Compare commits
33 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 snipe
|
e774f9e42e | ||
|
snipe
|
283ea00b3b | ||
|
snipe
|
062233329d | ||
|
snipe
|
bc61c8712c | ||
|
Marcus Moore
|
d9f5185dd2 | ||
|
snipe
|
dd0e31778d | ||
|
snipe
|
e835e13de8 | ||
|
snipe
|
1105ff43e1 | ||
|
snipe
|
bcf69d53ae | ||
|
snipe
|
f1b66ef96f | ||
|
snipe
|
5097dc8ee4 | ||
|
snipe
|
581d90b0a7 | ||
|
snipe
|
65ee12a052 | ||
|
snipe
|
6bd5bafece | ||
|
snipe
|
47d25da371 | ||
|
snipe
|
2cc6109959 | ||
|
snipe
|
a186f54478 | ||
|
snipe
|
17bbe7736a | ||
|
snipe
|
7beabb3a9c | ||
|
snipe
|
aac3b7b372 | ||
|
snipe
|
fea4a3d53e | ||
|
snipe
|
0c3f551dde | ||
|
snipe
|
64780e338b | ||
|
snipe
|
2dc2e6328f | ||
|
snipe
|
5851e2cd68 | ||
|
snipe
|
b90f2d719c | ||
|
snipe
|
d7fdb71554 | ||
|
snipe
|
646de9a074 | ||
|
snipe
|
34acd827be | ||
|
snipe
|
fbce94f591 | ||
|
snipe
|
0b30f9eae6 | ||
|
snipe
|
8f6782bdfa | ||
|
snipe
|
bbe7393a61 |
@@ -4262,24 +4262,6 @@
|
||||
"contributions": [
|
||||
"code"
|
||||
]
|
||||
},
|
||||
{
|
||||
"login": "Husky-Devel",
|
||||
"name": "Peter Gallwas",
|
||||
"avatar_url": "https://avatars.githubusercontent.com/u/75509373?v=4",
|
||||
"profile": "https://www.husky.nz",
|
||||
"contributions": [
|
||||
"code"
|
||||
]
|
||||
},
|
||||
{
|
||||
"login": "CybotTM",
|
||||
"name": "Sebastian Mendel",
|
||||
"avatar_url": "https://avatars.githubusercontent.com/u/326348?v=4",
|
||||
"profile": "https://github.com/CybotTM",
|
||||
"contributions": [
|
||||
"code"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
+1
-1
@@ -113,7 +113,7 @@ ENABLE_HSTS=false
|
||||
# --------------------------------------------
|
||||
CACHE_DRIVER=file
|
||||
SESSION_DRIVER=file
|
||||
QUEUE_CONNECTION=sync
|
||||
QUEUE_DRIVER=sync
|
||||
CACHE_PREFIX=snipeit
|
||||
|
||||
# --------------------------------------------
|
||||
|
||||
+1
-2
@@ -37,7 +37,6 @@ MYSQL_ROOT_PASSWORD=changeme1234
|
||||
DB_PREFIX=null
|
||||
DB_DUMP_PATH='/usr/bin'
|
||||
DB_DUMP_SKIP_SSL=true
|
||||
DB_DUMP_SINGLE_TRANSACTION=false
|
||||
DB_CHARSET=utf8mb4
|
||||
DB_COLLATION=utf8mb4_unicode_ci
|
||||
|
||||
@@ -121,7 +120,7 @@ ENABLE_HSTS=false
|
||||
# --------------------------------------------
|
||||
CACHE_DRIVER=file
|
||||
SESSION_DRIVER=file
|
||||
QUEUE_CONNECTION=sync
|
||||
QUEUE_DRIVER=sync
|
||||
CACHE_PREFIX=snipeit
|
||||
|
||||
# --------------------------------------------
|
||||
|
||||
+1
-1
@@ -72,7 +72,7 @@ CORS_ALLOWED_ORIGINS="*"
|
||||
# --------------------------------------------
|
||||
CACHE_DRIVER=file
|
||||
SESSION_DRIVER=file
|
||||
QUEUE_CONNECTION=sync
|
||||
QUEUE_DRIVER=sync
|
||||
|
||||
# --------------------------------------------
|
||||
# OPTIONAL: LOGIN THROTTLING
|
||||
|
||||
+3
-22
@@ -32,7 +32,6 @@ DB_PASSWORD=null
|
||||
DB_PREFIX=null
|
||||
DB_DUMP_PATH='/usr/bin'
|
||||
DB_DUMP_SKIP_SSL=false
|
||||
DB_DUMP_SINGLE_TRANSACTION=false
|
||||
DB_CHARSET=utf8mb4
|
||||
DB_COLLATION=utf8mb4_unicode_ci
|
||||
DB_SANITIZE_BY_DEFAULT=false
|
||||
@@ -91,16 +90,7 @@ IMAGE_LIB=gd
|
||||
|
||||
# --------------------------------------------
|
||||
# OPTIONAL: BACKUP SETTINGS
|
||||
# Backup filesystem configuration
|
||||
# - BACKUP_FILESYSTEM_DRIVER: Driver to use (local, s3, etc.)
|
||||
# Default: local (backward compatible)
|
||||
# Set to s3 to use S3 for backups (requires PRIVATE_AWS_* credentials)
|
||||
# - BACKUP_FILESYSTEM_ROOT: Root path/prefix
|
||||
# For local driver: leave commented for default to storage_path("app")
|
||||
# For S3 driver: empty string = bucket root, or specify prefix like "backups/"
|
||||
#--------------------------------------------
|
||||
BACKUP_FILESYSTEM_DRIVER=local
|
||||
#BACKUP_FILESYSTEM_ROOT=
|
||||
# --------------------------------------------
|
||||
MAIL_BACKUP_NOTIFICATION_DRIVER=null
|
||||
MAIL_BACKUP_NOTIFICATION_ADDRESS=null
|
||||
BACKUP_ENV=true
|
||||
@@ -134,7 +124,7 @@ BS_TABLE_DEEPLINK=true
|
||||
APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
|
||||
ALLOW_IFRAMING=false
|
||||
REFERRER_POLICY=same-origin
|
||||
ENABLE_CSP=true
|
||||
ENABLE_CSP=false
|
||||
ADDITIONAL_CSP_URLS=null
|
||||
CORS_ALLOWED_ORIGINS=null
|
||||
ENABLE_HSTS=false
|
||||
@@ -143,7 +133,7 @@ ENABLE_HSTS=false
|
||||
# OPTIONAL: CACHE SETTINGS
|
||||
# --------------------------------------------
|
||||
CACHE_DRIVER=file
|
||||
QUEUE_CONNECTION=sync
|
||||
QUEUE_DRIVER=sync
|
||||
CACHE_PREFIX=snipeit
|
||||
|
||||
# --------------------------------------------
|
||||
@@ -159,14 +149,6 @@ REDIS_PORT=null
|
||||
MEMCACHED_HOST=null
|
||||
MEMCACHED_PORT=null
|
||||
|
||||
# --------------------------------------------
|
||||
# OPTIONAL: S3 PROXY
|
||||
# When enabled, public uploads (images, logos, avatars) are served through
|
||||
# the application instead of directly from S3. This allows using a single
|
||||
# fully private S3 bucket for all storage.
|
||||
# --------------------------------------------
|
||||
PUBLIC_S3_PROXY=false
|
||||
|
||||
# --------------------------------------------
|
||||
# OPTIONAL: PUBLIC S3 Settings
|
||||
# --------------------------------------------
|
||||
@@ -211,7 +193,6 @@ LOGIN_AUTOCOMPLETE=false
|
||||
RESET_PASSWORD_LINK_EXPIRES=15
|
||||
PASSWORD_CONFIRM_TIMEOUT=10800
|
||||
PASSWORD_RESET_MAX_ATTEMPTS_PER_MIN=50
|
||||
TWO_FACTOR_MAX_ATTEMPTS_PER_MIN=5
|
||||
INVITE_PASSWORD_LINK_EXPIRES=1500
|
||||
|
||||
# --------------------------------------------
|
||||
|
||||
@@ -1,66 +0,0 @@
|
||||
# Pint: Models
|
||||
9623fa4d87e7fb38307028338c6991afb7d4e099
|
||||
|
||||
# Pint: Actions
|
||||
a3c7410c35388af08997b1c52adebda1056488a6
|
||||
|
||||
# Pint: Console
|
||||
8bce38b9187d23089a28a4f3a4ab960ac7471e90
|
||||
|
||||
# Pint: Enums and Events
|
||||
f7b82ad1ff513a25d775c20b58e9a8ce23461ec2
|
||||
|
||||
# Pint: Exceptions
|
||||
2e7046a810ce1f7562dec9d3ee4fee0cbc7262db
|
||||
|
||||
# Pint: Non-api controllers
|
||||
9bc92f57c8a29ac0e89c2d3f72f23c6c64567dd8
|
||||
|
||||
# Pint: Api controllers
|
||||
1e5d426e70dcd72fd7e87c2b11ff42fe3cc7a1a4
|
||||
|
||||
# Pint: Middleware
|
||||
ec6caf9b5959c6c57bd7be047e91bbb70fc303a7
|
||||
|
||||
# Pint: Requests
|
||||
93168326da54fa87880570c82df3ccbf3ff152e1
|
||||
|
||||
# Pint: Traits and Transformers
|
||||
a613380811f63f51e2951d2f4b8454d5274d5cdf
|
||||
|
||||
# Pint: Importer
|
||||
3e831bf9b3cc060f11c88ec69a9313131de8ee1f
|
||||
|
||||
# Pint: Jobs and Listeners
|
||||
317b1a462e079bf96d492dd3782de38b7144be9f
|
||||
|
||||
# Pint: Livewire
|
||||
53f2ef2ca11b0571de758b101f08f259de7830cf
|
||||
|
||||
# Pint: Mail
|
||||
de607e7d83704b30f809238c44d3d759196a77db
|
||||
|
||||
# Pint: Notifications
|
||||
31043d1f5cb5d287c0ab2ca2ba1ae08665bc6ad5
|
||||
|
||||
# Pint: Observers and policies
|
||||
b2c0a21230977443536655e43e524773e2ad9e27
|
||||
|
||||
# Pint: Presenters
|
||||
55d46cbefec5fe0bb7e28b859d540977d2cfee46
|
||||
|
||||
# Pint: Providers
|
||||
8b658a19b9182bf9a19e34bc9101ee11a13ed85b
|
||||
|
||||
# Pint: Config
|
||||
c1a93e3ac890ed1fc1c27ba6c431f6b58ff661d6
|
||||
|
||||
# Pint: Lang and resources
|
||||
84fdb5d6c19bf7882cb91d42fe8768fc0db0ce67
|
||||
|
||||
# Pint: Database
|
||||
b5a46a370f85c6e87c8a9fa4a4593424bb027712
|
||||
|
||||
# Pint: Tests
|
||||
d84eb43278177a9bcdfffe04c94d933eb49f2c48
|
||||
446f5f3cefdc1837a65fd4bc983741b29f821a78
|
||||
@@ -1,69 +0,0 @@
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
# EthicalCheck addresses the critical need to continuously security test APIs in development and in production.
|
||||
|
||||
# EthicalCheck provides the industry’s only free & automated API security testing service that uncovers security vulnerabilities using OWASP API list.
|
||||
# Developers relies on EthicalCheck to evaluate every update and release, ensuring that no APIs go to production with exploitable vulnerabilities.
|
||||
|
||||
# You develop the application and API, we bring complete and continuous security testing to you, accelerating development.
|
||||
|
||||
# Know your API and Applications are secure with EthicalCheck – our free & automated API security testing service.
|
||||
|
||||
# How EthicalCheck works?
|
||||
# EthicalCheck functions in the following simple steps.
|
||||
# 1. Security Testing.
|
||||
# Provide your OpenAPI specification or start with a public Postman collection URL.
|
||||
# EthicalCheck instantly instrospects your API and creates a map of API endpoints for security testing.
|
||||
# It then automatically creates hundreds of security tests that are non-intrusive to comprehensively and completely test for authentication, authorizations, and OWASP bugs your API. The tests addresses the OWASP API Security categories including OAuth 2.0, JWT, Rate Limit etc.
|
||||
|
||||
# 2. Reporting.
|
||||
# EthicalCheck generates security test report that includes all the tested endpoints, coverage graph, exceptions, and vulnerabilities.
|
||||
# Vulnerabilities are fully triaged, it contains CVSS score, severity, endpoint information, and OWASP tagging.
|
||||
|
||||
|
||||
# This is a starter workflow to help you get started with EthicalCheck Actions
|
||||
|
||||
name: EthicalCheck-Workflow
|
||||
|
||||
# Controls when the workflow will run
|
||||
on:
|
||||
# Triggers the workflow on push or pull request events but only for the "master" branch
|
||||
# Customize trigger events based on your DevSecOps processes.
|
||||
push:
|
||||
branches: [ "master" ]
|
||||
pull_request:
|
||||
branches: [ "master" ]
|
||||
schedule:
|
||||
- cron: '35 17 * * 6'
|
||||
|
||||
# Allows you to run this workflow manually from the Actions tab
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
Trigger_EthicalCheck:
|
||||
permissions:
|
||||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
|
||||
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: EthicalCheck Free & Automated API Security Testing Service
|
||||
uses: apisec-inc/ethicalcheck-action@005fac321dd843682b1af6b72f30caaf9952c641
|
||||
with:
|
||||
# The OpenAPI Specification URL or Swagger Path or Public Postman collection URL.
|
||||
oas-url: "http://netbanking.apisec.ai:8080/v2/api-docs"
|
||||
# The email address to which the penetration test report will be sent.
|
||||
email: "snipe@snipe.net"
|
||||
sarif-result-file: "ethicalcheck-results.sarif"
|
||||
|
||||
- name: Upload sarif file to repository
|
||||
uses: github/codeql-action/upload-sarif@v4
|
||||
with:
|
||||
sarif_file: ./ethicalcheck-results.sarif
|
||||
|
||||
@@ -28,7 +28,6 @@ jobs:
|
||||
- "8.2"
|
||||
- "8.3"
|
||||
- "8.4"
|
||||
- "8.5"
|
||||
|
||||
name: PHP ${{ matrix.php-version }}
|
||||
|
||||
|
||||
@@ -24,7 +24,6 @@ jobs:
|
||||
- "8.2"
|
||||
- "8.3"
|
||||
- "8.4"
|
||||
- "8.5"
|
||||
|
||||
|
||||
name: PHP ${{ matrix.php-version }}
|
||||
|
||||
@@ -15,7 +15,7 @@ jobs:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
php-version:
|
||||
- "8.5"
|
||||
- "8.3"
|
||||
|
||||
name: PHP ${{ matrix.php-version }}
|
||||
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
{
|
||||
"DOC1": "This file is meant to be pulled from the current HEAD of the desired branch, NOT referenced locally",
|
||||
"DOC2": "In other words, what you see locally are the requirements for your _current_ install",
|
||||
"DOC3": "Please don't rely on these versions for planning upgrades unless you've fetched the most recent version",
|
||||
"DOC4": "You should really just ignore it and run upgrade.php. Really",
|
||||
"php_min_version": "8.2.0",
|
||||
"php_max_major_minor": "8.5",
|
||||
"php_max_wontwork": "8.6.0",
|
||||
"current_snipeit_version": "8.0"
|
||||
"DOC1": "This file is meant to be pulled from the current HEAD of the desired branch, NOT referenced locally",
|
||||
"DOC2": "In other words, what you see locally are the requirements for your _current_ install",
|
||||
"DOC3": "Please don't rely on these versions for planning upgrades unless you've fetched the most recent version",
|
||||
"DOC4": "You should really just ignore it and run upgrade.php. Really",
|
||||
"php_min_version": "8.2.0",
|
||||
"php_max_major_minor": "8.4",
|
||||
"php_max_wontwork": "8.5.0",
|
||||
"current_snipeit_version": "8.0"
|
||||
}
|
||||
|
||||
@@ -1,110 +0,0 @@
|
||||
# CLAUDE.md
|
||||
|
||||
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
|
||||
|
||||
## Stack
|
||||
|
||||
- **PHP 8.2+** / **Laravel 12** (framework), **Laravel Mix** (webpack) for frontend assets
|
||||
- **AdminLTE 2** / **Bootstrap 3** UI — Blade views, no Livewire/Inertia
|
||||
- **Chart.js v2.9.4** — bundled at `public/js/dist/Chart.min.js`; use `horizontalBar` type (v2 API, not v3)
|
||||
|
||||
## Common Commands
|
||||
|
||||
```bash
|
||||
# Run all tests
|
||||
php artisan test
|
||||
# or
|
||||
vendor/bin/phpunit
|
||||
|
||||
# Run a single test file
|
||||
php artisan test tests/Feature/Assets/AssetsTest.php
|
||||
|
||||
# Run a specific test method
|
||||
php artisan test --filter testSomeMethod
|
||||
|
||||
# Build frontend assets (dev)
|
||||
npm run dev
|
||||
|
||||
# Build for production
|
||||
npm run prod
|
||||
|
||||
# Laravel Mix watch
|
||||
npm run watch
|
||||
|
||||
# Tinker / REPL
|
||||
php artisan tinker
|
||||
|
||||
# Clear caches after config/route changes
|
||||
php artisan optimize:clear
|
||||
```
|
||||
|
||||
Dev server is served via **Laravel Herd** (`herd coverage` for coverage reports).
|
||||
|
||||
## Architecture
|
||||
|
||||
### Controllers
|
||||
|
||||
Two parallel controller trees:
|
||||
- `app/Http/Controllers/` — web/UI controllers (Blade views)
|
||||
- `app/Http/Controllers/Api/` — REST API controllers (JSON, used by datatables + select2)
|
||||
|
||||
Subdirectory groupings: `Assets/`, `Licenses/`, `Users/`, `Accessories/`, `Consumables/`, `Components/`, `Kits/`, `Account/`, `Auth/`
|
||||
|
||||
### API Pattern
|
||||
|
||||
Every API controller returns data via a **Transformer** (`app/Http/Transformers/`). Never return raw model attributes from API controllers — always pass through the transformer. `DatatablesTransformer` wraps paginated results.
|
||||
|
||||
```php
|
||||
return (new AssetsTransformer)->transformAssets($assets, $assets->count());
|
||||
```
|
||||
|
||||
### Authorization
|
||||
|
||||
All authorization goes through **Policies** (`app/Policies/`). `CheckoutablePermissionsPolicy` is the base for assets/licenses/accessories/consumables — its `checkout()` / `checkin()` methods accept `$item = null` so you can use `@can('checkout', \App\Models\Asset::class)` without an instance.
|
||||
|
||||
### FMCS (Full Multiple Company Support)
|
||||
|
||||
`Setting::getSettings()->full_multiple_companies_support == '1'` gates company-scoped filtering. The select2 API endpoints (`selectlist()` methods) accept a `companyId` query param — apply it like this:
|
||||
|
||||
```php
|
||||
if ((Setting::getSettings()->full_multiple_companies_support == '1') && ($request->filled('companyId'))) {
|
||||
$query->where('table.company_id', $request->input('companyId'));
|
||||
}
|
||||
```
|
||||
|
||||
Pass `data-company-id="{{ $user->company_id }}"` in Blade to wire it to select2.
|
||||
|
||||
### Select2 AJAX Dropdowns
|
||||
|
||||
Use `class="js-data-ajax"` with `data-endpoint="hardware|licenses|consumables|..."`. `snipeit.js` auto-initializes these, forwarding `data-company-id` as `companyId` and `data-asset-status-type` as `statusType` to the API.
|
||||
|
||||
### Routes
|
||||
|
||||
All routes are in `routes/web.php` (UI) and `routes/api.php` (API). Breadcrumbs are defined inline using `->breadcrumbs(fn (Trail $trail) => ...)` from `tabuna/breadcrumbs`. Every UI route should have a breadcrumb.
|
||||
|
||||
Note: the `reports/unaccepted_assets` route is named with slashes, not dots — use `route('reports/unaccepted_assets')`.
|
||||
|
||||
### Translations
|
||||
|
||||
String keys live in `resources/lang/en-US/general.php` (and other files in that directory). Always add new UI strings as translation keys rather than hard-coding English.
|
||||
|
||||
### Checkout Redirect Flow
|
||||
|
||||
After checkout, `Helper::getRedirectOption()` reads `$request->redirect_option`. For redirecting back to the assigned user after checkout:
|
||||
- Set `redirect_option=target` in the form
|
||||
- Set `checkout_to_type=user` in the form
|
||||
- Set `assigned_user={{ $user->id }}` in the form
|
||||
|
||||
### Key Helper Methods (`app/Helpers/Helper.php`)
|
||||
|
||||
- `Helper::deployableStatusLabelList()` — status labels for checkout forms
|
||||
- `Helper::defaultChartColors()` — 10-color palette used in charts
|
||||
- `Helper::getRedirectOption($request, $id, $table)` — post-checkout redirect logic
|
||||
|
||||
### Global View Variables
|
||||
|
||||
`$snipeSettings` is injected into all views via a service provider — no need to pass `Setting::getSettings()` from every controller. Use it directly in Blade.
|
||||
|
||||
## Testing
|
||||
|
||||
Tests live in `tests/Feature/` (organized by entity) and `tests/Unit/`. Feature tests hit the database; the test environment uses `array` cache/session/mail drivers. Tests use factories for data setup.
|
||||
+1
-1
@@ -69,7 +69,7 @@ Thanks goes to all of these wonderful people ([emoji key](https://github.com/ken
|
||||
| [<img src="https://avatars.githubusercontent.com/u/10965027?v=4" width="110px;"/><br /><sub>Ellie</sub>](https://leafedfox.xyz/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=LeafedFox "Code") | [<img src="https://avatars.githubusercontent.com/u/20960555?v=4" width="110px;"/><br /><sub>GA Stamper</sub>](https://github.com/gastamper)<br />[💻](https://github.com/snipe/snipe-it/commits?author=gastamper "Code") | [<img src="https://avatars.githubusercontent.com/u/206553556?v=4" width="110px;"/><br /><sub>Guillaume Lefranc</sub>](https://github.com/gl-pup)<br />[💻](https://github.com/snipe/snipe-it/commits?author=gl-pup "Code") | [<img src="https://avatars.githubusercontent.com/u/733892?v=4" width="110px;"/><br /><sub>Hajo Möller</sub>](https://github.com/dasjoe)<br />[💻](https://github.com/snipe/snipe-it/commits?author=dasjoe "Code") | [<img src="https://avatars.githubusercontent.com/u/3420063?v=4" width="110px;"/><br /><sub>Istvan Basa</sub>](https://github.com/pottom)<br />[💻](https://github.com/snipe/snipe-it/commits?author=pottom "Code") | [<img src="https://avatars.githubusercontent.com/u/810824?v=4" width="110px;"/><br /><sub>JJ Asghar</sub>](https://jjasghar.github.io/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=jjasghar "Code") | [<img src="https://avatars.githubusercontent.com/u/40404495?v=4" width="110px;"/><br /><sub>James E. Msenga</sub>](https://github.com/JemCdo)<br />[💻](https://github.com/snipe/snipe-it/commits?author=JemCdo "Code") |
|
||||
| [<img src="https://avatars.githubusercontent.com/u/6865786?v=4" width="110px;"/><br /><sub>Jan Felix Wiebe</sub>](https://github.com/jfwiebe)<br />[💻](https://github.com/snipe/snipe-it/commits?author=jfwiebe "Code") | [<img src="https://avatars.githubusercontent.com/u/43412008?v=4" width="110px;"/><br /><sub>Jo Drexl</sub>](https://www.nfon.com/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=drexljo "Code") | [<img src="https://avatars.githubusercontent.com/u/4807843?v=4" width="110px;"/><br /><sub>Austin Sasko</sub>](https://github.com/austinsasko)<br />[💻](https://github.com/snipe/snipe-it/commits?author=austinsasko "Code") | [<img src="https://avatars.githubusercontent.com/u/4875039?v=4" width="110px;"/><br /><sub>Jasson</sub>](http://jassoncordones.github.io)<br />[💻](https://github.com/snipe/snipe-it/commits?author=JassonCordones "Code") | [<img src="https://avatars.githubusercontent.com/u/76069640?v=4" width="110px;"/><br /><sub>Okean</sub>](https://github.com/Tinyblargon)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Tinyblargon "Code") | [<img src="https://avatars.githubusercontent.com/u/6515064?v=4" width="110px;"/><br /><sub>Alejandro Medrano</sub>](https://www.lst.tfo.upm.es/alejandro-medrano/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=amedranogil "Code") | [<img src="https://avatars.githubusercontent.com/u/58696401?v=4" width="110px;"/><br /><sub>Lukas Kraic</sub>](https://github.com/lukaskraic)<br />[💻](https://github.com/snipe/snipe-it/commits?author=lukaskraic "Code") |
|
||||
| [<img src="https://avatars.githubusercontent.com/u/1571724?v=4" width="110px;"/><br /><sub>Герхард PICCORO Lenz McKAY </sub>](https://github-readme-stats.vercel.app/api?username=mckaygerhard)<br />[💻](https://github.com/snipe/snipe-it/commits?author=mckaygerhard "Code") | [<img src="https://avatars.githubusercontent.com/u/15015119?v=4" width="110px;"/><br /><sub>Johannes Pollitt</sub>](https://github.com/FlorestanII)<br />[💻](https://github.com/snipe/snipe-it/commits?author=FlorestanII "Code") | [<img src="https://avatars.githubusercontent.com/u/14185442?v=4" width="110px;"/><br /><sub>Michael Strobel</sub>](https://strobelm.de)<br />[💻](https://github.com/snipe/snipe-it/commits?author=strobelm "Code") | [<img src="https://avatars.githubusercontent.com/u/634790?v=4" width="110px;"/><br /><sub>Nicky West</sub>](http://nickwest.me)<br />[💻](https://github.com/snipe/snipe-it/commits?author=nickwest "Code") | [<img src="https://avatars.githubusercontent.com/u/1347327?v=4" width="110px;"/><br /><sub>akaspeh1</sub>](https://github.com/akaspeh1)<br />[💻](https://github.com/snipe/snipe-it/commits?author=akaspeh1 "Code") | [<img src="https://avatars.githubusercontent.com/u/2880129?v=4" width="110px;"/><br /><sub>Sebastian Marsching</sub>](http://sebastian.marsching.com/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=smarsching "Code") | [<img src="https://avatars.githubusercontent.com/u/40658372?v=4" width="110px;"/><br /><sub>Mo</sub>](https://github.com/mohammad-ahmadi1)<br />[💻](https://github.com/snipe/snipe-it/commits?author=mohammad-ahmadi1 "Code") |
|
||||
| [<img src="https://avatars.githubusercontent.com/u/20994684?v=4" width="110px;"/><br /><sub>Owen V. Hayes</sub>](https://github.com/MarvelousAnything)<br />[💻](https://github.com/snipe/snipe-it/commits?author=MarvelousAnything "Code") | [<img src="https://avatars.githubusercontent.com/u/75509373?v=4" width="110px;"/><br /><sub>Peter Gallwas</sub>](https://www.husky.nz)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Husky-Devel "Code") | [<img src="https://avatars.githubusercontent.com/u/326348?v=4" width="110px;"/><br /><sub>Sebastian Mendel</sub>](https://github.com/CybotTM)<br />[💻](https://github.com/snipe/snipe-it/commits?author=CybotTM "Code") |
|
||||
| [<img src="https://avatars.githubusercontent.com/u/20994684?v=4" width="110px;"/><br /><sub>Owen V. Hayes</sub>](https://github.com/MarvelousAnything)<br />[💻](https://github.com/snipe/snipe-it/commits?author=MarvelousAnything "Code") |
|
||||
<!-- ALL-CONTRIBUTORS-LIST:END -->
|
||||
|
||||
This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind welcome!
|
||||
|
||||
@@ -56,7 +56,6 @@ COPY --from=mlocati/php-extension-installer:2.1.15 /usr/bin/install-php-extensio
|
||||
RUN set -eux; \
|
||||
install-php-extensions \
|
||||
bcmath \
|
||||
exif \
|
||||
gd \
|
||||
ldap \
|
||||
mysqli \
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
|
||||
|
||||
[](https://crowdin.com/project/snipe-it) [](https://hub.docker.com/r/snipe/snipe-it/) [](https://github.com/grokability/snipe-it/actions/workflows/tests-mysql.yml)
|
||||
[](https://crowdin.com/project/snipe-it) [](https://hub.docker.com/r/snipe/snipe-it/) [](https://app.codacy.com/gh/grokability/snipe-it/dashboard?utm_source=gh&utm_medium=referral&utm_content=&utm_campaign=Badge_grade) [](https://github.com/grokability/snipe-it/actions/workflows/tests-mysql.yml)
|
||||
[](#contributing) [](https://discord.gg/yZFtShAcKk)
|
||||
|
||||
## Snipe-IT - Open Source Asset Management System
|
||||
|
||||
This is a FOSS project for asset management in IT Operations. Knowing who has which laptop, when it was purchased in order to depreciate it correctly, handling software licenses, etc.
|
||||
|
||||
It is built on [Laravel 12](http://laravel.com).
|
||||
It is built on [Laravel 11](http://laravel.com).
|
||||
|
||||
Snipe-IT is actively developed and we [release quite frequently](https://github.com/grokability/snipe-it/releases). ([Check out the live demo here](https://snipeitapp.com/demo/).)
|
||||
|
||||
@@ -98,7 +98,6 @@ Since the release of the JSON REST API, several third-party developers have been
|
||||
- [InQRy (archived)](https://github.com/Microsoft/InQRy) by [@Microsoft](https://github.com/Microsoft)
|
||||
- [Marksman (archived)](https://github.com/Scope-IT/marksman) - A Windows agent for Snipe-IT
|
||||
- [Python Module (archived)](https://github.com/jbloomer/SnipeIT-PythonAPI) by [@jbloomer](https://github.com/jbloomer)
|
||||
[IT-Tools](https://github.com/chrisnox/Snipeit-it-tools) by @chrisnox - Browser bookmarklets for PDF handover/return protocols, digital signatures, label printing (Zebra ZD410), AirWatch MDM sync and Lansweeper CSV import.
|
||||
|
||||
We also have a handful of [Google Apps scripts](https://github.com/grokability/google-apps-scripts-for-snipe-it) to help with various tasks.
|
||||
|
||||
|
||||
+4
-15
@@ -10,9 +10,9 @@ however there are times when library dependencies and/or PHP/MySQL dependencies
|
||||
make it impossible to backport security fixes on older versions.
|
||||
|
||||
| Version | Supported |
|
||||
|---------|--------------------|
|
||||
|---------| ------------------ |
|
||||
| 8.x | :white_check_mark: |
|
||||
| 7.x | :x: |
|
||||
| 7.x | :white_check_mark: |
|
||||
| 6.x | :x: |
|
||||
| 5.1.x | :x: |
|
||||
| 5.0.x | :x: |
|
||||
@@ -24,18 +24,7 @@ make it impossible to backport security fixes on older versions.
|
||||
Security vulnerabilities should be sent to security@snipeitapp.com. You can typically expect a
|
||||
response within two business days, and we typically have fixes out in under a week from the initial disclosure.
|
||||
|
||||
This obviously varies based on the severity of the security issue and the difficulty in remediation, but those have
|
||||
historically been the timelines we work around.
|
||||
|
||||
We do ask that you do not disclose the vulnerability publicly until we have had a chance to address it and tag a release
|
||||
so that we can protect our users, and we will work
|
||||
with you to coordinate a public disclosure once we have a fix out. We will also work with you to ensure that you receive
|
||||
appropriate credit for the discovery of the vulnerability, if you would like to be credited. (Please provide a GitHub
|
||||
username or other information if you would like to be credited, and please let us know if you would like to remain
|
||||
anonymous.)
|
||||
|
||||
For responsible disclosure, we ask that you give us at least __90 days__ to address the issue before disclosing it
|
||||
publicly,
|
||||
but we will work with you if you need to disclose it sooner than that.
|
||||
This obviously varies based on the severity of the security issue and the difficulty in remediation,
|
||||
but those have historically been the timelines we worm around.
|
||||
|
||||
For a full breakdown of our security policies, please see https://snipeitapp.com/security.
|
||||
|
||||
@@ -1,109 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Actions\Breadcrumbs;
|
||||
|
||||
use App\Models\Accessory;
|
||||
use App\Models\Asset;
|
||||
use App\Models\CheckoutAcceptance;
|
||||
use App\Models\Consumable;
|
||||
use App\Models\License;
|
||||
use App\Models\LicenseSeat;
|
||||
use App\Models\User;
|
||||
use Tabuna\Breadcrumbs\Trail;
|
||||
|
||||
final class BuildAcceptanceBreadcrumbs
|
||||
{
|
||||
public static function forAcceptance(Trail $trail, CheckoutAcceptance|int|string $acceptance): void
|
||||
{
|
||||
$acceptance = self::resolveAcceptance($acceptance);
|
||||
$trail->parent('home');
|
||||
|
||||
if (! $acceptance instanceof CheckoutAcceptance) {
|
||||
self::appendProfileContext($trail);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if (! self::isSignInPlaceFlow($acceptance)) {
|
||||
self::appendProfileContext($trail);
|
||||
$trail->push(trans('general.accept_item'), route('account.accept.item', $acceptance));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
self::appendCheckoutFlowContext($trail, $acceptance);
|
||||
$trail->push(self::buildSignInPlaceLabel($acceptance));
|
||||
}
|
||||
|
||||
private static function resolveAcceptance(CheckoutAcceptance|int|string $acceptance): ?CheckoutAcceptance
|
||||
{
|
||||
if ($acceptance instanceof CheckoutAcceptance) {
|
||||
return $acceptance;
|
||||
}
|
||||
|
||||
if (is_numeric($acceptance)) {
|
||||
return CheckoutAcceptance::find((int) $acceptance);
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
private static function isSignInPlaceFlow(CheckoutAcceptance $acceptance): bool
|
||||
{
|
||||
return (int) session('sign_in_place_acceptance_id') === (int) $acceptance->id;
|
||||
}
|
||||
|
||||
private static function appendProfileContext(Trail $trail): void
|
||||
{
|
||||
$trail->push(trans('general.profile'), route('account'));
|
||||
$trail->push(trans('general.accept_items'), route('account.accept'));
|
||||
}
|
||||
|
||||
private static function appendCheckoutFlowContext(Trail $trail, CheckoutAcceptance $acceptance): void
|
||||
{
|
||||
$checkoutable = $acceptance->checkoutable;
|
||||
|
||||
if ($checkoutable instanceof Asset) {
|
||||
$trail->push(trans('general.assets'), route('hardware.index'));
|
||||
$trail->push($checkoutable->display_name ?? trans('general.asset'), route('hardware.show', $checkoutable));
|
||||
$trail->push(trans('general.checkout'));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if ($checkoutable instanceof LicenseSeat) {
|
||||
$license = $checkoutable->license;
|
||||
|
||||
if ($license instanceof License) {
|
||||
$trail->push(trans('general.licenses'), route('licenses.index'));
|
||||
$trail->push($license->display_name ?? trans('general.license'), route('licenses.show', $license));
|
||||
$trail->push(trans('general.checkout'));
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if ($checkoutable instanceof Consumable) {
|
||||
$trail->push(trans('general.consumables'), route('consumables.index'));
|
||||
$trail->push($checkoutable->display_name ?? trans('general.consumable'), route('consumables.show', $checkoutable));
|
||||
$trail->push(trans('general.checkout'));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if ($checkoutable instanceof Accessory) {
|
||||
$trail->push(trans('general.accessories'), route('accessories.index'));
|
||||
$trail->push($checkoutable->display_name ?? trans('general.accessory'), route('accessories.show', $checkoutable));
|
||||
$trail->push(trans('general.checkout'));
|
||||
}
|
||||
}
|
||||
|
||||
private static function buildSignInPlaceLabel(CheckoutAcceptance $acceptance): string
|
||||
{
|
||||
if ($acceptance->assignedTo instanceof User) {
|
||||
return sprintf('%s for %s', trans('general.sign_in_place'), $acceptance->assignedTo->display_name);
|
||||
}
|
||||
|
||||
return trans('general.sign_in_place');
|
||||
}
|
||||
}
|
||||
@@ -44,7 +44,7 @@ class CreateCheckoutRequestAction
|
||||
$asset->request();
|
||||
$asset->increment('requests_counter', 1);
|
||||
try {
|
||||
$settings->notify((new RequestAssetNotification($data))->locale($settings->locale));
|
||||
$settings->notify(new RequestAssetNotification($data));
|
||||
} catch (\Exception $e) {
|
||||
Log::warning($e);
|
||||
}
|
||||
|
||||
@@ -1,30 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Actions\Permissions;
|
||||
|
||||
final class NormalizePermissionsPayloadAction
|
||||
{
|
||||
/**
|
||||
* Normalize permissions payloads from request/model to a consistent associative array.
|
||||
*
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public static function run(mixed $permissions): array
|
||||
{
|
||||
if (is_string($permissions)) {
|
||||
$decoded = json_decode($permissions, true);
|
||||
|
||||
return is_array($decoded) ? $decoded : [];
|
||||
}
|
||||
|
||||
if (is_array($permissions)) {
|
||||
return $permissions;
|
||||
}
|
||||
|
||||
if ($permissions instanceof \stdClass) {
|
||||
return (array) $permissions;
|
||||
}
|
||||
|
||||
return [];
|
||||
}
|
||||
}
|
||||
@@ -1,41 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Actions\Permissions;
|
||||
|
||||
use App\Models\User;
|
||||
|
||||
final class PreserveUnauthorizedPrivilegedPermissionsAction
|
||||
{
|
||||
/**
|
||||
* Preserve privileged permission keys unless the authenticated user may manage them.
|
||||
*
|
||||
* @param array<string, mixed> $requestedPermissions
|
||||
* @param array<string, mixed> $originalPermissions
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public static function run(array $requestedPermissions, User $authenticatedUser, array $originalPermissions = [], ?User $targetUser = null): array
|
||||
{
|
||||
// Disallow non-admin/superuser users from modifying their own permissions, but allow them to modify other users' permissions (except for admin/superuser keys).
|
||||
if ($targetUser && ! $authenticatedUser->isSuperUser() && $authenticatedUser->id === $targetUser->id) {
|
||||
return $originalPermissions;
|
||||
}
|
||||
|
||||
if (! $authenticatedUser->isSuperUser()) {
|
||||
if (array_key_exists('superuser', $originalPermissions)) {
|
||||
$requestedPermissions['superuser'] = $originalPermissions['superuser'];
|
||||
} else {
|
||||
unset($requestedPermissions['superuser']);
|
||||
}
|
||||
}
|
||||
|
||||
if ((! $authenticatedUser->isAdmin()) && (! $authenticatedUser->isSuperUser())) {
|
||||
if (array_key_exists('admin', $originalPermissions)) {
|
||||
$requestedPermissions['admin'] = $originalPermissions['admin'];
|
||||
} else {
|
||||
unset($requestedPermissions['admin']);
|
||||
}
|
||||
}
|
||||
|
||||
return $requestedPermissions;
|
||||
}
|
||||
}
|
||||
@@ -1,989 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Console\Commands;
|
||||
|
||||
use App\Events\CheckoutableCheckedIn;
|
||||
use App\Mail\BulkDeleteReportMail;
|
||||
use App\Models\Accessory;
|
||||
use App\Models\AccessoryCheckout;
|
||||
use App\Models\Actionlog;
|
||||
use App\Models\Asset;
|
||||
use App\Models\CheckoutAcceptance;
|
||||
use App\Models\Company;
|
||||
use App\Models\Component;
|
||||
use App\Models\Consumable;
|
||||
use App\Models\License;
|
||||
use App\Models\LicenseSeat;
|
||||
use App\Models\User;
|
||||
use Illuminate\Console\Command;
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use Illuminate\Support\Facades\Mail;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use Symfony\Component\Console\Helper\ProgressBar;
|
||||
|
||||
use function Laravel\Prompts\confirm;
|
||||
use function Laravel\Prompts\error;
|
||||
use function Laravel\Prompts\info;
|
||||
use function Laravel\Prompts\multisearch;
|
||||
use function Laravel\Prompts\multiselect;
|
||||
use function Laravel\Prompts\search;
|
||||
use function Laravel\Prompts\select;
|
||||
use function Laravel\Prompts\warning;
|
||||
|
||||
class BulkDelete extends Command
|
||||
{
|
||||
protected $signature = 'snipeit:checkin-delete-items';
|
||||
|
||||
protected $description = 'Interactively check in and/or delete items by company and type';
|
||||
|
||||
private const CHECKIN_NOTE = 'Checked in via bulk CLI operation';
|
||||
|
||||
private array $reportLines = [];
|
||||
|
||||
public function handle(): int
|
||||
{
|
||||
// Step 1: Dry run?
|
||||
$dryRun = confirm(
|
||||
label: 'Is this a dry run?',
|
||||
default: true,
|
||||
yes: 'Yes — preview only, no changes will be made',
|
||||
no: 'No — LIVE RUN, changes WILL be made',
|
||||
);
|
||||
|
||||
// Step 2: Who are you?
|
||||
$adminId = search(
|
||||
label: 'Who are you? Search by username, first or last name.',
|
||||
placeholder: 'Type to search users...',
|
||||
options: function (string $value): array {
|
||||
if (strlen($value) < 1) {
|
||||
return [];
|
||||
}
|
||||
|
||||
return User::where('activated', 1)
|
||||
->whereNull('deleted_at')
|
||||
->onlySuperAdmins()
|
||||
->where(function ($query) use ($value) {
|
||||
$query->where('username', 'like', "%{$value}%")
|
||||
->orWhere('first_name', 'like', "%{$value}%")
|
||||
->orWhere('last_name', 'like', "%{$value}%")
|
||||
->orWhereRaw("CONCAT(first_name, ' ', last_name) LIKE ?", ["%{$value}%"]);
|
||||
})
|
||||
->get()
|
||||
->mapWithKeys(fn (User $u) => [$u->id => "{$u->first_name} {$u->last_name} ({$u->username})"])
|
||||
->toArray();
|
||||
},
|
||||
validate: fn (mixed $value) => ! $value ? 'A valid active user is required.' : null,
|
||||
);
|
||||
|
||||
/** @var User $admin */
|
||||
$admin = User::findOrFail((int) $adminId);
|
||||
|
||||
// Step 3: Which companies?
|
||||
if (! Company::exists()) {
|
||||
error('No companies found. Please create at least one company before using this command.');
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
$selectedCompanyKeys = multisearch(
|
||||
label: 'Which companies would you like to check in and delete items for?',
|
||||
placeholder: 'Type to search companies...',
|
||||
options: function (string $value): array {
|
||||
$results = [];
|
||||
|
||||
if ($value === '' || str_contains('(no company / unassigned)', strtolower($value))) {
|
||||
$results['__null__'] = '(No Company / Unassigned)';
|
||||
}
|
||||
|
||||
$query = Company::orderBy('name');
|
||||
if ($value !== '') {
|
||||
$query->where('name', 'like', "%{$value}%");
|
||||
}
|
||||
|
||||
$query->get()->each(function (Company $c) use (&$results) {
|
||||
$results[$c->id] = "{$c->name} (ID: {$c->id})";
|
||||
});
|
||||
|
||||
return $results;
|
||||
},
|
||||
scroll: 10,
|
||||
required: 'Please select at least one company.',
|
||||
hint: 'If you\'re searching on several differently named companies, use the up-arrow to go back to the search box to search again. ',
|
||||
);
|
||||
|
||||
$includeNullCompany = in_array('__null__', $selectedCompanyKeys);
|
||||
$selectedCompanyIds = array_values(array_filter(
|
||||
$selectedCompanyKeys,
|
||||
fn ($k) => $k !== '__null__'
|
||||
));
|
||||
|
||||
$companyNamesById = Company::whereIn('id', $selectedCompanyIds)->pluck('name', 'id')->toArray();
|
||||
$selectedCompanyNames = array_map(
|
||||
fn ($id) => $id === '__null__' ? '(No Company)' : ($companyNamesById[$id] ?? "(ID: {$id})"),
|
||||
$selectedCompanyKeys
|
||||
);
|
||||
|
||||
// Step 4: Which item types?
|
||||
$rawTypeSelection = multiselect(
|
||||
label: 'What item types would you like to check in and delete?',
|
||||
options: [
|
||||
'all' => 'All Items (assets, licenses, accessories, components, consumables, users)',
|
||||
'assets' => 'Assets',
|
||||
'licenses' => 'Licenses',
|
||||
'accessories' => 'Accessories',
|
||||
'components' => 'Components',
|
||||
'consumables' => 'Consumables',
|
||||
'users' => 'Users',
|
||||
],
|
||||
required: 'Please select at least one item type.',
|
||||
hint: 'Select "All Items" to process every supported type.',
|
||||
);
|
||||
|
||||
$allSubTypes = ['assets', 'licenses', 'accessories', 'components', 'consumables', 'users'];
|
||||
$selectedTypes = in_array('all', $rawTypeSelection)
|
||||
? $allSubTypes
|
||||
: array_values(array_intersect($allSubTypes, $rawTypeSelection));
|
||||
|
||||
// Compute and display counts now so the user can see what will be affected
|
||||
$counts = $this->getCounts($selectedTypes, $selectedCompanyIds, $includeNullCompany);
|
||||
|
||||
$skipAdminUser = false;
|
||||
|
||||
$this->line('');
|
||||
$this->line(' Items that would be affected:');
|
||||
foreach ($counts as $type => $count) {
|
||||
$this->line(sprintf(' %-14s %d', ucfirst($type).':', $count));
|
||||
}
|
||||
|
||||
if (in_array('users', $selectedTypes)) {
|
||||
$userInScope = $this->buildUserQuery($selectedCompanyIds, $includeNullCompany)
|
||||
->where('users.id', $admin->id)
|
||||
->exists();
|
||||
|
||||
if ($userInScope) {
|
||||
$skipAdminUser = true;
|
||||
$counts['users'] = max(0, ($counts['users'] ?? 0) - 1);
|
||||
warning(" Your user ({$admin->username}) is within the selected scope and will be skipped during user deletion.");
|
||||
}
|
||||
}
|
||||
|
||||
$this->line('');
|
||||
|
||||
// Step 5: Hard delete, soft delete, or no delete?
