Failed. '. $request->input('ldaptest_user').' did not successfully bind to LDAP.'], 400);
 
-            // $results = $ldap->ldap->auth()->attempt($request->input('ldaptest_username'), $request->input('ldaptest_password'), true);
-            // can't do this because that's a protected property.
+                } catch (\Exception $e) {
+                    \Log::debug('LDAP login failed');
+                    return response()->json(['message' => $e->getMessage()], 400);
+                }
 
-            $results = $ldap->ldapLogin($request->input('ldaptest_user'), $request->input('ldaptest_password')); // this would normally create a user on success (if they didn't already exist), but for the transaction
-            if($results) {
-                return response()->json(['message' => 'It worked! '. $request->input('ldaptest_user').' successfully binded to LDAP.'], 200);
-            } else {
-                return response()->json(['message' => 'Login Failed. '. $request->input('ldaptest_user').' did not successfully bind to LDAP.'], 400);
+            } catch (\Exception $e) {
+                \Log::debug('Bind failed');
+                return response()->json(['message' => $e->getMessage()], 400);
+                //return response()->json(['message' => $e->getMessage()], 500);
             }
         } catch (\Exception $e) {
             \Log::debug('Connection failed');
-            return response()->json(['message' => $e->getMessage()], 400);
-        } finally {
-            DB::rollBack(); // ALWAYS rollback, whether success or failure
+            return response()->json(['message' => $e->getMessage()], 500);
         }
 
 
     }
 
-    public function slacktest(Request $request)
+    public function slacktest(SlackSettingsRequest $request)
     {
 
-        $slack = new Client([
-            'base_url' => e($request->input('slack_endpoint')),
-            'defaults' => [
-                'exceptions' => false
-            ]
+        $validator = Validator::make($request->all(), [
+            'slack_endpoint'                      => 'url|required_with:slack_channel|starts_with:https://hooks.slack.com/|nullable',
+            'slack_channel'                       => 'required_with:slack_endpoint|starts_with:#|nullable',
         ]);
 
-
-        $payload = json_encode(
-            [
-                'channel'    => e($request->input('slack_channel')),
-                'text'       => trans('general.slack_test_msg'),
-                'username'    => e($request->input('slack_botname')),
-                'icon_emoji' => ':heart:'
-            ]);
-
-        try {
-            $slack->post($request->input('slack_endpoint'),['body' => $payload]);
-            return response()->json(['message' => 'Success'], 200);
-        } catch (\Exception $e) {
-            return response()->json(['message' => 'Oops! Please check the channel name and webhook endpoint URL. Slack responded with: '.$e->getMessage()], 400);
+        if ($validator->fails()) {
+            return response()->json(['message' => 'Validation failed', 'errors' => $validator->errors()], 422);
         }
 
-        return response()->json(['message' => 'Something went wrong :( '], 400);
+        // If validation passes, continue to the curl request
+            $slack = new Client([
+                'base_url' => e($request->input('slack_endpoint')),
+                'defaults' => [
+                    'exceptions' => false,
+                ],
+            ]);
 
+            $payload = json_encode(
+                [
+                    'channel'    => e($request->input('slack_channel')),
+                    'text'       => trans('general.slack_test_msg'),
+                    'username'    => e($request->input('slack_botname')),
+                    'icon_emoji' => ':heart:',
+                ]);
+
+            try {
+                $slack->post($request->input('slack_endpoint'), ['body' => $payload]);
+                return response()->json(['message' => 'Success'], 200);
+
+            } catch (\Exception $e) {
+                return response()->json(['message' => 'Please check the channel name and webhook endpoint URL ('.e($request->input('slack_endpoint')).'). Slack responded with: '.$e->getMessage()], 400);
+            }
+
+        //} 
+        return response()->json(['message' => 'Something went wrong :( '], 400);
     }
 
 
@@ -201,23 +212,21 @@ class SettingsController extends Controller
      */
     public function purgeBarcodes()
     {
-
         $file_count = 0;
         $files = Storage::disk('public')->files('barcodes');
 
         foreach ($files as $file) { // iterate files
 
-            $file_parts = explode(".", $file);
+            $file_parts = explode('.', $file);
             $extension = end($file_parts);
             \Log::debug($extension);
 
             // Only generated barcodes would have a .png file extension
-            if ($extension =='png') {
-
+            if ($extension == 'png') {
                 \Log::debug('Deleting: '.$file);
 
 
-                try  {
+                try {
                     Storage::disk('public')->delete($file);
                     \Log::debug('Deleting: '.$file);
                     $file_count++;
@@ -225,11 +234,9 @@ class SettingsController extends Controller
                     \Log::debug($e);
                 }
             }
-
         }
 
         return response()->json(['message' => 'Deleted '.$file_count.' barcodes'], 200);
-
     }
 
 
@@ -246,20 +253,16 @@ class SettingsController extends Controller
      */
     public function showLoginAttempts(Request $request)
     {
-        $allowed_columns = ['id', 'username', 'remote_ip', 'user_agent','successful','created_at'];
+        $allowed_columns = ['id', 'username', 'remote_ip', 'user_agent', 'successful', 'created_at'];
 
-        $login_attempts =  DB::table('login_attempts');
+        $login_attempts = DB::table('login_attempts');
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
         $sort = in_array($request->get('sort'), $allowed_columns) ? $request->get('sort') : 'created_at';
 
         $total = $login_attempts->count();
         $login_attempts->orderBy($sort, $order);
-        $login_attempt_results = $login_attempts->skip(request('offset', 0))->take(request('limit',  20))->get();
+        $login_attempt_results = $login_attempts->skip(request('offset', 0))->take(request('limit', 20))->get();
 
         return (new LoginAttemptsTransformer)->transformLoginAttempts($login_attempt_results, $total);
-
     }
-
-
-
-}
+}

app/Http/Controllers/Api/StatuslabelsController.php

@@ -22,7 +22,7 @@ class StatuslabelsController extends Controller
     public function index(Request $request)
     {
         $this->authorize('view', Statuslabel::class);
-        $allowed_columns = ['id','name','created_at', 'assets_count','color','default_label'];
+        $allowed_columns = ['id', 'name', 'created_at', 'assets_count', 'color', 'notes', 'default_label'];
 
         $statuslabels = Statuslabel::withCount('assets as assets_count');
 
@@ -30,6 +30,20 @@ class StatuslabelsController extends Controller
             $statuslabels = $statuslabels->TextSearch($request->input('search'));
         }
 
+
+        // if a status_type is passed, filter by that
+        if ($request->filled('status_type')) {
+            if (strtolower($request->input('status_type')) == 'pending') {
+                $statuslabels = $statuslabels->Pending();
+            } elseif (strtolower($request->input('status_type')) == 'archived') {
+                $statuslabels = $statuslabels->Archived();
+            } elseif (strtolower($request->input('status_type')) == 'deployable') {
+                $statuslabels = $statuslabels->Deployable();
+            } elseif (strtolower($request->input('status_type')) == 'undeployable') {
+                $statuslabels = $statuslabels->Undeployable();
+            }
+        }
+
         // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
         // case we override with the actual count, so we should return 0 items.
         $offset = (($statuslabels) && ($request->get('offset') > $statuslabels->count())) ? $statuslabels->count() : $request->get('offset', 0);
@@ -43,6 +57,7 @@ class StatuslabelsController extends Controller
 
