Refactor custom fields handling for storage

Signed-off-by: snipe <snipe@snipe.net>

.all-contributorsrc

@@ -3018,6 +3018,124 @@
       "contributions": [
         "code"
       ]
+    },
+    {
+      "login": "koiakoia",
+      "name": "koiakoia",
+      "avatar_url": "https://avatars.githubusercontent.com/u/60405354?v=4",
+      "profile": "https://github.com/koiakoia",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "mustafa-online",
+      "name": "Mustafa Online",
+      "avatar_url": "https://avatars.githubusercontent.com/u/5323832?v=4",
+      "profile": "https://github.com/mustafa-online",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "franceslui",
+      "name": "franceslui",
+      "avatar_url": "https://avatars.githubusercontent.com/u/104601439?v=4",
+      "profile": "https://github.com/franceslui",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Q4kK",
+      "name": "Q4kK",
+      "avatar_url": "https://avatars.githubusercontent.com/u/125313163?v=4",
+      "profile": "https://github.com/Q4kK",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "squintfox",
+      "name": "squintfox",
+      "avatar_url": "https://avatars.githubusercontent.com/u/55590532?v=4",
+      "profile": "https://github.com/squintfox",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "jeffclay",
+      "name": "Jeff Clay",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1380084?v=4",
+      "profile": "https://github.com/jeffclay",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "PP-JN-RL",
+      "name": "Phil J R",
+      "avatar_url": "https://avatars.githubusercontent.com/u/52716446?v=4",
+      "profile": "https://github.com/PP-JN-RL",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "chandanchowdhury",
+      "name": "i_virus",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1496725?v=4",
+      "profile": "https://www.corelight.com/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "gitgrimbo",
+      "name": "Paul Grime",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1020541?v=4",
+      "profile": "https://github.com/gitgrimbo",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "LeePorte",
+      "name": "Lee Porte",
+      "avatar_url": "https://avatars.githubusercontent.com/u/922815?v=4",
+      "profile": "https://leeporte.co.uk",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "bryanlopezinc",
+      "name": "BRYAN ",
+      "avatar_url": "https://avatars.githubusercontent.com/u/23613427?v=4",
+      "profile": "https://github.com/bryanlopezinc",
+      "contributions": [
+        "code",
+        "test"
+      ]
+    },
+    {
+      "login": "U-H-T",
+      "name": "U-H-T",
+      "avatar_url": "https://avatars.githubusercontent.com/u/64061710?v=4",
+      "profile": "https://github.com/U-H-T",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Tyree",
+      "name": "Matt Tyree",
+      "avatar_url": "https://avatars.githubusercontent.com/u/5395363?v=4",
+      "profile": "https://github.com/Tyree",
+      "contributions": [
+        "doc"
+      ]
     }
   ]
 }

.env.dev.docker

@@ -0,0 +1,166 @@
+# --------------------------------------------
+# REQUIRED: DB SETUP
+# --------------------------------------------
+MYSQL_DATABASE=snipeit
+MYSQL_USER=snipeit
+MYSQL_PASSWORD=changeme1234
+MYSQL_ROOT_PASSWORD=changeme1234
+# --------------------------------------------
+# REQUIRED: BASIC APP SETTINGS
+# --------------------------------------------
+APP_ENV=develop
+APP_DEBUG=false
+# please regenerate the APP_KEY value by calling `docker-compose run --rm snipeit bash` and then `php artisan key:generate --show` and then copy paste the value here
+APP_KEY=base64:3ilviXqB9u6DX1NRcyWGJ+sjySF+H18CPDGb3+IVwMQ=
+APP_URL=http://localhost:8000
+APP_TIMEZONE='UTC'
+APP_LOCALE=en
+MAX_RESULTS=500
+
+# --------------------------------------------
+# REQUIRED: UPLOADED FILE STORAGE SETTINGS
+# --------------------------------------------
+PRIVATE_FILESYSTEM_DISK=local
+PUBLIC_FILESYSTEM_DISK=local_public
+
+# --------------------------------------------
+# REQUIRED: DATABASE SETTINGS
+# --------------------------------------------
+DB_CONNECTION=mysql
+DB_HOST=mariadb
+DB_DATABASE=snipeit
+DB_USERNAME=snipeit
+DB_PASSWORD=changeme1234
+DB_PREFIX=null
+DB_DUMP_PATH='/usr/bin'
+DB_CHARSET=utf8mb4
+DB_COLLATION=utf8mb4_unicode_ci
+
+# --------------------------------------------
+# OPTIONAL: SSL DATABASE SETTINGS
+# --------------------------------------------
+DB_SSL=false
+DB_SSL_IS_PAAS=false
+DB_SSL_KEY_PATH=null
+DB_SSL_CERT_PATH=null
+DB_SSL_CA_PATH=null
+DB_SSL_CIPHER=null
+DB_SSL_VERIFY_SERVER=null
+
+# --------------------------------------------
+# REQUIRED: OUTGOING MAIL SERVER SETTINGS
+# --------------------------------------------
+MAIL_DRIVER=smtp
+MAIL_HOST=mailhog
+MAIL_PORT=1025
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+MAIL_FROM_ADDR=you@example.com
+MAIL_FROM_NAME='Snipe-IT'
+MAIL_REPLYTO_ADDR=you@example.com
+MAIL_REPLYTO_NAME='Snipe-IT'
+MAIL_AUTO_EMBED_METHOD='attachment'
+
+# --------------------------------------------
+# REQUIRED: IMAGE LIBRARY
+# This should be gd or imagick
+# --------------------------------------------
+IMAGE_LIB=gd
+
+
+# --------------------------------------------
+# OPTIONAL: BACKUP SETTINGS
+# --------------------------------------------
+MAIL_BACKUP_NOTIFICATION_DRIVER=null
+MAIL_BACKUP_NOTIFICATION_ADDRESS=null
+BACKUP_ENV=true
+
+
+# --------------------------------------------
+# OPTIONAL: SESSION SETTINGS
+# --------------------------------------------
+SESSION_LIFETIME=12000
+EXPIRE_ON_CLOSE=false
+ENCRYPT=false
+COOKIE_NAME=snipeit_session
+COOKIE_DOMAIN=null
+SECURE_COOKIES=false
+API_TOKEN_EXPIRATION_YEARS=40
+
+# --------------------------------------------
+# OPTIONAL: SECURITY HEADER SETTINGS
+# --------------------------------------------
+APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
+ALLOW_IFRAMING=false
+REFERRER_POLICY=same-origin
+ENABLE_CSP=false
+CORS_ALLOWED_ORIGINS=null
+ENABLE_HSTS=false
+
+# --------------------------------------------
+# OPTIONAL: CACHE SETTINGS
+# --------------------------------------------
+CACHE_DRIVER=file
+SESSION_DRIVER=file
+QUEUE_DRIVER=sync
+CACHE_PREFIX=snipeit
+
+# --------------------------------------------
+# OPTIONAL: REDIS SETTINGS
+# --------------------------------------------
+REDIS_HOST=redis
+REDIS_PASSWORD=null
+REDIS_PORT=6379
+
+# --------------------------------------------
+# OPTIONAL: MEMCACHED SETTINGS
+# --------------------------------------------
+MEMCACHED_HOST=null
+MEMCACHED_PORT=null
+
+# --------------------------------------------
+# OPTIONAL: PUBLIC S3 Settings
+# --------------------------------------------
+PUBLIC_AWS_SECRET_ACCESS_KEY=null
+PUBLIC_AWS_ACCESS_KEY_ID=null
+PUBLIC_AWS_DEFAULT_REGION=null
+PUBLIC_AWS_BUCKET=null
+PUBLIC_AWS_URL=null
+PUBLIC_AWS_BUCKET_ROOT=null
+
+# --------------------------------------------
+# OPTIONAL: PRIVATE S3 Settings
+# --------------------------------------------
+PRIVATE_AWS_ACCESS_KEY_ID=null
+PRIVATE_AWS_SECRET_ACCESS_KEY=null
+PRIVATE_AWS_DEFAULT_REGION=null
+PRIVATE_AWS_BUCKET=null
+PRIVATE_AWS_URL=null
+PRIVATE_AWS_BUCKET_ROOT=null
+
+# --------------------------------------------
+# OPTIONAL: AWS Settings
+# --------------------------------------------
+AWS_ACCESS_KEY_ID=null
+AWS_SECRET_ACCESS_KEY=null
+AWS_DEFAULT_REGION=null
+
+# --------------------------------------------
+# OPTIONAL: LOGIN THROTTLING
+# --------------------------------------------
+LOGIN_MAX_ATTEMPTS=5
+LOGIN_LOCKOUT_DURATION=60
+RESET_PASSWORD_LINK_EXPIRES=900
+
+# --------------------------------------------
+# OPTIONAL: MISC
+# --------------------------------------------
+LOG_CHANNEL=stderr
+LOG_MAX_DAYS=10
+APP_LOCKED=false
+APP_CIPHER=AES-256-CBC
+APP_FORCE_TLS=false
+GOOGLE_MAPS_API=
+LDAP_MEM_LIM=500M
+LDAP_TIME_LIM=600

.env.docker

@@ -1,18 +1,18 @@
 # --------------------------------------------
-# REQUIRED: DB SETUP
+# REQUIRED: DOCKER SPECIFIC SETTINGS
 # --------------------------------------------
-MYSQL_DATABASE=snipeit
-MYSQL_USER=snipeit
-MYSQL_PASSWORD=changeme1234
-MYSQL_ROOT_PASSWORD=changeme1234
+APP_VERSION=v6.4.1
+APP_PORT=8000
+
 # --------------------------------------------
 # REQUIRED: BASIC APP SETTINGS
 # --------------------------------------------
-APP_ENV=develop
+APP_ENV=production
 APP_DEBUG=false
-# please regenerate the APP_KEY value by calling `docker-compose run --rm snipeit bash` and then `php artisan key:generate --show` and then copy paste the value here
+# Please regenerate the APP_KEY value by calling `docker compose run --rm snipeit php artisan key:generate --show`. Copy paste the value here
 APP_KEY=base64:3ilviXqB9u6DX1NRcyWGJ+sjySF+H18CPDGb3+IVwMQ=
 APP_URL=http://localhost:8000
+# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier
 APP_TIMEZONE='UTC'
 APP_LOCALE=en
 MAX_RESULTS=500
@@ -27,10 +27,12 @@ PUBLIC_FILESYSTEM_DISK=local_public
 # REQUIRED: DATABASE SETTINGS
 # --------------------------------------------
 DB_CONNECTION=mysql
-DB_HOST=mariadb
+DB_HOST=db
+DB_PORT='3306'
 DB_DATABASE=snipeit
 DB_USERNAME=snipeit
 DB_PASSWORD=changeme1234
+MYSQL_ROOT_PASSWORD=changeme1234
 DB_PREFIX=null
 DB_DUMP_PATH='/usr/bin'
 DB_CHARSET=utf8mb4
@@ -45,29 +47,35 @@ DB_SSL_KEY_PATH=null
 DB_SSL_CERT_PATH=null
 DB_SSL_CA_PATH=null
 DB_SSL_CIPHER=null
+DB_SSL_VERIFY_SERVER=null
 
 # --------------------------------------------
 # REQUIRED: OUTGOING MAIL SERVER SETTINGS
 # --------------------------------------------
-MAIL_DRIVER=smtp
+MAIL_MAILER=smtp
 MAIL_HOST=mailhog
 MAIL_PORT=1025
 MAIL_USERNAME=null
 MAIL_PASSWORD=null
-MAIL_ENCRYPTION=null
+MAIL_TLS_VERIFY_PEER=true
 MAIL_FROM_ADDR=you@example.com
 MAIL_FROM_NAME='Snipe-IT'
 MAIL_REPLYTO_ADDR=you@example.com
 MAIL_REPLYTO_NAME='Snipe-IT'
 MAIL_AUTO_EMBED_METHOD='attachment'
 
+# --------------------------------------------
+# REQUIRED: DATA PROTECTION
+# --------------------------------------------
+ALLOW_BACKUP_DELETE=false
+ALLOW_DATA_PURGE=false
+
 # --------------------------------------------
 # REQUIRED: IMAGE LIBRARY
 # This should be gd or imagick
 # --------------------------------------------
 IMAGE_LIB=gd
 
-
 # --------------------------------------------
 # OPTIONAL: BACKUP SETTINGS
 # --------------------------------------------
@@ -75,7 +83,6 @@ MAIL_BACKUP_NOTIFICATION_DRIVER=null
 MAIL_BACKUP_NOTIFICATION_ADDRESS=null
 BACKUP_ENV=true
 
-
 # --------------------------------------------
 # OPTIONAL: SESSION SETTINGS
 # --------------------------------------------
@@ -90,7 +97,7 @@ API_TOKEN_EXPIRATION_YEARS=40
 # --------------------------------------------
 # OPTIONAL: SECURITY HEADER SETTINGS
 # --------------------------------------------
-APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
+APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1,172.0.0.0/8
 ALLOW_IFRAMING=false
 REFERRER_POLICY=same-origin
 ENABLE_CSP=false
@@ -108,7 +115,7 @@ CACHE_PREFIX=snipeit
 # --------------------------------------------
 # OPTIONAL: REDIS SETTINGS
 # --------------------------------------------
-REDIS_HOST=redis
+REDIS_HOST=null
 REDIS_PASSWORD=null
 REDIS_PORT=6379
 

.env.dusk.example

@@ -36,11 +36,12 @@ DB_SSL_KEY_PATH=null
 DB_SSL_CERT_PATH=null
 DB_SSL_CA_PATH=null
 DB_SSL_CIPHER=null
+DB_SSL_VERIFY_SERVER=null
 
 # --------------------------------------------
 # REQUIRED: OUTGOING MAIL SERVER SETTINGS
 # --------------------------------------------
-MAIL_DRIVER="log"
+MAIL_MAILER="log"
 
 
 # --------------------------------------------

.env.example

@@ -42,21 +42,26 @@ DB_SSL_KEY_PATH=null
 DB_SSL_CERT_PATH=null
 DB_SSL_CA_PATH=null
 DB_SSL_CIPHER=null
+DB_SSL_VERIFY_SERVER=null
 
 # --------------------------------------------
 # REQUIRED: OUTGOING MAIL SERVER SETTINGS
 # --------------------------------------------
-MAIL_DRIVER=smtp
+MAIL_MAILER=smtp
 MAIL_HOST=email-smtp.us-west-2.amazonaws.com
 MAIL_PORT=587
 MAIL_USERNAME=YOURUSERNAME
 MAIL_PASSWORD=YOURPASSWORD
-MAIL_ENCRYPTION=null
 MAIL_FROM_ADDR=you@example.com
 MAIL_FROM_NAME='Snipe-IT'
 MAIL_REPLYTO_ADDR=you@example.com
 MAIL_REPLYTO_NAME='Snipe-IT'
 MAIL_AUTO_EMBED_METHOD='attachment'
+MAIL_TLS_VERIFY_PEER=true
+
+# MAIL_ENCRYPTION is no longer supported. SymfonyMailer will use tls if it's
+# advertised, and won't if it's not. If you want to use your mail server's IP but it's failing
+# because of certificate errors, set MAIL_TLS_VERIFY_PEER-true
 
 # --------------------------------------------
 # REQUIRED: IMAGE LIBRARY
@@ -86,6 +91,7 @@ COOKIE_DOMAIN=null
 SECURE_COOKIES=false
 API_TOKEN_EXPIRATION_YEARS=15
 BS_TABLE_STORAGE=cookieStorage
+BS_TABLE_DEEPLINK=true
 
 # --------------------------------------------
 # OPTIONAL: SECURITY HEADER SETTINGS
@@ -94,6 +100,7 @@ APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
 ALLOW_IFRAMING=false
 REFERRER_POLICY=same-origin
 ENABLE_CSP=false
+ADDITIONAL_CSP_URLS=null
 CORS_ALLOWED_ORIGINS=null
 ENABLE_HSTS=false
 
@@ -190,4 +197,4 @@ ARGON_TIME=2
 # OPTIONAL: SCIM
 # --------------------------------------------
 SCIM_TRACE=false
-SCIM_STANDARDS_COMPLIANCE=false
+SCIM_STANDARDS_COMPLIANCE=false

.env.testing-ci

@@ -22,7 +22,7 @@ DB_PASSWORD=null
 # --------------------------------------------
 # REQUIRED: OUTGOING MAIL SERVER SETTINGS
 # --------------------------------------------
-MAIL_DRIVER=log
+MAIL_MAILER=log
 
 
 # --------------------------------------------

.env.tests

@@ -18,6 +18,6 @@ APP_KEY=base64:tu9NRh/a6+dCXBDGvg0Gv/0TcABnFsbT4AKxrr8mwQo=
 LOGIN_MAX_ATTEMPTS=1000000
 LOGIN_LOCKOUT_DURATION=100000000
 
-MAIL_DRIVER=log
+MAIL_MAILER=log
 MAIL_FROM_ADDR=you@example.com
 MAIL_FROM_NAME=Snipe-IT

.env.unit-tests

@@ -15,6 +15,6 @@ APP_KEY=base64:tu9NRh/a6+dCXBDGvg0Gv/0TcABnFsbT4AKxrr8mwQo=
 LOGIN_MAX_ATTEMPTS=1000000
 LOGIN_LOCKOUT_DURATION=100000000
 
-MAIL_DRIVER=log
+MAIL_MAILER=log
 MAIL_FROM_ADDR=you@example.com
 MAIL_FROM_NAME=Snipe-IT

.github/workflows/codacy-analysis.yml

@@ -36,7 +36,7 @@ jobs:
 
       # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
       - name: Run Codacy Analysis CLI
-        uses: codacy/codacy-analysis-cli-action@v4.4.0
+        uses: codacy/codacy-analysis-cli-action@v4.4.1
         with:
           # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
           # You can also omit the token and run the tools that support default configurations

.github/workflows/crowdin-upload.yml

@@ -12,7 +12,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Crowdin push
-        uses: crowdin/github-action@v1
+        uses: crowdin/github-action@v2
         with:
           upload_sources: true
           upload_translations: false

.github/workflows/docker-alpine.yml

@@ -73,7 +73,7 @@ jobs:
       # https://github.com/docker/build-push-action
       - name: Build and push 'snipe-it' image
         id: docker_build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: ./Dockerfile.alpine

.github/workflows/docker.yml

@@ -73,7 +73,7 @@ jobs:
       # https://github.com/docker/build-push-action
       - name: Build and push 'snipe-it' image
         id: docker_build
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: ./Dockerfile

.github/workflows/tests-mysql.yml

@@ -25,9 +25,9 @@ jobs:
       fail-fast: false
       matrix:
         php-version:
-          - "7.4"
-          - "8.0"
-          - "8.1.1"
+          - "8.1"
+          - "8.2"
+          - "8.3"
 
     name: PHP ${{ matrix.php-version }}
 
@@ -58,11 +58,17 @@ jobs:
       - name: Install Dependencies
         run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
 
-      - name: Generate key
-        run: php artisan key:generate
-
-      - name: Directory Permissions
-        run: chmod -R 777 storage bootstrap/cache
+      - name: Setup Laravel
+        env:
+          DB_CONNECTION: mysql
+          DB_DATABASE: snipeit
+          DB_PORT: ${{ job.services.mysql.ports[3306] }}
+          DB_USERNAME: root
+        run: |
+          php artisan key:generate
+          php artisan migrate --force
+          php artisan passport:install
+          chmod -R 777 storage bootstrap/cache
 
       - name: Execute tests (Unit and Feature tests) via PHPUnit
         env:

.github/workflows/tests-postgres.yml

@@ -0,0 +1,75 @@
+name: Tests in Postgres
+
+on: workflow_dispatch
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+
+    services:
+      postgresql:
+        image: postgres
+        env:
+          POSTGRES_DB: snipeit
+          POSTGRES_USER: snipeit
+          POSTGRES_PASSWORD: password
+        ports:
+          - 5432:5432
+        options: --health-cmd=pg_isready --health-interval=10s --health-timeout=5s --health-retries=3
+
+    strategy:
+      fail-fast: false
+      matrix:
+        php-version:
+          - "8.2"
+
+    name: PHP ${{ matrix.php-version }}
+
+    steps:
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: "${{ matrix.php-version }}"
+          coverage: none
+
+      - uses: actions/checkout@v4
+
+      - name: Get Composer Cache Directory
+        id: composer-cache
+        run: |
+          echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+      - uses: actions/cache@v4
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-${{ matrix.php-version }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-composer-
+
+      - name: Copy .env
+        run: |
+          cp -v .env.testing.example .env
+          cp -v .env.testing.example .env.testing
+
+      - name: Install Dependencies
+        run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
+
+      - name: Setup Laravel
+        env:
+          DB_CONNECTION: pgsql
+          DB_DATABASE: snipeit
+          DB_PORT: ${{ job.services.postgresql.ports[5432] }}
+          DB_USERNAME: snipeit
+          DB_PASSWORD: password
+        run: |
+          php artisan key:generate
+          php artisan migrate --force
+          php artisan passport:install
+          chmod -R 777 storage bootstrap/cache
+
+      - name: Execute tests (Unit and Feature tests) via PHPUnit
+        env:
+          DB_CONNECTION: pgsql
+          DB_DATABASE: snipeit
+          DB_PORT: ${{ job.services.postgresql.ports[5432] }}
+          DB_USERNAME: snipeit
+          DB_PASSWORD: password
+        run: php artisan test --parallel

.github/workflows/tests-sqlite.yml

@@ -49,6 +49,9 @@ jobs:
       - name: Generate key
         run: php artisan key:generate
 
+      - name: Setup Passport
+        run: php artisan passport:keys
+
       - name: Directory Permissions
         run: chmod -R 777 storage bootstrap/cache
 