|
||||
$deleteType = select(
|
||||
label: 'How should items be deleted?',
|
||||
options: [
|
||||
'soft' => 'Soft delete — items moved to trash (recoverable)',
|
||||
'hard' => 'Hard delete — permanently removed (cannot be recovered)',
|
||||
'none' => 'No delete — check in only, items remain in inventory',
|
||||
],
|
||||
default: 'soft',
|
||||
);
|
||||
|
||||
// Step 6: Send checkin notifications? (not applicable to users or consumables)
|
||||
$notifiableTypes = array_intersect($selectedTypes, ['assets', 'licenses', 'accessories', 'components']);
|
||||
$sendNotifications = false;
|
||||
|
||||
if (! empty($notifiableTypes)) {
|
||||
$sendNotifications = confirm(
|
||||
label: 'Should we send checkin notifications?',
|
||||
default: true,
|
||||
hint: 'Applies to: '.implode(', ', $notifiableTypes).'. Users and consumables are excluded.',
|
||||
);
|
||||
}
|
||||
|
||||
// Step 7: Clear related action_logs?
|
||||
$clearLogs = confirm(
|
||||
label: 'Should we clear related action logs?',
|
||||
default: false,
|
||||
hint: 'This removes all history for affected items, as if the data never existed.',
|
||||
);
|
||||
|
||||
// Step 8: Delete associated files?
|
||||
$deleteFiles = false;
|
||||
if ($deleteType !== 'none') {
|
||||
$deleteFiles = confirm(
|
||||
label: 'Should we also delete associated image and upload files?',
|
||||
default: $deleteType === 'hard',
|
||||
hint: 'Permanently removes images, avatars, signatures, EULAs, and action log uploads from disk.',
|
||||
);
|
||||
}
|
||||
|
||||
// Step 9: Delete the companies themselves?
|
||||
$deleteCompanyType = 'keep';
|
||||
if (! empty($selectedCompanyIds)) {
|
||||
$deleteCompanyType = select(
|
||||
label: 'Should the selected companies also be deleted?',
|
||||
options: [
|
||||
'keep' => 'Keep — do not delete the companies',
|
||||
'soft' => 'Soft delete — companies moved to trash (recoverable)',
|
||||
'hard' => 'Hard delete — permanently removed (cannot be recovered)',
|
||||
],
|
||||
default: 'keep',
|
||||
);
|
||||
}
|
||||
|
||||
// Step 10: Backup first?
|
||||
$doBackup = confirm(
|
||||
label: 'Should we run a backup before proceeding?',
|
||||
default: true,
|
||||
hint: 'Strongly recommended. Saved as backup-before-bulk-delete-cli-[datetime].zip',
|
||||
);
|
||||
|
||||
// Step 11: Summary + final confirmation
|
||||
$this->line('');
|
||||
$this->line(' ════════════════════════════════════════════════════');
|
||||
$this->line(' SUMMARY OF ACTIONS');
|
||||
$this->line(' ════════════════════════════════════════════════════');
|
||||
$this->line(" Admin user: {$admin->first_name} {$admin->last_name} ({$admin->username})");
|
||||
$this->line(' Companies: '.implode(', ', $selectedCompanyNames));
|
||||
$this->line(' Item types: '.implode(', ', $selectedTypes));
|
||||
$this->line(" Delete mode: {$deleteType}");
|
||||
$this->line(' Notifications: '.($sendNotifications ? 'Yes' : 'No'));
|
||||
$this->line(' Clear logs: '.($clearLogs ? 'Yes' : 'No'));
|
||||
$this->line(' Delete files: '.($deleteFiles ? 'Yes' : 'No'));
|
||||
$this->line(' Delete companies: '.($deleteCompanyType === 'keep' ? 'No' : ucfirst($deleteCompanyType).' delete'));
|
||||
$this->line(' Backup first: '.($doBackup ? 'Yes' : 'No'));
|
||||
$this->line(' Dry run: '.($dryRun ? 'Yes' : 'No'));
|
||||
$this->line('');
|
||||
$this->line(' Items to be processed:');
|
||||
foreach ($counts as $type => $count) {
|
||||
$this->line(sprintf(' %-14s %d', ucfirst($type).':', $count));
|
||||
}
|
||||
if ($skipAdminUser) {
|
||||
$this->line(' * Your user account will be skipped during user deletion.');
|
||||
}
|
||||
$this->line(' ════════════════════════════════════════════════════');
|
||||
$this->line('');
|
||||
|
||||
// Step 10.5: Email report?
|
||||
$sendEmailReport = false;
|
||||
if ($admin->email) {
|
||||
$sendEmailReport = confirm(
|
||||
label: "Send an email report to {$admin->email}?",
|
||||
default: false,
|
||||
hint: 'A summary of all '.($dryRun ? 'would-be ' : '').'actions will be emailed to you.',
|
||||
);
|
||||
}
|
||||
|
||||
if (! $dryRun) {
|
||||
$confirmed = confirm(
|
||||
label: 'Are you sure you want to proceed? This cannot be undone.',
|
||||
default: false,
|
||||
);
|
||||
|
||||
if (! $confirmed) {
|
||||
info('Aborted. No changes were made.');
|
||||
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
// Run backup if requested
|
||||
if ($doBackup && ! $dryRun) {
|
||||
$backupFilename = 'backup-before-bulk-delete-cli-'.now()->format('Y-m-d-H-i-s');
|
||||
info("Running backup ({$backupFilename}.zip)...");
|
||||
$result = $this->callSilently('snipeit:backup', ['--filename' => $backupFilename]);
|
||||
if ($result === 0) {
|
||||
info("Backup completed: {$backupFilename}.zip");
|
||||
} else {
|
||||
warning("Backup may have failed (exit code {$result}). Proceeding anyway.");
|
||||
}
|
||||
}
|
||||
|
||||
// Step 11: Execute with progress bar
|
||||
$totalItems = array_sum($counts);
|
||||
$bar = $this->output->createProgressBar($totalItems > 0 ? $totalItems : 1);
|
||||
$bar->setFormat(' %current%/%max% [%bar%] %percent:3s%% %message%');
|
||||
$bar->setMessage('Starting...');
|
||||
$bar->start();
|
||||
|
||||
foreach ($selectedTypes as $type) {
|
||||
match ($type) {
|
||||
'assets' => $this->processAssets($selectedCompanyIds, $includeNullCompany, $sendNotifications, $admin, $dryRun, $deleteType, $clearLogs, $deleteFiles, $bar),
|
||||
'licenses' => $this->processLicenses($selectedCompanyIds, $includeNullCompany, $sendNotifications, $admin, $dryRun, $deleteType, $clearLogs, $deleteFiles, $bar),
|
||||
'accessories' => $this->processAccessories($selectedCompanyIds, $includeNullCompany, $sendNotifications, $admin, $dryRun, $deleteType, $clearLogs, $deleteFiles, $bar),
|
||||
'components' => $this->processComponents($selectedCompanyIds, $includeNullCompany, $sendNotifications, $admin, $dryRun, $deleteType, $clearLogs, $deleteFiles, $bar),
|
||||
'consumables' => $this->processConsumables($selectedCompanyIds, $includeNullCompany, $dryRun, $deleteType, $clearLogs, $deleteFiles, $bar),
|
||||
'users' => $this->processUsers($selectedCompanyIds, $includeNullCompany, $admin, $skipAdminUser, $dryRun, $deleteType, $clearLogs, $deleteFiles, $bar),
|
||||
};
|
||||
}
|
||||
|
||||
$bar->setMessage('Done.');
|
||||
$bar->finish();
|
||||
$this->line('');
|
||||
$this->line('');
|
||||
|
||||
// Delete companies if requested
|
||||
if ($deleteCompanyType !== 'keep' && ! empty($selectedCompanyIds)) {
|
||||
$companies = Company::whereIn('id', $selectedCompanyIds)->get();
|
||||
foreach ($companies as $company) {
|
||||
if ($dryRun) {
|
||||
$this->line(" [dry-run] Would {$deleteCompanyType}-delete company {$company->name}");
|
||||
$this->reportLines[] = "Would {$deleteCompanyType}-delete company {$company->name}";
|
||||
} else {
|
||||
if ($deleteCompanyType === 'soft') {
|
||||
$company->delete();
|
||||
} else {
|
||||
$company->forceDelete();
|
||||
}
|
||||
// Remove any remaining pivot associations (e.g. the admin user who was
|
||||
// skipped during user processing but is still a member of this company)
|
||||
DB::table('company_user')->where('company_id', $company->id)->delete();
|
||||
$this->reportLines[] = ucfirst($deleteCompanyType)."-deleted company {$company->name}";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($dryRun) {
|
||||
warning('Dry run complete — no changes were made.');
|
||||
} else {
|
||||
info('All actions completed successfully.');
|
||||
}
|
||||
|
||||
if ($sendEmailReport && $admin->email) {
|
||||
Mail::to($admin->email)->send(new BulkDeleteReportMail(
|
||||
admin: $admin,
|
||||
dryRun: $dryRun,
|
||||
companyNames: $selectedCompanyNames,
|
||||
selectedTypes: $selectedTypes,
|
||||
deleteType: $deleteType,
|
||||
reportLines: $this->reportLines,
|
||||
runAt: now(),
|
||||
));
|
||||
info("Report sent to {$admin->email}.");
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
private function getCounts(array $types, array $companyIds, bool $includeNull): array
|
||||
{
|
||||
$counts = [];
|
||||
|
||||
if (in_array('assets', $types)) {
|
||||
$counts['assets'] = $this->buildCompanyQuery(Asset::query(), $companyIds, $includeNull)->count();
|
||||
}
|
||||
if (in_array('licenses', $types)) {
|
||||
$counts['licenses'] = $this->buildCompanyQuery(License::query(), $companyIds, $includeNull)->count();
|
||||
}
|
||||
if (in_array('accessories', $types)) {
|
||||
$counts['accessories'] = $this->buildCompanyQuery(Accessory::query(), $companyIds, $includeNull)->count();
|
||||
}
|
||||
if (in_array('components', $types)) {
|
||||
$counts['components'] = $this->buildCompanyQuery(Component::query(), $companyIds, $includeNull)->count();
|
||||
}
|
||||
if (in_array('consumables', $types)) {
|
||||
$counts['consumables'] = $this->buildCompanyQuery(Consumable::query(), $companyIds, $includeNull)->count();
|
||||
}
|
||||
if (in_array('users', $types)) {
|
||||
$counts['users'] = $this->buildUserQuery($companyIds, $includeNull)->count();
|
||||
}
|
||||
|
||||
return $counts;
|
||||
}
|
||||
|
||||
private function buildCompanyQuery(Builder $query, array $companyIds, bool $includeNull): Builder
|
||||
{
|
||||
return $query->where(function (Builder $q) use ($companyIds, $includeNull) {
|
||||
if (! empty($companyIds)) {
|
||||
$q->whereIn('company_id', $companyIds);
|
||||
}
|
||||
if ($includeNull) {
|
||||
$method = ! empty($companyIds) ? 'orWhereNull' : 'whereNull';
|
||||
$q->{$method}('company_id');
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
private function buildUserQuery(array $companyIds, bool $includeNull): Builder
|
||||
{
|
||||
return User::query()
|
||||
->where('activated', 1)
|
||||
->where(function (Builder $q) use ($companyIds, $includeNull) {
|
||||
if (! empty($companyIds)) {
|
||||
$q->whereIn('company_id', $companyIds);
|
||||
}
|
||||
if ($includeNull) {
|
||||
$method = ! empty($companyIds) ? 'orWhereNull' : 'whereNull';
|
||||
$q->{$method}('company_id');
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
private function processAssets(
|
||||
array $companyIds,
|
||||
bool $includeNull,
|
||||
bool $sendNotifications,
|
||||
User $admin,
|
||||
bool $dryRun,
|
||||
string $deleteType,
|
||||
bool $clearLogs,
|
||||
bool $deleteFiles,
|
||||
ProgressBar $bar,
|
||||
): void {
|
||||
$assets = $this->buildCompanyQuery(Asset::query(), $companyIds, $includeNull)->get();
|
||||
|
||||
foreach ($assets as $asset) {
|
||||
$bar->setMessage("Assets: {$asset->asset_tag}");
|
||||
|
||||
if ($asset->assignedTo) {
|
||||
if ($dryRun) {
|
||||
$this->line(" [dry-run] Would check in asset {$asset->asset_tag} from {$asset->assignedTo->name}");
|
||||
$this->reportLines[] = "Would check in asset {$asset->asset_tag} (assigned to {$asset->assignedTo->name})";
|
||||
} else {
|
||||
$target = $asset->assignedTo;
|
||||
$checkinAt = now()->format('Y-m-d H:i:s');
|
||||
$originalValues = $asset->getRawOriginal();
|
||||
|
||||
if ($sendNotifications) {
|
||||
event(new CheckoutableCheckedIn($asset, $target, $admin, self::CHECKIN_NOTE, $checkinAt, $originalValues));
|
||||
DB::table('assets')->where('id', $asset->id)->update(['assigned_to' => null, 'assigned_type' => null]);
|
||||
} else {
|
||||
DB::table('assets')->where('id', $asset->id)->update(['assigned_to' => null, 'assigned_type' => null]);
|
||||
$asset->logCheckin($target, self::CHECKIN_NOTE, $checkinAt, $originalValues);
|
||||
}
|
||||
|
||||
$this->reportLines[] = "Checked in asset {$asset->asset_tag} from {$target->name}";
|
||||
$asset->licenseseats()->update(['assigned_to' => null]);
|
||||
|
||||
CheckoutAcceptance::where('checkoutable_type', Asset::class)
|
||||
->where('checkoutable_id', $asset->id)
|
||||
->whereNull('accepted_at')
|
||||
->whereNull('declined_at')
|
||||
->forceDelete();
|
||||
}
|
||||
}
|
||||
|
||||
if (! $dryRun) {
|
||||
// Collect action log file paths before logs may be cleared
|
||||
$actionLogPaths = $deleteFiles
|
||||
? $asset->assetlog()->whereNotNull('filename')->get()
|
||||
->map(fn (Actionlog $log) => $log->uploads_file_path())
|
||||
->filter()
|
||||
->values()
|
||||
->toArray()
|
||||
: [];
|
||||
|
||||
// Delete checkout acceptance files, then hard-remove all acceptances
|
||||
if ($deleteFiles) {
|
||||
CheckoutAcceptance::where('checkoutable_type', Asset::class)
|
||||
->where('checkoutable_id', $asset->id)
|
||||
->get()
|
||||
->each(fn (CheckoutAcceptance $ca) => $this->deleteAcceptanceFiles($ca));
|
||||
}
|
||||
CheckoutAcceptance::where('checkoutable_type', Asset::class)
|
||||
->where('checkoutable_id', $asset->id)
|
||||
->forceDelete();
|
||||
|
||||
// Hard-delete-only cleanup: maintenance records, accessory checkouts to this
|
||||
// asset, and any other assets that were assigned to this one
|
||||
$maintenanceImages = [];
|
||||
if ($deleteType === 'hard') {
|
||||
if ($deleteFiles) {
|
||||
$maintenanceImages = $asset->maintenances()
|
||||
->whereNotNull('image')
|
||||
->pluck('image')
|
||||
->toArray();
|
||||
}
|
||||
$asset->maintenances()->forceDelete();
|
||||
AccessoryCheckout::where('assigned_to', $asset->id)
|
||||
->where('assigned_type', Asset::class)
|
||||
->delete();
|
||||
DB::table('assets')
|
||||
->where('assigned_to', $asset->id)
|
||||
->where('assigned_type', Asset::class)
|
||||
->update(['assigned_to' => null, 'assigned_type' => null]);
|
||||
}
|
||||
|
||||
match ($deleteType) {
|
||||
'soft' => $asset->delete(),
|
||||
'hard' => $asset->forceDelete(),
|
||||
default => null,
|
||||
};
|
||||
|
||||
if ($deleteType !== 'none') {
|
||||
$this->reportLines[] = ucfirst($deleteType)."-deleted asset {$asset->asset_tag}";
|
||||
}
|
||||
|
||||
if ($clearLogs) {
|
||||
$asset->assetlog()->forceDelete();
|
||||
}
|
||||
|
||||
if ($deleteFiles) {
|
||||
if ($asset->image) {
|
||||
$this->deleteStorageFile('public', app('assets_upload_path').$asset->image);
|
||||
}
|
||||
foreach ($maintenanceImages as $img) {
|
||||
$this->deleteStorageFile('public', app('maintenances_upload_path').$img);
|
||||
}
|
||||
foreach ($actionLogPaths as $path) {
|
||||
$this->deleteStorageFile('local', $path);
|
||||
}
|
||||
}
|
||||
} elseif ($deleteType !== 'none') {
|
||||
$this->line(" [dry-run] Would {$deleteType}-delete asset {$asset->asset_tag}");
|
||||
$this->reportLines[] = "Would {$deleteType}-delete asset {$asset->asset_tag}";
|
||||
}
|
||||
|
||||
$bar->advance();
|
||||
}
|
||||
}
|
||||
|
||||
private function processLicenses(
|
||||
array $companyIds,
|
||||
bool $includeNull,
|
||||
bool $sendNotifications,
|
||||
User $admin,
|
||||
bool $dryRun,
|
||||
string $deleteType,
|
||||
bool $clearLogs,
|
||||
bool $deleteFiles,
|
||||
ProgressBar $bar,
|
||||
): void {
|
||||
$licenses = $this->buildCompanyQuery(License::query(), $companyIds, $includeNull)->get();
|
||||
|
||||
foreach ($licenses as $license) {
|
||||
$bar->setMessage("Licenses: {$license->name}");
|
||||
|
||||
$seats = LicenseSeat::where('license_id', $license->id)
|
||||
->where(fn ($q) => $q->whereNotNull('assigned_to')->orWhereNotNull('asset_id'))
|
||||
->get();
|
||||
|
||||
foreach ($seats as $seat) {
|
||||
$target = $seat->assigned_to ? $seat->user : $seat->asset;
|
||||
|
||||
if ($dryRun) {
|
||||
$this->line(" [dry-run] Would check in license seat for {$license->name} from ".($target?->name ?? $target?->asset_tag ?? 'unknown'));
|
||||
$this->reportLines[] = "Would check in license seat for {$license->name} from ".($target?->name ?? $target?->asset_tag ?? 'unknown');
|
||||
} else {
|
||||
$seat->assigned_to = null;
|
||||
$seat->asset_id = null;
|
||||
$seat->save();
|
||||
|
||||
$this->reportLines[] = "Checked in license seat for {$license->name} from ".($target?->name ?? $target?->asset_tag ?? 'unknown');
|
||||
|
||||
if ($target) {
|
||||
if ($sendNotifications) {
|
||||
event(new CheckoutableCheckedIn($seat, $target, $admin, self::CHECKIN_NOTE));
|
||||
} else {
|
||||
$seat->logCheckin($target, self::CHECKIN_NOTE);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (! $dryRun) {
|
||||
// Collect action log file paths before logs may be cleared
|
||||
$actionLogPaths = $deleteFiles
|
||||
? $license->assetlog()->whereNotNull('filename')->get()
|
||||
->map(fn (Actionlog $log) => $log->uploads_file_path())
|
||||
->filter()
|
||||
->values()
|
||||
->toArray()
|
||||
: [];
|
||||
|
||||
if ($deleteType === 'soft') {
|
||||
$license->licenseseats()->delete();
|
||||
$license->delete();
|
||||
$this->reportLines[] = "Soft-deleted license {$license->name}";
|
||||
} elseif ($deleteType === 'hard') {
|
||||
$seatIds = $license->licenseseats()->pluck('id');
|
||||
if ($deleteFiles) {
|
||||
CheckoutAcceptance::where('checkoutable_type', LicenseSeat::class)
|
||||
->whereIn('checkoutable_id', $seatIds)
|
||||
->get()
|
||||
->each(fn (CheckoutAcceptance $ca) => $this->deleteAcceptanceFiles($ca));
|
||||
}
|
||||
CheckoutAcceptance::where('checkoutable_type', LicenseSeat::class)
|
||||
->whereIn('checkoutable_id', $seatIds)
|
||||
->forceDelete();
|
||||
$license->licenseseats()->forceDelete();
|
||||
DB::table('kits_licenses')->where('license_id', $license->id)->delete();
|
||||
$license->forceDelete();
|
||||
$this->reportLines[] = "Hard-deleted license {$license->name}";
|
||||
}
|
||||
|
||||
if ($clearLogs) {
|
||||
$license->assetlog()->forceDelete();
|
||||
}
|
||||
|
||||
if ($deleteFiles) {
|
||||
foreach ($actionLogPaths as $path) {
|
||||
$this->deleteStorageFile('local', $path);
|
||||
}
|
||||
}
|
||||
} elseif ($deleteType !== 'none') {
|
||||
$this->line(" [dry-run] Would {$deleteType}-delete license {$license->name}");
|
||||
$this->reportLines[] = "Would {$deleteType}-delete license {$license->name}";
|
||||
}
|
||||
|
||||
$bar->advance();
|
||||
}
|
||||
}
|
||||
|
||||
private function processAccessories(
|
||||
array $companyIds,
|
||||
bool $includeNull,
|
||||
bool $sendNotifications,
|
||||
User $admin,
|
||||
bool $dryRun,
|
||||
string $deleteType,
|
||||
bool $clearLogs,
|
||||
bool $deleteFiles,
|
||||
ProgressBar $bar,
|
||||
): void {
|
||||
$accessories = $this->buildCompanyQuery(Accessory::query(), $companyIds, $includeNull)->get();
|
||||
|
||||
foreach ($accessories as $accessory) {
|
||||
$bar->setMessage("Accessories: {$accessory->name}");
|
||||
|
||||
$checkouts = AccessoryCheckout::where('accessory_id', $accessory->id)->get();
|
||||
|
||||
foreach ($checkouts as $checkout) {
|
||||
$target = $checkout->assignedTo;
|
||||
|
||||
if ($dryRun) {
|
||||
$this->line(" [dry-run] Would check in accessory {$accessory->name} from ".($target?->name ?? 'unknown'));
|
||||
$this->reportLines[] = "Would check in accessory {$accessory->name} from ".($target?->name ?? 'unknown');
|
||||
} else {
|
||||
$checkinAt = now()->format('Y-m-d H:i:s');
|
||||
$checkout->delete();
|
||||
|
||||
$this->reportLines[] = "Checked in accessory {$accessory->name} from ".($target?->name ?? 'unknown');
|
||||
|
||||
if ($target) {
|
||||
if ($sendNotifications) {
|
||||
event(new CheckoutableCheckedIn($accessory, $target, $admin, self::CHECKIN_NOTE, $checkinAt));
|
||||
} else {
|
||||
$accessory->logCheckin($target, self::CHECKIN_NOTE, $checkinAt);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (! $dryRun) {
|
||||
// Collect action log file paths before logs may be cleared
|
||||
$actionLogPaths = $deleteFiles
|
||||
? $accessory->assetlog()->whereNotNull('filename')->get()
|
||||
->map(fn (Actionlog $log) => $log->uploads_file_path())
|
||||
->filter()
|
||||
->values()
|
||||
->toArray()
|
||||
: [];
|
||||
|
||||
if ($clearLogs) {
|
||||
$accessory->assetlog()->forceDelete();
|
||||
}
|
||||
|
||||
if ($deleteType === 'hard') {
|
||||
DB::table('kits_accessories')->where('accessory_id', $accessory->id)->delete();
|
||||
}
|
||||
|
||||
match ($deleteType) {
|
||||
'soft' => $accessory->delete(),
|
||||
'hard' => $accessory->forceDelete(),
|
||||
default => null,
|
||||
};
|
||||
|
||||
if ($deleteType !== 'none') {
|
||||
$this->reportLines[] = ucfirst($deleteType)."-deleted accessory {$accessory->name}";
|
||||
}
|
||||
|
||||
if ($deleteFiles) {
|
||||
if ($accessory->image) {
|
||||
$this->deleteStorageFile('public', app('accessories_upload_path').$accessory->image);
|
||||
}
|
||||
foreach ($actionLogPaths as $path) {
|
||||
$this->deleteStorageFile('local', $path);
|
||||
}
|
||||
}
|
||||
} elseif ($deleteType !== 'none') {
|
||||
$this->line(" [dry-run] Would {$deleteType}-delete accessory {$accessory->name}");
|
||||
$this->reportLines[] = "Would {$deleteType}-delete accessory {$accessory->name}";
|
||||
}
|
||||
|
||||
$bar->advance();
|
||||
}
|
||||
}
|
||||
|
||||
private function processComponents(
|
||||
array $companyIds,
|
||||
bool $includeNull,
|
||||
bool $sendNotifications,
|
||||
User $admin,
|
||||
bool $dryRun,
|
||||
string $deleteType,
|
||||
bool $clearLogs,
|
||||
bool $deleteFiles,
|
||||
ProgressBar $bar,
|
||||
): void {
|
||||
$components = $this->buildCompanyQuery(Component::query(), $companyIds, $includeNull)->get();
|
||||
|
||||
foreach ($components as $component) {
|
||||
$bar->setMessage("Components: {$component->name}");
|
||||
|
||||
$assignments = DB::table('components_assets')
|
||||
->where('component_id', $component->id)
|
||||
->get();
|
||||
|
||||
foreach ($assignments as $assignment) {
|
||||
$asset = Asset::find($assignment->asset_id);
|
||||
|
||||
if ($dryRun) {
|
||||
$this->line(" [dry-run] Would check in component {$component->name} from asset ".($asset?->asset_tag ?? 'unknown'));
|
||||
$this->reportLines[] = "Would check in component {$component->name} from asset ".($asset?->asset_tag ?? 'unknown');
|
||||
} else {
|
||||
$checkinAt = now()->format('Y-m-d H:i:s');
|
||||
DB::table('components_assets')->where('id', $assignment->id)->delete();
|
||||
|
||||
$this->reportLines[] = "Checked in component {$component->name} from asset ".($asset?->asset_tag ?? 'unknown');
|
||||
|
||||
if ($asset) {
|
||||
if ($sendNotifications) {
|
||||
event(new CheckoutableCheckedIn($component, $asset, $admin, self::CHECKIN_NOTE, $checkinAt));
|
||||
} else {
|
||||
$component->logCheckin($asset, self::CHECKIN_NOTE, $checkinAt);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (! $dryRun) {
|
||||
// Collect action log file paths before logs may be cleared
|
||||
$actionLogPaths = $deleteFiles
|
||||
? $component->assetlog()->whereNotNull('filename')->get()
|
||||
->map(fn (Actionlog $log) => $log->uploads_file_path())
|
||||
->filter()
|
||||
->values()
|
||||
->toArray()
|
||||
: [];
|
||||
|
||||
if ($clearLogs) {
|
||||
$component->assetlog()->forceDelete();
|
||||
}
|
||||
|
||||
match ($deleteType) {
|
||||
'soft' => $component->delete(),
|
||||
'hard' => $component->forceDelete(),
|
||||
default => null,
|
||||
};
|
||||
|
||||
if ($deleteType !== 'none') {
|
||||
$this->reportLines[] = ucfirst($deleteType)."-deleted component {$component->name}";
|
||||
}
|
||||
|
||||
if ($deleteFiles) {
|
||||
if ($component->image) {
|
||||
$this->deleteStorageFile('public', app('components_upload_path').$component->image);
|
||||
}
|
||||
foreach ($actionLogPaths as $path) {
|
||||
$this->deleteStorageFile('local', $path);
|
||||
}
|
||||
}
|
||||
} elseif ($deleteType !== 'none') {
|
||||
$this->line(" [dry-run] Would {$deleteType}-delete component {$component->name}");
|
||||
$this->reportLines[] = "Would {$deleteType}-delete component {$component->name}";
|
||||
}
|
||||
|
||||
$bar->advance();
|
||||
}
|
||||
}
|
||||
|
||||
private function processConsumables(
|
||||
array $companyIds,
|
||||
bool $includeNull,
|
||||
bool $dryRun,
|
||||
string $deleteType,
|
||||
bool $clearLogs,
|
||||
bool $deleteFiles,
|
||||
ProgressBar $bar,
|
||||
): void {
|
||||
$consumables = $this->buildCompanyQuery(Consumable::query(), $companyIds, $includeNull)->get();
|
||||
|
||||
foreach ($consumables as $consumable) {
|
||||
$bar->setMessage("Consumables: {$consumable->name}");
|
||||
|
||||
if (! $dryRun) {
|
||||
// Collect action log file paths before logs may be cleared
|
||||
$actionLogPaths = $deleteFiles
|
||||
? $consumable->assetlog()->whereNotNull('filename')->get()
|
||||
->map(fn (Actionlog $log) => $log->uploads_file_path())
|
||||
->filter()
|
||||
->values()
|
||||
->toArray()
|
||||
: [];
|
||||
|
||||
if ($clearLogs) {
|
||||
$consumable->assetlog()->forceDelete();
|
||||
}
|
||||
|
||||
if ($deleteType === 'hard') {
|
||||
DB::table('kits_consumables')->where('consumable_id', $consumable->id)->delete();
|
||||
}
|
||||
|
||||
match ($deleteType) {
|
||||
'soft' => $consumable->delete(),
|
||||
'hard' => $consumable->forceDelete(),
|
||||
default => null,
|
||||
};
|
||||
|
||||
if ($deleteType !== 'none') {
|
||||
$this->reportLines[] = ucfirst($deleteType)."-deleted consumable {$consumable->name}";
|
||||
}
|
||||
|
||||
if ($deleteFiles) {
|
||||
if ($consumable->image) {
|
||||
$this->deleteStorageFile('public', app('consumables_upload_path').$consumable->image);
|
||||
}
|
||||
foreach ($actionLogPaths as $path) {
|
||||
$this->deleteStorageFile('local', $path);
|
||||
}
|
||||
}
|
||||
} elseif ($deleteType !== 'none') {
|
||||
$this->line(" [dry-run] Would {$deleteType}-delete consumable {$consumable->name}");
|
||||
$this->reportLines[] = "Would {$deleteType}-delete consumable {$consumable->name}";
|
||||
}
|
||||
|
||||
$bar->advance();
|
||||
}
|
||||
}
|
||||
|
||||
private function processUsers(
|
||||
array $companyIds,
|
||||
bool $includeNull,
|
||||
User $admin,
|
||||
bool $skipAdminUser,
|
||||
bool $dryRun,
|
||||
string $deleteType,
|
||||
bool $clearLogs,
|
||||
bool $deleteFiles,
|
||||
ProgressBar $bar,
|
||||
): void {
|
||||
$users = $this->buildUserQuery($companyIds, $includeNull)->get();
|
||||
|
||||
foreach ($users as $user) {
|
||||
if ($skipAdminUser && $user->id === $admin->id) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$bar->setMessage("Users: {$user->username}");
|
||||
|
||||
// If real companies were selected, check whether this user also belongs to
|
||||
// companies outside the selected scope. If so, only remove the selected-company
|
||||
// associations and skip full deletion to avoid orphaning them from their other companies.
|
||||
if (! empty($companyIds)) {
|
||||
$allUserCompanyIds = array_unique(array_filter(array_merge(
|
||||
$user->companies()->pluck('companies.id')->toArray(),
|
||||
$user->company_id ? [$user->company_id] : [],
|
||||
)));
|
||||
$outsideCompanyIds = array_values(array_diff($allUserCompanyIds, $companyIds));
|
||||
|
||||
if (! empty($outsideCompanyIds)) {
|
||||
$outsideNames = Company::whereIn('id', $outsideCompanyIds)->pluck('name')->implode(', ');
|
||||
|
||||
if ($dryRun) {
|
||||
$this->line(" [dry-run] Would partially disassociate user {$user->username} (also belongs to: {$outsideNames})");
|
||||
$this->reportLines[] = "Would partially disassociate user {$user->username} — also belongs to: {$outsideNames}";
|
||||
} else {
|
||||
$user->companies()->detach($companyIds);
|
||||
warning(" Skipped full deletion of {$user->username}: they also belong to {$outsideNames}. Removed selected company associations only.");
|
||||
$this->reportLines[] = "Partially disassociated user {$user->username} — also belongs to: {$outsideNames}. Full deletion skipped.";
|
||||
}
|
||||
|
||||
$bar->advance();
|
||||
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
if (! $dryRun) {
|
||||
// Collect file paths and acceptance records before deleting pivot data
|
||||
$acceptancesToDelete = $deleteFiles
|
||||
? CheckoutAcceptance::where('assigned_to_id', $user->id)->get()
|
||||
: collect();
|
||||
|
||||
$actionLogPaths = $deleteFiles
|
||||
? Actionlog::where('item_type', User::class)
|
||||
->where('item_id', $user->id)
|
||||
->where('action_type', 'uploaded')
|
||||
->whereNotNull('filename')
|
||||
->get()
|
||||
->map(fn (Actionlog $log) => $log->uploads_file_path())
|
||||
->filter()
|
||||
->values()
|
||||
->toArray()
|
||||
: [];
|
||||
|
||||
// Clear pivot/assignment data that will orphan on deletion
|
||||
LicenseSeat::where('assigned_to', $user->id)->update(['assigned_to' => null]);
|
||||
AccessoryCheckout::where('assigned_to', $user->id)
|
||||
->where('assigned_type', User::class)
|
||||
->delete();
|
||||
DB::table('consumables_users')->where('assigned_to', $user->id)->delete();
|
||||
CheckoutAcceptance::where('assigned_to_id', $user->id)->forceDelete();
|
||||
if ($deleteType === 'hard') {
|
||||
DB::table('company_user')->where('user_id', $user->id)->delete();
|
||||
}
|
||||
|
||||
if ($clearLogs) {
|
||||
$user->userlog()->forceDelete();
|
||||
}
|
||||
|
||||
match ($deleteType) {
|
||||
'soft' => $user->delete(),
|
||||
'hard' => $user->forceDelete(),
|
||||
default => null,
|
||||
};
|
||||
|
||||
if ($deleteType !== 'none') {
|
||||
$this->reportLines[] = ucfirst($deleteType)."-deleted user {$user->username}";
|
||||
}
|
||||
|
||||
if ($deleteFiles) {
|
||||
if ($user->avatar) {
|
||||
$this->deleteStorageFile('public', app('users_upload_path').$user->avatar);
|
||||
}
|
||||
$acceptancesToDelete->each(fn (CheckoutAcceptance $ca) => $this->deleteAcceptanceFiles($ca));
|
||||
foreach ($actionLogPaths as $path) {
|
||||
$this->deleteStorageFile('local', $path);
|
||||
}
|
||||
}
|
||||
} elseif ($deleteType !== 'none') {
|
||||
$this->line(" [dry-run] Would {$deleteType}-delete user {$user->username}");
|
||||
$this->reportLines[] = "Would {$deleteType}-delete user {$user->username}";
|
||||
}
|
||||
|
||||
$bar->advance();
|
||||
}
|
||||
}
|
||||
|
||||
private function deleteStorageFile(string $disk, ?string $path): void
|
||||
{
|
||||
if (! $path) {
|
||||
return;
|
||||
}
|
||||
try {
|
||||
$storage = $disk === 'public'
|
||||
? Storage::disk('public')
|
||||
: Storage::disk(config('filesystems.default'));
|
||||
if ($storage->exists($path)) {
|
||||
$storage->delete($path);
|
||||
}
|
||||
} catch (\Exception $e) {
|
||||
Log::warning("Could not delete file {$path}: ".$e->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
private function deleteAcceptanceFiles(CheckoutAcceptance $acceptance): void
|
||||
{
|
||||
if ($acceptance->signature_filename) {
|
||||
$this->deleteStorageFile('local', 'private_uploads/signatures/'.$acceptance->signature_filename);
|
||||
}
|
||||
if ($acceptance->stored_eula_file) {
|
||||
$this->deleteStorageFile('local', 'private_uploads/eula-pdfs/'.$acceptance->stored_eula_file);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,308 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Console\Commands;
|
||||
|
||||
use App\Events\CheckoutableCheckedIn;
|
||||
use App\Models\Accessory;
|
||||
use App\Models\AccessoryCheckout;
|
||||
use App\Models\Asset;
|
||||
use App\Models\CheckoutAcceptance;
|
||||
use App\Models\Component;
|
||||
use App\Models\License;
|
||||
use App\Models\LicenseSeat;
|
||||
use App\Models\User;
|
||||
use Illuminate\Console\Command;
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
|
||||
class CheckinAndDeleteItems extends Command
|
||||
{
|
||||
protected $signature = 'snipeit:checkin-delete-all
|
||||
{--company-id= : Only process items belonging to this company ID}
|
||||
{--admin-id= : ID of the user credited for the checkins (defaults to first superadmin)}
|
||||
{--no-notifications : Suppress email and webhook notifications}
|
||||
{--type=all : Comma-separated types to process: assets, licenses, accessories, components, or all}
|
||||
{--note= : Note recorded on each checkin action log entry}
|
||||
{--dry-run : Preview what would be processed without making any changes}
|
||||
{--force : Skip the confirmation prompt}';
|
||||
|
||||
protected $description = 'Check in all assigned items and soft-delete them, optionally scoped to a company';
|
||||
|
||||
public function handle(): int
|
||||
{
|
||||
$companyId = $this->option('company-id');
|
||||
$noNotifications = $this->option('no-notifications');
|
||||
$dryRun = $this->option('dry-run');
|
||||
$typeOption = $this->option('type') ?? 'all';
|
||||
$note = $this->option('note') ?: 'Checked in and deleted via CLI';
|
||||
|
||||
$allTypes = ['assets', 'licenses', 'accessories', 'components'];
|
||||
$typesToProcess = $typeOption === 'all'
|
||||
? $allTypes
|
||||
: array_intersect(array_map('trim', explode(',', $typeOption)), $allTypes);
|
||||
|
||||
if (empty($typesToProcess)) {
|
||||
$this->error('Invalid --type value. Use: assets, licenses, accessories, components, or all.');
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
$admin = null;
|
||||
if (! $dryRun && ! $noNotifications) {
|
||||
if ($this->option('admin-id')) {
|
||||
$admin = User::find($this->option('admin-id'));
|
||||
if (! $admin) {
|
||||
$this->error('No user found with admin-id '.$this->option('admin-id').'.');
|
||||
|
||||
return 1;
|
||||
}
|
||||
} else {
|
||||
$admin = User::onlySuperAdmins()->first();
|
||||
}
|
||||
|
||||
if (! $admin) {
|
||||
$this->warn('No admin user found — notifications will be suppressed.');
|
||||
$noNotifications = true;
|
||||
}
|
||||
}
|
||||
|
||||
$scopeMsg = $companyId ? "company ID {$companyId}" : 'all companies';
|
||||
$typesMsg = implode(', ', $typesToProcess);
|
||||
|
||||
if ($dryRun) {
|
||||
$this->warn('DRY RUN — no changes will be made.');
|
||||
} elseif (! $this->option('force')) {
|
||||
if (! $this->confirm("This will check in and soft-delete all [{$typesMsg}] for [{$scopeMsg}]. Continue?")) {
|
||||
$this->info('Aborted.');
|
||||
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (in_array('assets', $typesToProcess)) {
|
||||
$this->processAssets($companyId, $noNotifications, $note, $admin, $dryRun);
|
||||
}
|
||||
|
||||
if (in_array('licenses', $typesToProcess)) {
|
||||
$this->processLicenses($companyId, $noNotifications, $note, $admin, $dryRun);
|
||||
}
|
||||
|
||||
if (in_array('accessories', $typesToProcess)) {
|
||||
$this->processAccessories($companyId, $noNotifications, $note, $admin, $dryRun);
|
||||
}
|
||||
|
||||
if (in_array('components', $typesToProcess)) {
|
||||
$this->processComponents($companyId, $noNotifications, $note, $admin, $dryRun);
|
||||
}
|
||||
|
||||
if ($dryRun) {
|
||||
$this->warn('Dry run complete — no changes were made.');
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
private function processAssets(?string $companyId, bool $noNotifications, string $note, ?User $admin, bool $dryRun): void
|
||||
{
|
||||
$query = Asset::query();
|
||||
if ($companyId) {
|
||||
$query->where('company_id', $companyId);
|
||||
}
|
||||
|
||||
$assets = $query->get();
|
||||
$checkedIn = 0;
|
||||
$deleted = 0;
|
||||
|
||||
foreach ($assets as $asset) {
|
||||
if ($asset->assignedTo) {
|
||||
if ($dryRun) {
|
||||
$this->line(' Would check in asset: '.$asset->asset_tag.' (assigned to '.$asset->assignedTo->name.')');
|
||||
} else {
|
||||
$target = $asset->assignedTo;
|
||||
$checkin_at = now()->format('Y-m-d H:i:s');
|
||||
$originalValues = $asset->getRawOriginal();
|
||||
|
||||
if ($noNotifications) {
|
||||
DB::table('assets')->where('id', $asset->id)
|
||||
->update(['assigned_to' => null, 'assigned_type' => null]);
|
||||
$asset->logCheckin($target, $note, $checkin_at, $originalValues);
|
||||
} else {
|
||||
// Fire event before clearing so the log captures the original state
|
||||
event(new CheckoutableCheckedIn($asset, $target, $admin, $note, $checkin_at, $originalValues));
|
||||
DB::table('assets')->where('id', $asset->id)
|
||||
->update(['assigned_to' => null, 'assigned_type' => null]);
|
||||
}
|
||||
|
||||
$asset->licenseseats()->update(['assigned_to' => null]);
|
||||
|
||||
CheckoutAcceptance::pending()
|
||||
->whereHasMorph('checkoutable', [Asset::class], fn (Builder $q) => $q->where('id', $asset->id))
|
||||
->delete();
|
||||
}
|
||||
|
||||
$checkedIn++;
|
||||
}
|
||||
|
||||
if ($dryRun) {
|
||||
$this->line(' Would delete asset: '.$asset->asset_tag);
|
||||
} else {
|
||||
$asset->delete();
|
||||
}
|
||||
|
||||
$deleted++;
|
||||
}
|
||||
|
||||
$action = $dryRun ? 'would be' : 'were';
|
||||
$this->info("Assets: {$checkedIn} {$action} checked in, {$deleted} {$action} deleted.");
|
||||
}
|
||||
|
||||
private function processLicenses(?string $companyId, bool $noNotifications, string $note, ?User $admin, bool $dryRun): void
|
||||
{
|
||||
$query = License::query();
|
||||
if ($companyId) {
|
||||
$query->where('company_id', $companyId);
|
||||
}
|
||||
|
||||
$licenses = $query->get();
|
||||
$seatsCheckedIn = 0;
|
||||
$deleted = 0;
|
||||
|
||||
foreach ($licenses as $license) {
|
||||
$seats = LicenseSeat::where('license_id', $license->id)
|
||||
->where(fn ($q) => $q->whereNotNull('assigned_to')->orWhereNotNull('asset_id'))
|
||||
->get();
|
||||
|
||||
foreach ($seats as $seat) {
|
||||
$target = $seat->assigned_to ? $seat->user : $seat->asset;
|
||||
|
||||
if ($dryRun) {
|
||||
$this->line(' Would check in license seat for: '.$license->name.' (assigned to '.($target?->name ?? $target?->asset_tag ?? 'unknown').')');
|
||||
} else {
|
||||
$seat->assigned_to = null;
|
||||
$seat->asset_id = null;
|
||||
$seat->save();
|
||||
|
||||
if ($target) {
|
||||
if ($noNotifications) {
|
||||
$seat->logCheckin($target, $note);
|
||||
} else {
|
||||
event(new CheckoutableCheckedIn($seat, $target, $admin, $note));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$seatsCheckedIn++;
|
||||
}
|
||||
|
||||
if ($dryRun) {
|
||||
$this->line(' Would delete license: '.$license->name);
|
||||
} else {
|
||||
$license->licenseseats()->delete();
|
||||
$license->delete();
|
||||
}
|
||||
|
||||
$deleted++;
|
||||
}
|
||||
|
||||
$action = $dryRun ? 'would be' : 'were';
|
||||
$this->info("Licenses: {$seatsCheckedIn} seats {$action} checked in, {$deleted} licenses {$action} deleted.");
|
||||
}
|
||||
|
||||
private function processAccessories(?string $companyId, bool $noNotifications, string $note, ?User $admin, bool $dryRun): void
|
||||
{
|
||||
$query = Accessory::query();
|
||||
if ($companyId) {
|
||||
$query->where('company_id', $companyId);
|
||||
}
|
||||
|
||||
$accessories = $query->get();
|
||||
$checkedIn = 0;
|
||||
$deleted = 0;
|
||||
|
||||
foreach ($accessories as $accessory) {
|
||||
$checkouts = AccessoryCheckout::where('accessory_id', $accessory->id)->get();
|
||||
|
||||
foreach ($checkouts as $checkout) {
|
||||
$target = $checkout->assignedTo;
|
||||
|
||||
if ($dryRun) {
|
||||
$this->line(' Would check in accessory: '.$accessory->name.' (assigned to '.($target?->name ?? $target?->asset_tag ?? 'unknown').')');
|
||||
} else {
|
||||
$checkin_at = now()->format('Y-m-d H:i:s');
|
||||
$checkout->delete();
|
||||
|
||||
if ($target) {
|
||||
if ($noNotifications) {
|
||||
$accessory->logCheckin($target, $note, $checkin_at);
|
||||
} else {
|
||||
event(new CheckoutableCheckedIn($accessory, $target, $admin, $note, $checkin_at));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$checkedIn++;
|
||||
}
|
||||
|
||||
if ($dryRun) {
|
||||
$this->line(' Would delete accessory: '.$accessory->name);
|
||||
} else {
|
||||
$accessory->delete();
|
||||
}
|
||||
|
||||
$deleted++;
|
||||
}
|
||||
|
||||
$action = $dryRun ? 'would be' : 'were';
|
||||
$this->info("Accessories: {$checkedIn} {$action} checked in, {$deleted} {$action} deleted.");
|
||||
}
|
||||
|
||||
private function processComponents(?string $companyId, bool $noNotifications, string $note, ?User $admin, bool $dryRun): void
|
||||
{
|
||||
$query = Component::query();
|
||||
if ($companyId) {
|
||||
$query->where('company_id', $companyId);
|
||||
}
|
||||
|
||||
$components = $query->get();
|
||||
$checkedIn = 0;
|
||||
$deleted = 0;
|
||||
|
||||
foreach ($components as $component) {
|
||||
$assignments = DB::table('components_assets')
|
||||
->where('component_id', $component->id)
|
||||
->get();
|
||||
|
||||
foreach ($assignments as $assignment) {
|
||||
$asset = Asset::find($assignment->asset_id);
|
||||
|
||||
if ($dryRun) {
|
||||
$this->line(' Would check in component: '.$component->name.' (assigned to '.($asset?->asset_tag ?? 'unknown').')');
|
||||
} else {
|
||||
$checkin_at = now()->format('Y-m-d H:i:s');
|
||||
DB::table('components_assets')->where('id', $assignment->id)->delete();
|
||||
|
||||
if ($asset) {
|
||||
if ($noNotifications) {
|
||||
$component->logCheckin($asset, $note, $checkin_at);
|
||||
} else {
|
||||
event(new CheckoutableCheckedIn($component, $asset, $admin, $note, $checkin_at));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$checkedIn++;
|
||||
}
|
||||
|
||||
if ($dryRun) {
|
||||
$this->line(' Would delete component: '.$component->name);
|
||||
} else {
|
||||
$component->delete();
|
||||
}
|
||||
|
||||
$deleted++;
|
||||
}
|
||||
|
||||
$action = $dryRun ? 'would be' : 'were';
|
||||
$this->info("Components: {$checkedIn} {$action} checked in, {$deleted} {$action} deleted.");
|
||||
}
|
||||
}
|
||||
@@ -30,77 +30,41 @@ class CleanIncorrectCheckoutAcceptances extends Command
|
||||
{
|
||||
$deletions = 0;
|
||||
$skips = 0;
|
||||
$total = CheckoutAcceptance::count();
|
||||
|
||||
$this->info("Processing {$total} checkout acceptances...");
|
||||
$bar = $this->output->createProgressBar($total);
|
||||
$bar->start();
|
||||
// This walks *every* checkoutacceptance. That's gnarly. But necessary
|
||||
$this->withProgressBar(CheckoutAcceptance::all(), function ($checkoutAcceptance) use (&$deletions, &$skips) {
|
||||
$item = $checkoutAcceptance->checkoutable;
|
||||
$checkout_to_id = $checkoutAcceptance->assigned_to_id;
|
||||
if (is_null($item)) {
|
||||
$this->info("'Checkoutable' Item is null, going to next record");
|
||||
|
||||
// Chunk to avoid loading the whole table into memory; eager-load checkoutable
|
||||
// to eliminate the N+1 on that relationship.