         $total = $statuslabels->count();
         $statuslabels = $statuslabels->skip($offset)->take($limit)->get();
+
         return (new StatuslabelsTransformer)->transformStatuslabels($statuslabels, $total);
     }
 
@@ -58,19 +73,23 @@ class StatuslabelsController extends Controller
     public function store(Request $request)
     {
         $this->authorize('create', Statuslabel::class);
-        $request->except('deployable', 'pending','archived');
+        $request->except('deployable', 'pending', 'archived');
 
-        if (!$request->filled('type')) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, ["type" => ["Status label type is required."]]),500);
+        if (! $request->filled('type')) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, ['type' => ['Status label type is required.']]), 500);
         }
 
         $statuslabel = new Statuslabel;
         $statuslabel->fill($request->all());
 
         $statusType = Statuslabel::getStatuslabelTypesForDB($request->input('type'));
-        $statuslabel->deployable        =  $statusType['deployable'];
-        $statuslabel->pending           =  $statusType['pending'];
-        $statuslabel->archived          =  $statusType['archived'];
+        $statuslabel->deployable = $statusType['deployable'];
+        $statuslabel->pending = $statusType['pending'];
+        $statuslabel->archived = $statusType['archived'];
+        $statuslabel->color             =  $request->input('color');
+        $statuslabel->show_in_nav       =  $request->input('show_in_nav', 0);
+        $statuslabel->default_label     =  $request->input('default_label', 0);
+
 
         if ($statuslabel->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $statuslabel, trans('admin/statuslabels/message.create.success')));
@@ -91,6 +110,7 @@ class StatuslabelsController extends Controller
     {
         $this->authorize('view', Statuslabel::class);
         $statuslabel = Statuslabel::findOrFail($id);
+
         return (new StatuslabelsTransformer)->transformStatuslabel($statuslabel);
     }
 
@@ -109,18 +129,22 @@ class StatuslabelsController extends Controller
         $this->authorize('update', Statuslabel::class);
         $statuslabel = Statuslabel::findOrFail($id);
         
-        $request->except('deployable', 'pending','archived');
+        $request->except('deployable', 'pending', 'archived');
 
-        if (!$request->filled('type')) {
+
+        if (! $request->filled('type')) {
             return response()->json(Helper::formatStandardApiResponse('error', null, 'Status label type is required.'));
         }
 
         $statuslabel->fill($request->all());
 
         $statusType = Statuslabel::getStatuslabelTypesForDB($request->input('type'));
-        $statuslabel->deployable        =  $statusType['deployable'];
-        $statuslabel->pending           =  $statusType['pending'];
-        $statuslabel->archived          =  $statusType['archived'];
+        $statuslabel->deployable = $statusType['deployable'];
+        $statuslabel->pending = $statusType['pending'];
+        $statuslabel->archived = $statusType['archived'];
+        $statuslabel->color             =  $request->input('color');
+        $statuslabel->show_in_nav       =  $request->input('show_in_nav', 0);
+        $statuslabel->default_label     =  $request->input('default_label', 0);
 
         if ($statuslabel->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $statuslabel, trans('admin/statuslabels/message.update.success')));
@@ -146,11 +170,11 @@ class StatuslabelsController extends Controller
         // Check that there are no assets associated
         if ($statuslabel->assets()->count() == 0) {
             $statuslabel->delete();
-            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/statuslabels/message.delete.success')));
+
+            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/statuslabels/message.delete.success')));
         }
 
         return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/statuslabels/message.assoc_assets')));
-
     }
 
 
@@ -162,44 +186,40 @@ class StatuslabelsController extends Controller
      * @since [v3.0]
      * @return \Illuminate\Http\Response
      */
-
     public function getAssetCountByStatuslabel()
     {
         $this->authorize('view', Statuslabel::class);
 
-        $statuslabels = Statuslabel::with('assets')->groupBy('id')->withCount('assets as assets_count')->get();
+        $statuslabels = Statuslabel::withCount('assets')->get();
 
-        $labels=[];
-        $points=[];
-        $default_color = Helper::chartColors();
+        $labels = [];
+        $points = [];
         $default_color_count = 0;
+        $colors_array = [];
 
         foreach ($statuslabels as $statuslabel) {
             if ($statuslabel->assets_count > 0) {
+                $labels[] = $statuslabel->name.' ('.number_format($statuslabel->assets_count).')';
+                $points[] = $statuslabel->assets_count;
 
-                $labels[]=$statuslabel->name. ' ('.number_format($statuslabel->assets_count).')';
-                $points[]=$statuslabel->assets_count;
-
-                if ($statuslabel->color!='') {
+                if ($statuslabel->color != '') {
                     $colors_array[] = $statuslabel->color;
                 } else {
-                    $colors_array[] = $default_color[$default_color_count];
-                    $default_color_count++;
+                    $colors_array[] = Helper::defaultChartColors($default_color_count);
                 }
+                $default_color_count++;
             }
         }
 
-        
-        $colors_array = array_merge($colors_array, Helper::chartColors());
-
-        $result= [
-            "labels" => $labels,
-            "datasets" => [ [
-                "data" => $points,
-                "backgroundColor" => $colors_array,
-                "hoverBackgroundColor" =>  $colors_array
-            ]]
+        $result = [
+            'labels' => $labels,
+            'datasets' => [[
+                'data' => $points,
+                'backgroundColor' => $colors_array,
+                'hoverBackgroundColor' =>  $colors_array,
+            ]],
         ];
+
         return $result;
     }
 
@@ -215,7 +235,7 @@ class StatuslabelsController extends Controller
     {
         $this->authorize('view', Statuslabel::class);
         $this->authorize('index', Asset::class);
-        $assets = Asset::where('status_id','=',$id)->with('assignedTo');
+        $assets = Asset::where('status_id', '=', $id)->with('assignedTo');
 
         $allowed_columns = [
             'id',
@@ -245,11 +265,12 @@ class StatuslabelsController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @return Bool
+     * @return bool
      */
-    public function checkIfDeployable($id) {
+    public function checkIfDeployable($id)
+    {
         $statuslabel = Statuslabel::findOrFail($id);
-        if ($statuslabel->getStatuslabelType()=='deployable') {
+        if ($statuslabel->getStatuslabelType() == 'deployable') {
             return '1';
         }
 

app/Http/Controllers/Api/SuppliersController.php

@@ -8,6 +8,7 @@ use App\Http\Transformers\SelectlistTransformer;
 use App\Http\Transformers\SuppliersTransformer;
 use App\Models\Supplier;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;
 
 class SuppliersController extends Controller
@@ -22,10 +23,10 @@ class SuppliersController extends Controller
     public function index(Request $request)
     {
         $this->authorize('view', Supplier::class);
-        $allowed_columns = ['id','name','address','phone','contact','fax','email','image','assets_count','licenses_count', 'accessories_count','url'];
+        $allowed_columns = ['id', 'name', 'address', 'phone', 'contact', 'fax', 'email', 'image', 'assets_count', 'licenses_count', 'accessories_count', 'url'];
         