.nvmrc

@@ -1 +1 @@
-v12.22.1
+v18.16.0

.upgrade_requirements.json

@@ -3,8 +3,8 @@
     "DOC2": "In other words, what you see locally are the requirements for your _current_ install",
     "DOC3": "Please don't rely on these versions for planning upgrades unless you've fetched the most recent version",
     "DOC4": "You should really just ignore it and run upgrade.php. Really",
-    "php_min_version": "7.4.0",
-    "php_max_major_minor": "8.1",
-    "php_max_wontwork": "8.2.0",
-    "current_snipeit_version": "6.3"
+    "php_min_version": "8.1.0",
+    "php_max_major_minor": "8.3",
+    "php_max_wontwork": "8.4.0",
+    "current_snipeit_version": "7.0"
 }

CONTRIBUTORS.md

@@ -432,6 +432,23 @@ Thanks goes to all of these wonderful people ([emoji key](https://github.com/ken
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/bilias"><img src="https://avatars.githubusercontent.com/u/47315739?v=4?s=110" width="110px;" alt="bilias"/><br /><sub><b>bilias</b></sub></a><br /><a href="https://github.com/snipe/snipe-it/commits?author=bilias" title="Code">💻</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/coach1988"><img src="https://avatars.githubusercontent.com/u/2565989?v=4?s=110" width="110px;" alt="coach1988"/><br /><sub><b>coach1988</b></sub></a><br /><a href="https://github.com/snipe/snipe-it/commits?author=coach1988" title="Code">💻</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/mauro-miatello"><img src="https://avatars.githubusercontent.com/u/11910225?v=4?s=110" width="110px;" alt="MrM"/><br /><sub><b>MrM</b></sub></a><br /><a href="https://github.com/snipe/snipe-it/commits?author=mauro-miatello" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/koiakoia"><img src="https://avatars.githubusercontent.com/u/60405354?v=4?s=110" width="110px;" alt="koiakoia"/><br /><sub><b>koiakoia</b></sub></a><br /><a href="https://github.com/snipe/snipe-it/commits?author=koiakoia" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/mustafa-online"><img src="https://avatars.githubusercontent.com/u/5323832?v=4?s=110" width="110px;" alt="Mustafa Online"/><br /><sub><b>Mustafa Online</b></sub></a><br /><a href="https://github.com/snipe/snipe-it/commits?author=mustafa-online" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/franceslui"><img src="https://avatars.githubusercontent.com/u/104601439?v=4?s=110" width="110px;" alt="franceslui"/><br /><sub><b>franceslui</b></sub></a><br /><a href="https://github.com/snipe/snipe-it/commits?author=franceslui" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/Q4kK"><img src="https://avatars.githubusercontent.com/u/125313163?v=4?s=110" width="110px;" alt="Q4kK"/><br /><sub><b>Q4kK</b></sub></a><br /><a href="https://github.com/snipe/snipe-it/commits?author=Q4kK" title="Code">💻</a></td>
+    </tr>
+    <tr>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/squintfox"><img src="https://avatars.githubusercontent.com/u/55590532?v=4?s=110" width="110px;" alt="squintfox"/><br /><sub><b>squintfox</b></sub></a><br /><a href="https://github.com/snipe/snipe-it/commits?author=squintfox" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/jeffclay"><img src="https://avatars.githubusercontent.com/u/1380084?v=4?s=110" width="110px;" alt="Jeff Clay"/><br /><sub><b>Jeff Clay</b></sub></a><br /><a href="https://github.com/snipe/snipe-it/commits?author=jeffclay" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/PP-JN-RL"><img src="https://avatars.githubusercontent.com/u/52716446?v=4?s=110" width="110px;" alt="Phil J R"/><br /><sub><b>Phil J R</b></sub></a><br /><a href="https://github.com/snipe/snipe-it/commits?author=PP-JN-RL" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://www.corelight.com/"><img src="https://avatars.githubusercontent.com/u/1496725?v=4?s=110" width="110px;" alt="i_virus"/><br /><sub><b>i_virus</b></sub></a><br /><a href="https://github.com/snipe/snipe-it/commits?author=chandanchowdhury" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/gitgrimbo"><img src="https://avatars.githubusercontent.com/u/1020541?v=4?s=110" width="110px;" alt="Paul Grime"/><br /><sub><b>Paul Grime</b></sub></a><br /><a href="https://github.com/snipe/snipe-it/commits?author=gitgrimbo" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://leeporte.co.uk"><img src="https://avatars.githubusercontent.com/u/922815?v=4?s=110" width="110px;" alt="Lee Porte"/><br /><sub><b>Lee Porte</b></sub></a><br /><a href="https://github.com/snipe/snipe-it/commits?author=LeePorte" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/bryanlopezinc"><img src="https://avatars.githubusercontent.com/u/23613427?v=4?s=110" width="110px;" alt="BRYAN "/><br /><sub><b>BRYAN </b></sub></a><br /><a href="https://github.com/snipe/snipe-it/commits?author=bryanlopezinc" title="Code">💻</a> <a href="https://github.com/snipe/snipe-it/commits?author=bryanlopezinc" title="Tests">⚠️</a></td>
+    </tr>
+    <tr>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/U-H-T"><img src="https://avatars.githubusercontent.com/u/64061710?v=4?s=110" width="110px;" alt="U-H-T"/><br /><sub><b>U-H-T</b></sub></a><br /><a href="https://github.com/snipe/snipe-it/commits?author=U-H-T" title="Code">💻</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/Tyree"><img src="https://avatars.githubusercontent.com/u/5395363?v=4?s=110" width="110px;" alt="Matt Tyree"/><br /><sub><b>Matt Tyree</b></sub></a><br /><a href="https://github.com/snipe/snipe-it/commits?author=Tyree" title="Documentation">📖</a></td>
     </tr>
   </tbody>
 </table>

Dockerfile

@@ -105,7 +105,7 @@ RUN \
       && ln -fs "/var/lib/snipeit/keys/ldap_client_tls.cert" "/var/www/html/storage/ldap_client_tls.cert" \
       && ln -fs "/var/lib/snipeit/keys/ldap_client_tls.key" "/var/www/html/storage/ldap_client_tls.key" \
       && chown docker "/var/lib/snipeit/keys/" \
-      && chown -h docker "/var/www/html/storage/" \
+      && chown -Rh docker "/var/www/html/storage/" \
       && chmod +x /var/www/html/artisan \
       && echo "Finished setting up application in /var/www/html"
 

README.md

@@ -1,17 +1,18 @@
 ![snipe-it-by-grok](https://github.com/snipe/snipe-it/assets/197404/b515673b-c7c8-4d9a-80f5-9fa58829a602)
 
-[![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeitapp.svg?style=social)](https://twitter.com/snipeitapp) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://www.codacy.com/app/snipe/snipe-it?utm_source=github.com&utm_medium=referral&utm_content=snipe/snipe-it&utm_campaign=Badge_Grade) [![Tests](https://github.com/snipe/snipe-it/actions/workflows/tests.yml/badge.svg)](https://github.com/snipe/snipe-it/actions/workflows/tests.yml)
+[![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeitapp.svg?style=social)](https://twitter.com/snipeitapp) [![Codacy Badge](https://app.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://app.codacy.com/gh/snipe/snipe-it/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade) [![Tests](https://github.com/snipe/snipe-it/actions/workflows/tests.yml/badge.svg)](https://github.com/snipe/snipe-it/actions/workflows/tests.yml)
 [![All Contributors](https://img.shields.io/badge/all_contributors-331-orange.svg?style=flat-square)](#contributing) [![Discord](https://badgen.net/badge/icon/discord?icon=discord&label)](https://discord.gg/yZFtShAcKk)
 
 ## Snipe-IT - Open Source Asset Management System
 
 This is a FOSS project for asset management in IT Operations. Knowing who has which laptop, when it was purchased in order to depreciate it correctly, handling software licenses, etc.
 
-It is built on [Laravel 8](http://laravel.com).
+It is built on [Laravel 10](http://laravel.com).
 
 Snipe-IT is actively developed and we [release quite frequently](https://github.com/snipe/snipe-it/releases). ([Check out the live demo here](https://snipeitapp.com/demo/).)
 
-__This is web-based software__. This means there is no executable file (aka no .exe files), and it must be run on a web server and accessed through a web browser. It runs on any Mac OSX, flavor of Linux, as well as Windows, and we have a [Docker image](https://snipe-it.readme.io/docs/docker) available if that's what you're into.
+> [!TIP]
+> __This is web-based software__. This means there is no executable file (aka no .exe files), and it must be run on a web server and accessed through a web browser. It runs on any Mac OSX, any flavor of Linux, as well as Windows, and we have a [Docker image](https://snipe-it.readme.io/docs/docker) available if that's what you're into.
 
 -----
 
@@ -21,7 +22,7 @@ For instructions on installing and configuring Snipe-IT on your server, check ou
 
 If you're having trouble with the installation, please check the [Common Issues](https://snipe-it.readme.io/docs/common-issues) and [Getting Help](https://snipe-it.readme.io/docs/getting-help) documentation, and search this repository's open *and* closed issues for help.
 
-[![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy)
+<!-- [![Deploy](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy) -->
 
 -----
 ### User's Manual
@@ -32,8 +33,9 @@ For help using Snipe-IT, check out the [user's manual](https://snipe-it.readme.i
 
 Feel free to check out the [GitHub Issues for this project](https://github.com/snipe/snipe-it/issues) to open a bug report or see what open issues you can help with. Please search through existing issues (open *and* closed) to see if your question has already been answered before opening a new issue.
 
-**PLEASE see the [Getting Help Guidelines](https://snipe-it.readme.io/docs/getting-help) and [Common Issues](https://snipe-it.readme.io/docs/common-issues) before opening a ticket, and be sure to complete all of the questions in the Github Issue template to help us to help you as quickly as possible.**
-
+> [!IMPORTANT]  
+> **PLEASE see the [Getting Help Guidelines](https://snipe-it.readme.io/docs/getting-help) and [Common Issues](https://snipe-it.readme.io/docs/common-issues) before opening a ticket, and be sure to complete all of the questions in the Github Issue template to help us to help you as quickly as possible.**
+> 
 -----
 
 ### Upgrading
@@ -57,6 +59,9 @@ Please see the [translations documentation](https://snipe-it.readme.io/docs/tran
 
 Since the release of the JSON REST API, several third-party developers have been developing modules and libraries to work with Snipe-IT.  
 
+> [!NOTE]  
+> As these were created by third-parties, Snipe-IT cannot provide support for these project, and you should contact the developers directly if you need assistance. Additionally, Snipe-IT makes no guarantees as to the reliability, accuracy or maintainability of these libraries. Use at your own risk. :)
+
 - [Python Module](https://github.com/jbloomer/SnipeIT-PythonAPI) by [@jbloomer](https://github.com/jbloomer)
 - [SnipeSharp - .NET module in C#](https://github.com/barrycarey/SnipeSharp) by [@barrycarey](https://github.com/barrycarey)
 - [InQRy -unmaintained-](https://github.com/Microsoft/InQRy) by [@Microsoft](https://github.com/Microsoft)
@@ -73,8 +78,6 @@ Since the release of the JSON REST API, several third-party developers have been
 - [UniFi to Snipe-IT](https://github.com/RodneyLeeBrands/UnifiSnipeSync) by [@karpadiem](https://github.com/karpadiem) - Python script that synchronizes UniFi devices with Snipe-IT.
 - [Kandji2Snipe](https://github.com/grokability/kandji2snipe) by [@briangoldstein](https://github.com/briangoldstein) - Python script that synchronizes Kandji with Snipe-IT.
 - [SnipeAgent](https://github.com/ReticentRobot/SnipeAgent) by @ReticentRobot - Windows agent for Snipe-IT
-                                                     
-As these were created by third-parties, Snipe-IT cannot provide support for these project, and you should contact the developers directly if you need assistance. Additionally, Snipe-IT makes no guarantees as to the reliability, accuracy or maintainability of these libraries. Use at your own risk. :)
 
 -----
 
@@ -92,4 +95,5 @@ The ERD is available [online here](https://drawsql.app/templates/snipe-it).
 
 ### Security
 
-To report a security vulnerability, please email security@snipeitapp.com instead of using the issue tracker. 
+> [!IMPORTANT]
+> **To report a security vulnerability, please email security@snipeitapp.com instead of using the issue tracker.**

app.json

@@ -38,7 +38,7 @@
         "description": "The maximum number of search results that can be returned at one time.",
         "value": "500"
       },
-      "MAIL_DRIVER": {
+      "MAIL_MAILER": {
         "description": "Mail driver - Generally SMTP on Heroku - https://snipe-it.readme.io/docs/configuration#required-outgoing-mail-settings",
         "value": "smtp"
       },
@@ -58,9 +58,9 @@
         "description": "SMTP Server Password",
         "value": "YOURPASSWORD"
       },
-      "MAIL_ENCRYPTION": {
-        "description": "Encryption protocol for email sending.",
-        "value": "null"
+      "MAIL_TLS_VERIFY_PEER": {
+        "description": "Ensure validity of TLS certificate on remote mail server",
+        "value": true
       },
       "MAIL_FROM_ADDR": {
         "description": "Email from address",

app/Console/Commands/GeneratePersonalAccessToken.php

@@ -7,7 +7,7 @@ use Illuminate\Console\Command;
 use App\Models\User;
 use Laravel\Passport\TokenRepository;
 use Illuminate\Contracts\Validation\Factory as ValidationFactory;
-use DB;
+use Illuminate\Support\Facades\DB;
 
 class GeneratePersonalAccessToken extends Command
 {

app/Console/Commands/LdapSync.php

@@ -9,7 +9,7 @@ use App\Models\Setting;
 use App\Models\Ldap;
 use App\Models\User;
 use App\Models\Location;
-use Log;
+use Illuminate\Support\Facades\Log;
 
 class LdapSync extends Command
 {
@@ -298,7 +298,7 @@ class LdapSync extends Command
                         try {
                             $ldap_manager = Ldap::findLdapUsers($item['manager'], -1, $this->option('filter'));
                         } catch (\Exception $e) {
-                            \Log::warning("Manager lookup caused an exception: " . $e->getMessage() . ". Falling back to direct username lookup");
+                            Log::warning("Manager lookup caused an exception: " . $e->getMessage() . ". Falling back to direct username lookup");
                             // Hail-mary for Okta manager 'shortnames' - will only work if
                             // Okta configuration is using full email-address-style usernames
                             $ldap_manager = [
@@ -390,7 +390,7 @@ class LdapSync extends Command
                         $user->location_id = $location->id;
                     }
                 }
-
+                $location = null;
                 $user->ldap_import = 1;
 
                 $errors = '';

app/Console/Commands/LdapTroubleshooter.php

@@ -5,7 +5,7 @@ namespace App\Console\Commands;
 use Illuminate\Console\Command;
 use App\Models\Setting;
 use Exception;
-use Crypt;
+use Illuminate\Support\Facades\Crypt;
 
 /**
  * Check if a given ip is in a network
@@ -160,7 +160,7 @@ class LdapTroubleshooter extends Command
             $output[] = "-x";
             $output[] = "-b ".escapeshellarg($settings->ldap_basedn);
             $output[] = "-D ".escapeshellarg($settings->ldap_uname);
-            $output[] = "-w ".escapeshellarg(\Crypt::Decrypt($settings->ldap_pword));
+            $output[] = "-w ".escapeshellarg(Crypt::Decrypt($settings->ldap_pword));
             $output[] = escapeshellarg(parenthesized_filter($settings->ldap_filter));
             if($settings->ldap_tls) {
                 $this->line("# adding STARTTLS option");

app/Console/Commands/MergeUsersByUsername.php

@@ -2,6 +2,7 @@
 
 namespace App\Console\Commands;
 
+use App\Events\UserMerged;
 use App\Models\User;
 use Carbon\Carbon;
 use Illuminate\Console\Command;
@@ -51,7 +52,7 @@ class MergeUsersByUsername extends Command
 
             $bad_users = User::where('username', '=', trim($parts[0]))
                 ->whereNull('deleted_at')
-                ->with('assets', 'manager', 'userlog', 'licenses', 'consumables', 'accessories', 'managedLocations')
+                ->with('assets', 'manager', 'userlog', 'licenses', 'consumables', 'accessories', 'managedLocations','uploads', 'acceptances')
                 ->get();
 
 
@@ -105,10 +106,26 @@ class MergeUsersByUsername extends Command
                     $managedLocation->save();
                 }
 
+                foreach ($bad_user->uploads as $upload) {
+                    $this->info('Updating upload log record '.$upload->id.' to user '.$user->id);
+                    $upload->item_id = $user->id;
+                    $upload->save();
+                }
+
+                foreach ($bad_user->acceptances as $acceptance) {
+                    $this->info('Updating acceptance log record '.$acceptance->id.' to user '.$user->id);
+                    $acceptance->item_id = $user->id;
+                    $acceptance->save();
+                }
+
                 // Mark the user as deleted
                 $this->info('Marking the user as deleted');
                 $bad_user->deleted_at = Carbon::now()->timestamp;
                 $bad_user->save();
+
+                event(new UserMerged($bad_user, $user, null));
+
+
             }
         }
     }

app/Console/Commands/MoveUploadsToNewDisk.php

@@ -4,6 +4,7 @@ namespace App\Console\Commands;
 
 use Illuminate\Console\Command;
 use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Facades\Log;
 
 class MoveUploadsToNewDisk extends Command
 {
@@ -74,7 +75,7 @@ class MoveUploadsToNewDisk extends Command
                     $new_url = Storage::disk('public')->url('uploads/'.$public_type.'/'.$filename, $filename);
                     $this->info($type_count.'. PUBLIC: '.$filename.' was copied to '.$new_url);
                 } catch (\Exception $e) {
-                    \Log::debug($e);
+                    Log::debug($e);
                     $this->error($e);
                 }
             }
@@ -116,7 +117,7 @@ class MoveUploadsToNewDisk extends Command
                         $new_url = Storage::url($private_type . '/' . $filename, $filename);
                         $this->info($type_count . '. PRIVATE: ' . $filename . ' was copied to ' . $new_url);
                     } catch (\Exception $e) {
-                        \Log::debug($e);
+                        Log::debug($e);
                         $this->error($e);
                     }
                 }
@@ -140,7 +141,7 @@ class MoveUploadsToNewDisk extends Command
                                 unlink($filename);
                                 $public_delete_count++;
                             } catch (\Exception $e) {
-                                \Log::debug($e);
+                                Log::debug($e);
                                 $this->error($e);
                             }
                         }
@@ -153,7 +154,7 @@ class MoveUploadsToNewDisk extends Command
                                 unlink($filename);
                                 $private_delete_count++;
                             } catch (\Exception $e) {
-                                \Log::debug($e);
+                                Log::debug($e);
                                 $this->error($e);
                             }
                         }

app/Console/Commands/ObjectImportCommand.php

@@ -5,6 +5,7 @@ namespace App\Console\Commands;
 use Illuminate\Console\Command;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputOption;
+use Illuminate\Support\Facades\Log;
 
 ini_set('max_execution_time', env('IMPORT_TIME_LIMIT', 600)); //600 seconds = 10 minutes
 ini_set('memory_limit', env('IMPORT_MEMORY_LIMIT', '500M'));
@@ -59,7 +60,7 @@ class ObjectImportCommand extends Command
 
         // This $logFile/useFiles() bit is currently broken, so commenting it out for now
         // $logFile = $this->option('logfile');
-        // \Log::useFiles($logFile);
+        // Log::useFiles($logFile);
         $this->comment('======= Importing Items from '.$filename.' =========');
         $importer->import();
 