|
||||
CheckoutAcceptance::with('checkoutable')
|
||||
->chunkById(500, function ($chunk) use (&$deletions, &$skips, $bar) {
|
||||
$idsToDelete = [];
|
||||
return; // 'false' allegedly breaks execution entirely, so 'true' maybe doesn't? hrm. just straight return maybe?
|
||||
}
|
||||
if (get_class($item) == LicenseSeat::class) {
|
||||
$item = $item->license;
|
||||
}
|
||||
foreach ($item->assetlog()->where('action_type', 'checkout')->get() as $assetlog) {
|
||||
if ($assetlog->target_id == $checkout_to_id && $assetlog->target_type != User::class) {
|
||||
// We have a checkout-to an ID for a non-User, which matches to an ID in the checkout_acceptances table
|
||||
|
||||
foreach ($chunk as $checkoutAcceptance) {
|
||||
$item = $checkoutAcceptance->checkoutable;
|
||||
$checkout_to_id = $checkoutAcceptance->assigned_to_id;
|
||||
|
||||
if (is_null($item)) {
|
||||
$skips++;
|
||||
$bar->advance();
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if (get_class($item) === LicenseSeat::class) {
|
||||
$item = $item->license;
|
||||
if (is_null($item)) {
|
||||
$skips++;
|
||||
$bar->advance();
|
||||
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
if (is_null($checkoutAcceptance->created_at)) {
|
||||
$skips++;
|
||||
$bar->advance();
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
// Push all filtering (including the ±5-second window) into the DB;
|
||||
// exists() returns as soon as one matching row is found rather than
|
||||
// fetching all checkout logs into PHP.
|
||||
$shouldDelete = $item->assetlog()
|
||||
->where('action_type', 'checkout')
|
||||
->where('target_id', $checkout_to_id)
|
||||
->where('target_type', '!=', User::class)
|
||||
->whereBetween('created_at', [
|
||||
$checkoutAcceptance->created_at->copy()->subSeconds(5),
|
||||
$checkoutAcceptance->created_at->copy()->addSeconds(5),
|
||||
])
|
||||
->exists();
|
||||
|
||||
if ($shouldDelete) {
|
||||
$idsToDelete[] = $checkoutAcceptance->id;
|
||||
// now, let's compare the _times_ - are they close?
|
||||
// I'm picking `created_at` over `action_date` because I'm more interested in when the actionlogs
|
||||
// were _created_, not when they were alleged to have happened - those created_at times need to be within 'X' seconds of
|
||||
// each other (currently 5)
|
||||
if ($assetlog->created_at->diffInSeconds($checkoutAcceptance->created_at, true) <= 5) { // we're allowing for five _ish_ seconds of slop
|
||||
$deletions++;
|
||||
$checkoutAcceptance->forceDelete(); // HARD delete this record; it should have never been
|
||||
|
||||
return;
|
||||
} else {
|
||||
$skips++;
|
||||
// $this->info("The two records are too far apart");
|
||||
}
|
||||
|
||||
$bar->advance();
|
||||
} else {
|
||||
// $this->info("No match! checkout to id: " . $checkout_to_id." target_id: ".$assetlog->target_id." target_type: ".$assetlog->target_type);
|
||||
}
|
||||
|
||||
// Bulk-delete the bad records in one query per chunk instead of one per row.
|
||||
if (! empty($idsToDelete)) {
|
||||
CheckoutAcceptance::whereIn('id', $idsToDelete)->forceDelete();
|
||||
}
|
||||
});
|
||||
|
||||
$bar->finish();
|
||||
$this->newLine();
|
||||
$this->info("Final deletion count: {$deletions}, and skip count: {$skips}");
|
||||
}
|
||||
$skips++;
|
||||
});
|
||||
$this->error("Final deletion count: $deletions, and skip count: $skips");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -19,7 +19,7 @@ class LdapSync extends Command
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $signature = 'snipeit:ldap-sync {--location=} {--location_id=*} {--base_dn=} {--filter=} {--delete} {--summary} {--json_summary}';
|
||||
protected $signature = 'snipeit:ldap-sync {--location=} {--location_id=*} {--base_dn=} {--filter=} {--summary} {--json_summary}';
|
||||
|
||||
/**
|
||||
* The console command description.
|
||||
@@ -94,7 +94,6 @@ class LdapSync extends Command
|
||||
}
|
||||
|
||||
$summary = [];
|
||||
$seen_ldap_usernames = [];
|
||||
|
||||
try {
|
||||
|
||||
@@ -275,14 +274,8 @@ class LdapSync extends Command
|
||||
'name' => $item['department'],
|
||||
]);
|
||||
|
||||
$user = User::withTrashed()->where('username', $item['username'])->first();
|
||||
if (! empty($item['username'])) {
|
||||
$seen_ldap_usernames[] = $item['username'];
|
||||
}
|
||||
$user = User::where('username', $item['username'])->first();
|
||||
if ($user) {
|
||||
if ($user->trashed()) {
|
||||
$user->restore();
|
||||
}
|
||||
// Updating an existing user.
|
||||
$item['createorupdate'] = 'updated';
|
||||
} else {
|
||||
@@ -497,41 +490,6 @@ class LdapSync extends Command
|
||||
array_push($summary, $item);
|
||||
}
|
||||
|
||||
// Optionally soft-delete LDAP-imported users that are no longer present in LDAP.
|
||||
// users with assests etc. are not deletable and skipped
|
||||
if ($this->option('delete')) {
|
||||
$missing_ldap_users = User::where('ldap_import', 1);
|
||||
$missing_ldap_users = $missing_ldap_users->whereNotIn('username', $seen_ldap_usernames);
|
||||
$missing_ldap_users = $missing_ldap_users->get();
|
||||
|
||||
foreach ($missing_ldap_users as $missing_user) {
|
||||
$is_deletable = $this->isUserDeletable($missing_user);
|
||||
|
||||
$missing_item = [
|
||||
'id' => $missing_user->id,
|
||||
'username' => $missing_user->username,
|
||||
'firstname' => $missing_user->first_name,
|
||||
'lastname' => $missing_user->last_name,
|
||||
'email' => $missing_user->email,
|
||||
'createorupdate' => 'skipped',
|
||||
'status' => 'info',
|
||||
'deletable' => $is_deletable,
|
||||
'note' => $is_deletable ? 'missing from LDAP' : 'missing from LDAP, but not deletable',
|
||||
];
|
||||
|
||||
if ($is_deletable) {
|
||||
$missing_user->delete();
|
||||
$missing_item['createorupdate'] = 'deleted';
|
||||
$missing_item['status'] = 'success';
|
||||
$missing_item['note'] = 'deleted_missing_from_ldap';
|
||||
}
|
||||
|
||||
$summary[] = $missing_item;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
if ($this->option('summary')) {
|
||||
for ($x = 0; $x < count($summary); $x++) {
|
||||
if ($summary[$x]['status'] == 'error') {
|
||||
@@ -547,23 +505,4 @@ class LdapSync extends Command
|
||||
return $summary;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the user is deletable without gate check
|
||||
*
|
||||
* A user is considered deletable if they have no associated assets, accessories, licenses, consumables, managed users, or managed locations.
|
||||
*
|
||||
* @param User $user The user to check
|
||||
*
|
||||
* @return bool True if the user is deletable, false otherwise
|
||||
*/
|
||||
private function isUserDeletable(User $user): bool
|
||||
{
|
||||
return (($user->assets_count ?? $user->assets()->count()) === 0)
|
||||
&& (($user->accessories_count ?? $user->accessories()->count()) === 0)
|
||||
&& (($user->licenses_count ?? $user->licenses()->count()) === 0)
|
||||
&& (($user->consumables_count ?? $user->consumables()->count()) === 0)
|
||||
&& (($user->manages_users_count ?? $user->managesUsers()->count()) === 0)
|
||||
&& (($user->manages_locations_count ?? $user->managedLocations()->count()) === 0);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,9 +15,7 @@ class PurgeEulaPDFs extends Command
|
||||
* @var string
|
||||
*/
|
||||
protected $signature = 'snipeit:purge-eula-pdfs
|
||||
{--older-than-days= : The number of days we should delete before }
|
||||
{--company-id= : Only purge acceptances for users in this company}
|
||||
{--only-deleted-users : Only purge acceptances for deleted users, including soft-deleted or missing users}
|
||||
{--older-than-days= : The number of days we should delete before }
|
||||
{--force : Skip the interactive yes/no prompt for confirmation}
|
||||
{--dryrun : Show the records that would be deleted but don\'t update the database or delete files from disk}
|
||||
{--with-output : Display the results in a table in your console}';
|
||||
@@ -57,34 +55,7 @@ class PurgeEulaPDFs extends Command
|
||||
$this->info('This script is being run with the --dryrun option. No files or records will be deleted.');
|
||||
|
||||
}
|
||||
$companyId = $this->option('company-id');
|
||||
$query = CheckoutAcceptance::HasFiles()->where('updated_at', '<', $interval_date)
|
||||
->with([
|
||||
'assignedTo' => function ($query) {
|
||||
$query->withTrashed();
|
||||
},
|
||||
]);
|
||||
|
||||
if ($this->option('only-deleted-users')) {
|
||||
$query->where(function ($query) use ($companyId) {
|
||||
$query->whereHas('assignedTo', function ($q) use ($companyId) {
|
||||
$q->withTrashed()->whereNotNull('deleted_at');
|
||||
|
||||
if ($companyId) {
|
||||
$q->where('company_id', $companyId);
|
||||
}
|
||||
});
|
||||
|
||||
$query->orWhereDoesntHave('assignedTo');
|
||||
});
|
||||
} else {
|
||||
if ($companyId) {
|
||||
$query->whereHas('assignedTo', function ($query) use ($companyId) {
|
||||
$query->withTrashed()->where('company_id', $companyId);
|
||||
});
|
||||
}
|
||||
}
|
||||
$acceptances = $query->get();
|
||||
$acceptances = CheckoutAcceptance::HasFiles()->where('updated_at', '<', $interval_date)->with('assignedTo')->get();
|
||||
|
||||
if (! $this->option('force')) {
|
||||
if ($this->confirm("\n****************************************************\nTHIS WILL DELETE ALL OF THE SIGNATURES AND EULA PDF FILES SINCE $interval_date. \nThere is NO undo! \n****************************************************\n\nDo you wish to continue? No backsies! [y|N]")) {
|
||||
|
||||
@@ -5,7 +5,6 @@ namespace App\Console\Commands;
|
||||
use App\Models\Setting;
|
||||
use App\Models\User;
|
||||
use Illuminate\Console\Command;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
|
||||
class ResetDemoSettings extends Command
|
||||
{
|
||||
@@ -48,7 +47,7 @@ class ResetDemoSettings extends Command
|
||||
$settings->auto_increment_assets = 1;
|
||||
$settings->logo = 'snipe-logo.png';
|
||||
$settings->alert_email = 'service@snipe-it.io';
|
||||
$settings->login_note = "Use any of the following credentials to login to the demo:\n\n- `admin` / `password`\n- `assets` / `password`\n- `testuser` / `password`";
|
||||
$settings->login_note = 'Use `admin` / `password` to login to the demo.';
|
||||
$settings->header_color = '#3c8dbc';
|
||||
$settings->link_dark_color = '#5fa4cc';
|
||||
$settings->link_light_color = '#296282;';
|
||||
@@ -86,44 +85,6 @@ class ResetDemoSettings extends Command
|
||||
$user->save();
|
||||
}
|
||||
|
||||
$assetsUser = User::updateOrCreate(
|
||||
['username' => 'assets'],
|
||||
[
|
||||
'first_name' => 'Assets',
|
||||
'last_name' => 'User',
|
||||
'password' => Hash::make('password'),
|
||||
'activated' => 1,
|
||||
]
|
||||
);
|
||||
$assetsUser->permissions = json_encode([
|
||||
'assets.view' => 1,
|
||||
'assets.create' => 1,
|
||||
'assets.edit' => 1,
|
||||
'assets.delete' => 1,
|
||||
'assets.checkout' => 1,
|
||||
'assets.checkin' => 1,
|
||||
'assets.audit' => 1,
|
||||
'assets.files' => 1,
|
||||
'assets.view.requestable' => 1,
|
||||
'assets.view.encrypted_custom_fields' => 1,
|
||||
]);
|
||||
$assetsUser->save();
|
||||
|
||||
$testUser = User::updateOrCreate(
|
||||
['username' => 'testuser'],
|
||||
[
|
||||
'first_name' => 'Test',
|
||||
'last_name' => 'User',
|
||||
'password' => Hash::make('password'),
|
||||
'activated' => 1,
|
||||
]
|
||||
);
|
||||
$testUser->permissions = json_encode([
|
||||
'self.checkout_assets' => 1,
|
||||
'assets.view.requestable' => 1,
|
||||
]);
|
||||
$testUser->save();
|
||||
|
||||
\Storage::disk('public')->put('snipe-logo.png', file_get_contents(public_path('img/demo/snipe-logo.png')));
|
||||
\Storage::disk('public')->put('snipe-logo-lg.png', file_get_contents(public_path('img/demo/snipe-logo-lg.png')));
|
||||
|
||||
|
||||
@@ -456,11 +456,7 @@ class RestoreFromBackup extends Command
|
||||
if (! file_exists($mysql_binary)) {
|
||||
return $this->error("mysql tool at: '$mysql_binary' does not exist, cannot restore. Please edit DB_DUMP_PATH in your .env to point to a directory that contains the mysqldump and mysql binary");
|
||||
}
|
||||
$proc_results = proc_open("$mysql_binary -h " .
|
||||
escapeshellarg(config('database.connections.mysql.host')) .
|
||||
' -u ' . escapeshellarg(config('database.connections.mysql.username')) . ' ' .
|
||||
' -P ' . escapeshellarg(config('database.connections.mysql.port')) . ' ' .
|
||||
escapeshellarg(config('database.connections.mysql.database')), // yanked -p since we pass via ENV
|
||||
$proc_results = proc_open("$mysql_binary -h ".escapeshellarg(config('database.connections.mysql.host')).' -u '.escapeshellarg(config('database.connections.mysql.username')).' '.escapeshellarg(config('database.connections.mysql.database')), // yanked -p since we pass via ENV
|
||||
[0 => ['pipe', 'r'], 1 => ['pipe', 'w'], 2 => ['pipe', 'w']],
|
||||
$pipes,
|
||||
null,
|
||||
|
||||
@@ -1,92 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Console\Commands;
|
||||
|
||||
use App\Models\Asset;
|
||||
use Illuminate\Console\Command;
|
||||
use Illuminate\Support\MessageBag;
|
||||
|
||||
class ValidateAssets extends Command
|
||||
{
|
||||
/**
|
||||
* The name and signature of the console command.
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $signature = 'snipeit:validate-assets {--all : Display the valid assets in your table output as well} ';
|
||||
|
||||
/**
|
||||
* The console command description.
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $description = 'This runs through the list of assets and checks for any validation errors that would prevent it from being updated or checked in or out. ';
|
||||
|
||||
/**
|
||||
* Execute the console command.
|
||||
*/
|
||||
public function handle()
|
||||
{
|
||||
$showAll = (bool) $this->option('all');
|
||||
|
||||
$assets = Asset::query()
|
||||
->whereNull('deleted_at')
|
||||
->with('model')
|
||||
->orderBy('assets.created_at', 'desc')
|
||||
->get();
|
||||
|
||||
if (! $showAll) {
|
||||
$this->info('Run this command with the --all option to see the full list in the console.');
|
||||
}
|
||||
|
||||
$rows = $assets
|
||||
->filter(fn (Asset $asset) => $showAll || ! $asset->isValid())
|
||||
->map(fn (Asset $asset) => [
|
||||
trans('general.id') => $asset->id,
|
||||
trans('admin/hardware/form.tag') => $asset->asset_tag,
|
||||
trans('admin/hardware/form.serial') => $asset->serial ?? '',
|
||||
trans('admin/hardware/form.model') => $asset->model?->name ?? '',
|
||||
trans('general.model_no') => $asset->model?->model_number ?? '',
|
||||
trans('general.error') => $asset->isValid() ? '√ valid' : $this->formatValidationErrors($asset),
|
||||
])
|
||||
->values()
|
||||
->all();
|
||||
|
||||
$this->table(
|
||||
[
|
||||
trans('general.id'),
|
||||
trans('admin/hardware/form.tag'),
|
||||
trans('admin/hardware/form.serial'),
|
||||
trans('admin/hardware/form.model'),
|
||||
trans('general.model_no'),
|
||||
trans('general.error'),
|
||||
],
|
||||
$rows
|
||||
);
|
||||
|
||||
return self::SUCCESS;
|
||||
}
|
||||
|
||||
private function formatValidationErrors(Asset $asset): string
|
||||
{
|
||||
$errors = $asset->getErrors();
|
||||
$messages = [];
|
||||
|
||||
if ($errors instanceof MessageBag) {
|
||||
$messages = $errors->all();
|
||||
} elseif (is_array($errors)) {
|
||||
$messages = $errors;
|
||||
} else {
|
||||
$messages = [(string) $errors];
|
||||
}
|
||||
|
||||
$prefixedMessages = collect($messages)
|
||||
->map(fn ($message) => trim((string) $message))
|
||||
->filter()
|
||||
->map(fn (string $message) => str_starts_with($message, '✘') ? $message : '✘ '.$message)
|
||||
->values()
|
||||
->all();
|
||||
|
||||
return implode(PHP_EOL, $prefixedMessages);
|
||||
}
|
||||
}
|
||||
@@ -4,9 +4,6 @@ namespace App\Console\Commands;
|
||||
|
||||
use Illuminate\Console\Command;
|
||||
|
||||
use function Laravel\Prompts\info;
|
||||
use function Laravel\Prompts\select;
|
||||
|
||||
class Version extends Command
|
||||
{
|
||||
/**
|
||||
@@ -14,7 +11,7 @@ class Version extends Command
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $signature = 'version:update';
|
||||
protected $signature = 'version:update {--branch=master} {--type=patch}';
|
||||
|
||||
/**
|
||||
* The console command description.
|
||||
@@ -40,40 +37,30 @@ class Version extends Command
|
||||
*/
|
||||
public function handle()
|
||||
{
|
||||
$use_branch = select(
|
||||
label: 'Which branch?',
|
||||
options: ['master', 'develop'],
|
||||
default: 'develop',
|
||||
);
|
||||
|
||||
$use_type = select(
|
||||
label: 'Which release type?',
|
||||
options: [
|
||||
'hash' => 'Hash bump',
|
||||
'patch' => 'Patch release',
|
||||
'minor' => 'Minor release',
|
||||
'major' => 'Major release',
|
||||
'pre-patch' => 'Pre-patch release',
|
||||
'pre-minor' => 'Pre-minor release',
|
||||
'pre-major' => 'Pre-major release',
|
||||
],
|
||||
default: 'hash',
|
||||
scroll: 7,
|
||||
);
|
||||
|
||||
$use_branch = $this->option('branch');
|
||||
$use_type = $this->option('type');
|
||||
$git_branch = trim(shell_exec('git rev-parse --abbrev-ref HEAD'));
|
||||
$build_version = trim(shell_exec('git rev-list --count '.$use_branch));
|
||||
$versionFile = 'config/version.php';
|
||||
$full_hash_version = str_replace("\n", '', shell_exec('git describe master --tags'));
|
||||
|
||||
$version = explode('-', $full_hash_version);
|
||||
$app_version = $version[0];
|
||||
$app_version = $current_app_version = $version[0];
|
||||
$hash_version = (array_key_exists('2', $version)) ? $version[2] : '';
|
||||
$prerelease_version = '';
|
||||
|
||||
if (array_key_exists('3', $version)) {
|
||||
$prerelease_version = $version[1];
|
||||
$hash_version = $version[3];
|
||||
$this->line('Branch is: '.$use_branch);
|
||||
$this->line('Type is: '.$use_type);
|
||||
$this->line('Current version is: '.$full_hash_version);
|
||||
|
||||
if (count($version) == 3) {
|
||||
$this->line('This does not look like an alpha/beta release.');
|
||||
} else {
|
||||
if (array_key_exists('3', $version)) {
|
||||
$this->line('The current version looks like a beta release.');
|
||||
$prerelease_version = $version[1];
|
||||
$hash_version = $version[3];
|
||||
}
|
||||
}
|
||||
|
||||
$app_version_raw = explode('.', $app_version);
|
||||
@@ -87,52 +74,54 @@ class Version extends Command
|
||||
$patch = $app_version_raw[2];
|
||||
}
|
||||
|
||||
if ($use_type === 'major') {
|
||||
if ($use_type == 'major') {
|
||||
$app_version = 'v'.($maj + 1).".$min.$patch";
|
||||
} elseif ($use_type === 'minor') {
|
||||
} elseif ($use_type == 'minor') {
|
||||
$app_version = 'v'."$maj.".($min + 1).".$patch";
|
||||
} elseif ($use_type === 'pre-patch') {
|
||||
$app_version = 'v'."$maj.$min.".($patch + 1).'-pre';
|
||||
} elseif ($use_type === 'pre-minor') {
|
||||
$app_version = 'v'."$maj.".($min + 1).'.0-pre';
|
||||
} elseif ($use_type === 'pre-major') {
|
||||
$app_version = 'v'.($maj + 1).'.0.0-pre';
|
||||
} elseif ($use_type === 'patch') {
|
||||
} elseif ($use_type == 'pre') {
|
||||
$pre_raw = str_replace('beta', '', $prerelease_version);
|
||||
$pre_raw = str_replace('alpha', '', $pre_raw);
|
||||
$pre_raw = str_ireplace('rc', '', $pre_raw);
|
||||
$pre_raw = $pre_raw++;
|
||||
$this->line('Setting the pre-release to '.$prerelease_version.'-'.$pre_raw);
|
||||
$app_version = 'v'."$maj.".($min + 1).".$patch";
|
||||
} elseif ($use_type == 'patch') {
|
||||
$app_version = 'v'."$maj.$min.".($patch + 1);
|
||||
// If nothing is passed, leave the version as it is, just increment the build
|
||||
} else {
|
||||
$app_version = 'v'."$maj.$min.".$patch;
|
||||
}
|
||||
|
||||
if ($use_branch === 'develop' && ! str_ends_with($app_version, '-pre')) {
|
||||
// Determine if this tag already exists, or if this prior to a release
|
||||
$this->line('Running: git rev-parse master '.$current_app_version);
|
||||
// $pre_release = trim(shell_exec('git rev-parse '.$use_branch.' '.$current_app_version.' 2>&1 1> /dev/null'));
|
||||
|
||||
if ($use_branch == 'develop') {
|
||||
$app_version = $app_version.'-pre';
|
||||
}
|
||||
|
||||
$full_hash_version = str_replace($version[0], $app_version, $full_hash_version);
|
||||
$full_app_version = $app_version.' - build '.$build_version.'-'.$hash_version;
|
||||
|
||||
$content = <<<PHP
|
||||
<?php
|
||||
$array = var_export(
|
||||
[
|
||||
'app_version' => $app_version,
|
||||
'full_app_version' => $full_app_version,
|
||||
'build_version' => $build_version,
|
||||
'prerelease_version' => $prerelease_version,
|
||||
'hash_version' => $hash_version,
|
||||
'full_hash' => $full_hash_version,
|
||||
'branch' => $git_branch, ],
|
||||
true
|
||||
);
|
||||
|
||||
return [
|
||||
'app_version' => '$app_version',
|
||||
'full_app_version' => '$full_app_version',
|
||||
'build_version' => '$build_version',
|
||||
'prerelease_version' => '$prerelease_version',
|
||||
'hash_version' => '$hash_version',
|
||||
'full_hash' => '$full_hash_version',
|
||||
'branch' => '$git_branch',
|
||||
];
|
||||
|
||||
PHP;
|
||||
// Construct our file content
|
||||
$content = <<<CON
|
||||
<?php
|
||||
return $array;
|
||||
CON;
|
||||
|
||||
// And finally write the file and output the current version
|
||||
\File::put($versionFile, $content);
|
||||
info('New version: '.$full_app_version.' ('.$git_branch.')');
|
||||
|
||||
info('Building JS/CSS assets...');
|
||||
passthru('npm run prod', $exitCode);
|
||||
|
||||
if ($exitCode !== 0) {
|
||||
$this->error('Asset build failed with exit code '.$exitCode);
|
||||
} else {
|
||||
info('Assets built successfully.');
|
||||
}
|
||||
$this->info('Setting NEW version: '.$full_app_version.' ('.$git_branch.')');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,7 +13,6 @@ enum ActionType: string
|
||||
// Assets/Accessories/Components/Licenses/Consumables
|
||||
case Checkout = 'checkout';
|
||||
case CheckinFrom = 'checkin from';
|
||||
case ForceCheckin = 'force checkin';
|
||||
case Requested = 'requested';
|
||||
case RequestCanceled = 'request canceled';
|
||||
case Accepted = 'accepted';
|
||||
@@ -24,16 +23,11 @@ enum ActionType: string
|
||||
// Users
|
||||
case TwoFactorReset = '2FA reset';
|
||||
case Merged = 'merged';
|
||||
case TokenRevoked = 'token revoked';
|
||||
case TokenUnrevoked = 'token unrevoked';
|
||||
|
||||
// Licenses
|
||||
case DeleteSeats = 'delete seats';
|
||||
case AddSeats = 'add seats';
|
||||
|
||||
// Maintenances
|
||||
case MaintenanceComplete = 'completed';
|
||||
|
||||
// File Uploads
|
||||
case Uploaded = 'uploaded';
|
||||
case UploadDeleted = 'upload deleted';
|
||||
|
||||
@@ -22,14 +22,12 @@ class CheckoutableCheckedOut
|
||||
|
||||
public int $quantity;
|
||||
|
||||
public bool $signInPlace;
|
||||
|
||||
/**
|
||||
* Create a new event instance.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function __construct($checkoutable, $checkedOutTo, User $checkedOutBy, $note, $originalValues = [], $quantity = 1, bool $signInPlace = false)
|
||||
public function __construct($checkoutable, $checkedOutTo, User $checkedOutBy, $note, $originalValues = [], $quantity = 1)
|
||||
{
|
||||
$this->checkoutable = $checkoutable;
|
||||
$this->checkedOutTo = $checkedOutTo;
|
||||
@@ -37,6 +35,5 @@ class CheckoutableCheckedOut
|
||||
$this->note = $note;
|
||||
$this->originalValues = $originalValues;
|
||||
$this->quantity = $quantity;
|
||||
$this->signInPlace = $signInPlace;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -19,8 +19,6 @@ use Illuminate\Validation\ValidationException;
|
||||
use Intervention\Image\Exception\NotSupportedException;
|
||||
use JsonException;
|
||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||
use Livewire\Exceptions\ComponentNotFoundException;
|
||||
use Livewire\Exceptions\PublicPropertyNotFoundException;
|
||||
use Symfony\Component\HttpKernel\Exception\HttpException;
|
||||
use Throwable;
|
||||
|
||||
@@ -43,8 +41,6 @@ class Handler extends ExceptionHandler
|
||||
JsonException::class,
|
||||
SCIMException::class, // these generally don't need to be reported
|
||||
InvalidFormatException::class,
|
||||
PublicPropertyNotFoundException::class,
|
||||
ComponentNotFoundException::class,
|
||||
];
|
||||
|
||||
/**
|
||||
@@ -75,17 +71,6 @@ class Handler extends ExceptionHandler
|
||||
public function render($request, Throwable $e)
|
||||
{
|
||||
|
||||
// Livewire tried to set a property that doesn't exist (e.g. stale browser state sending a bare "0" as a property name)
|
||||
if ($e instanceof PublicPropertyNotFoundException) {
|
||||
return response()->json(['message' => $e->getMessage()], 422);
|
||||
}
|
||||
|
||||
// A request named a Livewire component that doesn't exist in this app (e.g. bots probing
|
||||
// for Filament endpoints). Return 404 so it doesn't surface as a 500.
|
||||
if ($e instanceof ComponentNotFoundException) {
|
||||
return response()->json(['message' => 'Component not found.'], 404);
|
||||
}
|
||||
|
||||
// CSRF token mismatch error
|
||||
if ($e instanceof TokenMismatchException) {
|
||||
return redirect()->back()->with('error', trans('general.token_expired'));
|
||||
@@ -216,7 +201,7 @@ class Handler extends ExceptionHandler
|
||||
protected function unauthenticated($request, AuthenticationException $exception)
|
||||
{
|
||||
if ($request->expectsJson()) {
|
||||
return response()->json(['error' => trans('general.unauthorized')], 401);
|
||||
return response()->json(['error' => 'Unauthorized or unauthenticated.'], 401);
|
||||
}
|
||||
|
||||
return redirect()->guest('login');
|
||||
|
||||
+14
-116
@@ -14,7 +14,6 @@ use App\Models\License;
|
||||
use App\Models\Location;
|
||||
use App\Models\Setting;
|
||||
use App\Models\Statuslabel;
|
||||
use App\Models\User;
|
||||
use Carbon\Carbon;
|
||||
use Illuminate\Contracts\Encryption\DecryptException;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
@@ -664,7 +663,7 @@ class Helper
|
||||
*/
|
||||
public static function depreciationList()
|
||||
{
|
||||
$depreciation_list = ['' => trans('admin/licenses/form.no_depreciation')] + Depreciation::orderBy('name', 'asc')
|
||||
$depreciation_list = ['' => 'Do Not Depreciate'] + Depreciation::orderBy('name', 'asc')
|
||||
->pluck('name', 'id')->toArray();
|
||||
|
||||
return $depreciation_list;
|
||||
@@ -1269,7 +1268,6 @@ class Helper
|
||||
$allowedExtensionMap = [
|
||||
// Images
|
||||
'jpg' => 'far fa-image',
|
||||
'jfif' => 'far fa-image',
|
||||
'jpeg' => 'far fa-image',
|
||||
'gif' => 'far fa-image',
|
||||
'png' => 'far fa-image',
|
||||
@@ -1513,7 +1511,7 @@ class Helper
|
||||
case 'pt':
|
||||
return (1 / 72) * static::getUnitConversionFactor('in');
|
||||
default:
|
||||
throw new \InvalidArgumentException('Unit: '.e($unit).' is not supported');
|
||||
throw new \InvalidArgumentException('Unit: \''.$unit.'\' is not supported');
|
||||
|
||||
return false;
|
||||
}
|
||||
@@ -1598,17 +1596,7 @@ class Helper
|
||||
$checkout_to_type = session('checkout_to_type') ?? null;
|
||||
$checkedInFrom = session('checkedInFrom');
|
||||
$other_redirect = session('other_redirect');
|
||||
$backUrl = str_replace(["\r", "\n"], '', session()->pull('url.intended', 'home'));
|
||||
|
||||
// Reject any stored back-URL that points off-site. redirect()->intended() performs
|
||||
// no host validation, and url.intended can be written from the SAML RelayState POST
|
||||
// parameter (SamlController), which an attacker-controlled IdP could set to an
|
||||
// off-site URL.
|
||||
$backHost = parse_url($backUrl, PHP_URL_HOST);
|
||||
$appHost = parse_url(config('app.url'), PHP_URL_HOST);
|
||||
if ($backHost && $backHost !== $appHost) {
|
||||
$backUrl = route('home');
|
||||
}
|
||||
$backUrl = session()->pull('url.intended', 'home');
|
||||
|
||||
// return to previous page
|
||||
if ($redirect_option == 'back') {
|
||||
@@ -1641,20 +1629,10 @@ class Helper
|
||||
|
||||
// return to assignment target
|
||||
if ($redirect_option == 'target') {
|
||||
$userId = $request->assigned_user ?? $checkedInFrom;
|
||||
$locationId = $request->assigned_location ?? $checkedInFrom;
|
||||
$assetId = $request->assigned_asset ?? $checkedInFrom;
|
||||
|
||||
return match ($checkout_to_type) {
|
||||
'user' => $userId
|
||||
? redirect()->route('users.show', $userId)
|
||||
: redirect()->route('users.index'),
|
||||
'location' => $locationId
|
||||
? redirect()->route('locations.show', $locationId)
|
||||
: redirect()->route('locations.index'),
|
||||
'asset' => $assetId
|
||||
? redirect()->route('hardware.show', $assetId)
|
||||
: redirect()->route('hardware.index'),
|
||||
'user' => redirect()->route('users.show', $request->assigned_user ?? $checkedInFrom),
|
||||
'location' => redirect()->route('locations.show', $request->assigned_location ?? $checkedInFrom),
|
||||
'asset' => redirect()->route('hardware.show', $request->assigned_asset ?? $checkedInFrom),
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1701,8 +1679,6 @@ class Helper
|
||||
return [];
|
||||
}
|
||||
|
||||
$floater = (bool) Setting::getSettings()->null_company_is_floater;
|
||||
|
||||
foreach ($locations as $location) {
|
||||
// in case of an update of a single location, use the newly requested company_id
|
||||
if ($new_company_id) {
|
||||
@@ -1737,51 +1713,26 @@ class Helper
|
||||
foreach ($keywords as $keyword) {
|
||||
if ($relation == 'many') {
|
||||
$items = $location->{$keyword}->all();
|
||||
// assignedAccessories returns AccessoryCheckout records (no company_id);
|
||||
// resolve each to its parent Accessory so the comparison is valid.
|
||||
if ($keyword === 'assignedAccessories') {
|
||||
$items = collect($items)->map(fn ($checkout) => $checkout->accessory)->filter()->values()->all();
|
||||
}
|
||||
} else {
|
||||
$items = collect([])->push($location->$keyword);
|
||||
}
|
||||
|
||||
$count = 0;
|
||||
foreach ($items as $item) {
|
||||
if (! $item) {
|
||||
continue;
|
||||
}
|
||||
|
||||
// Users belong to companies via the many-to-many pivot (company_user).
|
||||
// canReceiveFromCompany() returns true only when the user's pivot
|
||||
// contains the location's company, so !canReceiveFromCompany() is
|
||||
// the correct mismatch signal.
|
||||
if ($item instanceof User) {
|
||||
$isMismatch = ! $item->canReceiveFromCompany((int) $location_company);
|
||||
} elseif ($item->company_id == $location_company) {
|
||||
$isMismatch = false;
|
||||
} elseif (is_null($item->company_id) || is_null($location_company)) {
|
||||
$isMismatch = ! $floater;
|
||||
} else {
|
||||
$isMismatch = true;
|
||||
}
|
||||
|
||||
if ($isMismatch) {
|
||||
if ($item instanceof User) {
|
||||
$itemCompanyIds = $item->companies->pluck('id')->implode(', ');
|
||||
$itemCompanyNames = $item->companies->pluck('name')->implode(', ');
|
||||
} else {
|
||||
$itemCompanyIds = $item->company_id ?? null;
|
||||
$itemCompanyNames = $item->company->name ?? null;
|
||||
}
|
||||
if ($item && $item->company_id != $location_company) {
|
||||
|
||||
$mismatched[] = [
|
||||
class_basename(get_class($item)),
|
||||
$item->id,
|
||||
$item->name ?? $item->asset_tag ?? $item->serial ?? $item->username,
|
||||
$item->assigned_type ? str_replace('App\\Models\\', '', $item->assigned_type) : null,
|
||||
$itemCompanyIds,
|
||||
$itemCompanyNames,
|
||||
$item->company_id ?? null,
|
||||
$item->company->name ?? null,
|
||||
// $item->defaultLoc->id ?? null,
|
||||
// $item->defaultLoc->name ?? null,
|
||||
// $item->defaultLoc->company->id ?? null,
|
||||
// $item->defaultLoc->company->name ?? null,
|
||||
$item->location->name ?? null,
|
||||
$item->location->company->name ?? null,
|
||||
$location_company ?? null,
|
||||
@@ -1865,8 +1816,6 @@ class Helper
|
||||
$labelWidth = ($maxLabelWidthPerUnit * $labelSize) + $labelPadding;
|
||||
$valueX = $currentX + $labelWidth + $gap;
|
||||
$valueWidth = $usableWidth - $labelWidth - $gap;
|
||||
$fullValueX = $currentX;
|
||||
$fullValueWidth = $usableWidth;
|
||||
|
||||
return compact(
|
||||
'scale',
|
||||
@@ -1880,58 +1829,7 @@ class Helper
|
||||
'rowAdvance',
|
||||
'labelWidth',
|
||||
'valueX',
|
||||
'valueWidth',
|
||||
'fullValueX',
|
||||
'fullValueWidth',
|
||||
'valueWidth'
|
||||
);
|
||||
}
|
||||
|
||||
public static function normalizeFullModelName($model): string
|
||||
{
|
||||
if (str_contains($model, 'App\\Models\\')) {
|
||||
return $model;
|
||||
}
|
||||
|
||||
return 'App\\Models\\'.ucwords($model);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Render a markdown-textarea value as HTML.
|
||||
*
|
||||
* Soft line breaks (single newlines) are rendered as <br> so that line
|
||||
* breaks typed in the textarea are preserved in the output.
|
||||
*
|
||||
* When $inline is true, block-level elements are suppressed and hard
|
||||
* breaks are pre-processed manually — used for the encrypted reveal span
|
||||
* where block HTML cannot be placed inside a font-size-toggled <span>.
|
||||
*/
|
||||
public static function renderMarkdown(?string $text, bool $inline = false): string
|
||||
{
|
||||
if (empty($text)) {
|
||||
return '';
|
||||
}
|
||||
|
||||
if ($inline) {
|
||||
// Convert newlines to CommonMark hard breaks for inline rendering
|
||||
$text = preg_replace('/(?<! {2})\n/', " \n", $text);
|
||||
|
||||
return Str::inlineMarkdown($text, ['html_input' => 'escape', 'allow_unsafe_links' => false]);
|
||||
}
|
||||
|
||||
$html = trim(Str::markdown($text, [
|
||||
'html_input' => 'escape',
|
||||
'allow_unsafe_links' => false,
|
||||
'renderer' => ['soft_break' => "<br>\n"],
|
||||
]));
|
||||
|
||||
// If the entire output is a single <p> block, unwrap it so the content
|
||||
// renders inline-ish without the <p> adding unwanted top spacing in the
|
||||
// compact detail-view layout.
|
||||
if (str_starts_with($html, '<p>') && str_ends_with($html, '</p>') && substr_count($html, '<p>') === 1) {
|
||||
return substr($html, 3, -4);
|
||||
}
|
||||
|
||||
return $html;
|
||||
}
|
||||
}
|
||||
|
||||
+11
-34
@@ -7,10 +7,6 @@ class IconHelper
|
||||
public static function icon($type)
|
||||
{
|
||||
switch ($type) {
|
||||
case 'apple':
|
||||
return 'fa-brands fa-apple';
|
||||
case 'google':
|
||||
return 'fa-brands fa-google';
|
||||
case 'checkout':
|
||||
return 'fa-solid fa-rotate-left';
|
||||
case 'checkin':
|
||||
@@ -20,8 +16,6 @@ class IconHelper
|
||||
return 'fas fa-pencil-alt';
|
||||
case 'clone':
|
||||
return 'far fa-clone';
|
||||
case 'upload':
|
||||
return 'fa-solid fa-file-circle-plus';
|
||||
case 'delete':
|
||||
case 'upload deleted':
|
||||
return 'fas fa-trash';
|
||||
@@ -78,7 +72,6 @@ class IconHelper
|
||||
case 'angle-right':
|
||||
return 'fas fa-angle-right';
|
||||
case 'warning':
|
||||
case 'alert':
|
||||
return 'fas fa-exclamation-triangle';
|
||||
case 'kits':
|
||||
return 'fas fa-object-group';
|
||||
@@ -121,13 +114,12 @@ class IconHelper
|
||||
case 'password':
|
||||
return 'fa-solid fa-key';
|
||||
case 'api-key':
|
||||
return 'fas fa-user-secret';
|
||||
return 'fa-solid fa-user-secret';
|
||||
case 'nav-toggle':
|
||||
return 'fas fa-bars';
|
||||
case 'dashboard':
|
||||
return 'fas fa-tachometer-alt';
|
||||
case 'info-circle':
|
||||
case 'info':
|
||||
return 'fas fa-info-circle';
|
||||
case 'caret-right':
|
||||
return 'fa fa-caret-right';
|
||||
@@ -145,26 +137,19 @@ class IconHelper
|
||||
return 'fa-regular fa-clipboard';
|
||||
case 'paperclip':
|
||||
return 'fas fa-paperclip';
|
||||
case 'files':
|
||||
return 'fa-solid fa-file-contract';
|
||||
case 'contact-card':
|
||||
return 'fa-regular fa-id-card';
|
||||
case 'eula':
|
||||
case 'eulas':
|
||||
return 'fa-regular fa-handshake';
|
||||
case 'star':
|
||||
case 'vip':
|
||||
return 'fa-solid fa-star';
|
||||
case 'remote':
|
||||
return 'fa-solid fa-house-laptop';
|
||||
case 'files':
|
||||
return 'fa-regular fa-file';
|
||||
case 'more-info':
|
||||
case 'help':
|
||||
case 'support':
|
||||
return 'far fa-life-ring';
|
||||
case 'calendar':
|
||||
return 'fas fa-calendar';
|
||||
case 'plus':
|
||||
return 'fas fa-plus';
|
||||
case 'history':
|
||||
return 'fa-solid fa-timeline';
|
||||
return 'fas fa-history';
|
||||
case 'more-files':
|
||||
return 'fa-solid fa-laptop-file';
|
||||
case 'maintenances':
|
||||
@@ -228,7 +213,7 @@ class IconHelper
|
||||
case 'highlight':
|
||||
return 'fa-solid fa-highlighter';
|
||||
case 'manager':
|
||||
return 'fa-solid fa-user-tie';
|
||||
return 'fa-solid fa-building-user';
|
||||
case 'company':
|
||||
return 'fa-regular fa-building';
|
||||
case 'parent':
|
||||
@@ -237,24 +222,18 @@ class IconHelper
|
||||
return 'fa-solid fa-hashtag';
|
||||
case 'depreciation':
|
||||
return 'fa-solid fa-arrows-down-to-line';
|
||||
case 'calendar':
|
||||
return 'fas fa-calendar';
|
||||
case 'depreciation-calendar':
|
||||
case 'expiration':
|
||||
case 'terminates':
|
||||
return 'fa-regular fa-calendar-xmark';
|
||||
case 'deleted-date':
|
||||
case 'end_date':
|
||||
return 'fa-solid fa-calendar-xmark';
|
||||
case 'expected_checkin':
|
||||
case 'start_date':
|
||||
return 'fa-solid fa-calendar-check';
|
||||
case 'eol':
|
||||
return 'fa-regular fa-calendar-days';
|
||||
case 'manufacturer':
|
||||
return 'fa-solid fa-industry';
|
||||
case 'fieldset':
|
||||
return 'fa-regular fa-rectangle-list';
|
||||
case 'deleted-date':
|
||||
return 'fa-solid fa-calendar-xmark';
|
||||
case 'eol':
|
||||
return 'fa-regular fa-calendar-days';
|
||||
case 'category':
|
||||
return 'fa-solid fa-icons';
|
||||
case 'cost':
|
||||
@@ -269,8 +248,6 @@ class IconHelper
|
||||
return 'fa-solid fa-file-invoice';
|
||||
case 'checkout-all':
|
||||
return 'fa-solid fa-arrows-down-to-people';
|
||||
case 'checkin-all':
|
||||
return 'fa-solid fa-arrows-turn-right';
|
||||
case 'square-right':
|
||||
return 'fa-regular fa-square-caret-right';
|
||||
case 'square-left':
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
|
||||
namespace App\Helpers;
|
||||
|
||||
use Illuminate\Contracts\Filesystem\FileNotFoundException;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use Symfony\Component\HttpFoundation\BinaryFileResponse;
|
||||
@@ -19,14 +20,7 @@ class StorageHelper
|
||||
return response()->download(Storage::disk($disk)->path($filename)); // works for PRIVATE or public?!