         $suppliers = Supplier::select(
-                array('id','name','address','address2','city','state','country','fax', 'phone','email','contact','created_at','updated_at','deleted_at','image','notes')
+                ['id', 'name', 'address', 'address2', 'city', 'state', 'country', 'fax', 'phone', 'email', 'contact', 'created_at', 'updated_at', 'deleted_at', 'image', 'notes']
             )->withCount('assets as assets_count')->withCount('licenses as licenses_count')->withCount('accessories as accessories_count');
 
 
@@ -46,6 +47,7 @@ class SuppliersController extends Controller
 
         $total = $suppliers->count();
         $suppliers = $suppliers->skip($offset)->take($limit)->get();
+
         return (new SuppliersTransformer)->transformSuppliers($suppliers, $total);
     }
 
@@ -55,14 +57,15 @@ class SuppliersController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
      * @return \Illuminate\Http\Response
      */
-    public function store(Request $request)
+    public function store(ImageUploadRequest $request)
     {
         $this->authorize('create', Supplier::class);
         $supplier = new Supplier;
         $supplier->fill($request->all());
+        $supplier = $request->handleImages($supplier);
 
         if ($supplier->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $supplier, trans('admin/suppliers/message.create.success')));
@@ -83,6 +86,7 @@ class SuppliersController extends Controller
     {
         $this->authorize('view', Supplier::class);
         $supplier = Supplier::findOrFail($id);
+
         return (new SuppliersTransformer)->transformSupplier($supplier);
     }
 
@@ -92,15 +96,16 @@ class SuppliersController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @param  \Illuminate\Http\Request  $request
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
      * @param  int  $id
      * @return \Illuminate\Http\Response
      */
-    public function update(Request $request, $id)
+    public function update(ImageUploadRequest $request, $id)
     {
         $this->authorize('update', Supplier::class);
         $supplier = Supplier::findOrFail($id);
         $supplier->fill($request->all());
+        $supplier = $request->handleImages($supplier);
 
         if ($supplier->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', $supplier, trans('admin/suppliers/message.update.success')));
@@ -120,16 +125,16 @@ class SuppliersController extends Controller
     public function destroy($id)
     {
         $this->authorize('delete', Supplier::class);
-        $supplier = Supplier::with('asset_maintenances', 'assets', 'licenses')->withCount('asset_maintenances as asset_maintenances_count','assets as assets_count', 'licenses as licenses_count')->findOrFail($id);
+        $supplier = Supplier::with('asset_maintenances', 'assets', 'licenses')->withCount('asset_maintenances as asset_maintenances_count', 'assets as assets_count', 'licenses as licenses_count')->findOrFail($id);
         $this->authorize('delete', $supplier);
 
 
         if ($supplier->assets_count > 0) {
-            return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/suppliers/message.delete.assoc_assets', ['asset_count' => (int) $supplier->assets_count])));
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/suppliers/message.delete.assoc_assets', ['asset_count' => (int) $supplier->assets_count])));
         }
 
         if ($supplier->asset_maintenances_count > 0) {
-            return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/suppliers/message.delete.assoc_maintenances', ['asset_maintenances_count' => $supplier->asset_maintenances_count])));
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/suppliers/message.delete.assoc_maintenances', ['asset_maintenances_count' => $supplier->asset_maintenances_count])));
         }
 
         if ($supplier->licenses_count > 0) {
@@ -137,8 +142,8 @@ class SuppliersController extends Controller
         }
 
         $supplier->delete();
-        return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/suppliers/message.delete.success')));
 
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/suppliers/message.delete.success')));
     }
 
     /**
@@ -147,11 +152,12 @@ class SuppliersController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0.16]
      * @see \App\Http\Transformers\SelectlistTransformer
-     *
      */
     public function selectlist(Request $request)
     {
 
+        $this->authorize('view.selectlists');
+
         $suppliers = Supplier::select([
             'id',
             'name',
@@ -173,7 +179,5 @@ class SuppliersController extends Controller
         }
 
         return (new SelectlistTransformer)->transformSelectlist($suppliers);
-
     }
-
 }

app/Http/Controllers/Api/UsersController.php

@@ -7,6 +7,7 @@ use App\Http\Controllers\Controller;
 use App\Http\Requests\SaveUserRequest;
 use App\Http\Transformers\AccessoriesTransformer;
 use App\Http\Transformers\AssetsTransformer;
+use App\Http\Transformers\ConsumablesTransformer;
 use App\Http\Transformers\LicensesTransformer;
 use App\Http\Transformers\SelectlistTransformer;
 use App\Http\Transformers\UsersTransformer;
@@ -16,6 +17,7 @@ use App\Models\License;
 use App\Models\User;
 use Auth;
 use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;
 
 class UsersController extends Controller
@@ -49,6 +51,7 @@ class UsersController extends Controller
             'users.jobtitle',
             'users.last_login',
             'users.last_name',
+            'users.locale',
             'users.location_id',
             'users.manager_id',
             'users.notes',
@@ -60,18 +63,24 @@ class UsersController extends Controller
             'users.updated_at',
             'users.username',
             'users.zip',
+            'users.remote',
+            'users.ldap_import',
 
-        ])->with('manager', 'groups', 'userloc', 'company', 'department','assets','licenses','accessories','consumables')
-            ->withCount('assets as assets_count','licenses as licenses_count','accessories as accessories_count','consumables as consumables_count');
+        ])->with('manager', 'groups', 'userloc', 'company', 'department', 'assets', 'licenses', 'accessories', 'consumables')
+            ->withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count');
         $users = Company::scopeCompanyables($users);
 
 
-        if (($request->filled('deleted')) && ($request->input('deleted')=='true')) {
+        if (($request->filled('deleted')) && ($request->input('deleted') == 'true')) {
             $users = $users->onlyTrashed();
-        } elseif (($request->filled('all')) && ($request->input('deleted')=='true')) {
+        } elseif (($request->filled('all')) && ($request->input('all') == 'true')) {
             $users = $users->withTrashed();
         }
 
+        if ($request->filled('activated')) {
+            $users = $users->where('users.activated', '=', $request->input('activated'));
+        }
+
         if ($request->filled('company_id')) {
             $users = $users->where('users.company_id', '=', $request->input('company_id'));
         }
@@ -88,12 +97,64 @@ class UsersController extends Controller
             $users = $users->where('users.username', '=', $request->input('username'));
         }
 