@@ -112,10 +113,10 @@ class ObjectImportCommand extends Command
     public function log($string, $level = 'info')
     {
         if ($level === 'warning') {
-            \Log::warning($string);
+            Log::warning($string);
             $this->comment($string);
         } else {
-            \Log::Info($string);
+            Log::Info($string);
             if ($this->option('verbose')) {
                 $this->comment($string);
             }

app/Console/Commands/PaveIt.php

@@ -5,7 +5,7 @@ namespace App\Console\Commands;
 use App\Models\Asset;
 use App\Models\CustomField;
 use Schema;
-use DB;
+use Illuminate\Support\Facades\DB;
 use Illuminate\Console\Command;
 
 class PaveIt extends Command

app/Console/Commands/RecryptFromMcrypt.php

@@ -103,7 +103,7 @@ class RecryptFromMcrypt extends Command
                 $this->comment('INFO: No LDAP password found. Skipping... ');
             } else {
                 $decrypted_ldap_pword = $mcrypter->decrypt($settings->ldap_pword);
-                $settings->ldap_pword = \Crypt::encrypt($decrypted_ldap_pword);
+                $settings->ldap_pword = Crypt::encrypt($decrypted_ldap_pword);
                 $settings->save();
             }
             /** @var CustomField[] $custom_fields */
@@ -132,7 +132,7 @@ class RecryptFromMcrypt extends Command
                         // Try to decrypt the payload using the legacy app key
                         try {
                             $decrypted_field = $mcrypter->decrypt($asset->{$columnName});
-                            $asset->{$columnName} = \Crypt::encrypt($decrypted_field);
+                            $asset->{$columnName} = Crypt::encrypt($decrypted_field);
                             $this->comment($decrypted_field);
                         } catch (\Exception $e) {
                             $errors[] = ' - ERROR: Could not decrypt field ['.$encrypted_field->name.']: '.$e->getMessage();

app/Console/Commands/RegenerateAssetTags.php

@@ -4,7 +4,7 @@ namespace App\Console\Commands;
 
 use App\Models\Asset;
 use App\Models\Setting;
-use Artisan;
+use Illuminate\Support\Facades\Artisan;
 use Illuminate\Console\Command;
 
 class RegenerateAssetTags extends Command

app/Console/Commands/RestoreDeletedUsers.php

@@ -6,8 +6,8 @@ use App\Models\Actionlog;
 use App\Models\Asset;
 use App\Models\License;
 use App\Models\User;
-use Artisan;
-use DB;
+use Illuminate\Support\Facades\Artisan;
+use Illuminate\Support\Facades\DB;
 use Illuminate\Console\Command;
 
 class RestoreDeletedUsers extends Command

app/Console/Commands/RestoreFromBackup.php

@@ -4,6 +4,7 @@ namespace App\Console\Commands;
 
 use Illuminate\Console\Command;
 use ZipArchive;
+use Illuminate\Support\Facades\Log;
 
 class SQLStreamer {
     private $input;
@@ -125,7 +126,7 @@ class SQLStreamer {
         while (($buffer = fgets($this->input, SQLStreamer::$buffer_size)) !== false) {
             $bytes_read += strlen($buffer);
             if ($this->reading_beginning_of_line) {
-                // \Log::debug("Buffer is: '$buffer'");
+                // Log::debug("Buffer is: '$buffer'");
                 $cleaned_buffer = $this->parse_sql($buffer);
                 if ($this->output) {
                     $bytes_written = fwrite($this->output, $cleaned_buffer);
@@ -191,7 +192,7 @@ class RestoreFromBackup extends Command
     {
         $dir = getcwd();
         if( $dir != base_path() ) { // usually only the case when running via webserver, not via command-line
-            \Log::debug("Current working directory is: $dir, changing directory to: ".base_path());
+            Log::debug("Current working directory is: $dir, changing directory to: ".base_path());
             chdir(base_path()); // TODO - is this *safe* to change on a running script?!
         }
         //
@@ -297,7 +298,7 @@ class RestoreFromBackup extends Command
                 continue;
             }
             if (@pathinfo($raw_path, PATHINFO_EXTENSION) == 'sql') {
-                \Log::debug("Found a sql file!");
+                Log::debug("Found a sql file!");
                 $sqlfiles[] = $raw_path;
                 $sqlfile_indices[] = $i;
                 continue;
@@ -413,7 +414,7 @@ class RestoreFromBackup extends Command
                 $bytes_read = 0;
                 while (($buffer = fgets($sql_contents, SQLStreamer::$buffer_size)) !== false) {
                     $bytes_read += strlen($buffer);
-                    // \Log::debug("Buffer is: '$buffer'");
+                    // Log::debug("Buffer is: '$buffer'");
                     $bytes_written = fwrite($pipes[0], $buffer);
 
                     if ($bytes_written === false) {
@@ -425,13 +426,13 @@ class RestoreFromBackup extends Command
                 $bytes_read = $sql_importer->line_aware_piping();
             }
         } catch (\Exception $e) {
-            \Log::error("Error during restore!!!! ".$e->getMessage());
+            Log::error("Error during restore!!!! ".$e->getMessage());
             // FIXME - put these back and/or put them in the right places?!
             $err_out = fgets($pipes[1]);
             $err_err = fgets($pipes[2]);
-            \Log::error("Error OUTPUT: ".$err_out);
+            Log::error("Error OUTPUT: ".$err_out);
             $this->info($err_out);
-            \Log::error("Error ERROR : ".$err_err);
+            Log::error("Error ERROR : ".$err_err);
             $this->error($err_err);
             throw $e;
         }

app/Console/Commands/RotateAppKey.php

@@ -5,7 +5,7 @@ namespace App\Console\Commands;
 use App\Models\Asset;
 use App\Models\CustomField;
 use App\Models\Setting;
-use Artisan;
+use Illuminate\Support\Facades\Artisan;
 use Illuminate\Console\Command;
 use Illuminate\Contracts\Encryption\DecryptException;
 use Illuminate\Encryption\Encrypter;

app/Console/Commands/SendCurrentInventoryToUsers.php

@@ -43,7 +43,7 @@ class SendCurrentInventoryToUsers extends Command
 
         $count = 0;
         foreach ($users as $user) {
-            if (($user->assets->count() > 0) || ($user->accessories->count() > 0) || ($user->licenses->count() > 0)) {
+            if (($user->assets->count() > 0) || ($user->accessories->count() > 0) || ($user->licenses->count() > 0) || ($user->consumables->count() > 0)) {
                 $count++;
                 $user->notify((new CurrentInventory($user)));
             }

app/Console/Commands/SendExpectedCheckinAlerts.php

@@ -9,7 +9,6 @@ use App\Notifications\ExpectedCheckinAdminNotification;
 use App\Notifications\ExpectedCheckinNotification;
 use Carbon\Carbon;
 use Illuminate\Console\Command;
-use Illuminate\Support\Facades\Log;
 
 class SendExpectedCheckinAlerts extends Command
 {
@@ -43,25 +42,31 @@ class SendExpectedCheckinAlerts extends Command
     public function handle()
     {
         $settings = Setting::getSettings();
-        $whenNotify = Carbon::now();
-        $assets = Asset::with('assignedTo')->whereNotNull('assigned_to')->whereNotNull('expected_checkin')->where('expected_checkin', '<=', $whenNotify)->get();
+        $interval = $settings->audit_warning_days ?? 0;
+        $today = Carbon::now();
+        $interval_date = $today->copy()->addDays($interval);
+        
+        $assets = Asset::whereNull('deleted_at')->DueOrOverdueForCheckin($settings)->orderBy('assets.expected_checkin', 'desc')->get();
+
+        $this->info($assets->count().' assets must be checked in on or before '.$interval_date.' is deadline');
 
-        $this->info($whenNotify.' is deadline');
-        $this->info($assets->count().' assets');
 
         foreach ($assets as $asset) {
-            if ($asset->assigned && $asset->checkedOutToUser()) {
-                Log::info('Sending ExpectedCheckinNotification to ' . $asset->assigned->email);
-                $asset->assigned->notify((new ExpectedCheckinNotification($asset)));
+            if ($asset->assignedTo && (isset($asset->assignedTo->email)) && ($asset->assignedTo->email!='') && $asset->checkedOutToUser()) {
+                $this->info('Sending User ExpectedCheckinNotification to: '.$asset->assignedTo->email);
+                $asset->assignedTo->notify((new ExpectedCheckinNotification($asset)));
             }
         }
 
         if (($assets) && ($assets->count() > 0) && ($settings->alert_email != '')) {
             // Send a rollup to the admin, if settings dictate
-            $recipients = collect(explode(',', $settings->alert_email))->map(function ($item, $key) {
+            $recipients = collect(explode(',', $settings->alert_email))->map(function ($item) {
                 return new AlertRecipient($item);
             });
+
+            $this->info('Sending Admin ExpectedCheckinNotification to: '.$settings->alert_email);
             \Notification::send($recipients, new ExpectedCheckinAdminNotification($assets));
+
         }
     }
 }

app/Console/Commands/SendUpcomingAuditReport.php

@@ -3,13 +3,11 @@
 namespace App\Console\Commands;
 
 use App\Models\Asset;
-use App\Models\License;
-use App\Models\Recipients;
+use App\Models\Recipients\AlertRecipient;
 use App\Models\Setting;
-use App\Notifications\ExpiringAssetsNotification;
 use App\Notifications\SendUpcomingAuditNotification;
 use Carbon\Carbon;
-use DB;
+use Illuminate\Support\Facades\DB;
 use Illuminate\Console\Command;
 
 class SendUpcomingAuditReport extends Command
@@ -46,39 +44,24 @@ class SendUpcomingAuditReport extends Command
     public function handle()
     {
         $settings = Setting::getSettings();
+        $interval = $settings->audit_warning_days ?? 0;
+        $today = Carbon::now();
+        $interval_date = $today->copy()->addDays($interval);
 
-        if (($settings->alert_email != '') && ($settings->audit_warning_days) && ($settings->alerts_enabled == 1)) {
+        $assets = Asset::whereNull('deleted_at')->DueOrOverdueForAudit($settings)->orderBy('assets.next_audit_date', 'desc')->get();
+        $this->info($assets->count().' assets must be audited in on or before '.$interval_date.' is deadline');
 
+
+        if (($assets) && ($assets->count() > 0) && ($settings->alert_email != '')) {
             // Send a rollup to the admin, if settings dictate
-            $recipients = collect(explode(',', $settings->alert_email))->map(function ($item, $key) {
-                return new \App\Models\Recipients\AlertRecipient($item);
+            $recipients = collect(explode(',', $settings->alert_email))->map(function ($item) {
+                return new AlertRecipient($item);
             });
 
-            // Assets due for auditing
+            $this->info('Sending Admin SendUpcomingAuditNotification to: '.$settings->alert_email);
+            \Notification::send($recipients, new SendUpcomingAuditNotification($assets, $settings->audit_warning_days));
 
-            $assets = Asset::whereNotNull('next_audit_date')
-                    ->DueOrOverdueForAudit($settings)
-                    ->orderBy('last_audit_date', 'asc')->get();
-
-            if ($assets->count() > 0) {
-                $this->info(trans_choice('mail.upcoming-audits', $assets->count(),
-                    ['count' => $assets->count(), 'threshold' => $settings->audit_warning_days]));
-                \Notification::send($recipients, new SendUpcomingAuditNotification($assets, $settings->audit_warning_days));
-                $this->info('Audit report sent to '.$settings->alert_email);
-            } else {
-                $this->info('No assets to be audited. No report sent.');
-            }
-        } elseif ($settings->alert_email == '') {
-            $this->error('Could not send email. No alert email configured in settings');
-        } elseif (! $settings->audit_warning_days) {
-            $this->error('No audit warning days set in Admin Notifications. No mail will be sent.');
-        } elseif ($settings->alerts_enabled != 1) {
-            $this->info('Alerts are disabled in the settings. No mail will be sent');
-        } else {
-            $this->error('Something went wrong. :( ');
-            $this->error('Admin Notifications Email Setting: '.$settings->alert_email);
-            $this->error('Admin Audit Warning Setting: '.$settings->audit_warning_days);
-            $this->error('Admin Alerts Emnabled: '.$settings->alerts_enabled);
         }
+
     }
 }

app/Console/Commands/SyncAssetCounters.php

@@ -4,6 +4,7 @@ namespace App\Console\Commands;
 
 use App\Models\Asset;
 use Illuminate\Console\Command;
+use Illuminate\Support\Facades\Log;
 
 class SyncAssetCounters extends Command
 {
@@ -58,7 +59,7 @@ class SyncAssetCounters extends Command
                         $asset->save();
                         $bar->advance();
 
-                        \Log::debug('Asset: '.$asset->id.' has '.$asset->checkin_counter.' checkins, '.$asset->checkout_counter.' checkouts, and '.$asset->requests_counter.' requests');
+                        Log::debug('Asset: '.$asset->id.' has '.$asset->checkin_counter.' checkins, '.$asset->checkout_counter.' checkouts, and '.$asset->requests_counter.' requests');
 
                     }
 

app/Events/UserMerged.php

@@ -15,7 +15,7 @@ class UserMerged
      *
      * @return void
      */
-    public function __construct(User $from_user, User $to_user, User $admin)
+    public function __construct(User $from_user, User $to_user, ?User $admin)
     {
         $this->merged_from        = $from_user;
         $this->merged_to      = $to_user;

app/Exceptions/Handler.php

@@ -7,7 +7,7 @@ use App\Helpers\Helper;
 use Illuminate\Validation\ValidationException;
 use Illuminate\Auth\AuthenticationException;
 use ArieTimmerman\Laravel\SCIMServer\Exceptions\SCIMException;
-use Log;
+use Illuminate\Support\Facades\Log;
 use Throwable;
 use JsonException;
 use Carbon\Exceptions\InvalidFormatException;
@@ -44,8 +44,8 @@ class Handler extends ExceptionHandler
     public function report(Throwable $exception)
     {
         if ($this->shouldReport($exception)) {
-            if (class_exists(\Log::class)) {
-                \Log::error($exception);
+            if (class_exists(Log::class)) {
+                Log::error($exception);
             }
             return parent::report($exception);
         }

app/Helpers/Helper.php

@@ -12,10 +12,12 @@ use App\Models\Depreciation;
 use App\Models\Setting;
 use App\Models\Statuslabel;
 use App\Models\License;
-use Crypt;
+use Illuminate\Support\Facades\Crypt;
 use Illuminate\Contracts\Encryption\DecryptException;
-use Image;
 use Carbon\Carbon;
+use Illuminate\Support\Facades\Log;
+use Intervention\Image\ImageManagerStatic as Image;
+use Illuminate\Support\Facades\Session;
 
 class Helper
 {
@@ -412,7 +414,7 @@ class Helper
 
         if ($index >= $total_colors) {
 
-            \Log::info('Status label count is '.$index.' and exceeds the allowed count of 266.');
+            Log::info('Status label count is '.$index.' and exceeds the allowed count of 266.');
             //patch fix for array key overflow (color count starts at 1, array starts at 0)
             $index = $index - $total_colors - 1;
 
@@ -842,7 +844,7 @@ class Helper
         $filetype = @finfo_file($finfo, $file);
         finfo_close($finfo);
 
-        if (($filetype == 'image/jpeg') || ($filetype == 'image/jpg') || ($filetype == 'image/png') || ($filetype == 'image/bmp') || ($filetype == 'image/gif')) {
+        if (($filetype == 'image/jpeg') || ($filetype == 'image/jpg') || ($filetype == 'image/png') || ($filetype == 'image/bmp') || ($filetype == 'image/gif') || ($filetype == 'image/avif')) {
             return $filetype;
         }
 
@@ -875,12 +877,15 @@ class Helper
                 $permission_name = $permission[$x]['permission'];
 
                 if ($permission[$x]['display'] === true) {
-                    if ($selected_arr) {
+
+                    if (is_array($selected_arr)) {
+
                         if (array_key_exists($permission_name, $selected_arr)) {
                             $permissions_arr[$permission_name] = $selected_arr[$permission_name];
                         } else {
                             $permissions_arr[$permission_name] = '0';
                         }
+
                     } else {
                         $permissions_arr[$permission_name] = '0';
                     }
@@ -1012,7 +1017,7 @@ class Helper
 
 
         try {
-            $tmp_date = new \Carbon($date);
+            $tmp_date = new Carbon($date);
 
             if ($type == 'datetime') {
                 $dt['datetime'] = $tmp_date->format('Y-m-d H:i:s');
@@ -1029,7 +1034,7 @@ class Helper
             return $dt['formatted'];
 
         } catch (\Exception $e) {
-            \Log::warning($e);
+            Log::warning($e);
             return $date.' (Invalid '.$type.' value.)';
         }
 
@@ -1106,6 +1111,8 @@ class Helper
             'jpeg'   => 'far fa-image',
             'gif'   => 'far fa-image',
             'png'   => 'far fa-image',
+            'webp'   => 'far fa-image',
+            'avif'   => 'far fa-image',
             // word
             'doc'   => 'far fa-file-word',
             'docx'   => 'far fa-file-word',
@@ -1141,6 +1148,8 @@ class Helper
                 case 'jpeg':
                 case 'gif':
                 case 'png':
+                case 'webp':
+                case 'avif':
                     return true;
                     break;
                 default:
@@ -1338,7 +1347,7 @@ class Helper
     public static function isDemoMode() {
         if (config('app.lock_passwords') === true) {
             return true;
-            \Log::debug('app locked!');
+            Log::debug('app locked!');
         }
         
         return false;
@@ -1431,7 +1440,7 @@ class Helper
 
         foreach (self::$language_map as $legacy => $new) {
             if ($language_code == $legacy) {
-                \Log::debug('Current language is '.$legacy.', using '.$new.' instead');
+                Log::debug('Current language is '.$legacy.', using '.$new.' instead');
                 return $new;
             }
         }
@@ -1455,4 +1464,38 @@ class Helper
         return $new_locale; // better that you have some weird locale that doesn't fit into our mappings anywhere than 'void'
     }
 
+
+    static public function getRedirectOption($request, $id, $table, $asset_id = null)
+    {
+
+        $redirect_option = Session::get('redirect_option');
+        $checkout_to_type = Session::get('checkout_to_type');
+
+        //return to index
+        if ($redirect_option == '0') {
+            switch ($table) {
+                case "Assets":
+                    return redirect()->route('hardware.index')->with('success', trans('admin/hardware/message.checkout.success'));
+            }
+        }
+        //return to thing being assigned
+        if ($redirect_option == '1') {
+            switch ($table) {
+                case "Assets":
+                    return redirect()->route('hardware.show', $id ? $id : $asset_id)->with('success', trans('admin/hardware/message.checkout.success'));
+            }
+        }
+        //return to thing being assigned to
+        if ($redirect_option == '2') {
+            switch ($checkout_to_type) {
+                case 'user':
+                    return redirect()->route('users.show', $request->assigned_user)->with('success', trans('admin/hardware/message.checkout.success'));
+                case 'location':
+                    return redirect()->route('locations.show', $request->assigned_location)->with('success', trans('admin/hardware/message.checkout.success'));
+                case 'asset':
+                    return redirect()->route('hardware.show', $request->assigned_asset)->with('success', trans('admin/hardware/message.checkout.success'));
+            }
+        }
+        return redirect()->back()->with('error', trans('admin/hardware/message.checkout.error'));
+    }
 }

app/Http/Controllers/Accessories/AccessoriesController.php

@@ -11,6 +11,7 @@ use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Storage;
 use Illuminate\Support\Facades\Validator;
 use Redirect;
+use Illuminate\Support\Facades\Log;
 
 /** This controller handles all actions related to Accessories for
  * the Snipe-IT Asset Management application.
@@ -57,7 +58,7 @@ class AccessoriesController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param ImageUploadRequest $request
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function store(ImageUploadRequest $request)
@@ -150,7 +151,7 @@ class AccessoriesController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param ImageUploadRequest $request
      * @param  int $accessoryId
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function update(ImageUploadRequest $request, $accessoryId = null)
@@ -204,7 +205,7 @@ class AccessoriesController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param  int $accessoryId
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function destroy($accessoryId)
@@ -224,7 +225,7 @@ class AccessoriesController extends Controller
             try {
                 Storage::disk('public')->delete('accessories'.'/'.$accessory->image);
             } catch (\Exception $e) {
-                \Log::debug($e);
+                Log::debug($e);
             }
         }
 

app/Http/Controllers/Accessories/AccessoriesFilesController.php

@@ -10,6 +10,7 @@ use App\Models\Accessory;
 use Illuminate\Support\Facades\Response;
 use Illuminate\Support\Facades\Storage;
 use Symfony\Accessory\HttpFoundation\JsonResponse;
+use Illuminate\Support\Facades\Log;
 
 class AccessoriesFilesController extends Controller
 {
@@ -85,7 +86,7 @@ class AccessoriesFilesController extends Controller
                 try {
                     Storage::delete('accessories/'.$log->filename);
                 } catch (\Exception $e) {
-                    \Log::debug($e);
+                    Log::debug($e);
                 }
             }
 
@@ -112,7 +113,7 @@ class AccessoriesFilesController extends Controller
     public function show($accessoryId = null, $fileId = null, $download = true)
     {
 
-        \Log::debug('Private filesystem is: '.config('filesystems.default'));
+        Log::debug('Private filesystem is: '.config('filesystems.default'));
         $accessory = Accessory::find($accessoryId);
 
 
@@ -129,8 +130,8 @@ class AccessoriesFilesController extends Controller
             $file = 'private_uploads/accessories/'.$log->filename;
 
             if (Storage::missing($file)) {
-                \Log::debug('FILE DOES NOT EXISTS for '.$file);
-                \Log::debug('URL should be '.Storage::url($file));
+                Log::debug('FILE DOES NOT EXISTS for '.$file);
+                Log::debug('URL should be '.Storage::url($file));
 
                 return response('File '.$file.' ('.Storage::url($file).') not found on server', 404)
                     ->header('Content-Type', 'text/plain');

app/Http/Controllers/Accessories/AccessoryCheckinController.php

@@ -44,7 +44,7 @@ class AccessoryCheckinController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param null $accessoryUserId
      * @param string $backto
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      * @internal param int $accessoryId
      */

app/Http/Controllers/Accessories/AccessoryCheckoutController.php

@@ -59,7 +59,7 @@ class AccessoryCheckoutController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param Request $request
      * @param  int $accessoryId
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function store(Request $request, $accessoryId)

app/Http/Controllers/Account/AcceptanceController.php

@@ -23,13 +23,13 @@ use App\Notifications\AcceptanceAssetAcceptedNotification;
 use App\Notifications\AcceptanceAssetDeclinedNotification;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Storage;
 use Illuminate\Support\Str;
 use App\Http\Controllers\SettingsController;
 use Barryvdh\DomPDF\Facade\Pdf;
 use Carbon\Carbon;
 use phpDocumentor\Reflection\Types\Compound;
+use Illuminate\Support\Facades\Log;
 
 class AcceptanceController extends Controller
 {
@@ -80,7 +80,7 @@ class AcceptanceController extends Controller
      *
      * @param  Request $request
      * @param  int  $id
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function store(Request $request, $id)
     {
@@ -223,6 +223,7 @@ class AcceptanceController extends Controller
                 'item_model' => $display_model,
                 'item_serial' => $item->serial,
                 'eula' => $item->getEula(),
+                'note' => $request->input('note'),
                 'check_out_date' => Carbon::parse($acceptance->created_at)->format('Y-m-d'),
                 'accepted_date' => Carbon::parse($acceptance->accepted_at)->format('Y-m-d'),
                 'assigned_to' => $assigned_to,
@@ -233,12 +234,12 @@ class AcceptanceController extends Controller
             ];
 
             if ($pdf_view_route!='') {
-                \Log::debug($pdf_filename.' is the filename, and the route was specified.');
+                Log::debug($pdf_filename.' is the filename, and the route was specified.');
                 $pdf = Pdf::loadView($pdf_view_route, $data);
                 Storage::put('private_uploads/eula-pdfs/' .$pdf_filename, $pdf->output());
             }
 
-            $acceptance->accept($sig_filename, $item->getEula(), $pdf_filename);
+            $acceptance->accept($sig_filename, $item->getEula(), $pdf_filename, $request->input('note'));
             $acceptance->notify(new AcceptanceAssetAcceptedNotification($data));
             event(new CheckoutAccepted($acceptance));
 