|
||||
|
||||
case 's3':
|
||||
Storage::disk($disk)->temporaryUrl(
|
||||
$filename,
|
||||
now()->addMinutes(5),
|
||||
[
|
||||
'ResponseContentType' => 'application/octet-stream',
|
||||
'ResponseContentDisposition' => 'attachment; filename=download-file',
|
||||
]
|
||||
);
|
||||
return redirect()->away(Storage::disk($disk)->temporaryUrl($filename, now()->addMinutes(5))); // works for private or public, I guess?
|
||||
|
||||
default:
|
||||
return Storage::disk($disk)->download($filename);
|
||||
@@ -125,4 +119,33 @@ class StorageHelper
|
||||
return null;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Decide whether to show the file inline or download it.
|
||||
*/
|
||||
public static function showOrDownloadFile($file, $filename)
|
||||
{
|
||||
|
||||
$headers = [];
|
||||
|
||||
if (request('inline') == 'true') {
|
||||
|
||||
$headers = [
|
||||
'Content-Disposition' => 'inline',
|
||||
];
|
||||
|
||||
// This is NOT allowed as inline - force it to be displayed as text in the browser
|
||||
if (self::allowSafeInline($file) != true) {
|
||||
$headers = array_merge($headers, ['Content-Type' => 'text/plain']);
|
||||
}
|
||||
}
|
||||
|
||||
// Everything else seems okay, but the file doesn't exist on the server.
|
||||
if (Storage::missing($file)) {
|
||||
throw new FileNotFoundException;
|
||||
}
|
||||
|
||||
return Storage::download($file, $filename, $headers);
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,12 +4,11 @@ namespace App\Http\Controllers\Accessories;
|
||||
|
||||
use App\Events\CheckoutableCheckedOut;
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\CheckInOutRequest;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\AccessoryCheckoutRequest;
|
||||
use App\Http\Traits\CheckInOutTrait;
|
||||
use App\Models\Accessory;
|
||||
use App\Models\AccessoryCheckout;
|
||||
use App\Models\CheckoutAcceptance;
|
||||
use App\Models\User;
|
||||
use Carbon\Carbon;
|
||||
use Illuminate\Contracts\View\View;
|
||||
@@ -18,7 +17,7 @@ use Illuminate\Http\Request;
|
||||
|
||||
class AccessoryCheckoutController extends Controller
|
||||
{
|
||||
use CheckInOutTrait;
|
||||
use CheckInOutRequest;
|
||||
|
||||
/**
|
||||
* Return the form to checkout an Accessory to a user.
|
||||
@@ -66,20 +65,6 @@ class AccessoryCheckoutController extends Controller
|
||||
$target = $this->determineCheckoutTarget();
|
||||
session()->put(['checkout_to_type' => $target]);
|
||||
|
||||
if (! $accessory->canCheckoutTo($target)) {
|
||||
$targetType = match (class_basename($target)) {
|
||||
'User' => trans('general.user'),
|
||||
'Location' => trans('general.location'),
|
||||
default => trans('general.asset'),
|
||||
};
|
||||
|
||||
return redirect()->back()->with('error', trans('general.error_checkout_company_mismatch', [
|
||||
'item' => trans('general.accessory').' "'.$accessory->name.'"',
|
||||
'item_company' => $accessory->company?->name ?? trans('general.unassigned'),
|
||||
'target' => $targetType.' "'.($target->name ?? $target->username ?? $target->id).'"',
|
||||
]));
|
||||
}
|
||||
|
||||
$accessory->checkout_qty = $request->input('checkout_qty', 1);
|
||||
|
||||
for ($i = 0; $i < $accessory->checkout_qty; $i++) {
|
||||
@@ -103,53 +88,12 @@ class AccessoryCheckoutController extends Controller
|
||||
$request->input('note'),
|
||||
[],
|
||||
$accessory->checkout_qty,
|
||||
$request->boolean('sign_in_place'),
|
||||
));
|
||||
|
||||
$request->request->add(['checkout_to_type' => request('checkout_to_type')]);
|
||||
$request->request->add(['assigned_to' => $target->id]);
|
||||
|
||||
session()->put([
|
||||
'redirect_option' => $request->input('redirect_option'),
|
||||
'checkout_to_type' => $request->input('checkout_to_type'),
|
||||
'sign_in_place' => $request->boolean('sign_in_place'),
|
||||
]);
|
||||
|
||||
// When sign_in_place is requested for a user checkout, redirect to the
|
||||
// acceptance/signature page so the user can sign in person.
|
||||
if ($request->boolean('sign_in_place') && ! in_array($request->input('checkout_to_type'), ['asset', 'location'], true)) {
|
||||
$targetUser = User::find($target->id);
|
||||
|
||||
if (! $targetUser instanceof User) {
|
||||
return redirect()->route('accessories.checkout.show', $accessory)
|
||||
->with('error', trans('admin/accessories/message.checkout.user_does_not_exist'));
|
||||
}
|
||||
|
||||
$acceptance = CheckoutAcceptance::where('checkoutable_type', Accessory::class)
|
||||
->where('checkoutable_id', $accessory->id)
|
||||
->where('assigned_to_id', $targetUser->id)
|
||||
->pending()
|
||||
->latest()
|
||||
->first();
|
||||
|
||||
// If requireAcceptance() is false the listener won't have created one; create it now.
|
||||
if (! $acceptance) {
|
||||
$acceptance = new CheckoutAcceptance;
|
||||
$acceptance->checkoutable()->associate($accessory);
|
||||
$acceptance->assignedTo()->associate($targetUser);
|
||||
$acceptance->qty = $accessory->checkout_qty;
|
||||
$acceptance->save();
|
||||
}
|
||||
|
||||
session([
|
||||
'sign_in_place_acceptance_id' => $acceptance->id,
|
||||
'sign_in_place_item_id' => $accessory->id,
|
||||
'sign_in_place_resource_type' => 'Accessories',
|
||||
]);
|
||||
|
||||
return redirect()->route('account.accept.item', $acceptance->id)
|
||||
->with('success', trans('admin/accessories/message.checkout.success'));
|
||||
}
|
||||
session()->put(['redirect_option' => $request->input('redirect_option'), 'checkout_to_type' => $request->input('checkout_to_type')]);
|
||||
|
||||
// Redirect to the new accessory page
|
||||
return Helper::getRedirectOption($request, $accessory->id, 'Accessories')
|
||||
|
||||
@@ -7,14 +7,8 @@ use App\Events\CheckoutDeclined;
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Mail\CheckoutAcceptanceResponseMail;
|
||||
use App\Models\Accessory;
|
||||
use App\Models\Actionlog;
|
||||
use App\Models\Asset;
|
||||
use App\Models\CheckoutAcceptance;
|
||||
use App\Models\Company;
|
||||
use App\Models\Consumable;
|
||||
use App\Models\License;
|
||||
use App\Models\LicenseSeat;
|
||||
use App\Models\Setting;
|
||||
use App\Models\User;
|
||||
use App\Notifications\AcceptanceItemAcceptedNotification;
|
||||
@@ -46,32 +40,19 @@ class AcceptanceController extends Controller
|
||||
*
|
||||
* @param int $id
|
||||
*/
|
||||
public function create(Request $request, $id): View|RedirectResponse
|
||||
public function create($id): View|RedirectResponse
|
||||
{
|
||||
$currentUser = auth()->user();
|
||||
|
||||
if (! $currentUser instanceof User) {
|
||||
abort(403, trans('general.insufficient_permissions'));
|
||||
}
|
||||
|
||||
$acceptance = CheckoutAcceptance::find($id);
|
||||
|
||||
if (! $acceptance) {
|
||||
if (is_null($acceptance)) {
|
||||
return redirect()->route('account.accept')->with('error', trans('admin/hardware/message.does_not_exist'));
|
||||
}
|
||||
|
||||
if (! $acceptance->isPending()) {
|
||||
if ($this->isStaleSignInPlaceAdminAttempt($acceptance, $currentUser)) {
|
||||
return $this->redirectToIntendedSignInPlaceDestination($request, $acceptance)
|
||||
->with('warning', trans('admin/users/message.error.asset_already_accepted'));
|
||||
}
|
||||
|
||||
return redirect()->route('account.accept')->with('error', trans('admin/users/message.error.asset_already_accepted'));
|
||||
}
|
||||
|
||||
$isSignInPlaceAdminFlow = $this->isSignInPlaceAdminFlow($acceptance);
|
||||
|
||||
if (! $acceptance->isCheckedOutTo($currentUser) && (! $isSignInPlaceAdminFlow)) {
|
||||
if (! $acceptance->isCheckedOutTo(auth()->user())) {
|
||||
return redirect()->route('account.accept')->with('error', trans('admin/users/message.error.incorrect_user_accepted'));
|
||||
}
|
||||
|
||||
@@ -79,10 +60,7 @@ class AcceptanceController extends Controller
|
||||
return redirect()->route('account.accept')->with('error', trans('general.error_user_company'));
|
||||
}
|
||||
|
||||
$checkedOutAt = Helper::getFormattedDateObject($acceptance->created_at, 'datetime', false);
|
||||
$checkedOutBy = $this->resolveCheckoutActorName($acceptance);
|
||||
|
||||
return view('account/accept.create', compact('acceptance', 'isSignInPlaceAdminFlow', 'checkedOutAt', 'checkedOutBy'));
|
||||
return view('account/accept.create', compact('acceptance'));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -92,36 +70,20 @@ class AcceptanceController extends Controller
|
||||
*/
|
||||
public function store(Request $request, $id): RedirectResponse
|
||||
{
|
||||
$currentUser = auth()->user();
|
||||
|
||||
if (! $currentUser instanceof User) {
|
||||
abort(403, trans('general.insufficient_permissions'));
|
||||
}
|
||||
|
||||
$acceptance = CheckoutAcceptance::find($id);
|
||||
|
||||
if (! $acceptance) {
|
||||
if (! $acceptance = CheckoutAcceptance::find($id)) {
|
||||
return redirect()->route('account.accept')->with('error', trans('admin/hardware/message.does_not_exist'));
|
||||
}
|
||||
|
||||
$assignedUser = User::find($acceptance->assigned_to_id);
|
||||
$assigned_user = User::find($acceptance->assigned_to_id);
|
||||
$settings = Setting::getSettings();
|
||||
$requiresSignature = (string) $settings->require_accept_signature === '1';
|
||||
$sig_filename = '';
|
||||
$encodedSignatureImage = null;
|
||||
|
||||
if (! $acceptance->isPending()) {
|
||||
if ($this->isStaleSignInPlaceAdminAttempt($acceptance, $currentUser)) {
|
||||
return $this->redirectToIntendedSignInPlaceDestination($request, $acceptance)
|
||||
->with('warning', trans('admin/users/message.error.asset_already_accepted'));
|
||||
}
|
||||
|
||||
return redirect()->route('account.accept')->with('error', trans('admin/users/message.error.asset_already_accepted'));
|
||||
}
|
||||
|
||||
$isSignInPlaceAdminFlow = $this->isSignInPlaceAdminFlow($acceptance);
|
||||
|
||||
if (! $acceptance->isCheckedOutTo($currentUser) && (! $isSignInPlaceAdminFlow)) {
|
||||
if (! $acceptance->isCheckedOutTo(auth()->user())) {
|
||||
return redirect()->route('account.accept')->with('error', trans('admin/users/message.error.incorrect_user_accepted'));
|
||||
}
|
||||
|
||||
@@ -149,29 +111,15 @@ class AcceptanceController extends Controller
|
||||
|
||||
$item = $acceptance->checkoutable_type::find($acceptance->checkoutable_id);
|
||||
|
||||
$username_slug = Str::slug($assignedUser->username);
|
||||
$asset_tag_slug = ($item instanceof Asset && $item->asset_tag) ? '-'.Str::slug($item->asset_tag) : '';
|
||||
|
||||
// If signatures are required, make sure we have one
|
||||
if ($requiresSignature) {
|
||||
if (Setting::getSettings()->require_accept_signature == '1') {
|
||||
|
||||
// The item was accepted, check for a signature
|
||||
if ($request->filled('signature_output')) {
|
||||
$sig_filename = 'siglog-'.Str::uuid().'-'.date('Y-m-d-his').'.png';
|
||||
$dataUri = (string) $request->input('signature_output');
|
||||
$encodedSignatureImage = Str::contains($dataUri, ',')
|
||||
? Str::after($dataUri, ',')
|
||||
: $dataUri;
|
||||
|
||||
$decoded_image = base64_decode($encodedSignatureImage, true);
|
||||
|
||||
if ($decoded_image === false) {
|
||||
return redirect()->back()->with('error', trans('general.shitty_browser'));
|
||||
}
|
||||
|
||||
$decoded_image = $this->flattenSignatureBackgroundToWhite($decoded_image);
|
||||
$encodedSignatureImage = base64_encode($decoded_image);
|
||||
|
||||
$data_uri = $request->input('signature_output');
|
||||
$encoded_image = explode(',', $data_uri);
|
||||
$decoded_image = base64_decode($encoded_image[1]);
|
||||
Storage::put('private_uploads/signatures/'.$sig_filename, (string) $decoded_image);
|
||||
|
||||
// No image data is present, kick them back.
|
||||
@@ -185,7 +133,7 @@ class AcceptanceController extends Controller
|
||||
// This is needed for TCPDF to properly embed the image if it's a png and the cache isn't writable
|
||||
$encoded_logo = null;
|
||||
if (($settings->acceptance_pdf_logo) && (Storage::disk('public')->exists($settings->acceptance_pdf_logo))) {
|
||||
$encoded_logo = base64_encode(file_get_contents(public_path().'/uploads/'.basename($settings->acceptance_pdf_logo)));
|
||||
$encoded_logo = base64_encode(file_get_contents(public_path().'/uploads/'.$settings->acceptance_pdf_logo));
|
||||
}
|
||||
|
||||
// Get the data array ready for the notifications and PDF generation
|
||||
@@ -194,50 +142,26 @@ class AcceptanceController extends Controller
|
||||
'item_name' => $item->display_name, // this handles licenses seats, which don't have a 'name' field
|
||||
'item_model' => $item->model?->name,
|
||||
'item_serial' => $item->serial,
|
||||
'item_status' => $item->status?->name,
|
||||
'item_status' => $item->assetstatus?->name,
|
||||
'eula' => $item->getEula(),
|
||||
'note' => $request->input('note'),
|
||||
'check_out_date' => Helper::getFormattedDateObject($acceptance->created_at, 'datetime', false),
|
||||
'accepted_date' => Helper::getFormattedDateObject(now()->format('Y-m-d H:i:s'), 'datetime', false),
|
||||
'declined_date' => Helper::getFormattedDateObject(now()->format('Y-m-d H:i:s'), 'datetime', false),
|
||||
'assigned_to' => $assignedUser->display_name,
|
||||
'email' => $assignedUser->email,
|
||||
'employee_num' => $assignedUser->employee_num,
|
||||
'assigned_to' => $assigned_user->display_name,
|
||||
'email' => $assigned_user->email,
|
||||
'employee_num' => $assigned_user->employee_num,
|
||||
'site_name' => $settings->site_name,
|
||||
'company_name' => $item->company?->name ?? $settings->site_name,
|
||||
'signature' => ($sig_filename !== '') ? $encodedSignatureImage : null,
|
||||
'signature' => (($sig_filename && array_key_exists('1', $encoded_image))) ? $encoded_image[1] : null,
|
||||
'logo' => ($encoded_logo) ?? null,
|
||||
'date_settings' => $settings->date_display_format,
|
||||
'qty' => $acceptance->qty ?? 1,
|
||||
];
|
||||
|
||||
// Include asset custom fields that are explicitly allowed in outbound emails/PDFs.
|
||||
if ($item instanceof Asset && $item->model && $item->model->fieldset) {
|
||||
$customFields = [];
|
||||
$fields = $item->model->fieldset->fields
|
||||
->where('show_in_email', true)
|
||||
->where('field_encrypted', false);
|
||||
if ($request->input('asset_acceptance') == 'accepted') {
|
||||
|
||||
foreach ($fields as $field) {
|
||||
$dbColumn = $field->db_column;
|
||||
$value = $item->{$dbColumn};
|
||||
|
||||
if (! is_null($value) && $value !== '') {
|
||||
$customFields[] = [
|
||||
'label' => $field->name,
|
||||
'value' => $value,
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
if (! empty($customFields)) {
|
||||
$data['custom_fields'] = $customFields;
|
||||
}
|
||||
}
|
||||
|
||||
if ($request->input('asset_acceptance') === 'accepted') {
|
||||
|
||||
$pdf_filename = 'accepted-'.$username_slug.$asset_tag_slug.'-'.date('Y-m-d-h-i-s').'.pdf';
|
||||
$pdf_filename = 'accepted-'.$acceptance->checkoutable_id.'-'.$acceptance->display_checkoutable_type.'-eula-'.date('Y-m-d-h-i-s').'.pdf';
|
||||
|
||||
// Generate the PDF content
|
||||
$pdf_content = $acceptance->generateAcceptancePdf($data, $acceptance);
|
||||
@@ -247,12 +171,12 @@ class AcceptanceController extends Controller
|
||||
$acceptance->accept($sig_filename, $item->getEula(), $pdf_filename, $request->input('note'));
|
||||
|
||||
// Send the PDF to the signing user
|
||||
if (($request->input('send_copy') === '1') && ($assignedUser->email !== '')) {
|
||||
if (($request->input('send_copy') == '1') && ($assigned_user->email != '')) {
|
||||
|
||||
// Add the attachment for the signing user into the $data array
|
||||
$data['file'] = $pdf_filename;
|
||||
try {
|
||||
$assignedUser->notify((new AcceptanceItemAcceptedToUserNotification($data))->locale($assignedUser->locale));
|
||||
$assigned_user->notify((new AcceptanceItemAcceptedToUserNotification($data))->locale($assigned_user->locale));
|
||||
} catch (Exception $e) {
|
||||
Log::warning($e);
|
||||
}
|
||||
@@ -291,7 +215,7 @@ class AcceptanceController extends Controller
|
||||
$recipient,
|
||||
$request->input('asset_acceptance') === 'accepted',
|
||||
));
|
||||
Log::debug('Send email notification success on checkout acceptance response.');
|
||||
Log::debug('Send email notification sucess on checkout acceptance response.');
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
Log::error($e->getMessage());
|
||||
@@ -299,163 +223,7 @@ class AcceptanceController extends Controller
|
||||
}
|
||||
}
|
||||
|
||||
if ($isSignInPlaceAdminFlow) {
|
||||
$request->request->add(['assigned_user' => $assignedUser?->id]);
|
||||
|
||||
$redirect = Helper::getRedirectOption(
|
||||
$request,
|
||||
session('sign_in_place_item_id'),
|
||||
session('sign_in_place_resource_type'),
|
||||
);
|
||||
|
||||
session()->forget([
|
||||
'sign_in_place_acceptance_id',
|
||||
'sign_in_place_item_id',
|
||||
'sign_in_place_resource_type',
|
||||
]);
|
||||
|
||||
return $redirect->with('success', $return_msg);
|
||||
}
|
||||
|
||||
return redirect()->to('account/accept')->with('success', $return_msg);
|
||||
|
||||
}
|
||||
|
||||
private function isSignInPlaceAdminFlow(CheckoutAcceptance $acceptance): bool
|
||||
{
|
||||
$currentUser = auth()->user();
|
||||
|
||||
return ((int) session('sign_in_place_acceptance_id') === (int) $acceptance->id)
|
||||
&& ($currentUser?->can('checkout', $acceptance->checkoutable));
|
||||
}
|
||||
|
||||
private function resolveCheckoutActorName(CheckoutAcceptance $acceptance): ?string
|
||||
{
|
||||
[$itemType, $itemId] = $this->resolveCheckoutLogItem($acceptance);
|
||||
|
||||
$checkoutLog = Actionlog::query()
|
||||
->where('action_type', 'checkout')
|
||||
->where('item_type', $itemType)
|
||||
->where('item_id', $itemId)
|
||||
->where('target_type', User::class)
|
||||
->where('target_id', $acceptance->assigned_to_id)
|
||||
->where('created_at', '<=', $acceptance->created_at->copy()->addMinutes(5))
|
||||
->latest('id')
|
||||
->first();
|
||||
|
||||
return $checkoutLog?->adminuser?->display_name;
|
||||
}
|
||||
|
||||
/**
|
||||
* Action logs normalize license seat checkouts to the parent license.
|
||||
*
|
||||
* @return array{0: class-string, 1: int}
|
||||
*/
|
||||
private function resolveCheckoutLogItem(CheckoutAcceptance $acceptance): array
|
||||
{
|
||||
$checkoutable = $acceptance->checkoutable;
|
||||
|
||||
if ($checkoutable instanceof LicenseSeat) {
|
||||
return [License::class, (int) $checkoutable->license_id];
|
||||
}
|
||||
|
||||
return [$acceptance->checkoutable_type, (int) $acceptance->checkoutable_id];
|
||||
}
|
||||
|
||||
private function isStaleSignInPlaceAdminAttempt(CheckoutAcceptance $acceptance, User $currentUser): bool
|
||||
{
|
||||
$redirectOption = session('redirect_option');
|
||||
$checkoutToType = session('checkout_to_type');
|
||||
|
||||
if (session('sign_in_place') !== true) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($redirectOption === null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($redirectOption === 'target' && $checkoutToType === 'user' && empty($acceptance->assigned_to_id)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return ! $acceptance->isCheckedOutTo($currentUser)
|
||||
&& $currentUser->can('checkout', $acceptance->checkoutable)
|
||||
&& ($checkoutToType === 'user');
|
||||
}
|
||||
|
||||
private function redirectToIntendedSignInPlaceDestination(Request $request, CheckoutAcceptance $acceptance): RedirectResponse
|
||||
{
|
||||
if (empty($acceptance->assigned_to_id)) {
|
||||
return redirect()->route('account.accept');
|
||||
}
|
||||
|
||||
[$itemId, $resourceType] = $this->resolveRedirectTarget($acceptance);
|
||||
|
||||
$request->request->add(['assigned_user' => $acceptance->assigned_to_id]);
|
||||
|
||||
return Helper::getRedirectOption($request, $itemId, $resourceType);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{0: int, 1: string}
|
||||
*/
|
||||
private function resolveRedirectTarget(CheckoutAcceptance $acceptance): array
|
||||
{
|
||||
$checkoutable = $acceptance->checkoutable;
|
||||
|
||||
if ($checkoutable instanceof Asset) {
|
||||
return [(int) $checkoutable->id, 'Assets'];
|
||||
}
|
||||
|
||||
if ($checkoutable instanceof Accessory) {
|
||||
return [(int) $checkoutable->id, 'Accessories'];
|
||||
}
|
||||
|
||||
if ($checkoutable instanceof Consumable) {
|
||||
return [(int) $checkoutable->id, 'Consumables'];
|
||||
}
|
||||
|
||||
if ($checkoutable instanceof LicenseSeat) {
|
||||
return [(int) $checkoutable->license_id, 'Licenses'];
|
||||
}
|
||||
|
||||
return [(int) $acceptance->checkoutable_id, session('sign_in_place_resource_type', 'Assets')];
|
||||
}
|
||||
|
||||
private function flattenSignatureBackgroundToWhite(string $signatureBinary): string
|
||||
{
|
||||
if (! function_exists('imagecreatefromstring') || ! function_exists('imagecreatetruecolor')) {
|
||||
return $signatureBinary;
|
||||
}
|
||||
|
||||
$source = @imagecreatefromstring($signatureBinary);
|
||||
|
||||
if ($source === false) {
|
||||
return $signatureBinary;
|
||||
}
|
||||
|
||||
$width = imagesx($source);
|
||||
$height = imagesy($source);
|
||||
$flattened = imagecreatetruecolor($width, $height);
|
||||
|
||||
if ($flattened === false) {
|
||||
imagedestroy($source);
|
||||
|
||||
return $signatureBinary;
|
||||
}
|
||||
|
||||
$white = imagecolorallocate($flattened, 255, 255, 255);
|
||||
imagefilledrectangle($flattened, 0, 0, $width, $height, $white);
|
||||
imagecopy($flattened, $source, 0, 0, 0, 0, $width, $height);
|
||||
|
||||
ob_start();
|
||||
imagepng($flattened);
|
||||
$output = ob_get_clean();
|
||||
|
||||
imagedestroy($source);
|
||||
imagedestroy($flattened);
|
||||
|
||||
return is_string($output) ? $output : $signatureBinary;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,6 +4,7 @@ namespace App\Http\Controllers;
|
||||
|
||||
use App\Helpers\Helper;
|
||||
use App\Models\Actionlog;
|
||||
use App\Models\Asset;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\Response;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
@@ -14,11 +15,6 @@ class ActionlogController extends Controller
|
||||
{
|
||||
public function displaySig($filename): RedirectResponse|Response|bool
|
||||
{
|
||||
$filename = basename((string) $filename);
|
||||
|
||||
$actionlog = Actionlog::where('accept_signature', $filename)->with('item')->firstOrFail();
|
||||
$this->authorize('view', $actionlog->item);
|
||||
|
||||
// PHP doesn't let you handle file not found errors well with
|
||||
// file_get_contents, so we set the error reporting for just this class
|
||||
error_reporting(0);
|
||||
@@ -31,6 +27,7 @@ class ActionlogController extends Controller
|
||||
|
||||
return redirect()->away(Storage::disk($disk)->temporaryUrl($file, now()->addMinutes(5)));
|
||||
default:
|
||||
$this->authorize('view', Asset::class);
|
||||
$file = config('app.private_uploads').'/signatures/'.$filename;
|
||||
$filetype = Helper::checkUploadIsImage($file);
|
||||
|
||||
@@ -47,7 +44,6 @@ class ActionlogController extends Controller
|
||||
|
||||
public function getStoredEula($filename): Response|BinaryFileResponse|RedirectResponse
|
||||
{
|
||||
$filename = basename((string) $filename);
|
||||
|
||||
if ($actionlog = Actionlog::where('filename', $filename)->with('user')->with('target')->firstOrFail()) {
|
||||
|
||||
|
||||
@@ -4,28 +4,24 @@ namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Events\CheckoutableCheckedOut;
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\CheckInOutRequest;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\AccessoryCheckoutRequest;
|
||||
use App\Http\Requests\ImageUploadRequest;
|
||||
use App\Http\Requests\StoreAccessoryRequest;
|
||||
use App\Http\Traits\CheckInOutTrait;
|
||||
use App\Http\Transformers\AccessoriesTransformer;
|
||||
use App\Http\Transformers\ActionlogsTransformer;
|
||||
use App\Http\Transformers\SelectlistTransformer;
|
||||
use App\Models\Accessory;
|
||||
use App\Models\AccessoryCheckout;
|
||||
use App\Models\Company;
|
||||
use App\Models\Setting;
|
||||
use App\Models\User;
|
||||
use Carbon\Carbon;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\Response;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
|
||||
class AccessoriesController extends Controller
|
||||
{
|
||||
use CheckInOutTrait;
|
||||
use CheckInOutRequest;
|
||||
|
||||
/**
|
||||
* Display a listing of the resource.
|
||||
@@ -73,9 +69,20 @@ class AccessoriesController extends Controller
|
||||
->with('category', 'company', 'manufacturer', 'checkouts', 'location', 'supplier', 'adminuser')
|
||||
->withCount('checkouts as checkouts_count');
|
||||
|
||||
// This invokes the Searchable model trait scopeTextSearch and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$accessories->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
$filter = [];
|
||||
|
||||
if ($request->filled('filter')) {
|
||||
$filter = json_decode($request->input('filter'), true);
|
||||
$filter = array_filter($filter, function ($key) use ($allowed_columns) {
|
||||
return in_array($key, $allowed_columns);
|
||||
}, ARRAY_FILTER_USE_KEY);
|
||||
|
||||
}
|
||||
|
||||
if ((! is_null($filter)) && (count($filter)) > 0) {
|
||||
$accessories->ByFilter($filter);
|
||||
} elseif ($request->filled('search')) {
|
||||
$accessories->TextSearch($request->input('search'));
|
||||
}
|
||||
|
||||
if ($request->filled('company_id')) {
|
||||
@@ -87,27 +94,27 @@ class AccessoriesController extends Controller
|
||||
}
|
||||
|
||||
if ($request->filled('category_id')) {
|
||||
$accessories->where('accessories.category_id', '=', $request->input('category_id'));
|
||||
$accessories->where('category_id', '=', $request->input('category_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('manufacturer_id')) {
|
||||
$accessories->where('accessories.manufacturer_id', '=', $request->input('manufacturer_id'));
|
||||
$accessories->where('manufacturer_id', '=', $request->input('manufacturer_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('supplier_id')) {
|
||||
$accessories->where('accessories.supplier_id', '=', $request->input('supplier_id'));
|
||||
$accessories->where('supplier_id', '=', $request->input('supplier_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('location_id')) {
|
||||
$accessories->where('accessories.location_id', '=', $request->input('location_id'));
|
||||
$accessories->where('location_id', '=', $request->input('location_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('notes')) {
|
||||
$accessories->where('accessories.notes', '=', $request->input('notes'));
|
||||
$accessories->where('notes', '=', $request->input('notes'));
|
||||
}
|
||||
|
||||
// Make sure the offset and limit are actually integers and do not exceed system limits
|
||||
$offset = ($request->input('offset') > $accessories->count()) ? $accessories->count() : app('api_offset_value');
|
||||
$offset = ($request->input('offset') > $accessories->count()) ? $accessories->count() : abs($request->input('offset'));
|
||||
$limit = app('api_limit_value');
|
||||
|
||||
$order = $request->input('order') === 'asc' ? 'asc' : 'desc';
|
||||
@@ -158,7 +165,6 @@ class AccessoriesController extends Controller
|
||||
{
|
||||
$accessory = new Accessory;
|
||||
$accessory->fill($request->all());
|
||||
$accessory->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
$accessory = $request->handleImages($accessory);
|
||||
|
||||
if ($accessory->save()) {
|
||||
@@ -234,10 +240,6 @@ class AccessoriesController extends Controller
|
||||
$total = $accessory_checkouts->count();
|
||||
$accessory_checkouts = $accessory_checkouts->skip($offset)->take($limit)->get();
|
||||
|
||||
$accessory_checkouts->loadMorph('assignedTo', [
|
||||
User::class => ['companies'],
|
||||
]);
|
||||
|
||||
return (new AccessoriesTransformer)->transformCheckedoutAccessory($accessory_checkouts, $total);
|
||||
}
|
||||
|
||||
@@ -256,7 +258,6 @@ class AccessoriesController extends Controller
|
||||
$this->authorize('update', Accessory::class);
|
||||
$accessory = Accessory::findOrFail($id);
|
||||
$accessory->fill($request->all());
|
||||
$accessory->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
$accessory = $request->handleImages($accessory);
|
||||
|
||||
if ($accessory->save()) {
|
||||
@@ -306,49 +307,40 @@ class AccessoriesController extends Controller
|
||||
{
|
||||
$this->authorize('checkout', $accessory);
|
||||
$target = $this->determineCheckoutTarget();
|
||||
$accessory->checkout_qty = $request->input('checkout_qty', 1);
|
||||
|
||||
if ((Setting::getSettings()->full_multiple_companies_support == '1') && (! $target->companies()->where('companies.id', $accessory->company_id)->exists())) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.error_user_company')));
|
||||
for ($i = 0; $i < $accessory->checkout_qty; $i++) {
|
||||
|
||||
$accessory_checkout = new AccessoryCheckout([
|
||||
'accessory_id' => $accessory->id,
|
||||
'created_at' => Carbon::now(),
|
||||
'assigned_to' => $target->id,
|
||||
'assigned_type' => $target::class,
|
||||
'note' => $request->input('note'),
|
||||
]);
|
||||
|
||||
$accessory_checkout->created_by = auth()->id();
|
||||
$accessory_checkout->save();
|
||||
|
||||
$payload = [
|
||||
'accessory_id' => $accessory->id,
|
||||
'assigned_to' => $target->id,
|
||||
'assigned_type' => $target::class,
|
||||
'note' => $request->input('note'),
|
||||
'created_by' => auth()->id(),
|
||||
'pivot' => $accessory_checkout->id,
|
||||
];
|
||||
}
|
||||
|
||||
$accessory->checkout_qty = $request->input('checkout_qty', 1);
|
||||
$payload = null;
|
||||
|
||||
// Keep checkout rows and checkout log/event atomic to avoid ghost assignments.
|
||||
DB::transaction(function () use ($accessory, $request, $target, &$payload): void {
|
||||
for ($i = 0; $i < $accessory->checkout_qty; $i++) {
|
||||
|
||||
$accessory_checkout = new AccessoryCheckout([
|
||||
'accessory_id' => $accessory->id,
|
||||
'created_at' => Carbon::now(),
|
||||
'assigned_to' => $target->id,
|
||||
'assigned_type' => $target::class,
|
||||
'note' => $request->input('note'),
|
||||
]);
|
||||
|
||||
$accessory_checkout->created_by = auth()->id();
|
||||
$accessory_checkout->save();
|
||||
|
||||
$payload = [
|
||||
'accessory_id' => $accessory->id,
|
||||
'assigned_to' => $target->id,
|
||||
'assigned_type' => $target::class,
|
||||
'note' => $request->input('note'),
|
||||
'created_by' => auth()->id(),
|
||||
'pivot' => $accessory_checkout->id,
|
||||
];
|
||||
}
|
||||
|
||||
// Set this value to be able to pass the qty through to the event.
|
||||
event(new CheckoutableCheckedOut(
|
||||
$accessory,
|
||||
$target,
|
||||
auth()->user(),
|
||||
$request->input('note'),
|
||||
[],
|
||||
$accessory->checkout_qty,
|
||||
));
|
||||
});
|
||||
// Set this value to be able to pass the qty through to the event
|
||||
event(new CheckoutableCheckedOut(
|
||||
$accessory,
|
||||
$target,
|
||||
auth()->user(),
|
||||
$request->input('note'),
|
||||
[],
|
||||
$accessory->checkout_qty,
|
||||
));
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('success', $payload, trans('admin/accessories/message.checkout.success')));
|
||||
|
||||
@@ -405,7 +397,6 @@ class AccessoriesController extends Controller
|
||||
*/
|
||||
public function selectlist(Request $request)
|
||||
{
|
||||
$this->authorize('view.selectlists');
|
||||
|
||||
$accessories = Accessory::select([
|
||||
'accessories.id',
|
||||
@@ -420,16 +411,4 @@ class AccessoriesController extends Controller
|
||||
|
||||
return (new SelectlistTransformer)->transformSelectlist($accessories);
|
||||
}
|
||||
|
||||
public function history(Request $request, Accessory $accessory): JsonResponse|array
|
||||
{
|
||||
$this->authorize('history', $accessory);
|
||||
$historyQuery = $accessory->getHistory($request);
|
||||
$total = (clone $historyQuery)->count();
|
||||
$offset = ($request->input('offset') > $total) ? $total : app('api_offset_value');
|
||||
$limit = app('api_limit_value');
|
||||
$history = (clone $historyQuery)->skip($offset)->take($limit)->get();
|
||||
|
||||
return response()->json((new ActionlogsTransformer)->transformActionlogs($history, $total), 200, ['Content-Type' => 'application/json;charset=utf8'], JSON_UNESCAPED_UNICODE);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,7 +6,6 @@ use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\ImageUploadRequest;
|
||||
use App\Http\Requests\StoreAssetModelRequest;
|
||||
use App\Http\Transformers\ActionlogsTransformer;
|
||||
use App\Http\Transformers\AssetModelsTransformer;
|
||||
use App\Http\Transformers\AssetsTransformer;
|
||||
use App\Http\Transformers\SelectlistTransformer;
|
||||
@@ -93,9 +92,21 @@ class AssetModelsController extends Controller
|
||||
->withCount('assignedAssets as assets_assigned_count')
|
||||
->withCount('archivedAssets as assets_archived_count');
|
||||
|
||||
// This invokes the Searchable model trait scopeTextSearch and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$assetmodels->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
$filter = [];
|
||||
|
||||
if ($request->filled('filter')) {
|
||||
$filter = json_decode($request->input('filter'), true);
|
||||
|
||||
$filter = array_filter($filter, function ($key) use ($allowed_columns) {
|
||||
return in_array($key, $allowed_columns);
|
||||
}, ARRAY_FILTER_USE_KEY);
|
||||
|
||||
}
|
||||
|
||||
if ((! is_null($filter)) && (count($filter)) > 0) {
|
||||
$assetmodels->ByFilter($filter);
|
||||
} elseif ($request->filled('search')) {
|
||||
$assetmodels->TextSearch($request->input('search'));
|
||||
}
|
||||
|
||||
if ($request->input('status') == 'deleted') {
|
||||
@@ -133,8 +144,7 @@ class AssetModelsController extends Controller
|
||||
}
|
||||
|
||||
// Make sure the offset and limit are actually integers and do not exceed system limits
|
||||
$total = $assetmodels->count();
|
||||
$offset = ($request->input('offset') > $total) ? $total : app('api_offset_value');
|
||||
$offset = ($request->input('offset') > $assetmodels->count()) ? $assetmodels->count() : abs($request->input('offset'));
|
||||
$limit = app('api_limit_value');
|
||||
|
||||
$order = $request->input('order') === 'asc' ? 'asc' : 'desc';
|
||||
@@ -158,6 +168,7 @@ class AssetModelsController extends Controller
|
||||
break;
|
||||
}
|
||||
|
||||
$total = $assetmodels->count();
|
||||
$assetmodels = $assetmodels->skip($offset)->take($limit)->get();
|
||||
|
||||
return (new AssetModelsTransformer)->transformAssetModels($assetmodels, $total);
|
||||
@@ -339,16 +350,4 @@ class AssetModelsController extends Controller
|
||||
|
||||
return (new SelectlistTransformer)->transformSelectlist($assetmodels);
|
||||
}
|
||||
|
||||
public function history(Request $request, AssetModel $model): JsonResponse|array
|
||||
{
|
||||
$this->authorize('history', $model);
|
||||
$historyQuery = $model->getHistory($request);
|
||||
$total = (clone $historyQuery)->count();
|
||||
$offset = ($request->input('offset') > $total) ? $total : app('api_offset_value');
|
||||
$limit = app('api_limit_value');
|
||||
$history = (clone $historyQuery)->skip($offset)->take($limit)->get();
|
||||
|
||||
return response()->json((new ActionlogsTransformer)->transformActionlogs($history, $total), 200, ['Content-Type' => 'application/json;charset=utf8'], JSON_UNESCAPED_UNICODE);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,8 +11,9 @@ use App\Http\Requests\ImageUploadRequest;
|
||||
use App\Http\Requests\StoreAssetRequest;
|
||||
use App\Http\Requests\UpdateAssetRequest;
|
||||
use App\Http\Traits\MigratesLegacyAssetLocations;
|
||||
use App\Http\Transformers\ActionlogsTransformer;
|
||||
use App\Http\Transformers\AssetsTransformer;
|
||||
use App\Http\Transformers\ComponentsTransformer;
|
||||
use App\Http\Transformers\LicensesTransformer;
|
||||
use App\Http\Transformers\SelectlistTransformer;
|
||||
use App\Models\AccessoryCheckout;
|
||||
use App\Models\Actionlog;
|
||||
@@ -20,7 +21,6 @@ use App\Models\Asset;
|
||||
use App\Models\AssetModel;
|
||||
use App\Models\CheckoutAcceptance;
|
||||
use App\Models\Company;
|
||||
use App\Models\ComponentAssignment;
|
||||
use App\Models\CustomField;
|
||||
use App\Models\License;
|
||||
use App\Models\LicenseSeat;
|
||||
@@ -39,7 +39,6 @@ use Illuminate\Support\Facades\Gate;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use Illuminate\Support\Str;
|
||||
|
||||
/**
|
||||
* This class controls all actions related to assets for
|
||||
@@ -129,9 +128,9 @@ class AssetsController extends Controller
|
||||
'location',
|
||||
'rtd_location',
|
||||
'category',
|
||||
'status_label',
|
||||
'manufacturer',
|
||||
'supplier',
|
||||
'status',
|
||||
'jobtitle',
|
||||
'assigned_to',
|
||||
'created_by',
|
||||
@@ -144,6 +143,17 @@ class AssetsController extends Controller
|
||||
$allowed_columns[] = $field->db_column_name();
|
||||
}
|
||||
|
||||
$filter = [];
|
||||
|
||||
if ($request->filled('filter')) {
|
||||
$filter = json_decode($request->input('filter'), true);
|
||||
|
||||
$filter = array_filter($filter, function ($key) use ($allowed_columns) {
|
||||
return in_array($key, $allowed_columns);
|
||||
}, ARRAY_FILTER_USE_KEY);
|
||||
|
||||
}
|
||||
|
||||
$assets = Asset::select('assets.*')
|
||||
// ->addSelect([
|
||||
// 'first_checkout_at' => Actionlog::query()
|
||||
@@ -157,7 +167,7 @@ class AssetsController extends Controller
|
||||
->with(
|
||||
'model',
|
||||
'location',
|
||||
'status',
|
||||
'assetstatus',
|
||||
'company',
|
||||
'defaultLoc',
|
||||
'assignedTo',
|
||||
@@ -175,9 +185,21 @@ class AssetsController extends Controller
|
||||
$assets->InModelList($non_deprecable_models->toArray());
|
||||
}
|
||||
|
||||
// This invokes the Searchable model trait scopeTextSearch and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$assets->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
// These are used by the API to query against specific ID numbers.
|
||||
// They are also used by the individual searches on detail pages like
|
||||
// locations, etc.
|
||||
|
||||
// Search custom fields by column name
|
||||
foreach ($all_custom_fields as $field) {
|
||||
if ($request->filled($field->db_column_name()) && $field->db_column_name()) {
|
||||
$assets->where('assets.'.$field->db_column_name(), '=', $request->input($field->db_column_name()));
|
||||
}
|
||||
}
|
||||
|
||||
if ((! is_null($filter)) && (count($filter)) > 0) {
|
||||
$assets->ByFilter($filter);
|
||||
} elseif ($request->filled('search')) {
|
||||
$assets->TextSearch($request->input('search'));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -220,18 +242,10 @@ class AssetsController extends Controller
|
||||
|
||||
// This is used by the sidenav, mostly
|
||||
|
||||
// This bit here accounts for folks actually using the formerly-known-as status like we previously used in the sidenav
|
||||
// to return a list of all assets with the status *type* of Deployed, etc. The inuput field used to be "status" (which was consistent
|
||||
// with the relation rename, but it broke the sidebar. This should handle both use cases in the event that someone didn't update
|
||||
// their API integration code
|
||||
$status_type_key = null;
|
||||
if ($request->filled('status_type')) {
|
||||
$status_type_key = $request->input('status_type');
|
||||
} elseif ($request->filled('status')) {
|
||||
$status_type_key = $request->input('status');
|
||||
}
|
||||
|
||||
switch ($status_type_key) {
|
||||
// We switched from using query scopes here because of a Laravel bug
|
||||
// related to fulltext searches on complex queries.