+        if ($request->filled('first_name')) {
+            $users = $users->where('users.first_name', '=', $request->input('first_name'));
+        }
+
+        if ($request->filled('last_name')) {
+            $users = $users->where('users.last_name', '=', $request->input('last_name'));
+        }
+
+        if ($request->filled('employee_num')) {
+            $users = $users->where('users.employee_num', '=', $request->input('employee_num'));
+        }
+
+        if ($request->filled('state')) {
+            $users = $users->where('users.state', '=', $request->input('state'));
+        }
+
+        if ($request->filled('country')) {
+            $users = $users->where('users.country', '=', $request->input('country'));
+        }
+
+        if ($request->filled('zip')) {
+            $users = $users->where('users.zip', '=', $request->input('zip'));
+        }
+
         if ($request->filled('group_id')) {
             $users = $users->ByGroup($request->get('group_id'));
         }
 
         if ($request->filled('department_id')) {
-            $users = $users->where('users.department_id','=',$request->input('department_id'));
+            $users = $users->where('users.department_id', '=', $request->input('department_id'));
+        }
+
+        if ($request->filled('manager_id')) {
+            $users = $users->where('users.manager_id','=',$request->input('manager_id'));
+        }
+
+        if ($request->filled('ldap_import')) {
+            $users = $users->where('ldap_import', '=', $request->input('ldap_import'));
+        }
+
+        if ($request->filled('remote')) {
+            $users = $users->where('remote', '=', $request->input('remote'));
+        }
+
+        if ($request->filled('assets_count')) {
+           $users->has('assets', '=', $request->input('assets_count'));
+        }
+
+        if ($request->filled('consumables_count')) {
+            $users->has('consumables', '=', $request->input('consumables_count'));
+        }
+
+        if ($request->filled('licenses_count')) {
+            $users->has('licenses', '=', $request->input('licenses_count'));
+        }
+
+        if ($request->filled('accessories_count')) {
+            $users->has('accessories', '=', $request->input('accessories_count'));
         }
 
         if ($request->filled('search')) {
@@ -127,11 +188,11 @@ class UsersController extends Controller
             default:
                 $allowed_columns =
                     [
-                        'last_name','first_name','email','jobtitle','username','employee_num',
-                        'assets','accessories', 'consumables','licenses','groups','activated','created_at',
-                        'two_factor_enrolled','two_factor_optin','last_login', 'assets_count', 'licenses_count',
+                        'last_name', 'first_name', 'email', 'jobtitle', 'username', 'employee_num',
+                        'assets', 'accessories', 'consumables', 'licenses', 'groups', 'activated', 'created_at',
+                        'two_factor_enrolled', 'two_factor_optin', 'last_login', 'assets_count', 'licenses_count',
                         'consumables_count', 'accessories_count', 'phone', 'address', 'city', 'state',
-                        'country', 'zip', 'id'
+                        'country', 'zip', 'id', 'ldap_import', 'remote',
                     ];
 
                 $sort = in_array($request->get('sort'), $allowed_columns) ? $request->get('sort') : 'first_name';
@@ -139,24 +200,21 @@ class UsersController extends Controller
                 break;
         }
 
-
         $total = $users->count();
         $users = $users->skip($offset)->take($limit)->get();
+
         return (new UsersTransformer)->transformUsers($users, $total);
     }
 
-
     /**
      * Gets a paginated collection for the select2 menus
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0.16]
      * @see \App\Http\Transformers\SelectlistTransformer
-     *
      */
     public function selectlist(Request $request)
     {
-
         $users = User::select(
             [
                 'users.id',
@@ -183,17 +241,17 @@ class UsersController extends Controller
 
         foreach ($users as $user) {
             $name_str = '';
-            if ($user->last_name!='') {
-                $name_str .= e($user->last_name).', ';
+            if ($user->last_name != '') {
+                $name_str .= $user->last_name.', ';
             }
-            $name_str .= e($user->first_name);
+            $name_str .= $user->first_name;
 
-            if ($user->username!='') {
-                $name_str .= ' ('.e($user->username).')';
+            if ($user->username != '') {
+                $name_str .= ' ('.$user->username.')';
             }
 
-            if ($user->employee_num!='') {
-                $name_str .= ' - #'.e($user->employee_num);
+            if ($user->employee_num != '') {
+                $name_str .= ' - #'.$user->employee_num;
             }
 
             $user->use_text = $name_str;
@@ -201,7 +259,6 @@ class UsersController extends Controller
         }
 
         return (new SelectlistTransformer)->transformSelectlist($users);
-
     }
 
 
@@ -222,29 +279,30 @@ class UsersController extends Controller
         $user->fill($request->all());
 
         if ($request->has('permissions')) {
-
             $permissions_array = $request->input('permissions');
 
             // Strip out the superuser permission if the API user isn't a superadmin
-            if (!Auth::user()->isSuperUser()) {
+            if (! Auth::user()->isSuperUser()) {
                 unset($permissions_array['superuser']);
             }
-            $user->permissions =  $permissions_array;
+            $user->permissions = $permissions_array;
         }
 
-        $tmp_pass = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 20);
+        $tmp_pass = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, 20);
         $user->password = bcrypt($request->get('password', $tmp_pass));
 
-
+        app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'image', 'avatars', 'avatar');
+        
         if ($user->save()) {
             if ($request->filled('groups')) {
                 $user->groups()->sync($request->input('groups'));
             } else {
-                $user->groups()->sync(array());
+                $user->groups()->sync([]);
             }
-            
+
             return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.create')));
         }
+
         return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
     }
 
@@ -258,7 +316,8 @@ class UsersController extends Controller
     public function show($id)
     {
         $this->authorize('view', User::class);
-        $user = User::withCount('assets as assets_count','licenses as licenses_count','accessories as accessories_count','consumables as consumables_count')->findOrFail($id);
+        $user = User::withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count')->findOrFail($id);
+
         return (new UsersTransformer)->transformUser($user);
     }
 
@@ -278,9 +337,15 @@ class UsersController extends Controller
 
         $user = User::findOrFail($id);
 
-        // This is a janky hack to prevent people from changing admin demo user data on the public demo.
-        // The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
-        // Thanks, jerks. You are why we can't have nice things. - snipe
+        /**
+         * This is a janky hack to prevent people from changing admin demo user data on the public demo.
+         * 
+         * The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
+         * 
+         *  Thanks, jerks. You are why we can't have nice things. - snipe
+         * 
+         */ 
+
 
         if ((($id == 1) || ($id == 2)) && (config('app.lock_passwords'))) {
             return response()->json(Helper::formatStandardApiResponse('error', null, 'Permission denied. You cannot update user information via API on the demo.'));
@@ -288,7 +353,7 @@ class UsersController extends Controller
 
 
         $user->fill($request->all());
-
+        
         if ($user->id == $request->input('manager_id')) {
             return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot be your own manager'));
         }
@@ -301,23 +366,24 @@ class UsersController extends Controller
         // here because we need to overwrite permissions
         // if someone needs to null them out
         if ($request->has('permissions')) {
-
             $permissions_array = $request->input('permissions');
 
