Merge branch 'develop' into features/setting_for_username_display

This is broken right now :(
Signed-off-by: snipe <snipe@snipe.net>
2023-02-14 21:18:19 -08:00 · 2023-02-14 21:04:14 -08:00 · 2023-02-14 21:04:03 -08:00 · 2023-02-14 20:54:27 -08:00 · 2023-02-14 20:54:13 -08:00 · 2023-02-14 20:53:55 -08:00
1280 changed files with 316534 additions and 6767 deletions
--- a/.all-contributorsrc
+++ b/.all-contributorsrc
@@ -2675,6 +2675,168 @@
      "contributions": [
        "code"
      ]
+    },
+    {
+      "login": "julian-piehl",
+      "name": "Peace",
+      "avatar_url": "https://avatars.githubusercontent.com/u/32363424?v=4",
+      "profile": "https://github.com/julian-piehl",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "kylegordon",
+      "name": "Kyle Gordon",
+      "avatar_url": "https://avatars.githubusercontent.com/u/231528?v=4",
+      "profile": "https://github.com/kylegordon",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "sunflowerbofh",
+      "name": "Katharina Drexel",
+      "avatar_url": "https://avatars.githubusercontent.com/u/53009155?v=4",
+      "profile": "http://www.bfh.ch",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "dsferruzza",
+      "name": "David Sferruzza",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1931963?v=4",
+      "profile": "https://david.sferruzza.fr/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "rnelsonee",
+      "name": "Rick Nelson",
+      "avatar_url": "https://avatars.githubusercontent.com/u/19511639?v=4",
+      "profile": "https://github.com/rnelsonee",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "BasO12",
+      "name": "BasO12",
+      "avatar_url": "https://avatars.githubusercontent.com/u/94169344?v=4",
+      "profile": "https://github.com/BasO12",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Vautia",
+      "name": "Vautia",
+      "avatar_url": "https://avatars.githubusercontent.com/u/111710123?v=4",
+      "profile": "https://github.com/Vautia",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "chartjes",
+      "name": "Chris Hartjes",
+      "avatar_url": "https://avatars.githubusercontent.com/u/28321?v=4",
+      "profile": "http://www.littlehart.net/atthekeyboard",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "geo-chen",
+      "name": "geo-chen",
+      "avatar_url": "https://avatars.githubusercontent.com/u/2404584?v=4",
+      "profile": "https://github.com/geo-chen",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "nh314",
+      "name": "Phan Nguyen",
+      "avatar_url": "https://avatars.githubusercontent.com/u/6006620?v=4",
+      "profile": "https://github.com/nh314",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "StarlessNights",
+      "name": "Iisakki Jaakkola",
+      "avatar_url": "https://avatars.githubusercontent.com/u/115993812?v=4",
+      "profile": "https://github.com/StarlessNights",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "eltociear",
+      "name": "Ikko Ashimine",
+      "avatar_url": "https://avatars.githubusercontent.com/u/22633385?v=4",
+      "profile": "https://bandism.net/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "lukasfehling",
+      "name": "Lukas Fehling",
+      "avatar_url": "https://avatars.githubusercontent.com/u/56871540?v=4",
+      "profile": "https://github.com/lukasfehling",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "fernando-almeida",
+      "name": "Fernando Almeida",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1975990?v=4",
+      "profile": "https://github.com/fernando-almeida",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "akemidx",
+      "name": "akemidx",
+      "avatar_url": "https://avatars.githubusercontent.com/u/116301219?v=4",
+      "profile": "https://github.com/akemidx",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "oguzbilgic",
+      "name": "Oguz Bilgic",
+      "avatar_url": "https://avatars.githubusercontent.com/u/144778?v=4",
+      "profile": "http://oguz.site",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "scoo73r",
+      "name": "Scooter Crawford",
+      "avatar_url": "https://avatars.githubusercontent.com/u/9262438?v=4",
+      "profile": "https://github.com/scoo73r",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "subdriven",
+      "name": "subdriven",
+      "avatar_url": "https://avatars.githubusercontent.com/u/5957345?v=4",
+      "profile": "https://github.com/subdriven",
+      "contributions": [
+        "code"
+      ]
    }
  ]
 }
--- a/.env.dusk.example
+++ b/.env.dusk.example
@@ -20,12 +20,13 @@ PUBLIC_FILESYSTEM_DISK=local_public
 # REQUIRED: DATABASE SETTINGS
 # --------------------------------------------
 DB_CONNECTION=mysql
-DB_HOST=localhost
-DB_DATABASE=snipeit-local
-DB_USERNAME=snipeit-local
-DB_PASSWORD=snipeit-local
+DB_HOST=127.0.0.1
+DB_PORT=3306
+DB_DATABASE=null
+DB_USERNAME=null
+DB_PASSWORD=null
 DB_PREFIX=null
-DB_DUMP_PATH='/Applications/MAMP/Library/bin'
+#DB_DUMP_PATH=

 # --------------------------------------------
 # OPTIONAL: SSL DATABASE SETTINGS
--- a/.env.example
+++ b/.env.example
@@ -24,6 +24,7 @@ PUBLIC_FILESYSTEM_DISK=local_public
 # --------------------------------------------
 DB_CONNECTION=mysql
 DB_HOST=127.0.0.1
+DB_PORT=3306
 DB_DATABASE=null
 DB_USERNAME=null
 DB_PASSWORD=null
@@ -172,3 +173,10 @@ IMPORT_MEMORY_LIMIT=500M
 REPORT_TIME_LIMIT=12000
 REQUIRE_SAML=false
 API_THROTTLE_PER_MINUTE=120
+CSV_ESCAPE_FORMULAS=true
+
+# --------------------------------------------
+# OPTIONAL: SCIM
+# --------------------------------------------
+SCIM_TRACE=false
+SCIM_STANDARDS_COMPLIANCE=false
--- a/.env.testing
+++ b/.env.testing
@@ -14,6 +14,7 @@ FILESYSTEM_DISK=local
 # --------------------------------------------
 DB_CONNECTION=sqlite_testing
 DB_HOST=localhost
+DB_PORT=3306
 DB_DATABASE=testing.sqlite
 DB_USERNAME=null
 DB_PASSWORD=null
--- a/.env.testing-ci
+++ b/.env.testing-ci
@@ -14,6 +14,7 @@ FILESYSTEM_DISK=local
 # --------------------------------------------
 DB_CONNECTION=sqlite
 DB_HOST=localhost
+DB_PORT=3306
 DB_DATABASE='sqlite_testing'
 DB_USERNAME=root
 DB_PASSWORD=null
@@ -34,4 +35,4 @@ IMAGE_LIB=gd
 # --------------------------------------------
 # OPTIONAL: APP LOG FORMAT
 # --------------------------------------------
-LOG_CHANNEL=single
+LOG_CHANNEL=single
--- a/.env.tests
+++ b/.env.tests
@@ -4,6 +4,7 @@ APP_URL=http://snipe-it.localapp
 DB_CONNECTION=mysql
 DB_DEFAULT=mysql
 DB_HOST=localhost
+DB_PORT=3306
 DB_DATABASE=snipeittests
 DB_USERNAME=snipeit
 DB_PASSWORD=snipe
--- a/.env.unit-tests
+++ b/.env.unit-tests
@@ -4,6 +4,7 @@ APP_URL=http://snipe-it.localapp
 DB_CONNECTION=sqlite_testing
 DB_DEFAULT=sqlite_testing
 DB_HOST=localhost
+DB_PORT=3306
 APP_KEY=base64:tu9NRh/a6+dCXBDGvg0Gv/0TcABnFsbT4AKxrr8mwQo=


--- a/.github/workflows/SA-codeql.yml
+++ b/.github/workflows/SA-codeql.yml
@@ -26,7 +26,7 @@ jobs:
        language: [ 'javascript' ]
    steps:
    - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3.3.0

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
--- a/.github/workflows/codacy-analysis.yml
+++ b/.github/workflows/codacy-analysis.yml
@@ -32,11 +32,11 @@ jobs:
    steps:
      # Checkout the repository to the GitHub Actions runner
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.3.0

      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
      - name: Run Codacy Analysis CLI
-        uses: codacy/codacy-analysis-cli-action@v4.1.0
+        uses: codacy/codacy-analysis-cli-action@v4.2.0
        with:
          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
          # You can also omit the token and run the tools that support default configurations
--- a/.github/workflows/docker-alpine.yml
+++ b/.github/workflows/docker-alpine.yml
@@ -41,7 +41,7 @@ jobs:
    steps:
      # https://github.com/actions/checkout
      - name: Checkout codebase
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.3.0

      # https://github.com/docker/setup-buildx-action
      - name: Setup Docker Buildx
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -41,7 +41,7 @@ jobs:
    steps:
      # https://github.com/actions/checkout
      - name: Checkout codebase
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.3.0

      # https://github.com/docker/setup-buildx-action
      - name: Setup Docker Buildx
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,8 @@
 .couscous
 .DS_Store
 .env
+.env.dusk.*
+!.env.dusk.example
 .idea
 /bin/
 /bootstrap/compiled.php
--- a/3
+++ b/3
@@ -24,6 +24,7 @@ php7.4-mbstring \
 php7.4-zip \
 php7.4-bcmath \
 php7.4-redis \
+php-memcached \
 patch \
 curl \
 wget  \
@@ -139,4 +140,4 @@ RUN chmod +x /startup.sh /usr/bin/supervisor-exit-event-listener
 CMD ["/startup.sh"]

 EXPOSE 80
-EXPOSE 443
+EXPOSE 443
--- a/Dockerfile.alpine
+++ b/Dockerfile.alpine
@@ -28,6 +28,7 @@ RUN  apk add --no-cache \
        php7-xmlreader \
        php7-sodium \
        php7-redis \
+        php7-pecl-memcached \
        curl \
        wget \
        vim \
@@ -85,4 +86,4 @@ ENTRYPOINT ["/sbin/tini", "--"]

 CMD ["/entrypoint.sh"]

-EXPOSE 80
+EXPOSE 80
--- a/Dockerfile.fpm-alpine
+++ b/Dockerfile.fpm-alpine
@@ -75,14 +75,14 @@ RUN set -eux; \
 	rm snipeit.tar.gz; \
 # Install composer php dependencies
    if [ "$ENVIRONMENT" = "production" ]; then \
-        echo "production enviroment detected!"; \
+        echo "production environment detected!"; \
        composer update \
            --no-cache \
            --no-dev \
            --optimize-autoloader \
            --working-dir=/var/www/html; \
    else \
-        echo "development enviroment detected!"; \
+        echo "development environment detected!"; \
        apk add --no-cache \
            ${DEV_PACKAGES}; \
        composer update \
@@ -100,4 +100,4 @@ COPY --chown=www-data:www-data docker/docker-secrets.env /var/www/html/.env
 COPY --chmod=655 docker/docker-entrypoint.sh /usr/local/bin/docker-snipeit-entrypoint
 COPY docker/column-statistics.cnf /etc/mysql/conf.d/column-statistics.cnf
 ENTRYPOINT [ "/usr/local/bin/docker-snipeit-entrypoint" ]
-CMD [ "/usr/local/bin/docker-php-entrypoint", "php-fpm" ]
+CMD [ "/usr/local/bin/docker-php-entrypoint", "php-fpm" ]
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![Build Status](https://app.chipperci.com/projects/0e5f8979-31eb-4ee6-9abf-050b76ab0383/status/master) [![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeitapp.svg?style=social)](https://twitter.com/snipeitapp)  [![Codacy Badge](https://api.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://www.codacy.com/app/snipe/snipe-it?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=snipe/snipe-it&amp;utm_campaign=Badge_Grade)
-[![All Contributors](https://img.shields.io/badge/all_contributors-294-orange.svg?style=flat-square)](#contributors) [![Discord](https://badgen.net/badge/icon/discord?icon=discord&label)](https://discord.gg/yZFtShAcKk) [![huntr](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev)
+[![All Contributors](https://img.shields.io/badge/all_contributors-312-orange.svg?style=flat-square)](#contributors) [![Discord](https://badgen.net/badge/icon/discord?icon=discord&label)](https://discord.gg/yZFtShAcKk) [![huntr](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev)

 ## Snipe-IT - Open Source Asset Management System

@@ -59,7 +59,8 @@ Since the release of the JSON REST API, several third-party developers have been
 - [SnipeSharp - .NET module in C#](https://github.com/barrycarey/SnipeSharp) by [@barrycarey](https://github.com/barrycarey)
 - [InQRy -unmaintained-](https://github.com/Microsoft/InQRy) by [@Microsoft](https://github.com/Microsoft)
 - [SnipeitPS](https://github.com/snazy2000/SnipeitPS) by [@snazy2000](https://github.com/snazy2000) - Powershell API Wrapper for Snipe-it
- [jamf2snipe](https://github.com/ParadoxGuitarist/jamf2snipe) by [@ParadoxGuitarist](https://github.com/ParadoxGuitarist) - Python script to sync assets between a JAMFPro instance and a Snipe-IT instance
+- [jamf2snipe](https://github.com/grokability/jamf2snipe) - Python script to sync assets between a JAMFPro instance and a Snipe-IT instance
+- [jamf-snipe-rename](https://macblog.org/jamf-snipe-rename/) - Python script to rename computers in Jamf from Snipe-IT
 - [Marksman](https://github.com/Scope-IT/marksman) - A Windows agent for Snipe-IT
 - [Snipe-IT plugin for Jira Service Desk](https://marketplace.atlassian.com/apps/1220964/snipe-it-for-jira)
 - [Python 3 CSV importer](https://github.com/gastamper/snipeit-csvimporter) - allows importing assets into Snipe-IT based on Item Name rather than Asset Tag.
@@ -79,6 +80,8 @@ Please see the documentation on [contributing and developing for Snipe-IT](https

 Please note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.

+The ERD is available [online here](https://drawsql.app/templates/snipe-it).
+
 -----

 ### Security
@@ -135,6 +138,9 @@ Thanks goes to all of these wonderful people ([emoji key](https://github.com/ken
 | [<img src="https://avatars.githubusercontent.com/u/1911435?v=4" width="110px;"/><br /><sub>Adam</sub>](http://www.aboutcher.co.uk)<br />[💻](https://github.com/snipe/snipe-it/commits?author=adamboutcher "Code") | [<img src="https://avatars.githubusercontent.com/u/16104273?v=4" width="110px;"/><br /><sub>Ian</sub>](https://snksrv.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=sneak-it "Code") | [<img src="https://avatars.githubusercontent.com/u/4023909?v=4" width="110px;"/><br /><sub>Shao Yu-Lung (Allen)</sub>](http://blog.bestlong.idv.tw/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=bestlong "Code") | [<img src="https://avatars.githubusercontent.com/u/76475453?v=4" width="110px;"/><br /><sub>Haxatron</sub>](https://github.com/Haxatron)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Haxatron "Code") | [<img src="https://avatars.githubusercontent.com/u/88776392?v=4" width="110px;"/><br /><sub>PlaneNuts</sub>](https://github.com/PlaneNuts)<br />[💻](https://github.com/snipe/snipe-it/commits?author=PlaneNuts "Code") | [<img src="https://avatars.githubusercontent.com/u/3842948?v=4" width="110px;"/><br /><sub>Bradley Coudriet</sub>](http://bjcpgd.cias.rit.edu)<br />[💻](https://github.com/snipe/snipe-it/commits?author=exula "Code") | [<img src="https://avatars.githubusercontent.com/u/21966173?v=4" width="110px;"/><br /><sub>Dalton Durst</sub>](https://daltondur.st)<br />[💻](https://github.com/snipe/snipe-it/commits?author=UniversalSuperBox "Code") |
 | [<img src="https://avatars.githubusercontent.com/u/38761237?v=4" width="110px;"/><br /><sub>Alex Janes</sub>](https://adagiohealth.org)<br />[💻](https://github.com/snipe/snipe-it/commits?author=adagioajanes "Code") | [<img src="https://avatars.githubusercontent.com/u/32387849?v=4" width="110px;"/><br /><sub>Nuraeil</sub>](https://github.com/nuraeil)<br />[💻](https://github.com/snipe/snipe-it/commits?author=nuraeil "Code") | [<img src="https://avatars.githubusercontent.com/u/48162670?v=4" width="110px;"/><br /><sub>TenOfTens</sub>](https://github.com/TenOfTens)<br />[💻](https://github.com/snipe/snipe-it/commits?author=TenOfTens "Code") | [<img src="https://avatars.githubusercontent.com/u/9415391?v=4" width="110px;"/><br /><sub>waffle</sub>](https://ditisjens.be/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=insert-waffle "Code") | [<img src="https://avatars.githubusercontent.com/u/19945501?v=4" width="110px;"/><br /><sub>Yevhenii Huzii</sub>](https://github.com/QveenSi)<br />[💻](https://github.com/snipe/snipe-it/commits?author=QveenSi "Code") | [<img src="https://avatars.githubusercontent.com/u/3839381?v=4" width="110px;"/><br /><sub>Achmad Fienan Rahardianto</sub>](https://github.com/veenone)<br />[💻](https://github.com/snipe/snipe-it/commits?author=veenone "Code") | [<img src="https://avatars.githubusercontent.com/u/19945501?v=4" width="110px;"/><br /><sub>Yevhenii Huzii</sub>](https://github.com/QveenSi)<br />[💻](https://github.com/snipe/snipe-it/commits?author=QveenSi "Code") |
 | [<img src="https://avatars.githubusercontent.com/u/97299851?v=4" width="110px;"/><br /><sub>Christian Weirich</sub>](https://github.com/chrisweirich)<br />[💻](https://github.com/snipe/snipe-it/commits?author=chrisweirich "Code") | [<img src="https://avatars.githubusercontent.com/u/1294403?v=4" width="110px;"/><br /><sub>denzfarid</sub>](https://github.com/denzfarid)<br /> | [<img src="https://avatars.githubusercontent.com/u/94018771?v=4" width="110px;"/><br /><sub>ntbutler-nbcs</sub>](https://github.com/ntbutler-nbcs)<br />[💻](https://github.com/snipe/snipe-it/commits?author=ntbutler-nbcs "Code") | [<img src="https://avatars.githubusercontent.com/u/172697?v=4" width="110px;"/><br /><sub>Naveen</sub>](https://naveensrinivasan.dev)<br />[💻](https://github.com/snipe/snipe-it/commits?author=naveensrinivasan "Code") | [<img src="https://avatars.githubusercontent.com/u/55674383?v=4" width="110px;"/><br /><sub>Mike Roquemore</sub>](https://github.com/mikeroq)<br />[💻](https://github.com/snipe/snipe-it/commits?author=mikeroq "Code") | [<img src="https://avatars.githubusercontent.com/u/7991086?v=4" width="110px;"/><br /><sub>Daniel Reeder</sub>](https://github.com/reederda)<br />[🌍](#translation-reederda "Translation") [🌍](#translation-reederda "Translation") [💻](https://github.com/snipe/snipe-it/commits?author=reederda "Code") | [<img src="https://avatars.githubusercontent.com/u/109422491?v=4" width="110px;"/><br /><sub>vickyjaura183</sub>](https://github.com/vickyjaura183)<br />[💻](https://github.com/snipe/snipe-it/commits?author=vickyjaura183 "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/32363424?v=4" width="110px;"/><br /><sub>Peace</sub>](https://github.com/julian-piehl)<br />[💻](https://github.com/snipe/snipe-it/commits?author=julian-piehl "Code") | [<img src="https://avatars.githubusercontent.com/u/231528?v=4" width="110px;"/><br /><sub>Kyle Gordon</sub>](https://github.com/kylegordon)<br />[💻](https://github.com/snipe/snipe-it/commits?author=kylegordon "Code") | [<img src="https://avatars.githubusercontent.com/u/53009155?v=4" width="110px;"/><br /><sub>Katharina Drexel</sub>](http://www.bfh.ch)<br />[💻](https://github.com/snipe/snipe-it/commits?author=sunflowerbofh "Code") | [<img src="https://avatars.githubusercontent.com/u/1931963?v=4" width="110px;"/><br /><sub>David Sferruzza</sub>](https://david.sferruzza.fr/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=dsferruzza "Code") | [<img src="https://avatars.githubusercontent.com/u/19511639?v=4" width="110px;"/><br /><sub>Rick Nelson</sub>](https://github.com/rnelsonee)<br />[💻](https://github.com/snipe/snipe-it/commits?author=rnelsonee "Code") | [<img src="https://avatars.githubusercontent.com/u/94169344?v=4" width="110px;"/><br /><sub>BasO12</sub>](https://github.com/BasO12)<br />[💻](https://github.com/snipe/snipe-it/commits?author=BasO12 "Code") | [<img src="https://avatars.githubusercontent.com/u/111710123?v=4" width="110px;"/><br /><sub>Vautia</sub>](https://github.com/Vautia)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Vautia "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/28321?v=4" width="110px;"/><br /><sub>Chris Hartjes</sub>](http://www.littlehart.net/atthekeyboard)<br />[💻](https://github.com/snipe/snipe-it/commits?author=chartjes "Code") | [<img src="https://avatars.githubusercontent.com/u/2404584?v=4" width="110px;"/><br /><sub>geo-chen</sub>](https://github.com/geo-chen)<br />[💻](https://github.com/snipe/snipe-it/commits?author=geo-chen "Code") | [<img src="https://avatars.githubusercontent.com/u/6006620?v=4" width="110px;"/><br /><sub>Phan Nguyen</sub>](https://github.com/nh314)<br />[💻](https://github.com/snipe/snipe-it/commits?author=nh314 "Code") | [<img src="https://avatars.githubusercontent.com/u/115993812?v=4" width="110px;"/><br /><sub>Iisakki Jaakkola</sub>](https://github.com/StarlessNights)<br />[💻](https://github.com/snipe/snipe-it/commits?author=StarlessNights "Code") | [<img src="https://avatars.githubusercontent.com/u/22633385?v=4" width="110px;"/><br /><sub>Ikko Ashimine</sub>](https://bandism.net/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=eltociear "Code") | [<img src="https://avatars.githubusercontent.com/u/56871540?v=4" width="110px;"/><br /><sub>Lukas Fehling</sub>](https://github.com/lukasfehling)<br />[💻](https://github.com/snipe/snipe-it/commits?author=lukasfehling "Code") | [<img src="https://avatars.githubusercontent.com/u/1975990?v=4" width="110px;"/><br /><sub>Fernando Almeida</sub>](https://github.com/fernando-almeida)<br />[💻](https://github.com/snipe/snipe-it/commits?author=fernando-almeida "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/116301219?v=4" width="110px;"/><br /><sub>akemidx</sub>](https://github.com/akemidx)<br />[💻](https://github.com/snipe/snipe-it/commits?author=akemidx "Code") | [<img src="https://avatars.githubusercontent.com/u/144778?v=4" width="110px;"/><br /><sub>Oguz Bilgic</sub>](http://oguz.site)<br />[💻](https://github.com/snipe/snipe-it/commits?author=oguzbilgic "Code") | [<img src="https://avatars.githubusercontent.com/u/9262438?v=4" width="110px;"/><br /><sub>Scooter Crawford</sub>](https://github.com/scoo73r)<br />[💻](https://github.com/snipe/snipe-it/commits?author=scoo73r "Code") | [<img src="https://avatars.githubusercontent.com/u/5957345?v=4" width="110px;"/><br /><sub>subdriven</sub>](https://github.com/subdriven)<br />[💻](https://github.com/snipe/snipe-it/commits?author=subdriven "Code") |
 <!-- ALL-CONTRIBUTORS-LIST:END -->