|
||||
// I am sad. :(
|
||||
switch ($request->input('status')) {
|
||||
case 'Deleted':
|
||||
$assets->onlyTrashed();
|
||||
break;
|
||||
@@ -371,12 +385,6 @@ class AssetsController extends Controller
|
||||
$assets->where('assets.order_number', '=', strval($request->input('order_number')));
|
||||
}
|
||||
|
||||
foreach ($all_custom_fields as $field) {
|
||||
if ($request->filled($field->db_column_name())) {
|
||||
$assets->where($field->db_column_name(), '=', $request->input($field->db_column_name()));
|
||||
}
|
||||
}
|
||||
|
||||
// This is kinda gross, but we need to do this because the Bootstrap Tables
|
||||
// API passes custom field ordering as custom_fields.fieldname, and we have to strip
|
||||
// that out to let the default sorter below order them correctly on the assets table.
|
||||
@@ -409,7 +417,7 @@ class AssetsController extends Controller
|
||||
case 'rtd_location':
|
||||
$assets->OrderRtdLocation($order);
|
||||
break;
|
||||
case 'status':
|
||||
case 'status_label':
|
||||
$assets->OrderStatus($order);
|
||||
break;
|
||||
case 'supplier':
|
||||
@@ -481,7 +489,7 @@ class AssetsController extends Controller
|
||||
public function showByTag(Request $request, $tag): JsonResponse|array
|
||||
{
|
||||
$this->authorize('index', Asset::class);
|
||||
$assets = Asset::where('asset_tag', $tag)->with('status')->with('assignedTo');
|
||||
$assets = Asset::where('asset_tag', $tag)->with('assetstatus')->with('assignedTo');
|
||||
|
||||
// Check if they've passed ?deleted=true
|
||||
if ($request->input('deleted', 'false') == 'true') {
|
||||
@@ -521,7 +529,7 @@ class AssetsController extends Controller
|
||||
{
|
||||
$this->authorize('index', Asset::class);
|
||||
$assets = Asset::where('serial', $serial)->with([
|
||||
'status',
|
||||
'assetstatus',
|
||||
'assignedTo',
|
||||
'company',
|
||||
'defaultLoc',
|
||||
@@ -565,7 +573,7 @@ class AssetsController extends Controller
|
||||
*/
|
||||
public function show(Request $request, $id): JsonResponse|array
|
||||
{
|
||||
if ($asset = Asset::with('status')
|
||||
if ($asset = Asset::with('assetstatus')
|
||||
->with('assignedTo')->withTrashed()
|
||||
->withCount('checkins as checkins_count', 'checkouts as checkouts_count', 'userRequests as user_requests_count')->find($id)
|
||||
) {
|
||||
@@ -577,13 +585,14 @@ class AssetsController extends Controller
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 200);
|
||||
}
|
||||
|
||||
public function licenses(Asset $asset): array
|
||||
public function licenses(Request $request, $id): array
|
||||
{
|
||||
$this->authorize('view', $asset);
|
||||
$this->authorize('view', Asset::class);
|
||||
$this->authorize('view', License::class);
|
||||
$licenses = $asset->licenseseats()->get();
|
||||
$asset = Asset::where('id', $id)->withTrashed()->firstorfail();
|
||||
$licenses = $asset->licenses()->get();
|
||||
|
||||
return (new AssetsTransformer)->transformLicensesCheckedToAsset($licenses, $licenses->count());
|
||||
return (new LicensesTransformer)->transformLicenses($licenses, $licenses->count());
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -596,7 +605,6 @@ class AssetsController extends Controller
|
||||
*/
|
||||
public function selectlist(Request $request): array
|
||||
{
|
||||
$this->authorize('view.selectlists');
|
||||
|
||||
$assets = Asset::select([
|
||||
'assets.id',
|
||||
@@ -606,26 +614,14 @@ class AssetsController extends Controller
|
||||
'assets.assigned_to',
|
||||
'assets.assigned_type',
|
||||
'assets.status_id',
|
||||
])->with('model', 'status', 'assignedTo')
|
||||
])->with('model', 'assetstatus', 'assignedTo')
|
||||
->NotArchived();
|
||||
|
||||
// When FMCS is enabled, automatically scope to companies the acting user belongs to.
|
||||
// scopeCompanyables is a no-op for superusers and when FMCS is disabled.
|
||||
$assets = Company::scopeCompanyables($assets);
|
||||
|
||||
// Allow further narrowing to a specific company passed via data-company-id on the select.
|
||||
if ((Setting::getSettings()->full_multiple_companies_support == '1') && $request->filled('companyId')) {
|
||||
$companyIds = array_values(array_filter(array_map('intval', explode(',', $request->input('companyId')))));
|
||||
if (! empty($companyIds)) {
|
||||
$assets->whereIn('assets.company_id', $companyIds);
|
||||
}
|
||||
if ((Setting::getSettings()->full_multiple_companies_support == '1') && ($request->filled('companyId'))) {
|
||||
$assets->where('assets.company_id', $request->input('companyId'));
|
||||
}
|
||||
|
||||
if ($request->filled('excludeId')) {
|
||||
$assets->where('assets.id', '!=', (int) $request->input('excludeId'));
|
||||
}
|
||||
|
||||
if ($request->filled('statusType') && $request->input('statusType') === 'RTD') {
|
||||
if ($request->filled('assetStatusType') && $request->input('assetStatusType') === 'RTD') {
|
||||
$assets = $assets->RTD();
|
||||
}
|
||||
|
||||
@@ -646,8 +642,8 @@ class AssetsController extends Controller
|
||||
$asset->use_text .= ' → '.$asset->assigned->display_name;
|
||||
}
|
||||
|
||||
if ($asset->status->getStatuslabelType() == 'pending') {
|
||||
$asset->use_text .= '('.$asset->status->getStatuslabelType().')';
|
||||
if ($asset->assetstatus->getStatuslabelType() == 'pending') {
|
||||
$asset->use_text .= '('.$asset->assetstatus->getStatuslabelType().')';
|
||||
}
|
||||
|
||||
$asset->use_image = ($asset->getImageUrl()) ? $asset->getImageUrl() : null;
|
||||
@@ -725,35 +721,18 @@ class AssetsController extends Controller
|
||||
}
|
||||
}
|
||||
|
||||
$target = $this->resolveCheckoutTargetForAssetMutation($request);
|
||||
$requestedCheckout = $request->filled('assigned_user') || $request->filled('assigned_asset') || $request->filled('assigned_location');
|
||||
|
||||
if ($requestedCheckout && (! $target)) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')));
|
||||
}
|
||||
|
||||
if ($requestedCheckout) {
|
||||
$companyMismatchResponse = $this->checkoutCompanyMismatchResponse($asset, $target);
|
||||
if ($companyMismatchResponse) {
|
||||
return $companyMismatchResponse;
|
||||
if ($asset->save()) {
|
||||
if ($request->input('assigned_user')) {
|
||||
$target = User::find(request('assigned_user'));
|
||||
} elseif ($request->input('assigned_asset')) {
|
||||
$target = Asset::find(request('assigned_asset'));
|
||||
} elseif ($request->input('assigned_location')) {
|
||||
$target = Location::find(request('assigned_location'));
|
||||
}
|
||||
}
|
||||
|
||||
$stored = DB::transaction(function () use ($asset, $request, $target, $requestedCheckout): bool {
|
||||
if (! $asset->save()) {
|
||||
return false;
|
||||
if (isset($target)) {
|
||||
$asset->checkOut($target, auth()->user(), date('Y-m-d H:i:s'), '', 'Checked out on asset creation', e($request->input('name')));
|
||||
}
|
||||
|
||||
if ($requestedCheckout) {
|
||||
// Keep create + optional checkout side effects atomic.
|
||||
return $asset->checkOut($target, auth()->user(), date('Y-m-d H:i:s'), '', 'Checked out on asset creation', e($request->input('name')));
|
||||
}
|
||||
|
||||
return true;
|
||||
});
|
||||
|
||||
if ($stored) {
|
||||
|
||||
if ($asset->image) {
|
||||
$asset->image = $asset->getImageUrl();
|
||||
}
|
||||
@@ -828,54 +807,25 @@ class AssetsController extends Controller
|
||||
}
|
||||
}
|
||||
}
|
||||
$target = $this->resolveCheckoutTargetForAssetMutation($request, $asset->id);
|
||||
$requestedCheckout = $request->filled('assigned_user') || $request->filled('assigned_asset') || $request->filled('assigned_location');
|
||||
if ($asset->save()) {
|
||||
if (($request->filled('assigned_user')) && ($target = User::find($request->input('assigned_user')))) {
|
||||
$location = $target->location_id;
|
||||
} elseif (($request->filled('assigned_asset')) && ($target = Asset::find($request->input('assigned_asset')))) {
|
||||
$location = $target->location_id;
|
||||
|
||||
if ($requestedCheckout && (! $target)) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')));
|
||||
}
|
||||
|
||||
if ($requestedCheckout) {
|
||||
$companyMismatchResponse = $this->checkoutCompanyMismatchResponse($asset, $target);
|
||||
if ($companyMismatchResponse) {
|
||||
return $companyMismatchResponse;
|
||||
}
|
||||
}
|
||||
|
||||
$updated = DB::transaction(function () use ($asset, $request, $target, $requestedCheckout): bool {
|
||||
if (! $asset->save()) {
|
||||
return false;
|
||||
Asset::where('assigned_type', Asset::class)->where('assigned_to', $asset->id)
|
||||
->update(['location_id' => $target->location_id]);
|
||||
} elseif (($request->filled('assigned_location')) && ($target = Location::find($request->input('assigned_location')))) {
|
||||
$location = $target->id;
|
||||
}
|
||||
|
||||
if ($requestedCheckout) {
|
||||
if (isset($target)) {
|
||||
// Using `->has` preserves the asset name if the name parameter was not included in request.
|
||||
$asset_name = request()->has('name') ? request('name') : $asset->name;
|
||||
|
||||
$location = null;
|
||||
if ($request->filled('assigned_user')) {
|
||||
$location = $target->location_id;
|
||||
} elseif ($request->filled('assigned_asset')) {
|
||||
$location = $target->location_id;
|
||||
} elseif ($request->filled('assigned_location')) {
|
||||
$location = $target->id;
|
||||
}
|
||||
|
||||
// Keep update + optional checkout side effects atomic.
|
||||
if (! $asset->checkOut($target, auth()->user(), date('Y-m-d H:i:s'), '', 'Checked out on asset update', $asset_name, $location)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($request->filled('assigned_asset')) {
|
||||
Asset::where('assigned_type', Asset::class)->where('assigned_to', $asset->id)
|
||||
->update(['location_id' => $target->location_id]);
|
||||
}
|
||||
$asset->checkOut($target, auth()->user(), date('Y-m-d H:i:s'), '', 'Checked out on asset update', $asset_name, $location);
|
||||
}
|
||||
|
||||
return true;
|
||||
});
|
||||
|
||||
if ($updated) {
|
||||
|
||||
if ($asset->image) {
|
||||
$asset->image = $asset->getImageUrl();
|
||||
}
|
||||
@@ -894,32 +844,6 @@ class AssetsController extends Controller
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, $asset->getErrors()), 200);
|
||||
}
|
||||
|
||||
private function resolveCheckoutTargetForAssetMutation(Request $request, ?int $assetId = null): User|Asset|Location|null
|
||||
{
|
||||
if ($request->filled('assigned_user')) {
|
||||
return User::withoutGlobalScopes()->find($request->input('assigned_user'));
|
||||
}
|
||||
|
||||
if ($request->filled('assigned_asset')) {
|
||||
return Asset::withoutGlobalScopes()->where('id', '!=', $assetId)->find($request->input('assigned_asset'));
|
||||
}
|
||||
|
||||
if ($request->filled('assigned_location')) {
|
||||
return Location::withoutGlobalScopes()->find($request->input('assigned_location'));
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
private function checkoutCompanyMismatchResponse(Asset $asset, User|Asset|Location $target): ?JsonResponse
|
||||
{
|
||||
if (! $asset->canCheckoutTo($target)) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.error_user_company')));
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete a given asset (mark as deleted).
|
||||
*
|
||||
@@ -996,7 +920,6 @@ class AssetsController extends Controller
|
||||
*/
|
||||
public function checkoutByTag(AssetCheckoutRequest $request, $tag): JsonResponse
|
||||
{
|
||||
// Use the same hardened checkout path as ID-based checkout.
|
||||
if ($asset = Asset::where('asset_tag', $tag)->first()) {
|
||||
return $this->checkout($request, $asset->id);
|
||||
}
|
||||
@@ -1032,22 +955,19 @@ class AssetsController extends Controller
|
||||
|
||||
// This item is checked out to a location
|
||||
if (request('checkout_to_type') == 'location') {
|
||||
// Resolve unscoped target first so FMCS mismatch can be handled explicitly.
|
||||
$target = Location::withoutGlobalScopes()->find(request('assigned_location'));
|
||||
$target = Location::find(request('assigned_location'));
|
||||
$asset->location_id = ($target) ? $target->id : '';
|
||||
$error_payload['target_id'] = $request->input('assigned_location');
|
||||
$error_payload['target_type'] = 'location';
|
||||
} elseif (request('checkout_to_type') == 'asset') {
|
||||
// Resolve unscoped target first so FMCS mismatch can be handled explicitly.
|
||||
$target = Asset::withoutGlobalScopes()->where('id', '!=', $asset_id)->find(request('assigned_asset'));
|
||||
$target = Asset::where('id', '!=', $asset_id)->find(request('assigned_asset'));
|
||||
// Override with the asset's location_id if it has one
|
||||
$asset->location_id = (($target) && (isset($target->location_id))) ? $target->location_id : '';
|
||||
$error_payload['target_id'] = $request->input('assigned_asset');
|
||||
$error_payload['target_type'] = 'asset';
|
||||
} elseif (request('checkout_to_type') == 'user') {
|
||||
// Fetch the target and set the asset's new location_id
|
||||
// Resolve unscoped target first so FMCS mismatch can be handled explicitly.
|
||||
$target = User::withoutGlobalScopes()->find(request('assigned_user'));
|
||||
$target = User::find(request('assigned_user'));
|
||||
$asset->location_id = (($target) && (isset($target->location_id))) ? $target->location_id : '';
|
||||
$error_payload['target_id'] = $request->input('assigned_user');
|
||||
$error_payload['target_type'] = 'user';
|
||||
@@ -1057,20 +977,10 @@ class AssetsController extends Controller
|
||||
$asset->status_id = $request->input('status_id');
|
||||
}
|
||||
|
||||
// Preserve existing requestable state unless API caller explicitly includes the field.
|
||||
if ($request->has('requestable')) {
|
||||
$asset->requestable = $request->boolean('requestable');
|
||||
}
|
||||
|
||||
if (! isset($target)) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', $error_payload, 'Checkout target for asset '.e($asset->asset_tag).' is invalid - '.$error_payload['target_type'].' does not exist.'));
|
||||
}
|
||||
|
||||
// In FMCS mode, enforce explicit same-company target checks before mutating checkout state.
|
||||
if ($mismatch = $this->checkoutCompanyMismatchResponse($asset, $target)) {
|
||||
return $mismatch;
|
||||
}
|
||||
|
||||
$checkout_at = request('checkout_at', date('Y-m-d H:i:s'));
|
||||
$expected_checkin = request('expected_checkin', null);
|
||||
$note = request('note', null);
|
||||
@@ -1085,12 +995,7 @@ class AssetsController extends Controller
|
||||
// $asset->location_id = $target->rtd_location_id;
|
||||
// }
|
||||
|
||||
// Keep checkout mutation + checkout logging/event side effects atomic.
|
||||
$wasCheckedOut = DB::transaction(function () use ($asset, $target, $checkout_at, $expected_checkin, $note, $asset_name): bool {
|
||||
return $asset->checkOut($target, auth()->user(), $checkout_at, $expected_checkin, $note, $asset_name, $asset->location_id);
|
||||
});
|
||||
|
||||
if ($wasCheckedOut) {
|
||||
if ($asset->checkOut($target, auth()->user(), $checkout_at, $expected_checkin, $note, $asset_name, $asset->location_id)) {
|
||||
return response()->json(Helper::formatStandardApiResponse('success', ['asset' => e($asset->asset_tag)], trans('admin/hardware/message.checkout.success')));
|
||||
}
|
||||
|
||||
@@ -1126,9 +1031,7 @@ class AssetsController extends Controller
|
||||
$asset->assignedTo()->disassociate($asset);
|
||||
$asset->accepted = null;
|
||||
|
||||
if ($request->input('clear_name') == '1') {
|
||||
$asset->name = null;
|
||||
} elseif ($request->has('name')) {
|
||||
if ($request->has('name')) {
|
||||
$asset->name = $request->input('name');
|
||||
}
|
||||
|
||||
@@ -1174,12 +1077,6 @@ class AssetsController extends Controller
|
||||
});
|
||||
|
||||
if ($asset->save()) {
|
||||
|
||||
// Update the location of any child assets
|
||||
Asset::where('assigned_type', Asset::class)
|
||||
->where('assigned_to', $asset->id)
|
||||
->update(['location_id' => $asset->location_id]);
|
||||
|
||||
event(new CheckoutableCheckedIn($asset, $target, auth()->user(), $request->input('note'), $checkin_at, $originalValues));
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('success', [
|
||||
@@ -1230,29 +1127,13 @@ class AssetsController extends Controller
|
||||
$this->authorize('audit', Asset::class);
|
||||
|
||||
$settings = Setting::getSettings();
|
||||
$dt = Carbon::now()->addMonths($settings->audit_interval)->toDateString();
|
||||
|
||||
$dt = null;
|
||||
if (! is_null($settings->audit_interval)) {
|
||||
$dt = Carbon::now()->addMonths($settings->audit_interval)->toDateString();
|
||||
}
|
||||
|
||||
$audit_by_field = $request->input('audit_by_field', 'asset_tag');
|
||||
$audit_key = $request->input('audit_key', null);
|
||||
|
||||
// If they have selected to scan by serial, use that
|
||||
if (($settings->unique_serial == '1') && ($audit_by_field == 'serial') && ($audit_key)) {
|
||||
$asset = Asset::where('serial', '=', trim($audit_key))->first();
|
||||
|
||||
// If they have selected by asset tag, use that
|
||||
} elseif (($audit_by_field == 'asset_tag') && ($audit_key)) {
|
||||
$asset = Asset::where('asset_tag', '=', trim($audit_key))->first();
|
||||
|
||||
// Allow the asset tag to be passed in the payload (legacy method)
|
||||
} elseif ($request->filled('asset_tag')) {
|
||||
// Allow the asset tag to be passed in the payload (legacy method)
|
||||
if ($request->filled('asset_tag')) {
|
||||
$asset = Asset::where('asset_tag', '=', $request->input('asset_tag'))->first();
|
||||
}
|
||||
|
||||
// If none of the above were selected, fall back to the route-model-binding
|
||||
if ($asset) {
|
||||
|
||||
$originalValues = $asset->getRawOriginal();
|
||||
@@ -1271,19 +1152,13 @@ class AssetsController extends Controller
|
||||
|
||||
$asset->last_audit_date = date('Y-m-d H:i:s');
|
||||
|
||||
if ($request->input('clear_name') == '1') {
|
||||
$asset->name = null;
|
||||
}
|
||||
|
||||
// Set up the payload for re-display in the API response
|
||||
$payload = [
|
||||
'id' => $asset->id,
|
||||
'asset_tag' => e($asset->asset_tag),
|
||||
'audit_by_field' => e(Str::headline($audit_by_field)),
|
||||
'audit_key' => e($audit_key),
|
||||
'note' => $request->filled('note') ? e($request->input('note')) : null,
|
||||
'status_label' => e($asset->status?->display_name),
|
||||
'status_type' => $asset->status?->getStatuslabelType(),
|
||||
'asset_tag' => $asset->asset_tag,
|
||||
'note' => e($request->input('note')),
|
||||
'status_label' => e($asset->assetstatus?->display_name),
|
||||
'status_type' => $asset->assetstatus->getStatuslabelType(),
|
||||
'next_audit_date' => Helper::getFormattedDateObject($asset->next_audit_date),
|
||||
];
|
||||
|
||||
@@ -1322,7 +1197,7 @@ class AssetsController extends Controller
|
||||
|
||||
// Validate the rest of the data before we turn off the event dispatcher
|
||||
if ($asset->isInvalid()) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', $payload, $asset->getErrors()));
|
||||
return response()->json(Helper::formatStandardApiResponse('error', ['asset_tag' => $asset->asset_tag], $asset->getErrors()));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1355,13 +1230,8 @@ class AssetsController extends Controller
|
||||
|
||||
}
|
||||
|
||||
$fail_payload = [
|
||||
'audit_by_field' => e(Str::headline($audit_by_field)),
|
||||
'audit_key' => e($audit_key),
|
||||
];
|
||||
|
||||
// No matching asset for the asset tag that was passed.
|
||||
return response()->json(Helper::formatStandardApiResponse('error', $fail_payload, trans('admin/hardware/message.does_not_exist')), 200);
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 200);
|
||||
|
||||
}
|
||||
|
||||
@@ -1395,7 +1265,7 @@ class AssetsController extends Controller
|
||||
$assets = Asset::select('assets.*')
|
||||
->with(
|
||||
'location',
|
||||
'status',
|
||||
'assetstatus',
|
||||
'assetlog',
|
||||
'company',
|
||||
'assignedTo',
|
||||
@@ -1470,6 +1340,7 @@ class AssetsController extends Controller
|
||||
|
||||
public function assignedAccessories(Request $request, Asset $asset): JsonResponse|array
|
||||
{
|
||||
$this->authorize('view', Asset::class);
|
||||
$this->authorize('view', $asset);
|
||||
$accessory_checkouts = AccessoryCheckout::AssetsAssigned()
|
||||
->where('assigned_to', $asset->id)
|
||||
@@ -1487,39 +1358,15 @@ class AssetsController extends Controller
|
||||
|
||||
public function assignedComponents(Request $request, Asset $asset): JsonResponse|array
|
||||
{
|
||||
$this->authorize('view', Asset::class);
|
||||
$this->authorize('view', $asset);
|
||||
|
||||
$asset->loadCount('components');
|
||||
$total = $asset->components_count;
|
||||
|
||||
$allowed_columns = [
|
||||
'created_at',
|
||||
'assigned_qty',
|
||||
'note',
|
||||
];
|
||||
$components = $asset->load(['components' => fn ($query) => $query->applyOffsetAndLimit($total)])->components;
|
||||
|
||||
$component_checkouts = ComponentAssignment::where('asset_id', $asset->id)->with('adminuser')->with('component');
|
||||
|
||||
$sort_override = $request->input('sort');
|
||||
$column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'created_at';
|
||||
$order = $request->input('order') === 'asc' ? 'asc' : 'desc';
|
||||
|
||||
switch ($sort_override) {
|
||||
case 'created_by':
|
||||
$component_checkouts = $component_checkouts->OrderByCreatedByName($order);
|
||||
break;
|
||||
case 'name':
|
||||
$component_checkouts = $component_checkouts->OrderByComponentName($order);
|
||||
break;
|
||||
default:
|
||||
$component_checkouts = $component_checkouts->orderBy($column_sort, $order);
|
||||
break;
|
||||
}
|
||||
|
||||
$offset = ($request->input('offset') > $component_checkouts->count()) ? $component_checkouts->count() : app('api_offset_value');
|
||||
$total = $component_checkouts->count();
|
||||
$limit = app('api_limit_value');
|
||||
$component_checkouts = $component_checkouts->skip($offset)->take($limit)->get();
|
||||
|
||||
return (new AssetsTransformer)->transformCheckedoutComponents($component_checkouts, $total);
|
||||
return (new ComponentsTransformer)->transformComponents($components, $total);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1561,7 +1408,7 @@ class AssetsController extends Controller
|
||||
$label = new Label;
|
||||
|
||||
if (! $label) {
|
||||
throw new \Exception(trans('admin/labels/message.label_not_created'));
|
||||
throw new \Exception('Label object could not be created');
|
||||
}
|
||||
|
||||
// Configure label with assets and settings
|
||||
@@ -1582,7 +1429,7 @@ class AssetsController extends Controller
|
||||
|
||||
// Verify PDF was generated successfully
|
||||
if (empty($pdf_content)) {
|
||||
throw new \Exception(trans('admin/labels/message.use_new_label_engine_for_api'));
|
||||
throw new \Exception('PDF content is empty');
|
||||
}
|
||||
|
||||
$encoded_content = base64_encode($pdf_content);
|
||||
@@ -1606,16 +1453,4 @@ class AssetsController extends Controller
|
||||
], $e->getMessage()), 500);
|
||||
}
|
||||
}
|
||||
|
||||
public function history(Request $request, Asset $asset): JsonResponse|array
|
||||
{
|
||||
$this->authorize('history', $asset);
|
||||
$historyQuery = $asset->getHistory($request);
|
||||
$total = (clone $historyQuery)->count();
|
||||
$offset = ($request->input('offset') > $total) ? $total : app('api_offset_value');
|
||||
$limit = app('api_limit_value');
|
||||
$history = (clone $historyQuery)->skip($offset)->take($limit)->get();
|
||||
|
||||
return response()->json((new ActionlogsTransformer)->transformActionlogs($history, $total), 200, ['Content-Type' => 'application/json;charset=utf8'], JSON_UNESCAPED_UNICODE);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,7 +6,6 @@ use App\Actions\Categories\DestroyCategoryAction;
|
||||
use App\Exceptions\ItemStillHasChildren;
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\FilterRequest;
|
||||
use App\Http\Requests\ImageUploadRequest;
|
||||
use App\Http\Transformers\CategoriesTransformer;
|
||||
use App\Http\Transformers\SelectlistTransformer;
|
||||
@@ -27,50 +26,62 @@ class CategoriesController extends Controller
|
||||
*
|
||||
* @return Response
|
||||
*/
|
||||
public function index(FilterRequest $request): array
|
||||
public function index(Request $request): array
|
||||
{
|
||||
$this->authorize('view', Category::class);
|
||||
$allowed_columns = [
|
||||
'accessories_count',
|
||||
'assets_count',
|
||||
'category_type',
|
||||
'checkin_email',
|
||||
'components_count',
|
||||
'consumables_count',
|
||||
'created_at',
|
||||
'eula_text',
|
||||
'id',
|
||||
'image',
|
||||
'licenses_count',
|
||||
'name',
|
||||
'notes',
|
||||
'require_acceptance',
|
||||
'tag_color',
|
||||
'updated_at',
|
||||
'category_type',
|
||||
'category_type',
|
||||
'use_default_eula',
|
||||
'eula_text',
|
||||
'require_acceptance',
|
||||
'checkin_email',
|
||||
'assets_count',
|
||||
'accessories_count',
|
||||
'consumables_count',
|
||||
'components_count',
|
||||
'licenses_count',
|
||||
'created_at',
|
||||
'updated_at',
|
||||
'image',
|
||||
'tag_color',
|
||||
'notes',
|
||||
];
|
||||
|
||||
$categories = Category::select([
|
||||
'category_type',
|
||||
'checkin_email',
|
||||
'created_at',
|
||||
'created_by',
|
||||
'eula_text',
|
||||
'id',
|
||||
'image',
|
||||
'name',
|
||||
'notes',
|
||||
'require_acceptance',
|
||||
'tag_color',
|
||||
'created_by',
|
||||
'created_at',
|
||||
'updated_at',
|
||||
'name', 'category_type',
|
||||
'use_default_eula',
|
||||
'eula_text',
|
||||
'require_acceptance',
|
||||
'checkin_email',
|
||||
'image',
|
||||
'tag_color',
|
||||
'notes',
|
||||
])
|
||||
->with('adminuser')
|
||||
->withCount('accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'licenses as licenses_count', 'models as models_count');
|
||||
|
||||
// This invokes the Searchable model trait scopeTextSearch and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$categories->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
$filter = [];
|
||||
|
||||
if ($request->filled('filter')) {
|
||||
$filter = json_decode($request->input('filter'), true);
|
||||
|
||||
$filter = array_filter($filter, function ($key) use ($allowed_columns) {
|
||||
return in_array($key, $allowed_columns);
|
||||
}, ARRAY_FILTER_USE_KEY);
|
||||
|
||||
}
|
||||
|
||||
if ((! is_null($filter)) && (count($filter)) > 0) {
|
||||
$categories->ByFilter($filter);
|
||||
} elseif ($request->filled('search')) {
|
||||
$categories->TextSearch($request->input('search'));
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -129,11 +140,6 @@ class CategoriesController extends Controller
|
||||
case 'created_by':
|
||||
$categories = $categories->OrderByCreatedBy($order);
|
||||
break;
|
||||
// This is annoying, since it's not a real relationship, which is what we usually use these switches for, but
|
||||
// we call the field has_eula, not eula_text, so there won't be a matching field
|
||||
case 'has_eula':
|
||||
$categories = $categories->orderBy('eula_text', $order);
|
||||
break;
|
||||
default:
|
||||
$categories = $categories->orderBy($column_sort, $order);
|
||||
break;
|
||||
|
||||
@@ -4,12 +4,10 @@ namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\FilterRequest;
|
||||
use App\Http\Requests\ImageUploadRequest;
|
||||
use App\Http\Transformers\CompaniesTransformer;
|
||||
use App\Http\Transformers\SelectlistTransformer;
|
||||
use App\Models\Company;
|
||||
use App\Models\Setting;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
@@ -23,7 +21,7 @@ class CompaniesController extends Controller
|
||||
*
|
||||
* @since [v4.0]
|
||||
*/
|
||||
public function index(FilterRequest $request): JsonResponse|array
|
||||
public function index(Request $request): JsonResponse|array
|
||||
{
|
||||
$this->authorize('view', Company::class);
|
||||
|
||||
@@ -51,9 +49,8 @@ class CompaniesController extends Controller
|
||||
->with('adminuser')
|
||||
->withCount('licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'users as users_count');
|
||||
|
||||
// This invokes the Searchable model trait scopeTextSearch and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$companies->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
if ($request->filled('search')) {
|
||||
$companies->TextSearch($request->input('search'));
|
||||
}
|
||||
|
||||
if ($request->filled('name')) {
|
||||
@@ -207,16 +204,6 @@ class CompaniesController extends Controller
|
||||
'companies.tag_color',
|
||||
]);
|
||||
|
||||
// When FMCS is enabled and the user is not a superuser, restrict the list to
|
||||
// companies they belong to (primary company_id + pivot companies). This lets
|
||||
// non-superusers select a company from their own set when creating assets, etc.
|
||||
if (Setting::getSettings()->full_multiple_companies_support == '1' && ! auth()->user()->isSuperUser()) {
|
||||
$userCompanyIds = auth()->user()->allCompanies()->pluck('id');
|
||||
if ($userCompanyIds->isNotEmpty()) {
|
||||
$companies->whereIn('companies.id', $userCompanyIds);
|
||||
}
|
||||
}
|
||||
|
||||
if ($request->filled('search')) {
|
||||
$companies = $companies->where('companies.name', 'LIKE', '%'.$request->input('search').'%');
|
||||
}
|
||||
|
||||
@@ -6,12 +6,9 @@ use App\Events\CheckoutableCheckedIn;
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\ImageUploadRequest;
|
||||
use App\Http\Transformers\ActionlogsTransformer;
|
||||
use App\Http\Transformers\ComponentsTransformer;
|
||||
use App\Models\Asset;
|
||||
use App\Models\Company;
|
||||
use App\Models\Component;
|
||||
use App\Models\Setting;
|
||||
use Carbon\Carbon;
|
||||
use Illuminate\Database\Query\Builder;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
@@ -75,13 +72,14 @@ class ComponentsController extends Controller
|
||||
|
||||
}
|
||||
|
||||
// This invokes the Searchable model trait scopeTextSearch and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$components->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
if ((! is_null($filter)) && (count($filter)) > 0) {
|
||||
$components->ByFilter($filter);
|
||||
} elseif ($request->filled('search')) {
|
||||
$components->TextSearch($request->input('search'));
|
||||
}
|
||||
|
||||
if ($request->filled('name')) {
|
||||
$components->where('components.name', '=', $request->input('name'));
|
||||
$components->where('name', '=', $request->input('name'));
|
||||
}
|
||||
|
||||
if ($request->filled('company_id')) {
|
||||
@@ -93,27 +91,27 @@ class ComponentsController extends Controller
|
||||
}
|
||||
|
||||
if ($request->filled('category_id')) {
|
||||
$components->where('components.category_id', '=', $request->input('category_id'));
|
||||
$components->where('category_id', '=', $request->input('category_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('supplier_id')) {
|
||||
$components->where('components.supplier_id', '=', $request->input('supplier_id'));
|
||||
$components->where('supplier_id', '=', $request->input('supplier_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('manufacturer_id')) {
|
||||
$components->where('components.manufacturer_id', '=', $request->input('manufacturer_id'));
|
||||
$components->where('manufacturer_id', '=', $request->input('manufacturer_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('model_number')) {
|
||||
$components->where('components.model_number', '=', $request->input('model_number'));
|
||||
$components->where('model_number', '=', $request->input('model_number'));
|
||||
}
|
||||
|
||||
if ($request->filled('location_id')) {
|
||||
$components->where('components.location_id', '=', $request->input('location_id'));
|
||||
$components->where('location_id', '=', $request->input('location_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('notes')) {
|
||||
$components->where('components.notes', '=', $request->input('notes'));
|
||||
$components->where('notes', '=', $request->input('notes'));
|
||||
}
|
||||
|
||||
// Make sure the offset and limit are actually integers and do not exceed system limits
|
||||
@@ -167,7 +165,6 @@ class ComponentsController extends Controller
|
||||
$this->authorize('create', Component::class);
|
||||
$component = new Component;
|
||||
$component->fill($request->all());
|
||||
$component->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
$component = $request->handleImages($component);
|
||||
|
||||
if ($component->save()) {
|
||||
@@ -208,7 +205,6 @@ class ComponentsController extends Controller
|
||||
$this->authorize('update', Component::class);
|
||||
$component = Component::findOrFail($id);
|
||||
$component->fill($request->all());
|
||||
$component->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
$component = $request->handleImages($component);
|
||||
|
||||
if ($component->save()) {
|
||||
@@ -251,10 +247,12 @@ class ComponentsController extends Controller
|
||||
*
|
||||
* @param int $id
|
||||
*/
|
||||
public function getAssets(Component $component, Request $request): array
|
||||
public function getAssets(Request $request, $id): array
|
||||
{
|
||||
$this->authorize('view', Asset::class);
|
||||
|
||||
$component = Component::findOrFail($id);
|
||||
|
||||
$offset = request('offset', 0);
|
||||
$limit = $request->input('limit', 50);
|
||||
|
||||
@@ -273,6 +271,7 @@ class ComponentsController extends Controller
|
||||
$total = $assets->count();
|
||||
} else {
|
||||
$assets = $component->assets();
|
||||
|
||||
$total = $assets->count();
|
||||
$assets = $assets->skip($offset)->take($limit)->get();
|
||||
}
|
||||
@@ -315,33 +314,20 @@ class ComponentsController extends Controller
|
||||
}
|
||||
|
||||
if ($component->numRemaining() >= $request->input('assigned_qty')) {
|
||||
// Resolve the raw target first, then enforce FMCS explicitly.
|
||||
// Scoped lookup can hide cross-company records and lead to partial writes.
|
||||
$asset = Asset::withoutGlobalScopes()->find($request->input('assigned_to'));
|
||||
|
||||
if (! $asset) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')));
|
||||
}
|
||||
$asset = Asset::find($request->input('assigned_to'));
|
||||
$component->assigned_to = $request->input('assigned_to');
|
||||
|
||||
if ((Setting::getSettings()->full_multiple_companies_support == '1') && ($component->company_id !== $asset->company_id)) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.error_user_company')));
|
||||
}
|
||||
$component->assets()->attach($component->id, [
|
||||
'component_id' => $component->id,
|
||||
'created_at' => Carbon::now(),
|
||||
'assigned_qty' => $request->input('assigned_qty', 1),
|
||||
'created_by' => auth()->id(),
|
||||
'asset_id' => $request->input('assigned_to'),
|
||||
'note' => $request->input('note'),
|
||||
]);
|
||||
|
||||
// Keep pivot + action log in one transaction so checkout is all-or-nothing.
|
||||
DB::transaction(function () use ($component, $request, $asset): void {
|
||||
$component->assigned_to = $request->input('assigned_to');
|
||||
|
||||
$component->assets()->attach($component->id, [
|
||||
'component_id' => $component->id,
|
||||
'created_at' => Carbon::now(),
|
||||
'assigned_qty' => $request->input('assigned_qty', 1),
|
||||
'created_by' => auth()->id(),
|
||||
'asset_id' => $request->input('assigned_to'),
|
||||
'note' => $request->input('note'),
|
||||
]);
|
||||
|
||||
$component->logCheckout($request->input('note'), $asset, null, [], $request->get('assigned_qty', 1));
|
||||
});
|
||||
$component->logCheckout($request->input('note'), $asset, null, [], $request->get('assigned_qty', 1));
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/components/message.checkout.success')));
|
||||
}
|
||||
@@ -401,16 +387,4 @@ class ComponentsController extends Controller
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, 'No matching checkouts for that component join record'));
|
||||
}
|
||||
|
||||
public function history(Request $request, Component $component): JsonResponse|array
|
||||
{
|
||||
$this->authorize('history', $component);
|
||||
$historyQuery = $component->getHistory($request);
|
||||
$total = (clone $historyQuery)->count();
|
||||
$offset = ($request->input('offset') > $total) ? $total : app('api_offset_value');
|
||||
$limit = app('api_limit_value');
|
||||
$history = (clone $historyQuery)->skip($offset)->take($limit)->get();
|
||||
|
||||
return response()->json((new ActionlogsTransformer)->transformActionlogs($history, $total), 200, ['Content-Type' => 'application/json;charset=utf8'], JSON_UNESCAPED_UNICODE);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,19 +5,15 @@ namespace App\Http\Controllers\Api;
|
||||
use App\Events\CheckoutableCheckedOut;
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\FilterRequest;
|
||||
use App\Http\Requests\ImageUploadRequest;
|
||||
use App\Http\Requests\StoreConsumableRequest;
|
||||
use App\Http\Transformers\ActionlogsTransformer;
|
||||
use App\Http\Transformers\ConsumablesTransformer;
|
||||
use App\Http\Transformers\SelectlistTransformer;
|
||||
use App\Models\Company;
|
||||
use App\Models\Consumable;
|
||||
use App\Models\Setting;
|
||||
use App\Models\User;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
|
||||
class ConsumablesController extends Controller
|
||||
{
|
||||
@@ -28,7 +24,7 @@ class ConsumablesController extends Controller
|
||||
*
|
||||
* @since [v4.0]
|
||||
*/
|
||||
public function index(FilterRequest $request): array
|
||||
public function index(Request $request): array
|
||||
{
|
||||
$this->authorize('index', Consumable::class);
|
||||
|
||||
@@ -63,13 +59,25 @@ class ConsumablesController extends Controller
|
||||
'manufacturer',
|
||||
];
|
||||
|
||||
// This invokes the Searchable model trait scopeTextSearch and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$consumables->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
$filter = [];
|
||||
|
||||
if ($request->filled('filter')) {
|
||||
$filter = json_decode($request->input('filter'), true);
|
||||
|
||||
$filter = array_filter($filter, function ($key) use ($allowed_columns) {
|
||||
return in_array($key, $allowed_columns);
|
||||
}, ARRAY_FILTER_USE_KEY);
|
||||
|
||||
}
|
||||
|
||||
if ((! is_null($filter)) && (count($filter)) > 0) {
|
||||
$consumables->ByFilter($filter);
|
||||
} elseif ($request->filled('search')) {
|
||||
$consumables->TextSearch($request->input('search'));
|
||||
}
|
||||
|
||||
if ($request->filled('name')) {
|
||||
$consumables->where('consumables.name', '=', $request->input('name'));
|
||||
$consumables->where('name', '=', $request->input('name'));
|
||||
}
|
||||
|
||||
if ($request->filled('company_id')) {
|
||||
@@ -81,27 +89,27 @@ class ConsumablesController extends Controller
|
||||
}
|
||||
|
||||
if ($request->filled('category_id')) {
|
||||
$consumables->where('consumables.category_id', '=', $request->input('category_id'));
|
||||
$consumables->where('category_id', '=', $request->input('category_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('model_number')) {
|
||||
$consumables->where('consumables.model_number', '=', $request->input('model_number'));
|
||||
$consumables->where('model_number', '=', $request->input('model_number'));
|
||||
}
|
||||
|
||||
if ($request->filled('manufacturer_id')) {
|
||||
$consumables->where('consumables.manufacturer_id', '=', $request->input('manufacturer_id'));
|
||||
$consumables->where('manufacturer_id', '=', $request->input('manufacturer_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('supplier_id')) {
|
||||
$consumables->where('consumables.supplier_id', '=', $request->input('supplier_id'));
|
||||
$consumables->where('supplier_id', '=', $request->input('supplier_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('location_id')) {
|
||||
$consumables->where('consumables.location_id', '=', $request->input('location_id'));
|
||||
$consumables->where('location_id', '=', $request->input('location_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('notes')) {
|
||||
$consumables->where('consumables.notes', '=', $request->input('notes'));
|
||||
$consumables->where('notes', '=', $request->input('notes'));
|
||||
}
|
||||
|
||||
// Make sure the offset and limit are actually integers and do not exceed system limits
|
||||
@@ -157,7 +165,6 @@ class ConsumablesController extends Controller
|
||||
$this->authorize('create', Consumable::class);
|
||||
$consumable = new Consumable;
|
||||
$consumable->fill($request->all());
|
||||
$consumable->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
$consumable = $request->handleImages($consumable);
|
||||
|
||||
if ($consumable->save()) {
|
||||
@@ -197,7 +204,6 @@ class ConsumablesController extends Controller
|
||||
$this->authorize('update', Consumable::class);
|
||||
$consumable = Consumable::findOrFail($id);
|
||||
$consumable->fill($request->all());
|
||||
$consumable->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
$consumable = $request->handleImages($consumable);
|
||||
|
||||
if ($consumable->save()) {
|
||||
@@ -308,42 +314,34 @@ class ConsumablesController extends Controller
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/consumables/message.checkout.unavailable', ['requested' => $consumable->checkout_qty, 'remaining' => $consumable->numRemaining()])));
|
||||
}
|
||||
|
||||
// Resolve the raw target first, then enforce FMCS explicitly.
|
||||
// Scoped lookup can hide cross-company users and make failures ambiguous.
|
||||
if (! $user = User::withoutGlobalScopes()->find($request->input('assigned_to'))) {
|
||||
// Check if the user exists - @TODO: this should probably be handled via validation, not here??
|
||||
if (! $user = User::find($request->input('assigned_to'))) {
|
||||
// Return error message
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, 'No user found'));
|
||||
}
|
||||
|
||||
if ((Setting::getSettings()->full_multiple_companies_support == '1') && (! $user->companies()->where('companies.id', $consumable->company_id)->exists())) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.error_user_company')));
|
||||
}
|
||||
|
||||
// Update the consumable data
|
||||
$consumable->assigned_to = $request->input('assigned_to');
|
||||
|
||||
// Keep pivot writes and checkout log/event atomic to avoid partial checkout state.