             // Strip out the superuser permission if the API user isn't a superadmin
-            if (!Auth::user()->isSuperUser()) {
+            if (! Auth::user()->isSuperUser()) {
                 unset($permissions_array['superuser']);
             }
-            $user->permissions =  $permissions_array;
+            $user->permissions = $permissions_array;
         }
 
 
 
-
         // Update the location of any assets checked out to this user
         Asset::where('assigned_type', User::class)
             ->where('assigned_to', $user->id)->update(['location_id' => $request->input('location_id', null)]);
 
+        
+        app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'image', 'avatars', 'avatar');
+          
         if ($user->save()) {
 
             // Sync group memberships:
@@ -330,8 +396,8 @@ class UsersController extends Controller
             if ($request->filled('groups')) {
                 $user->groups()->sync($request->input('groups'));
             // The groups field has been passed but it is null, so we should blank it out
-            } elseif ($request->has('groups'))  {
-                $user->groups()->sync(array());
+            } elseif ($request->has('groups')) {
+                $user->groups()->sync([]);
             }
 
 
@@ -355,36 +421,37 @@ class UsersController extends Controller
         $user = User::findOrFail($id);
         $this->authorize('delete', $user);
 
-
         if (($user->assets) && ($user->assets->count() > 0)) {
-            return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/users/message.error.delete_has_assets')));
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.error.delete_has_assets')));
         }
 
         if (($user->licenses) && ($user->licenses->count() > 0)) {
-            return response()->json(Helper::formatStandardApiResponse('error', null,  'This user still has ' . $user->licenses->count() . ' license(s) associated with them and cannot be deleted.'));
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has '.$user->licenses->count().' license(s) associated with them and cannot be deleted.'));
         }
 
         if (($user->accessories) && ($user->accessories->count() > 0)) {
-            return response()->json(Helper::formatStandardApiResponse('error', null,  'This user still has ' . $user->accessories->count() . ' accessories associated with them.'));
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has '.$user->accessories->count().' accessories associated with them.'));
         }
 
         if (($user->managedLocations()) && ($user->managedLocations()->count() > 0)) {
-            return response()->json(Helper::formatStandardApiResponse('error', null,  'This user still has ' . $user->managedLocations()->count() . ' locations that they manage.'));
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has '.$user->managedLocations()->count().' locations that they manage.'));
         }
 
         if ($user->delete()) {
 
             // Remove the user's avatar if they have one
             if (Storage::disk('public')->exists('avatars/'.$user->avatar)) {
-                try  {
+                try {
                     Storage::disk('public')->delete('avatars/'.$user->avatar);
                 } catch (\Exception $e) {
                     \Log::debug($e);
-               }
+                }
             }
-            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/users/message.success.delete')));
+
+            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.success.delete')));
         }
-        return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/users/message.error.delete')));
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.error.delete')));
     }
 
     /**
@@ -395,12 +462,31 @@ class UsersController extends Controller
      * @param $userId
      * @return string JSON
      */
-    public function assets($id)
+    public function assets(Request $request, $id)
     {
         $this->authorize('view', User::class);
         $this->authorize('view', Asset::class);
         $assets = Asset::where('assigned_to', '=', $id)->where('assigned_type', '=', User::class)->with('model')->get();
-        return (new AssetsTransformer)->transformAssets($assets, $assets->count());
+
+        return (new AssetsTransformer)->transformAssets($assets, $assets->count(), $request);
+    }
+
+
+    /**
+     * Return JSON containing a list of consumables assigned to a user.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v3.0]
+     * @param $userId
+     * @return string JSON
+     */
+    public function consumables(Request $request, $id)
+    {
+        $this->authorize('view', User::class);
+        $this->authorize('view', Consumable::class);
+        $user = User::findOrFail($id);
+        $consumables = $user->consumables;
+        return (new ConsumablesTransformer)->transformConsumables($consumables, $consumables->count(), $request);
     }
 
     /**
@@ -417,6 +503,7 @@ class UsersController extends Controller
         $user = User::findOrFail($id);
         $this->authorize('view', Accessory::class);
         $accessories = $user->accessories;
+
         return (new AccessoriesTransformer)->transformAccessories($accessories, $accessories->count());
     }
 
@@ -432,14 +519,17 @@ class UsersController extends Controller
     {
         $this->authorize('view', User::class);
         $this->authorize('view', License::class);
-        $user = User::where('id', $id)->withTrashed()->first();
-        $licenses = $user->licenses()->get();
-        return (new LicensesTransformer())->transformLicenses($licenses, $licenses->count());
+        
+        if ($user = User::where('id', $id)->withTrashed()->first()) {
+            $licenses = $user->licenses()->get();
+            return (new LicensesTransformer())->transformLicenses($licenses, $licenses->count());
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.user_not_found', compact('id'))));
+
     }
 
     /**
-
-
      * Reset the user's two-factor status
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
@@ -449,7 +539,6 @@ class UsersController extends Controller
      */
     public function postTwoFactorReset(Request $request)
     {
-
         $this->authorize('update', User::class);
 
         if ($request->filled('id')) {
@@ -458,6 +547,7 @@ class UsersController extends Controller
                 $user->two_factor_secret = null;
                 $user->two_factor_enrolled = 0;
                 $user->save();
+
                 return response()->json(['message' => trans('admin/settings/general.two_factor_reset_success')], 200);
             } catch (\Exception $e) {
                 return response()->json(['message' => trans('admin/settings/general.two_factor_reset_error')], 500);
@@ -465,6 +555,7 @@ class UsersController extends Controller
         }
         return response()->json(['message' => 'No ID provided'], 500);
 
+
     }
 
     /**
@@ -479,4 +570,28 @@ class UsersController extends Controller
     {
         return (new UsersTransformer)->transformUser($request->user());
     }
+
+    /**
+     * Restore a soft-deleted user.
+     *
+     * @author [E. Taylor] [<dev@evantaylor.name>]
+     * @param int $userId
+     * @since [v6.0.0]
+     * @return JsonResponse
+     */
+    public function restore($userId = null)
+    {
+        // Get asset information
+        $user = User::withTrashed()->find($userId);
+        $this->authorize('delete', $user);
+        if (isset($user->id)) {
+            // Restore the user
+            User::withTrashed()->where('id', $userId)->restore();
+
+            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.success.restored')));
+        }
+        
+        $id = $userId;
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.user_not_found', compact('id'))), 200);
+    }
 }

app/Http/Controllers/AssetMaintenancesController.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace App\Http\Controllers;
 
 use App\Helpers\Helper;
@@ -21,7 +22,6 @@ use View;
  */
 class AssetMaintenancesController extends Controller
 {
-
     /**
     * Checks for permissions for this action.
     *
@@ -50,11 +50,10 @@ class AssetMaintenancesController extends Controller
     */
     public function index()
     {
+        $this->authorize('view', Asset::class);
         return view('asset_maintenances/index');
     }
 