 This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind welcome!
--- a/TESTING.md
+++ b/TESTING.md
@@ -0,0 +1,75 @@
+# Using the Test Suite
+
+This document is targeted at developers looking to make modifications to
+this application's code base and want to run the existing test suite.
+
+
+## Setup
+
+Follow the instructions for installing the application locally,
+making sure to have also run the [database migrations](link to db migrations).
+
+
+## Unit Tests 
+
+The application will use values in the `.env.testing` file located
+in the root directory to override the
+default settings and/or other values that exist in your `.env` files.
+
+Make sure to modify the section in `.env.testing` that has the
+database settings. In the example below, it is connecting to the
+[MariaDB](link-to-maria-db) server that is used if you install the
+application using [Docker](https://docker.com).
+
+```dotenv
+# --------------------------------------------
+# REQUIRED: DATABASE SETTINGS
+# --------------------------------------------
+DB_CONNECTION=mysql
+DB_HOST=127.0.0.1
+DB_DATABASE=snipeit
+DB_USERNAME=root
+DB_PASSWORD=changeme1234
+```
+
+To run the entire unit test suite, use the following command from your terminal:
+
+`php artisan test --env=testing`
+
+To run individual test files, you can pass the path to the test that
+you want to run.
+
+`php artisan test --env=testing tests/Unit/AccessoryTest.php`
+
+## Browser Tests 
+
+Browser tests are run via [Laravel Dusk](https://laravel.com/docs/8.x/dusk) and require Google Chrome to be installed.
+
+Before attempting to run Dusk tests copy the example environment file for Dusk and update the values to match your environment:
+
+`cp .env.dusk.example .env.dusk.local`
+> `local` refers to the value of `APP_ENV` in your `.env` so if you have it set to `dev` then the file should be named `.env.dusk.dev`.
+
+**Important**: Dusk tests cannot be run using an in-memory SQLite database. Additionally, the Dusk test suite uses the `DatabaseMigrations` trait which will leave the database in a fresh state after running. Therefore, it is recommended that you create a test database and point `DB_DATABASE` in `.env.dusk.local` to it.  
+
+### Test Setup
+
+Your application needs to be configured and up and running in order for the browser
+tests to actually run. When running the tests locally, you can start the application
+using the following command:
+
+`php artisan serve`
+
+Now you are ready to run the test suite. Use the following command from another terminal tab or window:
+
+`php artisan dusk`
+
+To run individual test files, you can pass the path to the test that you want to run:
+
+`php artisan dusk tests/Browser/LoginTest.php`
+
+If you get an error when attempting to run Dusk tests that says `Couldn't connect to server` run:
+
+`php artisan dusk:chrome-driver --detect`
+
+This command will install the specific ChromeDriver Dusk needs for your operating system and Chrome version.
--- a/app.json
+++ b/app.json
@@ -148,7 +148,7 @@
    "image": "heroku/php",
    "addons": [
      "cleardb:ignite",
-      "heroku-redis:hobby-dev",
+      "heroku-redis:mini",
      "papertrail:choklad"
    ]
-  }
+  }
--- a/app/Console/Commands/CheckoutLicenseToAllUsers.php
+++ b/app/Console/Commands/CheckoutLicenseToAllUsers.php
@@ -22,7 +22,7 @@ class CheckoutLicenseToAllUsers extends Command
     *
     * @var string
     */
-    protected $description = 'Command description';
+    protected $description = 'Checks out licenses to all users';

    /**
     * Create a new command instance.
--- a/app/Console/Commands/LdapSync.php
+++ b/app/Console/Commands/LdapSync.php
@@ -3,6 +3,7 @@
 namespace App\Console\Commands;

 use App\Models\Department;
+use App\Models\Group;
 use Illuminate\Console\Command;
 use App\Models\Setting;
 use App\Models\Ldap;
@@ -43,13 +44,19 @@ class LdapSync extends Command
     */
    public function handle()
    {
+
+        // If LDAP enabled isn't set to 1 (ldap_enabled!=1) then we should cut this short immediately without going any further
+        if (Setting::getSettings()->ldap_enabled!='1') {
+            $this->error('LDAP is not enabled. Aborting. See Settings > LDAP to enable it.');
+            exit();
+        }
+
        ini_set('max_execution_time', env('LDAP_TIME_LIM', 600)); //600 seconds = 10 minutes
        ini_set('memory_limit', env('LDAP_MEM_LIM', '500M'));
        $ldap_result_username = Setting::getSettings()->ldap_username_field;
        $ldap_result_last_name = Setting::getSettings()->ldap_lname_field;
        $ldap_result_first_name = Setting::getSettings()->ldap_fname_field;
-
-        $ldap_result_active_flag = Setting::getSettings()->ldap_active_flag_field;
+        $ldap_result_active_flag = Setting::getSettings()->ldap_active_flag;
        $ldap_result_emp_num = Setting::getSettings()->ldap_emp_num;
        $ldap_result_email = Setting::getSettings()->ldap_email;
        $ldap_result_phone = Setting::getSettings()->ldap_phone_field;
@@ -57,6 +64,7 @@ class LdapSync extends Command
        $ldap_result_country = Setting::getSettings()->ldap_country;
        $ldap_result_dept = Setting::getSettings()->ldap_dept;
        $ldap_result_manager = Setting::getSettings()->ldap_manager;
+        $ldap_default_group = Setting::getSettings()->ldap_default_group;

        try {
            $ldapconn = Ldap::connectToLdap();
@@ -175,8 +183,19 @@ class LdapSync extends Command
        $tmp_pass = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, 20);
        $pass = bcrypt($tmp_pass);

+        $manager_cache = [];
+
+        if($ldap_default_group != null) {
+
+            $default = Group::find($ldap_default_group);
+            if (!$default) {
+                $ldap_default_group = null; // un-set the default group if that group doesn't exist
+            }
+
+        }
+
+
        for ($i = 0; $i < $results['count']; $i++) {
-            if (empty($ldap_result_active_flag) || $results[$i][$ldap_result_active_flag][0] == 'TRUE') {
                $item = [];
                $item['username'] = isset($results[$i][$ldap_result_username][0]) ? $results[$i][$ldap_result_username][0] : '';
                $item['employee_number'] = isset($results[$i][$ldap_result_emp_num][0]) ? $results[$i][$ldap_result_emp_num][0] : '';
@@ -191,6 +210,7 @@ class LdapSync extends Command
                $item['department'] = isset($results[$i][$ldap_result_dept][0]) ? $results[$i][$ldap_result_dept][0] : '';
                $item['manager'] = isset($results[$i][$ldap_result_manager][0]) ? $results[$i][$ldap_result_manager][0] : '';

+
                $department = Department::firstOrCreate([
                    'name' => $item['department'],
                ]);
@@ -203,7 +223,7 @@ class LdapSync extends Command
                    // Creating a new user.
                    $user = new User;
                    $user->password = $pass;
-                    $user->activated = 0;
+                    $user->activated = 1; // newly created users can log in by default, unless AD's UAC is in use, or an active flag is set (below)
                    $item['createorupdate'] = 'created';
                }

@@ -218,19 +238,61 @@ class LdapSync extends Command
                $user->department_id = $department->id;

                if($item['manager'] != null) {
-                    //Captures only the Canonical Name
-                    $item['manager'] = ltrim($item['manager'], "CN=");
-                    $item['manager'] = substr($item['manager'],0, strpos($item['manager'], ','));
-                    $ldap_manager = User::where('username', $item['manager'])->first();
-                    if ( $ldap_manager && isset($ldap_manager->id) ) {
-                        $user->manager_id = $ldap_manager->id;
+                    // Check Cache first
+                    if (isset($manager_cache[$item['manager']])) {
+                        // found in cache; use that and avoid extra lookups
+                        $user->manager_id = $manager_cache[$item['manager']];
+                    } else {
+                        // Get the LDAP Manager
+                        try {
+                            $ldap_manager = Ldap::findLdapUsers($item['manager'], -1, $this->option('filter'));
+                        } catch (\Exception $e) {
+                            \Log::warning("Manager lookup caused an exception: " . $e->getMessage() . ". Falling back to direct username lookup");
+                            // Hail-mary for Okta manager 'shortnames' - will only work if
+                            // Okta configuration is using full email-address-style usernames
+                            $ldap_manager = [
+                                "count" => 1,
+                                0 => [
+                                    $ldap_result_username => [$item['manager']]
+                                ]
+                            ];
+                        }
+
+                        if ($ldap_manager["count"] > 0) {
+
+                            // Get the Manager's username
+                            // PHP LDAP returns every LDAP attribute as an array, and 90% of the time it's an array of just one item. But, hey, it's an array.
+                            $ldapManagerUsername = $ldap_manager[0][$ldap_result_username][0];
+
+                            // Get User from Manager username.
+                            $ldap_manager = User::where('username', $ldapManagerUsername)->first();
+
+                            if ($ldap_manager && isset($ldap_manager->id)) {
+                                // Link user to manager id.
+                                $user->manager_id = $ldap_manager->id;
+                            }
+                        }
+                        $manager_cache[$item['manager']] = $ldap_manager && isset($ldap_manager->id)  ? $ldap_manager->id : null; // Store results in cache, even if 'failed'
+
                    }
                }

-
                // Sync activated state for Active Directory.
-                if (array_key_exists('useraccountcontrol', $results[$i])) {
-                    /* The following is _probably_ the correct logic, but we can't use it because
+                if ( !empty($ldap_result_active_flag)) { // IF we have an 'active' flag set....
+                    // ....then *most* things that are truthy will activate the user. Anything falsey will deactivate them.
+                    // (Specifically, we don't handle a value of '0.0' correctly)
+                    $raw_value = @$results[$i][$ldap_result_active_flag][0];
+                    $filter_var = filter_var($raw_value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
+                    $boolean_cast = (bool)$raw_value;
+
+                    $user->activated = $filter_var ?? $boolean_cast; // if filter_var() was true or false, use that. If it's null, use the $boolean_cast
+
+                } elseif (array_key_exists('useraccountcontrol', $results[$i]) ) {
+                    // ....otherwise, (ie if no 'active' LDAP flag is defined), IF the UAC setting exists,
+                    // ....then use the UAC setting on the account to determine can-log-in vs. cannot-log-in
+
+
+                   /* The following is _probably_ the correct logic, but we can't use it because
                       some users may have been dependent upon the previous behavior, and this
                       could cause additional access to be available to users they don't want
                       to allow to log in.
@@ -247,25 +309,25 @@ class LdapSync extends Command
                        $user->activated = 0;
                    } */
                    $enabled_accounts = [
-                    '512',    // 0x200    NORMAL_ACCOUNT
-                    '544',    // 0x220    NORMAL_ACCOUNT, PASSWD_NOTREQD
-                    '66048',  // 0x10200  NORMAL_ACCOUNT, DONT_EXPIRE_PASSWORD
-                    '66080',  // 0x10220  NORMAL_ACCOUNT, PASSWD_NOTREQD, DONT_EXPIRE_PASSWORD
-                    '262656', // 0x40200  NORMAL_ACCOUNT, SMARTCARD_REQUIRED
-                    '262688', // 0x40220  NORMAL_ACCOUNT, PASSWD_NOTREQD, SMARTCARD_REQUIRED
-                    '328192', // 0x50200  NORMAL_ACCOUNT, SMARTCARD_REQUIRED, DONT_EXPIRE_PASSWORD
-                    '328224', // 0x50220  NORMAL_ACCOUNT, PASSWD_NOT_REQD, SMARTCARD_REQUIRED, DONT_EXPIRE_PASSWORD
-                    '4194816',// 0x400200 NORMAL_ACCOUNT, DONT_REQ_PREAUTH
+                    '512',    //     0x200 NORMAL_ACCOUNT
+                    '544',    //     0x220 NORMAL_ACCOUNT, PASSWD_NOTREQD
+                    '66048',  //   0x10200 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWORD
+                    '66080',  //   0x10220 NORMAL_ACCOUNT, PASSWD_NOTREQD, DONT_EXPIRE_PASSWORD
+                    '262656', //   0x40200 NORMAL_ACCOUNT, SMARTCARD_REQUIRED
+                    '262688', //   0x40220 NORMAL_ACCOUNT, PASSWD_NOTREQD, SMARTCARD_REQUIRED
+                    '328192', //   0x50200 NORMAL_ACCOUNT, SMARTCARD_REQUIRED, DONT_EXPIRE_PASSWORD
+                    '328224', //   0x50220 NORMAL_ACCOUNT, PASSWD_NOT_REQD, SMARTCARD_REQUIRED, DONT_EXPIRE_PASSWORD
+                    '4194816',//  0x400200 NORMAL_ACCOUNT, DONT_REQ_PREAUTH
                    '4260352', // 0x410200 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWORD, DONT_REQ_PREAUTH
                    '1049088', // 0x100200 NORMAL_ACCOUNT, NOT_DELEGATED
+                    '1114624', // 0x110200 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWORD, NOT_DELEGATED,
                  ];
                    $user->activated = (in_array($results[$i]['useraccountcontrol'][0], $enabled_accounts)) ? 1 : 0;
-                }

                // If we're not using AD, and there isn't an activated flag set, activate all users
-                elseif (empty($ldap_result_active_flag)) {
-                    $user->activated = 1;
-                }
+                } /* implied 'else' here - leave the $user->activated flag alone. Newly-created accounts will be active.
+                already-existing accounts will be however the administrator has set them */
+

                if ($item['ldap_location_override'] == true) {
                    $user->location_id = $item['location_id'];
@@ -284,6 +346,10 @@ class LdapSync extends Command
                if ($user->save()) {
                    $item['note'] = $item['createorupdate'];
                    $item['status'] = 'success';
+                    if ( $item['createorupdate'] === 'created' && $ldap_default_group) {
+                         $user->groups()->attach($ldap_default_group);
+                    }
+
                } else {
                    foreach ($user->getErrors()->getMessages() as $key => $err) {
                        $errors .= $err[0];
@@ -293,7 +359,6 @@ class LdapSync extends Command
                }

                array_push($summary, $item);
-            }
        }

        if ($this->option('summary')) {
--- a/app/Console/Commands/RestoreFromBackup.php
+++ b/app/Console/Commands/RestoreFromBackup.php
@@ -149,7 +149,7 @@ class RestoreFromBackup extends Command
                $boring_files[] = $raw_path;
                continue;
            }
-            if (@pathinfo($raw_path)['extension'] == 'sql') {
+            if (@pathinfo($raw_path, PATHINFO_EXTENSION) == 'sql') {
                \Log::debug("Found a sql file!");
                $sqlfiles[] = $raw_path;
                $sqlfile_indices[] = $i;
@@ -214,7 +214,7 @@ class RestoreFromBackup extends Command
        $env_vars['MYSQL_PWD'] = config('database.connections.mysql.password');
        // TODO notes: we are stealing the dump_binary_path (which *probably* also has your copy of the mysql binary in it. But it might not, so we might need to extend this)
        //             we unilaterally prepend a slash to the `mysql` command. This might mean your path could look like /blah/blah/blah//mysql - which should be fine. But maybe in some environments it isn't?
-        $mysql_binary = config('database.connections.mysql.dump.dump_binary_path').'/mysql';
+        $mysql_binary = config('database.connections.mysql.dump.dump_binary_path').\DIRECTORY_SEPARATOR.'mysql'.(\DIRECTORY_SEPARATOR == '\\' ? ".exe" : "");
        if( ! file_exists($mysql_binary) ) {
            return $this->error("mysql tool at: '$mysql_binary' does not exist, cannot restore. Please edit DB_DUMP_PATH in your .env to point to a directory that contains the mysqldump and mysql binary");
        }
--- a/app/Console/Commands/SyncAssetCounters.php
+++ b/app/Console/Commands/SyncAssetCounters.php
@@ -39,33 +39,39 @@ class SyncAssetCounters extends Command
    public function handle()
    {
        $start = microtime(true);
+
+        // We need the whole count of all assets in order to set up the progress bar
+        $assets_count = Asset::withTrashed()->count();
+        $bar = $this->output->createProgressBar($assets_count);
+
        $assets = Asset::withCount('checkins as checkins_count', 'checkouts as checkouts_count', 'userRequests as user_requests_count')
-            ->withTrashed()->get();
+            ->withTrashed()->chunk(100, function ($assets) use ($bar) {

-        if ($assets) {
-            if ($assets->count() > 0) {
-                $bar = $this->output->createProgressBar($assets->count());
+                if ($assets->count() > 0) {

-                foreach ($assets as $asset) {
-                    $asset->checkin_counter = (int) $asset->checkins_count;
-                    $asset->checkout_counter = (int) $asset->checkouts_count;
-                    $asset->requests_counter = (int) $asset->user_requests_count;
-                    $asset->unsetEventDispatcher();
-                    $asset->save();
-                    $output['info'][] = 'Asset: '.$asset->id.' has '.$asset->checkin_counter.' checkins, '.$asset->checkout_counter.' checkouts, and '.$asset->requests_counter.' requests';
-                    $bar->advance();
-                }
-                $bar->finish();
+                    foreach ($assets as $asset) {

-                foreach ($output['info'] as $key => $output_text) {
-                    $this->info($output_text);
-                }
+                        $asset->checkin_counter = (int) $asset->checkins_count;
+                        $asset->checkout_counter = (int) $asset->checkouts_count;
+                        $asset->requests_counter = (int) $asset->user_requests_count;
+                        $asset->unsetEventDispatcher();
+                        $asset->save();
+                        $bar->advance();
+
+                        \Log::debug('Asset: '.$asset->id.' has '.$asset->checkin_counter.' checkins, '.$asset->checkout_counter.' checkouts, and '.$asset->requests_counter.' requests');
+
+                    }

-                $time_elapsed_secs = microtime(true) - $start;
-                $this->info('Sync executed in '.$time_elapsed_secs.' seconds');
            } else {
                $this->info('No assets to sync');
            }
-        }
+        });
+        
+
+        $bar->finish();
+        $time_elapsed_secs = microtime(true) - $start;
+        $this->info("\nSync of ".$assets_count.' assets executed in '.$time_elapsed_secs.' seconds');
+
+
    }
 }
--- a/app/Helpers/Helper.php
+++ b/app/Helpers/Helper.php
@@ -12,6 +12,7 @@ use App\Models\Statuslabel;
 use Crypt;
 use Illuminate\Contracts\Encryption\DecryptException;
 use Image;
+use Carbon\Carbon;

 class Helper
 {
@@ -22,12 +23,13 @@ class Helper
     * @since [v2.0]
     * @return string
     */
-    public static function parseEscapedMarkedown($str)
+    public static function parseEscapedMarkedown($str = null)
    {
        $Parsedown = new \Parsedown();
+        $Parsedown->setSafeMode(true);

        if ($str) {
-            return $Parsedown->text(e($str));
+            return $Parsedown->text($str);
        }
    }

@@ -1124,5 +1126,25 @@ class Helper

        return $settings;
        }
+    public static function AgeFormat($date) {
+        $year = Carbon::parse($date)
+            ->diff(now())->y;
+        $month = Carbon::parse($date)
+            ->diff(now())->m;
+        $days = Carbon::parse($date)
+            ->diff(now())->d;
+        $age='';
+        if ($year) {
+            $age .= $year.'y ';
+        }
+        if ($month) {
+            $age .= $month.'m ';
+        }
+        if ($days) {
+            $age .= $days.'d';
+        }

+        return $age;
+
+    }
 }
--- a/app/Http/Controllers/Accessories/AccessoriesController.php
+++ b/app/Http/Controllers/Accessories/AccessoriesController.php
@@ -63,6 +63,7 @@ class AccessoriesController extends Controller
    public function store(ImageUploadRequest $request)
    {
        $this->authorize(Accessory::class);
+        
        // create a new model instance
        $accessory = new Accessory();

@@ -82,7 +83,6 @@ class AccessoriesController extends Controller
        $accessory->supplier_id             = request('supplier_id');
        $accessory->notes                   = request('notes');

-
        $accessory = $request->handleImages($accessory);

        // Was the accessory created?
@@ -127,45 +127,47 @@ class AccessoriesController extends Controller
     */
    public function update(ImageUploadRequest $request, $accessoryId = null)
    {
-        if (is_null($accessory = Accessory::find($accessoryId))) {
+        if ($accessory = Accessory::withCount('users as users_count')->find($accessoryId)) {
+
+            $this->authorize($accessory);
+
+            $validator = Validator::make($request->all(), [
+                "qty" => "required|numeric|min:$accessory->users_count"
+            ]);
+
+            if ($validator->fails()) {
+                return redirect()->back()
+                    ->withErrors($validator)
+                    ->withInput();
+            }
+
+
+
+            // Update the accessory data
+            $accessory->name = request('name');
+            $accessory->location_id = request('location_id');
+            $accessory->min_amt = request('min_amt');
+            $accessory->category_id = request('category_id');
+            $accessory->company_id = Company::getIdForCurrentUser(request('company_id'));
+            $accessory->manufacturer_id = request('manufacturer_id');
+            $accessory->order_number = request('order_number');
+            $accessory->model_number = request('model_number');
+            $accessory->purchase_date = request('purchase_date');
+            $accessory->purchase_cost = Helper::ParseCurrency(request('purchase_cost'));
+            $accessory->qty = request('qty');
+            $accessory->supplier_id = request('supplier_id');
+            $accessory->notes = request('notes');
+
+            $accessory = $request->handleImages($accessory);
+
+            // Was the accessory updated?
+            if ($accessory->save()) {
+                return redirect()->route('accessories.index')->with('success', trans('admin/accessories/message.update.success'));
+            }
+        } else {
            return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.does_not_exist'));
        }

-        $min = $accessory->numCheckedOut();
-        $validator = Validator::make($request->all(), [
-            "qty" => "required|numeric|min:$min"
-        ]);
-
-        if ($validator->fails()) {
-            return redirect()->back()
-                ->withErrors($validator)
-                ->withInput();
-        }
-
-        $this->authorize($accessory);
-
-        // Update the accessory data
-        $accessory->name                    = request('name');
-        $accessory->location_id             = request('location_id');
-        $accessory->min_amt                 = request('min_amt');
-        $accessory->category_id             = request('category_id');
-        $accessory->company_id              = Company::getIdForCurrentUser(request('company_id'));
-        $accessory->manufacturer_id         = request('manufacturer_id');
-        $accessory->order_number            = request('order_number');
-        $accessory->model_number            = request('model_number');
-        $accessory->purchase_date           = request('purchase_date');
-        $accessory->purchase_cost           = Helper::ParseCurrency(request('purchase_cost'));
-        $accessory->qty                     = request('qty');
-        $accessory->supplier_id             = request('supplier_id');
-        $accessory->notes                   = request('notes');
-
-        $accessory = $request->handleImages($accessory);
-
-        // Was the accessory updated?
-        if ($accessory->save()) {
-            return redirect()->route('accessories.index')->with('success', trans('admin/accessories/message.update.success'));
-        }
-
        return redirect()->back()->withInput()->withErrors($accessory->getErrors());
    }