@@ -306,10 +307,12 @@ class AcceptanceController extends Controller
                     $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
                     break;
             }
+
             $data = [
                 'item_tag' => $item->asset_tag,
                 'item_model' => $display_model,
                 'item_serial' => $item->serial,
+                'note' => $request->input('note'),
                 'declined_date' => Carbon::parse($acceptance->declined_at)->format('Y-m-d'),
                 'signature' => ($sig_filename) ? storage_path() . '/private_uploads/signatures/' . $sig_filename : null,
                 'assigned_to' => $assigned_to,
@@ -318,12 +321,12 @@ class AcceptanceController extends Controller
             ];
 
             if ($pdf_view_route!='') {
-                \Log::debug($pdf_filename.' is the filename, and the route was specified.');
+                Log::debug($pdf_filename.' is the filename, and the route was specified.');
                 $pdf = Pdf::loadView($pdf_view_route, $data);
                 Storage::put('private_uploads/eula-pdfs/' .$pdf_filename, $pdf->output());
             }
 
-            $acceptance->decline($sig_filename);
+            $acceptance->decline($sig_filename, $request->input('note'));
             $acceptance->notify(new AcceptanceAssetDeclinedNotification($data));
             event(new CheckoutDeclined($acceptance));
             $return_msg = trans('admin/users/message.declined');

app/Http/Controllers/ActionlogController.php

@@ -4,8 +4,9 @@ namespace App\Http\Controllers;
 
 use App\Helpers\Helper;
 use App\Models\Actionlog;
-use Response;
-
+use Illuminate\Support\Facades\Response;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\Storage;
 class ActionlogController extends Controller
 {
     public function displaySig($filename)
@@ -14,19 +15,26 @@ class ActionlogController extends Controller
         // file_get_contents, so we set the error reporting for just this class
         error_reporting(0);
 
-        $this->authorize('view', \App\Models\Asset::class);
-        $file = config('app.private_uploads').'/signatures/'.$filename;
-        $filetype = Helper::checkUploadIsImage($file);
+        $disk = config('filesystems.default');
+        switch (config("filesystems.disks.$disk.driver")) {
+            case 's3':
+                $file = 'private_uploads/signatures/'.$filename;
+                return redirect()->away(Storage::disk($disk)->temporaryUrl($file, now()->addMinutes(5)));
+            default:
+                $this->authorize('view', \App\Models\Asset::class);
+                $file = config('app.private_uploads').'/signatures/'.$filename;
+                $filetype = Helper::checkUploadIsImage($file);
 
-        $contents = file_get_contents($file, false, stream_context_create(['http' => ['ignore_errors' => true]]));
-        if ($contents === false) {
-            \Log::warn('File '.$file.' not found');
-            return false;
-        } else {
-            return Response::make($contents)->header('Content-Type', $filetype);
+                $contents = file_get_contents($file, false, stream_context_create(['http' => ['ignore_errors' => true]]));
+                if ($contents === false) {
+                    Log::warning('File '.$file.' not found');
+                    return false;
+                } else {
+                    return Response::make($contents)->header('Content-Type', $filetype);
+                }
         }
-       
     }
+
     public function getStoredEula($filename){
         $this->authorize('view', \App\Models\Asset::class);
         $file = config('app.private_uploads').'/eula-pdfs/'.$filename;

app/Http/Controllers/Api/AccessoriesController.php

@@ -10,9 +10,9 @@ use App\Http\Transformers\SelectlistTransformer;
 use App\Models\Accessory;
 use App\Models\Company;
 use App\Models\User;
-use Auth;
+use Illuminate\Support\Facades\Auth;
 use Carbon\Carbon;
-use DB;
+use Illuminate\Support\Facades\DB;
 use Illuminate\Http\Request;
 use App\Http\Requests\ImageUploadRequest;
 
@@ -274,7 +274,7 @@ class AccessoriesController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param  int  $accessoryId
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function checkout(Request $request, $accessoryId)
     {
@@ -320,7 +320,7 @@ class AccessoriesController extends Controller
      * @param Request $request
      * @param int $accessoryUserId
      * @param string $backto
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @internal param int $accessoryId
      */
     public function checkin(Request $request, $accessoryUserId = null)

app/Http/Controllers/Api/AssetFilesController.php

@@ -0,0 +1,219 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\StorageHelper;
+use Illuminate\Support\Facades\Storage;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Facades\Crypt;
+use Illuminate\Support\Facades\Gate;
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Models\Asset;
+use App\Models\AssetModel;
+use App\Models\Actionlog;
+use \Illuminate\Support\Facades\Auth;
+use Carbon\Carbon;
+use DB;
+use Illuminate\Http\Request;
+use App\Http\Requests\UploadFileRequest;
+use Illuminate\Support\Facades\Log;
+use Input;
+use Paginator;
+use Slack;
+use Str;
+use TCPDF;
+use Validator;
+use Route;
+
+
+/**
+ * This class controls file related actions related
+ * to assets for the Snipe-IT Asset Management application.
+ *
+ * Based on the Assets/AssetFilesController by A. Gianotto <snipe@snipe.net>
+ *
+ * @version    v1.0
+ * @author [T. Scarsbrook] [<snipe@scarzybrook.co.uk>]
+ */
+class AssetFilesController extends Controller
+{
+    /**
+     * Accepts a POST to upload a file to the server.
+     *
+     * @param \App\Http\Requests\UploadFileRequest $request
+     * @param int $assetId
+     * @return \Illuminate\Http\JsonResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     * @since [v6.0]
+     * @author [T. Scarsbrook] [<snipe@scarzybrook.co.uk>]
+     */
+    public function store(UploadFileRequest $request, $assetId = null)
+    {
+        // Start by checking if the asset being acted upon exists
+        if (! $asset = Asset::find($assetId)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 404);
+        }
+
+        // Make sure we are allowed to update this asset
+        $this->authorize('update', $asset);
+
+	if ($request->hasFile('file')) {
+            // If the file storage directory doesn't exist; create it
+            if (! Storage::exists('private_uploads/assets')) {
+                Storage::makeDirectory('private_uploads/assets', 775);
+            }
+
+            // Loop over the attached files and add them to the asset
+            foreach ($request->file('file') as $file) {
+                $file_name = $request->handleFile('private_uploads/assets/','hardware-'.$asset->id, $file);
+                
+                $asset->logUpload($file_name, e($request->get('notes')));
+            }
+
+            // All done - report success
+            return response()->json(Helper::formatStandardApiResponse('success', $asset, trans('admin/hardware/message.upload.success')));
+        }
+
+        // We only reach here if no files were included in the POST, so tell the user this
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.upload.nofiles')), 500);
+    }
+
+    /**
+     * List the files for an asset.
+     *
+     * @param  int $assetId
+     * @return \Illuminate\Http\JsonResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     * @since [v6.0]
+     * @author [T. Scarsbrook] [<snipe@scarzybrook.co.uk>]
+     */
+    public function list($assetId = null)
+    {
+        // Start by checking if the asset being acted upon exists
+        if (! $asset = Asset::find($assetId)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 404);
+        }
+	
+	// the asset is valid
+        if (isset($asset->id)) {
+            $this->authorize('view', $asset);
+
+            // Check that there are some uploads on this asset that can be listed
+            if ($asset->uploads->count() > 0) {
+                $files = array();
+                foreach ($asset->uploads as $upload) {
+                    array_push($files, $upload);
+		}
+                // Give the list of files back to the user
+                return response()->json(Helper::formatStandardApiResponse('success', $files, trans('admin/hardware/message.upload.success')));
+            }
+
+	    // There are no files.
+            return response()->json(Helper::formatStandardApiResponse('success', array(), trans('admin/hardware/message.upload.success')));
+        }
+
+        // Send back an error message
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.download.error')), 500);
+    }
+
+    /**
+     * Check for permissions and display the file.
+     *
+     * @param  int $assetId
+     * @param  int $fileId
+     * @return \Illuminate\Http\JsonResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     * @since [v6.0]
+     * @author [T. Scarsbrook] [<snipe@scarzybrook.co.uk>]
+     */
+    public function show($assetId = null, $fileId = null)
+    {
+        // Start by checking if the asset being acted upon exists
+        if (! $asset = Asset::find($assetId)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 404);
+        }
+
+        // the asset is valid
+        if (isset($asset->id)) {
+            $this->authorize('view', $asset);
+
+            // Check that the file being requested exists for the asset
+            if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $asset->id)->find($fileId)) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.download.no_match', ['id' => $fileId])), 404);
+            }
+
+	    // Form the full filename with path
+            $file = 'private_uploads/assets/'.$log->filename;
+            \Log::debug('Checking for '.$file);
+
+            if ($log->action_type == 'audit') {
+                $file = 'private_uploads/audits/'.$log->filename;
+            }
+
+            // Check the file actually exists on the filesystem
+            if (! Storage::exists($file)) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.download.does_not_exist', ['id' => $fileId])), 404);
+            }
+
+            if (request('inline') == 'true') {
+
+                $headers = [
+                    'Content-Disposition' => 'inline',
+                ];
+
+                return Storage::download($file, $log->filename, $headers);
+            }
+
+            return StorageHelper::downloader($file);
+        }
+
+        // Send back an error message
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.download.error', ['id' => $fileId])), 500);
+    }
+
+    /**
+     * Delete the associated file
+     *
+     * @param  int $assetId
+     * @param  int $fileId
+     * @return \Illuminate\Http\JsonResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     * @since [v6.0]
+     * @author [T. Scarsbrook] [<snipe@scarzybrook.co.uk>]
+     */
+    public function destroy($assetId = null, $fileId = null)
+    {
+        // Start by checking if the asset being acted upon exists
+        if (! $asset = Asset::find($assetId)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 404);
+        }
+
+        $rel_path = 'private_uploads/assets';
+
+        // the asset is valid
+        if (isset($asset->id)) {
+            $this->authorize('update', $asset);
+
+            // Check for the file
+            $log = Actionlog::find($fileId);
+	    if ($log) {
+                // Check the file actually exists, and delete it
+                if (Storage::exists($rel_path.'/'.$log->filename)) {
+                    Storage::delete($rel_path.'/'.$log->filename);
+		}
+		// Delete the record of the file
+                $log->delete();
+
+                // All deleting done - notify the user of success
+                return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/hardware/message.deletefile.success')), 200);
+            }
+
+            // The file doesn't seem to really exist, so report an error
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.deletefile.error')), 500);
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.deletefile.error')), 500);
+    }
+}

app/Http/Controllers/Api/AssetMaintenancesController.php

@@ -8,7 +8,7 @@ use App\Http\Transformers\AssetMaintenancesTransformer;
 use App\Models\Asset;
 use App\Models\AssetMaintenance;
 use App\Models\Company;
-use Auth;
+use Illuminate\Support\Facades\Auth;
 use Carbon\Carbon;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Input;

app/Http/Controllers/Api/AssetModelsController.php

@@ -12,6 +12,7 @@ use App\Models\AssetModel;
 use Illuminate\Http\Request;
 use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Facades\Log;
 
 /**
  * This class controls all actions related to asset models for
@@ -224,7 +225,7 @@ class AssetModelsController extends Controller
             try {
                 Storage::disk('public')->delete('assetmodels/'.$assetmodel->image);
             } catch (\Exception $e) {
-                \Log::info($e);
+                Log::info($e);
             }
         }
 

app/Http/Controllers/Api/AssetsController.php

@@ -27,17 +27,16 @@ use App\Models\Setting;
 use App\Models\User;
 use \Illuminate\Support\Facades\Auth;
 use Carbon\Carbon;
-use DB;
+use Illuminate\Support\Facades\DB;
 use Illuminate\Http\Request;
 use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Log;
-use Input;
 use Paginator;
 use Slack;
 use Str;
 use TCPDF;
 use Validator;
-use Route;
+use Illuminate\Support\Facades\Route;
 
 
 /**
@@ -59,7 +58,7 @@ class AssetsController extends Controller
      * @since [v4.0]
      * @return \Illuminate\Http\JsonResponse
      */
-    public function index(Request $request, $audit = null) 
+    public function index(Request $request, $action = null, $upcoming_status = null)
     {
 
         $filter_non_deprecable_assets = false;
@@ -94,6 +93,7 @@ class AssetsController extends Controller
             'serial',
             'model_number',
             'last_checkout',
+            'last_checkin',
             'notes',
             'expected_checkin',
             'order_number',
@@ -154,17 +154,44 @@ class AssetsController extends Controller
             $assets->TextSearch($request->input('search'));
         }
 
-        // This is used by the audit reporting routes
-        if (Gate::allows('audit', Asset::class)) {
-            switch ($audit) {
-                case 'due':
-                    $assets->DueOrOverdueForAudit($settings);
-                    break;
-                case 'overdue':
-                    $assets->overdueForAudit($settings);
-                    break;
+
+        /**
+         * Handle due and overdue audits and checkin dates
+         */
+        switch ($action) {
+            case 'audits':
+
+                switch ($upcoming_status) {
+                    case 'due':
+                        $assets->DueForAudit($settings);
+                        break;
+                    case 'overdue':
+                        $assets->OverdueForAudit();
+                        break;
+                    case 'due-or-overdue':
+                        $assets->DueOrOverdueForAudit($settings);
+                        break;
+                }
+                break;
+
+            case 'checkins':
+                switch ($upcoming_status) {
+                    case 'due':
+                        $assets->DueForCheckin($settings);
+                        break;
+                    case 'overdue':
+                        $assets->OverdueForCheckin();
+                        break;
+                    case 'due-or-overdue':
+                        $assets->DueOrOverdueForCheckin($settings);
+                        break;
+                }
+                break;
             }
-        }
+
+        /**
+         * End handling due and overdue audits and checkin dates
+         */
 
 
         // This is used by the sidenav, mostly
@@ -558,44 +585,8 @@ class AssetsController extends Controller
         }     
 
         $asset = $request->handleImages($asset);
+        $asset = $asset->handleCustomFieldsForStoring($request);
 
-        // Update custom fields in the database.
-        $model = AssetModel::find($request->input('model_id'));
-
-        // Check that it's an object and not a collection
-        // (Sometimes people send arrays here and they shouldn't
-        if (($model) && ($model instanceof AssetModel) && ($model->fieldset)) {
-            foreach ($model->fieldset->fields as $field) {
-
-                // Set the field value based on what was sent in the request
-                $field_val = $request->input($field->db_column, null);
-
-                // If input value is null, use custom field's default value
-                if ($field_val == null) {
-                    Log::debug('Field value for '.$field->db_column.' is null');
-                    $field_val = $field->defaultValue($request->get('model_id'));
-                    Log::debug('Use the default fieldset value of '.$field->defaultValue($request->get('model_id')));
-                }
-
-                // if the field is set to encrypted, make sure we encrypt the value
-                if ($field->field_encrypted == '1') {
-                    Log::debug('This model field is encrypted in this fieldset.');
-
-                    if (Gate::allows('admin')) {
-
-                        // If input value is null, use custom field's default value
-                        if (($field_val == null) && ($request->has('model_id') != '')) {
-                            $field_val = Crypt::encrypt($field->defaultValue($request->get('model_id')));
-                        } else {
-                            $field_val = Crypt::encrypt($request->input($field->db_column));
-                        }
-                    }
-                }
-
-
-                $asset->{$field->db_column} = $field_val;
-            }
-        }
 
         if ($asset->save()) {
             if ($request->get('assigned_user')) {
@@ -614,6 +605,8 @@ class AssetsController extends Controller
             }
 
             return response()->json(Helper::formatStandardApiResponse('success', $asset, trans('admin/hardware/message.create.success')));
+
+            return response()->json(Helper::formatStandardApiResponse('success', (new AssetsTransformer)->transformAsset($asset), trans('admin/hardware/message.create.success')));
         }
 
         return response()->json(Helper::formatStandardApiResponse('error', null, $asset->getErrors()), 200);
@@ -654,22 +647,7 @@ class AssetsController extends Controller
             }     
 
             $asset = $request->handleImages($asset);
-            $model = AssetModel::find($asset->model_id);
-            
-            // Update custom fields
-            if (($model) && (isset($model->fieldset))) {
-                foreach ($model->fieldset->fields as $field) {
-                    if ($request->has($field->db_column)) {
-                        if ($field->field_encrypted == '1') {
-                            if (Gate::allows('admin')) {
-                                $asset->{$field->db_column} = \Crypt::encrypt($request->input($field->db_column));
-                            }
-                        } else {
-                            $asset->{$field->db_column} = $request->input($field->db_column);
-                        }
-                    }
-                }
-            }
+            $asset = $asset->handleCustomFieldsForStoring($request);
 
 
             if ($asset->save()) {
@@ -692,7 +670,11 @@ class AssetsController extends Controller
                     $asset->image = $asset->getImageUrl();
                 }
 
-                return response()->json(Helper::formatStandardApiResponse('success', $asset, trans('admin/hardware/message.update.success')));
+                if ($problems_updating_encrypted_custom_fields) {
+                    return response()->json(Helper::formatStandardApiResponse('success', $asset, trans('admin/hardware/message.update.encrypted_warning')));
+                } else {
+                    return response()->json(Helper::formatStandardApiResponse('success', $asset, trans('admin/hardware/message.update.success')));
+                }
             }
 
             return response()->json(Helper::formatStandardApiResponse('error', null, $asset->getErrors()), 200);
@@ -802,7 +784,6 @@ class AssetsController extends Controller
             'asset_tag' => $asset->asset_tag,
         ];
 
-
         // This item is checked out to a location
         if (request('checkout_to_type') == 'location') {
             $target = Location::find(request('assigned_location'));
@@ -829,13 +810,10 @@ class AssetsController extends Controller
             $asset->status_id = $request->get('status_id');
         }
 
-
         if (! isset($target)) {
             return response()->json(Helper::formatStandardApiResponse('error', $error_payload, 'Checkout target for asset '.e($asset->asset_tag).' is invalid - '.$error_payload['target_type'].' does not exist.'));
         }
 
-
-
         $checkout_at = request('checkout_at', date('Y-m-d H:i:s'));
         $expected_checkin = request('expected_checkin', null);
         $note = request('note', null);
@@ -851,8 +829,6 @@ class AssetsController extends Controller
 //            $asset->location_id = $target->rtd_location_id;
 //        }
 
-
-
         if ($asset->checkOut($target, Auth::user(), $checkout_at, $expected_checkin, $note, $asset_name, $asset->location_id)) {
             return response()->json(Helper::formatStandardApiResponse('success', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkout.success')));
         }
@@ -983,25 +959,39 @@ class AssetsController extends Controller
 
     {
         $this->authorize('audit', Asset::class);
-        $rules = [
-            'asset_tag' => 'required',
-            'location_id' => 'exists:locations,id|nullable|numeric',
-            'next_audit_date' => 'date|nullable',
-        ];
-
-        $validator = Validator::make($request->all(), $rules);
-        if ($validator->fails()) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, $validator->errors()->all()));
-        }
 
         $settings = Setting::getSettings();
         $dt = Carbon::now()->addMonths($settings->audit_interval)->toDateString();
 
+        // No tag passed - return an error
+        if (!$request->filled('asset_tag')) {
+            return response()->json(Helper::formatStandardApiResponse('error', [
+                'asset_tag'=> '',
+                'error'=> trans('admin/hardware/message.no_tag'),
+            ], trans('admin/hardware/message.no_tag')), 200);
+        }
+
+
         $asset = Asset::where('asset_tag', '=', $request->input('asset_tag'))->first();
 
 
         if ($asset) {
-            // We don't want to log this as a normal update, so let's bypass that
+
+            /**
+             * Even though we do a save() further down, we don't want to log this as a "normal" asset update,
+             * which would trigger the Asset Observer and would log an asset *update* log entry (because the
+             * de-normed fields like next_audit_date on the asset itself will change on save()) *in addition* to
+             * the audit log entry we're creating through this controller.
+             *
+             * To prevent this double-logging (one for update and one for audit), we skip the observer and bypass
+             * that de-normed update log entry by using unsetEventDispatcher(), BUT invoking unsetEventDispatcher()
+             * will bypass normal model-level validation that's usually handled at the observer )
+             *
+             * We handle validation on the save() by checking if the asset is valid via the ->isValid() method,
+             * which manually invokes Watson Validating to make sure the asset's model is valid.
+             *
+             * @see \App\Observers\AssetObserver::updating()
+             */
             $asset->unsetEventDispatcher();
             $asset->next_audit_date = $dt;
 
@@ -1017,8 +1007,12 @@ class AssetsController extends Controller
 
             $asset->last_audit_date = date('Y-m-d H:i:s');
 
-            if ($asset->save()) {
-                $log = $asset->logAudit(request('note'), request('location_id'));
+            /**
+             * Invoke Watson Validating to check the asset itself and check to make sure it saved correctly.
+             * We have to invoke this manually because of the unsetEventDispatcher() above.)
+             */
+            if ($asset->isValid() && $asset->save()) {
+                $asset->logAudit(request('note'), request('location_id'));
 
                 return response()->json(Helper::formatStandardApiResponse('success', [
                     'asset_tag'=> e($asset->asset_tag),
@@ -1026,9 +1020,23 @@ class AssetsController extends Controller
                     'next_audit_date' => Helper::getFormattedDateObject($asset->next_audit_date),
                 ], trans('admin/hardware/message.audit.success')));
             }
+
+            // Asset failed validation or was not able to be saved
+            return response()->json(Helper::formatStandardApiResponse('error', [
+                'asset_tag'=> e($asset->asset_tag),
+                'error'=> $asset->getErrors()->first(),
+            ], trans('admin/hardware/message.audit.error', ['error' => $asset->getErrors()->first()])), 200);
+
         }
 
-        return response()->json(Helper::formatStandardApiResponse('error', ['asset_tag'=> e($request->input('asset_tag'))], 'Asset with tag '.e($request->input('asset_tag')).' not found'));
+
+        // No matching asset for the asset tag that was passed.
+        return response()->json(Helper::formatStandardApiResponse('error', [
+            'asset_tag'=> e($request->input('asset_tag')),
+            'error'=> trans('admin/hardware/message.audit.error'),
+        ], trans('admin/hardware/message.audit.error', ['error' => trans('admin/hardware/message.does_not_exist')])), 200);
+
+
     }
 
 
@@ -1062,8 +1070,7 @@ class AssetsController extends Controller
 
         $assets = Asset::select('assets.*')
             ->with('location', 'assetstatus', 'assetlog', 'company','assignedTo',
-                'model.category', 'model.manufacturer', 'model.fieldset', 'supplier', 'requests')
-            ->requestableAssets();
+                'model.category', 'model.manufacturer', 'model.fieldset', 'supplier', 'requests');
 