-
-
     /**
      *  Returns a form view to create a new asset maintenance.
      *
@@ -66,6 +65,7 @@ class AssetMaintenancesController extends Controller
      */
     public function create()
     {
+        $this->authorize('update', Asset::class);
         $asset = null;
 
         if ($asset = Asset::find(request('asset_id'))) {
@@ -96,32 +96,33 @@ class AssetMaintenancesController extends Controller
     */
     public function store(Request $request)
     {
+        $this->authorize('update', Asset::class);
         // create a new model instance
         $assetMaintenance = new AssetMaintenance();
         $assetMaintenance->supplier_id = $request->input('supplier_id');
         $assetMaintenance->is_warranty = $request->input('is_warranty');
-        $assetMaintenance->cost =  $request->input('cost');
+        $assetMaintenance->cost = Helper::ParseCurrency($request->input('cost'));
         $assetMaintenance->notes = $request->input('notes');
         $asset = Asset::find($request->input('asset_id'));
 
-        if ((!Company::isCurrentUserHasAccess($asset)) && ($asset!=null)) {
+        if ((! Company::isCurrentUserHasAccess($asset)) && ($asset != null)) {
             return static::getInsufficientPermissionsRedirect();
         }
 
         // Save the asset maintenance data
-        $assetMaintenance->asset_id               = $request->input('asset_id');
+        $assetMaintenance->asset_id = $request->input('asset_id');
         $assetMaintenance->asset_maintenance_type = $request->input('asset_maintenance_type');
-        $assetMaintenance->title                  = $request->input('title');
-        $assetMaintenance->start_date             = $request->input('start_date');
-        $assetMaintenance->completion_date        = $request->input('completion_date');
-        $assetMaintenance->user_id                = Auth::id();
+        $assetMaintenance->title = $request->input('title');
+        $assetMaintenance->start_date = $request->input('start_date');
+        $assetMaintenance->completion_date = $request->input('completion_date');
+        $assetMaintenance->user_id = Auth::id();
 
-        if (( $assetMaintenance->completion_date !== null )
-            && ( $assetMaintenance->start_date !== "" )
-            && ( $assetMaintenance->start_date !== "0000-00-00" )
+        if (($assetMaintenance->completion_date !== null)
+            && ($assetMaintenance->start_date !== '')
+            && ($assetMaintenance->start_date !== '0000-00-00')
         ) {
-            $startDate                                = Carbon::parse($assetMaintenance->start_date);
-            $completionDate                           = Carbon::parse($assetMaintenance->completion_date);
+            $startDate = Carbon::parse($assetMaintenance->start_date);
+            $completionDate = Carbon::parse($assetMaintenance->completion_date);
             $assetMaintenance->asset_maintenance_time = $completionDate->diffInDays($startDate);
         }
 
@@ -133,7 +134,6 @@ class AssetMaintenancesController extends Controller
         }
 
         return redirect()->back()->withInput()->withErrors($assetMaintenance->getErrors());
-
     }
 
     /**
@@ -148,16 +148,16 @@ class AssetMaintenancesController extends Controller
     */
     public function edit($assetMaintenanceId = null)
     {
+        $this->authorize('update', Asset::class);
         // Check if the asset maintenance exists
         if (is_null($assetMaintenance = AssetMaintenance::find($assetMaintenanceId))) {
             // Redirect to the improvement management page
             return redirect()->route('maintenances.index')
                            ->with('error', trans('admin/asset_maintenances/message.not_found'));
-        } elseif (!$assetMaintenance->asset) {
+        } elseif (! $assetMaintenance->asset) {
             return redirect()->route('maintenances.index')
                 ->with('error', 'The asset associated with this maintenance does not exist.');
-
-        } elseif (!Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
+        } elseif (! Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
             return static::getInsufficientPermissionsRedirect();
         }
 
@@ -184,7 +184,6 @@ class AssetMaintenancesController extends Controller
                    ->with('selectedAsset', null)
                    ->with('assetMaintenanceType', $assetMaintenanceType)
                    ->with('item', $assetMaintenance);
-
     }
 
     /**
@@ -200,48 +199,49 @@ class AssetMaintenancesController extends Controller
      */
     public function update(Request $request, $assetMaintenanceId = null)
     {
+        $this->authorize('update', Asset::class);
         // Check if the asset maintenance exists
         if (is_null($assetMaintenance = AssetMaintenance::find($assetMaintenanceId))) {
             // Redirect to the asset maintenance management page
             return redirect()->route('maintenances.index')
                            ->with('error', trans('admin/asset_maintenances/message.not_found'));
-        } elseif (!Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
+        } elseif (! Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
             return static::getInsufficientPermissionsRedirect();
         }
 
-        $assetMaintenance->supplier_id = e($request->input('supplier_id'));
-        $assetMaintenance->is_warranty = e($request->input('is_warranty'));
-        $assetMaintenance->cost =  Helper::ParseFloat(e($request->input('cost')));
-        $assetMaintenance->notes = e($request->input('notes'));
+        $assetMaintenance->supplier_id = $request->input('supplier_id');
+        $assetMaintenance->is_warranty = $request->input('is_warranty');
+        $assetMaintenance->cost =  Helper::ParseCurrency($request->input('cost'));
+        $assetMaintenance->notes = $request->input('notes');
 
         $asset = Asset::find(request('asset_id'));
 
-        if (!Company::isCurrentUserHasAccess($asset)) {
+        if (! Company::isCurrentUserHasAccess($asset)) {
             return static::getInsufficientPermissionsRedirect();
         }
 
         // Save the asset maintenance data
-        $assetMaintenance->asset_id               = $request->input('asset_id');
+        $assetMaintenance->asset_id = $request->input('asset_id');
         $assetMaintenance->asset_maintenance_type = $request->input('asset_maintenance_type');
-        $assetMaintenance->title                  = $request->input('title');
-        $assetMaintenance->start_date             = $request->input('start_date');
-        $assetMaintenance->completion_date        = $request->input('completion_date');
+        $assetMaintenance->title = $request->input('title');
+        $assetMaintenance->start_date = $request->input('start_date');
+        $assetMaintenance->completion_date = $request->input('completion_date');
 
-        if (( $assetMaintenance->completion_date == null )
+        if (($assetMaintenance->completion_date == null)
         ) {
-            if (( $assetMaintenance->asset_maintenance_time !== 0 )
-              || ( !is_null($assetMaintenance->asset_maintenance_time) )
+            if (($assetMaintenance->asset_maintenance_time !== 0)
+              || (! is_null($assetMaintenance->asset_maintenance_time))
             ) {
                 $assetMaintenance->asset_maintenance_time = null;
             }
         }
 
-        if (( $assetMaintenance->completion_date !== null )
-          && ( $assetMaintenance->start_date !== "" )
-          && ( $assetMaintenance->start_date !== "0000-00-00" )
+        if (($assetMaintenance->completion_date !== null)
+          && ($assetMaintenance->start_date !== '')
+          && ($assetMaintenance->start_date !== '0000-00-00')
         ) {
-            $startDate                                = Carbon::parse($assetMaintenance->start_date);
-            $completionDate                           = Carbon::parse($assetMaintenance->completion_date);
+            $startDate = Carbon::parse($assetMaintenance->start_date);
+            $completionDate = Carbon::parse($assetMaintenance->completion_date);
             $assetMaintenance->asset_maintenance_time = $completionDate->diffInDays($startDate);
         }
 
