Merge branch 'develop' into snipeit_v7_laravel10

snipe · Apr 24, 2024 · 3f5c5cb · 3f5c5cb
2 parents 65e21fa + 2439758
commit 3f5c5cb
Show file tree

Hide file tree

Showing 92 changed files with 1,190 additions and 414 deletions.
diff --git a/.env.docker b/.env.docker
@@ -45,6 +45,7 @@ DB_SSL_KEY_PATH=null
 DB_SSL_CERT_PATH=null
 DB_SSL_CA_PATH=null
 DB_SSL_CIPHER=null
+DB_SSL_VERIFY_SERVER=null
 
 # --------------------------------------------
 # REQUIRED: OUTGOING MAIL SERVER SETTINGS

diff --git a/.env.dusk.example b/.env.dusk.example
@@ -36,6 +36,7 @@ DB_SSL_KEY_PATH=null
 DB_SSL_CERT_PATH=null
 DB_SSL_CA_PATH=null
 DB_SSL_CIPHER=null
+DB_SSL_VERIFY_SERVER=null
 
 # --------------------------------------------
 # REQUIRED: OUTGOING MAIL SERVER SETTINGS

diff --git a/.env.example b/.env.example
@@ -42,6 +42,7 @@ DB_SSL_KEY_PATH=null
 DB_SSL_CERT_PATH=null
 DB_SSL_CA_PATH=null
 DB_SSL_CIPHER=null
+DB_SSL_VERIFY_SERVER=null
 
 # --------------------------------------------
 # REQUIRED: OUTGOING MAIL SERVER SETTINGS

diff --git a/app/Console/Commands/LdapSync.php b/app/Console/Commands/LdapSync.php
@@ -390,7 +390,7 @@ public function handle()
  $user->location_id = $location->id;
  }
  }
-
+ $location = null;
  $user->ldap_import = 1;
 
  $errors = '';

diff --git a/app/Http/Controllers/Api/AssetsController.php b/app/Http/Controllers/Api/AssetsController.php
@@ -665,25 +665,26 @@ public function update(ImageUploadRequest $request, $id)
  $model = AssetModel::find($asset->model_id);
 
  // Update custom fields
+ $problems_updating_encrypted_custom_fields = false;
  if (($model) && (isset($model->fieldset))) {
  foreach ($model->fieldset->fields as $field) {
  $field_val = $request->input($field->db_column, null);
 
  if ($request->has($field->db_column)) {
- if ($field->field_encrypted == '1') {
- if (Gate::allows('admin')) {
- $asset->{$field->db_column} = Crypt::encrypt($field_val);
- }
- }
  if ($field->element == 'checkbox') {
  if(is_array($field_val)) {
  $field_val = implode(',', $field_val);
- $asset->{$field->db_column} = $field_val;
  }
  }
- else {
- $asset->{$field->db_column} = $field_val;
+ if ($field->field_encrypted == '1') {
+ if (Gate::allows('admin')) {
+ $field_val = Crypt::encrypt($field_val);
+ } else {
+ $problems_updating_encrypted_custom_fields = true;
+ continue;
+ }
  }
+ $asset->{$field->db_column} = $field_val;
  }
  }
  }
@@ -709,8 +710,11 @@ public function update(ImageUploadRequest $request, $id)
  $asset->image = $asset->getImageUrl();
  }
 
- return response()->json(Helper::formatStandardApiResponse('success', $asset, trans('admin/hardware/message.update.success')));
- return response()->json(Helper::formatStandardApiResponse('success', (new AssetsTransformer)->transformAsset($asset), trans('admin/hardware/message.update.success')));
+ if ($problems_updating_encrypted_custom_fields) {
+ return response()->json(Helper::formatStandardApiResponse('success', $asset, trans('admin/hardware/message.update.encrypted_warning')));
+ } else {
+ return response()->json(Helper::formatStandardApiResponse('success', $asset, trans('admin/hardware/message.update.success')));
+ }
  }
 
  return response()->json(Helper::formatStandardApiResponse('error', null, $asset->getErrors()), 200);

diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php
@@ -276,6 +276,7 @@ public function index(Request $request)
  $users = $users->withTrashed();
  }
 
+ // Apply companyable scope
  $users = Company::scopeCompanyables($users);
 