@@ -217,7 +219,7 @@ class AccessoriesController extends Controller
     */
    public function show($accessoryID = null)
    {
-        $accessory = Accessory::find($accessoryID);
+        $accessory = Accessory::withCount('users as users_count')->find($accessoryID);
        $this->authorize('view', $accessory);
        if (isset($accessory->id)) {
            return view('accessories/view', compact('accessory'));
--- a/app/Http/Controllers/Accessories/AccessoriesFilesController.php
+++ b/app/Http/Controllers/Accessories/AccessoriesFilesController.php
@@ -0,0 +1,186 @@
+<?php
+
+namespace App\Http\Controllers\Accessories;
+
+use App\Helpers\StorageHelper;
+use App\Http\Controllers\Controller;
+use App\Http\Requests\AssetFileRequest;
+use App\Models\Actionlog;
+use App\Models\Accessory;
+use Illuminate\Support\Facades\Response;
+use Illuminate\Support\Facades\Storage;
+use Symfony\Accessory\HttpFoundation\JsonResponse;
+use enshrined\svgSanitize\Sanitizer;
+
+class AccessoriesFilesController extends Controller
+{
+    /**
+     * Validates and stores files associated with a accessory.
+     *
+     * @todo Switch to using the AssetFileRequest form request validator.
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.0]
+     * @param AssetFileRequest $request
+     * @param int $accessoryId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function store(AssetFileRequest $request, $accessoryId = null)
+    {
+
+        if (config('app.lock_passwords')) {
+            return redirect()->route('accessories.show', ['accessory'=>$accessoryId])->with('error', trans('general.feature_disabled'));
+        }
+
+
+        $accessory = Accessory::find($accessoryId);
+
+        if (isset($accessory->id)) {
+            $this->authorize('accessories.files', $accessory);
+
+            if ($request->hasFile('file')) {
+                if (! Storage::exists('private_uploads/accessories')) {
+                    Storage::makeDirectory('private_uploads/accessories', 775);
+                }
+
+                foreach ($request->file('file') as $file) {
+
+                    $extension = $file->getClientOriginalExtension();
+                    $file_name = 'accessory-'.$accessory->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension;
+
+
+                    // Check for SVG and sanitize it
+                    if ($extension == 'svg') {
+                        \Log::debug('This is an SVG');
+                        \Log::debug($file_name);
+
+                        $sanitizer = new Sanitizer();
+                        $dirtySVG = file_get_contents($file->getRealPath());
+                        $cleanSVG = $sanitizer->sanitize($dirtySVG);
+
+                        try {
+                            Storage::put('private_uploads/accessories/'.$file_name, $cleanSVG);
+                        } catch (\Exception $e) {
+                            \Log::debug('Upload no workie :( ');
+                            \Log::debug($e);
+                        }
+
+                    } else {
+                        Storage::put('private_uploads/accessories/'.$file_name, file_get_contents($file));
+                    }
+
+                    //Log the upload to the log
+                    $accessory->logUpload($file_name, e($request->input('notes')));
+                }
+
+
+                return redirect()->route('accessories.show', $accessory->id)->with('success', trans('general.file_upload_success'));
+
+            }
+
+            return redirect()->route('accessories.show', $accessory->id)->with('error', trans('general.no_files_uploaded'));
+        }
+        // Prepare the error message
+        return redirect()->route('accessories.index')
+            ->with('error', trans('general.file_does_not_exist'));
+    }
+
+    /**
+     * Deletes the selected accessory file.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.0]
+     * @param int $accessoryId
+     * @param int $fileId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function destroy($accessoryId = null, $fileId = null)
+    {
+        $accessory = Accessory::find($accessoryId);
+
+        // the asset is valid
+        if (isset($accessory->id)) {
+            $this->authorize('update', $accessory);
+            $log = Actionlog::find($fileId);
+
+            // Remove the file if one exists
+            if (Storage::exists('accessories/'.$log->filename)) {
+                try {
+                    Storage::delete('accessories/'.$log->filename);
+                } catch (\Exception $e) {
+                    \Log::debug($e);
+                }
+            }
+
+            $log->delete();
+
+            return redirect()->back()
+                ->with('success', trans('admin/hardware/message.deletefile.success'));
+        }
+
+        // Redirect to the licence management page
+        return redirect()->route('accessories.index')->with('error', trans('general.file_does_not_exist'));
+    }
+
+    /**
+     * Allows the selected file to be viewed.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.4]
+     * @param int $accessoryId
+     * @param int $fileId
+     * @return \Symfony\Accessory\HttpFoundation\Response
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function show($accessoryId = null, $fileId = null, $download = true)
+    {
+
+        \Log::debug('Private filesystem is: '.config('filesystems.default'));
+        $accessory = Accessory::find($accessoryId);
+
+
+
+        // the accessory is valid
+        if (isset($accessory->id)) {
+            $this->authorize('view', $accessory);
+            $this->authorize('accessories.files', $accessory);
+
+            if (! $log = Actionlog::find($fileId)) {
+                return response('No matching record for that asset/file', 500)
+                    ->header('Content-Type', 'text/plain');
+            }
+
+            $file = 'private_uploads/accessories/'.$log->filename;
+
+            if (Storage::missing($file)) {
+                \Log::debug('FILE DOES NOT EXISTS for '.$file);
+                \Log::debug('URL should be '.Storage::url($file));
+
+                return response('File '.$file.' ('.Storage::url($file).') not found on server', 404)
+                    ->header('Content-Type', 'text/plain');
+            } else {
+
+                // We have to override the URL stuff here, since local defaults in Laravel's Flysystem
+                // won't work, as they're not accessible via the web
+                if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
+                    return StorageHelper::downloader($file);
+                } else {
+                    if ($download != 'true') {
+                        \Log::debug('display the file');
+                        if ($contents = file_get_contents(Storage::url($file))) { // TODO - this will fail on private S3 files or large public ones
+                            return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
+                        }
+
+                        return JsonResponse::create(['error' => 'Failed validation: '], 500);
+                    }
+
+                    return StorageHelper::downloader($file);
+
+                }
+            }
+        }
+
+        return redirect()->route('accessories.index')->with('error', trans('general.file_does_not_exist', ['id' => $fileId]));
+    }
+}
--- a/app/Http/Controllers/Account/AcceptanceController.php
+++ b/app/Http/Controllers/Account/AcceptanceController.php
@@ -19,6 +19,8 @@ use App\Models\Accessory;
 use App\Models\License;
 use App\Models\Component;
 use App\Models\Consumable;
+use App\Notifications\AcceptanceAssetAcceptedNotification;
+use App\Notifications\AcceptanceAssetDeclinedNotification;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
@@ -220,8 +222,8 @@ class AcceptanceController extends Controller
                'item_model' => $display_model,
                'item_serial' => $item->serial,
                'eula' => $item->getEula(),
-                'check_out_date' => Carbon::parse($acceptance->created_at)->format($branding_settings->date_display_format),
-                'accepted_date' => Carbon::parse($acceptance->accepted_at)->format($branding_settings->date_display_format),
+                'check_out_date' => Carbon::parse($acceptance->created_at)->format('Y-m-d'),
+                'accepted_date' => Carbon::parse($acceptance->accepted_at)->format('Y-m-d'),
                'assigned_to' => $assigned_to,
                'company_name' => $branding_settings->site_name,
                'signature' => ($sig_filename) ? storage_path() . '/private_uploads/signatures/' . $sig_filename : null,
@@ -236,12 +238,49 @@ class AcceptanceController extends Controller
            }

            $acceptance->accept($sig_filename, $item->getEula(), $pdf_filename);
+            $acceptance->notify(new AcceptanceAssetAcceptedNotification($data));
            event(new CheckoutAccepted($acceptance));

            $return_msg = trans('admin/users/message.accepted');

        } else {
+            // Format the data to send the declined notification
+            $branding_settings = SettingsController::getPDFBranding();
+
+            // This is the most horriblest
+            switch($acceptance->checkoutable_type){
+                case 'App\Models\Asset':
+                    $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
+                    break;
+
+                case 'App\Models\Accessory':
+                    $assigned_to = User::find($item->assignedTo);
+                    break;
+
+                case 'App\Models\LicenseSeat':
+                    $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
+                    break;
+
+                case 'App\Models\Component':
+                    $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
+                    break;
+
+                case 'App\Models\Consumable':
+                    $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
+                    break;
+            }
+            $data = [
+                'item_tag' => $item->asset_tag,
+                'item_model' => $display_model,
+                'item_serial' => $item->serial,
+                'declined_date' => Carbon::parse($acceptance->declined_at)->format('Y-m-d'),
+                'assigned_to' => $assigned_to,
+                'company_name' => $branding_settings->site_name,
+                'date_settings' => $branding_settings->date_display_format,
+            ];
+
            $acceptance->decline($sig_filename);
+            $acceptance->notify(new AcceptanceAssetDeclinedNotification($data));
            event(new CheckoutDeclined($acceptance));
            $return_msg = trans('admin/users/message.declined');
        }
--- a/app/Http/Controllers/Api/AccessoriesController.php
+++ b/app/Http/Controllers/Api/AccessoriesController.php
@@ -41,10 +41,13 @@ class AccessoriesController extends Controller
                'min_amt',
                'company_id',
                'notes',
+                'users_count',
+                'qty',
            ];


-        $accessories = Accessory::select('accessories.*')->with('category', 'company', 'manufacturer', 'users', 'location', 'supplier');
+        $accessories = Accessory::select('accessories.*')->with('category', 'company', 'manufacturer', 'users', 'location', 'supplier')
+                                ->withCount('users as users_count');

        if ($request->filled('search')) {
            $accessories = $accessories->TextSearch($request->input('search'));
--- a/app/Http/Controllers/Api/AssetsController.php
+++ b/app/Http/Controllers/Api/AssetsController.php
@@ -100,6 +100,7 @@ class AssetsController extends Controller
            'checkout_counter',
            'checkin_counter',
            'requests_counter',
+            'byod',
        ];

        $filter = [];
@@ -120,7 +121,6 @@ class AssetsController extends Controller

        if ($filter_non_deprecable_assets) {
            $non_deprecable_models = AssetModel::select('id')->whereNotNull('depreciation_id')->get();
-
            $assets->InModelList($non_deprecable_models->toArray());
        }

@@ -141,6 +141,14 @@ class AssetsController extends Controller
            $assets->where('assets.status_id', '=', $request->input('status_id'));
        }

+        if ($request->filled('asset_tag')) {
+            $assets->where('assets.asset_tag', '=', $request->input('asset_tag'));
+        }
+
+        if ($request->filled('serial')) {
+            $assets->where('assets.serial', '=', $request->input('serial'));
+        }
+
        if ($request->input('requestable') == 'true') {
            $assets->where('assets.requestable', '=', '1');
        }
@@ -182,6 +190,10 @@ class AssetsController extends Controller
            $assets->ByDepreciationId($request->input('depreciation_id'));
        }

+        if ($request->filled('byod')) {
+            $assets->where('assets.byod', '=', $request->input('byod'));
+        }
+
        $request->filled('order_number') ? $assets = $assets->where('assets.order_number', '=', e($request->get('order_number'))) : '';

        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
@@ -259,6 +271,11 @@ class AssetsController extends Controller
                // more sad, horrible workarounds for laravel bugs when doing full text searches
                $assets->where('assets.assigned_to', '>', '0');
                break;
+            case 'byod':
+                // This is kind of redundant, since we already check for byod=1 above, but this keeps the
+                // sidebar nav links a little less chaotic
+                $assets->where('assets.byod', '=', '1');
+                break;
            default:

                if ((! $request->filled('status_id')) && ($settings->show_archived_in_list != '1')) {
@@ -357,19 +374,38 @@ class AssetsController extends Controller
    /**
     * Returns JSON with information about an asset (by tag) for detail view.
     *
-     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @param string $tag
     * @since [v4.2.1]
-     * @return JsonResponse
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @return \Illuminate\Http\JsonResponse
     */
    public function showByTag(Request $request, $tag)
    {
-        if ($asset = Asset::with('assetstatus')->with('assignedTo')->where('asset_tag', $tag)->first()) {
-            $this->authorize('view', $asset);
+        $this->authorize('index', Asset::class);
+        $assets = Asset::where('asset_tag', $tag)->with('assetstatus')->with('assignedTo');

-            return (new AssetsTransformer)->transformAsset($asset, $request);
+        // Check if they've passed ?deleted=true
+        if ($request->input('deleted', 'false') == 'true') {
+            $assets = $assets->withTrashed();
        }
-        return response()->json(Helper::formatStandardApiResponse('error', null, 'Asset not found'), 200);
+
+        if (($assets = $assets->get()) && ($assets->count()) > 0) {
+
+            // If there is exactly one result and the deleted parameter is not passed, we should pull the first (and only)
+            // asset from the returned collection, since transformAsset() expects an Asset object, NOT a collection
+            if (($assets->count() == 1) && ($request->input('deleted') != 'true')) {
+                return (new AssetsTransformer)->transformAsset($assets->first());
+
+                // If there is more than one result OR if the endpoint is requesting deleted items (even if there is only one
+                // match, return the normal collection transformed.
+            } else {
+                return (new AssetsTransformer)->transformAssets($assets, $assets->count());
+            }
+
+        }
+
+        // If there are 0 results, return the "no such asset" response
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 200);

    }

@@ -379,29 +415,25 @@ class AssetsController extends Controller
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @param string $serial
     * @since [v4.2.1]
-     * @return JsonResponse
+     * @return \Illuminate\Http\JsonResponse
     */
    public function showBySerial(Request $request, $serial)
    {
        $this->authorize('index', Asset::class);
-        if ($assets = Asset::with('assetstatus')->with('assignedTo')
-            ->withTrashed()->where('serial', $serial)->get()) {
-                return (new AssetsTransformer)->transformAssets($assets, $assets->count());
-        }
-        return response()->json(Helper::formatStandardApiResponse('error', null, 'Asset not found'), 200);
+        $assets = Asset::where('serial', $serial)->with('assetstatus')->with('assignedTo');

-        $assets = Asset::with('assetstatus')->with('assignedTo');
-
-        if ($request->input('deleted', 'false') === 'true') {
+        // Check if they've passed ?deleted=true
+        if ($request->input('deleted', 'false') == 'true') {
            $assets = $assets->withTrashed();
-    }
-
-        $assets = $assets->where('serial', $serial)->get();
-        if ($assets) {
-            return (new AssetsTransformer)->transformAssets($assets, $assets->count());
-        } else {
-            return response()->json(Helper::formatStandardApiResponse('error', null, 'Asset not found'), 200);
        }
+        
+        if (($assets = $assets->get()) && ($assets->count()) > 0) {
+             return (new AssetsTransformer)->transformAssets($assets, $assets->count());
+        }
+
+        // If there are 0 results, return the "no such asset" response
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 200);
+
    }

    /**
@@ -825,7 +857,8 @@ class AssetsController extends Controller
        $checkout_at = request('checkout_at', date('Y-m-d H:i:s'));
        $expected_checkin = request('expected_checkin', null);
        $note = request('note', null);
-        $asset_name = request('name', null);
+        // Using `->has` preserves the asset name if the name parameter was not included in request.
+        $asset_name = request()->has('name') ? request('name') : $asset->name;

        // Set the location ID to the RTD location id if there is one
        // Wait, why are we doing this? This overrides the stuff we set further up, which makes no sense.
--- a/app/Http/Controllers/Api/CategoriesController.php
+++ b/app/Http/Controllers/Api/CategoriesController.php
@@ -10,6 +10,7 @@ use App\Models\Category;
 use Illuminate\Http\Request;
 use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Facades\Validator;

 class CategoriesController extends Controller
 {
@@ -107,7 +108,7 @@ class CategoriesController extends Controller
    public function show($id)
    {
        $this->authorize('view', Category::class);
-        $category = Category::findOrFail($id);
+        $category = Category::withCount('assets as assets_count', 'accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'licenses as licenses_count')->findOrFail($id);
        return (new CategoriesTransformer)->transformCategory($category);

    }
@@ -126,8 +127,14 @@ class CategoriesController extends Controller
    {
        $this->authorize('update', Category::class);
        $category = Category::findOrFail($id);
+
+        // Don't allow the user to change the category_type once it's been created
+        if (($request->filled('category_type')) && ($category->category_type != $request->input('category_type'))) {
+            return response()->json(
+                Helper::formatStandardApiResponse('error', null,  trans('admin/categories/message.update.cannot_change_category_type'))
+            );
+        }
        $category->fill($request->all());
-        $category->category_type = strtolower($request->input('category_type'));
        $category = $request->handleImages($category);

        if ($category->save()) {
@@ -148,7 +155,7 @@ class CategoriesController extends Controller
    public function destroy($id)
    {
        $this->authorize('delete', Category::class);
-        $category = Category::findOrFail($id);
+        $category = Category::withCount('assets as assets_count', 'accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'licenses as licenses_count')->findOrFail($id);

        if (! $category->isDeletable()) {
            return response()->json(
--- a/app/Http/Controllers/Api/ComponentsController.php
+++ b/app/Http/Controllers/Api/ComponentsController.php
@@ -246,7 +246,8 @@ class ComponentsController extends Controller
                'created_at' => \Carbon::now(),
                'assigned_qty' => $request->get('assigned_qty', 1),
                'user_id' => \Auth::id(),
-                'asset_id' => $request->get('assigned_to')
+                'asset_id' => $request->get('assigned_to'),
+                'note' => $request->get('note'),
            ]);

            $component->logCheckout($request->input('note'), $asset);
--- a/app/Http/Controllers/Api/ConsumablesController.php
+++ b/app/Http/Controllers/Api/ConsumablesController.php
@@ -4,6 +4,7 @@ namespace App\Http\Controllers\Api;

 use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
+use App\Http\Transformers\ComponentsTransformer;
 use App\Http\Transformers\ConsumablesTransformer;
 use App\Http\Transformers\SelectlistTransformer;
 use App\Models\Company;
@@ -209,35 +210,23 @@ class ConsumablesController extends Controller
    * @param int $consumableId
    * @return array
     */
-    public function getDataView($consumableId)
+    public function checkedout($consumableId)
    {
-        $consumable = Consumable::with(['consumableAssignments'=> function ($query) {
-            $query->orderBy($query->getModel()->getTable().'.created_at', 'DESC');
-        },
-        'consumableAssignments.admin'=> function ($query) {
-        },
-        'consumableAssignments.user'=> function ($query) {
-        },
-        ])->find($consumableId);
-
+        $consumable = Consumable::with('users')->findOrFail($consumableId);
        if (! Company::isCurrentUserHasAccess($consumable)) {
            return ['total' => 0, 'rows' => []];
        }
-        $this->authorize('view', Consumable::class);
-        $rows = [];

-        foreach ($consumable->consumableAssignments as $consumable_assignment) {
-            $rows[] = [
-                'name' => ($consumable_assignment->user) ? $consumable_assignment->user->present()->nameUrl() : 'Deleted User',
-                'created_at' => Helper::getFormattedDateObject($consumable_assignment->created_at, 'datetime'),
-                'admin' => ($consumable_assignment->admin) ? $consumable_assignment->admin->present()->nameUrl() : '',
-            ];
+        $offset = request('offset', 0);
+        $limit = request('limit', 50);
+
+        $consumables_users = $consumable->users;
+        $total = $consumables_users->count();
+
+        if ($total < $offset) {
+            $offset = 0;
        }
-
-        $consumableCount = $consumable->users->count();
-        $data = ['total' => $consumableCount, 'rows' => $rows];
-
-        return $data;
+        return (new ConsumablesTransformer)->transformCheckedoutConsumables($consumable, $consumables_users, $total);
    }

    /**
@@ -273,6 +262,7 @@ class ConsumablesController extends Controller
                'consumable_id' => $consumable->id,
                'user_id' => $user->id,
                'assigned_to' => $assigned_to,
+                'note' => $request->input('note'),
            ]);

            // Log checkout event
--- a/app/Http/Controllers/Api/CustomFieldsController.php
+++ b/app/Http/Controllers/Api/CustomFieldsController.php
@@ -96,7 +96,7 @@ class CustomFieldsController extends Controller
        $data = $request->all();
        $regex_format = null;

-        if (str_contains($data['format'], 'regex:')) {
+        if ((array_key_exists('format', $data)) && (str_contains($data['format'], 'regex:'))) {
            $regex_format = $data['format'];
        }

--- a/app/Http/Controllers/Api/CustomFieldsetsController.php
+++ b/app/Http/Controllers/Api/CustomFieldsetsController.php
@@ -33,7 +33,7 @@ class CustomFieldsetsController extends Controller
     */
    public function index()
    {
-        $this->authorize('index', CustomFieldset::class);
+        $this->authorize('index', CustomField::class);
        $fieldsets = CustomFieldset::withCount('fields as fields_count', 'models as models_count')->get();

        return (new CustomFieldsetsTransformer)->transformCustomFieldsets($fieldsets, $fieldsets->count());
@@ -49,7 +49,7 @@ class CustomFieldsetsController extends Controller
     */
    public function show($id)
    {
-        $this->authorize('view', CustomFieldset::class);
+        $this->authorize('view', CustomField::class);
        if ($fieldset = CustomFieldset::find($id)) {
            return (new CustomFieldsetsTransformer)->transformCustomFieldset($fieldset);
        }
@@ -68,7 +68,7 @@ class CustomFieldsetsController extends Controller
     */
    public function update(Request $request, $id)
    {
-        $this->authorize('update', CustomFieldset::class);
+        $this->authorize('update', CustomField::class);
        $fieldset = CustomFieldset::findOrFail($id);
        $fieldset->fill($request->all());

@@ -89,7 +89,7 @@ class CustomFieldsetsController extends Controller
     */
    public function store(Request $request)
    {
-        $this->authorize('create', CustomFieldset::class);
+        $this->authorize('create', CustomField::class);
        $fieldset = new CustomFieldset;
        $fieldset->fill($request->all());

@@ -109,7 +109,7 @@ class CustomFieldsetsController extends Controller
     */
    public function destroy($id)
    {
-        $this->authorize('delete', CustomFieldset::class);
+        $this->authorize('delete', CustomField::class);
        $fieldset = CustomFieldset::findOrFail($id);

        $modelsCount = $fieldset->models->count();
@@ -136,7 +136,7 @@ class CustomFieldsetsController extends Controller
     */
    public function fields($id)
    {
-        $this->authorize('view', CustomFieldset::class);
+        $this->authorize('view', CustomField::class);
        $set = CustomFieldset::findOrFail($id);
        $fields = $set->fields;

@@ -153,7 +153,7 @@ class CustomFieldsetsController extends Controller
     */
    public function fieldsWithDefaultValues($fieldsetId, $modelId)
    {
-        $this->authorize('view', CustomFieldset::class);
+        $this->authorize('view', CustomField::class);

        $set = CustomFieldset::findOrFail($fieldsetId);

--- a/app/Http/Controllers/Api/ImportController.php
+++ b/app/Http/Controllers/Api/ImportController.php
@@ -10,6 +10,7 @@ use App\Models\Asset;
 use App\Models\Company;
 use App\Models\Import;
 use Artisan;
+use Illuminate\Database\Eloquent\JsonEncodingException;
 use Illuminate\Support\Facades\Request;
 use Illuminate\Support\Facades\Session;
 use Illuminate\Support\Facades\Storage;
@@ -35,7 +36,7 @@ class ImportController extends Controller
     * Process and store a CSV upload file.
     *
     * @param  \Illuminate\Http\Request  $request
-     * @return \Illuminate\Http\Response
+     * @return \Illuminate\Http\JsonResponse
     */
    public function store()
    {
@@ -56,7 +57,7 @@ class ImportController extends Controller
                    'text/tsv', ])) {
                    $results['error'] = 'File type must be CSV. Uploaded file is '.$file->getMimeType();

-                    return response()->json(Helper::formatStandardApiResponse('error', null, $results['error']), 500);
+                    return response()->json(Helper::formatStandardApiResponse('error', null, $results['error']), 422);
                }

                //TODO: is there a lighter way to do this?
@@ -64,7 +65,19 @@ class ImportController extends Controller
                    ini_set('auto_detect_line_endings', '1');
                }
                $reader = Reader::createFromFileObject($file->openFile('r')); //file pointer leak?
-                $import->header_row = $reader->fetchOne(0);
+
+                try {
+                    $import->header_row = $reader->fetchOne(0);
+                } catch (JsonEncodingException $e) {
+                    return response()->json(
+                        Helper::formatStandardApiResponse(
+                            'error',
+                            null,
+                            trans('admin/hardware/message.import.header_row_has_malformed_characters')
+                        ),
+                        422
+                    );
+                }