@@ -252,6 +252,7 @@ class AssetMaintenancesController extends Controller
             return redirect()->route('maintenances.index')
                          ->with('success', trans('admin/asset_maintenances/message.edit.success'));
         }
+
         return redirect()->back()->withInput()->withErrors($assetMaintenance->getErrors());
     }
 
@@ -266,12 +267,13 @@ class AssetMaintenancesController extends Controller
     */
     public function destroy($assetMaintenanceId)
     {
+        $this->authorize('update', Asset::class);
         // Check if the asset maintenance exists
         if (is_null($assetMaintenance = AssetMaintenance::find($assetMaintenanceId))) {
             // Redirect to the asset maintenance management page
             return redirect()->route('maintenances.index')
                            ->with('error', trans('admin/asset_maintenances/message.not_found'));
-        } elseif (!Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
+        } elseif (! Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
             return static::getInsufficientPermissionsRedirect();
         }
 
@@ -294,12 +296,14 @@ class AssetMaintenancesController extends Controller
     */
     public function show($assetMaintenanceId)
     {
+        $this->authorize('view', Asset::class);
+
         // Check if the asset maintenance exists
         if (is_null($assetMaintenance = AssetMaintenance::find($assetMaintenanceId))) {
             // Redirect to the asset maintenance management page
             return redirect()->route('maintenances.index')
                            ->with('error', trans('admin/asset_maintenances/message.not_found'));
-        } elseif (!Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
+        } elseif (! Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
             return static::getInsufficientPermissionsRedirect();
         }
 

app/Http/Controllers/AssetModelsController.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace App\Http\Controllers;
 
 use App\Helpers\Helper;
@@ -10,7 +11,6 @@ use Illuminate\Support\Facades\View;
 use Redirect;
 use Request;
 use Storage;
-
 use Symfony\Component\HttpFoundation\JsonResponse;
 
 /**
@@ -34,6 +34,7 @@ class AssetModelsController extends Controller
     public function index()
     {
         $this->authorize('index', AssetModel::class);
+
         return view('models/index');
     }
 
@@ -48,12 +49,12 @@ class AssetModelsController extends Controller
     public function create()
     {
         $this->authorize('create', AssetModel::class);
+
         return view('models/edit')->with('category_type', 'asset')
             ->with('depreciation_list', Helper::depreciationList())
             ->with('item', new AssetModel);
     }
 
-
     /**
      * Validate and process the new Asset Model data.
      *
@@ -65,7 +66,6 @@ class AssetModelsController extends Controller
      */
     public function store(ImageUploadRequest $request)
     {
-
         $this->authorize('create', AssetModel::class);
         // Create a new asset model
         $model = new AssetModel;
@@ -73,29 +73,30 @@ class AssetModelsController extends Controller
         // Save the model data
         $model->eol = $request->input('eol');
         $model->depreciation_id = $request->input('depreciation_id');
-        $model->name                = $request->input('name');
-        $model->model_number        = $request->input('model_number');
-        $model->manufacturer_id     = $request->input('manufacturer_id');
-        $model->category_id         = $request->input('category_id');
-        $model->notes               = $request->input('notes');
-        $model->user_id             = Auth::id();
-        $model->requestable         = Request::has('requestable');
+        $model->name = $request->input('name');
+        $model->model_number = $request->input('model_number');
+        $model->manufacturer_id = $request->input('manufacturer_id');
+        $model->category_id = $request->input('category_id');
+        $model->notes = $request->input('notes');
+        $model->user_id = Auth::id();
+        $model->requestable = Request::has('requestable');
 
-        if ($request->input('custom_fieldset')!='') {
+        if ($request->input('custom_fieldset') != '') {
             $model->fieldset_id = e($request->input('custom_fieldset'));
         }
 
         $model = $request->handleImages($model);
 
-            // Was it created?
+        // Was it created?
         if ($model->save()) {
             if ($this->shouldAddDefaultValues($request->input())) {
                 $this->assignCustomFieldsDefaultValues($model, $request->input('default_values'));
             }
 
             // Redirect to the new model  page
-            return redirect()->route("models.index")->with('success', trans('admin/models/message.create.success'));
+            return redirect()->route('models.index')->with('success', trans('admin/models/message.create.success'));
         }
+
         return redirect()->back()->withInput()->withErrors($model->getErrors());
     }
 
@@ -113,13 +114,13 @@ class AssetModelsController extends Controller
         $this->authorize('update', AssetModel::class);
         if ($item = AssetModel::find($modelId)) {
             $category_type = 'asset';
-            $view = View::make('models/edit', compact('item','category_type'));
+            $view = View::make('models/edit', compact('item', 'category_type'));
             $view->with('depreciation_list', Helper::depreciationList());
+
             return $view;
         }
 
         return redirect()->route('models.index')->with('error', trans('admin/models/message.does_not_exist'));
-
     }
 
 
@@ -145,20 +146,18 @@ class AssetModelsController extends Controller
 
         $model = $request->handleImages($model);
 
-        $model->depreciation_id     = $request->input('depreciation_id');
-        $model->eol                 = $request->input('eol');
-        $model->name                = $request->input('name');
-        $model->model_number        = $request->input('model_number');
-        $model->manufacturer_id     = $request->input('manufacturer_id');
-        $model->category_id         = $request->input('category_id');
-        $model->notes               = $request->input('notes');
-        $model->requestable         = $request->input('requestable', '0');
-
-
+        $model->depreciation_id = $request->input('depreciation_id');
+        $model->eol = $request->input('eol');
+        $model->name = $request->input('name');
+        $model->model_number = $request->input('model_number');
+        $model->manufacturer_id = $request->input('manufacturer_id');
+        $model->category_id = $request->input('category_id');
+        $model->notes = $request->input('notes');
+        $model->requestable = $request->input('requestable', '0');
 
         $this->removeCustomFieldsDefaultValues($model);
 
-        if ($request->input('custom_fieldset')=='') {
+        if ($request->input('custom_fieldset') == '') {
             $model->fieldset_id = null;
         } else {
             $model->fieldset_id = $request->input('custom_fieldset');
@@ -168,10 +167,10 @@ class AssetModelsController extends Controller
             }
         }
 
-
         if ($model->save()) {
-            return redirect()->route("models.index")->with('success', trans('admin/models/message.update.success'));
+            return redirect()->route('models.index')->with('success', trans('admin/models/message.update.success'));
         }
+
         return redirect()->back()->withInput()->withErrors($model->getErrors());
     }
 
@@ -199,7 +198,7 @@ class AssetModelsController extends Controller
         }
 
         if ($model->image) {
-            try  {
+            try {
                 Storage::disk('public')->delete('models/'.$model->image);
             } catch (\Exception $e) {
                 \Log::info($e);
@@ -213,7 +212,6 @@ class AssetModelsController extends Controller
         return redirect()->route('models.index')->with('success', trans('admin/models/message.delete.success'));
     }
 