 
@@ -406,7 +407,10 @@ public function store(SaveUserRequest $request)
  public function show($id)
  {
  $this->authorize('view', User::class);
+
  $user = User::withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count')->findOrFail($id);
+ $user = Company::scopeCompanyables($user)->find($id);
+ $this->authorize('update', $user);
 
  return (new UsersTransformer)->transformUser($user);
  }
@@ -426,6 +430,8 @@ public function update(SaveUserRequest $request, $id)
  $this->authorize('update', User::class);
 
  $user = User::findOrFail($id);
+ $user = Company::scopeCompanyables($user)->find($id);
+ $this->authorize('update', $user);
 
  /**
  * This is a janky hack to prevent people from changing admin demo user data on the public demo.
@@ -462,6 +468,7 @@ public function update(SaveUserRequest $request, $id)
  if (! Auth::user()->isSuperUser()) {
  unset($permissions_array['superuser']);
  }
+
  $user->permissions = $permissions_array;
  }
 
@@ -484,17 +491,27 @@ public function update(SaveUserRequest $request, $id)
 
  // Check if the request has groups passed and has a value
  if ($request->filled('groups')) {
+
  $validator = Validator::make($request->all(), [
  'groups.*' => 'integer|exists:permission_groups,id',
  ]);
 
  if ($validator->fails()){
  return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
  }
- $user->groups()->sync($request->input('groups'));
+
+ // Only save groups if the user is a superuser
+ if (Auth::user()->isSuperUser()) {
+ $user->groups()->sync($request->input('groups'));
+ }
+
  // The groups field has been passed but it is null, so we should blank it out
  } elseif ($request->has('groups')) {
- $user->groups()->sync([]);
+
+ // Only save groups if the user is a superuser
+ if (Auth::user()->isSuperUser()) {
+ $user->groups()->sync($request->input('groups'));
+ }
  }
 
 
@@ -515,37 +532,41 @@ public function update(SaveUserRequest $request, $id)
  public function destroy($id)
  {
  $this->authorize('delete', User::class);
- $user = User::findOrFail($id);
+ $user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed();
+ $user = Company::scopeCompanyables($user)->find($id);
  $this->authorize('delete', $user);
 
- if (($user->assets) && ($user->assets->count() > 0)) {
- return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.error.delete_has_assets')));
- }
+ if ($user) {
 
- if (($user->licenses) && ($user->licenses->count() > 0)) {
- return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has '.$user->licenses->count().' license(s) associated with them and cannot be deleted.'));
- }
+  if (($user->assets) && ($user->assets->count() > 0)) {
+  return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.error.delete_has_assets')));
+  }
 
- if (($user->accessories) && ($user->accessories->count() > 0)) {
- return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has '.$user->accessories->count().' accessories associated with them.'));
- }
+  if (($user->licenses) && ($user->licenses->count() > 0)) {
+  return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has ' . $user->licenses->count() . ' license(s) associated with them and cannot be deleted.'));
+  }
 
- if (($user->managedLocations()) && ($user->managedLocations()->count() > 0)) {
- return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has '.$user->managedLocations()->count().' locations that they manage.'));
- }
+ if (($user->accessories) && ($user->accessories->count() > 0)) {
+ return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has ' . $user->accessories->count() . ' accessories associated with them.'));
+ }
+
+ if (($user->managedLocations()) && ($user->managedLocations()->count() > 0)) {
+ return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has ' . $user->managedLocations()->count() . ' locations that they manage.'));
+ }
 
- if ($user->delete()) {
+  if ($user->delete()) {
 
- // Remove the user's avatar if they have one
- if (Storage::disk('public')->exists('avatars/'.$user->avatar)) {
- try {
- Storage::disk('public')->delete('avatars/'.$user->avatar);
- } catch (\Exception $e) {
- Log::debug($e);
+ // Remove the user's avatar if they have one
+ if (Storage::disk('public')->exists('avatars/' . $user->avatar)) {
+ try {
+ Storage::disk('public')->delete('avatars/' . $user->avatar);
+ } catch (\Exception $e) {
+ \Log::debug($e);
+ }
  }
- }
 
- return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.success.delete')));
+ return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.success.delete')));
+ }
  }
 
  return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.error.delete')));
@@ -563,6 +584,11 @@ public function assets(Request $request, $id)
  {
  $this->authorize('view', User::class);
  $this->authorize('view', Asset::class);
+
+ $user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed();
+ $user = Company::scopeCompanyables($user)->find($id);
+ $this->authorize('view', $user);
+
  $assets = Asset::where('assigned_to', '=', $id)->where('assigned_type', '=', User::class)->with('model');
 