                //duplicate headers check
                $duplicate_headers = [];
@@ -82,11 +95,22 @@ class ImportController extends Controller
                    }
                }
                if (count($duplicate_headers) > 0) {
-                    return response()->json(Helper::formatStandardApiResponse('error', null, implode('; ', $duplicate_headers)), 500); //should this be '4xx'?
+                    return response()->json(Helper::formatStandardApiResponse('error', null, implode('; ', $duplicate_headers)),422);
                }

-                // Grab the first row to display via ajax as the user picks fields
-                $import->first_row = $reader->fetchOne(1);
+                try {
+                    // Grab the first row to display via ajax as the user picks fields
+                    $import->first_row = $reader->fetchOne(1);
+                } catch (JsonEncodingException $e) {
+                    return response()->json(
+                        Helper::formatStandardApiResponse(
+                            'error',
+                            null,
+                            trans('admin/hardware/message.import.content_row_has_malformed_characters')
+                        ),
+                        422
+                    );
+                }

                $date = date('Y-m-d-his');
                $fixed_filename = str_slug($file->getClientOriginalName());
@@ -108,12 +132,12 @@ class ImportController extends Controller
            }
            $results = (new ImportsTransformer)->transformImports($results);

-            return [
+            return response()->json([
                'files' => $results,
-            ];
+            ]);
        }

-        return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.feature_disabled')), 500);
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.feature_disabled')), 422);
    }

    /**
@@ -127,7 +151,7 @@ class ImportController extends Controller
        $this->authorize('import');

        // Run a backup immediately before processing
-        if ($request->has('run-backup')) {
+        if ($request->get('run-backup')) {
            \Log::debug('Backup manually requested via importer');
            Artisan::call('backup:run');
        } else {
--- a/app/Http/Controllers/Api/LicenseSeatsController.php
+++ b/app/Http/Controllers/Api/LicenseSeatsController.php
@@ -39,7 +39,7 @@ class LicenseSeatsController extends Controller
            }

            $total = $seats->count();
-            $offset = (($seats) && (request('offset') > $total)) ? 0 : request('offset', 0);
+            $offset = (($seats) && (request('offset') >= $total)) ? 0 : request('offset', 0);
            $limit = request('limit', 50);

            $seats = $seats->skip($offset)->take($limit)->get();
--- a/app/Http/Controllers/Api/LocationsController.php
+++ b/app/Http/Controllers/Api/LocationsController.php
@@ -27,7 +27,7 @@ class LocationsController extends Controller
        $allowed_columns = [
            'id', 'name', 'address', 'address2', 'city', 'state', 'country', 'zip', 'created_at',
            'updated_at', 'manager_id', 'image',
-            'assigned_assets_count', 'users_count', 'assets_count', 'currency', 'ldap_ou', ];
+            'assigned_assets_count', 'users_count', 'assets_count','assigned_assets_count', 'assets_count', 'rtd_assets_count', 'currency', 'ldap_ou', ];

        $locations = Location::with('parent', 'manager', 'children')->select([
            'locations.id',
@@ -47,6 +47,7 @@ class LocationsController extends Controller
            'locations.currency',
        ])->withCount('assignedAssets as assigned_assets_count')
            ->withCount('assets as assets_count')
+            ->withCount('rtd_assets as rtd_assets_count')
            ->withCount('users as users_count');

        if ($request->filled('search')) {
@@ -157,7 +158,9 @@ class LocationsController extends Controller
            ])
            ->withCount('assignedAssets as assigned_assets_count')
            ->withCount('assets as assets_count')
-            ->withCount('users as users_count')->findOrFail($id);
+            ->withCount('rtd_assets as rtd_assets_count')
+            ->withCount('users as users_count')
+            ->findOrFail($id);

        return (new LocationsTransformer)->transformLocation($location);
    }
--- a/app/Http/Controllers/Api/StatuslabelsController.php
+++ b/app/Http/Controllers/Api/StatuslabelsController.php
@@ -9,6 +9,8 @@ use App\Http\Transformers\StatuslabelsTransformer;
 use App\Models\Asset;
 use App\Models\Statuslabel;
 use Illuminate\Http\Request;
+use App\Http\Transformers\PieChartTransformer;
+use Illuminate\Support\Arr;

 class StatuslabelsController extends Controller
 {
@@ -188,43 +190,54 @@ class StatuslabelsController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v3.0]
-     * @return \Illuminate\Http\Response
+     * @return array
     */
    public function getAssetCountByStatuslabel()
    {
        $this->authorize('view', Statuslabel::class);
-
        $statuslabels = Statuslabel::withCount('assets')->get();

-        $labels = [];
-        $points = [];
-        $default_color_count = 0;
-        $colors_array = [];
-
        foreach ($statuslabels as $statuslabel) {
-            if ($statuslabel->assets_count > 0) {
-                $labels[] = $statuslabel->name.' ('.number_format($statuslabel->assets_count).')';
-                $points[] = $statuslabel->assets_count;

-                if ($statuslabel->color != '') {
-                    $colors_array[] = $statuslabel->color;
-                } else {
-                    $colors_array[] = Helper::defaultChartColors($default_color_count);
-                }
-                $default_color_count++;
+            $total[$statuslabel->name]['label'] = $statuslabel->name;
+            $total[$statuslabel->name]['count'] = $statuslabel->assets_count;
+
+            if ($statuslabel->color != '') {
+                $total[$statuslabel->name]['color'] = $statuslabel->color;
            }
        }

-        $result = [
-            'labels' => $labels,
-            'datasets' => [[
-                'data' => $points,
-                'backgroundColor' => $colors_array,
-                'hoverBackgroundColor' =>  $colors_array,
-            ]],
-        ];
+        return (new PieChartTransformer())->transformPieChartDate($total);

-        return $result;
+    }
+
+    /**
+     * Show a count of assets by meta status type for pie chart
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.0.11]
+     * @return array
+     */
+    public function getAssetCountByMetaStatus()
+    {
+        $this->authorize('view', Statuslabel::class);
+
+        $total['rtd']['label'] = trans('general.ready_to_deploy');
+        $total['rtd']['count'] = Asset::RTD()->count();
+
+        $total['deployed']['label'] = trans('general.deployed');
+        $total['deployed']['count'] = Asset::Deployed()->count();
+
+        $total['archived']['label'] = trans('general.archived');
+        $total['archived']['count'] = Asset::Archived()->count();
+
+        $total['pending']['label'] = trans('general.pending');
+        $total['pending']['count'] = Asset::Pending()->count();
+
+        $total['undeployable']['label'] = trans('general.undeployable');
+        $total['undeployable']['count'] = Asset::Undeployable()->count();
+
+        return (new PieChartTransformer())->transformPieChartDate($total);
    }

    /**
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@@ -15,6 +15,7 @@ use App\Models\Asset;
 use App\Models\Company;
 use App\Models\License;
 use App\Models\User;
+use App\Notifications\CurrentInventory;
 use Auth;
 use Illuminate\Http\Request;
 use App\Http\Requests\ImageUploadRequest;
@@ -66,6 +67,8 @@ class UsersController extends Controller
            'users.zip',
            'users.remote',
            'users.ldap_import',
+            'users.start_date',
+            'users.end_date',

        ])->with('manager', 'groups', 'userloc', 'company', 'department', 'assets', 'licenses', 'accessories', 'consumables', 'createdBy',)
            ->withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count');
@@ -146,6 +149,22 @@ class UsersController extends Controller
            $users = $users->where('remote', '=', $request->input('remote'));
        }

+        if ($request->filled('two_factor_enrolled')) {
+            $users = $users->where('two_factor_enrolled', '=', $request->input('two_factor_enrolled'));
+        }
+
+        if ($request->filled('two_factor_optin')) {
+            $users = $users->where('two_factor_optin', '=', $request->input('two_factor_optin'));
+        }
+
+        if ($request->filled('start_date')) {
+            $users = $users->where('users.start_date', '=', $request->input('start_date'));
+        }
+
+        if ($request->filled('end_date')) {
+            $users = $users->where('users.end_date', '=', $request->input('end_date'));
+        }
+
        if ($request->filled('assets_count')) {
           $users->has('assets', '=', $request->input('assets_count'));
        }
@@ -196,11 +215,39 @@ class UsersController extends Controller
            default:
                $allowed_columns =
                    [
-                        'last_name', 'first_name', 'email', 'jobtitle', 'username', 'employee_num',
-                        'assets', 'accessories', 'consumables', 'licenses', 'groups', 'activated', 'created_at',
-                        'two_factor_enrolled', 'two_factor_optin', 'last_login', 'assets_count', 'licenses_count',
-                        'consumables_count', 'accessories_count', 'phone', 'address', 'city', 'state',
-                        'country', 'zip', 'id', 'ldap_import', 'remote',
+                        'last_name',
+                        'first_name',
+                        'email',
+                        'jobtitle',
+                        'username',
+                        'employee_num',
+                        'assets',
+                        'accessories',
+                        'consumables',
+                        'licenses',
+                        'groups',
+                        'activated',
+                        'created_at',
+                        'two_factor_enrolled',
+                        'two_factor_optin',
+                        'last_login',
+                        'assets_count',
+                        'licenses_count',
+                        'consumables_count',
+                        'accessories_count',
+                        'phone',
+                        'address',
+                        'city',
+                        'state',
+                        'country',
+                        'zip',
+                        'id',
+                        'ldap_import',
+                        'two_factor_optin',
+                        'two_factor_enrolled',
+                        'remote',
+                        'start_date',
+                        'end_date',
                    ];

                $sort = in_array($request->get('sort'), $allowed_columns) ? $request->get('sort') : 'first_name';
@@ -479,6 +526,27 @@ class UsersController extends Controller
        return (new AssetsTransformer)->transformAssets($assets, $assets->count(), $request);
    }

+    /**
+     * Notify a specific user via email with all of their assigned assets.
+     *
+     * @author [Lukas Fehling] [<lukas.fehling@adabay.rocks>]
+     * @since [v6.0.13]
+     * @param Request $request
+     * @param $id
+     * @return string JSON
+     */
+    public function emailAssetList(Request $request, $id)
+    {
+        $user = User::findOrFail($id);
+
+        if (empty($user->email)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.inventorynotification.error')));
+        }
+
+        $user->notify((new CurrentInventory($user)));
+ 
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.inventorynotification.success')));
+    }

    /**
     * Return JSON containing a list of consumables assigned to a user.
--- a/app/Http/Controllers/AssetModelsController.php
+++ b/app/Http/Controllers/AssetModelsController.php
@@ -463,7 +463,18 @@ class AssetModelsController extends Controller
            $data[$customField->db_column] = $defaultValue;
        }

-        $rules = $model->fieldset->validation_rules();
+        $fieldsets = $model->fieldset->validation_rules();
+        $rules = array();
+
+        foreach ($fieldsets as $fieldset => $validation){
+            // If the field is marked as required, eliminate the rule so it doesn't interfere with the default values
+            // (we are at model level, the rule still applies when creating a new asset using this model)
+            $index = array_search('required', $validation);
+            if ($index !== false){
+                $validation[$index] = 'nullable';
+            }
+            $rules[$fieldset] = $validation;
+        }

        $validator = Validator::make($data, $rules);

--- a/app/Http/Controllers/AssetModelsFilesController.php
+++ b/app/Http/Controllers/AssetModelsFilesController.php
@@ -62,7 +62,7 @@ class AssetModelsFilesController extends Controller
                $model->logUpload($file_name, e($request->get('notes')));
            }

-            return redirect()->back()->with('success', trans('admin/hardware/message.upload.success'));
+            return redirect()->back()->with('success', trans('general.file_upload_success'));
        }

        return redirect()->back()->with('error', trans('admin/hardware/message.upload.nofiles'));
--- a/app/Http/Controllers/Assets/AssetsController.php
+++ b/app/Http/Controllers/Assets/AssetsController.php
@@ -146,6 +146,7 @@ class AssetsController extends Controller
            $asset->supplier_id             = request('supplier_id', null);
            $asset->requestable             = request('requestable', 0);
            $asset->rtd_location_id         = request('rtd_location_id', null);
+            $asset->byod                    = request('byod', 0);

            if (! empty($settings->audit_interval)) {
                $asset->next_audit_date = Carbon::now()->addMonths($settings->audit_interval)->toDateString();
@@ -318,6 +319,7 @@ class AssetsController extends Controller
        // If the box isn't checked, it's not in the request at all.
        $asset->requestable = $request->filled('requestable');
        $asset->rtd_location_id = $request->input('rtd_location_id', null);
+        $asset->byod = $request->input('byod', 0);

        if ($asset->assigned_to == '') {
            $asset->location_id = $request->input('rtd_location_id', null);
--- a/app/Http/Controllers/Assets/BulkAssetsController.php
+++ b/app/Http/Controllers/Assets/BulkAssetsController.php
@@ -33,7 +33,6 @@ class BulkAssetsController extends Controller

        if (! $request->filled('ids')) {
            return redirect()->back()->with('error', trans('admin/hardware/message.update.no_assets_selected'));
-
        }

        // Figure out where we need to send the user after the update is complete, and store that in the session
@@ -103,6 +102,8 @@ class BulkAssetsController extends Controller
            || ($request->filled('company_id'))
            || ($request->filled('status_id'))
            || ($request->filled('model_id'))
+            || ($request->filled('null_purchase_date'))
+            || ($request->filled('null_expected_checkin_date'))
        ) {
            foreach ($assets as $assetId) {

@@ -117,6 +118,14 @@ class BulkAssetsController extends Controller
                    ->conditionallyAddItem('supplier_id')
                    ->conditionallyAddItem('warranty_months');

+                if ($request->input('null_purchase_date')=='1') {
+                    $this->update_array['purchase_date'] = null;
+                }
+
+                if ($request->input('null_expected_checkin_date')=='1') {
+                    $this->update_array['expected_checkin'] = null;
+                }
+
                if ($request->filled('purchase_cost')) {
                    $this->update_array['purchase_cost'] =  Helper::ParseCurrency($request->input('purchase_cost'));
                }
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -135,9 +135,7 @@ class LoginController extends Controller
        } else {

            // Better logging
-            if (!$saml->isEnabled()) {
-                \Log::debug("SAML page requested, but SAML does not seem to enabled.");
-            } else {
+            if (empty($samlData)) {
                \Log::debug("SAML page requested, but samlData seems empty.");
            }
        }
@@ -473,6 +471,11 @@ class LoginController extends Controller
        }

        $request->session()->regenerate(true);
+
+        if ($request->session()->has('password_hash_'.Auth::getDefaultDriver())){
+            $request->session()->remove('password_hash_'.Auth::getDefaultDriver());
+        }
+
        Auth::logout();

        if (! empty($sloRedirectUrl)) {
--- a/app/Http/Controllers/Auth/ResetPasswordController.php
+++ b/app/Http/Controllers/Auth/ResetPasswordController.php
@@ -41,6 +41,7 @@ class ResetPasswordController extends Controller
    public function __construct()
    {
        $this->middleware('guest');
+        $this->middleware('throttle:10,1');
    }

    protected function rules()
@@ -116,7 +117,7 @@ class ResetPasswordController extends Controller
            }

            \Log::debug('Password reset for '.$user->username.' FAILED - this user exists but the token is not valid');
-            return redirect()->back()->withInput($request->only('email'))->with('error', trans('passwords.token'));
+            return redirect()->back()->withInput($request->only('email'))->with('success', trans('passwords.reset'));

        }

--- a/app/Http/Controllers/Components/ComponentCheckoutController.php
+++ b/app/Http/Controllers/Components/ComponentCheckoutController.php
@@ -87,6 +87,7 @@ class ComponentCheckoutController extends Controller
            'created_at' => date('Y-m-d H:i:s'),
            'assigned_qty' => $request->input('assigned_qty'),
            'asset_id' => $asset_id,
+            'note' => $request->input('note'),
        ]);

        event(new CheckoutableCheckedOut($component, $asset, Auth::user(), $request->input('note')));
--- a/app/Http/Controllers/Components/ComponentsFilesController.php
+++ b/app/Http/Controllers/Components/ComponentsFilesController.php
@@ -0,0 +1,180 @@
+<?php
+
+namespace App\Http\Controllers\Components;
+
+use App\Helpers\StorageHelper;
+use App\Http\Controllers\Controller;
+use App\Http\Requests\AssetFileRequest;
+use App\Models\Actionlog;
+use App\Models\Component;
+use Illuminate\Support\Facades\Response;
+use Illuminate\Support\Facades\Storage;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use enshrined\svgSanitize\Sanitizer;
+
+class ComponentsFilesController extends Controller
+{
+    /**
+     * Validates and stores files associated with a component.
+     *
+     * @todo Switch to using the AssetFileRequest form request validator.
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.0]
+     * @param AssetFileRequest $request
+     * @param int $componentId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function store(AssetFileRequest $request, $componentId = null)
+    {
+
+        if (config('app.lock_passwords')) {
+            return redirect()->route('components.show', ['component'=>$componentId])->with('error', trans('general.feature_disabled'));
+        }
+
+        $component = Component::find($componentId);
+
+        if (isset($component->id)) {
+            $this->authorize('update', $component);
+
+            if ($request->hasFile('file')) {
+                if (! Storage::exists('private_uploads/components')) {
+                    Storage::makeDirectory('private_uploads/components', 775);
+                }
+
+                foreach ($request->file('file') as $file) {
+
+                    $extension = $file->getClientOriginalExtension();
+                    $file_name = 'component-'.$component->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension;
+
+
+                    // Check for SVG and sanitize it
+                    if ($extension == 'svg') {
+                        \Log::debug('This is an SVG');
+                        \Log::debug($file_name);
+
+                        $sanitizer = new Sanitizer();
+                        $dirtySVG = file_get_contents($file->getRealPath());
+                        $cleanSVG = $sanitizer->sanitize($dirtySVG);
+
+                        try {
+                            Storage::put('private_uploads/components/'.$file_name, $cleanSVG);
+                        } catch (\Exception $e) {
+                            \Log::debug('Upload no workie :( ');
+                            \Log::debug($e);
+                        }
+
+                    } else {
+                        Storage::put('private_uploads/components/'.$file_name, file_get_contents($file));
+                    }
+
+                    //Log the upload to the log
+                    $component->logUpload($file_name, e($request->input('notes')));
+                }
+
+
+                return redirect()->route('components.show', $component->id)->with('success', trans('general.file_upload_success'));
+
+            }
+
+            return redirect()->route('components.show', $component->id)->with('error', trans('general.no_files_uploaded'));
+        }
+        // Prepare the error message
+        return redirect()->route('components.index')
+            ->with('error', trans('general.file_does_not_exist'));
+    }
+
+    /**
+     * Deletes the selected component file.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.0]
+     * @param int $componentId
+     * @param int $fileId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function destroy($componentId = null, $fileId = null)
+    {
+        $component = Component::find($componentId);
+
+        // the asset is valid
+        if (isset($component->id)) {
+            $this->authorize('update', $component);
+            $log = Actionlog::find($fileId);
+
+            // Remove the file if one exists
+            if (Storage::exists('components/'.$log->filename)) {
+                try {
+                    Storage::delete('components/'.$log->filename);
+                } catch (\Exception $e) {
+                    \Log::debug($e);
+                }
+            }
+
+            $log->delete();
+
+            return redirect()->back()
+                ->with('success', trans('admin/hardware/message.deletefile.success'));
+        }
+
+        // Redirect to the licence management page
+        return redirect()->route('components.index')->with('error', trans('general.file_does_not_exist'));
+    }
+
+    /**
+     * Allows the selected file to be viewed.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.4]
+     * @param int $componentId
+     * @param int $fileId
+     * @return \Symfony\Component\HttpFoundation\Response
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function show($componentId = null, $fileId = null, $download = true)
+    {
+        \Log::debug('Private filesystem is: '.config('filesystems.default'));
+        $component = Component::find($componentId);
+
+        // the component is valid
+        if (isset($component->id)) {
+            $this->authorize('view', $component);
+            $this->authorize('components.files', $component);
+
+            if (! $log = Actionlog::find($fileId)) {
+                return response('No matching record for that asset/file', 500)
+                    ->header('Content-Type', 'text/plain');
+            }
+
+            $file = 'private_uploads/components/'.$log->filename;
+
+            if (Storage::missing($file)) {
+                \Log::debug('FILE DOES NOT EXISTS for '.$file);
+                \Log::debug('URL should be '.Storage::url($file));
+
+                return response('File '.$file.' ('.Storage::url($file).') not found on server', 404)
+                    ->header('Content-Type', 'text/plain');
+            } else {
+
+                if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
+                    return StorageHelper::downloader($file);
+                } else {
+                    if ($download != 'true') {
+                        \Log::debug('display the file');
+                        if ($contents = file_get_contents(Storage::url($file))) { // TODO - this will fail on private S3 files or large public ones
+                            return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
+                        }
+
+                        return JsonResponse::create(['error' => 'Failed validation: '], 500);
+                    }
+
+                    return StorageHelper::downloader($file);
+
+                }
+            }
+        }
+
+        return redirect()->route('components.index')->with('error', trans('general.file_does_not_exist', ['id' => $fileId]));
+    }
+}
--- a/app/Http/Controllers/Consumables/ConsumableCheckoutController.php
+++ b/app/Http/Controllers/Consumables/ConsumableCheckoutController.php
@@ -56,7 +56,7 @@ class ConsumableCheckoutController extends Controller
        // Check if the user exists
        if (is_null($user = User::find($assigned_to))) {
            // Redirect to the consumable management page with error
-            return redirect()->route('consumables.checkout.show', $consumable)->with('error', trans('admin/consumables/message.checkout.user_does_not_exist'));
+            return redirect()->route('consumables.checkout.show', $consumable)->with('error', trans('admin/consumables/message.checkout.user_does_not_exist'))->withInput();
        }