-
     /**
      * Restore a given Asset Model (mark as un-deleted)
      *
@@ -231,6 +229,7 @@ class AssetModelsController extends Controller
 
         if (isset($model->id)) {
             $model->restore();
+
             return redirect()->route('models.index')->with('success', trans('admin/models/message.restore.success'));
         }
         return redirect()->back()->with('error', trans('admin/models/message.not_found'));
@@ -260,15 +259,16 @@ class AssetModelsController extends Controller
     }
 
     /**
-    * Get the clone page to clone a model
-    *
-    * @author [A. Gianotto] [<snipe@snipe.net>]
-    * @since [v1.0]
-    * @param int $modelId
-    * @return View
-    */
+     * Get the clone page to clone a model
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.0]
+     * @param int $modelId
+     * @return View
+     */
     public function getClone($modelId = null)
     {
+        $this->authorize('create', AssetModel::class);
         // Check if the model exists
         if (is_null($model_to_clone = AssetModel::find($modelId))) {
             return redirect()->route('models.index')->with('error', trans('admin/models/message.does_not_exist'));
@@ -286,21 +286,20 @@ class AssetModelsController extends Controller
 
 
     /**
-    * Get the custom fields form
-    *
-    * @author [B. Wetherington] [<uberbrady@gmail.com>]
-    * @since [v2.0]
-    * @param int $modelId
-    * @return View
-    */
+     * Get the custom fields form
+     *
+     * @author [B. Wetherington] [<uberbrady@gmail.com>]
+     * @since [v2.0]
+     * @param int $modelId
+     * @return View
+     */
     public function getCustomFields($modelId)
     {
-        return view("models.custom_fields_form")->with("model", AssetModel::find($modelId));
+        return view('models.custom_fields_form')->with('model', AssetModel::find($modelId));
     }
 
 
 
-
     /**
      * Returns a view that allows the user to bulk edit model attrbutes
      *
@@ -310,28 +309,25 @@ class AssetModelsController extends Controller
      */
     public function postBulkEdit(Request $request)
     {
-
         $models_raw_array = $request->input('ids');
 
         // Make sure some IDs have been selected
         if ((is_array($models_raw_array)) && (count($models_raw_array) > 0)) {
-
-
             $models = AssetModel::whereIn('id', $models_raw_array)->withCount('assets as assets_count')->orderBy('assets_count', 'ASC')->get();
 
             // If deleting....
-            if ($request->input('bulk_actions')=='delete') {
+            if ($request->input('bulk_actions') == 'delete') {
                 $valid_count = 0;
                 foreach ($models as $model) {
                     if ($model->assets_count == 0) {
                         $valid_count++;
                     }
                 }
+
                 return view('models/bulk-delete', compact('models'))->with('valid_count', $valid_count);
 
             // Otherwise display the bulk edit screen
             } else {
-
                 $nochange = ['NC' => 'No Change'];
                 $fieldset_list = $nochange + Helper::customFieldsetList();
                 $depreciation_list = $nochange + Helper::depreciationList();
@@ -340,12 +336,10 @@ class AssetModelsController extends Controller
                     ->with('fieldset_list', $fieldset_list)
                     ->with('depreciation_list', $depreciation_list);
             }
-
         }
 
         return redirect()->route('models.index')
             ->with('error', 'You must select at least one model to edit.');
-
     }
 
 
@@ -359,35 +353,33 @@ class AssetModelsController extends Controller
      */
     public function postBulkEditSave(Request $request)
     {
-
         $models_raw_array = $request->input('ids');
-        $update_array = array();
+        $update_array = [];
 
 
-        if (($request->filled('manufacturer_id') && ($request->input('manufacturer_id')!='NC'))) {
+        if (($request->filled('manufacturer_id') && ($request->input('manufacturer_id') != 'NC'))) {
             $update_array['manufacturer_id'] = $request->input('manufacturer_id');
         }
-        if (($request->filled('category_id') && ($request->input('category_id')!='NC'))) {
+        if (($request->filled('category_id') && ($request->input('category_id') != 'NC'))) {
             $update_array['category_id'] = $request->input('category_id');
         }
-        if ($request->input('fieldset_id')!='NC') {
+        if ($request->input('fieldset_id') != 'NC') {
             $update_array['fieldset_id'] = $request->input('fieldset_id');
         }
-        if ($request->input('depreciation_id')!='NC') {
+        if ($request->input('depreciation_id') != 'NC') {
             $update_array['depreciation_id'] = $request->input('depreciation_id');
         }
 
-
         
         if (count($update_array) > 0) {
             AssetModel::whereIn('id', $models_raw_array)->update($update_array);
+
             return redirect()->route('models.index')
                 ->with('success', trans('admin/models/message.bulkedit.success'));
         }
 
         return redirect()->route('models.index')
             ->with('warning', trans('admin/models/message.bulkedit.error'));
-
     }
 
     /**
@@ -404,7 +396,6 @@ class AssetModelsController extends Controller
         $models_raw_array = $request->input('ids');
 
         if ((is_array($models_raw_array)) && (count($models_raw_array) > 0)) {
-
             $models = AssetModel::whereIn('id', $models_raw_array)->withCount('assets as assets_count')->get();
 
             $del_error_count = 0;
@@ -426,7 +417,7 @@ class AssetModelsController extends Controller
 
             if ($del_error_count == 0) {
                 return redirect()->route('models.index')
-                    ->with('success', trans('admin/models/message.bulkdelete.success',['success_count'=> $del_count] ));
+                    ->with('success', trans('admin/models/message.bulkdelete.success', ['success_count'=> $del_count]));
             }
 
             return redirect()->route('models.index')
@@ -435,7 +426,6 @@ class AssetModelsController extends Controller
 
         return redirect()->route('models.index')
             ->with('error', trans('admin/models/message.bulkdelete.error'));
-
     }
 
     /**
@@ -443,13 +433,13 @@ class AssetModelsController extends Controller
      * any default values were entered into the form.
      *
      * @param  array  $input
-     * @return boolean
+     * @return bool
      */
     private function shouldAddDefaultValues(array $input)
     {
-        return !empty($input['add_default_values'])
-            && !empty($input['default_values'])
-            && !empty($input['custom_fieldset']);
+        return ! empty($input['add_default_values'])
+            && ! empty($input['default_values'])
+            && ! empty($input['custom_fieldset']);
     }
 
     /**
@@ -462,7 +452,9 @@ class AssetModelsController extends Controller
     private function assignCustomFieldsDefaultValues(AssetModel $model, array $defaultValues)
     {
         foreach ($defaultValues as $customFieldId => $defaultValue) {
-            if ($defaultValue) {
+            if(is_array($defaultValue)){
+                $model->defaultValues()->attach($customFieldId, ['default_value' => implode(', ', $defaultValue)]);
+            }elseif ($defaultValue) {
                 $model->defaultValues()->attach($customFieldId, ['default_value' => $defaultValue]);
             }
         }