 
@@ -598,7 +624,10 @@ public function assets(Request $request, $id)
  */
  public function emailAssetList(Request $request, $id)
  {
+ $this->authorize('update', User::class);
  $user = User::findOrFail($id);
+ $user = Company::scopeCompanyables($user)->find($id);
+ $this->authorize('update', $user);
 
  if (empty($user->email)) {
  return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.inventorynotification.error')));
@@ -622,6 +651,7 @@ public function consumables(Request $request, $id)
  $this->authorize('view', User::class);
  $this->authorize('view', Consumable::class);
  $user = User::findOrFail($id);
+ $this->authorize('update', $user);
  $consumables = $user->consumables;
  return (new ConsumablesTransformer)->transformConsumables($consumables, $consumables->count(), $request);
  }
@@ -638,6 +668,7 @@ public function accessories($id)
  {
  $this->authorize('view', User::class);
  $user = User::findOrFail($id);
+ $this->authorize('view', $user);
  $this->authorize('view', Accessory::class);
  $accessories = $user->accessories;
 
@@ -658,6 +689,7 @@ public function licenses($id)
  $this->authorize('view', License::class);
 
  if ($user = User::where('id', $id)->withTrashed()->first()) {
+ $this->authorize('update', $user);
  $licenses = $user->licenses()->get();
  return (new LicensesTransformer())->transformLicenses($licenses, $licenses->count());
  }
@@ -681,6 +713,7 @@ public function postTwoFactorReset(Request $request)
  if ($request->filled('id')) {
  try {
  $user = User::find($request->get('id'));
+ $this->authorize('update', $user);
  $user->two_factor_secret = null;
  $user->two_factor_enrolled = 0;
  $user->saveQuietly();

diff --git a/app/Http/Controllers/AssetModelsFilesController.php b/app/Http/Controllers/AssetModelsFilesController.php
@@ -38,7 +38,7 @@ public function store(UploadFileRequest $request, $modelId = null)
 
  $file_name = $request->handleFile('private_uploads/assetmodels/','model-'.$model->id,$file);
 
- $model->logUpload($file_name, e($request->get('notes')));
+ $model->logUpload($file_name, $request->get('notes'));
  }
 
  return redirect()->back()->with('success', trans('general.file_upload_success'));

diff --git a/app/Http/Controllers/Assets/AssetCheckinController.php b/app/Http/Controllers/Assets/AssetCheckinController.php
@@ -39,6 +39,12 @@ public function create($assetId, $backto = null)
 
  $this->authorize('checkin', $asset);
 
+ // This asset is already checked in, redirect
+
+ if (is_null($asset->assignedTo)) {
+ return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.checkin.already_checked_in'));
+ }
+
  return view('hardware/checkin', compact('asset'))->with('statusLabel_list', Helper::statusLabelList())->with('backto', $backto);
  }
 

diff --git a/app/Http/Controllers/Assets/AssetFilesController.php b/app/Http/Controllers/Assets/AssetFilesController.php
@@ -38,7 +38,7 @@ public function store(UploadFileRequest $request, $assetId = null)
  foreach ($request->file('file') as $file) {
  $file_name = $request->handleFile('private_uploads/assets/','hardware-'.$asset->id, $file);
 
- $asset->logUpload($file_name, e($request->get('notes')));
+ $asset->logUpload($file_name, $request->get('notes'));
  }
 
  return redirect()->back()->with('success', trans('admin/hardware/message.upload.success'));

diff --git a/app/Http/Controllers/LabelsController.php b/app/Http/Controllers/LabelsController.php
@@ -14,16 +14,17 @@
 use App\Models\Supplier;
 use App\Models\User;
 use App\View\Label as LabelView;
+use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Storage;
 
 class LabelsController extends Controller
 {
  /**
  * Returns the Label view with test data
  *
- * @author Grant Le Roux <[email protected]>
- * @param string $labelName
+ * @param string $labelName
  * @return \Illuminate\Contracts\View\View
+ * @author Grant Le Roux <[email protected]>
  */
  public function show(string $labelName)
  {
@@ -66,7 +67,7 @@ public function show(string $labelName)
  $exampleAsset->model->category->id = 999999;
  $exampleAsset->model->category->name = trans('admin/labels/table.example_category');
 
- $customFieldColumns = CustomField::all()->pluck('db_column');
+ $customFieldColumns = CustomField::where('field_encrypted', '=', 0)->pluck('db_column');
 
  collect(explode(';', Setting::getSettings()->label2_fields))
  ->filter()