        // Update the consumable data
@@ -66,6 +66,7 @@ class ConsumableCheckoutController extends Controller
            'consumable_id' => $consumable->id,
            'user_id' => $admin_user->id,
            'assigned_to' => e($request->input('assigned_to')),
+            'note' => $request->input('note'),
        ]);

        event(new CheckoutableCheckedOut($consumable, $user, Auth::user(), $request->input('note')));
--- a/app/Http/Controllers/Consumables/ConsumablesFilesController.php
+++ b/app/Http/Controllers/Consumables/ConsumablesFilesController.php
@@ -0,0 +1,180 @@
+<?php
+
+namespace App\Http\Controllers\Consumables;
+
+use App\Helpers\StorageHelper;
+use App\Http\Controllers\Controller;
+use App\Http\Requests\AssetFileRequest;
+use App\Models\Actionlog;
+use App\Models\Consumable;
+use Illuminate\Support\Facades\Response;
+use Illuminate\Support\Facades\Storage;
+use Symfony\Consumable\HttpFoundation\JsonResponse;
+use enshrined\svgSanitize\Sanitizer;
+
+class ConsumablesFilesController extends Controller
+{
+    /**
+     * Validates and stores files associated with a consumable.
+     *
+     * @todo Switch to using the AssetFileRequest form request validator.
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.0]
+     * @param AssetFileRequest $request
+     * @param int $consumableId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function store(AssetFileRequest $request, $consumableId = null)
+    {
+        if (config('app.lock_passwords')) {
+            return redirect()->route('consumables.show', ['consumable'=>$consumableId])->with('error', trans('general.feature_disabled'));
+        }
+
+        $consumable = Consumable::find($consumableId);
+
+        if (isset($consumable->id)) {
+            $this->authorize('update', $consumable);
+
+            if ($request->hasFile('file')) {
+                if (! Storage::exists('private_uploads/consumables')) {
+                    Storage::makeDirectory('private_uploads/consumables', 775);
+                }
+
+                foreach ($request->file('file') as $file) {
+
+                    $extension = $file->getClientOriginalExtension();
+                    $file_name = 'consumable-'.$consumable->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension;
+
+
+                    // Check for SVG and sanitize it
+                    if ($extension == 'svg') {
+                        \Log::debug('This is an SVG');
+                        \Log::debug($file_name);
+
+                        $sanitizer = new Sanitizer();
+                        $dirtySVG = file_get_contents($file->getRealPath());
+                        $cleanSVG = $sanitizer->sanitize($dirtySVG);
+
+                        try {
+                            Storage::put('private_uploads/consumables/'.$file_name, $cleanSVG);
+                        } catch (\Exception $e) {
+                            \Log::debug('Upload no workie :( ');
+                            \Log::debug($e);
+                        }
+
+                    } else {
+                        Storage::put('private_uploads/consumables/'.$file_name, file_get_contents($file));
+                    }
+
+                    //Log the upload to the log
+                    $consumable->logUpload($file_name, e($request->input('notes')));
+                }
+
+
+                return redirect()->route('consumables.show', $consumable->id)->with('success', trans('general.file_upload_success'));
+
+            }
+
+            return redirect()->route('consumables.show', $consumable->id)->with('error', trans('general.no_files_uploaded'));
+        }
+        // Prepare the error message
+        return redirect()->route('consumables.index')
+            ->with('error', trans('general.file_does_not_exist'));
+    }
+
+    /**
+     * Deletes the selected consumable file.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.0]
+     * @param int $consumableId
+     * @param int $fileId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function destroy($consumableId = null, $fileId = null)
+    {
+        $consumable = Consumable::find($consumableId);
+
+        // the asset is valid
+        if (isset($consumable->id)) {
+            $this->authorize('update', $consumable);
+            $log = Actionlog::find($fileId);
+
+            // Remove the file if one exists
+            if (Storage::exists('consumables/'.$log->filename)) {
+                try {
+                    Storage::delete('consumables/'.$log->filename);
+                } catch (\Exception $e) {
+                    \Log::debug($e);
+                }
+            }
+
+            $log->delete();
+
+            return redirect()->back()
+                ->with('success', trans('admin/hardware/message.deletefile.success'));
+        }
+
+        // Redirect to the licence management page
+        return redirect()->route('consumables.index')->with('error', trans('general.file_does_not_exist'));
+    }
+
+    /**
+     * Allows the selected file to be viewed.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.4]
+     * @param int $consumableId
+     * @param int $fileId
+     * @return \Symfony\Consumable\HttpFoundation\Response
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function show($consumableId = null, $fileId = null, $download = true)
+    {
+        $consumable = Consumable::find($consumableId);
+
+        // the consumable is valid
+        if (isset($consumable->id)) {
+            $this->authorize('view', $consumable);
+            $this->authorize('consumables.files', $consumable);
+
+            if (! $log = Actionlog::find($fileId)) {
+                return response('No matching record for that asset/file', 500)
+                    ->header('Content-Type', 'text/plain');
+            }
+
+            $file = 'private_uploads/consumables/'.$log->filename;
+
+            if (Storage::missing($file)) {
+                \Log::debug('FILE DOES NOT EXISTS for '.$file);
+                \Log::debug('URL should be '.Storage::url($file));
+
+                return response('File '.$file.' ('.Storage::url($file).') not found on server', 404)
+                    ->header('Content-Type', 'text/plain');
+            } else {
+
+                // We have to override the URL stuff here, since local defaults in Laravel's Flysystem
+                // won't work, as they're not accessible via the web
+                if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
+                    return StorageHelper::downloader($file);
+                } else {
+                    if ($download != 'true') {
+                        \Log::debug('display the file');
+                        if ($contents = file_get_contents(Storage::url($file))) { // TODO - this will fail on private S3 files or large public ones
+                            return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
+                        }
+
+                        return JsonResponse::create(['error' => 'Failed validation: '], 500);
+                    }
+
+                    return StorageHelper::downloader($file);
+
+                }
+            }
+        }
+
+        return redirect()->route('consumables.index')->with('error', trans('general.file_does_not_exist', ['id' => $fileId]));
+    }
+}
--- a/app/Http/Controllers/CustomFieldsController.php
+++ b/app/Http/Controllers/CustomFieldsController.php
@@ -86,22 +86,32 @@ class CustomFieldsController extends Controller
    {
        $this->authorize('create', CustomField::class);

+        $show_in_email = $request->get("show_in_email", 0);
+        $display_in_user_view = $request->get("display_in_user_view", 0);
+
+        // Override the display settings if the field is encrypted
+        if ($request->get("field_encrypted") == '1') {
+            $show_in_email = '0';
+            $display_in_user_view = '0';
+        }
+
        $field = new CustomField([
            "name" => trim($request->get("name")),
            "element" => $request->get("element"),
            "help_text" => $request->get("help_text"),
            "field_values" => $request->get("field_values"),
            "field_encrypted" => $request->get("field_encrypted", 0),
-            "show_in_email" => $request->get("show_in_email", 0),
+            "show_in_email" => $show_in_email,
            "is_unique" => $request->get("is_unique", 0),
+            "display_in_user_view" => $display_in_user_view,
            "user_id" => Auth::id()
        ]);


        if ($request->filled('custom_format')) {
-            $field->format = e($request->get('custom_format'));
+            $field->format = $request->get('custom_format');
        } else {
-            $field->format = e($request->get('format'));
+            $field->format = $request->get('format');
        }

        if ($field->save()) {
@@ -221,13 +231,24 @@ class CustomFieldsController extends Controller

        $this->authorize('update', $field);

+
+        $show_in_email = $request->get("show_in_email", 0);
+        $display_in_user_view = $request->get("display_in_user_view", 0);
+
+        // Override the display settings if the field is encrypted
+        if ($request->get("field_encrypted") == '1') {
+            $show_in_email = '0';
+            $display_in_user_view = '0';
+        }
+        
        $field->name          = trim(e($request->get("name")));
        $field->element       = e($request->get("element"));
        $field->field_values  = e($request->get("field_values"));
        $field->user_id       = Auth::id();
        $field->help_text     = $request->get("help_text");
-        $field->show_in_email = $request->get("show_in_email", 0);
+        $field->show_in_email = $show_in_email;
        $field->is_unique     = $request->get("is_unique", 0);
+        $field->display_in_user_view = $display_in_user_view;

        if ($request->get('format') == 'CUSTOM REGEX') {
            $field->format = e($request->get('custom_format'));
@@ -235,6 +256,10 @@ class CustomFieldsController extends Controller
            $field->format = e($request->get('format'));
        }

+        if($field->element == 'checkbox' || $field->element == 'radio'){
+            $field->format = 'ANY';
+        }
+
        if ($field->save()) {
            return redirect()->route('fields.index')->with('success', trans('admin/custom_fields/message.field.update.success'));
        }
--- a/app/Http/Controllers/CustomFieldsetsController.php
+++ b/app/Http/Controllers/CustomFieldsetsController.php
@@ -75,9 +75,9 @@ class CustomFieldsetsController extends Controller
     */
    public function create()
    {
-        $this->authorize('create', CustomFieldset::class);
+        $this->authorize('create', CustomField::class);

-        return view('custom_fields.fieldsets.edit');
+        return view('custom_fields.fieldsets.edit')->with('item', new CustomFieldset());
    }

    /**
@@ -91,7 +91,7 @@ class CustomFieldsetsController extends Controller
     */
    public function store(Request $request)
    {
-        $this->authorize('create', CustomFieldset::class);
+        $this->authorize('create', CustomField::class);

        $cfset = new CustomFieldset([
                'name' => e($request->get('name')),
@@ -110,31 +110,52 @@ class CustomFieldsetsController extends Controller
    }

    /**
-     * What the actual fuck, Brady?
+     * Presents edit form for fieldset
     *
-     * @todo Uhh, build this?
-     * @author [Brady Wetherington] [<uberbrady@gmail.com>]
+     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @param  int  $id
-     * @since [v1.8]
-     * @return Fuckall
+     * @since [v6.0.14]
+     * @return Redirect
+     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
    public function edit($id)
    {
-        //
+        $this->authorize('create', CustomField::class);
+
+        if ($fieldset = CustomFieldset::find($id)) {
+            return view('custom_fields.fieldsets.edit')->with('item', $fieldset);
+        }
+
+        return redirect()->route('fields.index')->with('error', trans('admin/custom_fields/general.fieldset_does_not_exist', ['id' => $id]));
+
    }

    /**
-     * GET IN THE SEA BRADY.
+     * Saves updated fieldset data
     *
-     * @todo Uhh, build this too?
-     * @author [Brady Wetherington] [<uberbrady@gmail.com>]
+     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @param  int  $id
-     * @since [v1.8]
-     * @return Fuckall
+     * @since [v6.0.14]
+     * @return Redirect
+     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
-    public function update($id)
+    public function update(Request $request, $id)
    {
-        //
+        $this->authorize('create', CustomField::class);
+
+        if ($fieldset = CustomFieldset::find($id)) {
+
+            $fieldset->name = $request->input('name');
+
+            if ($fieldset->save()) {
+                return redirect()->route('fields.index')->with('success', trans('admin/custom_fields/general.fieldset_updated'));
+            }
+
+            return redirect()->back()->withInput()->withErrors($fieldset->getErrors());
+
+        }
+
+        return redirect()->route('fields.index')->with('error', trans('admin/custom_fields/general.fieldset_does_not_exist', ['id' => $id]));
    }

    /**
@@ -202,7 +223,7 @@ class CustomFieldsetsController extends Controller
     */
    public function makeFieldRequired($fieldset_id, $field_id)
    {
-        $this->authorize('update', CustomFieldset::class);
+        $this->authorize('update', CustomField::class);
        $field = CustomField::findOrFail($field_id);
        $fieldset = CustomFieldset::findOrFail($fieldset_id);
        $fields[$field->id] = ['required' => 1];
@@ -220,7 +241,7 @@ class CustomFieldsetsController extends Controller
     */
    public function makeFieldOptional($fieldset_id, $field_id)
    {
-        $this->authorize('update', CustomFieldset::class);
+        $this->authorize('update', CustomField::class);
        $field = CustomField::findOrFail($field_id);
        $fieldset = CustomFieldset::findOrFail($fieldset_id);
        $fields[$field->id] = ['required' => 0];
--- a/app/Http/Controllers/DashboardController.php
+++ b/app/Http/Controllers/DashboardController.php
@@ -34,7 +34,7 @@ class DashboardController extends Controller
            $counts['license'] = \App\Models\License::assetcount();
            $counts['consumable'] = \App\Models\Consumable::count();
            $counts['component'] = \App\Models\Component::count();
-            $counts['user'] = \App\Models\User::count();
+            $counts['user'] = \App\Models\Company::scopeCompanyables(Auth::user())->count();
            $counts['grand_total'] = $counts['asset'] + $counts['accessory'] + $counts['license'] + $counts['consumable'];

            if ((! file_exists(storage_path().'/oauth-private.key')) || (! file_exists(storage_path().'/oauth-public.key'))) {
--- a/app/Http/Controllers/DepartmentsController.php
+++ b/app/Http/Controllers/DepartmentsController.php
@@ -54,7 +54,8 @@ class DepartmentsController extends Controller
        $department->fill($request->all());
        $department->user_id = Auth::user()->id;
        $department->manager_id = ($request->filled('manager_id') ? $request->input('manager_id') : null);
-
+        $department->location_id = ($request->filled('location_id') ? $request->input('location_id') : null);
+        $department->company_id = ($request->filled('company_id') ? $request->input('company_id') : null);
        $department = $request->handleImages($department);

        if ($department->save()) {
@@ -167,6 +168,8 @@ class DepartmentsController extends Controller

        $department->fill($request->all());
        $department->manager_id = ($request->filled('manager_id') ? $request->input('manager_id') : null);
+        $department->location_id = ($request->filled('location_id') ? $request->input('location_id') : null);
+        $department->company_id = ($request->filled('company_id') ? $request->input('company_id') : null);

        $department = $request->handleImages($department);

--- a/app/Http/Controllers/Licenses/LicenseCheckoutController.php
+++ b/app/Http/Controllers/Licenses/LicenseCheckoutController.php
@@ -61,6 +61,7 @@ class LicenseCheckoutController extends Controller

        $licenseSeat = $this->findLicenseSeatToCheckout($license, $seatId);
        $licenseSeat->user_id = Auth::id();
+        

        $checkoutMethod = 'checkoutTo'.ucwords(request('checkout_to_type'));
        if ($this->$checkoutMethod($licenseSeat)) {
@@ -76,14 +77,14 @@ class LicenseCheckoutController extends Controller

        if (! $licenseSeat) {
            if ($seatId) {
-                return redirect()->route('licenses.index')->with('error', 'This Seat is not available for checkout.');
+                throw new \Illuminate\Http\Exceptions\HttpResponseException(redirect()->route('licenses.index')->with('error', 'This Seat is not available for checkout.'));
            }
-
-            return redirect()->route('licenses.index')->with('error', 'There are no available seats for this license');
+            
+            throw new \Illuminate\Http\Exceptions\HttpResponseException(redirect()->route('licenses.index')->with('error', 'There are no available seats for this license.'));
        }

        if (! $licenseSeat->license->is($license)) {
-            return redirect()->route('licenses.index')->with('error', 'The license seat provided does not match the license.');
+            throw new \Illuminate\Http\Exceptions\HttpResponseException(redirect()->route('licenses.index')->with('error', 'The license seat provided does not match the license.'));
        }

        return $licenseSeat;
--- a/app/Http/Controllers/Licenses/LicenseFilesController.php
+++ b/app/Http/Controllers/Licenses/LicenseFilesController.php
@@ -135,6 +135,7 @@ class LicenseFilesController extends Controller
        // the license is valid
        if (isset($license->id)) {
            $this->authorize('view', $license);
+            $this->authorize('licenses.files', $license);

            if (! $log = Actionlog::find($fileId)) {
                return response('No matching record for that asset/file', 500)
@@ -171,6 +172,6 @@ class LicenseFilesController extends Controller
            }
        }

-        return redirect()->route('license.index')->with('error', trans('admin/licenses/message.does_not_exist', ['id' => $fileId]));
+        return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist', ['id' => $fileId]));
    }
 }
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@@ -3,8 +3,11 @@
 namespace App\Http\Controllers;

 use App\Http\Requests\ImageUploadRequest;
+use App\Models\Asset;
 use App\Models\Setting;
-use Auth;
+use App\Models\User;
+use App\Notifications\CurrentInventory;
+use Illuminate\Support\Facades\Auth;
 use Gate;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Hash;
@@ -64,37 +67,9 @@ class ProfileController extends Controller
            $user->location_id = $request->input('location_id');
        }

+        // Handle the avatar upload and/or delete if necessary
+        app('\App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'avatar', 'avatars', 'avatar');

-        if ($request->input('avatar_delete') == 1) {
-            $user->avatar = null;
-        }
-
-
-        if ($request->hasFile('avatar')) {
-            $path = 'avatars';
-
-            if (! Storage::disk('public')->exists($path)) {
-                Storage::disk('public')->makeDirectory($path, 775);
-            }
-
-            $upload = $image = $request->file('avatar');
-            $ext = $image->getClientOriginalExtension();
-            $file_name = 'avatar-'.str_random(18).'.'.$ext;
-
-            if ($image->getClientOriginalExtension() != 'svg') {
-                $upload = Image::make($image->getRealPath())->resize(84, 84);
-            }
-
-            // This requires a string instead of an object, so we use ($string)
-            Storage::disk('public')->put($path.'/'.$file_name, (string) $upload->encode());
-
-            // Remove Current image if exists
-            if (($user->avatar) && (Storage::disk('public')->exists($path.'/'.$user->avatar))) {
-                Storage::disk('public')->delete($path.'/'.$user->avatar);
-            }
-
-            $user->avatar = $file_name;
-        }

        if ($user->save()) {
            return redirect()->route('profile')->with('success', 'Account successfully updated');
@@ -133,7 +108,7 @@ class ProfileController extends Controller
    public function password()
    {
        $user = Auth::user();
-
+        
        return view('account/change-password', compact('user'));
    }

@@ -161,7 +136,7 @@ class ProfileController extends Controller
        $validator = \Validator::make($request->all(), $rules);
        $validator->after(function ($validator) use ($request, $user) {
            if (! Hash::check($request->input('current_password'), $user->password)) {
-                $validator->errors()->add('current_password', trans('validation.hashed_pass'));
+                $validator->errors()->add('current_password', trans('validation.custom.hashed_pass'));
            }

            // This checks to make sure that the user's password isn't the same as their username,
@@ -186,6 +161,9 @@ class ProfileController extends Controller
        if (! $validator->fails()) {
            $user->password = Hash::make($request->input('password'));
            $user->save();
+
+            // Log the user out of other devices
+            Auth::logoutOtherDevices($request->input('password'));
            return redirect()->route('account.password.index')->with('success', 'Password updated!');

        }
@@ -213,4 +191,47 @@ class ProfileController extends Controller
            $request->session()->put('menu_state', 'closed');
        }
    }
+
+
+    /**
+     * Print inventory
+     *
+     * @author A. Gianotto
+     * @since [v6.0.12]
+     * @return Illuminate\View\View
+     */
+    public function printInventory()
+    {
+        $show_user = Auth::user();
+
+        return view('users/print')
+            ->with('assets', Auth::user()->assets)
+            ->with('licenses', $show_user->licenses()->get())
+            ->with('accessories', $show_user->accessories()->get())
+            ->with('consumables', $show_user->consumables()->get())
+            ->with('show_user', $show_user)
+            ->with('settings', Setting::getSettings());
+    }
+
+    /**
+     * Emails user a list of assigned assets
+     *
+     * @author A. Gianotto
+     * @since [v6.0.12]
+     * @return \Illuminate\Http\RedirectResponse
+     */
+    public function emailAssetList()
+    {
+
+        if (!$user = User::find(Auth::user()->id)) {
+            return redirect()->back()
+                ->with('error', trans('admin/users/message.user_not_found', ['id' => $id]));
+        }
+        if (empty($user->email)) {
+            return redirect()->back()->with('error', trans('admin/users/message.user_has_no_email'));
+        }
+
+        $user->notify((new CurrentInventory($user)));
+        return redirect()->back()->with('success', trans('admin/users/general.user_notified'));
+    }
 }
--- a/app/Http/Controllers/ReportsController.php
+++ b/app/Http/Controllers/ReportsController.php
@@ -22,6 +22,8 @@ use Illuminate\Support\Facades\View;
 use Input;
 use League\Csv\Reader;
 use Symfony\Component\HttpFoundation\StreamedResponse;
+use League\Csv\EscapeFormula;
+

 /**
 * This controller handles all actions related to Reports for
@@ -411,6 +413,7 @@ class ReportsController extends Controller
        $customfields = CustomField::get();
        $response = new StreamedResponse(function () use ($customfields, $request) {
            \Log::debug('Starting streamed response');
+            \Log::debug('CSV escaping is set to: '.config('app.escape_formulas'));

            // Open output stream
            $handle = fopen('php://output', 'w');
@@ -422,6 +425,9 @@ class ReportsController extends Controller

            $header = [];

+            if ($request->filled('id')) {
+                $header[] = trans('general.id');
+            }

            if ($request->filled('company')) {
                $header[] = trans('general.company');
@@ -568,6 +574,10 @@ class ReportsController extends Controller
                $header[] = trans('general.notes');
            }

+            if ($request->filled('url')) {
+                $header[] = trans('admin/manufacturers/table.url');
+            }
+

            foreach ($customfields as $customfield) {
                if ($request->input($customfield->db_column_name()) == '1') {
@@ -582,7 +592,7 @@ class ReportsController extends Controller
            \Log::debug('Added headers: '.$executionTime);

            $assets = \App\Models\Company::scopeCompanyables(Asset::select('assets.*'))->with(
-                'location', 'assetstatus', 'assetlog', 'company', 'defaultLoc', 'assignedTo',
+                'location', 'assetstatus', 'company', 'defaultLoc', 'assignedTo',
                'model.category', 'model.manufacturer', 'supplier');
            
            if ($request->filled('by_location_id')) {
@@ -659,10 +669,17 @@ class ReportsController extends Controller
                $executionTime = microtime(true) - $_SERVER['REQUEST_TIME_FLOAT'];
                \Log::debug('Walking results: '.$executionTime);
                $count = 0;
+
+                $formatter = new EscapeFormula("`");
+
                foreach ($assets as $asset) {
                    $count++;
                    $row = [];
-                    
+
+                    if ($request->filled('id')) {
+                        $row[] = ($asset->id) ? $asset->id : '';
+                    }
+
                    if ($request->filled('company')) {
                        $row[] = ($asset->company) ? $asset->company->name : '';
                    }
@@ -834,13 +851,27 @@ class ReportsController extends Controller
                        $row[] = ($asset->notes) ? $asset->notes : '';
                    }

+                    if ($request->filled('url')) {
+                        $row[] = config('app.url').'/hardware/'.$asset->id ;
+                    }
+
                    foreach ($customfields as $customfield) {
                        $column_name = $customfield->db_column_name();
                        if ($request->filled($customfield->db_column_name())) {
                            $row[] = $asset->$column_name;
                        }
                    }
-                    fputcsv($handle, $row);
+
+                    
+                    // CSV_ESCAPE_FORMULAS is set to false in the .env
+                    if (config('app.escape_formulas') === false) {
+                        fputcsv($handle, $row);
+
+                   // CSV_ESCAPE_FORMULAS is set to true or is not set in the .env
+                    } else {
+                        fputcsv($handle, $formatter->escapeRecord($row));
+                    }
+
                    $executionTime = microtime(true) - $_SERVER['REQUEST_TIME_FLOAT'];
                    \Log::debug('-- Record '.$count.' Asset ID:'.$asset->id.' in '.$executionTime);
                }
@@ -991,7 +1022,11 @@ class ReportsController extends Controller
        }
        $assetItem = $acceptance->checkoutable;

-        $logItem = $assetItem->checkouts()->where('created_at', '=', $acceptance->created_at)->get()[0];
+        if (is_null($acceptance->created_at)){
+            return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data'));
+        } else {
+            $logItem = $assetItem->checkouts()->where('created_at', '=', $acceptance->created_at)->get()[0];
+        }

        if(!$assetItem->assignedTo->locale){
            Notification::locale(Setting::getSettings()->locale)->send(
@@ -1048,9 +1083,9 @@ class ReportsController extends Controller
         * Get all assets with pending checkout acceptances
         */
        if($showDeleted) {
-            $acceptances = CheckoutAcceptance::pending()->withTrashed()->with(['assignedTo', 'checkoutable.assignedTo', 'checkoutable.model'])->get();
+            $acceptances = CheckoutAcceptance::pending()->where('checkoutable_type', 'App\Models\Asset')->withTrashed()->with(['assignedTo', 'checkoutable.assignedTo', 'checkoutable.model'])->get();
        } else {
-            $acceptances = CheckoutAcceptance::pending()->with(['assignedTo', 'checkoutable.assignedTo', 'checkoutable.model'])->get();
+            $acceptances = CheckoutAcceptance::pending()->where('checkoutable_type', 'App\Models\Asset')->with(['assignedTo', 'checkoutable.assignedTo', 'checkoutable.model'])->get();
        }