 
 
@@ -1071,7 +1078,7 @@ class AssetsController extends Controller
         if ($request->filled('search')) {
             $assets->TextSearch($request->input('search'));
         }
-
+        
         // Search custom fields by column name
         foreach ($all_custom_fields as $field) {
             if ($request->filled($field->db_column_name())) {
@@ -1101,6 +1108,7 @@ class AssetsController extends Controller
                 break;
         }
 
+        $assets->requestableAssets();
 
         // Make sure the offset and limit are actually integers and do not exceed system limits
         $offset = ($request->input('offset') > $assets->count()) ? $assets->count() : app('api_offset_value');

app/Http/Controllers/Api/ComponentsController.php

@@ -14,6 +14,7 @@ use App\Events\ComponentCheckedIn;
 use App\Models\Asset;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Database\Query\Builder;
+use Illuminate\Support\Facades\Log;
 
 class ComponentsController extends Controller
 {
@@ -331,7 +332,7 @@ class ComponentsController extends Controller
             // actually checked out.
             $component_assets->assigned_qty = $qty_remaining_in_checkout;
 
-            \Log::debug($component_asset_id.' - '.$qty_remaining_in_checkout.' remaining in record '.$component_assets->id);
+            Log::debug($component_asset_id.' - '.$qty_remaining_in_checkout.' remaining in record '.$component_assets->id);
             
             \DB::table('components_assets')->where('id',
                 $component_asset_id)->update(['assigned_qty' => $qty_remaining_in_checkout]);

app/Http/Controllers/Api/ConsumablesController.php

@@ -13,6 +13,7 @@ use App\Models\User;
 use Illuminate\Http\Request;
 use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Log;
 
 class ConsumablesController extends Controller
 {
@@ -277,7 +278,7 @@ class ConsumablesController extends Controller
         if (!$user = User::find($request->input('assigned_to'))) {
             // Return error message
             return response()->json(Helper::formatStandardApiResponse('error', null, 'No user found'));
-            \Log::debug('No valid user');
+            Log::debug('No valid user');
         }
 
         // Update the consumable data

app/Http/Controllers/Api/CustomFieldsController.php

@@ -179,7 +179,7 @@ class CustomFieldsController extends Controller
      *
      * @author [Brady Wetherington] [<uberbrady@gmail.com>]
      * @since [v1.8]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function destroy($field_id)
     {

app/Http/Controllers/Api/CustomFieldsetsController.php

@@ -118,7 +118,7 @@ class CustomFieldsetsController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function destroy($id)
     {

app/Http/Controllers/Api/DepartmentsController.php

@@ -8,7 +8,7 @@ use App\Http\Transformers\DepartmentsTransformer;
 use App\Http\Transformers\SelectlistTransformer;
 use App\Models\Company;
 use App\Models\Department;
-use Auth;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Http\Request;
 use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;

app/Http/Controllers/Api/GroupsController.php

@@ -7,7 +7,7 @@ use App\Http\Controllers\Controller;
 use App\Http\Transformers\GroupsTransformer;
 use App\Models\Group;
 use Illuminate\Http\Request;
-use Auth;
+use Illuminate\Support\Facades\Auth;
 
 
 class GroupsController extends Controller
@@ -62,13 +62,16 @@ class GroupsController extends Controller
     {
         $this->authorize('superadmin');
         $group = new Group;
+        // Get all the available permissions
+        $permissions = config('permissions');
+        $groupPermissions = Helper::selectedPermissionsArray($permissions, $permissions);
 
         $group->name = $request->input('name');
         $group->created_by = Auth::user()->id;
-        $group->permissions = json_encode($request->input('permissions')); // Todo - some JSON validation stuff here
+        $group->permissions = json_encode($request->input('permissions', $groupPermissions));
 
         if ($group->save()) {
-            return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.create.success')));
+            return response()->json(Helper::formatStandardApiResponse('success', (new GroupsTransformer)->transformGroup($group), trans('admin/groups/message.success.create')));
         }
 
         return response()->json(Helper::formatStandardApiResponse('error', null, $group->getErrors()));
@@ -86,7 +89,6 @@ class GroupsController extends Controller
     {
         $this->authorize('superadmin');
         $group = Group::findOrFail($id);
-
         return (new GroupsTransformer)->transformGroup($group);
     }
 
@@ -108,7 +110,7 @@ class GroupsController extends Controller
         $group->permissions = $request->input('permissions'); // Todo - some JSON validation stuff here
 
         if ($group->save()) {
-            return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.update.success')));
+            return response()->json(Helper::formatStandardApiResponse('success', (new GroupsTransformer)->transformGroup($group), trans('admin/groups/message.success.update')));
         }
 
         return response()->json(Helper::formatStandardApiResponse('error', null, $group->getErrors()));

app/Http/Controllers/Api/ImportController.php

@@ -9,13 +9,14 @@ use App\Http\Transformers\ImportsTransformer;
 use App\Models\Asset;
 use App\Models\Company;
 use App\Models\Import;
-use Artisan;
+use Illuminate\Support\Facades\Artisan;
 use Illuminate\Database\Eloquent\JsonEncodingException;
 use Illuminate\Support\Facades\Request;
 use Illuminate\Support\Facades\Session;
 use Illuminate\Support\Facades\Storage;
 use League\Csv\Reader;
 use Symfony\Component\HttpFoundation\File\Exception\FileException;
+use Illuminate\Support\Facades\Log;
 
 class ImportController extends Controller
 {
@@ -159,10 +160,10 @@ class ImportController extends Controller
 
         // Run a backup immediately before processing
         if ($request->get('run-backup')) {
-            \Log::debug('Backup manually requested via importer');
+            Log::debug('Backup manually requested via importer');
             Artisan::call('snipeit:backup', ['--filename' => 'pre-import-backup-'.date('Y-m-d-H:i:s')]);
         } else {
-            \Log::debug('NO BACKUP requested via importer');
+            Log::debug('NO BACKUP requested via importer');
         }
 
         $import = Import::find($import_id);

app/Http/Controllers/Api/LabelsController.php

@@ -8,7 +8,7 @@ use App\Http\Transformers\LabelsTransformer;
 use App\Models\Labels\Label;
 use Illuminate\Http\Request;
 use Illuminate\Support\ItemNotFoundException;
-use Auth;
+use Illuminate\Support\Facades\Auth;
 
 class LabelsController extends Controller
 {

app/Http/Controllers/Api/LicenseSeatsController.php

@@ -9,7 +9,7 @@ use App\Models\Asset;
 use App\Models\License;
 use App\Models\LicenseSeat;
 use App\Models\User;
-use Auth;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Http\Request;
 
 class LicenseSeatsController extends Controller

app/Http/Controllers/Api/LocationsController.php

@@ -235,10 +235,16 @@ class LocationsController extends Controller
     public function destroy($id)
     {
         $this->authorize('delete', Location::class);
-        $location = Location::findOrFail($id);
+        $location = Location::withCount('assignedAssets as assigned_assets_count')
+            ->withCount('assets as assets_count')
+            ->withCount('rtd_assets as rtd_assets_count')
+            ->withCount('children as children_count')
+            ->withCount('users as users_count')
+            ->findOrFail($id);
+
         if (! $location->isDeletable()) {
             return response()
-                    ->json(Helper::formatStandardApiResponse('error', null, trans('admin/companies/message.assoc_users')));
+                    ->json(Helper::formatStandardApiResponse('error', null, trans('admin/locations/message.assoc_users')));
         }
         $this->authorize('delete', $location);
         $location->delete();

app/Http/Controllers/Api/ProfileController.php

@@ -12,7 +12,7 @@ use Laravel\Passport\TokenRepository;
 use Illuminate\Contracts\Validation\Factory as ValidationFactory;
 use Illuminate\Support\Facades\Gate;
 use App\Models\CustomField;
-use DB;
+use Illuminate\Support\Facades\DB;
 
 class ProfileController extends Controller
 {

app/Http/Controllers/Api/ReportsController.php

@@ -32,19 +32,26 @@ class ReportsController extends Controller
         }
 
         if (($request->filled('item_type')) && ($request->filled('item_id'))) {
-            $actionlogs = $actionlogs->where('item_id', '=', $request->input('item_id'))
+            $actionlogs = $actionlogs->where(function($query) use ($request)
+            {
+                $query->where('item_id', '=', $request->input('item_id'))
                 ->where('item_type', '=', 'App\\Models\\'.ucwords($request->input('item_type')))
                 ->orWhere(function($query) use ($request)
                 {
                     $query->where('target_id', '=', $request->input('item_id'))
                     ->where('target_type', '=', 'App\\Models\\'.ucwords($request->input('item_type')));
                 });
+            });
         }
 
         if ($request->filled('action_type')) {
             $actionlogs = $actionlogs->where('action_type', '=', $request->input('action_type'))->orderBy('created_at', 'desc');
         }
 
+        if ($request->filled('user_id')) {
+            $actionlogs = $actionlogs->where('user_id', '=', $request->input('user_id'));
+        }
+
         if ($request->filled('action_source')) {
             $actionlogs = $actionlogs->where('action_source', '=', $request->input('action_source'))->orderBy('created_at', 'desc');
         }
@@ -71,13 +78,14 @@ class ReportsController extends Controller
         ];
 
 
+        $total = $actionlogs->count();
         // Make sure the offset and limit are actually integers and do not exceed system limits
-        $offset = ($request->input('offset') > $actionlogs->count()) ? $actionlogs->count() : app('api_offset_value');
+        $offset = ($request->input('offset') > $total) ? $total : app('api_offset_value');
         $limit = app('api_limit_value');
 
         $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'created_at';
         $order = ($request->input('order') == 'asc') ? 'asc' : 'desc';
-        $total = $actionlogs->count();
+
 
         $actionlogs = $actionlogs->orderBy($sort, $order)->skip($offset)->take($limit)->get();
 

app/Http/Controllers/Api/SettingsController.php

@@ -33,18 +33,18 @@ class SettingsController extends Controller
         $settings = Setting::getSettings();
 
         if ($settings->ldap_enabled!='1') {
-            \Log::debug('LDAP is not enabled cannot test.');
+            Log::debug('LDAP is not enabled cannot test.');
             return response()->json(['message' => 'LDAP is not enabled, cannot test.'], 400);
         }
 
-        \Log::debug('Preparing to test LDAP connection');
+        Log::debug('Preparing to test LDAP connection');
 
         $message = []; //where we collect together test messages
         try {
             $connection = Ldap::connectToLdap();
             try {
                 $message['bind'] = ['message' => 'Successfully bound to LDAP server.'];
-                \Log::debug('attempting to bind to LDAP for LDAP test');
+                Log::debug('attempting to bind to LDAP for LDAP test');
                 Ldap::bindAdminToLdap($connection);
                 $message['login'] = [
                     'message' => 'Successfully connected to LDAP server.',
@@ -75,13 +75,13 @@ class SettingsController extends Controller
 
                 return response()->json($message, 200);
             } catch (\Exception $e) {
-                \Log::debug('Bind failed');
-                \Log::debug("Exception was: ".$e->getMessage());
+                Log::debug('Bind failed');
+                Log::debug("Exception was: ".$e->getMessage());
                 return response()->json(['message' => $e->getMessage()], 400);
                 //return response()->json(['message' => $e->getMessage()], 500);
             }
         } catch (\Exception $e) {
-            \Log::debug('Connection failed but we cannot debug it any further on our end.');
+            Log::debug('Connection failed but we cannot debug it any further on our end.');
             return response()->json(['message' => $e->getMessage()], 500);
         }
 
@@ -92,7 +92,7 @@ class SettingsController extends Controller
     {
 
         if (Setting::getSettings()->ldap_enabled != '1') {
-            \Log::debug('LDAP is not enabled. Cannot test.');
+            Log::debug('LDAP is not enabled. Cannot test.');
             return response()->json(['message' => 'LDAP is not enabled, cannot test.'], 400);
         }
 
@@ -104,39 +104,39 @@ class SettingsController extends Controller
 
         $validator = Validator::make($request->all(), $rules);
         if ($validator->fails()) {
-            \Log::debug('LDAP Validation test failed.');
+            Log::debug('LDAP Validation test failed.');
             $validation_errors = implode(' ',$validator->errors()->all());
             return response()->json(['message' => $validator->errors()->all()], 400);
         }
         
 
 
-        \Log::debug('Preparing to test LDAP login');
+        Log::debug('Preparing to test LDAP login');
         try {
             $connection = Ldap::connectToLdap();
             try {
                 Ldap::bindAdminToLdap($connection);
-                \Log::debug('Attempting to bind to LDAP for LDAP test');
+                Log::debug('Attempting to bind to LDAP for LDAP test');
                 try {
                     $ldap_user = Ldap::findAndBindUserLdap($request->input('ldaptest_user'), $request->input('ldaptest_password'));
                     if ($ldap_user) {
-                        \Log::debug('It worked! '. $request->input('ldaptest_user').' successfully binded to LDAP.');
+                        Log::debug('It worked! '. $request->input('ldaptest_user').' successfully binded to LDAP.');
                         return response()->json(['message' => 'It worked! '. $request->input('ldaptest_user').' successfully binded to LDAP.'], 200);
                     }
                     return response()->json(['message' => 'Login Failed. '. $request->input('ldaptest_user').' did not successfully bind to LDAP.'], 400);
 
                 } catch (\Exception $e) {
-                    \Log::debug('LDAP login failed');
+                    Log::debug('LDAP login failed');
                     return response()->json(['message' => $e->getMessage()], 400);
                 }
 
             } catch (\Exception $e) {
-                \Log::debug('Bind failed');
+                Log::debug('Bind failed');
                 return response()->json(['message' => $e->getMessage()], 400);
                 //return response()->json(['message' => $e->getMessage()], 500);
             }
         } catch (\Exception $e) {
-            \Log::debug('Connection failed');
+            Log::debug('Connection failed');
             return response()->json(['message' => $e->getMessage()], 500);
         }
 
@@ -181,19 +181,19 @@ class SettingsController extends Controller
 
             $file_parts = explode('.', $file);
             $extension = end($file_parts);
-            \Log::debug($extension);
+            Log::debug($extension);
 
             // Only generated barcodes would have a .png file extension
             if ($extension == 'png') {
-                \Log::debug('Deleting: '.$file);
+                Log::debug('Deleting: '.$file);
 
 
                 try {
                     Storage::disk('public')->delete($file);
-                    \Log::debug('Deleting: '.$file);
+                    Log::debug('Deleting: '.$file);
                     $file_count++;
                 } catch (\Exception $e) {
-                    \Log::debug($e);
+                    Log::debug($e);
                 }
             }
         }

app/Http/Controllers/Api/UsersController.php

@@ -13,15 +13,17 @@ use App\Http\Transformers\SelectlistTransformer;
 use App\Http\Transformers\UsersTransformer;
 use App\Models\Actionlog;
 use App\Models\Asset;
-use App\Models\Company;
+use App\Models\Accessory;
+use App\Models\Consumable;
 use App\Models\License;
 use App\Models\User;
 use App\Notifications\CurrentInventory;
-use Auth;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Http\Request;
-use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;
 use Illuminate\Support\Facades\Validator;
+use Illuminate\Support\Facades\Log;
+use App\Http\Requests\DeleteUserRequest;
 
 class UsersController extends Controller
 {
@@ -31,7 +33,7 @@ class UsersController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
      *
-     * @return \Illuminate\Http\Response
+     * @return array
      */
     public function index(Request $request)
     {
@@ -75,10 +77,14 @@ class UsersController extends Controller
             'users.autoassign_licenses',
             'users.website',
 
-        ])->with('manager', 'groups', 'userloc', 'company', 'department', 'assets', 'licenses', 'accessories', 'consumables', 'createdBy',)
-            ->withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count');
+        ])->with('manager', 'groups', 'userloc', 'company', 'department', 'assets', 'licenses', 'accessories', 'consumables', 'createdBy', 'managesUsers', 'managedLocations')
+            ->withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count', 'managesUsers as manages_users_count', 'managedLocations as manages_locations_count');
 
 
+        if ($request->filled('search') != '') {
+            $users = $users->TextSearch($request->input('search'));
+        }
+
         if ($request->filled('activated')) {
             $users = $users->where('users.activated', '=', $request->input('activated'));
         }
@@ -187,12 +193,23 @@ class UsersController extends Controller
             $users->has('accessories', '=', $request->input('accessories_count'));
         }
 
+        if ($request->filled('manages_users_count')) {
+            $users->has('manages_users_count', '=', $request->input('manages_users_count'));
+        }
+
+        if ($request->filled('manages_locations_count')) {
+            $users->has('manages_locations_count', '=', $request->input('manages_locations_count'));
+        }
+
         if ($request->filled('autoassign_licenses')) {
             $users->where('autoassign_licenses', '=', $request->input('autoassign_licenses'));
         }
 
-        if ($request->filled('search')) {
-            $users = $users->TextSearch($request->input('search'));
+
+        if (($request->filled('deleted')) && ($request->input('deleted') == 'true')) {
+            $users = $users->onlyTrashed();
+        } elseif (($request->filled('all')) && ($request->input('all') == 'true')) {
+            $users = $users->withTrashed();
         }
 
         $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
@@ -230,10 +247,6 @@ class UsersController extends Controller
                         'jobtitle',
                         'username',
                         'employee_num',
-                        'assets',
-                        'accessories',
-                        'consumables',
-                        'licenses',
                         'groups',
                         'activated',
                         'created_at',
@@ -244,6 +257,8 @@ class UsersController extends Controller
                         'licenses_count',
                         'consumables_count',
                         'accessories_count',
+                        'manages_users_count',
+                        'manages_locations_count',
                         'phone',
                         'address',
                         'city',
@@ -262,18 +277,11 @@ class UsersController extends Controller
                         'website',
                     ];
 
-                $sort = in_array($request->get('sort'), $allowed_columns) ? $request->get('sort') : 'first_name';
+                $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'first_name';
                 $users = $users->orderBy($sort, $order);
                 break;
         }
 
-        if (($request->filled('deleted')) && ($request->input('deleted') == 'true')) {
-            $users = $users->onlyTrashed();
-        } elseif (($request->filled('all')) && ($request->input('all') == 'true')) {
-            $users = $users->withTrashed();
-        }
-
-        $users = Company::scopeCompanyables($users);
 
 
         // Make sure the offset and limit are actually integers and do not exceed system limits
@@ -308,8 +316,6 @@ class UsersController extends Controller
             ]
             )->where('show_in_list', '=', '1');
 
-        $users = Company::scopeCompanyables($users);
-
         if ($request->filled('search')) {
             $users = $users->where(function ($query) use ($request) {
                 $query->SimpleNameSearch($request->get('search'))
@@ -351,7 +357,7 @@ class UsersController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
      * @param  \Illuminate\Http\Request  $request
-     * @return \Illuminate\Http\Response
+     * @return array | \Illuminate\Http\JsonResponse
      */
     public function store(SaveUserRequest $request)
     {
@@ -398,14 +404,19 @@ class UsersController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param  int  $id
-     * @return \Illuminate\Http\Response
+     * @return array | \Illuminate\Http\JsonResponse
      */
     public function show($id)
     {
         $this->authorize('view', User::class);
-        $user = User::withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count')->findOrFail($id);
 
-        return (new UsersTransformer)->transformUser($user);
+        if ($user = User::withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count', 'managesUsers as manages_users_count', 'managedLocations as manages_locations_count')->find($id)) {
+            $this->authorize('view', $user);
+            return (new UsersTransformer)->transformUser($user);
+        }
+        
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.user_not_found', compact('id'))));
+
     }
 
 
@@ -416,89 +427,89 @@ class UsersController extends Controller
      * @since [v4.0]
      * @param  \Illuminate\Http\Request  $request
      * @param  int  $id
-     * @return \Illuminate\Http\Response
+     * @return \Illuminate\Http\JsonResponse
      */
     public function update(SaveUserRequest $request, $id)
     {
         $this->authorize('update', User::class);
 
-        $user = User::findOrFail($id);
-
-        /**
-         * This is a janky hack to prevent people from changing admin demo user data on the public demo.
-         * 
-         * The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
-         * 
-         *  Thanks, jerks. You are why we can't have nice things. - snipe
-         * 
-         */ 
+        if ($user = User::find($id)) {
 
 
-        if ((($id == 1) || ($id == 2)) && (config('app.lock_passwords'))) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, 'Permission denied. You cannot update user information via API on the demo.'));
-        }
+            $this->authorize('update', $user);
+
+            /**
+             * This is a janky hack to prevent people from changing admin demo user data on the public demo.
+             * The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
+             *  Thanks, jerks. You are why we can't have nice things. - snipe
+             *
+             */
 
 
-        $user->fill($request->all());
-        
-        if ($user->id == $request->input('manager_id')) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot be your own manager'));
-        }
-
-        if ($request->filled('password')) {
-            $user->password = bcrypt($request->input('password'));
-        }
-
-        // We need to use has()  instead of filled()
-        // here because we need to overwrite permissions
-        // if someone needs to null them out
-        if ($request->has('permissions')) {
-            $permissions_array = $request->input('permissions');
-
-            // Strip out the superuser permission if the API user isn't a superadmin
-            if (! Auth::user()->isSuperUser()) {
-                unset($permissions_array['superuser']);
+            if ((($id == 1) || ($id == 2)) && (config('app.lock_passwords'))) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, 'Permission denied. You cannot update user information via API on the demo.'));
             }
-            $user->permissions = $permissions_array;
-        }
 
 
+            $user->fill($request->all());
 
-        // Update the location of any assets checked out to this user
-        Asset::where('assigned_type', User::class)
-            ->where('assigned_to', $user->id)->update(['location_id' => $request->input('location_id', null)]);
+            if ($user->id == $request->input('manager_id')) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot be your own manager'));
+            }
 
-        
-        app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'image', 'avatars', 'avatar');
-          
-        if ($user->save()) {
+            if ($request->filled('password')) {
+                $user->password = bcrypt($request->input('password'));
+            }
 