|
||||
DB::transaction(function () use ($consumable, $request, $user): void {
|
||||
for ($i = 0; $i < $consumable->checkout_qty; $i++) {
|
||||
$consumable->users()->attach($consumable->id,
|
||||
[
|
||||
'consumable_id' => $consumable->id,
|
||||
'created_by' => $user->id,
|
||||
'assigned_to' => $request->input('assigned_to'),
|
||||
'note' => $request->input('note'),
|
||||
]
|
||||
);
|
||||
}
|
||||
for ($i = 0; $i < $consumable->checkout_qty; $i++) {
|
||||
$consumable->users()->attach($consumable->id,
|
||||
[
|
||||
'consumable_id' => $consumable->id,
|
||||
'created_by' => $user->id,
|
||||
'assigned_to' => $request->input('assigned_to'),
|
||||
'note' => $request->input('note'),
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
event(new CheckoutableCheckedOut(
|
||||
$consumable,
|
||||
$user,
|
||||
auth()->user(),
|
||||
$request->input('note'),
|
||||
[],
|
||||
$consumable->checkout_qty,
|
||||
));
|
||||
});
|
||||
event(new CheckoutableCheckedOut(
|
||||
$consumable,
|
||||
$user,
|
||||
auth()->user(),
|
||||
$request->input('note'),
|
||||
[],
|
||||
$consumable->checkout_qty,
|
||||
));
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/consumables/message.checkout.success')));
|
||||
|
||||
@@ -356,8 +354,6 @@ class ConsumablesController extends Controller
|
||||
*/
|
||||
public function selectlist(Request $request): array
|
||||
{
|
||||
$this->authorize('view.selectlists');
|
||||
|
||||
$consumables = Consumable::select([
|
||||
'consumables.id',
|
||||
'consumables.name',
|
||||
@@ -371,16 +367,4 @@ class ConsumablesController extends Controller
|
||||
|
||||
return (new SelectlistTransformer)->transformSelectlist($consumables);
|
||||
}
|
||||
|
||||
public function history(Request $request, Consumable $consumable): JsonResponse|array
|
||||
{
|
||||
$this->authorize('history', $consumable);
|
||||
$historyQuery = $consumable->getHistory($request);
|
||||
$total = (clone $historyQuery)->count();
|
||||
$offset = ($request->input('offset') > $total) ? $total : app('api_offset_value');
|
||||
$limit = app('api_limit_value');
|
||||
$history = (clone $historyQuery)->skip($offset)->take($limit)->get();
|
||||
|
||||
return response()->json((new ActionlogsTransformer)->transformActionlogs($history, $total), 200, ['Content-Type' => 'application/json;charset=utf8'], JSON_UNESCAPED_UNICODE);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,12 +4,10 @@ namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\FilterRequest;
|
||||
use App\Http\Requests\ImageUploadRequest;
|
||||
use App\Http\Requests\StoreDepartmentRequest;
|
||||
use App\Http\Transformers\DepartmentsTransformer;
|
||||
use App\Http\Transformers\SelectlistTransformer;
|
||||
use App\Models\Company;
|
||||
use App\Models\Department;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
@@ -24,7 +22,7 @@ class DepartmentsController extends Controller
|
||||
*
|
||||
* @since [v4.0]
|
||||
*/
|
||||
public function index(FilterRequest $request): JsonResponse|array
|
||||
public function index(Request $request): JsonResponse|array
|
||||
{
|
||||
$this->authorize('view', Department::class);
|
||||
$allowed_columns = ['id', 'name', 'image', 'users_count', 'notes', 'tag_color'];
|
||||
@@ -45,29 +43,28 @@ class DepartmentsController extends Controller
|
||||
'departments.notes',
|
||||
])->with('location')->with('manager')->with('company')->withCount('users as users_count');
|
||||
|
||||
// This invokes the Searchable model trait scopeTextSearch and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$departments->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
if ($request->filled('search')) {
|
||||
$departments = $departments->TextSearch($request->input('search'));
|
||||
}
|
||||
|
||||
if ($request->filled('name')) {
|
||||
$departments->where('departments.name', '=', $request->input('name'));
|
||||
$departments->where('name', '=', $request->input('name'));
|
||||
}
|
||||
|
||||
if ($request->filled('company_id')) {
|
||||
$departments->where('departments.company_id', '=', $request->input('company_id'));
|
||||
$departments->where('company_id', '=', $request->input('company_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('manager_id')) {
|
||||
$departments->where('departments.manager_id', '=', $request->input('manager_id'));
|
||||
$departments->where('manager_id', '=', $request->input('manager_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('location_id')) {
|
||||
$departments->where('departments.location_id', '=', $request->input('location_id'));
|
||||
$departments->where('location_id', '=', $request->input('location_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('tag_color')) {
|
||||
$departments->where('departments.tag_color', '=', $request->input('tag_color'));
|
||||
$departments->where('tag_color', '=', $request->input('departments.tag_color'));
|
||||
}
|
||||
|
||||
// Make sure the offset and limit are actually integers and do not exceed system limits
|
||||
@@ -112,7 +109,6 @@ class DepartmentsController extends Controller
|
||||
{
|
||||
$department = new Department;
|
||||
$department->fill($request->validated());
|
||||
$department->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
$department = $request->handleImages($department);
|
||||
|
||||
$department->created_by = auth()->id();
|
||||
@@ -157,7 +153,6 @@ class DepartmentsController extends Controller
|
||||
$this->authorize('update', Department::class);
|
||||
$department = Department::findOrFail($id);
|
||||
$department->fill($request->all());
|
||||
$department->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
$department = $request->handleImages($department);
|
||||
|
||||
if ($department->save()) {
|
||||
|
||||
@@ -4,7 +4,6 @@ namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\FilterRequest;
|
||||
use App\Http\Transformers\DepreciationsTransformer;
|
||||
use App\Models\Depreciation;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
@@ -19,7 +18,7 @@ class DepreciationsController extends Controller
|
||||
*
|
||||
* @since [v4.0]
|
||||
*/
|
||||
public function index(FilterRequest $request): JsonResponse|array
|
||||
public function index(Request $request): JsonResponse|array
|
||||
{
|
||||
$this->authorize('view', Depreciation::class);
|
||||
$allowed_columns = [
|
||||
@@ -34,15 +33,14 @@ class DepreciationsController extends Controller
|
||||
'licenses_count',
|
||||
];
|
||||
|
||||
$depreciations = Depreciation::select(['id', 'name', 'months', 'depreciation_min', 'depreciation_type', 'created_at', 'updated_at', 'created_by'])
|
||||
$depreciations = Depreciation::select('id', 'name', 'months', 'depreciation_min', 'depreciation_type', 'created_at', 'updated_at', 'created_by')
|
||||
->with('adminuser')
|
||||
->withCount('assets as assets_count')
|
||||
->withCount('models as models_count')
|
||||
->withCount('licenses as licenses_count');
|
||||
|
||||
// This invokes the Searchable model trait scopeTextSearch and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$depreciations->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
if ($request->filled('search')) {
|
||||
$depreciations = $depreciations->TextSearch($request->input('search'));
|
||||
}
|
||||
|
||||
// Make sure the offset and limit are actually integers and do not exceed system limits
|
||||
|
||||
@@ -2,10 +2,8 @@
|
||||
|
||||
namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Actions\Permissions\NormalizePermissionsPayloadAction;
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\FilterRequest;
|
||||
use App\Http\Transformers\GroupsTransformer;
|
||||
use App\Models\Group;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
@@ -20,7 +18,7 @@ class GroupsController extends Controller
|
||||
*
|
||||
* @since [v4.0]
|
||||
*/
|
||||
public function index(FilterRequest $request): JsonResponse|array
|
||||
public function index(Request $request): JsonResponse|array
|
||||
{
|
||||
$this->authorize('superadmin');
|
||||
|
||||
@@ -28,9 +26,8 @@ class GroupsController extends Controller
|
||||
|
||||
$groups = Group::select(['id', 'name', 'permissions', 'notes', 'created_at', 'updated_at', 'created_by'])->with('adminuser')->withCount('users as users_count');
|
||||
|
||||
// This invokes the Searchable model trait scopeTextSearch and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$groups->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
if ($request->filled('search')) {
|
||||
$groups = $groups->TextSearch($request->input('search'));
|
||||
}
|
||||
|
||||
if ($request->filled('name')) {
|
||||
@@ -78,17 +75,14 @@ class GroupsController extends Controller
|
||||
{
|
||||
$this->authorize('superadmin');
|
||||
$group = new Group;
|
||||
$defaultPermissions = Helper::selectedPermissionsArray(config('permissions'), config('permissions'));
|
||||
// Get all the available permissions
|
||||
$permissions = json_encode(config('permissions'));
|
||||
$groupPermissions = Helper::selectedPermissionsArray($permissions, $permissions);
|
||||
|
||||
$requestedPermissions = $request->has('permissions')
|
||||
? NormalizePermissionsPayloadAction::run($request->input('permissions'))
|
||||
: $defaultPermissions;
|
||||
|
||||
$group->fill($request->only(['name', 'notes']));
|
||||
$group->name = $request->input('name');
|
||||
$group->created_by = auth()->id();
|
||||
$group->permissions = json_encode(
|
||||
Helper::selectedPermissionsArray(config('permissions'), $requestedPermissions)
|
||||
);
|
||||
$group->notes = $request->input('notes');
|
||||
$group->permissions = json_encode($request->input('permissions', $groupPermissions));
|
||||
|
||||
if ($group->save()) {
|
||||
return response()->json(Helper::formatStandardApiResponse('success', (new GroupsTransformer)->transformGroup($group), trans('admin/groups/message.success.create')));
|
||||
@@ -128,18 +122,9 @@ class GroupsController extends Controller
|
||||
$this->authorize('superadmin');
|
||||
$group = Group::findOrFail($id);
|
||||
|
||||
// Fill only the keys present in the request, so PATCH skips absent fields naturally.
|
||||
$group->fill($request->only(['name', 'notes']));
|
||||
|
||||
// Preserve existing permissions when omitted from PATCH/PUT payload.
|
||||
if ($request->has('permissions')) {
|
||||
$group->permissions = json_encode(
|
||||
Helper::selectedPermissionsArray(
|
||||
config('permissions'),
|
||||
NormalizePermissionsPayloadAction::run($request->input('permissions'))
|
||||
)
|
||||
);
|
||||
}
|
||||
$group->name = $request->input('name');
|
||||
$group->notes = $request->input('notes');
|
||||
$group->permissions = $request->input('permissions'); // Todo - some JSON validation stuff here
|
||||
|
||||
if ($group->save()) {
|
||||
return response()->json(Helper::formatStandardApiResponse('success', (new GroupsTransformer)->transformGroup($group), trans('admin/groups/message.success.update')));
|
||||
@@ -161,10 +146,6 @@ class GroupsController extends Controller
|
||||
{
|
||||
$this->authorize('superadmin');
|
||||
$group = Group::findOrFail($id);
|
||||
if (! $group->isDeletable()) {
|
||||
return response()
|
||||
->json(Helper::formatStandardApiResponse('error', null, trans('admin/groups/message.assoc_users')));
|
||||
}
|
||||
$group->delete();
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/groups/message.delete.success')));
|
||||
|
||||
@@ -8,11 +8,9 @@ use App\Http\Transformers\LicenseSeatsTransformer;
|
||||
use App\Models\Asset;
|
||||
use App\Models\License;
|
||||
use App\Models\LicenseSeat;
|
||||
use App\Models\Setting;
|
||||
use App\Models\User;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
|
||||
class LicenseSeatsController extends Controller
|
||||
{
|
||||
@@ -27,7 +25,7 @@ class LicenseSeatsController extends Controller
|
||||
if ($license = License::find($licenseId)) {
|
||||
$this->authorize('view', $license);
|
||||
|
||||
$seats = LicenseSeat::with('license', 'user', 'asset', 'user.department', 'user.companies', 'asset.company')
|
||||
$seats = LicenseSeat::with('license', 'user', 'asset', 'user.department', 'user.company', 'asset.company')
|
||||
->where('license_seats.license_id', $licenseId);
|
||||
|
||||
if ($request->input('status') == 'available') {
|
||||
@@ -108,8 +106,7 @@ class LicenseSeatsController extends Controller
|
||||
'prohibits:asset_id',
|
||||
// must be a valid user or null to unassign
|
||||
function ($attribute, $value, $fail) {
|
||||
// Validate existence without company scopes; FMCS checks happen explicitly below.
|
||||
if (! is_null($value) && ! User::withoutGlobalScopes()->where('id', $value)->whereNull('deleted_at')->exists()) {
|
||||
if (! is_null($value) && ! User::where('id', $value)->whereNull('deleted_at')->exists()) {
|
||||
$fail('The selected assigned_to is invalid.');
|
||||
}
|
||||
},
|
||||
@@ -121,8 +118,7 @@ class LicenseSeatsController extends Controller
|
||||
'prohibits:assigned_to',
|
||||
// must be a valid asset or null to unassign
|
||||
function ($attribute, $value, $fail) {
|
||||
// Validate existence without company scopes; FMCS checks happen explicitly below.
|
||||
if (! is_null($value) && ! Asset::withoutGlobalScopes()->where('id', $value)->whereNull('deleted_at')->exists()) {
|
||||
if (! is_null($value) && ! Asset::where('id', $value)->whereNull('deleted_at')->exists()) {
|
||||
$fail('The selected asset_id is invalid.');
|
||||
}
|
||||
},
|
||||
@@ -132,141 +128,77 @@ class LicenseSeatsController extends Controller
|
||||
|
||||
$this->authorize('checkout', License::class);
|
||||
|
||||
$errorResponse = null;
|
||||
$updatedSeat = null;
|
||||
$licenseSeat = LicenseSeat::with(['license', 'asset', 'user'])->find($seatId);
|
||||
|
||||
// Fetch the seat with a pessimistic lock inside a transaction so concurrent requests
|
||||
// on the same seat serialise rather than racing to overwrite each other's assignment.
|
||||
DB::transaction(function () use ($request, $licenseId, $seatId, $validated, &$errorResponse, &$updatedSeat): void {
|
||||
$licenseSeat = LicenseSeat::with(['license', 'asset', 'user'])
|
||||
->lockForUpdate()
|
||||
->find($seatId);
|
||||
if (! $licenseSeat) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, 'Seat not found'));
|
||||
}
|
||||
|
||||
if (! $licenseSeat) {
|
||||
$errorResponse = response()->json(Helper::formatStandardApiResponse('error', null, 'Seat not found'));
|
||||
$license = $licenseSeat->license;
|
||||
if (! $license || $license->id != intval($licenseId)) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, 'Seat does not belong to the specified license'));
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$license = $licenseSeat->license;
|
||||
if (! $license || $license->id != intval($licenseId)) {
|
||||
$errorResponse = response()->json(Helper::formatStandardApiResponse('error', null, 'Seat does not belong to the specified license'));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$targetUser = null;
|
||||
if (! is_null($request->input('assigned_to'))) {
|
||||
// Resolve unscoped target so we can return a clean cross-company error instead of a hidden-not-found.
|
||||
$targetUser = User::withoutGlobalScopes()->find($request->input('assigned_to'));
|
||||
|
||||
if (! $targetUser) {
|
||||
$errorResponse = response()->json(Helper::formatStandardApiResponse('error', null, 'Target not found'));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if ((Setting::getSettings()->full_multiple_companies_support == '1') && (! $targetUser->companies()->where('companies.id', $license->company_id)->exists())) {
|
||||
$errorResponse = response()->json(Helper::formatStandardApiResponse('error', null, trans('general.error_user_company')));
|
||||
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
$targetAsset = null;
|
||||
if (! is_null($request->input('asset_id'))) {
|
||||
// Resolve unscoped target so FMCS company mismatch can be enforced explicitly.
|
||||
$targetAsset = Asset::withoutGlobalScopes()->find($request->input('asset_id'));
|
||||
|
||||
if (! $targetAsset) {
|
||||
$errorResponse = response()->json(Helper::formatStandardApiResponse('error', null, 'Target not found'));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if ((Setting::getSettings()->full_multiple_companies_support == '1') && ($license->company_id !== $targetAsset->company_id)) {
|
||||
$errorResponse = response()->json(Helper::formatStandardApiResponse('error', null, trans('general.error_user_company')));
|
||||
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
$oldUser = $licenseSeat->user;
|
||||
$oldAsset = $licenseSeat->asset;
|
||||
|
||||
$licenseSeat->fill($validated);
|
||||
|
||||
$assignmentTouched = $licenseSeat->isDirty('assigned_to') || $licenseSeat->isDirty('asset_id');
|
||||
$anythingTouched = $licenseSeat->isDirty();
|
||||
|
||||
if (! $anythingTouched) {
|
||||
$updatedSeat = $licenseSeat;
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if ($assignmentTouched && $licenseSeat->unreassignable_seat) {
|
||||
$errorResponse = response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/licenses/message.checkout.unavailable')));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
// Are the assignment fields cleared? If yes, this is a checkin operation.
|
||||
$is_checkin = ($assignmentTouched && $licenseSeat->assigned_to === null && $licenseSeat->asset_id === null);
|
||||
|
||||
// The logging functions expect only one "target"; assets take precedence over users.
|
||||
$target = null;
|
||||
if ($licenseSeat->isDirty('assigned_to')) {
|
||||
$target = $is_checkin ? $oldUser : $targetUser;
|
||||
}
|
||||
if ($licenseSeat->isDirty('asset_id')) {
|
||||
$target = $is_checkin ? $oldAsset : $targetAsset;
|
||||
}
|
||||
|
||||
if ($assignmentTouched && is_null($target)) {
|
||||
// Both fields are null but one was provided — the related model is purged or bad data.
|
||||
if (! is_null($request->input('asset_id')) || ! is_null($request->input('assigned_to'))) {
|
||||
$errorResponse = response()->json(Helper::formatStandardApiResponse('error', null, 'Target not found'));
|
||||
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (! $licenseSeat->save()) {
|
||||
$errorResponse = response()->json(Helper::formatStandardApiResponse('error', null, $licenseSeat->getErrors()));
|
||||
|
||||
return;
|
||||
$oldUser = $licenseSeat->user;
|
||||
$oldAsset = $licenseSeat->asset;
|
||||
|
||||
// attempt to update the license seat
|
||||
$licenseSeat->fill($validated);
|
||||
|
||||
// check if this update is a checkin operation
|
||||
// 1. are relevant fields touched at all?
|
||||
$assignmentTouched = $licenseSeat->isDirty('assigned_to') || $licenseSeat->isDirty('asset_id');
|
||||
$anythingTouched = $licenseSeat->isDirty();
|
||||
|
||||
if (! $anythingTouched) {
|
||||
return response()->json(
|
||||
Helper::formatStandardApiResponse('success', $licenseSeat, trans('admin/licenses/message.update.success'))
|
||||
);
|
||||
}
|
||||
if ($assignmentTouched && $licenseSeat->unreassignable_seat) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/licenses/message.checkout.unavailable')));
|
||||
}
|
||||
|
||||
// 2. are they cleared? if yes then this is a checkin operation
|
||||
$is_checkin = ($assignmentTouched && $licenseSeat->assigned_to === null && $licenseSeat->asset_id === null);
|
||||
$target = null;
|
||||
|
||||
// the logging functions expect only one "target". if both asset and user are present in the request,
|
||||
// we simply let assets take precedence over users...
|
||||
if ($licenseSeat->isDirty('assigned_to')) {
|
||||
$target = $is_checkin ? $oldUser : User::find($licenseSeat->assigned_to);
|
||||
}
|
||||
|
||||
if ($licenseSeat->isDirty('asset_id')) {
|
||||
$target = $is_checkin ? $oldAsset : Asset::find($licenseSeat->asset_id);
|
||||
}
|
||||
|
||||
if ($assignmentTouched && is_null($target)) {
|
||||
// if both asset_id and assigned_to are null then we are "checking-in"
|
||||
// a related model that does not exist (possible purged or bad data).
|
||||
if (! is_null($request->input('asset_id')) || ! is_null($request->input('assigned_to'))) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, 'Target not found'));
|
||||
}
|
||||
}
|
||||
|
||||
if ($licenseSeat->save()) {
|
||||
if ($assignmentTouched) {
|
||||
if ($is_checkin) {
|
||||
if (! $licenseSeat->license->reassignable) {
|
||||
$licenseSeat->unreassignable_seat = true;
|
||||
|
||||
if (! $licenseSeat->save()) {
|
||||
$errorResponse = response()->json(Helper::formatStandardApiResponse('error', null, $licenseSeat->getErrors()));
|
||||
|
||||
return;
|
||||
}
|
||||
$licenseSeat->save();
|
||||
}
|
||||
|
||||
// todo: skip if target is null?
|
||||
$licenseSeat->logCheckin($target, $licenseSeat->notes);
|
||||
} else {
|
||||
// in this case, relevant fields are touched but it's not a checkin operation. so it must be a checkout operation.
|
||||
$licenseSeat->logCheckout($request->input('notes'), $target);
|
||||
}
|
||||
}
|
||||
|
||||
$updatedSeat = $licenseSeat;
|
||||
});
|
||||
|
||||
if ($errorResponse) {
|
||||
return $errorResponse;
|
||||
return response()->json(Helper::formatStandardApiResponse('success', $licenseSeat, trans('admin/licenses/message.update.success')));
|
||||
}
|
||||
|
||||
if ($updatedSeat) {
|
||||
return response()->json(Helper::formatStandardApiResponse('success', $updatedSeat, trans('admin/licenses/message.update.success')));
|
||||
}
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, 'An unexpected error occurred'), 500);
|
||||
return Helper::formatStandardApiResponse('error', null, $licenseSeat->getErrors());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,21 +2,12 @@
|
||||
|
||||
namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Events\CheckoutableCheckedIn;
|
||||
use App\Events\CheckoutableCheckedOut;
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\FilterRequest;
|
||||
use App\Http\Transformers\ActionlogsTransformer;
|
||||
use App\Http\Transformers\LicenseSeatsTransformer;
|
||||
use App\Http\Transformers\LicensesTransformer;
|
||||
use App\Http\Transformers\SelectlistTransformer;
|
||||
use App\Models\Asset;
|
||||
use App\Models\Company;
|
||||
use App\Models\License;
|
||||
use App\Models\LicenseSeat;
|
||||
use App\Models\Setting;
|
||||
use App\Models\User;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
@@ -30,11 +21,11 @@ class LicensesController extends Controller
|
||||
*
|
||||
* @since [v4.0]
|
||||
*/
|
||||
public function index(FilterRequest $request): JsonResponse|array
|
||||
public function index(Request $request): JsonResponse|array
|
||||
{
|
||||
$this->authorize('view', License::class);
|
||||
|
||||
$licenses = License::with('company', 'manufacturer', 'supplier', 'category', 'adminuser', 'licenseSeatsRelation', 'assignedCount')->withCount('freeSeats as free_seats_count');
|
||||
$licenses = License::with('company', 'manufacturer', 'supplier', 'category', 'adminuser')->withCount('freeSeats as free_seats_count');
|
||||
$settings = Setting::getSettings();
|
||||
|
||||
if ($request->input('status') == 'inactive') {
|
||||
@@ -105,9 +96,8 @@ class LicensesController extends Controller
|
||||
$licenses->whereNull('expiration_date');
|
||||
}
|
||||
|
||||
// This invokes the Searchable model trait and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$licenses->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
if ($request->filled('search')) {
|
||||
$licenses = $licenses->TextSearch($request->input('search'));
|
||||
}
|
||||
|
||||
if ($request->input('deleted') == 'true') {
|
||||
@@ -186,7 +176,6 @@ class LicensesController extends Controller
|
||||
$this->authorize('create', License::class);
|
||||
$license = new License;
|
||||
$license->fill($request->all());
|
||||
$license->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
|
||||
if ($license->save()) {
|
||||
return response()->json(Helper::formatStandardApiResponse('success', $license, trans('admin/licenses/message.create.success')));
|
||||
@@ -227,7 +216,6 @@ class LicensesController extends Controller
|
||||
|
||||
$license = License::findOrFail($id);
|
||||
$license->fill($request->all());
|
||||
$license->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
|
||||
if ($license->save()) {
|
||||
return response()->json(Helper::formatStandardApiResponse('success', $license, trans('admin/licenses/message.update.success')));
|
||||
@@ -253,7 +241,7 @@ class LicensesController extends Controller
|
||||
if ($license->assigned_seats_count == 0) {
|
||||
// Delete the license and the associated license seats
|
||||
DB::table('license_seats')
|
||||
->where('license_id', $license->id)
|
||||
->where('id', $license->id)
|
||||
->update(['assigned_to' => null, 'asset_id' => null]);
|
||||
|
||||
$licenseSeats = $license->licenseseats();
|
||||
@@ -267,167 +255,6 @@ class LicensesController extends Controller
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/licenses/message.assoc_users')));
|
||||
}
|
||||
|
||||
/**
|
||||
* Checkout a license seat to a user or asset.
|
||||
*
|
||||
* Accepts an optional `seat_id`; if omitted the next available free seat is used.
|
||||
* `target_type` must be "user" or "asset". Supply `assigned_to` for users or
|
||||
* `asset_id` for assets.
|
||||
*
|
||||
* This will eventually use the same form request the UI uses, but we need to update the field names first.
|
||||
*
|
||||
* @param int $licenseId
|
||||
*/
|
||||
public function checkout(Request $request, $licenseId): JsonResponse
|
||||
{
|
||||
$license = License::findOrFail($licenseId);
|
||||
$this->authorize('checkout', $license);
|
||||
|
||||
$validated = $this->validate($request, [
|
||||
'seat_id' => 'sometimes|integer|nullable',
|
||||
'target_type' => 'required|in:user,asset',
|
||||
'assigned_to' => 'required_if:target_type,user|integer|nullable',
|
||||
'asset_id' => 'required_if:target_type,asset|integer|nullable',
|
||||
'notes' => 'sometimes|string|nullable',
|
||||
]);
|
||||
|
||||
if ($license->isInactive()) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/licenses/message.checkout.license_is_inactive')));
|
||||
}
|
||||
|
||||
$errorResponse = null;
|
||||
$updatedSeat = null;
|
||||
$target = null;
|
||||
|
||||
DB::transaction(function () use ($license, $validated, &$errorResponse, &$updatedSeat, &$target): void {
|
||||
$seatId = $validated['seat_id'] ?? null;
|
||||
|
||||
$licenseSeat = $seatId
|
||||
? LicenseSeat::where('id', $seatId)->where('license_id', $license->id)->lockForUpdate()->first()
|
||||
: $license->freeSeat(lock: true);
|
||||
|
||||
if (! $licenseSeat) {
|
||||
$errorResponse = response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/licenses/message.checkout.not_enough_seats')));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if ($licenseSeat->unreassignable_seat) {
|
||||
$errorResponse = response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/licenses/message.checkout.unavailable')));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if ($validated['target_type'] === 'user') {
|
||||
$target = User::withoutGlobalScopes()->whereNull('deleted_at')->find($validated['assigned_to'] ?? null);
|
||||
if (! $target) {
|
||||
$errorResponse = response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/licenses/message.user_does_not_exist')));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if (Company::isFullMultipleCompanySupportEnabled() && ! $target->companies()->where('companies.id', $license->company_id)->exists()) {
|
||||
$errorResponse = response()->json(Helper::formatStandardApiResponse('error', null, trans('general.error_user_company')));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$licenseSeat->assigned_to = $target->id;
|
||||
$licenseSeat->asset_id = null;
|
||||
} else {
|
||||
$target = Asset::withoutGlobalScopes()->whereNull('deleted_at')->find($validated['asset_id'] ?? null);
|
||||
if (! $target) {
|
||||
$errorResponse = response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/licenses/message.asset_does_not_exist')));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if (Company::isFullMultipleCompanySupportEnabled() && $license->company_id && $license->company_id !== $target->company_id) {
|
||||
$errorResponse = response()->json(Helper::formatStandardApiResponse('error', null, trans('general.error_user_company')));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$licenseSeat->asset_id = $target->id;
|
||||
$licenseSeat->assigned_to = null;
|
||||
|
||||
if ($target->checkedOutToUser()) {
|
||||
$licenseSeat->assigned_to = $target->assigned_to;
|
||||
}
|
||||
}
|
||||
|
||||
$licenseSeat->notes = $validated['notes'] ?? null;
|
||||
$licenseSeat->created_by = auth()->id();
|
||||
|
||||
if (! $licenseSeat->save()) {
|
||||
$errorResponse = response()->json(Helper::formatStandardApiResponse('error', null, $licenseSeat->getErrors()));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
event(new CheckoutableCheckedOut($licenseSeat, $target, auth()->user(), $validated['notes'] ?? null));
|
||||
$updatedSeat = $licenseSeat->load('license', 'user', 'asset');
|
||||
});
|
||||
|
||||
if ($errorResponse) {
|
||||
return $errorResponse;
|
||||
}
|
||||
|
||||
if ($updatedSeat) {
|
||||
return response()->json(Helper::formatStandardApiResponse('success', (new LicenseSeatsTransformer)->transformLicenseSeat($updatedSeat), trans('admin/licenses/message.checkout.success')));
|
||||
}
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, 'An unexpected error occurred'), 500);
|
||||
}
|
||||
|
||||
/**
|
||||
* Checkin a license seat.
|
||||
*
|
||||
* `seat_id` is required to identify which seat to check back in.
|
||||
*
|
||||
* @param int $licenseId
|
||||
*/
|
||||
public function checkin(Request $request, $licenseId): JsonResponse
|
||||
{
|
||||
$license = License::findOrFail($licenseId);
|
||||
$this->authorize('checkin', $license);
|
||||
|
||||
$validated = $this->validate($request, [
|
||||
'seat_id' => 'required|integer',
|
||||
'notes' => 'sometimes|string|nullable',
|
||||
]);
|
||||
|
||||
$licenseSeat = LicenseSeat::where('id', $validated['seat_id'])
|
||||
->where('license_id', $license->id)
|
||||
->first();
|
||||
|
||||
if (! $licenseSeat) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/licenses/message.not_found')));
|
||||
}
|
||||
|
||||
if (is_null($licenseSeat->assigned_to) && is_null($licenseSeat->asset_id)) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/licenses/message.checkin.error')));
|
||||
}
|
||||
|
||||
$target = $licenseSeat->user ?? $licenseSeat->asset;
|
||||
|
||||
$licenseSeat->assigned_to = null;
|
||||
$licenseSeat->asset_id = null;
|
||||
$licenseSeat->notes = $validated['notes'] ?? null;
|
||||
|
||||
if (! $license->reassignable) {
|
||||
$licenseSeat->unreassignable_seat = true;
|
||||
}
|
||||
|
||||
if (! $licenseSeat->save()) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, $licenseSeat->getErrors()));
|
||||
}
|
||||
|
||||
event(new CheckoutableCheckedIn($licenseSeat, $target, auth()->user(), $licenseSeat->notes));
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('success', (new LicenseSeatsTransformer)->transformLicenseSeat($licenseSeat->load('license', 'user', 'asset')), trans('admin/licenses/message.checkin.success')));
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets a paginated collection for the select2 menus
|
||||
*
|
||||
@@ -435,8 +262,6 @@ class LicensesController extends Controller
|
||||
*/
|
||||
public function selectlist(Request $request): array
|
||||
{
|
||||
$this->authorize('view.selectlists');
|
||||
|
||||
$licenses = License::select([
|
||||
'licenses.id',
|
||||
'licenses.name',
|
||||
@@ -450,16 +275,4 @@ class LicensesController extends Controller
|
||||
|
||||
return (new SelectlistTransformer)->transformSelectlist($licenses);
|
||||
}
|
||||
|
||||
public function history(Request $request, License $license): JsonResponse|array
|
||||
{
|
||||
$this->authorize('history', $license);
|
||||
$historyQuery = $license->getHistory($request);
|
||||
$total = (clone $historyQuery)->count();
|
||||
$offset = ($request->input('offset') > $total) ? $total : app('api_offset_value');
|
||||
$limit = app('api_limit_value');
|
||||
$history = (clone $historyQuery)->skip($offset)->take($limit)->get();
|
||||
|
||||
return response()->json((new ActionlogsTransformer)->transformActionlogs($history, $total), 200, ['Content-Type' => 'application/json;charset=utf8'], JSON_UNESCAPED_UNICODE);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,9 +4,7 @@ namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\FilterRequest;
|
||||
use App\Http\Requests\ImageUploadRequest;
|
||||
use App\Http\Transformers\ActionlogsTransformer;
|
||||
use App\Http\Transformers\AssetsTransformer;
|
||||
use App\Http\Transformers\LocationsTransformer;
|
||||
use App\Http\Transformers\SelectlistTransformer;
|
||||
@@ -33,7 +31,7 @@ class LocationsController extends Controller
|
||||
*
|
||||
* @return Response
|
||||
*/
|
||||
public function index(FilterRequest $request): JsonResponse|array
|
||||
public function index(Request $request): JsonResponse|array
|
||||
{
|
||||
$this->authorize('view', Location::class);
|
||||
$allowed_columns = [
|
||||
@@ -67,18 +65,7 @@ class LocationsController extends Controller
|
||||
'notes',
|
||||
];
|
||||
|
||||
$locations = Location::with([
|
||||
'parent',
|
||||
'children',
|
||||
'manager' => fn ($q) => $q->withCount([
|
||||
'assets as assets_count',
|
||||
'accessories as accessories_count',
|
||||
'licenses as licenses_count',
|
||||
'consumables as consumables_count',
|
||||
'managesUsers as manages_users_count',
|
||||
'managedLocations as manages_locations_count',
|
||||
]),
|
||||
])->select([
|
||||
$locations = Location::with('parent', 'manager', 'children')->select([
|
||||
'locations.id',
|
||||
'locations.name',
|
||||
'locations.address',
|
||||
@@ -114,16 +101,13 @@ class LocationsController extends Controller
|
||||
->withCount('components as components_count')
|
||||
->with('adminuser');
|
||||
|
||||
// scope_locations_fmcs is required for location-level company scoping (locations may not
|
||||
// have company_id assigned unless the compatibility check has been completed in Settings).
|
||||
// Without it, locations are visible to all authenticated users regardless of FMCS state.
|
||||
// Only scope locations if the setting is enabled
|
||||
if (Setting::getSettings()->scope_locations_fmcs) {
|
||||
$locations = Company::scopeCompanyables($locations);
|
||||
}
|
||||
|
||||
// This invokes the Searchable model trait scopeTextSearch and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$locations->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
if ($request->filled('search')) {
|
||||
$locations = $locations->TextSearch($request->input('search'));
|
||||
}
|
||||
|
||||
if ($request->filled('name')) {
|
||||
@@ -170,6 +154,8 @@ class LocationsController extends Controller
|
||||
$locations->where('tag_color', '=', $request->input('locations.tag_color'));
|
||||
}
|
||||
|
||||
// Make sure the offset and limit are actually integers and do not exceed system limits
|
||||
$offset = ($request->input('offset') > $locations->count()) ? $locations->count() : app('api_offset_value');
|
||||
$limit = app('api_limit_value');
|
||||
|
||||
$order = $request->input('order') === 'asc' ? 'asc' : 'desc';
|
||||
@@ -191,7 +177,6 @@ class LocationsController extends Controller
|
||||
}
|
||||
|
||||
$total = $locations->count();
|
||||
$offset = ($request->input('offset') > $total) ? $total : app('api_offset_value');
|
||||
$locations = $locations->skip($offset)->take($limit)->get();
|
||||
|
||||
return (new LocationsTransformer)->transformLocations($locations, $total);
|
||||
@@ -211,19 +196,12 @@ class LocationsController extends Controller
|
||||
$location->fill($request->all());
|
||||
$location = $request->handleImages($location);
|
||||
|
||||
// Only scope location if the setting is enabled
|
||||
if (Setting::getSettings()->scope_locations_fmcs) {
|
||||
$location->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
}
|
||||
|
||||
// Parent company check applies whenever FMCS is on, independent of scope_locations_fmcs.
|
||||
if (Setting::getSettings()->full_multiple_companies_support) {
|
||||
$parent = $location->parent_id ? Location::find($location->parent_id) : null;
|
||||
if ($parent && $parent->company_id != $location->company_id) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.error_location_parent_company', [
|
||||
'parent' => $parent->name,
|
||||
'parent_company' => $parent->company?->name ?? trans('general.unassigned'),
|
||||
'location_company' => $location->company?->name ?? trans('general.unassigned'),
|
||||
])));
|
||||
// check if parent is set and has a different company
|
||||
if ($location->parent_id && Location::find($location->parent_id)->company_id != $location->company_id) {
|
||||
response()->json(Helper::formatStandardApiResponse('error', null, 'different company than parent'));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -246,19 +224,7 @@ class LocationsController extends Controller
|
||||
public function show($id): JsonResponse|array
|
||||
{
|
||||
$this->authorize('view', Location::class);
|
||||
$location = Location::with([
|
||||
'parent',
|
||||
'children',
|
||||
'company',
|
||||
'manager' => fn ($q) => $q->withCount([
|
||||
'assets as assets_count',
|
||||
'accessories as accessories_count',
|
||||
'licenses as licenses_count',
|
||||
'consumables as consumables_count',
|
||||
'managesUsers as manages_users_count',
|
||||
'managedLocations as manages_locations_count',
|
||||
]),
|
||||
])
|
||||
$location = Location::with('parent', 'manager', 'children', 'company')
|
||||
->select([
|
||||
'locations.id',
|
||||
'locations.name',
|
||||
@@ -310,36 +276,18 @@ class LocationsController extends Controller
|
||||
$location = $request->handleImages($location);
|
||||
|
||||
if ($request->filled('company_id')) {
|
||||
// Only scope location if the setting is enabled
|
||||
if (Setting::getSettings()->scope_locations_fmcs) {
|
||||
$location->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
// check if there are related objects with different company
|
||||
if ($mismatched = Helper::test_locations_fmcs(false, $id, $location->company_id)) {
|
||||
$first = $mismatched[0];
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.error_location_scoped_items', [
|
||||
'item_type' => trans('general.'.strtolower($first[0])),
|
||||
'item_name' => $first[2],
|
||||
'item_company' => $first[5] ?? trans('general.unassigned'),
|
||||
])));
|
||||
if (Helper::test_locations_fmcs(false, $id, $location->company_id)) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, 'error scoped locations'));
|
||||
}
|
||||
} else {
|
||||
$location->company_id = $request->input('company_id');
|
||||
}
|
||||
}
|
||||
|
||||
// Parent company check applies whenever FMCS is on, independent of scope_locations_fmcs.
|
||||
// Runs outside the company_id gate so a parent_id-only update is also validated.
|
||||
if (Setting::getSettings()->full_multiple_companies_support) {
|
||||
$parent = $location->parent_id ? Location::find($location->parent_id) : null;
|
||||
if ($parent && $parent->company_id != $location->company_id) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.error_location_parent_company', [
|
||||
'parent' => $parent->name,
|
||||
'parent_company' => $parent->company?->name ?? trans('general.unassigned'),
|
||||
'location_company' => $location->company?->name ?? trans('general.unassigned'),
|
||||
])));
|
||||
}
|
||||
}
|
||||
|
||||
if ($location->isValid()) {
|
||||
|
||||
$location->save();
|
||||
@@ -360,7 +308,7 @@ class LocationsController extends Controller
|
||||
{
|
||||
$this->authorize('view', Asset::class);
|
||||
$this->authorize('view', $location);
|
||||
$assets = Asset::where('location_id', '=', $location->id)->with('model', 'model.category', 'status', 'location', 'company', 'defaultLoc');
|
||||
$assets = Asset::where('location_id', '=', $location->id)->with('model', 'model.category', 'assetstatus', 'location', 'company', 'defaultLoc');
|
||||
$assets = $assets->get();
|
||||
|
||||
return (new AssetsTransformer)->transformAssets($assets, $assets->count(), $request);
|
||||
@@ -370,7 +318,7 @@ class LocationsController extends Controller
|
||||
{
|
||||
$this->authorize('view', Asset::class);
|
||||
$this->authorize('view', $location);
|
||||
$assets = Asset::where('assigned_to', '=', $location->id)->where('assigned_type', '=', Location::class)->with('model', 'model.category', 'status', 'location', 'company', 'defaultLoc');
|
||||
$assets = Asset::where('assigned_to', '=', $location->id)->where('assigned_type', '=', Location::class)->with('model', 'model.category', 'assetstatus', 'location', 'company', 'defaultLoc');
|
||||
$assets = $assets->get();
|
||||
|
||||
return (new AssetsTransformer)->transformAssets($assets, $assets->count(), $request);
|
||||
@@ -471,6 +419,11 @@ class LocationsController extends Controller
|
||||
'locations.tag_color',
|
||||
]);
|
||||
|
||||
// Only scope locations if the setting is enabled
|
||||
if (Setting::getSettings()->scope_locations_fmcs) {
|
||||
$locations = Company::scopeCompanyables($locations);
|
||||
}
|
||||
|
||||
$page = 1;
|
||||
if ($request->filled('page')) {
|
||||
$page = $request->input('page');
|
||||
@@ -480,10 +433,6 @@ class LocationsController extends Controller
|
||||
$locations = $locations->where('locations.name', 'LIKE', '%'.$request->input('search').'%');
|
||||
}
|
||||
|
||||
if ($request->filled('excludeId')) {
|
||||
$locations->where('locations.id', '!=', (int) $request->input('excludeId'));
|
||||
}
|
||||
|
||||
$locations = $locations->orderBy('name', 'ASC')->get();
|
||||
|
||||
$locations_with_children = [];
|
||||
@@ -506,16 +455,4 @@ class LocationsController extends Controller
|
||||
|
||||
return (new SelectlistTransformer)->transformSelectlist($paginated_results);
|
||||
}
|
||||
|
||||
public function history(Request $request, Location $location): JsonResponse|array
|
||||
{
|
||||
$this->authorize('history', $location);
|
||||
$historyQuery = $location->getHistory($request);
|
||||
$total = (clone $historyQuery)->count();
|
||||
$offset = ($request->input('offset') > $total) ? $total : app('api_offset_value');
|
||||
$limit = app('api_limit_value');
|
||||
$history = (clone $historyQuery)->skip($offset)->take($limit)->get();
|
||||
|
||||
return response()->json((new ActionlogsTransformer)->transformActionlogs($history, $total), 200, ['Content-Type' => 'application/json;charset=utf8'], JSON_UNESCAPED_UNICODE);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,87 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\FilterRequest;
|
||||
use App\Http\Transformers\MaintenanceTypesTransformer;
|
||||
use App\Models\MaintenanceType;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
class MaintenanceTypesController extends Controller
|
||||
{
|
||||
public function index(FilterRequest $request): JsonResponse|array
|
||||
{
|
||||
$this->authorize('view', MaintenanceType::class);
|
||||
|
||||
$types = MaintenanceType::select(['id', 'name', 'created_at', 'updated_at', 'deleted_at']);
|
||||
|
||||
if ($request->input('deleted') == 'true') {
|
||||
$types->onlyTrashed();
|
||||
}
|
||||
|
||||
if ($request->filled('search')) {
|
||||
$types->where('name', 'LIKE', '%'.$request->input('search').'%');
|
||||
}
|
||||
|
||||
if ($request->filled('name')) {
|
||||
$types->where('name', '=', $request->input('name'));
|
||||
}
|
||||
|
||||
$offset = ($request->input('offset') > $types->count()) ? $types->count() : app('api_offset_value');
|
||||
$limit = app('api_limit_value');
|
||||
$order = $request->input('order') === 'asc' ? 'asc' : 'desc';
|
||||
$sort = in_array($request->input('sort'), ['id', 'name', 'created_at', 'updated_at']) ? $request->input('sort') : 'name';
|
||||
|
||||
$total = $types->count();
|
||||
$types = $types->orderBy($sort, $order)->skip($offset)->take($limit)->get();
|
||||
|
||||
return (new MaintenanceTypesTransformer)->transformMaintenanceTypes($types, $total);
|
||||
}
|
||||
|
||||
public function show(MaintenanceType $maintenanceType): JsonResponse|array
|
||||
{
|
||||
$this->authorize('view', $maintenanceType);
|
||||
|
||||
return (new MaintenanceTypesTransformer)->transformMaintenanceType($maintenanceType);
|
||||
}
|
||||
|
||||
public function store(Request $request): JsonResponse
|
||||
{
|
||||
$this->authorize('create', MaintenanceType::class);
|
||||
|
||||
$type = new MaintenanceType;
|
||||
$type->name = $request->input('name');
|
||||
$type->created_by = auth()->id();
|
||||
|
||||
if ($type->save()) {
|
||||
return response()->json(Helper::formatStandardApiResponse('success', (new MaintenanceTypesTransformer)->transformMaintenanceType($type), trans('admin/maintenance_types/message.create.success')));
|
||||
}
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, $type->getErrors()));
|
||||
}
|
||||
|
||||
public function update(Request $request, MaintenanceType $maintenanceType): JsonResponse
|
||||
{
|
||||
$this->authorize('update', $maintenanceType);
|
||||
|
||||
$maintenanceType->name = $request->input('name');
|
||||
|
||||
if ($maintenanceType->save()) {
|
||||
return response()->json(Helper::formatStandardApiResponse('success', (new MaintenanceTypesTransformer)->transformMaintenanceType($maintenanceType), trans('admin/maintenance_types/message.update.success')));
|
||||
}
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, $maintenanceType->getErrors()));
|
||||
}
|
||||
|
||||
public function destroy(MaintenanceType $maintenanceType): JsonResponse
|
||||
{
|
||||
$this->authorize('delete', $maintenanceType);
|
||||
|
||||
$maintenanceType->delete();
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/maintenance_types/message.delete.success')));
|
||||
}
|
||||
}
|
||||
@@ -2,19 +2,13 @@
|
||||
|
||||
namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Enums\ActionType;
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\FilterRequest;
|
||||
use App\Http\Requests\ImageUploadRequest;
|
||||
use App\Http\Transformers\ActionlogsTransformer;
|
||||
use App\Http\Transformers\MaintenancesTransformer;
|
||||
use App\Models\Actionlog;
|
||||
use App\Models\Asset;
|
||||
use App\Models\Company;
|
||||
use App\Models\Maintenance;
|
||||
use App\Models\Setting;
|
||||
use Illuminate\Database\Eloquent\Collection as EloquentCollection;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
@@ -37,17 +31,15 @@ class MaintenancesController extends Controller
|
||||
*
|
||||
* @since [v1.8]
|
||||
*/
|
||||
public function index(FilterRequest $request): JsonResponse|array
|
||||
public function index(Request $request): JsonResponse|array
|
||||
{
|
||||
$this->authorize('view', Asset::class);
|
||||
|
||||
$maintenances = Maintenance::select('maintenances.*')
|
||||
->whereHas('asset')
|
||||
->with('asset', 'asset.model', 'asset.location', 'asset.defaultLoc', 'supplier', 'asset.company', 'asset.status', 'adminuser', 'asset.assignedTo', 'maintenanceType', 'responsibleParty', 'completedByUser');
|
||||
->with('asset', 'asset.model', 'asset.location', 'asset.defaultLoc', 'supplier', 'asset.company', 'asset.assetstatus', 'adminuser');
|
||||
|
||||
// This invokes the Searchable model trait scopeTextSearch and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$maintenances->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
if ($request->filled('search')) {
|
||||
$maintenances = $maintenances->TextSearch($request->input('search'));
|
||||
}
|
||||
|
||||
if ($request->filled('asset_id')) {
|
||||
@@ -66,53 +58,22 @@ class MaintenancesController extends Controller
|
||||
$maintenances->where('maintenances.url', '=', $request->input('url'));
|
||||
}
|
||||
|
||||
if ($request->filled('maintenance_type')) {
|
||||
$maintenances->where('maintenance_type', '=', $request->input('maintenance_type'));
|
||||
}
|
||||
|
||||
if ($request->filled('maintenance_type_id')) {
|
||||
$maintenances->where('maintenance_type_id', '=', $request->input('maintenance_type_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('responsible_party_id')) {
|
||||
$maintenances->where('responsible_party_id', '=', $request->input('responsible_party_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('completed')) {
|
||||
if ($request->input('completed') === 'true') {
|
||||
$maintenances->completed();
|
||||
} else {
|
||||
$maintenances->active();
|
||||
}
|
||||
}
|
||||
|
||||
if ($request->filled('upcoming_status')) {
|
||||
$settings = Setting::getSettings();
|
||||
switch ($request->input('upcoming_status')) {
|
||||
case 'due':
|
||||
$maintenances->dueForCompletion($settings);
|
||||
break;
|
||||
case 'overdue':
|
||||
$maintenances->overdueForCompletion();
|
||||
break;
|
||||
case 'due-or-overdue':
|
||||
$maintenances->dueOrOverdueForCompletion($settings);
|
||||
break;
|
||||
}
|
||||
if ($request->filled('asset_maintenance_type')) {
|
||||
$maintenances->where('asset_maintenance_type', '=', $request->input('asset_maintenance_type'));
|
||||
}
|
||||
|
||||
// Make sure the offset and limit are actually integers and do not exceed system limits
|
||||
$offset = ($request->input('offset') > $maintenances->count()) ? $maintenances->count() : app('api_offset_value');
|
||||
$offset = ($request->input('offset') > $maintenances->count()) ? $maintenances->count() : abs($request->input('offset'));
|
||||
$limit = app('api_limit_value');
|
||||
|
||||
$allowed_columns = [
|
||||
'id',
|
||||
'name',
|
||||
'asset_maintenance_time',
|
||||
'asset_maintenance_type',
|
||||
'cost',
|
||||
'start_date',
|
||||
'completion_date',
|
||||
'completed_at',
|
||||
'notes',
|
||||
'asset_tag',
|
||||
'asset_name',
|
||||
@@ -124,7 +85,6 @@ class MaintenancesController extends Controller
|
||||
'status_label',
|
||||
'model',
|
||||
'model_number',
|
||||
'maintenance_type',
|
||||
];
|
||||
|
||||
$order = $request->input('order') === 'asc' ? 'asc' : 'desc';
|
||||
@@ -132,37 +92,31 @@ class MaintenancesController extends Controller
|
||||
|
||||
switch ($sort) {
|
||||
case 'created_by':
|
||||
$maintenances = $maintenances->orderByCreatedBy($order);
|
||||
$maintenances = $maintenances->OrderByCreatedBy($order);
|
||||
break;
|
||||
case 'supplier':
|
||||
$maintenances = $maintenances->orderBySupplier($order);
|
||||
$maintenances = $maintenances->OrderBySupplier($order);
|
||||
break;
|
||||
case 'asset_tag':
|
||||
$maintenances = $maintenances->orderByTag($order);
|
||||
$maintenances = $maintenances->OrderByTag($order);
|
||||
break;
|
||||
case 'asset_name':
|
||||
$maintenances = $maintenances->orderByAssetName($order);
|
||||
$maintenances = $maintenances->OrderByAssetName($order);
|
||||
break;
|
||||
case 'model':
|
||||
$maintenances = $maintenances->orderByAssetModelName($order);
|
||||
$maintenances = $maintenances->OrderByAssetModelName($order);
|
||||
break;
|
||||
case 'model_number':
|
||||
$maintenances = $maintenances->orderByAssetModelNumber($order);
|
||||
$maintenances = $maintenances->OrderByAssetModelNumber($order);
|
||||
break;
|
||||
case 'serial':
|
||||
$maintenances = $maintenances->orderByAssetSerial($order);
|
||||
$maintenances = $maintenances->OrderByAssetSerial($order);
|
||||
break;
|
||||
case 'location':
|
||||
$maintenances = $maintenances->orderLocationName($order);
|
||||
$maintenances = $maintenances->OrderLocationName($order);
|
||||
break;
|
||||
case 'status_label':
|
||||
$maintenances = $maintenances->orderStatusName($order);
|
||||
break;
|
||||
case 'maintenance_type':
|
||||
$maintenances = $maintenances->orderByMaintenanceType($order);
|
||||
break;
|
||||
case 'completed_at':
|
||||
$maintenances = $maintenances->orderByCompletedAt($order);
|
||||
$maintenances = $maintenances->OrderStatusName($order);
|
||||
break;
|
||||
default:
|
||||
$maintenances = $maintenances->orderBy($sort, $order);
|
||||
@@ -172,10 +126,6 @@ class MaintenancesController extends Controller
|
||||
$total = $maintenances->count();
|
||||
$maintenances = $maintenances->skip($offset)->take($limit)->get();
|
||||
|
||||
if (request()->input('format') == 'flat') {
|
||||
return (new MaintenancesTransformer)->transformMaintenancesFlat($maintenances, $total);
|
||||
}
|
||||
|
||||
return (new MaintenancesTransformer)->transformMaintenances($maintenances, $total);
|
||||
|
||||
}
|
||||
@@ -195,60 +145,19 @@ class MaintenancesController extends Controller
|
||||
{
|
||||
$this->authorize('update', Asset::class);
|
||||
|
||||
$isBulk = $request->has('asset_ids');
|
||||
$assetIds = $isBulk
|
||||
? array_values(array_filter((array) $request->input('asset_ids')))
|
||||
: [$request->input('asset_id')];
|
||||
// create a new model instance
|
||||
$maintenance = new Maintenance;
|
||||
$maintenance->fill($request->all());
|
||||
$maintenance->created_by = auth()->id();
|
||||
$maintenance = $request->handleImages($maintenance);
|
||||
// Was the asset maintenance created?