        $assetsForReport = $acceptances
@@ -1075,13 +1110,19 @@ class ReportsController extends Controller
        $rows[] = implode(',', $header);

        foreach ($assetsForReport as $item) {
-            $row    = [ ];
-            $row[]  = str_replace(',', '', e($item['assetItem']->model->category->name));
-            $row[]  = str_replace(',', '', e($item['assetItem']->model->name));
-            $row[]  = str_replace(',', '', e($item['assetItem']->name));
-            $row[]  = str_replace(',', '', e($item['assetItem']->asset_tag));
-            $row[]  = str_replace(',', '', e(($item['acceptance']->assignedTo) ? $item['acceptance']->assignedTo->present()->name() : trans('admin/reports/general.deleted_user')));
-            $rows[] = implode(',', $row);
+
+            if ($item['assetItem'] != null){
+            
+                $row    = [ ];
+                $row[]  = str_replace(',', '', e($item['assetItem']->model->category->name));
+                $row[]  = str_replace(',', '', e($item['assetItem']->model->name));
+                $row[]  = str_replace(',', '', e($item['assetItem']->name));
+                $row[]  = str_replace(',', '', e($item['assetItem']->asset_tag));
+                $row[]  = str_replace(',', '', e(($item['acceptance']->assignedTo) ? $item['acceptance']->assignedTo->present()->name() : trans('admin/reports/general.deleted_user')));
+                $rows[] = implode(',', $row);
+            } else {
+                // Log the error maybe?
+            }
        }

        // spit out a csv
--- a/app/Http/Controllers/SettingsController.php
+++ b/app/Http/Controllers/SettingsController.php
@@ -7,6 +7,7 @@ use App\Helpers\StorageHelper;
 use App\Http\Requests\ImageUploadRequest;
 use App\Http\Requests\SettingsSamlRequest;
 use App\Http\Requests\SetupUserRequest;
+use App\Models\Group;
 use App\Models\Setting;
 use App\Models\Asset;
 use App\Models\User;
@@ -339,6 +340,7 @@ class SettingsController extends Controller
        $setting->email_format = $request->input('email_format');
        $setting->username_format = $request->input('username_format');
        $setting->require_accept_signature = $request->input('require_accept_signature');
+        $setting->display_username = $request->input('display_username', 0);
        $setting->show_assigned_assets = $request->input('show_assigned_assets', '0');
        if (! config('app.lock_passwords')) {
            $setting->login_note = $request->input('login_note');
@@ -349,6 +351,7 @@ class SettingsController extends Controller
        $setting->privacy_policy_link = $request->input('privacy_policy_link');

        $setting->depreciation_method = $request->input('depreciation_method');
+        $setting->dash_chart_type = $request->input('dash_chart_type');

        if ($request->input('per_page') != '') {
            $setting->per_page = $request->input('per_page');
@@ -910,6 +913,8 @@ class SettingsController extends Controller
    public function getLdapSettings()
    {
        $setting = Setting::getSettings();
+        $groups = Group::pluck('name', 'id');
+

        /**
         * This validator is only temporary (famous last words.) - @snipe
@@ -922,13 +927,13 @@ class SettingsController extends Controller

        $validator = Validator::make($setting->toArray(), [
            'ldap_username_field' => 'not_in:sAMAccountName',
-            'ldap_auth_filter_query' => 'not_in:uid=samaccountname',
-            'ldap_filter' => 'regex:"^[^(]"',
+            'ldap_auth_filter_query' => 'not_in:uid=samaccountname|required_if:ldap_enabled,1',
+            'ldap_filter' => 'nullable|regex:"^[^(]"|required_if:ldap_enabled,1',
        ],  $messages);



-        return view('settings.ldap', compact('setting'))->withErrors($validator);
+        return view('settings.ldap', compact('setting', 'groups'))->withErrors($validator);
    }

    /**
@@ -955,6 +960,7 @@ class SettingsController extends Controller
                $setting->ldap_pword = Crypt::encrypt($request->input('ldap_pword'));
            }
            $setting->ldap_basedn = $request->input('ldap_basedn');
+            $setting->ldap_default_group = $request->input('ldap_default_group');
            $setting->ldap_filter = $request->input('ldap_filter');
            $setting->ldap_username_field = $request->input('ldap_username_field');
            $setting->ldap_lname_field = $request->input('ldap_lname_field');
--- a/app/Http/Controllers/Users/BulkUsersController.php
+++ b/app/Http/Controllers/Users/BulkUsersController.php
@@ -197,6 +197,7 @@ class BulkUsersController extends Controller
            'status_id'     => e(request('status_id')),
            'assigned_to'   => null,
            'assigned_type' => null,
+            'expected_checkin' => null,
        ]);


@@ -231,8 +232,14 @@ class BulkUsersController extends Controller
    protected function logItemCheckinAndDelete($items, $itemType)
    {
        foreach ($items as $item) {
+            $item_id = $item->id;
            $logAction = new Actionlog();
-            $logAction->item_id = $item->id;
+
+            if ($itemType == License::class){
+                $item_id = $item->license_id;
+            }
+            
+            $logAction->item_id = $item_id;
            // We can't rely on get_class here because the licenses/accessories fetched above are not eloquent models, but simply arrays.
            $logAction->item_type = $itemType;
            $logAction->target_id = $item->assigned_to;
--- a/app/Http/Controllers/Users/UsersController.php
+++ b/app/Http/Controllers/Users/UsersController.php
@@ -119,6 +119,8 @@ class UsersController extends Controller
        $user->remote = $request->input('remote', 0);
        $user->website = $request->input('website', null);
        $user->created_by = Auth::user()->id;
+        $user->start_date = $request->input('start_date', null);
+        $user->end_date = $request->input('end_date', null);

        // Strip out the superuser permission if the user isn't a superadmin
        $permissions_array = $request->input('permission');
@@ -129,7 +131,7 @@ class UsersController extends Controller
        $user->permissions = json_encode($permissions_array);

        // we have to invoke the
-        app(\App\Http\Requests\ImageUploadRequest::class)->handleImages($user, 600, 'image', 'avatars', 'avatar');
+        app(ImageUploadRequest::class)->handleImages($user, 600, 'avatar', 'avatars', 'avatar');

        if ($user->save()) {
            if ($request->filled('groups')) {
@@ -270,6 +272,8 @@ class UsersController extends Controller
        $user->zip = $request->input('zip', null);
        $user->remote = $request->input('remote', 0);
        $user->website = $request->input('website', null);
+        $user->start_date = $request->input('start_date', null);
+        $user->end_date = $request->input('end_date', null);

        // Update the location of any assets checked out to this user
        Asset::where('assigned_type', User::class)
@@ -292,7 +296,7 @@ class UsersController extends Controller
        $user->permissions = json_encode($permissions_array);

        // Handle uploaded avatar
-        app(\App\Http\Requests\ImageUploadRequest::class)->handleImages($user, 600, 'avatar', 'avatars', 'avatar');
+        app(ImageUploadRequest::class)->handleImages($user, 600, 'avatar', 'avatars', 'avatar');

        //\Log::debug(print_r($user, true));

@@ -594,7 +598,7 @@ class UsersController extends Controller
    }

    /**
-     * LDAP form processing.
+     * Print inventory
     *
     * @author Aladin Alaily
     * @since [v1.8]
--- a/app/Http/Controllers/ViewAssetsController.php
+++ b/app/Http/Controllers/ViewAssetsController.php
@@ -8,6 +8,7 @@ use App\Models\AssetModel;
 use App\Models\Company;
 use App\Models\Setting;
 use App\Models\User;
+use App\Models\CustomField;
 use App\Notifications\RequestAssetCancelation;
 use App\Notifications\RequestAssetNotification;
 use Illuminate\Http\Request;
@@ -29,23 +30,41 @@ class ViewAssetsController extends Controller
    public function getIndex()
    {
        $user = User::with(
+            'assets',
            'assets.model',
+            'assets.model.fieldset.fields',
            'consumables',
            'accessories',
            'licenses',
-            'userloc',
-            'userlog'
-        )->withTrashed()->find(Auth::user()->id);
+        )->find(Auth::user()->id);

-        $userlog = $user->userlog->load('item', 'user', 'target');
+        $field_array = array();
+
+        // Loop through all the custom fields that are applied to any model the user has assigned
+        foreach ($user->assets as $asset) {
+
+            // Make sure the model has a custom fieldset before trying to loop through the associated fields
+            if ($asset->model->fieldset) {
+
+                foreach ($asset->model->fieldset->fields as $field) {
+                    // check and make sure they're allowed to see the value of the custom field
+                    if ($field->display_in_user_view == '1') {
+                        $field_array[$field->db_column] = $field->name;
+                    }
+                    
+                }
+            }
+
+        }
+
+        // Since some models may re-use the same fieldsets/fields, let's make the array unique so we don't repeat columns
+        array_unique($field_array);

        if (isset($user->id)) {
-            return view('account/view-assets', compact('user', 'userlog'))
+            return view('account/view-assets', compact('user', 'field_array' ))
                ->with('settings', Setting::getSettings());
-        } else {
-            // Redirect to the user management page
-            return redirect()->route('users.index')->with('error', trans('admin/users/message.user_not_found', compact('id')));
        }
+
        // Redirect to the user management page
        return redirect()->route('users.index')
            ->with('error', trans('admin/users/message.user_not_found', $user->id));
@@ -165,7 +184,7 @@ class ViewAssetsController extends Controller
            $settings->notify(new RequestAssetCancelation($data));

            return redirect()->route('requestable-assets')
-                ->with('success')->with('success', trans('admin/hardware/message.requests.cancel'));
+                ->with('success')->with('success', trans('admin/hardware/message.requests.canceled'));
        }

        $logaction->logaction('requested');
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -43,6 +43,7 @@ class Kernel extends HttpKernel
            \App\Http\Middleware\CheckForTwoFactor::class,
            \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
            \App\Http\Middleware\AssetCountForSidebar::class,
+            \Illuminate\Session\Middleware\AuthenticateSession::class,
        ],

        'api' => [
--- a/app/Http/Middleware/AssetCountForSidebar.php
+++ b/app/Http/Middleware/AssetCountForSidebar.php
@@ -52,6 +52,13 @@ class AssetCountForSidebar
            \Log::debug($e);
        }

+        try {
+            $total_byod_sidebar = Asset::where('byod', '=', '1')->count();
+            view()->share('total_byod_sidebar', $total_byod_sidebar);
+        } catch (\Exception $e) {
+            \Log::debug($e);
+        }
+
        return $next($request);
    }
 }
--- a/app/Http/Requests/ImageUploadRequest.php
+++ b/app/Http/Requests/ImageUploadRequest.php
@@ -63,11 +63,13 @@ class ImageUploadRequest extends Request
     * @param string $path  location for uploaded images, defaults to uploads/plural of item type.
     * @return SnipeModel        Target asset is being checked out to.
     */
-    public function handleImages($item, $w = 600, $form_fieldname = null, $path = null, $db_fieldname = 'image')
+    public function handleImages($item, $w = 600, $form_fieldname = 'image', $path = null, $db_fieldname = 'image')
    {
+
        $type = strtolower(class_basename(get_class($item)));

        if (is_null($path)) {
+
            $path = str_plural($type);

            if ($type == 'assetmodel') {
@@ -79,42 +81,31 @@ class ImageUploadRequest extends Request
            }
        }

-        if (is_null($form_fieldname)) {
-            $form_fieldname = 'image';
-        }
-
-        // This is dumb, but we need it for overriding field names for exceptions like avatars and logo uploads
-        if (is_null($db_fieldname)) {
-            $use_db_field = $form_fieldname;
-        } else {
-            $use_db_field = $db_fieldname;
-        }
-
-        
-        // ConvertBase64ToFiles just changes object type, 
-        // as it cannot currently insert files to $this->files
        if ($this->offsetGet($form_fieldname) instanceof UploadedFile) {
-           $image=$this->offsetGet($form_fieldname);
+           $image = $this->offsetGet($form_fieldname);
+           \Log::debug('Image is an instance of UploadedFile');
+        } elseif ($this->hasFile($form_fieldname)) {
+            $image = $this->file($form_fieldname);
+            \Log::debug('Just use regular upload for '.$form_fieldname);
        } else {
-            if ($this->hasFile($form_fieldname)) {
-                $image = $this->file($form_fieldname);
-            }
+            \Log::debug('No image found for form fieldname: '.$form_fieldname);
        }

        if (isset($image)) {
-            \Log::debug($image);

            if (!config('app.lock_passwords')) {

                $ext = $image->getClientOriginalExtension();
-                $file_name = $type.'-'.$form_fieldname.'-'.str_random(10).'.'.$ext;
+                $file_name = $type.'-'.$form_fieldname.'-'.$item->id.'-'.str_random(10).'.'.$ext;

                \Log::info('File name will be: '.$file_name);
                \Log::debug('File extension is: '.$ext);

                if (($image->getClientOriginalExtension() !== 'webp') && ($image->getClientOriginalExtension() !== 'svg')) {
+
                    \Log::debug('Not an SVG or webp - resize');
                    \Log::debug('Trying to upload to: '.$path.'/'.$file_name);
+
                    $upload = Image::make($image->getRealPath())->resize(null, $w, function ($constraint) {
                        $constraint->aspectRatio();
                        $constraint->upsize();
@@ -122,6 +113,7 @@ class ImageUploadRequest extends Request

                    // This requires a string instead of an object, so we use ($string)
                    Storage::disk('public')->put($path.'/'.$file_name, (string) $upload->encode());
+
                } else {
                    // If the file is a webp, we need to just move it since webp support
                    // needs to be compiled into gd for resizing to be available
@@ -146,30 +138,30 @@ class ImageUploadRequest extends Request
                }

                 // Remove Current image if exists
-                if (Storage::disk('public')->exists($path.'/'.$item->{$use_db_field})) {
+                if (($item->{$form_fieldname}!='') && (Storage::disk('public')->exists($path.'/'.$item->{$db_fieldname}))) {
                    \Log::debug('A file already exists that we are replacing - we should delete the old one.');
                    try {
-                         Storage::disk('public')->delete($path.'/'.$item->{$use_db_field});
+                         Storage::disk('public')->delete($path.'/'.$item->{$form_fieldname});
                         \Log::debug('Old file '.$path.'/'.$file_name.' has been deleted.');
                    } catch (\Exception $e) {
                        \Log::debug('Could not delete old file. '.$path.'/'.$file_name.' does not exist?');
                    }
                }

-                $item->{$use_db_field} = $file_name;
+                $item->{$db_fieldname} = $file_name;
            }

+
        // If the user isn't uploading anything new but wants to delete their old image, do so
-        } else {
-            if ($this->input('image_delete') == '1') {
-                \Log::debug('Deleting image');
-                try {
-                    Storage::disk('public')->delete($path.'/'.$item->{$use_db_field});
-                        $item->{$use_db_field} = null;
-                } catch (\Exception $e) {
-                    \Log::debug($e);
-                }
+        } elseif ($this->input('image_delete') == '1') {
+            \Log::debug('Deleting image');
+            try {
+                Storage::disk('public')->delete($path.'/'.$item->{$db_fieldname});
+                    $item->{$db_fieldname} = null;
+            } catch (\Exception $e) {
+                \Log::debug($e);
            }
+
        }

        return $item;
--- a/app/Http/Requests/ItemImportRequest.php
+++ b/app/Http/Requests/ItemImportRequest.php
@@ -49,7 +49,7 @@ class ItemImportRequest extends FormRequest
                $errorMessage = null;

                if (is_null($fieldValue)) {
-                    $errorMessage = trans('validation.import_field_empty');
+                    $errorMessage = trans('validation.import_field_empty', ['fieldname' => $field]);
                    $this->errorCallback($import, $field, $errorMessage);

                    return $this->errors;
--- a/app/Http/Transformers/AccessoriesTransformer.php
+++ b/app/Http/Transformers/AccessoriesTransformer.php
@@ -4,6 +4,7 @@ namespace App\Http\Transformers;

 use App\Helpers\Helper;
 use App\Models\Accessory;
+use App\Models\Setting;
 use Gate;
 use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Support\Facades\Storage;
@@ -22,6 +23,7 @@ class AccessoriesTransformer

    public function transformAccessory(Accessory $accessory)
    {
+
        $array = [
            'id' => $accessory->id,
            'name' => e($accessory->name),
@@ -38,7 +40,8 @@ class AccessoriesTransformer
            'purchase_cost' => Helper::formatCurrencyOutput($accessory->purchase_cost),
            'order_number' => ($accessory->order_number) ? e($accessory->order_number) : null,
            'min_qty' => ($accessory->min_amt) ? (int) $accessory->min_amt : null,
-            'remaining_qty' => $accessory->numRemaining(),
+            'remaining_qty' => (int) $accessory->numRemaining(),
+            'users_count' =>  $accessory->users_count,

            'created_at' => Helper::getFormattedDateObject($accessory->created_at, 'datetime'),
            'updated_at' => Helper::getFormattedDateObject($accessory->updated_at, 'datetime'),
@@ -65,6 +68,8 @@ class AccessoriesTransformer

    public function transformCheckedoutAccessory($accessory, $accessory_users, $total)
    {
+        $setting = Setting::getSettings();
+
        $array = [];

        foreach ($accessory_users as $user) {
@@ -73,7 +78,7 @@ class AccessoriesTransformer
                'assigned_pivot_id' => $user->pivot->id,
                'id' => (int) $user->id,
                'username' => e($user->username),
-                'name' => e($user->getFullNameAttribute()),
+                'name' => ($setting->display_username == '1') ? e($user->getCompleteNameAttribute()) : e($user->getFullNameAttribute()),
                'first_name'=> e($user->first_name),
                'last_name'=> e($user->last_name),
                'employee_number' =>  e($user->employee_num),
--- a/app/Http/Transformers/ActionlogsTransformer.php
+++ b/app/Http/Transformers/ActionlogsTransformer.php
@@ -4,6 +4,7 @@ namespace App\Http\Transformers;
 use App\Helpers\Helper;
 use App\Models\Actionlog;
 use App\Models\Setting;
+use App\Models\User;
 use Illuminate\Database\Eloquent\Collection;

 class ActionlogsTransformer
@@ -85,6 +86,7 @@ class ActionlogsTransformer
                'id' => (int) $actionlog->item->id,
                'name' => ($actionlog->itemType()=='user') ? e($actionlog->item->getFullNameAttribute()) : e($actionlog->item->getDisplayNameAttribute()),
                'type' => e($actionlog->itemType()),
+                'serial' =>e($actionlog->item->serial) ? e($actionlog->item->serial) : null
            ] : null,
            'location' => ($actionlog->location) ? [
                'id' => (int) $actionlog->location->id,
@@ -112,9 +114,7 @@ class ActionlogsTransformer
            'log_meta'          => ((isset($clean_meta)) && (is_array($clean_meta))) ? $clean_meta: null,
            'action_date'   => ($actionlog->action_date) ? Helper::getFormattedDateObject($actionlog->action_date, 'datetime'): Helper::getFormattedDateObject($actionlog->created_at, 'datetime'),
        ];
-        //\Log::info("Clean Meta is: ".print_r($clean_meta,true));

-        //dd($array);
        return $array;
    }

@@ -125,7 +125,7 @@ class ActionlogsTransformer

        $array = array();
        foreach ($accessories_users as $user) {
-            $array[] = (new UsersTransformer)->transformUser($user);
+            $array[] = (new UsersTransformer)->transformUserCompact($user);
        }
        return (new DatatablesTransformer)->transformDatatables($array, $total);
    }
--- a/app/Http/Transformers/AssetModelsTransformer.php
+++ b/app/Http/Transformers/AssetModelsTransformer.php
@@ -22,6 +22,22 @@ class AssetModelsTransformer

    public function transformAssetModel(AssetModel $assetmodel)
    {
+
+        $default_field_values = array();
+
+        // Reach into the custom fields and models_custom_fields pivot table to find the default values for this model
+        if ($assetmodel->fieldset) {
+            foreach($assetmodel->fieldset->fields AS $field) {
+                $default_field_values[] = [
+                    'name' => e($field->name),
+                    'db_column_name' => e($field->db_column_name()),
+                    'default_value' => ($field->defaultValue($assetmodel->id)) ? e($field->defaultValue($assetmodel->id)) : null,
+                    'format' =>  e($field->format),
+                    'required' => ($field->pivot->required == '1') ? true : false,
+                ];
+            }
+        }
+
        $array = [
            'id' => (int) $assetmodel->id,
            'name' => e($assetmodel->name),
@@ -44,6 +60,7 @@ class AssetModelsTransformer
                'id' => (int) $assetmodel->fieldset->id,
                'name'=> e($assetmodel->fieldset->name),
            ] : null,
+            'default_fieldset_values' => $default_field_values,
            'eol' => ($assetmodel->eol > 0) ? $assetmodel->eol.' months' : 'None',
            'requestable' => ($assetmodel->requestable == '1') ? true : false,
            'notes' => e($assetmodel->notes),
--- a/app/Http/Transformers/AssetsTransformer.php
+++ b/app/Http/Transformers/AssetsTransformer.php
@@ -8,6 +8,7 @@ use App\Models\Setting;
 use Gate;
 use Illuminate\Database\Eloquent\Collection;

+
 class AssetsTransformer
 {
    public function transformAssets(Collection $assets, $total)
@@ -34,6 +35,8 @@ class AssetsTransformer
                'id' => (int) $asset->model->id,
                'name'=> e($asset->model->name),
            ] : null,
+            'byod' => ($asset->byod ? true : false),
+
            'model_number' => (($asset->model) && ($asset->model->model_number)) ? e($asset->model->model_number) : null,
            'eol' => ($asset->purchase_date != '') ? Helper::getFormattedDateObject($asset->present()->eol_date(), 'date') : null,
            'status_label' => ($asset->assetstatus) ? [
@@ -71,7 +74,7 @@ class AssetsTransformer
            'image' => ($asset->getImageUrl()) ? $asset->getImageUrl() : null,
            'qr' => ($setting->qr_code=='1') ? config('app.url').'/uploads/barcodes/qr-'.str_slug($asset->asset_tag).'-'.str_slug($asset->id).'.png' : null,
            'alt_barcode' => ($setting->alt_barcode_enabled=='1') ? config('app.url').'/uploads/barcodes/'.str_slug($setting->alt_barcode).'-'.str_slug($asset->asset_tag).'.png' : null,
-            'assigned_to' => $this->transformAssignedTo($asset),
+            'assigned_to' => $this->transformAssignedTo($asset, $setting),
            'warranty_months' =>  ($asset->warranty_months > 0) ? e($asset->warranty_months.' '.trans('admin/hardware/form.months')) : null,
            'warranty_expires' => ($asset->warranty_months > 0) ? Helper::getFormattedDateObject($asset->warranty_expires, 'date') : null,
            'created_at' => Helper::getFormattedDateObject($asset->created_at, 'datetime'),
@@ -80,6 +83,7 @@ class AssetsTransformer
            'next_audit_date' => Helper::getFormattedDateObject($asset->next_audit_date, 'date'),
            'deleted_at' => Helper::getFormattedDateObject($asset->deleted_at, 'datetime'),
            'purchase_date' => Helper::getFormattedDateObject($asset->purchase_date, 'date'),
+            'age' => $asset->purchase_date ? Helper::AgeFormat($asset->purchase_date) : '',
            'last_checkout' => Helper::getFormattedDateObject($asset->last_checkout, 'datetime'),
            'expected_checkin' => Helper::getFormattedDateObject($asset->expected_checkin, 'date'),
            'purchase_cost' => Helper::formatCurrencyOutput($asset->purchase_cost),
@@ -131,7 +135,7 @@ class AssetsTransformer
                $array['custom_fields'] = $fields_array;
            }
        } else {
-            $array['custom_fields'] = [];
+            $array['custom_fields'] = new \stdClass; // HACK to force generation of empty object instead of empty list
        }