-            // Sync group memberships:
-            // This was changed in Snipe-IT v4.6.x to 4.7, since we upgraded to Laravel 5.5
-            // which changes the behavior of has vs filled.
-            // The $request->has method will now return true even if the input value is an empty string or null.
-            // A new $request->filled method has was added that provides the previous behavior of the has method.
+            // We need to use has()  instead of filled()
+            // here because we need to overwrite permissions
+            // if someone needs to null them out
+            if ($request->has('permissions')) {
+                $permissions_array = $request->input('permissions');
 
-            // Check if the request has groups passed and has a value
-            if ($request->filled('groups')) {
-                $validator = Validator::make($request->all(), [
-                    'groups.*' => 'integer|exists:permission_groups,id',
-                ]);
-                
-                if ($validator->fails()){
-                    return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
+                // Strip out the individual superuser permission if the API user isn't a superadmin
+                if (!Auth::user()->isSuperUser()) {
+                    unset($permissions_array['superuser']);
                 }
-                $user->groups()->sync($request->input('groups'));
-            // The groups field has been passed but it is null, so we should blank it out
-            } elseif ($request->has('groups')) {
-                $user->groups()->sync([]);
+
+                $user->permissions = $permissions_array;
             }
 
 
-            return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.update')));
+            // Update the location of any assets checked out to this user
+            Asset::where('assigned_type', User::class)
+                ->where('assigned_to', $user->id)->update(['location_id' => $request->input('location_id', null)]);
+
+
+            app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'image', 'avatars', 'avatar');
+
+            if ($user->save()) {
+
+                // Check if the request has groups passed and has a value, AND that the user us a superuser
+                if (($request->has('groups')) && (Auth::user()->isSuperUser())) {
+
+                    $validator = Validator::make($request->only('groups'), [
+                        'groups.*' => 'integer|exists:permission_groups,id',
+                    ]);
+
+                    if ($validator->fails()) {
+                        return response()->json(Helper::formatStandardApiResponse('error', null, $validator->errors()));
+                    }
+
+                    // Sync the groups since the user is a superuser and the groups pass validation
+                    $user->groups()->sync($request->input('groups'));
+
+
+                }
+
+                return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.update')));
+            }
+
+            return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
         }
 
-        return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.user_not_found', compact('id'))));
+
     }
 
     /**
@@ -507,45 +518,36 @@ class UsersController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
      * @param  int  $id
-     * @return \Illuminate\Http\Response
+     * @return \Illuminate\Http\JsonResponse
      */
-    public function destroy($id)
+    public function destroy(DeleteUserRequest $request, $id)
     {
         $this->authorize('delete', User::class);
-        $user = User::findOrFail($id);
-        $this->authorize('delete', $user);
 
-        if (($user->assets) && ($user->assets->count() > 0)) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.error.delete_has_assets')));
-        }
+        if ($user = User::withTrashed()->find($id)) {
 
-        if (($user->licenses) && ($user->licenses->count() > 0)) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has '.$user->licenses->count().' license(s) associated with them and cannot be deleted.'));
-        }
+            $this->authorize('delete', $user);
 
-        if (($user->accessories) && ($user->accessories->count() > 0)) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has '.$user->accessories->count().' accessories associated with them.'));
-        }
+            if ($user->delete()) {
 
-        if (($user->managedLocations()) && ($user->managedLocations()->count() > 0)) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has '.$user->managedLocations()->count().' locations that they manage.'));
-        }
-
-        if ($user->delete()) {
-
-            // Remove the user's avatar if they have one
-            if (Storage::disk('public')->exists('avatars/'.$user->avatar)) {
-                try {
-                    Storage::disk('public')->delete('avatars/'.$user->avatar);
-                } catch (\Exception $e) {
-                    \Log::debug($e);
+                // Remove the user's avatar if they have one
+                if (Storage::disk('public')->exists('avatars/' . $user->avatar)) {
+                    try {
+                        Storage::disk('public')->delete('avatars/' . $user->avatar);
+                    } catch (\Exception $e) {
+                        Log::debug($e);
+                    }
                 }
+
+                return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.success.delete')));
             }
 
-            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.success.delete')));
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.error.delete')));
+
         }
 
-        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.error.delete')));
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.user_not_found')));
+
     }
 
     /**
@@ -554,15 +556,42 @@ class UsersController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v3.0]
      * @param $userId
-     * @return string JSON
+     * @return array | \Illuminate\Http\JsonResponse
      */
     public function assets(Request $request, $id)
     {
         $this->authorize('view', User::class);
         $this->authorize('view', Asset::class);
-        $assets = Asset::where('assigned_to', '=', $id)->where('assigned_type', '=', User::class)->with('model')->get();
 
-        return (new AssetsTransformer)->transformAssets($assets, $assets->count(), $request);
+        if ($user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed()->find($id)) {
+            $this->authorize('view', $user);
+
+            $assets = Asset::where('assigned_to', '=', $id)->where('assigned_type', '=', User::class)->with('model');
+
+
+            // Filter on category ID
+            if ($request->filled('category_id')) {
+                $assets = $assets->InCategory($request->input('category_id'));
+            }
+
+
+            // Filter on model ID
+            if ($request->filled('model_id')) {
+
+                $model_ids = $request->input('model_id');
+                if (!is_array($model_ids)) {
+                    $model_ids = array($model_ids);
+                }
+                $assets = $assets->InModelList($model_ids);
+            }
+
+            $assets = $assets->get();
+
+            return (new AssetsTransformer)->transformAssets($assets, $assets->count(), $request);
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.user_not_found', compact('id'))));
+
     }
 
     /**
@@ -576,15 +605,22 @@ class UsersController extends Controller
      */
     public function emailAssetList(Request $request, $id)
     {
-        $user = User::findOrFail($id);
+        $this->authorize('update', User::class);
 
-        if (empty($user->email)) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.inventorynotification.error')));
+        if ($user = User::find($id)) {
+            $this->authorize('update', $user);
+
+            if (empty($user->email)) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.inventorynotification.error')));
+            }
+
+            $user->notify((new CurrentInventory($user)));
+            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.inventorynotification.success')));
         }
 
-        $user->notify((new CurrentInventory($user)));
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.user_not_found', compact('id'))));
  
-        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.inventorynotification.success')));
+
     }
 
     /**
@@ -593,13 +629,14 @@ class UsersController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v3.0]
      * @param $userId
-     * @return string JSON
+     * @return array | \Illuminate\Http\JsonResponse
      */
     public function consumables(Request $request, $id)
     {
         $this->authorize('view', User::class);
         $this->authorize('view', Consumable::class);
         $user = User::findOrFail($id);
+        $this->authorize('view', $user);
         $consumables = $user->consumables;
         return (new ConsumablesTransformer)->transformConsumables($consumables, $consumables->count(), $request);
     }
@@ -610,12 +647,13 @@ class UsersController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.6.14]
      * @param $userId
-     * @return string JSON
+     * @return array
      */
     public function accessories($id)
     {
         $this->authorize('view', User::class);
         $user = User::findOrFail($id);
+        $this->authorize('view', $user);
         $this->authorize('view', Accessory::class);
         $accessories = $user->accessories;
 
@@ -628,7 +666,7 @@ class UsersController extends Controller
      * @author [N. Mathar] [<snipe@snipe.net>]
      * @since [v5.0]
      * @param $userId
-     * @return string JSON
+     * @return array | \Illuminate\Http\JsonResponse
      */
     public function licenses($id)
     {
@@ -636,6 +674,7 @@ class UsersController extends Controller
         $this->authorize('view', License::class);
         
         if ($user = User::where('id', $id)->withTrashed()->first()) {
+            $this->authorize('update', $user);
             $licenses = $user->licenses()->get();
             return (new LicensesTransformer())->transformLicenses($licenses, $licenses->count());
         }
@@ -659,9 +698,20 @@ class UsersController extends Controller
         if ($request->filled('id')) {
             try {
                 $user = User::find($request->get('id'));
+                $this->authorize('update', $user);
                 $user->two_factor_secret = null;
                 $user->two_factor_enrolled = 0;
-                $user->save();
+                $user->saveQuietly();
+
+                // Log the reset
+                $logaction = new Actionlog();
+                $logaction->target_type = User::class;
+                $logaction->target_id = $user->id;
+                $logaction->item_type = User::class;
+                $logaction->item_id = $user->id;
+                $logaction->created_at = date('Y-m-d H:i:s');
+                $logaction->user_id = Auth::user()->id;
+                $logaction->logaction('2FA reset');
 
                 return response()->json(['message' => trans('admin/settings/general.two_factor_reset_success')], 200);
             } catch (\Exception $e) {
@@ -679,7 +729,7 @@ class UsersController extends Controller
      * @author [Juan Font] [<juanfontalonso@gmail.com>]
      * @since [v4.4.2]
      * @param  \Illuminate\Http\Request  $request
-     * @return \Illuminate\Http\Response
+     * @return array
      */
     public function getCurrentUserInfo(Request $request)
     {
@@ -692,12 +742,14 @@ class UsersController extends Controller
      * @author [E. Taylor] [<dev@evantaylor.name>]
      * @param int $userId
      * @since [v6.0.0]
-     * @return JsonResponse
+     * @return \Illuminate\Http\JsonResponse
      */
-    public function restore($userId = null)
+    public function restore($userId)
     {
+        $this->authorize('delete', User::class);
 
         if ($user = User::withTrashed()->find($userId)) {
+
             $this->authorize('delete', $user);
 
             if ($user->deleted_at == '') {
@@ -716,8 +768,6 @@ class UsersController extends Controller
                 return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.success.restored')), 200);
             }
 
-            // Check validation to make sure we're not restoring a user with the same username as an existing user
-            return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
         }
 
         return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.user_not_found')), 200);

app/Http/Controllers/AssetMaintenancesController.php

@@ -6,7 +6,7 @@ use App\Helpers\Helper;
 use App\Models\Asset;
 use App\Models\AssetMaintenance;
 use App\Models\Company;
-use Auth;
+use Illuminate\Support\Facades\Auth;
 use Carbon\Carbon;
 use Illuminate\Http\Request;
 use Slack;

app/Http/Controllers/AssetModelsController.php

@@ -7,16 +7,16 @@ use App\Http\Requests\ImageUploadRequest;
 use App\Models\Actionlog;
 use App\Models\Asset;
 use App\Models\AssetModel;
+use App\Models\CustomField;
 use App\Models\User;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
-use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\View;
 use Illuminate\Support\Facades\Validator;
-use Redirect;
-use Request;
-use Storage;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Storage;
 use Symfony\Component\HttpFoundation\JsonResponse;
+use Illuminate\Support\Facades\Log;
 
 /**
  * This class controls all actions related to asset models for
@@ -66,7 +66,7 @@ class AssetModelsController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v1.0]
      * @param ImageUploadRequest $request
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function store(ImageUploadRequest $request)
@@ -85,7 +85,7 @@ class AssetModelsController extends Controller
         $model->category_id = $request->input('category_id');
         $model->notes = $request->input('notes');
         $model->user_id = Auth::id();
-        $model->requestable = Request::has('requestable');
+        $model->requestable = $request->has('requestable');
 
         if ($request->input('fieldset_id') != '') {
             $model->fieldset_id = $request->input('fieldset_id');
@@ -139,7 +139,7 @@ class AssetModelsController extends Controller
      * @since [v1.0]
      * @param ImageUploadRequest $request
      * @param int $modelId
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function update(ImageUploadRequest $request, $modelId = null)
@@ -200,7 +200,7 @@ class AssetModelsController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v1.0]
      * @param int $modelId
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function destroy($modelId)
@@ -220,7 +220,7 @@ class AssetModelsController extends Controller
             try {
                 Storage::disk('public')->delete('models/'.$model->image);
             } catch (\Exception $e) {
-                \Log::info($e);
+                Log::info($e);
             }
         }
 
@@ -237,7 +237,7 @@ class AssetModelsController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v1.0]
      * @param int $id
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function getRestore($id)
@@ -288,7 +288,7 @@ class AssetModelsController extends Controller
     public function show($modelId = null)
     {
         $this->authorize('view', AssetModel::class);
-        $model = AssetModel::withTrashed()->withCount('assets')->find($modelId);
+        $model = AssetModel::withTrashed()->find($modelId);
 
         if (isset($model->id)) {
             return view('models/view', compact('model'));
@@ -429,7 +429,7 @@ class AssetModelsController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v1.0]
      * @param int $modelId
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function postBulkDelete(Request $request)
     {
@@ -486,11 +486,11 @@ class AssetModelsController extends Controller
      * @param  array      $defaultValues
      * @return void
      */
-    private function assignCustomFieldsDefaultValues(AssetModel $model, array $defaultValues)
+    private function assignCustomFieldsDefaultValues(AssetModel $model, array $defaultValues): bool
     {
         $data = array();
         foreach ($defaultValues as $customFieldId => $defaultValue) {
-            $customField = \App\Models\CustomField::find($customFieldId);
+            $customField = CustomField::find($customFieldId);
 
             $data[$customField->db_column] = $defaultValue;
         }

app/Http/Controllers/AssetModelsFilesController.php

@@ -16,7 +16,7 @@ class AssetModelsFilesController extends Controller
      *
      * @param UploadFileRequest $request
      * @param int $modelId
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      *@since [v1.0]
      * @author [A. Gianotto] [<snipe@snipe.net>]
@@ -38,7 +38,7 @@ class AssetModelsFilesController extends Controller
 
                 $file_name = $request->handleFile('private_uploads/assetmodels/','model-'.$model->id,$file);
 
-                $model->logUpload($file_name, e($request->get('notes')));
+                $model->logUpload($file_name, $request->get('notes'));
             }
 
             return redirect()->back()->with('success', trans('general.file_upload_success'));
@@ -70,8 +70,6 @@ class AssetModelsFilesController extends Controller
             }
 
             $file = 'private_uploads/assetmodels/'.$log->filename;
-            \Log::debug('Checking for '.$file);
-
 
             if (! Storage::exists($file)) {
                 return response('File '.$file.' not found on server', 404)

app/Http/Controllers/Assets/AssetCheckinController.php

@@ -12,8 +12,9 @@ use App\Models\CheckoutAcceptance;
 use App\Models\LicenseSeat;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Facades\Redirect;
+use Illuminate\Support\Facades\Session;
 use Illuminate\Support\Facades\View;
+use Illuminate\Support\Facades\Log;
 
 class AssetCheckinController extends Controller
 {
@@ -39,7 +40,17 @@ class AssetCheckinController extends Controller
 
         $this->authorize('checkin', $asset);
 
-        return view('hardware/checkin', compact('asset'))->with('statusLabel_list', Helper::statusLabelList())->with('backto', $backto);
+        // This asset is already checked in, redirect
+        
+        if (is_null($asset->assignedTo)) {
+            return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.checkin.already_checked_in'));
+        }
+
+        if (!$asset->model) {
+            return redirect()->route('hardware.show', $asset->id)->with('error', trans('admin/hardware/general.model_invalid_fix'));
+        }
+
+        return view('hardware/checkin', compact('asset'))->with('statusLabel_list', Helper::statusLabelList())->with('backto', $backto)->with('table_name', 'Assets');
     }
 
     /**
@@ -49,7 +60,7 @@ class AssetCheckinController extends Controller
      * @param AssetCheckinRequest $request
      * @param int $assetId
      * @param null $backto
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      * @since [v1.0]
      */
@@ -64,6 +75,11 @@ class AssetCheckinController extends Controller
         if (is_null($target = $asset->assignedTo)) {
             return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.checkin.already_checked_in'));
         }
+
+        if (!$asset->model) {
+            return redirect()->route('hardware.show', $asset->id)->with('error', trans('admin/hardware/general.model_invalid_fix'));
+        }
+
         $this->authorize('checkin', $asset);
 
         if ($asset->assignedType() == Asset::USER) {
@@ -86,7 +102,7 @@ class AssetCheckinController extends Controller
         $asset->location_id = $asset->rtd_location_id;
 
         if ($request->filled('location_id')) {
-            \Log::debug('NEW Location ID: '.$request->get('location_id'));
+            Log::debug('NEW Location ID: '.$request->get('location_id'));
             $asset->location_id = $request->get('location_id');
 
             if ($request->get('update_default_location') == 0){
@@ -116,15 +132,12 @@ class AssetCheckinController extends Controller
             $acceptance->delete();
         });
 
+        Session::put('redirect_option', $request->get('redirect_option'));
         // Was the asset updated?
         if ($asset->save()) {
+
             event(new CheckoutableCheckedIn($asset, $target, Auth::user(), $request->input('note'), $checkin_at, $originalValues));
-
-            if ((isset($user)) && ($backto == 'user')) {
-                return redirect()->route('users.show', $user->id)->with('success', trans('admin/hardware/message.checkin.success'));
-            }
-
-            return redirect()->route('hardware.index')->with('success', trans('admin/hardware/message.checkin.success'));
+            return Helper::getRedirectOption($asset, $assetId, 'Assets');
         }
         // Redirect to the asset management page with error
         return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.checkin.error').$asset->getErrors());

app/Http/Controllers/Assets/AssetCheckoutController.php

@@ -10,6 +10,7 @@ use App\Http\Requests\AssetCheckoutRequest;
 use App\Models\Asset;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Session;
 
 class AssetCheckoutController extends Controller
 {
@@ -33,11 +34,17 @@ class AssetCheckoutController extends Controller
 
         $this->authorize('checkout', $asset);
 
+        if (!$asset->model) {
+            return redirect()->route('hardware.show', $asset->id)->with('error', trans('admin/hardware/general.model_invalid_fix'));
+        }
+
         if ($asset->availableForCheckout()) {
             return view('hardware/checkout', compact('asset'))
-                ->with('statusLabel_list', Helper::deployableStatusLabelList());
+                ->with('statusLabel_list', Helper::deployableStatusLabelList())
+                ->with('table_name', 'Assets');
         }
 
+
         return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.checkout.not_available'));
     }
 
@@ -47,7 +54,7 @@ class AssetCheckoutController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param AssetCheckoutRequest $request
      * @param int $assetId
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @since [v1.0]
      */
     public function store(AssetCheckoutRequest $request, $assetId)
@@ -60,9 +67,14 @@ class AssetCheckoutController extends Controller
                 return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.checkout.not_available'));
             }
             $this->authorize('checkout', $asset);
+
+            if (!$asset->model) {
+                return redirect()->route('hardware.show', $asset->id)->with('error', trans('admin/hardware/general.model_invalid_fix'));
+            }
+
             $admin = Auth::user();
 
-            $target = $this->determineCheckoutTarget($asset);
+            $target = $this->determineCheckoutTarget();
 
             $asset = $this->updateAssetLocation($asset, $target);
 
@@ -97,11 +109,12 @@ class AssetCheckoutController extends Controller
                     return redirect()->to("hardware/$assetId/checkout")->with('error', trans('general.error_user_company'));
                 }
             }
-            
-            if ($asset->checkOut($target, $admin, $checkout_at, $expected_checkin, $request->get('note'), $request->get('name'))) {
-                return redirect()->route('hardware.index')->with('success', trans('admin/hardware/message.checkout.success'));
-            }
 
+                Session::put(['redirect_option' => $request->get('redirect_option'), 'checkout_to_type' => $request->get('checkout_to_type')]);
+
+            if ($asset->checkOut($target, $admin, $checkout_at, $expected_checkin, $request->get('note'), $request->get('name'))) {
+                return Helper::getRedirectOption($request, $assetId, 'Assets');
+            }
             // Redirect to the asset management page with error
             return redirect()->to("hardware/$assetId/checkout")->with('error', trans('admin/hardware/message.checkout.error').$asset->getErrors());
         } catch (ModelNotFoundException $e) {

app/Http/Controllers/Assets/AssetFilesController.php

@@ -17,7 +17,7 @@ class AssetFilesController extends Controller
      *
      * @param UploadFileRequest $request
      * @param int $assetId
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      *@since [v1.0]
      * @author [A. Gianotto] [<snipe@snipe.net>]
@@ -38,7 +38,7 @@ class AssetFilesController extends Controller
             foreach ($request->file('file') as $file) {
                 $file_name = $request->handleFile('private_uploads/assets/','hardware-'.$asset->id, $file);
                 
-                $asset->logUpload($file_name, e($request->get('notes')));
+                $asset->logUpload($file_name, $request->get('notes'));
             }
 
             return redirect()->back()->with('success', trans('admin/hardware/message.upload.success'));
@@ -70,7 +70,6 @@ class AssetFilesController extends Controller
             }
 
             $file = 'private_uploads/assets/'.$log->filename;
-            \Log::debug('Checking for '.$file);
 
             if ($log->action_type == 'audit') {
                 $file = 'private_uploads/audits/'.$log->filename;

app/Http/Controllers/Assets/AssetsController.php

@@ -6,7 +6,7 @@ use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\ImageUploadRequest;
 use App\Models\Actionlog;
-use App\Models\Manufacturer;
+use App\Http\Requests\UploadFileRequest;
 use Illuminate\Support\Facades\Log;
 use App\Models\Asset;
 use App\Models\AssetModel;
@@ -96,12 +96,16 @@ class AssetsController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v1.0]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function store(ImageUploadRequest $request)
     {
         $this->authorize(Asset::class);
 
+        // There are a lot more rules to add here but prevents
+        // errors around `asset_tags` not being present below.
+        $this->validate($request, ['asset_tags' => ['required', 'array']]);
+
         // Handle asset tags - there could be one, or potentially many.
         // This is only necessary on create, not update, since bulk editing is handled
         // differently
@@ -156,29 +160,7 @@ class AssetsController extends Controller
                 $asset = $request->handleImages($asset);
             }
 
-            // Update custom fields in the database.
-            // Validation for these fields is handled through the AssetRequest form request
-            $model = AssetModel::find($request->get('model_id'));
-
-            if (($model) && ($model->fieldset)) {
-                foreach ($model->fieldset->fields as $field) {
-                    if ($field->field_encrypted == '1') {
-                        if (Gate::allows('admin')) {
-                            if (is_array($request->input($field->db_column))) {
-                                $asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column)));
-                            } else {
-                                $asset->{$field->db_column} = Crypt::encrypt($request->input($field->db_column));
-                            }
-                        }
-                    } else {
-                        if (is_array($request->input($field->db_column))) {
-                            $asset->{$field->db_column} = implode(', ', $request->input($field->db_column));
-                        } else {
-                            $asset->{$field->db_column} = $request->input($field->db_column);
-                        }
-                    }
-                }
-            }
+            $asset = $asset->handleCustomFieldsForStoring($request);
 
