e2bea57146
Merge pull request #19167 from grokability/fmcs-scope-check-updates-for-multiple-companies
...
FMCS/Console: Fixed #19166 scope check updates for multiple companies, adds floater
2026-06-13 14:51:01 +01:00
43a32071f1
FMCS/Companyable Trait: refactor API call to use canCheckoutTo
2026-06-13 14:38:32 +01:00
73f72cbbb0
Use the new companyable trait in the bulk assets controller
2026-06-13 12:42:48 +01:00
2033f25386
FMCS/Floater: Refactor logic into the companyable trait
2026-06-13 12:36:15 +01:00
8d0a6af2aa
Refactor into the Companyable trait
2026-06-13 12:35:48 +01:00
70357ada3d
Merge pull request #19175 from marcusmoore/fixes/21665-filter-request-validation
...
Reporting: improve validation for item and target types
2026-06-12 22:02:30 +01:00
905d498ecd
Maintenances: Fixed FD-55977 - Cross-company asset maintenance re-parenting via API update
2026-06-12 19:17:44 +01:00
802067f398
Acceptances: Fixed FD-55978 - Cross-company deletion of pending checkout acceptances via unscoped report endpoint
2026-06-12 19:15:36 +01:00
b89504e1c3
Custom Asset Report: Fixed [RB-21669] - use subquery for action_log action_date
2026-06-12 17:49:48 +01:00
8ebddd95ff
FMCS+location scoping - Fixed scope boundaries
2026-06-12 16:46:23 +01:00
a27c551f64
Style changes requested
2026-06-12 16:10:17 +01:00
e71453cb5d
Reporting: re-add camel and pascal casing for asset model and license seat
2026-06-11 12:41:49 -07:00
bb19add3b6
Reporting: improve validation
2026-06-11 12:25:40 -07:00
6a0ec69451
FMCS/Validation: Fixed #19166 - translate error messages on FMCS fail
2026-06-10 12:44:46 +01:00
0f6367bb17
FMCS: Extended checks to accessories, bulk controllers, etc
2026-06-10 11:47:54 +01:00
53628d6ae3
FMCS: Users API - Check for floater in results
2026-06-10 11:26:41 +01:00
d03f68ae34
FMCS: Updated floater value in controller
2026-06-10 11:26:12 +01:00
e2ba35ee80
Small FMCS fixes
2026-06-09 12:33:48 +01:00
f4cac96358
Apply scope to print page
2026-06-09 12:18:50 +01:00
5257c2ce84
Merge pull request #19158 from grokability/added-qr-codes-to-non-assets
...
QR Codes: Added QR codes for non-assets
2026-06-08 22:38:16 +01:00
0d870d540d
Kits: Fixed FD-55737 - Kit License Association Lacks Object-Level Authorization
2026-06-08 21:55:16 +01:00
144772cfbe
Fixed tests
2026-06-08 21:41:22 +01:00
80c8aa41dc
License Checkin (legacy): Fixes FD-55734 - License Single-Seat Checkin Uses Incorrect Permission Check
2026-06-08 20:59:10 +01:00
5658cd6dd4
Reports (legacy): Fixed FD-55739 - Use CSV escaping on legacy depreciation and license reports
2026-06-08 20:40:03 +01:00
374f426f0c
Bulk checkin (with optional delete) users: Tightened the gates to check for more specific checkin permissions
2026-06-08 20:30:43 +01:00
cbc6dc94a5
Licenses/Accessory/Consumables: Fixed FD-55732 - confirm FMCS on backend
2026-06-08 17:08:18 +01:00
f74e7510c5
Licenses Checkout: Fixed FD-55733 - License Bulk Checkout Uses Incorrect Permission Check
2026-06-08 17:03:16 +01:00
d87cd7cbb9
Users Merge: Fixed FD-55767 - added canEditAuthFields for users in merge
2026-06-08 16:57:05 +01:00
9a8cbd6e00
API: Fixed FD-55735- API Location Creation Bypasses FMCS Parent-Child Company Boundary Validation
2026-06-08 16:52:05 +01:00
abc4363e83
Fixed FD-55839 - arbitrary file deletion
2026-06-08 16:48:18 +01:00
53599544af
Fixed FD-55751 - check for safe inline, force download otherwise
2026-06-08 16:31:52 +01:00
b5ec9e080d
QR Codes: Added QR codes for non-assets
2026-06-08 16:19:21 +01:00
1252681d55
API pagination: Fixed #19155 - API not paginating correctly with page=x, added tests
2026-06-08 14:03:47 +01:00
f0a9a49753
Update components to use… blade components
2026-06-04 14:34:32 +01:00
356a0d4c12
Fixed RB-20978 - Header may not contain more than a single header, new line detected
...
When edit() is called, it stores url()->previous() (the Referer header) as url.intended. When update() is called after, getRedirectOption() pulls that URL out of the session and uses it as a Location header. If that URL ever contains a \n or \r\n - whether from a crafted Referer header, a stale SAML RelayState, or a proxy quirk - PHP's header() function raises this exception as a header injection safeguard.
2026-06-03 20:38:50 +01:00
00d4d6c7a8
Don’t strip comany association if company_id is passed to the user (old integrations)
2026-06-03 12:30:08 +01:00
9c2495af29
Fixed #19131 - tighter validation for company_id/company_ids
2026-06-03 11:21:44 +01:00
bab5294399
Fixed #19133 - added optional clear asset name to quick scan checkin/audit
2026-06-03 10:52:04 +01:00
a161fa8519
Fix company syncing in bulk editing users
...
If the target user belongs to [A, B, C] and the acting admin belongs to [B, C], only B and C get detached. Company A — which the acting admin can't see — is left untouched.
2026-06-03 10:36:46 +01:00
01b1c3923d
Fixed #19119 - updated structure for accessort export, added tests
2026-06-01 18:25:43 +01:00
ba5a674526
Fixed FD-55720 check on legacy route
2026-05-30 10:04:00 +01:00
e84496f8b1
Fixed kit gate
2026-05-30 09:40:37 +01:00
ade07b411b
Added helper and CSS
2026-05-29 17:37:12 +01:00
4145f64399
Exclude current id on checkin pages
2026-05-29 10:50:10 +01:00
0170fb7711
Added test for location scoping
2026-05-29 10:39:03 +01:00
42df2f6c31
One more fix for #19112
2026-05-29 09:37:23 +01:00
9b522b69ff
Fixed #19112 - company list disabled
2026-05-29 09:13:03 +01:00
135db70b0f
Fixed #19100 - check all companies a user belongs to for asset assignment
2026-05-29 08:50:34 +01:00
ec67195014
Removed a few duplicate queries
2026-05-29 01:34:11 +01:00
0d745ad10f
Added view composer forn sidebar counts, removed sidebar middleware
2026-05-29 01:30:34 +01:00
snipe