|
||||
if ($maintenance->save()) {
|
||||
return response()->json(Helper::formatStandardApiResponse('success', $maintenance, trans('admin/maintenances/message.create.success')));
|
||||
|
||||
$created = new EloquentCollection;
|
||||
$errors = [];
|
||||
|
||||
foreach ($assetIds as $assetId) {
|
||||
$asset = Asset::find($assetId);
|
||||
|
||||
if (! $asset) {
|
||||
$errors[] = trans('general.item_not_found', ['item_type' => trans('general.asset'), 'id' => $assetId]);
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if (! Company::isCurrentUserHasAccess($asset)) {
|
||||
$errors[] = trans('general.action_permission_denied', ['item_type' => trans('general.asset'), 'id' => $assetId, 'action' => trans('general.create')]);
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
$maintenance = new Maintenance;
|
||||
$maintenance->fill($request->except(['asset_id', 'asset_ids']));
|
||||
$maintenance->asset_id = $assetId;
|
||||
$maintenance->created_by = auth()->id();
|
||||
$request->handleImages($maintenance);
|
||||
|
||||
if ($maintenance->save()) {
|
||||
$created->push($maintenance->fresh());
|
||||
} else {
|
||||
$errors[] = $maintenance->getErrors();
|
||||
}
|
||||
}
|
||||
|
||||
if ($isBulk) {
|
||||
if ($created->isEmpty()) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, count($errors) === 1 ? $errors[0] : $errors));
|
||||
}
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, $maintenance->getErrors()));
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse(
|
||||
'success',
|
||||
(new MaintenancesTransformer)->transformMaintenances($created, $created->count()),
|
||||
trans('admin/maintenances/message.create.success')
|
||||
));
|
||||
}
|
||||
|
||||
// Single asset_id path — backward compatible response shape
|
||||
if ($created->isNotEmpty()) {
|
||||
return response()->json(Helper::formatStandardApiResponse('success', $created->first(), trans('admin/maintenances/message.create.success')));
|
||||
}
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, ! empty($errors) ? $errors[0] : null));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -269,34 +178,18 @@ class MaintenancesController extends Controller
|
||||
|
||||
if ($maintenance = Maintenance::with('asset')->find($id)) {
|
||||
|
||||
// The asset this maintenance is attached to is not valid or has been deleted
|
||||
if (! $maintenance->asset) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.item_not_found', ['item_type' => trans('general.asset'), 'id' => $id])));
|
||||
}
|
||||
|
||||
// Can this user manage the existing asset?
|
||||
// Can this user manage this asset?
|
||||
if (! Company::isCurrentUserHasAccess($maintenance->asset)) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.action_permission_denied', ['item_type' => trans('admin/maintenances/general.maintenance'), 'id' => $id, 'action' => trans('general.edit')])));
|
||||
}
|
||||
|
||||
// If the request changes asset_id, verify the new asset is accessible
|
||||
if ($request->filled('asset_id') && (int) $request->input('asset_id') !== $maintenance->asset_id) {
|
||||
$newAsset = Asset::find($request->input('asset_id'));
|
||||
|
||||
if (! $newAsset) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.item_not_found', ['item_type' => trans('general.asset'), 'id' => $request->input('asset_id')])));
|
||||
}
|
||||
|
||||
if (! Company::isCurrentUserHasAccess($newAsset)) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.action_permission_denied', ['item_type' => trans('general.asset'), 'id' => $request->input('asset_id'), 'action' => trans('general.edit')])), 403);
|
||||
}
|
||||
|
||||
$maintenance->fill($request->except('asset_id'));
|
||||
$maintenance->asset_id = $newAsset->id;
|
||||
} else {
|
||||
$maintenance->fill($request->except('asset_id'));
|
||||
// The asset this miantenance is attached to is not valid or has been deleted
|
||||
if (! $maintenance->asset) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.item_not_found', ['item_type' => trans('general.asset'), 'id' => $id])));
|
||||
}
|
||||
|
||||
$maintenance->fill($request->all());
|
||||
|
||||
if ($maintenance->save()) {
|
||||
return response()->json(Helper::formatStandardApiResponse('success', $maintenance, trans('admin/maintenances/message.edit.success')));
|
||||
}
|
||||
@@ -354,91 +247,4 @@ class MaintenancesController extends Controller
|
||||
return (new MaintenancesTransformer)->transformMaintenance($maintenance);
|
||||
|
||||
}
|
||||
|
||||
public function complete(Request $request, Maintenance $maintenance): JsonResponse
|
||||
{
|
||||
$this->authorize('update', Asset::class);
|
||||
|
||||
if (! Company::isCurrentUserHasAccess($maintenance->asset)) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.action_permission_denied', ['item_type' => trans('admin/maintenances/general.maintenance'), 'id' => $maintenance->id, 'action' => trans('admin/maintenances/form.mark_complete')])));
|
||||
}
|
||||
|
||||
if ($maintenance->completed_at) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/maintenances/form.already_complete')));
|
||||
}
|
||||
|
||||
$maintenance->completed_at = now();
|
||||
$maintenance->completed_by = auth()->id();
|
||||
$maintenance->asset_maintenance_time = (int) $maintenance->created_at->diffInDays(now(), true);
|
||||
$maintenance->saveQuietly();
|
||||
|
||||
$logAction = new Actionlog;
|
||||
$logAction->item_type = Maintenance::class;
|
||||
$logAction->item_id = $maintenance->id;
|
||||
$logAction->target_type = Asset::class;
|
||||
$logAction->target_id = $maintenance->asset_id;
|
||||
$logAction->created_by = auth()->id();
|
||||
$logAction->note = $request->input('note');
|
||||
$logAction->logaction(ActionType::MaintenanceComplete);
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('success', (new MaintenancesTransformer)->transformMaintenance($maintenance->fresh()), trans('admin/maintenances/message.complete.success')));
|
||||
}
|
||||
|
||||
public function history(Request $request, Maintenance $maintenance): JsonResponse|array
|
||||
{
|
||||
$this->authorize('history', $maintenance);
|
||||
$historyQuery = $maintenance->getHistory($request);
|
||||
$total = (clone $historyQuery)->count();
|
||||
$offset = ($request->input('offset') > $total) ? $total : app('api_offset_value');
|
||||
$limit = app('api_limit_value');
|
||||
$history = (clone $historyQuery)->skip($offset)->take($limit)->get();
|
||||
|
||||
return response()->json((new ActionlogsTransformer)->transformActionlogs($history, $total), 200, ['Content-Type' => 'application/json;charset=utf8'], JSON_UNESCAPED_UNICODE);
|
||||
}
|
||||
|
||||
public function notesIndex(Maintenance $maintenance): JsonResponse
|
||||
{
|
||||
$this->authorize('journal', $maintenance);
|
||||
|
||||
$notes = Actionlog::with('user:id,username')
|
||||
->where('item_type', Maintenance::class)
|
||||
->where('item_id', $maintenance->id)
|
||||
->where('action_type', 'note added')
|
||||
->orderBy('created_at', 'desc')
|
||||
->get(['id', 'created_at', 'note', 'created_by', 'item_id', 'item_type', 'action_type']);
|
||||
|
||||
$notesArray = $notes->map(fn ($note) => [
|
||||
'id' => $note->id,
|
||||
'created_at' => $note->created_at,
|
||||
'note' => $note->note,
|
||||
'created_by' => $note->created_by,
|
||||
'username' => $note->user?->username,
|
||||
'item_id' => $note->item_id,
|
||||
'item_type' => $note->item_type,
|
||||
'action_type' => $note->action_type,
|
||||
]);
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('success', ['notes' => $notesArray, 'maintenance_id' => $maintenance->id]));
|
||||
}
|
||||
|
||||
public function notesStore(Request $request, Maintenance $maintenance): JsonResponse
|
||||
{
|
||||
$this->authorize('update', $maintenance);
|
||||
|
||||
if (! $request->filled('note')) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('validation.required', ['attribute' => 'note'])), 422);
|
||||
}
|
||||
|
||||
$logaction = new Actionlog;
|
||||
$logaction->item_type = Maintenance::class;
|
||||
$logaction->created_by = auth()->id();
|
||||
$logaction->item_id = $maintenance->id;
|
||||
$logaction->note = $request->input('note');
|
||||
|
||||
if ($logaction->logaction('note added')) {
|
||||
return response()->json(Helper::formatStandardApiResponse('success', ['note' => $logaction->note, 'item_id' => $maintenance->id], trans('general.note_added')));
|
||||
}
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, 'Something went wrong'), 500);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,7 +6,6 @@ use App\Actions\Manufacturers\DeleteManufacturerAction;
|
||||
use App\Exceptions\ItemStillHasChildren;
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\FilterRequest;
|
||||
use App\Http\Requests\ImageUploadRequest;
|
||||
use App\Http\Transformers\ManufacturersTransformer;
|
||||
use App\Http\Transformers\SelectlistTransformer;
|
||||
@@ -29,7 +28,7 @@ class ManufacturersController extends Controller
|
||||
*
|
||||
* @return Response
|
||||
*/
|
||||
public function index(FilterRequest $request): JsonResponse|array
|
||||
public function index(Request $request): JsonResponse|array
|
||||
{
|
||||
$this->authorize('view', Manufacturer::class);
|
||||
$allowed_columns = [
|
||||
@@ -82,9 +81,8 @@ class ManufacturersController extends Controller
|
||||
$manufacturers->onlyTrashed();
|
||||
}
|
||||
|
||||
// This invokes the Searchable model trait scopeTextSearch and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$manufacturers->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
if ($request->filled('search')) {
|
||||
$manufacturers = $manufacturers->TextSearch($request->input('search'));
|
||||
}
|
||||
|
||||
if ($request->filled('name')) {
|
||||
|
||||
@@ -6,9 +6,6 @@ use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Transformers\PredefinedKitsTransformer;
|
||||
use App\Http\Transformers\SelectlistTransformer;
|
||||
use App\Models\Accessory;
|
||||
use App\Models\Consumable;
|
||||
use App\Models\License;
|
||||
use App\Models\PredefinedKit;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
@@ -186,9 +183,6 @@ class PredefinedKitsController extends Controller
|
||||
}
|
||||
|
||||
$license_id = $request->input('license');
|
||||
$license = License::findOrFail($license_id);
|
||||
$this->authorize('view', $license);
|
||||
|
||||
$relation = $kit->licenses();
|
||||
if ($relation->find($license_id)) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, ['license' => trans('admin/kits/general.license_error')]));
|
||||
@@ -335,9 +329,6 @@ class PredefinedKitsController extends Controller
|
||||
}
|
||||
|
||||
$consumable_id = $request->input('consumable');
|
||||
$consumable = Consumable::findOrFail($consumable_id);
|
||||
$this->authorize('view', $consumable);
|
||||
|
||||
$relation = $kit->consumables();
|
||||
if ($relation->find($consumable_id)) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, ['consumable' => trans('admin/kits/general.consumable_error')]));
|
||||
@@ -411,9 +402,6 @@ class PredefinedKitsController extends Controller
|
||||
}
|
||||
|
||||
$accessory_id = $request->input('accessory');
|
||||
$accessory = Accessory::findOrFail($accessory_id);
|
||||
$this->authorize('view', $accessory);
|
||||
|
||||
$relation = $kit->accessories();
|
||||
if ($relation->find($accessory_id)) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, ['accessory' => trans('admin/kits/general.accessory_error')]));
|
||||
|
||||
@@ -2,23 +2,11 @@
|
||||
|
||||
namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\FilterRequest;
|
||||
use App\Http\Transformers\ActionlogsTransformer;
|
||||
use App\Models\Accessory;
|
||||
use App\Models\Actionlog;
|
||||
use App\Models\Asset;
|
||||
use App\Models\Component;
|
||||
use App\Models\Consumable;
|
||||
use App\Models\License;
|
||||
use App\Models\LicenseSeat;
|
||||
use App\Models\Maintenance;
|
||||
use App\Models\User;
|
||||
use Carbon\Carbon;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
|
||||
class ReportsController extends Controller
|
||||
{
|
||||
@@ -29,54 +17,32 @@ class ReportsController extends Controller
|
||||
*
|
||||
* @since [v4.0]
|
||||
*/
|
||||
public function index(FilterRequest $request): JsonResponse|array
|
||||
public function index(Request $request): JsonResponse|array
|
||||
{
|
||||
|
||||
// If the user doesn't have permission to view the item or the target,
|
||||
// then they shouldn't be able to see the activity log for that item or target,
|
||||
// but if they have the general activity view permission,
|
||||
// then they can see all activity logs regardless of the item or target.
|
||||
if ((! Gate::allows('activity.view')) && (($request->filled('target_type') && $request->filled('target_id')) || ($request->filled('item_type') && $request->filled('item_id')))) {
|
||||
|
||||
if (($request->filled('target_type')) && ($request->filled('target_id'))) {
|
||||
$targetClass = Helper::normalizeFullModelName(request()->input('target_type'));
|
||||
$target = $targetClass::withTrashed()->find(request()->input('target_id'));
|
||||
$this->authorize('view', $target ?? $targetClass);
|
||||
}
|
||||
|
||||
if (($request->filled('item_type')) && ($request->filled('item_id'))) {
|
||||
$itemClass = Helper::normalizeFullModelName(request()->input('item_type'));
|
||||
$item = $itemClass::withTrashed()->find(request()->input('item_id'));
|
||||
$this->authorize('view', $item ?? $itemClass);
|
||||
}
|
||||
|
||||
} else {
|
||||
$this->authorize('activity.view');
|
||||
}
|
||||
$this->authorize('activity.view');
|
||||
|
||||
$actionlogs = Actionlog::with('item', 'user', 'adminuser', 'target', 'location');
|
||||
|
||||
if ($request->filled('search')) {
|
||||
$actionlogs = $actionlogs->TextSearch(e($request->input('search')));
|
||||
}
|
||||
|
||||
if (($request->filled('target_type')) && ($request->filled('target_id'))) {
|
||||
$actionlogs = $actionlogs->where('target_id', '=', $request->input('target_id'))
|
||||
->where('target_type', '=', Helper::normalizeFullModelName($request->input('target_type')));
|
||||
->where('target_type', '=', 'App\\Models\\'.ucwords($request->input('target_type')));
|
||||
}
|
||||
|
||||
if (($request->filled('item_type')) && ($request->filled('item_id'))) {
|
||||
$actionlogs = $actionlogs->where(function ($query) use ($request) {
|
||||
$query->where('item_id', '=', $request->input('item_id'))
|
||||
->where('item_type', '=', Helper::normalizeFullModelName($request->input('item_type')))
|
||||
->where('item_type', '=', 'App\\Models\\'.ucwords($request->input('item_type')))
|
||||
->orWhere(function ($query) use ($request) {
|
||||
$query->where('target_id', '=', $request->input('item_id'))
|
||||
->where('target_type', '=', Helper::normalizeFullModelName($request->input('item_type')));
|
||||
->where('target_type', '=', 'App\\Models\\'.ucwords($request->input('item_type')));
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
// This invokes the Searchable model trait scopeTextSearch and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$actionlogs->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
}
|
||||
|
||||
if ($request->filled('action_type')) {
|
||||
$actionlogs = $actionlogs->where('action_type', '=', $request->input('action_type'));
|
||||
}
|
||||
@@ -133,143 +99,5 @@ class ReportsController extends Controller
|
||||
$actionlogs = $actionlogs->skip($offset)->take($limit)->get();
|
||||
|
||||
return response()->json((new ActionlogsTransformer)->transformActionlogs($actionlogs, $total), 200, ['Content-Type' => 'application/json;charset=utf8'], JSON_UNESCAPED_UNICODE);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns time-series data for the reports overview charts.
|
||||
*
|
||||
* Accepts ?days=N (preset, default 30) OR ?start_date=YYYY-MM-DD&end_date=YYYY-MM-DD.
|
||||
* Also returns the immediately preceding period of equal length for comparison lines.
|
||||
*/
|
||||
public function activityChart(Request $request): JsonResponse
|
||||
{
|
||||
$this->authorize('reports.view');
|
||||
|
||||
$allowedDays = [7, 14, 30, 60, 90, 180, 365];
|
||||
|
||||
if ($request->filled('start_date') && $request->filled('end_date')) {
|
||||
$curStart = Carbon::parse($request->input('start_date'))->startOfDay();
|
||||
$curEnd = Carbon::parse($request->input('end_date'))->endOfDay();
|
||||
if ($curEnd->lt($curStart)) {
|
||||
[$curStart, $curEnd] = [$curEnd, $curStart];
|
||||
}
|
||||
$days = max(1, (int) $curStart->diffInDays($curEnd) + 1);
|
||||
} else {
|
||||
$days = in_array((int) $request->input('days'), $allowedDays) ? (int) $request->input('days') : 30;
|
||||
$curEnd = Carbon::today()->endOfDay();
|
||||
$curStart = Carbon::today()->subDays($days - 1)->startOfDay();
|
||||
}
|
||||
|
||||
$prevEnd = $curStart->copy()->subSecond()->endOfDay();
|
||||
$prevStart = $prevEnd->copy()->subDays($days - 1)->startOfDay();
|
||||
|
||||
$buildDates = function (Carbon $start, Carbon $end): array {
|
||||
$dates = [];
|
||||
for ($d = $start->copy(); $d->lte($end); $d->addDay()) {
|
||||
$dates[] = $d->toDateString();
|
||||
}
|
||||
|
||||
return $dates;
|
||||
};
|
||||
|
||||
$curDates = $buildDates($curStart, $curEnd);
|
||||
$prevDates = $buildDates($prevStart, $prevEnd);
|
||||
|
||||
$pluckAction = function (string $actionType, Carbon $start, Carbon $end): array {
|
||||
return Actionlog::where('action_type', $actionType)
|
||||
->whereBetween('created_at', [$start, $end])
|
||||
->selectRaw('DATE(created_at) as date, COUNT(*) as count')
|
||||
->groupBy('date')
|
||||
->pluck('count', 'date')
|
||||
->toArray();
|
||||
};
|
||||
|
||||
// withTrashed() ensures records deleted after creation still appear in their creation-period counts.
|
||||
$pluckCreated = function (string $modelClass, Carbon $start, Carbon $end): array {
|
||||
return $modelClass::withTrashed()
|
||||
->whereBetween('created_at', [$start, $end])
|
||||
->selectRaw('DATE(created_at) as date, COUNT(*) as count')
|
||||
->groupBy('date')
|
||||
->pluck('count', 'date')
|
||||
->toArray();
|
||||
};
|
||||
|
||||
// Maintenance has no company_id column and no CompanyableTrait, so scope through
|
||||
// its asset relationship — whereHas('asset') applies Asset's FMCS global scope.
|
||||
$pluckMaintenances = function (Carbon $start, Carbon $end): array {
|
||||
return Maintenance::withTrashed()
|
||||
->whereHas('asset')
|
||||
->whereBetween('maintenances.created_at', [$start, $end])
|
||||
->selectRaw('DATE(maintenances.created_at) as date, COUNT(*) as count')
|
||||
->groupBy('date')
|
||||
->pluck('count', 'date')
|
||||
->toArray();
|
||||
};
|
||||
|
||||
// Filters by both action_type and item_type for per-category checkout/checkin counts.
|
||||
$pluckActionByType = function (string $actionType, string $modelClass, Carbon $start, Carbon $end): array {
|
||||
return Actionlog::where('action_type', $actionType)
|
||||
->where('item_type', $modelClass)
|
||||
->whereBetween('created_at', [$start, $end])
|
||||
->selectRaw('DATE(created_at) as date, COUNT(*) as count')
|
||||
->groupBy('date')
|
||||
->pluck('count', 'date')
|
||||
->toArray();
|
||||
};
|
||||
|
||||
$pluckDeletedUsers = function (Carbon $start, Carbon $end): array {
|
||||
return User::withTrashed()
|
||||
->whereNotNull('deleted_at')
|
||||
->whereBetween('deleted_at', [$start, $end])
|
||||
->selectRaw('DATE(deleted_at) as date, COUNT(*) as count')
|
||||
->groupBy('date')
|
||||
->pluck('count', 'date')
|
||||
->toArray();
|
||||
};
|
||||
|
||||
// Catches both 'checkin' and 'checkin from' action types used across different item types.
|
||||
$pluckCheckinsByType = function (string $modelClass, Carbon $start, Carbon $end): array {
|
||||
return Actionlog::whereIn('action_type', ['checkin', 'checkin from'])
|
||||
->where('item_type', $modelClass)
|
||||
->whereBetween('created_at', [$start, $end])
|
||||
->selectRaw('DATE(created_at) as date, COUNT(*) as count')
|
||||
->groupBy('date')
|
||||
->pluck('count', 'date')
|
||||
->toArray();
|
||||
};
|
||||
|
||||
$fill = fn (array $raw, array $dates) => array_map(fn ($d) => (int) ($raw[$d] ?? 0), $dates);
|
||||
|
||||
$datasets = [];
|
||||
foreach ([
|
||||
'new_users' => fn ($s, $e) => $pluckCreated(User::class, $s, $e),
|
||||
'deleted_users' => fn ($s, $e) => $pluckDeletedUsers($s, $e),
|
||||
'asset_checkouts' => fn ($s, $e) => $pluckActionByType('checkout', Asset::class, $s, $e),
|
||||
'asset_checkins' => fn ($s, $e) => $pluckCheckinsByType(Asset::class, $s, $e),
|
||||
'new_assets' => fn ($s, $e) => $pluckCreated(Asset::class, $s, $e),
|
||||
'new_maintenances' => fn ($s, $e) => $pluckMaintenances($s, $e),
|
||||
'new_audits' => fn ($s, $e) => $pluckAction('audit', $s, $e),
|
||||
'component_checkouts' => fn ($s, $e) => $pluckActionByType('checkout', Component::class, $s, $e),
|
||||
'component_checkins' => fn ($s, $e) => $pluckCheckinsByType(Component::class, $s, $e),
|
||||
'new_components' => fn ($s, $e) => $pluckCreated(Component::class, $s, $e),
|
||||
'consumable_checkouts' => fn ($s, $e) => $pluckActionByType('checkout', Consumable::class, $s, $e),
|
||||
'consumable_checkins' => fn ($s, $e) => $pluckCheckinsByType(Consumable::class, $s, $e),
|
||||
'new_consumables' => fn ($s, $e) => $pluckCreated(Consumable::class, $s, $e),
|
||||
'license_checkouts' => fn ($s, $e) => $pluckActionByType('checkout', LicenseSeat::class, $s, $e),
|
||||
'license_checkins' => fn ($s, $e) => $pluckCheckinsByType(LicenseSeat::class, $s, $e),
|
||||
'new_licenses' => fn ($s, $e) => $pluckCreated(License::class, $s, $e),
|
||||
'accessory_checkouts' => fn ($s, $e) => $pluckActionByType('checkout', Accessory::class, $s, $e),
|
||||
'accessory_checkins' => fn ($s, $e) => $pluckCheckinsByType(Accessory::class, $s, $e),
|
||||
'new_accessories' => fn ($s, $e) => $pluckCreated(Accessory::class, $s, $e),
|
||||
] as $key => $query) {
|
||||
$datasets[$key] = $fill($query($curStart, $curEnd), $curDates);
|
||||
$datasets['prev_'.$key] = $fill($query($prevStart, $prevEnd), $prevDates);
|
||||
}
|
||||
|
||||
return response()->json(array_merge([
|
||||
'labels' => array_map(fn ($d) => Carbon::parse($d)->format('M j'), $curDates),
|
||||
'prev_label' => $prevStart->format('M j').' – '.$prevEnd->format('M j'),
|
||||
], $datasets));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -162,13 +162,6 @@ class SettingsController extends Controller
|
||||
public function ajaxTestEmail(): JsonResponse
|
||||
{
|
||||
if (! config('app.lock_passwords')) {
|
||||
|
||||
if (config('mail.reply_to.address') == '') {
|
||||
Log::debug('MAIL_REPLYTO_ADDR not set in env. Skipping mail test.');
|
||||
|
||||
return response()->json(['message' => trans('admin/settings/general.mail_test_no_email')], 403);
|
||||
}
|
||||
|
||||
try {
|
||||
Notification::send(Setting::first(), new MailTest);
|
||||
Log::debug('Attempting to sending to '.config('mail.reply_to.address'));
|
||||
@@ -293,11 +286,6 @@ class SettingsController extends Controller
|
||||
*/
|
||||
public function downloadBackup($file): JsonResponse|BinaryFileResponse
|
||||
{
|
||||
$file = $this->sanitizeBackupFilename($file);
|
||||
|
||||
if ($file === null) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.file_not_found')), 404);
|
||||
}
|
||||
|
||||
$path = storage_path('app/backups');
|
||||
|
||||
@@ -341,21 +329,4 @@ class SettingsController extends Controller
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
private function sanitizeBackupFilename(mixed $filename): ?string
|
||||
{
|
||||
$filename = trim((string) $filename);
|
||||
|
||||
if ($filename === '' || str_contains($filename, "\0")) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$sanitized = basename($filename);
|
||||
|
||||
if (($sanitized === '') || ($sanitized === '.') || ($sanitized === '..')) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return ($sanitized === $filename) ? $sanitized : null;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,7 +4,6 @@ namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\FilterRequest;
|
||||
use App\Http\Transformers\AssetsTransformer;
|
||||
use App\Http\Transformers\PieChartTransformer;
|
||||
use App\Http\Transformers\SelectlistTransformer;
|
||||
@@ -24,7 +23,7 @@ class StatuslabelsController extends Controller
|
||||
*
|
||||
* @since [v4.0]
|
||||
*/
|
||||
public function index(FilterRequest $request): array
|
||||
public function index(Request $request): array
|
||||
{
|
||||
$this->authorize('view', Statuslabel::class);
|
||||
$allowed_columns = [
|
||||
@@ -39,9 +38,8 @@ class StatuslabelsController extends Controller
|
||||
|
||||
$statuslabels = Statuslabel::with('adminuser')->withCount('assets as assets_count');
|
||||
|
||||
// This invokes the Searchable model trait scopeTextSearch and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$statuslabels->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
if ($request->filled('search')) {
|
||||
$statuslabels = $statuslabels->TextSearch($request->input('search'));
|
||||
}
|
||||
|
||||
if ($request->filled('name')) {
|
||||
|
||||
@@ -11,7 +11,6 @@ use App\Exceptions\ItemStillHasLicenses;
|
||||
use App\Exceptions\ItemStillHasMaintenances;
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\FilterRequest;
|
||||
use App\Http\Requests\ImageUploadRequest;
|
||||
use App\Http\Transformers\SelectlistTransformer;
|
||||
use App\Http\Transformers\SuppliersTransformer;
|
||||
@@ -32,7 +31,7 @@ class SuppliersController extends Controller
|
||||
*
|
||||
* @return Response
|
||||
*/
|
||||
public function index(FilterRequest $request): array
|
||||
public function index(Request $request): array
|
||||
{
|
||||
$this->authorize('view', Supplier::class);
|
||||
$allowed_columns = [
|
||||
@@ -68,9 +67,8 @@ class SuppliersController extends Controller
|
||||
->withCount('consumables as consumables_count')
|
||||
->with('adminuser');
|
||||
|
||||
// This invokes the Searchable model trait scopeTextSearch and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$suppliers->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
if ($request->filled('search')) {
|
||||
$suppliers->TextSearch($request->input('search'));
|
||||
}
|
||||
|
||||
if ($request->filled('name')) {
|
||||
|
||||
@@ -32,7 +32,7 @@ class UploadedFilesController extends Controller
|
||||
|
||||
// Check the permissions to make sure the user can view the object
|
||||
$object = self::$map_object_type[$object_type]::withTrashed()->find($id);
|
||||
$this->authorize('files', $object);
|
||||
$this->authorize('view', $object);
|
||||
|
||||
if (! $object) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.file_upload_status.invalid_object')));
|
||||
@@ -52,7 +52,7 @@ class UploadedFilesController extends Controller
|
||||
$uploads = self::$map_object_type[$object_type]::withTrashed()->find($id)->uploads()
|
||||
->with('adminuser');
|
||||
|
||||
$offset = ($request->input('offset') > $uploads->count()) ? $uploads->count() : app('api_offset_value');
|
||||
$offset = ($request->input('offset') > $uploads->count()) ? $uploads->count() : abs($request->input('offset'));
|
||||
$limit = app('api_limit_value');
|
||||
$order = $request->input('order') === 'asc' ? 'asc' : 'desc';
|
||||
$sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
|
||||
@@ -91,7 +91,7 @@ class UploadedFilesController extends Controller
|
||||
|
||||
// Check the permissions to make sure the user can view the object
|
||||
$object = self::$map_object_type[$object_type]::withTrashed()->find($id);
|
||||
$this->authorize('files', $object);
|
||||
$this->authorize('update', $object);
|
||||
|
||||
if (! $object) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.file_upload_status.invalid_object')));
|
||||
@@ -141,7 +141,7 @@ class UploadedFilesController extends Controller
|
||||
{
|
||||
// Check the permissions to make sure the user can view the object
|
||||
$object = self::$map_object_type[$object_type]::withTrashed()->find($id);
|
||||
$this->authorize('files', $object);
|
||||
$this->authorize('view', $object);
|
||||
|
||||
if (! $object) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.file_upload_status.invalid_object')));
|
||||
@@ -153,7 +153,7 @@ class UploadedFilesController extends Controller
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.file_upload_status.invalid_id')), 200);
|
||||
}
|
||||
|
||||
if (! Storage::exists(self::$map_storage_path[$object_type].$log->filename)) {
|
||||
if (! Storage::exists(self::$map_storage_path[$object_type].'/'.$log->filename)) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.file_upload_status.file_not_found'), 200));
|
||||
}
|
||||
|
||||
@@ -162,10 +162,10 @@ class UploadedFilesController extends Controller
|
||||
'Content-Disposition' => 'inline',
|
||||
];
|
||||
|
||||
return Storage::download(self::$map_storage_path[$object_type].$log->filename, $log->filename, $headers);
|
||||
return Storage::download(self::$map_storage_path[$object_type].'/'.$log->filename, $log->filename, $headers);
|
||||
}
|
||||
|
||||
return StorageHelper::downloader(self::$map_storage_path[$object_type].$log->filename);
|
||||
return StorageHelper::downloader(self::$map_storage_path[$object_type].'/'.$log->filename);
|
||||
|
||||
}
|
||||
|
||||
@@ -186,7 +186,7 @@ class UploadedFilesController extends Controller
|
||||
|
||||
// Check the permissions to make sure the user can view the object
|
||||
$object = self::$map_object_type[$object_type]::withTrashed()->find($id);
|
||||
$this->authorize('files', $object);
|
||||
$this->authorize('update', $object);
|
||||
|
||||
if (! $object) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.file_upload_status.invalid_object')));
|
||||
@@ -202,8 +202,8 @@ class UploadedFilesController extends Controller
|
||||
|
||||
if ($log) {
|
||||
// Check the file actually exists, and delete it
|
||||
if (Storage::exists(self::$map_storage_path[$object_type].$log->filename)) {
|
||||
Storage::delete(self::$map_storage_path[$object_type].$log->filename);
|
||||
if (Storage::exists(self::$map_storage_path[$object_type].'/'.$log->filename)) {
|
||||
Storage::delete(self::$map_storage_path[$object_type].'/'.$log->filename);
|
||||
}
|
||||
// Delete the record of the file
|
||||
if ($log->logUploadDelete($object, $log->filename)) {
|
||||
|
||||
@@ -2,8 +2,6 @@
|
||||
|
||||
namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Actions\Permissions\NormalizePermissionsPayloadAction;
|
||||
use App\Actions\Permissions\PreserveUnauthorizedPrivilegedPermissionsAction;
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\DeleteUserRequest;
|
||||
@@ -22,7 +20,6 @@ use App\Models\Asset;
|
||||
use App\Models\Company;
|
||||
use App\Models\Consumable;
|
||||
use App\Models\License;
|
||||
use App\Models\Setting;
|
||||
use App\Models\User;
|
||||
use App\Notifications\CurrentInventory;
|
||||
use App\Notifications\WelcomeNotification;
|
||||
@@ -52,6 +49,7 @@ class UsersController extends Controller
|
||||
'users.address',
|
||||
'users.avatar',
|
||||
'users.city',
|
||||
'users.company_id',
|
||||
'users.country',
|
||||
'users.created_by',
|
||||
'users.created_at',
|
||||
@@ -89,7 +87,7 @@ class UsersController extends Controller
|
||||
])->with('manager')
|
||||
->with('groups')
|
||||
->with('userloc')
|
||||
->with('companies')
|
||||
->with('company')
|
||||
->with('department')
|
||||
->with('createdBy')
|
||||
->withCount([
|
||||
@@ -108,7 +106,6 @@ class UsersController extends Controller
|
||||
'last_name',
|
||||
'first_name',
|
||||
'display_name',
|
||||
'email',
|
||||
'jobtitle',
|
||||
'username',
|
||||
'employee_num',
|
||||
@@ -125,13 +122,6 @@ class UsersController extends Controller
|
||||
'accessories_count',
|
||||
'manages_users_count',
|
||||
'manages_locations_count',
|
||||
'phone',
|
||||
'mobile',
|
||||
'address',
|
||||
'city',
|
||||
'state',
|
||||
'country',
|
||||
'zip',
|
||||
'id',
|
||||
'ldap_import',
|
||||
'two_factor_optin',
|
||||
@@ -141,7 +131,6 @@ class UsersController extends Controller
|
||||
'start_date',
|
||||
'end_date',
|
||||
'autoassign_licenses',
|
||||
'website',
|
||||
'locale',
|
||||
'notes',
|
||||
'employee_num',
|
||||
@@ -158,6 +147,21 @@ class UsersController extends Controller
|
||||
|
||||
];
|
||||
|
||||
// Do not even request these fields if the requesting user cannot manage user contact info
|
||||
if (auth()->user()->can('manageContactInfo')) {
|
||||
array_push($allowed_columns,
|
||||
'address',
|
||||
'city',
|
||||
'country',
|
||||
'email',
|
||||
'mobile',
|
||||
'phone',
|
||||
'state',
|
||||
'website',
|
||||
'zip',
|
||||
);
|
||||
}
|
||||
|
||||
$filter = [];
|
||||
|
||||
if ($request->filled('filter')) {
|
||||
@@ -173,9 +177,10 @@ class UsersController extends Controller
|
||||
|
||||
}
|
||||
|
||||
// This invokes the Searchable model trait scopeTextSearch and will handle input by search or by advanced search filter
|
||||
if ($request->filled('filter') || $request->filled('search')) {
|
||||
$users->TextSearch($request->input('filter') ? $request->input('filter') : $request->input('search'));
|
||||
if ((! is_null($filter)) && (count($filter)) > 0) {
|
||||
$users->ByFilter($filter);
|
||||
} elseif ($request->filled('search')) {
|
||||
$users->TextSearch($request->input('search'));
|
||||
}
|
||||
|
||||
if ($request->filled('activated')) {
|
||||
@@ -191,15 +196,39 @@ class UsersController extends Controller
|
||||
}
|
||||
|
||||
if ($request->filled('company_id')) {
|
||||
$users = $users->whereHas('companies', fn ($q) => $q->where('companies.id', $request->input('company_id')));
|
||||
$users = $users->where('users.company_id', '=', $request->input('company_id'));
|
||||
}
|
||||
|
||||
if ($request->filled('phone')) {
|
||||
$users = $users->where('users.phone', '=', $request->input('phone'));
|
||||
}
|
||||
// Check that the user can view contact info
|
||||
if (auth()->user()->can('manageContactInfo')) {
|
||||
|
||||
if ($request->filled('mobile')) {
|
||||
$users = $users->where('users.mobile', '=', $request->input('mobile'));
|
||||
if ($request->filled('phone')) {
|
||||
$users = $users->where('users.phone', '=', $request->input('phone'));
|
||||
}
|
||||
|
||||
if ($request->filled('mobile')) {
|
||||
$users = $users->where('users.mobile', '=', $request->input('mobile'));
|
||||
}
|
||||
|
||||
if ($request->filled('email')) {
|
||||
$users = $users->where('users.email', '=', $request->input('email'));
|
||||
}
|
||||
|
||||
if ($request->filled('state')) {
|
||||
$users = $users->where('users.state', '=', $request->input('state'));
|
||||
}
|
||||
|
||||
if ($request->filled('country')) {
|
||||
$users = $users->where('users.country', '=', $request->input('country'));
|
||||
}
|
||||
|
||||
if ($request->filled('website')) {
|
||||
$users = $users->where('users.website', '=', $request->input('website'));
|
||||
}
|
||||
|
||||
if ($request->filled('zip')) {
|
||||
$users = $users->where('users.zip', '=', $request->input('zip'));
|
||||
}
|
||||
}
|
||||
|
||||
if ($request->filled('location_id')) {
|
||||
@@ -210,10 +239,6 @@ class UsersController extends Controller
|
||||
$users = $users->where('users.created_by', '=', $request->input('created_by'));
|
||||
}
|
||||
|
||||
if ($request->filled('email')) {
|
||||
$users = $users->where('users.email', '=', $request->input('email'));
|
||||
}
|
||||
|
||||
if ($request->filled('username')) {
|
||||
$users = $users->where('users.username', '=', $request->input('username'));
|
||||
}
|
||||
@@ -234,22 +259,6 @@ class UsersController extends Controller
|
||||
$users = $users->where('users.employee_num', '=', $request->input('employee_num'));
|
||||
}
|
||||
|
||||
if ($request->filled('state')) {
|
||||
$users = $users->where('users.state', '=', $request->input('state'));
|
||||
}
|
||||
|
||||
if ($request->filled('country')) {
|
||||
$users = $users->where('users.country', '=', $request->input('country'));
|
||||
}
|
||||
|
||||
if ($request->filled('website')) {
|
||||
$users = $users->where('users.website', '=', $request->input('website'));
|
||||
}
|
||||
|
||||
if ($request->filled('zip')) {
|
||||
$users = $users->where('users.zip', '=', $request->input('zip'));
|
||||
}
|
||||
|
||||
if ($request->filled('group_id')) {
|
||||
$users = $users->ByGroup($request->input('group_id'));
|
||||
}
|
||||
@@ -380,45 +389,33 @@ class UsersController extends Controller
|
||||
*/
|
||||
public function selectlist(Request $request): array
|
||||
{
|
||||
$this->authorize('view.selectlists');
|
||||
|
||||
$users = User::select(
|
||||
[
|
||||
'users.id',
|
||||
'users.username',
|
||||
'users.employee_num',
|
||||
'users.first_name',
|
||||
'users.last_name',
|
||||
'users.display_name',
|
||||
'users.gravatar',
|
||||
'users.avatar',
|
||||
'users.email',
|
||||
]
|
||||
)->where('show_in_list', '=', '1');
|
||||
$select_array = [
|
||||
'users.id',
|
||||
'users.username',
|
||||
'users.employee_num',
|
||||
'users.first_name',
|
||||
'users.last_name',
|
||||
'users.display_name',
|
||||
'users.gravatar',
|
||||
'users.avatar',
|
||||
];
|
||||
|
||||
// When FMCS is enabled, automatically scope to companies the acting user belongs to.
|
||||
// scopeCompanyables is a no-op for superusers and when FMCS is disabled.
|
||||
$users = Company::scopeCompanyables($users, 'company_id', 'users');
|
||||
|
||||
// Allow further narrowing to a specific company passed via data-company-ids on the select.