        $permissions_array['available_actions'] = [
@@ -176,18 +180,10 @@ class AssetsTransformer
        return (new DatatablesTransformer)->transformDatatables($assets);
    }

-    public function transformAssignedTo($asset)
+    public function transformAssignedTo($asset, $setting)
    {
        if ($asset->checkedOutToUser()) {
-            return $asset->assigned ? [
-                    'id' => (int) $asset->assigned->id,
-                    'username' => e($asset->assigned->username),
-                    'name' => e($asset->assigned->getFullNameAttribute()),
-                    'first_name'=> e($asset->assigned->first_name),
-                    'last_name'=> ($asset->assigned->last_name) ? e($asset->assigned->last_name) : null,
-                    'employee_number' =>  ($asset->assigned->employee_num) ? e($asset->assigned->employee_num) : null,
-                    'type' => 'user',
-                ] : null;
+            return (new UsersTransformer)->transformUserCompact($asset->assigned);
        }

        return $asset->assigned ? [
--- a/app/Http/Transformers/CategoriesTransformer.php
+++ b/app/Http/Transformers/CategoriesTransformer.php
@@ -22,6 +22,26 @@ class CategoriesTransformer

    public function transformCategory(Category $category = null)
    {
+
+        // We only ever use item_count for categories in this transformer, so it makes sense to keep it
+        // simple and do this switch here.
+        switch ($category->category_type) {
+            case 'asset':
+                $category->item_count = $category->assets_count;
+                break;
+            case 'accessory':
+                $category->item_count = $category->accessories_count;
+                break;
+            case 'consumable':
+                $category->item_count = $category->consumables_count;
+                break;
+            case 'component':
+                $category->item_count = $category->components_count;
+                break;
+            default:
+                $category->item_count = 0;
+        }
+
        if ($category) {
            $array = [
                'id' => (int) $category->id,
@@ -33,7 +53,7 @@ class CategoriesTransformer
                'eula' => ($category->getEula()),
                'checkin_email' => ($category->checkin_email == '1'),
                'require_acceptance' => ($category->require_acceptance == '1'),
-                'item_count' => (int) $category->itemCount(),
+                'item_count' => (int) $category->item_count,
                'assets_count' => (int) $category->assets_count,
                'accessories_count' => (int) $category->accessories_count,
                'consumables_count' => (int) $category->consumables_count,
--- a/app/Http/Transformers/ComponentsAssetsTransformer.php
+++ b/app/Http/Transformers/ComponentsAssetsTransformer.php
@@ -26,6 +26,7 @@ class ComponentsAssetsTransformer
            'created_at' => $asset->created_at->format('Y-m-d'),
            'qty' => $asset->components()->count(),
            'user_can_checkout' => $asset->availableForCheckout(),
+            'note' => e($asset->note),
        ];

        $permissions_array['available_actions'] = [
--- a/app/Http/Transformers/ComponentsTransformer.php
+++ b/app/Http/Transformers/ComponentsTransformer.php
@@ -71,6 +71,7 @@ class ComponentsTransformer
                'id' => (int) $asset->id,
                'name' =>  e($asset->model->present()->name).' '.e($asset->present()->name),
                'qty' => $asset->pivot->assigned_qty,
+                'note' => $asset->pivot->note,
                'type' => 'asset',
                'created_at' => Helper::getFormattedDateObject($asset->pivot->created_at, 'datetime'),
                'available_actions' => ['checkin' => true],
--- a/app/Http/Transformers/ConsumablesTransformer.php
+++ b/app/Http/Transformers/ConsumablesTransformer.php
@@ -60,11 +60,11 @@ class ConsumablesTransformer
        return $array;
    }

-    public function transformCheckedoutConsumables(Collection $consumables_users, $total)
+    public function transformCheckedoutConsumables(Consumable $consumable, $consumables_users, $total)
    {
        $array = [];
-        foreach ($consumables_users as $user) {
-            $array[] = (new UsersTransformer)->transformUser($user);
+        foreach ($consumables_users as $consumables_user) {
+            $array[] = (new UsersTransformer)->transformUserCompact($consumables_user);
        }

        return (new DatatablesTransformer)->transformDatatables($array, $total);
--- a/app/Http/Transformers/CustomFieldsTransformer.php
+++ b/app/Http/Transformers/CustomFieldsTransformer.php
@@ -47,6 +47,7 @@ class CustomFieldsTransformer
            'field_values_array'   => ($field->field_values) ? explode("\r\n", e($field->field_values)) : null,
            'type'   =>  e($field->element),
            'required'   =>  (($field->pivot) && ($field->pivot->required=='1')) ? true : false,
+            'display_in_user_view' =>  ($field->display_in_user_view =='1') ? true : false,
            'created_at' => Helper::getFormattedDateObject($field->created_at, 'datetime'),
            'updated_at' => Helper::getFormattedDateObject($field->updated_at, 'datetime'),
        ];
--- a/app/Http/Transformers/DepreciationReportTransformer.php
+++ b/app/Http/Transformers/DepreciationReportTransformer.php
@@ -63,10 +63,16 @@ class DepreciationReportTransformer
         */
        if (($asset->model) && ($asset->model->depreciation)) {
            $depreciated_value = Helper::formatCurrencyOutput($asset->getDepreciatedValue());
-            $monthly_depreciation = Helper::formatCurrencyOutput(($asset->model->eol > 0 ? ($asset->purchase_cost / $asset->model->eol) : 0));
+            if($asset->model->eol==0 || $asset->model->eol==null ){
+                $monthly_depreciation = Helper::formatCurrencyOutput($asset->purchase_cost / $asset->model->depreciation->months);
+            }
+            else {
+                $monthly_depreciation = Helper::formatCurrencyOutput(($asset->model->eol > 0 ? ($asset->purchase_cost / $asset->model->eol) : 0));
+            }
            $diff = Helper::formatCurrencyOutput(($asset->purchase_cost - $asset->getDepreciatedValue()));
        }

+
        if ($asset->assigned) {
            $checkout_target = $asset->assigned->name;
            if ($asset->checkedOutToUser()) {
--- a/app/Http/Transformers/DepreciationsTransformer.php
+++ b/app/Http/Transformers/DepreciationsTransformer.php
@@ -3,6 +3,7 @@
 namespace App\Http\Transformers;

 use App\Helpers\Helper;
+use App\Models\Depreciable;
 use App\Models\Depreciation;
 use Gate;
 use Illuminate\Database\Eloquent\Collection;
--- a/app/Http/Transformers/LicenseSeatsTransformer.php
+++ b/app/Http/Transformers/LicenseSeatsTransformer.php
@@ -4,6 +4,7 @@ namespace App\Http\Transformers;

 use App\Models\License;
 use App\Models\LicenseSeat;
+use App\Models\Setting;
 use Gate;
 use Illuminate\Database\Eloquent\Collection;

@@ -23,19 +24,12 @@ class LicenseSeatsTransformer

    public function transformLicenseSeat(LicenseSeat $seat, $seat_count = 0)
    {
+        $setting = Setting::getSettings();
+
        $array = [
            'id' => (int) $seat->id,
            'license_id' => (int) $seat->license->id,
-            'assigned_user' => ($seat->user) ? [
-                'id' => (int) $seat->user->id,
-                'name'=> e($seat->user->present()->fullName),
-                'department'=> ($seat->user->department) ?
-                        [
-                            'id' => (int) $seat->user->department->id,
-                            'name' => e($seat->user->department->name),
-
-                        ] : null,
-            ] : null,
+            'assigned_user' => ($seat->user) ?  (new UsersTransformer)->transformUserCompact($seat->user) : null,
            'assigned_asset' => ($seat->asset) ? [
                'id' => (int) $seat->asset->id,
                'name'=> e($seat->asset->present()->fullName),
--- a/app/Http/Transformers/LocationsTransformer.php
+++ b/app/Http/Transformers/LocationsTransformer.php
@@ -45,6 +45,7 @@ class LocationsTransformer
                'zip' => ($location->zip) ? e($location->zip) : null,
                'assigned_assets_count' => (int) $location->assigned_assets_count,
                'assets_count'    => (int) $location->assets_count,
+                'rtd_assets_count'    => (int) $location->rtd_assets_count,
                'users_count'    => (int) $location->users_count,
                'currency' =>  ($location->currency) ? e($location->currency) : null,
                'ldap_ou' =>  ($location->ldap_ou) ? e($location->ldap_ou) : null,
--- a/app/Http/Transformers/PieChartTransformer.php
+++ b/app/Http/Transformers/PieChartTransformer.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace App\Http\Transformers;
+
+
+use App\Helpers\Helper;
+/**
+ * Class PieChartTransformer
+ *
+ * This handles the standardized formatting of the API response we need to provide for
+ * the pie charts
+ *
+ * @return \Illuminate\Http\Response
+ * @since [v6.0.11]
+ * @author [A. Gianotto] [<snipe@snipe.net>]
+ */
+class PieChartTransformer
+{
+    public function transformPieChartDate($totals)
+    {
+
+        $labels = [];
+        $counts = [];
+        $default_color_count = 0;
+        $colors_array = [];
+
+        foreach ($totals as $total) {
+
+            if ($total['count'] > 0) {
+
+                $labels[] = $total['label']." (".$total['count'].")";
+                $counts[] = $total['count'];
+
+                if (isset($total['color'])) {
+                    $colors_array[] = $total['color'];
+                } else {
+                    $colors_array[] = Helper::defaultChartColors($default_color_count);
+                    $default_color_count++;
+                }
+            }
+        }
+
+        $results = [
+            'labels' => $labels,
+            'datasets' => [[
+                'data' => $counts,
+                'backgroundColor' => $colors_array,
+                'hoverBackgroundColor' =>  $colors_array,
+            ]],
+        ];
+
+
+        return $results;
+    }
+}
--- a/app/Http/Transformers/UsersTransformer.php
+++ b/app/Http/Transformers/UsersTransformer.php
@@ -3,6 +3,7 @@
 namespace App\Http\Transformers;

 use App\Helpers\Helper;
+use App\Models\Setting;
 use App\Models\User;
 use Gate;
 use Illuminate\Database\Eloquent\Collection;
@@ -21,6 +22,7 @@ class UsersTransformer

    public function transformUser(User $user)
    {
+
        $array = [
                'id' => (int) $user->id,
                'avatar' => e($user->present()->gravatar),
@@ -30,10 +32,10 @@ class UsersTransformer
                'username' => e($user->username),
                'remote' => ($user->remote == '1') ? true : false,
                'locale' => ($user->locale) ? e($user->locale) : null,
-                'employee_num' => e($user->employee_num),
+                'employee_num' => ($user->employee_num) ? e($user->employee_num) : null,
                'manager' => ($user->manager) ? [
                    'id' => (int) $user->manager->id,
-                    'name'=> e($user->manager->username),
+                    'name'=> e($user->manager->first_name).' '.e($user->manager->last_name),
                ] : null,
                'jobtitle' => ($user->jobtitle) ? e($user->jobtitle) : null,
                'phone' => ($user->phone) ? e($user->phone) : null,
@@ -43,7 +45,7 @@ class UsersTransformer
                'state' => ($user->state) ? e($user->state) : null,
                'country' => ($user->country) ? e($user->country) : null,
                'zip' => ($user->zip) ? e($user->zip) : null,
-                'email' => e($user->email),
+                'email' => ($user->email) ? e($user->email) : null,
                'department' => ($user->department) ? [
                    'id' => (int) $user->department->id,
                    'name'=> e($user->department->name),
@@ -56,8 +58,8 @@ class UsersTransformer
                'permissions' => $user->decodePermissions(),
                'activated' => ($user->activated == '1') ? true : false,
                'ldap_import' => ($user->ldap_import == '1') ? true : false,
-                'two_factor_activated' => ($user->two_factor_active()) ? true : false,
                'two_factor_enrolled' => ($user->two_factor_active_and_enrolled()) ? true : false,
+                'two_factor_optin' => ($user->two_factor_active()) ? true : false,
                'assets_count' => (int) $user->assets_count,
                'licenses_count' => (int) $user->licenses_count,
                'accessories_count' => (int) $user->accessories_count,
@@ -69,13 +71,15 @@ class UsersTransformer
                ] : null,
                'created_at' => Helper::getFormattedDateObject($user->created_at, 'datetime'),
                'updated_at' => Helper::getFormattedDateObject($user->updated_at, 'datetime'),
+                'start_date' => Helper::getFormattedDateObject($user->start_date, 'date'),
+                'end_date' => Helper::getFormattedDateObject($user->end_date, 'date'),
                'last_login' => Helper::getFormattedDateObject($user->last_login, 'datetime'),
                'deleted_at' => ($user->deleted_at) ? Helper::getFormattedDateObject($user->deleted_at, 'datetime') : null,
            ];

        $permissions_array['available_actions'] = [
            'update' => (Gate::allows('update', User::class) && ($user->deleted_at == '')),
-            'delete' => (Gate::allows('delete', User::class) && ($user->assets_count == 0) && ($user->licenses_count == 0) && ($user->accessories_count == 0) && ($user->consumables_count == 0)),
+            'delete' => (Gate::allows('delete', User::class) && ($user->assets_count == 0) && ($user->licenses_count == 0) && ($user->accessories_count == 0)),
            'clone' => (Gate::allows('create', User::class) && ($user->deleted_at == '')),
            'restore' => (Gate::allows('create', User::class) && ($user->deleted_at != '')),
        ];
@@ -99,6 +103,34 @@ class UsersTransformer
        return $array;
    }

+    public function transformUserCompact(User $user) {
+        $setting = Setting::getSettings();
+        return  [
+            'new' => 'yep', // remove me
+            'id' => (int) $user->id,
+            'avatar' => e($user->present()->gravatar),
+            'username' => e($user->username),
+            'name' => ($setting->display_username == '1') ? e($user->getCompleteNameAttribute()) : e($user->getFullNameAttribute()),
+            'first_name'=> e($user->first_name),
+            'last_name'=> ($user->last_name) ? e($user->last_name) : null,
+            'email'=> ($user->email) ? e($user->email) : null,
+            'employee_num' => ($user->employee_num) ? e($user->employee_num) : null,
+            'manager' => ($user->manager) ? [
+                'id' => (int) $user->manager->id,
+                'name'=> e($user->manager->first_name).' '.e($user->manager->last_name),
+            ] : null,
+            'department' => ($user->department) ? [
+                'id' => (int) $user->department->id,
+                'name'=> e($user->department->name),
+            ] : null,
+            'location' => ($user->userloc) ? [
+                'id' => (int) $user->userloc->id,
+                'name'=> e($user->userloc->name),
+            ] : null,
+            'type' => 'user',
+        ];
+    }
+
    public function transformUsersDatatable($users)
    {
        return (new DatatablesTransformer)->transformDatatables($users);
--- a/app/Importer/AccessoryImporter.php
+++ b/app/Importer/AccessoryImporter.php
@@ -43,6 +43,7 @@ class AccessoryImporter extends ItemImporter
        $this->log('No Matching Accessory, Creating a new one');
        $accessory = new Accessory();
        $this->item['model_number'] = $this->findCsvMatch($row, "model_number");
+        $this->item['min_amt'] = $this->findCsvMatch($row, "min_amt");
        $accessory->fill($this->sanitizeItemForStoring($accessory));

        //FIXME: this disables model validation.  Need to find a way to avoid double-logs without breaking everything.
--- a/app/Importer/ConsumableImporter.php
+++ b/app/Importer/ConsumableImporter.php
@@ -43,6 +43,7 @@ class ConsumableImporter extends ItemImporter
        $consumable = new Consumable();
        $this->item['model_number'] = $this->findCsvMatch($row, 'model_number');
        $this->item['item_no'] = $this->findCsvMatch($row, 'item_number');
+        $this->item['min_amt'] = $this->findCsvMatch($row, "min_amt");
        $consumable->fill($this->sanitizeItemForStoring($consumable));
        //FIXME: this disables model validation.  Need to find a way to avoid double-logs without breaking everything.
        $consumable->unsetEventDispatcher();
--- a/app/Importer/Importer.php
+++ b/app/Importer/Importer.php
@@ -56,7 +56,7 @@ abstract class Importer
        'reassignable' => 'reassignable',
        'requestable' => 'requestable',
        'seats' => 'seats',
-        'serial_number' => 'serial number',
+        'serial' => 'serial number',
        'status' => 'status',
        'supplier' => 'supplier',
        'termination_date' => 'termination date',
@@ -77,6 +77,7 @@ abstract class Importer
        'manager_first_name' => 'manager first name',
        'manager_last_name' => 'manager last name',
        'min_amt' => 'minimum quantity',
+        'remote' => 'remote',
    ];
    /**
     * Map of item fields->csv names
@@ -288,6 +289,7 @@ abstract class Importer
            'department_id' =>  '',
            'username'  => $this->findCsvMatch($row, 'username'),
            'activated'  => $this->fetchHumanBoolean($this->findCsvMatch($row, 'activated')),
+            'remote'    => $this->fetchHumanBoolean(($this->findCsvMatch($row, 'remote'))),
        ];

        // Maybe we're lucky and the user already exists.
--- a/app/Importer/ItemImporter.php
+++ b/app/Importer/ItemImporter.php
@@ -90,7 +90,7 @@ class ItemImporter extends Importer
        $this->item['qty'] = $this->findCsvMatch($row, 'quantity');
        $this->item['requestable'] = $this->findCsvMatch($row, 'requestable');
        $this->item['user_id'] = $this->user_id;
-        $this->item['serial'] = $this->findCsvMatch($row, 'serial');
+        $this->item['serial'] = $this->findCsvMatch($row, 'serial number');
        // NO need to call this method if we're running the user import.
        // TODO: Merge these methods.
        $this->item['checkout_class'] = $this->findCsvMatch($row, 'checkout_class');
@@ -112,7 +112,7 @@ class ItemImporter extends Importer
            return $this->createOrFetchUser($row);
        }

-        if (strtolower($this->item['checkout_class']) === 'location') {
+        if (strtolower($this->item['checkout_class']) === 'location' && $this->findCsvMatch($row, 'checkout_location') != null ) {
            return Location::findOrFail($this->createOrFetchLocation($this->findCsvMatch($row, 'checkout_location')));
        }

--- a/app/Importer/UserImporter.php
+++ b/app/Importer/UserImporter.php
@@ -57,6 +57,7 @@ class UserImporter extends ItemImporter
        $this->item['employee_num'] = $this->findCsvMatch($row, 'employee_num');
        $this->item['department_id'] = $this->createOrFetchDepartment($this->findCsvMatch($row, 'department'));
        $this->item['manager_id'] = $this->fetchManager($this->findCsvMatch($row, 'manager_first_name'), $this->findCsvMatch($row, 'manager_last_name'));
+        $this->item['remote'] =($this->fetchHumanBoolean($this->findCsvMatch($row, 'remote')) ==1 ) ? '1' : 0;

        $user_department = $this->findCsvMatch($row, 'department');
        if ($this->shouldUpdateField($user_department)) {
--- a/app/Listeners/CheckoutableListener.php
+++ b/app/Listeners/CheckoutableListener.php
@@ -20,6 +20,8 @@ use App\Notifications\CheckoutConsumableNotification;
 use App\Notifications\CheckoutLicenseNotification;
 use App\Notifications\CheckoutLicenseSeatNotification;
 use Illuminate\Support\Facades\Notification;
+use Exception;
+use Log;

 class CheckoutableListener
 {
@@ -43,16 +45,20 @@ class CheckoutableListener
         */
        $acceptance = $this->getCheckoutAcceptance($event);       

-        if (! $event->checkedOutTo->locale) {
-            Notification::locale(Setting::getSettings()->locale)->send(
-                $this->getNotifiables($event), 
-                $this->getCheckoutNotification($event, $acceptance)
-            );
-        } else {
-            Notification::send(
-                $this->getNotifiables($event), 
-                $this->getCheckoutNotification($event, $acceptance)
-            );
+        try {
+            if (! $event->checkedOutTo->locale) {
+                Notification::locale(Setting::getSettings()->locale)->send(
+                    $this->getNotifiables($event),
+                    $this->getCheckoutNotification($event, $acceptance)
+                );
+            } else {
+                Notification::send(
+                    $this->getNotifiables($event),
+                    $this->getCheckoutNotification($event, $acceptance)
+                );
+            }
+        } catch (Exception $e) {
+            Log::error("Exception caught during checkout notification: ".$e->getMessage());
        }
    }

@@ -83,17 +89,21 @@ class CheckoutableListener
            }
        }

-        // Use default locale
-        if (! $event->checkedOutTo->locale) {
-            Notification::locale(Setting::getSettings()->locale)->send(
-                $this->getNotifiables($event),
-                $this->getCheckinNotification($event)
-            );
-        } else {
-            Notification::send(
-                $this->getNotifiables($event),
-                $this->getCheckinNotification($event)
-            );
+        try {
+            // Use default locale
+            if (! $event->checkedOutTo->locale) {
+                Notification::locale(Setting::getSettings()->locale)->send(
+                    $this->getNotifiables($event),
+                    $this->getCheckinNotification($event)
+                );
+            } else {
+                Notification::send(
+                    $this->getNotifiables($event),
+                    $this->getCheckinNotification($event)
+                );
+            }
+        } catch (Exception $e) {
+            Log::error("Exception caught during checkin notification: ".$e->getMessage());
        }
    }      

--- a/app/Models/Accessory.php
+++ b/app/Models/Accessory.php
@@ -2,6 +2,7 @@

 namespace App\Models;

+use App\Helpers\Helper;
 use App\Models\Traits\Acceptable;
 use App\Models\Traits\Searchable;
 use App\Presenters\Presentable;
@@ -100,6 +101,23 @@ class Accessory extends SnipeModel



+    /**
+     * Establishes the accessories -> action logs -> uploads relationship
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since [v6.1.13]
+     * @return \Illuminate\Database\Eloquent\Relations\Relation
+     */
+    public function uploads()
+    {
+        return $this->hasMany(\App\Models\Actionlog::class, 'item_id')
+            ->where('item_type', '=', self::class)
+            ->where('action_type', '=', 'uploaded')
+            ->whereNotNull('filename')
+            ->orderBy('created_at', 'desc');
+    }
+
+
    /**
     * Establishes the accessory -> supplier relationship
     *
@@ -299,31 +317,16 @@ class Accessory extends SnipeModel
     */
    public function getEula()
    {
-        $Parsedown = new \Parsedown();

        if ($this->category->eula_text) {
-            return $Parsedown->text(e($this->category->eula_text));
+            return Helper::parseEscapedMarkedown($this->category->eula_text);
        } elseif ((Setting::getSettings()->default_eula_text) && ($this->category->use_default_eula == '1')) {
-            return $Parsedown->text(e(Setting::getSettings()->default_eula_text));
+            return Helper::parseEscapedMarkedown(Setting::getSettings()->default_eula_text);
        }

-            return null;
+        return null;
    }

-     /**
-     * Check how many items within an accessory are checked out
-     *
-     * @author [A. Gianotto] [<snipe@snipe.net>]
-     * @since [v5.0]
-     * @return int
-     */
-    public function numCheckedOut()
-    {
-        $checkedout = 0;
-        $checkedout = $this->users->count();
-
-        return $checkedout;
-    }

    /**
     * Check how many items of an accessory remain
@@ -334,11 +337,11 @@ class Accessory extends SnipeModel
     */
    public function numRemaining()
    {
-        $checkedout = $this->users->count();
+        $checkedout = $this->users_count;
        $total = $this->qty;
        $remaining = $total - $checkedout;