             // Validate the asset before saving
             if ($asset->isValid() && $asset->save()) {
@@ -203,7 +185,7 @@ class AssetsController extends Controller
         }
 
         if ($success) {
-            \Log::debug(e($asset->asset_tag));
+            Log::debug(e($asset->asset_tag));
             return redirect()->route('hardware.index')
                 ->with('success-unescaped', trans('admin/hardware/message.create.success_linked', ['link' => route('hardware.show', $asset->id), 'id', 'tag' => e($asset->asset_tag)]));
                
@@ -289,7 +271,7 @@ class AssetsController extends Controller
      *
      * @param int $assetId
      * @return \Illuminate\Http\RedirectResponse|Redirect
-     *@since [v1.0]
+     * @since [v1.0]
      * @author [A. Gianotto] [<snipe@snipe.net>]
      */
     public function update(ImageUploadRequest $request, $assetId = null)
@@ -304,7 +286,8 @@ class AssetsController extends Controller
         $asset->status_id = $request->input('status_id', null);
         $asset->warranty_months = $request->input('warranty_months', null);
         $asset->purchase_cost = $request->input('purchase_cost', null);
-        $asset->purchase_date = $request->input('purchase_date', null); 
+        $asset->purchase_date = $request->input('purchase_date', null);
+        $asset->next_audit_date = $request->input('next_audit_date', null);
         if ($request->filled('purchase_date') && !$request->filled('asset_eol_date') && ($asset->model->eol > 0)) {
             $asset->purchase_date = $request->input('purchase_date', null); 
             $asset->asset_eol_date = Carbon::parse($request->input('purchase_date'))->addMonths($asset->model->eol)->format('Y-m-d');
@@ -365,32 +348,7 @@ class AssetsController extends Controller
         $asset->notes = $request->input('notes');
 
         $asset = $request->handleImages($asset);
-
-        // Update custom fields in the database.
-        // Validation for these fields is handlded through the AssetRequest form request
-        // FIXME: No idea why this is returning a Builder error on db_column_name.
-        // Need to investigate and fix. Using static method for now.
-        $model = AssetModel::find($request->get('model_id'));
-        if (($model) && ($model->fieldset)) {
-            foreach ($model->fieldset->fields as $field) {
-                if ($field->field_encrypted == '1') {
-                    if (Gate::allows('admin')) {
-                        if (is_array($request->input($field->db_column))) {
-                            $asset->{$field->db_column} = Crypt::encrypt(implode(', ', $request->input($field->db_column)));
-                        } else {
-                            $asset->{$field->db_column} = Crypt::encrypt($request->input($field->db_column));
-                        }
-                    }
-                } else {
-                    if (is_array($request->input($field->db_column))) {
-                        $asset->{$field->db_column} = implode(', ', $request->input($field->db_column));
-                    } else {
-                        $asset->{$field->db_column} = $request->input($field->db_column);
-                    }
-                }
-            }
-        }
-
+        $asset = $asset->handleCustomFieldsForStoring($request);
 
         if ($asset->save()) {
             return redirect()->route('hardware.show', $assetId)
@@ -406,7 +364,7 @@ class AssetsController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param int $assetId
      * @since [v1.0]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function destroy($assetId)
     {
@@ -440,7 +398,7 @@ class AssetsController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v3.0]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function getAssetBySerial(Request $request)
     {
@@ -458,7 +416,7 @@ class AssetsController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v3.0]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function getAssetByTag(Request $request, $tag=null)
     {
@@ -850,15 +808,15 @@ class AssetsController extends Controller
         return view('hardware/audit-due');
     }
 
-    public function overdueForAudit()
+    public function dueForCheckin()
     {
-        $this->authorize('audit', Asset::class);
+        $this->authorize('checkin', Asset::class);
 
-        return view('hardware/audit-overdue');
+        return view('hardware/checkin-due');
     }
 
 
-    public function auditStore(Request $request, $id)
+    public function auditStore(UploadFileRequest $request, $id)
     {
         $this->authorize('audit', Asset::class);
 
@@ -875,7 +833,21 @@ class AssetsController extends Controller
 
         $asset = Asset::findOrFail($id);
 
-        // We don't want to log this as a normal update, so let's bypass that
+        /**
+         * Even though we do a save() further down, we don't want to log this as a "normal" asset update,
+         * which would trigger the Asset Observer and would log an asset *update* log entry (because the
+         * de-normed fields like next_audit_date on the asset itself will change on save()) *in addition* to
+         * the audit log entry we're creating through this controller.
+         *
+         * To prevent this double-logging (one for update and one for audit), we skip the observer and bypass
+         * that de-normed update log entry by using unsetEventDispatcher(), BUT invoking unsetEventDispatcher()
+         * will bypass normal model-level validation that's usually handled at the observer )
+         *
+         * We handle validation on the save() by checking if the asset is valid via the ->isValid() method,
+         * which manually invokes Watson Validating to make sure the asset's model is valid.
+         *
+         * @see \App\Observers\AssetObserver::updating()
+         */
         $asset->unsetEventDispatcher();
 
         $asset->next_audit_date = $request->input('next_audit_date');
@@ -884,29 +856,27 @@ class AssetsController extends Controller
         // Check to see if they checked the box to update the physical location,
         // not just note it in the audit notes
         if ($request->input('update_location') == '1') {
-            Log::debug('update location in audit');
             $asset->location_id = $request->input('location_id');
         }
+        
 
+        /**
+         * Invoke Watson Validating to check the asset itself and check to make sure it saved correctly.
+         * We have to invoke this manually because of the unsetEventDispatcher() above.)
+         */
+        if ($asset->isValid() && $asset->save()) {
 
-        if ($asset->save()) {
-            $file_name = '';
-            // Upload an image, if attached
+            $file_name = null;
+            // Create the image (if one was chosen.)
             if ($request->hasFile('image')) {
-                $path = 'private_uploads/audits';
-                if (! Storage::exists($path)) {
-                    Storage::makeDirectory($path, 775);
-                }
-                $upload = $image = $request->file('image');
-                $ext = $image->getClientOriginalExtension();
-                $file_name = 'audit-'.str_random(18).'.'.$ext;
-                Storage::putFileAs($path, $upload, $file_name);
+                $file_name = $request->handleFile('private_uploads/audits/', 'audit-'.$asset->id, $request->file('image'));
             }
 
-
             $asset->logAudit($request->input('note'), $request->input('location_id'), $file_name);
             return redirect()->route('assets.audit.due')->with('success', trans('admin/hardware/message.audit.success'));
         }
+
+        return redirect()->back()->withInput()->withErrors($asset->getErrors());
     }
 
     public function getRequestedIndex($user_id = null)

app/Http/Controllers/Assets/BulkAssetsController.php

@@ -13,7 +13,9 @@ use App\Models\Setting;
 use App\View\Label;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Crypt;
 use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Session;
 use App\Http\Requests\AssetCheckoutRequest;
@@ -189,7 +191,6 @@ class BulkAssetsController extends Controller
      * Save bulk edits
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
-     * @return Redirect
      * @internal param array $assets
      * @since [v2.0]
      */
@@ -214,7 +215,7 @@ class BulkAssetsController extends Controller
         }
 
 
-        $assets = Asset::whereIn('id', array_keys($request->input('ids')))->get();
+        $assets = Asset::whereIn('id', $request->input('ids'))->get();
 
 
 
@@ -379,28 +380,30 @@ class BulkAssetsController extends Controller
                     foreach ($asset->model->fieldset->fields as $field) {
 
                         if ((array_key_exists($field->db_column, $this->update_array)) && ($field->field_encrypted == '1')) {
-                            $decrypted_old = Helper::gracefulDecrypt($field, $asset->{$field->db_column});
+                            if (Gate::allows('admin')) {
+                                $decrypted_old = Helper::gracefulDecrypt($field, $asset->{$field->db_column});
 
-                            /*
-                             * Check if the decrypted existing value is different from one we just submitted
-                             * and if not, pull it out of the object since it shouldn't really be updating at all.
-                             * If we don't do this, it will try to re-encrypt it, and the same value encrypted two
-                             * different times will have different values, so it will *look* like it was updated
-                             * but it wasn't.
-                             */
-                            if ($decrypted_old != $this->update_array[$field->db_column]) {
-                                $asset->{$field->db_column} = \Crypt::encrypt($this->update_array[$field->db_column]);
-                            } else {
                                 /*
-                                 * Remove the encrypted custom field from the update_array, since nothing changed
+                                 * Check if the decrypted existing value is different from one we just submitted
+                                 * and if not, pull it out of the object since it shouldn't really be updating at all.
+                                 * If we don't do this, it will try to re-encrypt it, and the same value encrypted two
+                                 * different times will have different values, so it will *look* like it was updated
+                                 * but it wasn't.
                                  */
-                                unset($this->update_array[$field->db_column]);
-                                unset($asset->{$field->db_column});
-                            }
+                                if ($decrypted_old != $this->update_array[$field->db_column]) {
+                                    $asset->{$field->db_column} = Crypt::encrypt($this->update_array[$field->db_column]);
+                                } else {
+                                    /*
+                                     * Remove the encrypted custom field from the update_array, since nothing changed
+                                     */
+                                    unset($this->update_array[$field->db_column]);
+                                    unset($asset->{$field->db_column});
+                                }
 
-                            /*
-                             * These custom fields aren't encrypted, just carry on as usual
-                             */
+                                /*
+                                 * These custom fields aren't encrypted, just carry on as usual
+                                 */
+                            }
                         } else {
 
                             if ((array_key_exists($field->db_column, $this->update_array)) && ($asset->{$field->db_column} != $this->update_array[$field->db_column])) {

app/Http/Controllers/Auth/ForgotPasswordController.php

@@ -5,7 +5,7 @@ namespace App\Http\Controllers\Auth;
 use App\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
 use Illuminate\Http\Request;
-
+use Illuminate\Support\Facades\Log;
 class ForgotPasswordController extends Controller
 {
     /*
@@ -79,16 +79,16 @@ class ForgotPasswordController extends Controller
                 )
             );
         } catch(\Exception $e) {
-            \Log::info('Password reset attempt: User '.$request->input('username').'failed with exception: '.$e );
+            Log::info('Password reset attempt: User '.$request->input('username').'failed with exception: '.$e );
         }
 
         // Prevent timing attack to enumerate users.
         usleep(500000 + random_int(0, 1500000));
 
         if ($response === \Password::RESET_LINK_SENT) {
-            \Log::info('Password reset attempt: User '.$request->input('username').' WAS found, password reset sent');
+            Log::info('Password reset attempt: User '.$request->input('username').' WAS found, password reset sent');
         } else {
-            \Log::info('Password reset attempt: User matching username '.$request->input('username').' NOT FOUND or user is inactive');
+            Log::info('Password reset attempt: User matching username '.$request->input('username').' NOT FOUND or user is inactive');
         }
 
         /**

app/Http/Controllers/Auth/LoginController.php

@@ -16,7 +16,7 @@ use Illuminate\Support\Carbon;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Session;
 use Illuminate\Support\Facades\Validator;
-use Log;
+use Illuminate\Support\Facades\Log;
 use Redirect;
 
 /**
@@ -122,7 +122,7 @@ class LoginController extends Controller
                     Auth::login($user);
                 } else {
                     $username = $saml->getUsername();
-                    \Log::debug("SAML user '$username' could not be found in database.");
+                    Log::debug("SAML user '$username' could not be found in database.");
                     $request->session()->flash('error', trans('auth/message.signin.error'));
                     $saml->clearData();
                 }
@@ -137,7 +137,7 @@ class LoginController extends Controller
                 $s->save();
 
             } catch (\Exception $e) {
-                \Log::debug('There was an error authenticating the SAML user: '.$e->getMessage());
+                Log::debug('There was an error authenticating the SAML user: '.$e->getMessage());
                 throw $e;
             }
 
@@ -146,7 +146,7 @@ class LoginController extends Controller
 
             // Better logging
             if (empty($samlData)) {
-                \Log::debug("SAML page requested, but samlData seems empty.");
+                Log::debug("SAML page requested, but samlData seems empty.");
             }
         }
 
@@ -261,19 +261,19 @@ class LoginController extends Controller
     /**
      * Account sign in form processing.
      *
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function login(Request $request)
     {
 
         //If the environment is set to ALWAYS require SAML, return access denied
         if (config('app.require_saml')) {
-            \Log::debug('require SAML is enabled in the .env - return a 403');
+            Log::debug('require SAML is enabled in the .env - return a 403');
             return view('errors.403');
         }
 
         if (Setting::getSettings()->login_common_disabled == '1') {
-            \Log::debug('login_common_disabled is set to 1 - return a 403');
+            Log::debug('login_common_disabled is set to 1 - return a 403');
             return view('errors.403');
         }
 
@@ -339,7 +339,7 @@ class LoginController extends Controller
     /**
      * Two factor enrollment page
      *
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function getTwoFactorEnroll()
     {
@@ -389,7 +389,7 @@ class LoginController extends Controller
     /**
      * Two factor code form page
      *
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function getTwoFactorAuth()
     {
@@ -415,7 +415,7 @@ class LoginController extends Controller
      *
      * @param Request $request
      *
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function postTwoFactorAuth(Request $request)
     {
@@ -427,10 +427,6 @@ class LoginController extends Controller
             return redirect()->route('two-factor')->with('error', trans('auth/message.two_factor.code_required'));
         }
 
-        if (! $request->has('two_factor_secret')) { // TODO this seems almost the same as above?
-            return redirect()->route('two-factor')->with('error', 'Two-factor code is required.');
-        }
-
         $user = Auth::user();
         $secret = $request->input('two_factor_secret');
 
@@ -439,7 +435,7 @@ class LoginController extends Controller
             $user->saveQuietly();
             $request->session()->put('2fa_authed', $user->id);
 
-            return redirect()->route('home')->with('success', 'You are logged in!');
+            return redirect()->route('home')->with('success', trans('auth/message.signin.success'));
         }
 
         return redirect()->route('two-factor')->with('error', trans('auth/message.two_factor.invalid_code'));
@@ -451,7 +447,7 @@ class LoginController extends Controller
      *
      * @param Request $request
      *
-     * @return Redirect
+     * @return Illuminate\Http\RedirectResponse
      */
     public function logout(Request $request)
     {
@@ -537,7 +533,7 @@ class LoginController extends Controller
 
         $minutes = round($seconds / 60);
 
-        $message = \Lang::get('auth/message.throttle', ['minutes' => $minutes]);
+        $message = trans('auth/message.throttle', ['minutes' => $minutes]);
 
         return redirect()->back()
             ->withInput($request->only($this->username(), 'remember'))

app/Http/Controllers/Auth/ResetPasswordController.php

@@ -7,7 +7,7 @@ use App\Models\Setting;
 use App\Models\User;
 use Illuminate\Foundation\Auth\ResetsPasswords;
 use Illuminate\Http\Request;
-
+use Illuminate\Support\Facades\Log;
 
 class ResetPasswordController extends Controller
 {
@@ -66,7 +66,7 @@ class ResetPasswordController extends Controller
         $credentials =  $request->only('email', 'token');
 
         if (is_null($this->broker()->getUser($credentials))) {
-            \Log::debug('Password reset form FAILED - this token is not valid.');
+            Log::debug('Password reset form FAILED - this token is not valid.');
             return redirect()->route('password.request')->with('error', trans('passwords.token'));
         }
 
@@ -89,10 +89,10 @@ class ResetPasswordController extends Controller
 
         $request->validate($this->rules(), $request->all(), $this->validationErrorMessages());
 
-        \Log::debug('Checking if '.$request->input('username').' exists');
+        Log::debug('Checking if '.$request->input('username').' exists');
         // Check to see if the user even exists - we'll treat the response the same to prevent user sniffing
         if ($user = User::where('username', '=', $request->input('username'))->where('activated', '1')->whereNotNull('email')->first()) {
-            \Log::debug($user->username.' exists');
+            Log::debug($user->username.' exists');
 
 
             // handle the password validation rules set by the admin settings
@@ -112,17 +112,17 @@ class ResetPasswordController extends Controller
 
             // Check if the password reset above actually worked
             if ($response == \Password::PASSWORD_RESET) {
-                \Log::debug('Password reset for '.$user->username.' worked');
+                Log::debug('Password reset for '.$user->username.' worked');
                 return redirect()->guest('login')->with('success', trans('passwords.reset'));
             }
 
-            \Log::debug('Password reset for '.$user->username.' FAILED - this user exists but the token is not valid');
+            Log::debug('Password reset for '.$user->username.' FAILED - this user exists but the token is not valid');
             return redirect()->back()->withInput($request->only('email'))->with('success', trans('passwords.reset'));
 
         }
 
 
-        \Log::debug('Password reset for '.$request->input('username').' FAILED - user does not exist or does not have an email address - but make it look like it succeeded');
+        Log::debug('Password reset for '.$request->input('username').' FAILED - user does not exist or does not have an email address - but make it look like it succeeded');
         return redirect()->guest('login')->with('success', trans('passwords.reset'));
 
     }

app/Http/Controllers/Auth/SamlController.php

@@ -5,7 +5,7 @@ namespace App\Http\Controllers\Auth;
 use App\Http\Controllers\Controller;
 use App\Services\Saml;
 use Illuminate\Http\Request;
-use Log;
+use Illuminate\Support\Facades\Log;
 
 /**
  * This controller provides the endpoint for SAML communication and metadata.
@@ -51,7 +51,7 @@ class SamlController extends Controller
         $metadata = $this->saml->getSPMetadata();
 
         if (empty($metadata)) {
-            \Log::debug('SAML metadata is empty - return a 403');
+            Log::debug('SAML metadata is empty - return a 403');
             return response()->view('errors.403', [], 403);
         }
 
@@ -71,7 +71,7 @@ class SamlController extends Controller
      *
      * @param Request $request
      *
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function login(Request $request)
     {
@@ -93,7 +93,7 @@ class SamlController extends Controller
      *
      * @param Request $request
      *
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function acs(Request $request)
     {
@@ -126,7 +126,7 @@ class SamlController extends Controller
      *
      * @param Request $request
      *
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function sls(Request $request)
     {

app/Http/Controllers/BulkAssetModelsController.php

@@ -105,7 +105,7 @@ class BulkAssetModelsController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v1.0]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function destroy(Request $request)
     {

app/Http/Controllers/CategoriesController.php

@@ -5,7 +5,7 @@ namespace App\Http\Controllers;
 use App\Helpers\Helper;
 use App\Http\Requests\ImageUploadRequest;
 use App\Models\Category as Category;
-use Auth;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Storage;
 use Str;
 

app/Http/Controllers/CompaniesController.php

@@ -6,6 +6,7 @@ use App\Http\Requests\ImageUploadRequest;
 use App\Models\Company;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Facades\Log;
 
 /**
  * This controller handles all actions related to Companies for
@@ -154,7 +155,7 @@ final class CompaniesController extends Controller
             try {
                 Storage::disk('public')->delete('companies'.'/'.$company->image);
             } catch (\Exception $e) {
-                \Log::debug($e);
+                Log::debug($e);
             }
         }
 

app/Http/Controllers/Components/ComponentsController.php

@@ -11,6 +11,7 @@ use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\Storage;
 use Illuminate\Support\Facades\Validator;
+use Illuminate\Support\Facades\Log;
 
 /**
  * This class controls all actions related to Components for
@@ -188,7 +189,7 @@ class ComponentsController extends Controller
             try {
                 Storage::disk('public')->delete('components/'.$component->image);
             } catch (\Exception $e) {
-                \Log::debug($e);
+                Log::debug($e);
             }
         }
 

app/Http/Controllers/Components/ComponentsFilesController.php

@@ -10,6 +10,7 @@ use App\Models\Component;
 use Illuminate\Support\Facades\Response;
 use Illuminate\Support\Facades\Storage;
 use Symfony\Component\HttpFoundation\JsonResponse;
+use Illuminate\Support\Facades\Log;
 
 class ComponentsFilesController extends Controller
 {
@@ -84,7 +85,7 @@ class ComponentsFilesController extends Controller
                 try {
                     Storage::delete('components/'.$log->filename);
                 } catch (\Exception $e) {
-                    \Log::debug($e);
+                    Log::debug($e);
                 }
             }
 
@@ -110,7 +111,7 @@ class ComponentsFilesController extends Controller
      */
     public function show($componentId = null, $fileId = null)
     {
-        \Log::debug('Private filesystem is: '.config('filesystems.default'));
+        Log::debug('Private filesystem is: '.config('filesystems.default'));
         $component = Component::find($componentId);
 
         // the component is valid
@@ -126,8 +127,8 @@ class ComponentsFilesController extends Controller
             $file = 'private_uploads/components/'.$log->filename;
 
             if (Storage::missing($file)) {
-                \Log::debug('FILE DOES NOT EXISTS for '.$file);
-                \Log::debug('URL should be '.Storage::url($file));
+                Log::debug('FILE DOES NOT EXISTS for '.$file);
+                Log::debug('URL should be '.Storage::url($file));
 
                 return response('File '.$file.' ('.Storage::url($file).') not found on server', 404)
                     ->header('Content-Type', 'text/plain');

app/Http/Controllers/Consumables/ConsumableCheckoutController.php

@@ -71,8 +71,14 @@ class ConsumableCheckoutController extends Controller
 
         $this->authorize('checkout', $consumable);
 
+        // If the quantity is not present in the request or is not a positive integer, set it to 1
+        $quantity = $request->input('qty');
+        if (!isset($quantity) || !ctype_digit((string)$quantity) || $quantity <= 0) {
+            $quantity = 1;
+        }
+
         // Make sure there is at least one available to checkout
-        if ($consumable->numRemaining() <= 0) {
+        if ($consumable->numRemaining() <= 0 || $quantity > $consumable->numRemaining()) {
             return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.checkout.unavailable'));
         }
 
@@ -88,13 +94,14 @@ class ConsumableCheckoutController extends Controller
         // Update the consumable data
         $consumable->assigned_to = e($request->input('assigned_to'));
 
+        for($i = 0; $i < $quantity; $i++){
         $consumable->users()->attach($consumable->id, [
             'consumable_id' => $consumable->id,
             'user_id' => $admin_user->id,
             'assigned_to' => e($request->input('assigned_to')),
             'note' => $request->input('note'),
         ]);
-
+        }
         event(new CheckoutableCheckedOut($consumable, $user, Auth::user(), $request->input('note')));
 
         // Redirect to the new consumable page

app/Http/Controllers/Consumables/ConsumablesFilesController.php

@@ -10,7 +10,7 @@ use App\Models\Consumable;
 use Illuminate\Support\Facades\Response;
 use Illuminate\Support\Facades\Storage;
 use Symfony\Consumable\HttpFoundation\JsonResponse;
-
+use Illuminate\Support\Facades\Log;
 class ConsumablesFilesController extends Controller
 {
     /**
@@ -83,7 +83,7 @@ class ConsumablesFilesController extends Controller
                 try {
                     Storage::delete('consumables/'.$log->filename);
                 } catch (\Exception $e) {
-                    \Log::debug($e);
+                    Log::debug($e);
                 }
             }
 
@@ -124,8 +124,8 @@ class ConsumablesFilesController extends Controller
             $file = 'private_uploads/consumables/'.$log->filename;
 
             if (Storage::missing($file)) {
-                \Log::debug('FILE DOES NOT EXISTS for '.$file);
-                \Log::debug('URL should be '.Storage::url($file));
+                Log::debug('FILE DOES NOT EXISTS for '.$file);
+                Log::debug('URL should be '.Storage::url($file));
 
                 return response('File '.$file.' ('.Storage::url($file).') not found on server', 404)
                     ->header('Content-Type', 'text/plain');

app/Http/Controllers/Controller.php

@@ -22,7 +22,7 @@
 
 namespace App\Http\Controllers;
 
-use Auth;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
 use Illuminate\Foundation\Bus\DispatchesJobs;
 use Illuminate\Foundation\Validation\ValidatesRequests;

app/Http/Controllers/CustomFieldsController.php

@@ -8,7 +8,6 @@ use App\Models\CustomField;
 use App\Models\CustomFieldset;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Http\Request;
-use Redirect;
 
 /**
  * This controller handles all actions related to Custom Asset Fields for
@@ -260,7 +259,7 @@ class CustomFieldsController extends Controller
         
         $field->name          = trim(e($request->get("name")));
         $field->element       = e($request->get("element"));
-        $field->field_values  = e($request->get("field_values"));
+        $field->field_values  = $request->get("field_values");
         $field->user_id       = Auth::id();
         $field->help_text     = $request->get("help_text");
         $field->show_in_email = $show_in_email;

app/Http/Controllers/CustomFieldsetsController.php

@@ -86,7 +86,7 @@ class CustomFieldsetsController extends Controller
      * @author [Brady Wetherington] [<uberbrady@gmail.com>]
      * @since [v1.8]
      * @param Request $request
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function store(Request $request)
@@ -126,7 +126,7 @@ class CustomFieldsetsController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param  int  $id
      * @since [v6.0.14]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function edit($id)
@@ -147,7 +147,7 @@ class CustomFieldsetsController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @param  int  $id
      * @since [v6.0.14]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function update(Request $request, $id)

app/Http/Controllers/DepartmentsController.php

@@ -7,6 +7,7 @@ use App\Models\Department;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Facades\Log;
 
 class DepartmentsController extends Controller
 {
@@ -129,7 +130,7 @@ class DepartmentsController extends Controller
             try {
                 Storage::disk('public')->delete('departments'.'/'.$department->image);
             } catch (\Exception $e) {
-                \Log::debug($e);
+                Log::debug($e);
             }
         }
         $department->delete();

app/Http/Controllers/GoogleAuthController.php

@@ -8,7 +8,7 @@ use Illuminate\Support\Facades\Auth;
 use Laravel\Socialite\Facades\Socialite;
 use Laravel\Socialite\Two\InvalidStateException;
 use App\Models\Setting;
-
+use Illuminate\Support\Facades\Log;
 
 class GoogleAuthController extends Controller
 {
@@ -34,9 +34,9 @@ class GoogleAuthController extends Controller
     {
         try {
             $socialUser = Socialite::driver('google')->user();
-            \Log::debug('Google user found in Google Workspace');
+            Log::debug('Google user found in Google Workspace');
         } catch (InvalidStateException $exception) {
-            \Log::debug('Google user NOT found in Google Workspace');
+            Log::debug('Google user NOT found in Google Workspace');
             return redirect()->route('login')
                 ->withErrors(
                     [
@@ -52,7 +52,7 @@ class GoogleAuthController extends Controller
 
 
         if ($user) {
-            \Log::debug('Google user '.$socialUser->getEmail().' found in Snipe-IT');
+            Log::debug('Google user '.$socialUser->getEmail().' found in Snipe-IT');
             $user->update([
                 'avatar'   => $socialUser->avatar,
             ]);
@@ -61,7 +61,7 @@ class GoogleAuthController extends Controller
             return redirect()->route('home');
         }
 
-        \Log::debug('Google user '.$socialUser->getEmail().' NOT found in Snipe-IT');
+        Log::debug('Google user '.$socialUser->getEmail().' NOT found in Snipe-IT');
         return redirect()->route('login')
             ->withErrors(
                 [

app/Http/Controllers/GroupsController.php

@@ -5,7 +5,7 @@ namespace App\Http\Controllers;
 use App\Helpers\Helper;
 use App\Models\Group;
 use Illuminate\Http\Request;
-use Auth;
+use Illuminate\Support\Facades\Auth;
 
 /**
  * This controller handles all actions related to User Groups for

app/Http/Controllers/Kits/CheckoutKitController.php

@@ -48,7 +48,7 @@ class CheckoutKitController extends Controller
      * Validate and process the new Predefined Kit data.
      *
      * @author [D. Minaev.] [<dmitriy.minaev.v@gmail.com>]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function store(Request $request, $kit_id)
     {

app/Http/Controllers/Kits/PredefinedKitsController.php

@@ -47,7 +47,7 @@ class PredefinedKitsController extends Controller
      * Validate and process the new Predefined Kit data.
      *
      * @author [D. Minaev] [<dmitriy.minaev.v@gmail.com>]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function store(ImageUploadRequest $request)
     {
@@ -95,7 +95,7 @@ class PredefinedKitsController extends Controller
      * @author [D. Minaev] [<dmitriy.minaev.v@gmail.com>]
      * @since [v1.0]
      * @param int $kit_id
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function update(ImageUploadRequest $request, $kit_id = null)
     {
@@ -122,7 +122,7 @@ class PredefinedKitsController extends Controller
      * @author [D. Minaev] [<dmitriy.minaev.v@gmail.com>]
      * @since [v1.0]
      * @param int $kit_id
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function destroy($kit_id)
     {

app/Http/Controllers/LabelsController.php

@@ -14,6 +14,7 @@ use App\Models\Setting;
 use App\Models\Supplier;
 use App\Models\User;
 use App\View\Label as LabelView;
+use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Storage;
 
 class LabelsController extends Controller
@@ -21,9 +22,9 @@ class LabelsController extends Controller
     /**
      * Returns the Label view with test data
      *
-     * @author Grant Le Roux <grant.leroux+snipe-it@gmail.com>
-     * @param  string  $labelName
+     * @param string $labelName
      * @return \Illuminate\Contracts\View\View
+     * @author Grant Le Roux <grant.leroux+snipe-it@gmail.com>
      */
     public function show(string $labelName)
     {
@@ -66,16 +67,18 @@ class LabelsController extends Controller
         $exampleAsset->model->category->id = 999999;
         $exampleAsset->model->category->name = trans('admin/labels/table.example_category');
 
-        $customFieldColumns = CustomField::all()->pluck('db_column');
+        $customFieldColumns = CustomField::where('field_encrypted', '=', 0)->pluck('db_column');
 
         collect(explode(';', Setting::getSettings()->label2_fields))
             ->filter()
             ->each(function ($item) use ($customFieldColumns, $exampleAsset) {
-                $pair = explode('=', $item);
-
-                if ($customFieldColumns->contains($pair[1])) {
-                    $exampleAsset->{$pair[1]} = "{{$pair[0]}}";
-                }
+               $pair = explode('=', $item);
+               
+                if (array_key_exists(1, $pair)) {
+                        if ($customFieldColumns->contains($pair[1])) {
+                            $exampleAsset->{$pair[1]} = "{{$pair[0]}}";
+                        }
+                    }
             });
 
         $settings = Setting::getSettings();

app/Http/Controllers/Licenses/LicenseCheckinController.php

@@ -13,6 +13,7 @@ use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\Session;
 use Illuminate\Support\Facades\Validator;
+use Illuminate\Support\Facades\Log;
 
 class LicenseCheckinController extends Controller
 {
@@ -145,7 +146,7 @@ class LicenseCheckinController extends Controller
             $user_seat->assigned_to = null;
 
             if ($user_seat->save()) {
-                \Log::debug('Checking in '.$license->name.' from user '.$user_seat->username);
+                Log::debug('Checking in '.$license->name.' from user '.$user_seat->username);
                 $user_seat->logCheckin($user_seat->user, trans('admin/licenses/general.bulk.checkin_all.log_msg'));
             }
         }
@@ -160,7 +161,7 @@ class LicenseCheckinController extends Controller
             $asset_seat->asset_id = null;
 
             if ($asset_seat->save()) {
-                \Log::debug('Checking in '.$license->name.' from asset '.$asset_seat->asset_tag);
+                Log::debug('Checking in '.$license->name.' from asset '.$asset_seat->asset_tag);
                 $asset_seat->logCheckin($asset_seat->asset, trans('admin/licenses/general.bulk.checkin_all.log_msg'));
                 $count++;
             }

app/Http/Controllers/Licenses/LicenseCheckoutController.php

@@ -11,6 +11,7 @@ use App\Models\License;
 use App\Models\LicenseSeat;
 use App\Models\User;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Log;
 
 class LicenseCheckoutController extends Controller
 {
@@ -155,16 +156,16 @@ class LicenseCheckoutController extends Controller
 
     public function bulkCheckout($licenseId) {
 
-        \Log::debug('Checking out '.$licenseId.' via bulk');
+        Log::debug('Checking out '.$licenseId.' via bulk');
         $license = License::findOrFail($licenseId);
         $this->authorize('checkin', $license);
         $avail_count = $license->getAvailSeatsCountAttribute();
 
         $users = User::whereNull('deleted_at')->where('autoassign_licenses', '=', 1)->with('licenses')->get();
-        \Log::debug($avail_count.' will be assigned');
+        Log::debug($avail_count.' will be assigned');
 
         if ($users->count() > $avail_count) {
-            \Log::debug('You do not have enough free seats to complete this task, so we will check out as many as we can. ');
+            Log::debug('You do not have enough free seats to complete this task, so we will check out as many as we can. ');
         }
 
         // If the license is valid, check that there is an available seat
@@ -179,7 +180,7 @@ class LicenseCheckoutController extends Controller
 
             // Check to make sure this user doesn't already have this license checked out to them
             if ($user->licenses->where('id', '=', $licenseId)->count()) {
-                \Log::debug($user->username.' already has this license checked out to them. Skipping... ');
+                Log::debug($user->username.' already has this license checked out to them. Skipping... ');
                 continue;
             }
 
@@ -192,7 +193,7 @@ class LicenseCheckoutController extends Controller
                 $avail_count--;
                 $assigned_count++;
                 $licenseSeat->logCheckout(trans('admin/licenses/general.bulk.checkout_all.log_msg'), $user);
-                \Log::debug('License '.$license->name.' seat '.$licenseSeat->id.' checked out to '.$user->username);
+                Log::debug('License '.$license->name.' seat '.$licenseSeat->id.' checked out to '.$user->username);
             }
 
             if ($avail_count ==  0) {

app/Http/Controllers/Licenses/LicenseFilesController.php

@@ -7,9 +7,8 @@ use App\Http\Controllers\Controller;
 use App\Http\Requests\UploadFileRequest;
 use App\Models\Actionlog;
 use App\Models\License;
-use Illuminate\Support\Facades\Response;
 use Illuminate\Support\Facades\Storage;
-use Symfony\Component\HttpFoundation\JsonResponse;
+use Illuminate\Support\Facades\Log;
 
 class LicenseFilesController extends Controller
 {
@@ -20,7 +19,7 @@ class LicenseFilesController extends Controller
      * @param int $licenseId
      * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
-     *@author [A. Gianotto] [<snipe@snipe.net>]
+     * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v1.0]
      * @todo Switch to using the AssetFileRequest form request validator.
      */
@@ -78,7 +77,7 @@ class LicenseFilesController extends Controller
                     try {
                         Storage::delete('licenses/'.$log->filename);
                     } catch (\Exception $e) {
-                        \Log::debug($e);
+                        Log::debug($e);
                     }
                 }
                 
@@ -121,8 +120,8 @@ class LicenseFilesController extends Controller
             $file = 'private_uploads/licenses/'.$log->filename;
 
             if (Storage::missing($file)) {
-                \Log::debug('NOT EXISTS for '.$file);
-                \Log::debug('NOT EXISTS URL should be '.Storage::url($file));
+                Log::debug('NOT EXISTS for '.$file);
+                Log::debug('NOT EXISTS URL should be '.Storage::url($file));
 
                 return response('File '.$file.' ('.Storage::url($file).') not found on server', 404)
                     ->header('Content-Type', 'text/plain');

app/Http/Controllers/Licenses/LicensesController.php

@@ -11,6 +11,7 @@ use App\Models\User;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
+use Symfony\Component\HttpFoundation\StreamedResponse;
 
 /**
  * This controller handles all actions related to Licenses for
@@ -289,4 +290,106 @@ class LicensesController extends Controller
         ->with('item', $license)
         ->with('maintained_list', $maintained_list);
     }
+
+    /**
+     * Exports Licenses to CSV
+     *
+     * @author [G. Martinez]
+     * @since [v6.3]
+     * @return StreamedResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function getExportLicensesCsv()
+    {
+        $this->authorize('view', License::class);
+        \Debugbar::disable();
+
+        $response = new StreamedResponse(function () {
+            // Open output stream
+            $handle = fopen('php://output', 'w');
+            $licenses= License::with('company',
+                          'manufacturer',
+                          'category',
+                          'supplier',
+                          'adminuser',
+                          'assignedusers')
+                          ->orderBy('created_at', 'DESC');
+            Company::scopeCompanyables($licenses)
+                ->chunk(500, function ($licenses) use ($handle) {
+                    $headers = [
+                        // strtolower to prevent Excel from trying to open it as a SYLK file
+                        strtolower(trans('general.id')),
+                        trans('general.company'),
+                        trans('general.name'),
+                        trans('general.serial_number'),
+                        trans('general.purchase_date'),
+                        trans('general.purchase_cost'),
+                        trans('general.order_number'),
+                        trans('general.licenses_available'),
+                        trans('admin/licenses/table.seats'),
+                        trans('general.created_by'),
+                        trans('general.depreciation'),
+                        trans('general.updated_at'),
+                        trans('admin/licenses/table.deleted_at'),
+                        trans('general.email'),
+                        trans('admin/hardware/form.fully_depreciated'),
+                        trans('general.supplier'),
+                        trans('admin/licenses/form.expiration'),
+                        trans('admin/licenses/form.purchase_order'),
+                        trans('admin/licenses/form.termination_date'),
+                        trans('admin/licenses/form.maintained'),
+                        trans('general.manufacturer'),
+                        trans('general.category'),
+                        trans('general.min_amt'),
+                        trans('admin/licenses/form.reassignable'),
+                        trans('general.notes'),
+                        trans('general.created_at'),
+                    ];
+
+                    fputcsv($handle, $headers);
+
+                    foreach ($licenses as $license) {
+                        // Add a new row with data
+                        $values = [
+                            $license->id,
+                            $license->company ? $license->company->name: '',
+                            $license->name,
+                            $license->serial,
+                            $license->purchase_date,
+                            $license->purchase_cost,
+                            $license->order_number,
+                            $license->free_seat_count,
+                            $license->seats,
+                            ($license->adminuser ? $license->adminuser->present()->fullName() : trans('admin/reports/general.deleted_user')),
+                            $license->depreciation ? $license->depreciation->name: '',
+                            $license->updated_at,
+                            $license->deleted_at,
+                            $license->email,
+                            ( $license->depreciate == '1') ? trans('general.yes') : trans('general.no'),
+                            ($license->supplier) ? $license->supplier->name: '',
+                            $license->expiration_date,
+                            $license->purchase_order,
+                            $license->termination_date,
+                            ( $license->maintained == '1') ? trans('general.yes') : trans('general.no'),
+                            $license->manufacturer ? $license->manufacturer->name: '',
+                            $license->category ? $license->category->name: '',
+                            $license->min_amt,
+                            ( $license->reassignable == '1') ? trans('general.yes') : trans('general.no'),
+                            $license->notes,
+                            $license->created_at,
+                        ];
+
+                        fputcsv($handle, $values);
+                    }
+                });
+
+            // Close the output stream
+            fclose($handle);
+        }, 200, [
+            'Content-Type' => 'text/csv; charset=UTF-8',
+            'Content-Disposition' => 'attachment; filename="licenses-'.date('Y-m-d-his').'.csv"',
+        ]);
+
+        return $response;
+    }
 }

app/Http/Controllers/LocationsController.php

@@ -9,6 +9,7 @@ use App\Models\User;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Storage;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Log;
 
 /**
  * This controller handles all actions related to Locations for
@@ -186,7 +187,7 @@ class LocationsController extends Controller
             try {
                 Storage::disk('public')->delete('locations/'.$location->image);
             } catch (\Exception $e) {
-                \Log::error($e);
+                Log::error($e);
             }
         }
         $location->delete();
@@ -320,7 +321,12 @@ class LocationsController extends Controller
         $locations_raw_array = $request->input('ids');
 
         if ((is_array($locations_raw_array)) && (count($locations_raw_array) > 0)) {
-            $locations = Location::whereIn('id', $locations_raw_array)->get();
+            $locations = Location::whereIn('id', $locations_raw_array)
+                ->withCount('assignedAssets as assigned_assets_count')
+                ->withCount('assets as assets_count')
+                ->withCount('rtd_assets as rtd_assets_count')
+                ->withCount('children as children_count')
+                ->withCount('users as users_count')->get();
 
             $success_count = 0;
             $error_count = 0;
@@ -336,8 +342,8 @@ class LocationsController extends Controller
                 }
             }
 
-            \Log::debug('Success count: '.$success_count);
-            \Log::debug('Error count: '.$error_count);
+            Log::debug('Success count: '.$success_count);
+            Log::debug('Error count: '.$error_count);
             // Complete success
             if ($success_count == count($locations_raw_array)) {
                 return redirect()
@@ -351,7 +357,7 @@ class LocationsController extends Controller
             if ($error_count > 0) {
                 return redirect()
                     ->route('locations.index')
-                    ->with('warning', trans('general.bulk.partial_success',
+                    ->with('warning', trans('general.bulk.delete.partial',
                         ['success' => $success_count, 'error' => $error_count, 'object_type' => trans('general.locations')]
                     ));
                 }

app/Http/Controllers/ManufacturersController.php

@@ -12,6 +12,7 @@ use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Storage;
 use Redirect;
+use Illuminate\Support\Facades\Log;
 
 /**
  * This controller handles all actions related to Manufacturers for
@@ -174,7 +175,7 @@ class ManufacturersController extends Controller
             try {
                 Storage::disk('public')->delete('manufacturers/'.$manufacturer->image);
             } catch (\Exception $e) {
-                \Log::info($e);
+                Log::info($e);
             }
         }
 
@@ -219,7 +220,7 @@ class ManufacturersController extends Controller
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.1.15]
      * @param int $manufacturers_id
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      * @throws \Illuminate\Auth\Access\AuthorizationException
      */
     public function restore($id)

app/Http/Controllers/ProfileController.php

@@ -3,7 +3,6 @@
 namespace App\Http\Controllers;
 
 use App\Http\Requests\ImageUploadRequest;
-use App\Models\Asset;
 use App\Models\Setting;
 use App\Models\User;
 use App\Notifications\CurrentInventory;
@@ -11,10 +10,6 @@ use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Gate;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Hash;
-use Illuminate\Support\Facades\Storage;
-use Image;
-use Redirect;
-use View;
 
 /**
  * This controller handles all actions related to User Profiles for
@@ -33,8 +28,8 @@ class ProfileController extends Controller
      */
     public function getIndex()
     {
+        $this->authorize('self.profile');
         $user = Auth::user();
-
         return view('account/profile', compact('user'));
     }
 
@@ -47,6 +42,7 @@ class ProfileController extends Controller
      */
     public function postIndex(ImageUploadRequest $request)
     {
+        $this->authorize('self.profile');
         $user = Auth::user();
         $user->first_name = $request->input('first_name');
         $user->last_name = $request->input('last_name');
@@ -72,7 +68,7 @@ class ProfileController extends Controller
 
 
         if ($user->save()) {
-            return redirect()->route('profile')->with('success', 'Account successfully updated');
+            return redirect()->route('profile')->with('success', trans('account/general.profile_updated'));
         }
 
         return redirect()->back()->withInput()->withErrors($user->getErrors());
@@ -87,11 +83,9 @@ class ProfileController extends Controller
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v4.0]
-     * @return View
      */
-    public function api()
+    public function api(): \Illuminate\Contracts\View\View
     {
-
         // Make sure the self.api permission has been granted
         if (!Gate::allows('self.api')) {
             abort(403);
@@ -115,7 +109,7 @@ class ProfileController extends Controller
     /**
      * Users change password form processing page.
      *
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
      */
     public function passwordSave(Request $request)
     {