-        return $remaining;
+        return (int) $remaining;
    }

    /**
--- a/app/Models/Asset.php
+++ b/app/Models/Asset.php
@@ -5,6 +5,7 @@ namespace App\Models;
 use App\Events\AssetCheckedOut;
 use App\Events\CheckoutableCheckedOut;
 use App\Exceptions\CheckoutNotAllowed;
+use App\Helpers\Helper;
 use App\Http\Traits\UniqueSerialTrait;
 use App\Http\Traits\UniqueUndeletedTrait;
 use App\Models\Traits\Acceptable;
@@ -94,6 +95,7 @@ class Asset extends Depreciable
        'location_id'    => 'integer',
        'rtd_company_id' => 'integer',
        'supplier_id'    => 'integer',
+        'byod'           => 'boolean',
    ];

    protected $rules = [
@@ -105,7 +107,6 @@ class Asset extends Depreciable
        'physical'        => 'numeric|max:1|nullable',
        'checkout_date'   => 'date|max:10|min:10|nullable',
        'checkin_date'    => 'date|max:10|min:10|nullable',
-        'supplier_id'     => 'exists:suppliers,id|numeric|nullable',
        'location_id'     => 'exists:locations,id|nullable',
        'rtd_location_id' => 'exists:locations,id|nullable',
        'asset_tag'       => 'required|min:1|max:255|unique_undeleted',
@@ -143,6 +144,7 @@ class Asset extends Depreciable
        'requestable',
        'last_checkout',
        'expected_checkin',
+        'byod',
    ];

    use Searchable;
@@ -314,14 +316,10 @@ class Asset extends Depreciable
        }

        $this->last_checkout = $checkout_at;
+        $this->name = $name;

        $this->assignedTo()->associate($target);

-
-        if ($name != null) {
-            $this->name = $name;
-        }
-
        if ($location != null) {
            $this->location_id = $location;
        } else {
@@ -694,15 +692,15 @@ class Asset extends Depreciable
    public static function getExpiringWarrantee($days = 30)
    {
        $days = (is_null($days)) ? 30 : $days;
-        
+
        return self::where('archived', '=', '0')
            ->whereNotNull('warranty_months')
            ->whereNotNull('purchase_date')
            ->whereNull('deleted_at')
-            ->whereRaw(\DB::raw('DATE_ADD(`purchase_date`,INTERVAL `warranty_months` MONTH) <= DATE(NOW() + INTERVAL '
+            ->whereRaw('DATE_ADD(`purchase_date`,INTERVAL `warranty_months` MONTH) <= DATE(NOW() + INTERVAL '
                                 . $days
-                                 . ' DAY) AND DATE_ADD(`purchase_date`, INTERVAL `warranty_months` MONTH) > NOW()'))
-            ->orderBy('purchase_date', 'ASC')
+                                 . ' DAY) AND DATE_ADD(`purchase_date`, INTERVAL `warranty_months` MONTH) > NOW()')
+            ->orderByRaw('DATE_ADD(`purchase_date`,INTERVAL `warranty_months` MONTH)')
            ->get();
    }

@@ -875,13 +873,12 @@ class Asset extends Depreciable
     */
    public function getEula()
    {
-        $Parsedown = new \Parsedown();
-        
+
        if (($this->model) && ($this->model->category)) {
            if ($this->model->category->eula_text) {
-                return $Parsedown->text(e($this->model->category->eula_text));
+                return Helper::parseEscapedMarkedown($this->model->category->eula_text);
            } elseif ($this->model->category->use_default_eula == '1') {
-                return $Parsedown->text(e(Setting::getSettings()->default_eula_text));
+                return Helper::parseEscapedMarkedown(Setting::getSettings()->default_eula_text);
            } else {
                return false;
            }
--- a/app/Models/AssetMaintenance.php
+++ b/app/Models/AssetMaintenance.php
@@ -74,7 +74,7 @@ class AssetMaintenance extends Model implements ICompanyableChild
            trans('admin/asset_maintenances/general.maintenance') => trans('admin/asset_maintenances/general.maintenance'),
            trans('admin/asset_maintenances/general.repair')      => trans('admin/asset_maintenances/general.repair'),
            trans('admin/asset_maintenances/general.upgrade')     => trans('admin/asset_maintenances/general.upgrade'),
-            'PAT test'      => 'PAT test',
+            trans('admin/asset_maintenances/general.pat_test')     => trans('admin/asset_maintenances/general.pat_test'),
            trans('admin/asset_maintenances/general.calibration')     => trans('admin/asset_maintenances/general.calibration'),
            trans('admin/asset_maintenances/general.software_support')      => trans('admin/asset_maintenances/general.software_support'),
            trans('admin/asset_maintenances/general.hardware_support')      => trans('admin/asset_maintenances/general.hardware_support'),
--- a/app/Models/Category.php
+++ b/app/Models/Category.php
@@ -9,6 +9,8 @@ use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\SoftDeletes;
 use Illuminate\Support\Facades\Gate;
 use Watson\Validating\ValidatingTrait;
+use App\Helpers\Helper;
+use Illuminate\Support\Str;

 /**
 * Model for Categories. Categories are a higher-level group
@@ -96,6 +98,7 @@ class Category extends SnipeModel
     */
    public function isDeletable()
    {
+
        return Gate::allows('delete', $this)
                && ($this->itemCount() == 0);
    }
@@ -149,7 +152,10 @@ class Category extends SnipeModel
    }

    /**
-     * Get the number of items in the category
+     * Get the number of items in the category. This should NEVER be used in
+     * a collection of categories, as you'll end up with an n+1 query problem.
+     *
+     * It should only be used in a single category context.
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v2.0]
@@ -157,6 +163,11 @@ class Category extends SnipeModel
     */
    public function itemCount()
    {
+
+        if (isset($this->{Str::plural($this->category_type).'_count'})) {
+            return $this->{Str::plural($this->category_type).'_count'};
+        }
+
        switch ($this->category_type) {
            case 'asset':
                return $this->assets()->count();
@@ -168,9 +179,10 @@ class Category extends SnipeModel
                return $this->consumables()->count();
            case 'license':
                return $this->licenses()->count();
+            default:
+                return 0;
        }

-        return '0';
    }

    /**
@@ -207,12 +219,11 @@ class Category extends SnipeModel
     */
    public function getEula()
    {
-        $Parsedown = new \Parsedown();

        if ($this->eula_text) {
-            return $Parsedown->text(e($this->eula_text));
+            return Helper::parseEscapedMarkedown($this->eula_text);
        } elseif ((Setting::getSettings()->default_eula_text) && ($this->use_default_eula == '1')) {
-            return $Parsedown->text(e(Setting::getSettings()->default_eula_text));
+            return Helper::parseEscapedMarkedown(Setting::getSettings()->default_eula_text);
        } else {
            return null;
        }
--- a/app/Models/CheckoutAcceptance.php
+++ b/app/Models/CheckoutAcceptance.php
@@ -5,16 +5,25 @@ namespace App\Models;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\SoftDeletes;
+use Illuminate\Notifications\Notifiable;

 class CheckoutAcceptance extends Model
 {
-    use SoftDeletes;
+    use SoftDeletes, Notifiable;

    protected $casts = [
        'accepted_at' => 'datetime',
        'declined_at' => 'datetime',
    ];

+    // Get the mail recipient from the config
+    public function routeNotificationForMail(): string
+    {
+        // At this point the endpoint is the same for everything.
+        //  In the future this may want to be adapted for individual notifications.
+        return (config('mail.reply_to.address')) ? config('mail.reply_to.address') : '' ;
+    }
+
    /**
     * The resource that was is out
     *
--- a/app/Models/Company.php
+++ b/app/Models/Company.php
@@ -73,6 +73,10 @@ final class Company extends SnipeModel
        }
    }

+    /**
+     * Scoping table queries, determining if a logged in user is part of a company, and only allows
+     * that user to see items associated with that company
+     */
    private static function scopeCompanyablesDirectly($query, $column = 'company_id', $table_name = null)
    {
        if (Auth::user()) {
@@ -127,6 +131,11 @@ final class Company extends SnipeModel
            return false;
        } elseif (! static::isFullMultipleCompanySupportEnabled()) {
            return true;
+        } elseif (!$companyable instanceof Company && !\Schema::hasColumn($companyable->getModel()->getTable(), 'company_id')) {
+            // This is primary for the gate:allows-check in location->isDeletable()
+            // Locations don't have a company_id so without this it isn't possible to delete locations with FullMultipleCompanySupport enabled
+            // because this function is called by SnipePermissionsPolicy->before()
+            return true;
        } else {
            if (Auth::user()) {
                $current_user_company_id = Auth::user()->company_id;
--- a/app/Models/Component.php
+++ b/app/Models/Component.php
@@ -88,6 +88,24 @@ class Component extends SnipeModel
        'location'     => ['name'],
    ];

+
+    /**
+     * Establishes the components -> action logs -> uploads relationship
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since [v6.1.13]
+     * @return \Illuminate\Database\Eloquent\Relations\Relation
+     */
+    public function uploads()
+    {
+        return $this->hasMany(\App\Models\Actionlog::class, 'item_id')
+            ->where('item_type', '=', self::class)
+            ->where('action_type', '=', 'uploaded')
+            ->whereNotNull('filename')
+            ->orderBy('created_at', 'desc');
+    }
+
+
    /**
     * Establishes the component -> location relationship
     *
@@ -109,7 +127,7 @@ class Component extends SnipeModel
     */
    public function assets()
    {
-        return $this->belongsToMany(\App\Models\Asset::class, 'components_assets')->withPivot('id', 'assigned_qty', 'created_at', 'user_id');
+        return $this->belongsToMany(\App\Models\Asset::class, 'components_assets')->withPivot('id', 'assigned_qty', 'created_at', 'user_id', 'note');
    }

    /**
--- a/app/Models/Consumable.php
+++ b/app/Models/Consumable.php
@@ -2,6 +2,7 @@

 namespace App\Models;

+use App\Helpers\Helper;
 use App\Models\Traits\Acceptable;
 use App\Models\Traits\Searchable;
 use App\Presenters\Presentable;
@@ -95,6 +96,24 @@ class Consumable extends SnipeModel
        'manufacturer' => ['name'],
    ];

+
+    /**
+     * Establishes the components -> action logs -> uploads relationship
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since [v6.1.13]
+     * @return \Illuminate\Database\Eloquent\Relations\Relation
+     */
+    public function uploads()
+    {
+        return $this->hasMany(\App\Models\Actionlog::class, 'item_id')
+            ->where('item_type', '=', self::class)
+            ->where('action_type', '=', 'uploaded')
+            ->whereNotNull('filename')
+            ->orderBy('created_at', 'desc');
+    }
+
+
    /**
     * Sets the attribute of whether or not the consumable is requestable
     *
@@ -265,12 +284,10 @@ class Consumable extends SnipeModel
     */
    public function getEula()
    {
-        $Parsedown = new \Parsedown();
-
        if ($this->category->eula_text) {
-            return $Parsedown->text(e($this->category->eula_text));
+            return  Helper::parseEscapedMarkedown($this->category->eula_text);
        } elseif ((Setting::getSettings()->default_eula_text) && ($this->category->use_default_eula == '1')) {
-            return $Parsedown->text(e(Setting::getSettings()->default_eula_text));
+            return  Helper::parseEscapedMarkedown(Setting::getSettings()->default_eula_text);
        } else {
            return null;
        }
--- a/app/Models/CustomField.php
+++ b/app/Models/CustomField.php
@@ -48,7 +48,11 @@ class CustomField extends Model
     *
     * @var array
     */
-    protected $rules = [];
+    protected $rules = [
+        'name' => 'required|unique:custom_fields',
+        'element' => 'required|in:text,listbox,textarea,checkbox,radio',
+        'field_encrypted' => 'nullable|boolean',
+    ];

    /**
     * The attributes that are mass assignable.
@@ -64,6 +68,7 @@ class CustomField extends Model
        'help_text',
        'show_in_email',
        'is_unique',
+        'display_in_user_view',
    ];

    /**
@@ -338,7 +343,7 @@ class CustomField extends Model
        $id = $this->id ? $this->id : 'xx';

        if (! function_exists('transliterator_transliterate')) {
-            $long_slug = '_snipeit_'.str_slug(\Patchwork\Utf8::utf8_encode(trim($name)), '_');
+            $long_slug = '_snipeit_'.str_slug(mb_convert_encoding(trim($name),"UTF-8"), '_');
        } else {
            $long_slug = '_snipeit_'.Utf8Slugger::slugify($name, '_');
        }
@@ -356,15 +361,9 @@ class CustomField extends Model
    public function validationRules($regex_format = null)
    {
        return [
-            'name' => 'required|unique:custom_fields',
-            'element' => [
-                'required',
-                Rule::in(['text', 'listbox',  'textarea', 'checkbox', 'radio']),
-            ],
            'format' => [
                Rule::in(array_merge(array_keys(self::PREDEFINED_FORMATS), self::PREDEFINED_FORMATS, [$regex_format])),
-            ],
-            'field_encrypted' => 'nullable|boolean',
+            ]
        ];
    }

--- a/app/Models/Department.php
+++ b/app/Models/Department.php
@@ -29,7 +29,7 @@ class Department extends SnipeModel
    ];

    protected $rules = [
-        'name'                  => 'required|max:255',
+        'name'                  => 'required|max:255|is_unique_department',
        'location_id'           => 'numeric|nullable',
        'company_id'            => 'numeric|nullable',
        'manager_id'            => 'numeric|nullable',
--- a/app/Models/Depreciable.php
+++ b/app/Models/Depreciable.php
@@ -68,21 +68,37 @@ class Depreciable extends SnipeModel
     */
    public function getLinearDepreciatedValue() // TODO - for testing it might be nice to have an optional $relative_to param here, defaulted to 'now'
    {
-        $months_remaining = $this->time_until_depreciated()->m + 12 * $this->time_until_depreciated()->y; //UGlY
-
-        $current_value = round(($months_remaining / $this->get_depreciation()->months) * $this->purchase_cost, 2);
-
-        if($this->get_depreciation()->depreciation_min > $current_value) {
-
-            $current_value=round($this->get_depreciation()->depreciation_min,2);
+        if ($this->purchase_date) {
+            $months_passed = ($this->purchase_date->diff(now())->m)+($this->purchase_date->diff(now())->y*12);
+        } else {
+            return null;
        }
-        if ($current_value < 0) {
-            $current_value = 0;
+
+        if ($months_passed >= $this->get_depreciation()->months){
+            //if there is a floor use it
+            if(!$this->get_depreciation()->depreciation_min == null) {
+
+                $current_value = $this->get_depreciation()->depreciation_min;
+
+            }else{
+                $current_value = 0;
+            }
+        }
+        else {
+            // The equation here is (Purchase_Cost-Floor_min)*(Months_passed/Months_til_depreciated)
+            $current_value = round(($this->purchase_cost-($this->purchase_cost - ($this->get_depreciation()->depreciation_min)) * ($months_passed / $this->get_depreciation()->months)), 2);
+
        }

        return $current_value;
    }

+    public function getMonthlyDepreciation(){
+
+        return ($this->purchase_cost-$this->get_depreciation()->depreciation_min)/$this->get_depreciation()->months;
+
+    }
+
    /**
     * @param onlyHalfFirstYear Boolean always applied only second half of the first year
     * @return float|int
--- a/app/Models/Ldap.php
+++ b/app/Models/Ldap.php
@@ -169,23 +169,29 @@ class Ldap extends Model
    {
        $ldap_username = Setting::getSettings()->ldap_uname;

-        // Lets return some nicer messages for users who donked their app key, and disable LDAP
-        try {
-            $ldap_pass = \Crypt::decrypt(Setting::getSettings()->ldap_pword);
-        } catch (Exception $e) {
-            throw new Exception('Your app key has changed! Could not decrypt LDAP password using your current app key, so LDAP authentication has been disabled. Login with a local account, update the LDAP password and re-enable it in Admin > Settings.');
-        }
-
-        if (! $ldapbind = @ldap_bind($connection, $ldap_username, $ldap_pass)) {
-            throw new Exception('Could not bind to LDAP: '.ldap_error($connection));
-        }
-        // TODO - this just "falls off the end" but the function states that it should return true or false
-        // unfortunately, one of the use cases for this function is wrong and *needs* for that failure mode to fire
-        // so I don't want to fix this right now.
-        // this method MODIFIES STATE on the passed-in $connection and just returns true or false (or, in this case, undefined)
-        // at the next refactor, this should be appropriately modified to be more consistent.
-    }
+		if ( $ldap_username ) {
+			// Lets return some nicer messages for users who donked their app key, and disable LDAP
+			try {
+				$ldap_pass = \Crypt::decrypt(Setting::getSettings()->ldap_pword);
+			} catch (Exception $e) {
+				throw new Exception('Your app key has changed! Could not decrypt LDAP password using your current app key, so LDAP authentication has been disabled. Login with a local account, update the LDAP password and re-enable it in Admin > Settings.');
+			}

+			if (! $ldapbind = @ldap_bind($connection, $ldap_username, $ldap_pass)) {
+				throw new Exception('Could not bind to LDAP: '.ldap_error($connection));
+			}
+			// TODO - this just "falls off the end" but the function states that it should return true or false
+			// unfortunately, one of the use cases for this function is wrong and *needs* for that failure mode to fire
+			// so I don't want to fix this right now.
+			// this method MODIFIES STATE on the passed-in $connection and just returns true or false (or, in this case, undefined)
+			// at the next refactor, this should be appropriately modified to be more consistent.
+		} else {
+			// LDAP should also work with anonymous bind (no dn, no password available)
+			if (! $ldapbind = @ldap_bind($connection )) {
+				throw new Exception('Could not bind to LDAP: '.ldap_error($connection));
+			}
+		}
+	}

    /**
     * Parse and map LDAP attributes based on settings
--- a/app/Models/License.php
+++ b/app/Models/License.php
@@ -2,6 +2,7 @@

 namespace App\Models;

+use App\Helpers\Helper;
 use App\Models\Traits\Searchable;
 use App\Presenters\Presentable;
 use Carbon\Carbon;
@@ -122,12 +123,20 @@ class License extends Depreciable
        static::created(function ($license) {
            $newSeatCount = $license->getAttributes()['seats'];

-            return static::adjustSeatCount($license, $oldSeatCount = 0, $newSeatCount);
+            return static::adjustSeatCount($license, 0, $newSeatCount);
        });
        // However, we listen for updating to be able to prevent the edit if we cannot delete enough seats.
        static::updating(function ($license) {
            $newSeatCount = $license->getAttributes()['seats'];
-            $oldSeatCount = isset($license->getOriginal()['seats']) ? $license->getOriginal()['seats'] : 0;
+            //$oldSeatCount = isset($license->getOriginal()['seats']) ? $license->getOriginal()['seats'] : 0;
+            /*
+               That previous method *did* mostly work, but if you ever managed to get your $license->seats value out of whack
+               with your actual count of license_seats *records*, you would never manage to get back 'into whack'.
+               The below method actually grabs a count of existing license_seats records, so it will be more accurate.
+               This means that if your license_seats are out of whack, you can change the quantity and hit 'save' and it
+               will manage to 'true up' and make your counts line up correctly.
+            */
+            $oldSeatCount = $license->license_seats_count;

            return static::adjustSeatCount($license, $oldSeatCount, $newSeatCount);
        });
@@ -337,12 +346,11 @@ class License extends Depreciable
     */
    public function getEula()
    {
-        $Parsedown = new \Parsedown();

        if ($this->category->eula_text) {
-            return $Parsedown->text(e($this->category->eula_text));
+            return Helper::parseEscapedMarkedown($this->category->eula_text);
        } elseif ($this->category->use_default_eula == '1') {
-            return $Parsedown->text(e(Setting::getSettings()->default_eula_text));
+            return Helper::parseEscapedMarkedown(Setting::getSettings()->default_eula_text);
        } else {
            return false;
        }
--- a/app/Models/Location.php
+++ b/app/Models/Location.php
@@ -90,6 +90,14 @@ class Location extends SnipeModel
      'parent' => ['name'],
    ];

+
+    /**
+     * Determine whether or not this location can be deleted
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since [v3.0]
+     * @return bool
+     */
    public function isDeletable()
    {
        return Gate::allows('delete', $this)
@@ -98,12 +106,25 @@ class Location extends SnipeModel
                && ($this->users()->count() === 0);
    }

+    /**
+     * Establishes the user -> location relationship
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since [v3.0]
+     * @return \Illuminate\Database\Eloquent\Relations\Relation
+     */
    public function users()
    {
        return $this->hasMany(\App\Models\User::class, 'location_id');
    }

-
+    /**
+     * Find assets with this location as their location_id
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since [v3.0]
+     * @return \Illuminate\Database\Eloquent\Relations\Relation
+     */
    public function assets()
    {
        return $this->hasMany(\App\Models\Asset::class, 'location_id')
@@ -114,6 +135,14 @@ class Location extends SnipeModel
            });
    }

+
+    /**
+     * Establishes the  asset -> rtd_location relationship
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since [v3.0]
+     * @return \Illuminate\Database\Eloquent\Relations\Relation
+     */
    public function rtd_assets()
    {
        /* This used to have an ...->orHas() clause that referred to
@@ -123,48 +152,93 @@ class Location extends SnipeModel
           It is arguable that we should have a '...->whereNull('assigned_to')
           bit in there, but that isn't always correct either (in the case
           where a user has no location, for example).
-
-           In all likelyhood, we need to denorm an "effective_location" column
-           into Assets to make this slightly less miserable.
        */
        return $this->hasMany(\App\Models\Asset::class, 'rtd_location_id');
    }

+    /**
+     * Establishes the consumable -> location relationship
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since [v3.0]
+     * @return \Illuminate\Database\Eloquent\Relations\Relation
+     */
    public function consumables()
    {
        return $this->hasMany(\App\Models\Consumable::class, 'location_id');
    }

+    /**
+     * Establishes the component -> location relationship
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since [v3.0]
+     * @return \Illuminate\Database\Eloquent\Relations\Relation
+     */
    public function components()
    {
        return $this->hasMany(\App\Models\Component::class, 'location_id');
    }

+    /**
+     * Establishes the component -> accessory relationship
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since [v3.0]
+     * @return \Illuminate\Database\Eloquent\Relations\Relation
+     */
    public function accessories()
    {
        return $this->hasMany(\App\Models\Accessory::class, 'location_id');
    }

-
-
+    /**
+     * Find the parent of a location
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since [v2.0]
+     * @return \Illuminate\Database\Eloquent\Relations\Relation
+     */
    public function parent()
    {
        return $this->belongsTo(self::class, 'parent_id', 'id')
            ->with('parent');
    }

+
+    /**
+     * Find the manager of a location
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since [v2.0]
+     * @return \Illuminate\Database\Eloquent\Relations\Relation
+     */
    public function manager()
    {
        return $this->belongsTo(\App\Models\User::class, 'manager_id');
    }

+
+    /**
+     * Find children of a location
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since [v2.0]
+     * @return \Illuminate\Database\Eloquent\Relations\Relation
+     */
    public function children()
    {
        return $this->hasMany(self::class, 'parent_id')
            ->with('children');
    }

-    // I don't think we need this anymore since we de-normed location_id in assets?
+    /**
+     * Establishes the asset -> location assignment relationship
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since [v3.0]
+     * @return \Illuminate\Database\Eloquent\Relations\Relation
+     */
    public function assignedAssets()
    {
        return $this->morphMany(\App\Models\Asset::class, 'assigned', 'assigned_type', 'assigned_to')->withTrashed();
--- a/app/Models/Loggable.php
+++ b/app/Models/Loggable.php
@@ -189,7 +189,7 @@ trait Loggable
        $params = [
            'item' => $log->item,
            'filename' => $log->filename,
-            'admin' => $log->user,
+            'admin' => $log->admin,
            'location' => ($location) ? $location->name : '',
            'note' => $note,
        ];
--- a/Show More
+++ b/Show More