|
||||
if ((Setting::getSettings()->full_multiple_companies_support == '1') && $request->filled('companyId')) {
|
||||
$companyIds = array_values(array_filter(array_map('intval', explode(',', $request->input('companyId')))));
|
||||
if (! empty($companyIds)) {
|
||||
$users = Company::scopeUsersByCompanyIds($users, $companyIds);
|
||||
}
|
||||
if (auth()->user()->can('manageContactInfo')) {
|
||||
array_push($select_array, 'users.email');
|
||||
}
|
||||
|
||||
if ($request->filled('excludeId')) {
|
||||
$users->where('users.id', '!=', (int) $request->input('excludeId'));
|
||||
}
|
||||
$users = User::select($select_array)->where('show_in_list', '=', '1');
|
||||
|
||||
if ($request->filled('search')) {
|
||||
$users = $users->where(function ($query) use ($request) {
|
||||
$query->SimpleNameSearch($request->input('search'))
|
||||
->orWhere('username', 'LIKE', '%'.$request->input('search').'%')
|
||||
->orWhere('display_name', 'LIKE', '%'.$request->input('search').'%')
|
||||
->orWhere('email', 'LIKE', '%'.$request->input('search').'%')
|
||||
->orWhere('employee_num', 'LIKE', '%'.$request->input('search').'%');
|
||||
$query->SimpleNameSearch($request->input('search'));
|
||||
|
||||
// Check that the requesting user can search against the email field
|
||||
if (auth()->user()->can('manageContactInfo')) {
|
||||
$query->orWhere('users.email', 'LIKE', '%'.$request->input('search').'%');
|
||||
}
|
||||
|
||||
});
|
||||
}
|
||||
|
||||
@@ -456,16 +453,27 @@ class UsersController extends Controller
|
||||
{
|
||||
$this->authorize('create', User::class);
|
||||
|
||||
$authenticatedUser = auth()->user();
|
||||
$user = new User;
|
||||
$user->fill($request->all());
|
||||
$user->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
$user->created_by = auth()->id();
|
||||
|
||||
if ($request->has('permissions')) {
|
||||
$user->permissions = json_encode(PreserveUnauthorizedPrivilegedPermissionsAction::run(
|
||||
requestedPermissions: NormalizePermissionsPayloadAction::run($request->input('permissions')),
|
||||
authenticatedUser: $authenticatedUser,
|
||||
));
|
||||
$permissions_array = $request->input('permissions');
|
||||
|
||||
if (! auth()->user()->isSuperUser()) {
|
||||
if ((is_array($permissions_array)) && (array_key_exists('superuser', $permissions_array))) {
|
||||
unset($permissions_array['superuser']);
|
||||
}
|
||||
}
|
||||
|
||||
if (! auth()->user()->isAdmin()) {
|
||||
if ((is_array($permissions_array)) && (array_key_exists('admin', $permissions_array))) {
|
||||
unset($permissions_array['admin']);
|
||||
}
|
||||
}
|
||||
|
||||
$user->permissions = $permissions_array;
|
||||
}
|
||||
|
||||
//
|
||||
@@ -503,12 +511,6 @@ class UsersController extends Controller
|
||||
$user->groups()->sync($request->input('groups'));
|
||||
}
|
||||
|
||||
// Sync company memberships from company_ids[] or fall back to scalar company_id
|
||||
$companyIds = array_filter(
|
||||
(array) ($request->input('company_ids') ?? ($request->filled('company_id') ? [$request->input('company_id')] : []))
|
||||
);
|
||||
$user->syncCompaniesWithLogging(Company::getIdsForCurrentUser(array_map('intval', $companyIds)));
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.create')));
|
||||
}
|
||||
|
||||
@@ -550,8 +552,6 @@ class UsersController extends Controller
|
||||
{
|
||||
$this->authorize('update', $user);
|
||||
|
||||
$authenticatedUser = auth()->user();
|
||||
|
||||
/**
|
||||
* This is a janky hack to prevent people from changing admin demo user data on the public demo.
|
||||
* The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
|
||||
@@ -570,34 +570,73 @@ class UsersController extends Controller
|
||||
$user->password = bcrypt($request->input('password'));
|
||||
}
|
||||
|
||||
if ($request->filled('username')) {
|
||||
$user->username = $request->input('username');
|
||||
}
|
||||
|
||||
if ($request->filled('email')) {
|
||||
$user->email = $request->input('email');
|
||||
}
|
||||
|
||||
if ($request->filled('activated')) {
|
||||
$user->activated = $request->input('activated');
|
||||
}
|
||||
|
||||
// We need to use has() instead of filled()
|
||||
// here because we need to overwrite permissions
|
||||
// if someone needs to null them out
|
||||
|
||||
if ($request->has('username')) {
|
||||
$user->username = $request->input('username');
|
||||
}
|
||||
|
||||
if ($request->has('email')) {
|
||||
$user->email = $request->input('email');
|
||||
}
|
||||
|
||||
if ($request->has('activated')) {
|
||||
$user->activated = $request->input('activated');
|
||||
}
|
||||
|
||||
if ($request->has('permissions')) {
|
||||
// This is going to update the whole thing, not just what was passed.
|
||||
$user->permissions = json_encode(PreserveUnauthorizedPrivilegedPermissionsAction::run(
|
||||
requestedPermissions: NormalizePermissionsPayloadAction::run($request->input('permissions')),
|
||||
authenticatedUser: $authenticatedUser,
|
||||
originalPermissions: NormalizePermissionsPayloadAction::run($user->decodePermissions()),
|
||||
targetUser: $user,
|
||||
));
|
||||
|
||||
$permissions_array = $request->input('permissions');
|
||||
$orig_permissions_array = $user->decodePermissions();
|
||||
|
||||
// Strip out the individual superuser permission if the API user isn't a superadmin
|
||||
if (! auth()->user()->isSuperUser()) {
|
||||
|
||||
if (is_array($orig_permissions_array)) {
|
||||
if (array_key_exists('superuser', $orig_permissions_array)) {
|
||||
$permissions_array['superuser'] = $orig_permissions_array['superuser'];
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Strip out the individual admin permission if the API user isn't an admin
|
||||
if ((! auth()->user()->isAdmin()) && (! auth()->user()->isSuperUser())) {
|
||||
|
||||
if (is_array($orig_permissions_array)) {
|
||||
if (array_key_exists('admin', $orig_permissions_array)) {
|
||||
$permissions_array['admin'] = $orig_permissions_array['admin'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// This is going to update the whole thing, not just what was passed
|
||||
$user->permissions = $permissions_array;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if (auth()->user()->cannot('manageContactInfo')) {
|
||||
$request->request->remove('phone');
|
||||
$request->request->remove('mobile');
|
||||
$request->request->remove('address');
|
||||
$request->request->remove('city');
|
||||
$request->request->remove('state');
|
||||
$request->request->remove('country');
|
||||
$request->request->remove('zip');
|
||||
$request->request->remove('website');
|
||||
}
|
||||
|
||||
if ($request->filled('display_name')) {
|
||||
$user->display_name = $request->input('display_name');
|
||||
}
|
||||
|
||||
if ($request->filled('company_id')) {
|
||||
$user->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
}
|
||||
|
||||
if ($user->id == $request->input('manager_id')) {
|
||||
return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot be your own manager'));
|
||||
}
|
||||
@@ -626,18 +665,6 @@ class UsersController extends Controller
|
||||
$user->groups()->sync($request->input('groups'));
|
||||
}
|
||||
|
||||
// company_ids (new format) = full replacement sync.
|
||||
// Legacy company_id = add without removing other associations.
|
||||
if ($request->has('company_ids')) {
|
||||
$companyIds = array_filter(array_map('intval', (array) $request->input('company_ids')));
|
||||
$user->syncCompaniesWithLogging(Company::getIdsForCurrentUser($companyIds));
|
||||
} elseif ($request->filled('company_id')) {
|
||||
$filtered = Company::getIdsForCurrentUser([(int) $request->input('company_id')]);
|
||||
if (! empty($filtered)) {
|
||||
$user->companies()->syncWithoutDetaching($filtered);
|
||||
}
|
||||
}
|
||||
|
||||
return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.update')));
|
||||
}
|
||||
|
||||
@@ -840,27 +867,21 @@ class UsersController extends Controller
|
||||
try {
|
||||
$user = User::find($request->input('id'));
|
||||
$this->authorize('update', $user);
|
||||
$user->two_factor_secret = null;
|
||||
$user->two_factor_enrolled = 0;
|
||||
$user->saveQuietly();
|
||||
|
||||
if (auth()->user()->can('canEditAuthFields', $user) && auth()->user()->can('editableOnDemo')) {
|
||||
// Log the reset
|
||||
$logaction = new Actionlog;
|
||||
$logaction->target_type = User::class;
|
||||
$logaction->target_id = $user->id;
|
||||
$logaction->item_type = User::class;
|
||||
$logaction->item_id = $user->id;
|
||||
$logaction->created_at = date('Y-m-d H:i:s');
|
||||
$logaction->created_by = auth()->id();
|
||||
$logaction->logaction('2FA reset');
|
||||
|
||||
$user->two_factor_secret = null;
|
||||
$user->two_factor_enrolled = 0;
|
||||
$user->saveQuietly();
|
||||
|
||||
// Log the reset
|
||||
$logaction = new Actionlog;
|
||||
$logaction->target_type = User::class;
|
||||
$logaction->target_id = $user->id;
|
||||
$logaction->item_type = User::class;
|
||||
$logaction->item_id = $user->id;
|
||||
$logaction->created_at = date('Y-m-d H:i:s');
|
||||
$logaction->created_by = auth()->id();
|
||||
$logaction->logaction('2FA reset');
|
||||
|
||||
return response()->json(['message' => trans('admin/settings/general.two_factor_reset_success')], 200);
|
||||
}
|
||||
|
||||
return response()->json(['message' => trans('general.unauthorized')], 500);
|
||||
return response()->json(['message' => trans('admin/settings/general.two_factor_reset_success')], 200);
|
||||
} catch (\Exception $e) {
|
||||
return response()->json(['message' => trans('admin/settings/general.two_factor_reset_error')], 500);
|
||||
}
|
||||
@@ -973,16 +994,4 @@ class UsersController extends Controller
|
||||
return response()->json(Helper::formatStandardApiResponse('success', null, $ldap_results['summary']), 200);
|
||||
|
||||
}
|
||||
|
||||
public function history(Request $request, User $user): JsonResponse|array
|
||||
{
|
||||
$this->authorize('history', $user);
|
||||
$historyQuery = $user->getHistory($request);
|
||||
$total = (clone $historyQuery)->count();
|
||||
$offset = ($request->input('offset') > $total) ? $total : app('api_offset_value');
|
||||
$limit = app('api_limit_value');
|
||||
$history = (clone $historyQuery)->skip($offset)->take($limit)->get();
|
||||
|
||||
return response()->json((new ActionlogsTransformer)->transformActionlogs($history, $total), 200, ['Content-Type' => 'application/json;charset=utf8'], JSON_UNESCAPED_UNICODE);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,6 +9,7 @@ use App\Models\Actionlog;
|
||||
use App\Models\AssetModel;
|
||||
use App\Models\CustomField;
|
||||
use App\Models\SnipeModel;
|
||||
use App\Models\User;
|
||||
use Illuminate\Auth\Access\AuthorizationException;
|
||||
use Illuminate\Contracts\View\View;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
|
||||
@@ -10,7 +10,6 @@ use App\Http\Traits\MigratesLegacyAssetLocations;
|
||||
use App\Models\Asset;
|
||||
use App\Models\CheckoutAcceptance;
|
||||
use App\Models\LicenseSeat;
|
||||
use App\Models\Statuslabel;
|
||||
use Illuminate\Contracts\View\View;
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
@@ -57,16 +56,9 @@ class AssetCheckinController extends Controller
|
||||
default => trans('admin/hardware/form.redirect_to_type', ['type' => trans('general.user')]),
|
||||
};
|
||||
|
||||
$deployableStatusIds = array_map('intval', array_keys(Helper::deployableStatusLabelList()));
|
||||
$selectedStatusId = old('status_id');
|
||||
$showRequestableToggle = is_numeric($selectedStatusId)
|
||||
&& in_array((int) $selectedStatusId, $deployableStatusIds, true);
|
||||
|
||||
return view('hardware/checkin', compact('asset', 'target_option'))
|
||||
->with('item', $asset)
|
||||
->with('statusLabel_list', Helper::statusLabelList())
|
||||
->with('deployable_status_ids', $deployableStatusIds)
|
||||
->with('show_requestable_toggle', $showRequestableToggle)
|
||||
->with('backto', $backto)
|
||||
->with('table_name', 'Assets');
|
||||
}
|
||||
@@ -84,7 +76,7 @@ class AssetCheckinController extends Controller
|
||||
public function store(AssetCheckinRequest $request, $assetId = null, $backto = null): RedirectResponse
|
||||
{
|
||||
// Check if the asset exists
|
||||
if (is_null($asset = Asset::withTrashed()->find($assetId))) {
|
||||
if (is_null($asset = Asset::find($assetId))) {
|
||||
// Redirect to the asset management page with error
|
||||
return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
|
||||
}
|
||||
@@ -115,19 +107,6 @@ class AssetCheckinController extends Controller
|
||||
$asset->status_id = e($request->input('status_id'));
|
||||
}
|
||||
|
||||
$selectedStatusId = $request->filled('status_id')
|
||||
? (int) $request->input('status_id')
|
||||
: (int) $asset->status_id;
|
||||
|
||||
$isDeployableStatus = Statuslabel::query()
|
||||
->whereKey($selectedStatusId)
|
||||
->where('deployable', 1)
|
||||
->exists();
|
||||
|
||||
if ($request->boolean('set_requestable') && $isDeployableStatus) {
|
||||
$asset->requestable = true;
|
||||
}
|
||||
|
||||
// Add any custom fields that should be included in the checkout
|
||||
$asset->customFieldsForCheckinCheckout('display_checkin');
|
||||
|
||||
@@ -135,16 +114,12 @@ class AssetCheckinController extends Controller
|
||||
|
||||
$asset->location_id = $asset->rtd_location_id;
|
||||
|
||||
if ($request->has('location_id')) {
|
||||
if ($request->filled('location_id')) {
|
||||
Log::debug('NEW Location ID: '.$request->input('location_id'));
|
||||
$asset->location_id = $request->input('location_id');
|
||||
if ($request->input('update_default_location') == 0) {
|
||||
$asset->rtd_location_id = $request->input('location_id');
|
||||
}
|
||||
} else {
|
||||
// Explicitly submitted as empty — clear the location
|
||||
$asset->location_id = null;
|
||||
if ($request->filled('location_id')) {
|
||||
Log::debug('NEW Location ID: '.$request->input('location_id'));
|
||||
$asset->location_id = $request->input('location_id');
|
||||
|
||||
if ($request->input('update_default_location') == 0) {
|
||||
$asset->rtd_location_id = $request->input('location_id');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -179,10 +154,6 @@ class AssetCheckinController extends Controller
|
||||
$asset->customFieldsForCheckinCheckout('display_checkin');
|
||||
|
||||
if ($asset->save()) {
|
||||
// Update the location of any child assets
|
||||
Asset::where('assigned_type', Asset::class)
|
||||
->where('assigned_to', $asset->id)
|
||||
->update(['location_id' => $asset->location_id]);
|
||||
|
||||
event(new CheckoutableCheckedIn($asset, $target, auth()->user(), $request->input('note'), $checkin_at, $originalValues));
|
||||
|
||||
@@ -193,34 +164,4 @@ class AssetCheckinController extends Controller
|
||||
// Redirect to the asset management page with error
|
||||
return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.checkin.error').$asset->getErrors());
|
||||
}
|
||||
|
||||
/**
|
||||
* This would only be used if the target is actually hard-deleted
|
||||
* and literally does not exist in the database anymore. This will null out the assigned_to
|
||||
* and assigned_type fields, but will not trigger any events or do any of the other things that a
|
||||
* normal checkin would do, since the target itself is now invalid.
|
||||
*/
|
||||
public function forceCheckin(Asset $asset)
|
||||
{
|
||||
|
||||
$this->authorize('checkin', $asset);
|
||||
|
||||
if (! $asset->hasOrphanedAssignment()) {
|
||||
return redirect()->route('hardware.show', $asset->id)
|
||||
->with('error', trans('admin/hardware/message.checkin.force_checkin_not_orphaned'));
|
||||
}
|
||||
|
||||
$asset->assigned_to = null;
|
||||
$asset->assigned_type = null;
|
||||
|
||||
if ($asset->save()) {
|
||||
$asset->logForceCheckin();
|
||||
|
||||
return redirect()->route('hardware.show', $asset->id)
|
||||
->with('success', trans('admin/hardware/message.checkin.force_checkin_orphaned_success'));
|
||||
}
|
||||
|
||||
return redirect()->route('hardware.show', $asset->id)
|
||||
->with('error', trans('admin/hardware/message.checkin.force_checkin_error'));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,19 +4,18 @@ namespace App\Http\Controllers\Assets;
|
||||
|
||||
use App\Exceptions\CheckoutNotAllowed;
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\CheckInOutRequest;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\AssetCheckoutRequest;
|
||||
use App\Http\Traits\CheckInOutTrait;
|
||||
use App\Models\Asset;
|
||||
use App\Models\CheckoutAcceptance;
|
||||
use App\Models\User;
|
||||
use App\Models\Setting;
|
||||
use Illuminate\Contracts\View\View;
|
||||
use Illuminate\Database\Eloquent\ModelNotFoundException;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
|
||||
class AssetCheckoutController extends Controller
|
||||
{
|
||||
use CheckInOutTrait;
|
||||
use CheckInOutRequest;
|
||||
|
||||
/**
|
||||
* Returns a view that presents a form to check an asset out to a
|
||||
@@ -102,10 +101,6 @@ class AssetCheckoutController extends Controller
|
||||
$asset->status_id = $request->input('status_id');
|
||||
}
|
||||
|
||||
if ($request->boolean('set_not_requestable')) {
|
||||
$asset->requestable = false;
|
||||
}
|
||||
|
||||
if (! empty($asset->licenseseats->all())) {
|
||||
if (request('checkout_to_type') == 'user') {
|
||||
foreach ($asset->licenseseats as $seat) {
|
||||
@@ -118,57 +113,18 @@ class AssetCheckoutController extends Controller
|
||||
// Add any custom fields that should be included in the checkout
|
||||
$asset->customFieldsForCheckinCheckout('display_checkout');
|
||||
|
||||
if (! $asset->canCheckoutTo($target)) {
|
||||
$targetType = match (class_basename($target)) {
|
||||
'User' => trans('general.user'),
|
||||
'Location' => trans('general.location'),
|
||||
default => trans('general.asset'),
|
||||
};
|
||||
$settings = Setting::getSettings();
|
||||
|
||||
return redirect()->route('hardware.checkout.create', $asset)->with('error', trans('general.error_checkout_company_mismatch', [
|
||||
'item' => trans('general.asset').' "'.$asset->display_name.'"',
|
||||
'item_company' => $asset->company?->name ?? trans('general.unassigned'),
|
||||
'target' => $targetType.' "'.($target->name ?? $target->username ?? $target->id).'"',
|
||||
]));
|
||||
// We have to check whether $target->company_id is null here since locations don't have a company yet
|
||||
if (($settings->full_multiple_companies_support) && ((! is_null($target->company_id)) && (! is_null($asset->company_id)))) {
|
||||
if ($target->company_id != $asset->company_id) {
|
||||
return redirect()->route('hardware.checkout.create', $asset)->with('error', trans('general.error_user_company'));
|
||||
}
|
||||
}
|
||||
|
||||
session()->put([
|
||||
'redirect_option' => $request->input('redirect_option'),
|
||||
'checkout_to_type' => $request->input('checkout_to_type'),
|
||||
'sign_in_place' => $request->boolean('sign_in_place'),
|
||||
]);
|
||||
|
||||
if ($asset->checkOut($target, $admin, $checkout_at, $expected_checkin, $request->input('note'), $request->input('name'), null, $request->boolean('sign_in_place'))) {
|
||||
|
||||
// When sign_in_place is requested and the target is a user, redirect to the
|
||||
// acceptance/signature page so the user can sign in person. The signature is
|
||||
// attributed to the target user, not the admin.
|
||||
if ($request->boolean('sign_in_place') && $target instanceof User) {
|
||||
$acceptance = CheckoutAcceptance::where('checkoutable_type', Asset::class)
|
||||
->where('checkoutable_id', $asset->id)
|
||||
->where('assigned_to_id', $target->id)
|
||||
->pending()
|
||||
->latest()
|
||||
->first();
|
||||
|
||||
// If requireAcceptance() is false the listener won't have created one; create it now.
|
||||
if (! $acceptance) {
|
||||
$acceptance = new CheckoutAcceptance;
|
||||
$acceptance->checkoutable()->associate($asset);
|
||||
$acceptance->assignedTo()->associate($target);
|
||||
$acceptance->save();
|
||||
}
|
||||
|
||||
session([
|
||||
'sign_in_place_acceptance_id' => $acceptance->id,
|
||||
'sign_in_place_item_id' => $asset->id,
|
||||
'sign_in_place_resource_type' => 'Assets',
|
||||
]);
|
||||
|
||||
return redirect()->route('account.accept.item', $acceptance->id)
|
||||
->with('success', trans('admin/hardware/message.checkout.success'));
|
||||
}
|
||||
session()->put(['redirect_option' => $request->input('redirect_option'), 'checkout_to_type' => $request->input('checkout_to_type')]);
|
||||
|
||||
if ($asset->checkOut($target, $admin, $checkout_at, $expected_checkin, $request->input('note'), $request->input('name'))) {
|
||||
return Helper::getRedirectOption($request, $asset->id, 'Assets')
|
||||
->with('success', trans('admin/hardware/message.checkout.success'));
|
||||
}
|
||||
|
||||
@@ -66,8 +66,7 @@ class AssetsController extends Controller
|
||||
public function index(Request $request): View
|
||||
{
|
||||
$this->authorize('index', Asset::class);
|
||||
$companyId = $request->input('company_id');
|
||||
$company = is_scalar($companyId) ? Company::find($companyId) : null;
|
||||
$company = Company::find($request->input('company_id'));
|
||||
|
||||
return view('hardware/index')->with('company', $company);
|
||||
}
|
||||
@@ -358,26 +357,11 @@ class AssetsController extends Controller
|
||||
|
||||
$qr_code = (object) [
|
||||
'display' => $settings->qr_code == '1',
|
||||
'url' => route('qr_code/common', ['object_type' => 'hardware', 'id' => $asset->id]),
|
||||
'url' => route('qr_code/hardware', $asset),
|
||||
];
|
||||
|
||||
$total_maintenance_cost = $asset->maintenances?->sum('cost');
|
||||
$total_asset_cost = ($asset->assignedAssets()?->AssetsForShow()) ? $asset->assignedAssets()?->AssetsForShow()?->sum('purchase_cost') : 0;
|
||||
$total_license_cost = ($asset->licenses) ? $asset->licenses->sum('purchase_cost') : 0;
|
||||
$total_accessory_cost = ($asset->accessories) ? $asset->accessories()->sum('purchase_cost') : 0;
|
||||
$total_component_cost = ($asset->components) ? $asset->components->sum('calculated_purchase_cost') : 0;
|
||||
|
||||
$total_cost_for_asset = $asset->purchase_cost + $total_maintenance_cost + $total_asset_cost + $total_license_cost + $total_accessory_cost + $total_component_cost;
|
||||
|
||||
return view('hardware/view', compact('asset', 'qr_code', 'settings'))
|
||||
->with('total_maintenance_cost', $total_maintenance_cost)
|
||||
->with('total_asset_cost', $total_asset_cost)
|
||||
->with('total_license_cost', $total_license_cost)
|
||||
->with('total_accessory_cost', $total_accessory_cost)
|
||||
->with('total_component_cost', $total_component_cost)
|
||||
->with('total_cost_for_asset', $total_cost_for_asset)
|
||||
->with('use_currency', $use_currency)
|
||||
->with('audit_log', $audit_log);
|
||||
->with('use_currency', $use_currency)->with('audit_log', $audit_log);
|
||||
}
|
||||
|
||||
return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
|
||||
@@ -443,7 +427,7 @@ class AssetsController extends Controller
|
||||
|
||||
if ($request->filled('image_delete')) {
|
||||
try {
|
||||
unlink(public_path().'/uploads/assets/'.basename($asset->image));
|
||||
unlink(public_path().'/uploads/assets/'.$asset->image);
|
||||
$asset->image = '';
|
||||
} catch (\Exception $e) {
|
||||
Log::info($e);
|
||||
@@ -511,7 +495,7 @@ class AssetsController extends Controller
|
||||
|
||||
// Validate required serial based on model setting
|
||||
if ($model && $model->require_serial === 1 && empty($serial[1])) {
|
||||
return Helper::getRedirectOption($request, $asset->id, 'Assets')
|
||||
return redirect()->to(Helper::getRedirectOption($request, $asset->id, 'Assets'))
|
||||
->with('warning', trans('admin/hardware/form.serial_required_post_model_update', [
|
||||
'asset_model' => $model->name,
|
||||
]));
|
||||
@@ -549,7 +533,7 @@ class AssetsController extends Controller
|
||||
|
||||
if ($asset->image) {
|
||||
try {
|
||||
Storage::disk('public')->delete('assets/'.basename($asset->image));
|
||||
Storage::disk('public')->delete('assets'.'/'.$asset->image);
|
||||
} catch (\Exception $e) {
|
||||
Log::debug($e);
|
||||
}
|
||||
@@ -567,12 +551,11 @@ class AssetsController extends Controller
|
||||
*
|
||||
* @since [v3.0]
|
||||
*/
|
||||
public function getAssetBySerial(Request $request, $serial = null): RedirectResponse
|
||||
public function getAssetBySerial(Request $request): RedirectResponse
|
||||
{
|
||||
$serial = $serial ?: $request->input('serial');
|
||||
$topsearch = ($request->input('topsearch') == 'true');
|
||||
|
||||
if (! $asset = Asset::where('serial', '=', $serial)->first()) {
|
||||
if (! $asset = Asset::where('serial', '=', $request->input('serial'))->first()) {
|
||||
return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
|
||||
}
|
||||
$this->authorize('view', $asset);
|
||||
|
||||
@@ -2,25 +2,19 @@
|
||||
|
||||
namespace App\Http\Controllers\Assets;
|
||||
|
||||
use App\Events\CheckoutableCheckedIn;
|
||||
use App\Events\CheckoutablesCheckedOutInBulk;
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\CheckInOutRequest;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\AssetCheckoutRequest;
|
||||
use App\Http\Traits\CheckInOutTrait;
|
||||
use App\Models\Asset;
|
||||
use App\Models\AssetModel;
|
||||
use App\Models\CheckoutAcceptance;
|
||||
use App\Models\Company;
|
||||
use App\Models\CustomField;
|
||||
use App\Models\LicenseSeat;
|
||||
use App\Models\Setting;
|
||||
use App\Models\Statuslabel;
|
||||
use App\Models\User;
|
||||
use App\View\Label;
|
||||
use Carbon\Carbon;
|
||||
use Illuminate\Contracts\View\View;
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
use Illuminate\Database\Eloquent\ModelNotFoundException;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\Request;
|
||||
@@ -32,7 +26,7 @@ use Illuminate\Support\Facades\Log;
|
||||
|
||||
class BulkAssetsController extends Controller
|
||||
{
|
||||
use CheckInOutTrait;
|
||||
use CheckInOutRequest;
|
||||
|
||||
/**
|
||||
* Display the bulk edit page.
|
||||
@@ -78,16 +72,6 @@ class BulkAssetsController extends Controller
|
||||
return redirect()->route('hardware.bulkcheckout.show');
|
||||
}
|
||||
|
||||
if ($request->input('bulk_actions') === 'checkin') {
|
||||
$referer = request()->headers->get('referer');
|
||||
if ($referer && parse_url($referer, PHP_URL_HOST) === parse_url(config('app.url'), PHP_URL_HOST)) {
|
||||
redirect()->setIntendedUrl($referer);
|
||||
}
|
||||
$request->session()->flashInput(['selected_assets' => $asset_ids]);
|
||||
|
||||
return redirect()->route('hardware.bulkcheckin.show');
|
||||
}
|
||||
|
||||
if ($request->input('bulk_actions') === 'maintenance') {
|
||||
$request->session()->flashInput(['selected_assets' => $asset_ids]);
|
||||
|
||||
@@ -387,7 +371,7 @@ class BulkAssetsController extends Controller
|
||||
}
|
||||
|
||||
if ($request->filled('company_id')) {
|
||||
$this->update_array['company_id'] = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
$this->update_array['company_id'] = $request->input('company_id');
|
||||
if ($request->input('company_id') == 'clear') {
|
||||
$this->update_array['company_id'] = null;
|
||||
}
|
||||
@@ -422,7 +406,7 @@ class BulkAssetsController extends Controller
|
||||
// Otherwise we need to make sure the status type is still a deployable one.
|
||||
|
||||
$unassigned = $asset->assigned_to == '';
|
||||
$deployable = $updated_status->deployable == '1' && $asset->status?->deployable == '1';
|
||||
$deployable = $updated_status->deployable == '1' && $asset->assetstatus?->deployable == '1';
|
||||
$pending = $updated_status->pending === 1;
|
||||
|
||||
if ($unassigned || $deployable || $pending) {
|
||||
@@ -688,25 +672,18 @@ class BulkAssetsController extends Controller
|
||||
->with('error', trans('general.error_assets_already_checked_out'));
|
||||
}
|
||||
|
||||
// Prevent checking out assets across companies if FMCS enabled.
|
||||
if (Setting::getSettings()->full_multiple_companies_support) {
|
||||
$company_ids = $assets->pluck('company_id')->filter()->unique();
|
||||
// Prevent checking out assets across companies if FMCS enabled
|
||||
if (Setting::getSettings()->full_multiple_companies_support && $target->company_id) {
|
||||
$company_ids = $assets->pluck('company_id')->unique();
|
||||
|
||||
if ($company_ids->isNotEmpty()) {
|
||||
if ($company_ids->count() > 1) {
|
||||
// Selected assets span multiple companies; bulk checkout can't satisfy all of them.
|
||||
$mismatch = true;
|
||||
} else {
|
||||
// All assets share the same company; let the model enforce the checkout rules.
|
||||
$mismatch = ! $assets->first()->canCheckoutTo($target);
|
||||
}
|
||||
// if there is more than one unique company id or the singular company id does not match
|
||||
// then the checkout is invalid
|
||||
if ($company_ids->count() > 1 || $company_ids->first() != $target->company_id) {
|
||||
// re-add the asset ids so the assets select is re-populated
|
||||
$request->session()->flashInput(['selected_assets' => $asset_ids]);
|
||||
|
||||
if ($mismatch) {
|
||||
$request->session()->flashInput(['selected_assets' => $asset_ids]);
|
||||
|
||||
return redirect(route('hardware.bulkcheckout.show'))
|
||||
->with('error', trans('general.error_user_company_multiple'));
|
||||
}
|
||||
return redirect(route('hardware.bulkcheckout.show'))
|
||||
->with('error', trans('general.error_user_company_multiple'));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -738,10 +715,6 @@ class BulkAssetsController extends Controller
|
||||
$asset->status_id = $request->input('status_id');
|
||||
}
|
||||
|
||||
if ($request->boolean('set_not_requestable')) {
|
||||
$asset->requestable = false;
|
||||
}
|
||||
|
||||
$checkout_success = $asset->checkOut($target, $admin, $checkout_at, $expected_checkin, e($request->input('note')), $asset->name, null);
|
||||
|
||||
// TODO - I think this logic is duplicated in the checkOut method?
|
||||
@@ -781,112 +754,6 @@ class BulkAssetsController extends Controller
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Show Bulk Checkin Page
|
||||
*/
|
||||
public function showCheckin(): View
|
||||
{
|
||||
$this->authorize('checkin', Asset::class);
|
||||
|
||||
$notAssigned = collect();
|
||||
|
||||
if (old('selected_assets') && is_array(old('selected_assets'))) {
|
||||
$assets = Asset::withTrashed()->findMany(old('selected_assets'));
|
||||
|
||||
[$assigned, $notAssigned] = $assets->partition(function (Asset $asset) {
|
||||
return $asset->assigned_to;
|
||||
});
|
||||
|
||||
session()->flashInput(['selected_assets' => $assigned->pluck('id')->values()->toArray()]);
|
||||
}
|
||||
|
||||
$do_not_change = ['' => trans('general.do_not_change')];
|
||||
$status_label_list = $do_not_change + Helper::statusLabelList();
|
||||
|
||||
return view('hardware/bulk-checkin', [
|
||||
'statusLabel_list' => $status_label_list,
|
||||
'removed_assets' => $notAssigned,
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Process Multiple Checkin Request
|
||||
*/
|
||||
public function storeCheckin(Request $request): RedirectResponse
|
||||
{
|
||||
$this->authorize('checkin', Asset::class);
|
||||
|
||||
if (! is_array($request->input('selected_assets'))) {
|
||||
return redirect()->route('hardware.bulkcheckin.show')->withInput()->with('error', trans('admin/hardware/message.multi-checkin.no_assets_selected'));
|
||||
}
|
||||
|
||||
$asset_ids = array_filter($request->input('selected_assets'));
|
||||
|
||||
$assets = Asset::withTrashed()->findOrFail($asset_ids);
|
||||
|
||||
$checkin_at = date('Y-m-d H:i:s');
|
||||
if ($request->filled('checkin_at') && $request->input('checkin_at') != date('Y-m-d')) {
|
||||
$checkin_at = $request->input('checkin_at');
|
||||
}
|
||||
|
||||
$errors = [];
|
||||
$admin = auth()->user();
|
||||
|
||||
DB::transaction(function () use ($assets, $admin, $checkin_at, $request, &$errors) {
|
||||
foreach ($assets as $asset) {
|
||||
$this->authorize('checkin', $asset);
|
||||
|
||||
if (is_null($asset->assignedTo)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$target = $asset->assignedTo;
|
||||
$originalValues = $asset->getRawOriginal();
|
||||
|
||||
$asset->expected_checkin = null;
|
||||
$asset->assignedTo()->disassociate($asset);
|
||||
$asset->accepted = null;
|
||||
|
||||
if ($request->filled('status_id')) {
|
||||
$asset->status_id = $request->input('status_id');
|
||||
}
|
||||
|
||||
$asset->location_id = $asset->rtd_location_id;
|
||||
$asset->last_checkin = $checkin_at;
|
||||
|
||||
if ($request->boolean('checkin_licenses')) {
|
||||
$asset->licenseseats->each(function (LicenseSeat $seat) {
|
||||
$seat->update(['assigned_to' => null]);
|
||||
});
|
||||
}
|
||||
|
||||
CheckoutAcceptance::pending()->whereHasMorph('checkoutable', [Asset::class], function (Builder $query) use ($asset) {
|
||||
$query->where('id', $asset->id);
|
||||
})->get()->each->delete();
|
||||
|
||||
if ($asset->save()) {
|
||||
if ($request->boolean('checkin_child_assets')) {
|
||||
Asset::where('assigned_type', Asset::class)
|
||||
->where('assigned_to', $asset->id)
|
||||
->update(['location_id' => $asset->location_id]);
|
||||
}
|
||||
|
||||
event(new CheckoutableCheckedIn($asset, $target, $admin, $request->input('note'), $checkin_at, $originalValues));
|
||||
} else {
|
||||
$errors = array_merge_recursive($errors, $asset->getErrors()->toArray());
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
if (! $errors) {
|
||||
return redirect()->intended(route('hardware.index'))->with('success', trans_choice('admin/hardware/message.multi-checkin.success', count($asset_ids)));
|
||||
}
|
||||
|
||||
return redirect()->route('hardware.bulkcheckin.show')->withInput()
|
||||
->with('error', trans_choice('admin/hardware/message.multi-checkin.error', count($asset_ids)))
|
||||
->withErrors($errors);
|
||||
}
|
||||
|
||||
public function restore(Request $request): RedirectResponse
|
||||
{
|
||||
$this->authorize('update', Asset::class);
|
||||
|
||||
@@ -106,21 +106,15 @@ class LoginController extends Controller
|
||||
if ($saml->isEnabled() && ! empty($samlData)) {
|
||||
|
||||
try {
|
||||
|
||||
$user = $saml->samlLogin($samlData);
|
||||
$notValidAfter = new \Carbon\Carbon(@$samlData['assertionNotOnOrAfter']);
|
||||
if (\Carbon::now()->greaterThanOrEqualTo($notValidAfter)) {
|
||||
abort(400, 'Expired SAML Assertion');
|
||||
}
|
||||
try {
|
||||
SamlNonce::create([
|
||||
'nonce' => $samlData['nonce'],
|
||||
'not_valid_after' => $notValidAfter,
|
||||
]);
|
||||
} catch (\Exception $e) {
|
||||
\Log::error($e);
|
||||
abort(400, 'Assertion has already been used.');
|
||||
if (SamlNonce::where('nonce', @$samlData['nonce'])->count() > 0) {
|
||||
abort(400, 'Assertion has already been used');
|
||||
}
|
||||
Log::debug('okay, fine, this is a new nonce then. Good for you.');
|
||||
if (! is_null($user)) {
|
||||
Auth::login($user);
|
||||
} else {
|
||||
@@ -134,6 +128,10 @@ class LoginController extends Controller
|
||||
$user->last_login = \Carbon::now();
|
||||
$user->saveQuietly();
|
||||
}
|
||||
$s = new SamlNonce;
|
||||
$s->nonce = @$samlData['nonce'];
|
||||
$s->not_valid_after = $notValidAfter;
|
||||
$s->save();
|
||||
|
||||
} catch (\Exception $e) {
|
||||
Log::debug('There was an error authenticating the SAML user: '.$e->getMessage());
|
||||
@@ -435,7 +433,7 @@ class LoginController extends Controller
|
||||
$user->saveQuietly();
|
||||
$request->session()->put('2fa_authed', $user->id);
|
||||
|
||||
return redirect()->intended()->with('success', trans('auth/message.signin.success'));
|
||||
return redirect()->route('home')->with('success', trans('auth/message.signin.success'));
|
||||
}
|
||||
|
||||
return redirect()->route('two-factor')->with('error', trans('auth/message.two_factor.invalid_code'));
|
||||
|
||||
@@ -74,7 +74,7 @@ class SamlController extends Controller
|
||||
public function login(Request $request)
|
||||
{
|
||||
$auth = $this->saml->getAuth();
|
||||
$ssoUrl = $auth->login(session()->get('url.intended'), [], false, false, false, false);
|
||||
$ssoUrl = $auth->login(null, [], false, false, false, false);
|
||||
|
||||
return redirect()->away($ssoUrl);
|
||||
}
|
||||
@@ -96,7 +96,6 @@ class SamlController extends Controller
|
||||
$saml = $this->saml;
|
||||
$auth = $saml->getAuth();
|
||||
$saml_exception = false;
|
||||
session()->put('url.intended', str_replace(["\r", "\n"], '', $request->post('RelayState')));
|
||||
try {
|
||||
$auth->processResponse();
|
||||
} catch (\Exception $e) {
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Traits;
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Models\Asset;
|
||||
use App\Models\Location;
|
||||
use App\Models\SnipeModel;
|
||||
use App\Models\User;
|
||||
|
||||
trait CheckInOutTrait
|
||||
trait CheckInOutRequest
|
||||
{
|
||||
/**
|
||||
* Find target for checkout
|
||||
@@ -43,8 +43,7 @@ class ComponentCheckinController extends Controller
|
||||
}
|
||||
$this->authorize('checkin', $component);
|
||||
|
||||
return view('components/checkin', compact('component_assets', 'component', 'asset'))
|
||||
->with('snipe_component', $component);
|
||||
return view('components/checkin', compact('component_assets', 'component', 'asset'));
|
||||
}
|
||||
|
||||
return redirect()->route('components.index')->with('error', trans('admin/components/messages.not_found'));
|
||||
|
||||
@@ -7,6 +7,7 @@ use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Models\Asset;
|
||||
use App\Models\Component;
|
||||
use App\Models\Setting;
|
||||
use Illuminate\Auth\Access\AuthorizationException;
|
||||
use Illuminate\Contracts\View\View;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
@@ -45,8 +46,7 @@ class ComponentCheckoutController extends Controller
|
||||
}
|
||||
|
||||
// Return the checkout view
|
||||
return view('components/checkout', compact('component'))
|
||||
->with('snipe_component', $component);
|
||||
return view('components/checkout', compact('component'));
|
||||
}
|
||||
|
||||
// Invalid category
|
||||
@@ -103,12 +103,8 @@ class ComponentCheckoutController extends Controller
|
||||
// Check if the asset exists
|
||||
$asset = Asset::find($request->input('asset_id'));
|
||||
|
||||
if (! $component->canCheckoutTo($asset)) {
|
||||
return redirect()->route('components.checkout.show', $componentId)->with('error', trans('general.error_checkout_company_mismatch', [
|
||||
'item' => trans('general.component').' "'.$component->name.'"',
|
||||
'item_company' => $component->company?->name ?? trans('general.unassigned'),
|
||||
'target' => trans('general.asset').' "'.$asset->display_name.'"',
|
||||
]));
|
||||
if ((Setting::getSettings()->full_multiple_companies_support) && $component->company_id !== $asset->company_id) {
|
||||
return redirect()->route('components.checkout.show', $componentId)->with('error', trans('general.error_user_company'));
|
||||
}
|
||||
|
||||
$component->checkout_qty = $request->input('assigned_qty');
|
||||
|
||||
@@ -4,8 +4,7 @@ namespace App\Http\Controllers\Components;
|
||||
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\StoreComponentRequest;
|
||||
use App\Http\Requests\UpdateComponentRequest;
|
||||
use App\Http\Requests\ImageUploadRequest;
|
||||
use App\Models\Company;
|
||||
use App\Models\Component;
|
||||
use Illuminate\Auth\Access\AuthorizationException;
|
||||
@@ -13,6 +12,7 @@ use Illuminate\Contracts\View\View;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use Illuminate\Support\Facades\Validator;
|
||||
|
||||
/**
|
||||
* This class controls all actions related to Components for
|
||||
@@ -74,7 +74,7 @@ class ComponentsController extends Controller
|
||||
*
|
||||
* @throws AuthorizationException
|
||||
*/
|
||||
public function store(StoreComponentRequest $request)
|
||||
public function store(ImageUploadRequest $request)
|
||||
{
|
||||
$this->authorize('create', Component::class);
|
||||
$component = new Component;
|
||||
@@ -148,10 +148,21 @@ class ComponentsController extends Controller
|
||||
*
|
||||
* @since [v3.0]
|
||||
*/
|
||||
public function update(UpdateComponentRequest $request, Component $component)
|
||||
public function update(ImageUploadRequest $request, Component $component)
|
||||
{
|
||||
$min = $component->numCheckedOut();
|
||||
$validator = Validator::make($request->all(), [
|
||||
'qty' => "required|numeric|min:$min",
|
||||
]);
|
||||
|
||||
if ($validator->fails()) {
|
||||
return redirect()->back()
|
||||
->withErrors($validator)
|
||||
->withInput();
|
||||
}
|
||||
|
||||
$this->authorize('update', $component);
|
||||
|
||||
|
||||
// Update the component data
|
||||
$component->name = $request->input('name');
|
||||
$component->category_id = $request->input('category_id');
|
||||
|
||||
@@ -5,7 +5,6 @@ namespace App\Http\Controllers\Consumables;
|
||||
use App\Events\CheckoutableCheckedOut;
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Models\CheckoutAcceptance;
|
||||
use App\Models\Consumable;
|
||||
use App\Models\User;
|
||||
use Illuminate\Auth\Access\AuthorizationException;
|
||||
@@ -96,14 +95,6 @@ class ConsumableCheckoutController extends Controller
|
||||
return redirect()->route('consumables.checkout.show', $consumable)->with('error', trans('admin/consumables/message.checkout.user_does_not_exist'))->withInput();
|
||||
}
|
||||
|
||||
if (! $consumable->canCheckoutTo($user)) {
|
||||
return redirect()->back()->with('error', trans('general.error_checkout_company_mismatch', [
|
||||
'item' => trans('general.consumable').' "'.$consumable->name.'"',
|
||||
'item_company' => $consumable->company?->name ?? trans('general.unassigned'),
|
||||
'target' => trans('general.user').' "'.$user->username.'"',
|
||||
]));
|
||||
}
|
||||
|
||||
// Update the consumable data
|
||||
$consumable->assigned_to = e($request->input('assigned_to'));
|
||||
|
||||
@@ -125,46 +116,12 @@ class ConsumableCheckoutController extends Controller
|
||||
$request->input('note'),
|
||||
[],
|
||||
$consumable->checkout_qty,
|
||||
$request->boolean('sign_in_place'),
|
||||
));
|
||||
|
||||
$request->request->add(['checkout_to_type' => 'user']);
|
||||
$request->request->add(['assigned_user' => $user->id]);
|
||||
|
||||
session()->put([
|
||||
'redirect_option' => $request->input('redirect_option'),
|
||||
'checkout_to_type' => $request->input('checkout_to_type'),
|
||||
'sign_in_place' => $request->boolean('sign_in_place'),
|
||||
]);
|
||||
|
||||
// When sign_in_place is requested, redirect to the acceptance/signature page
|
||||
// so the user can sign in person. The signature is attributed to the target user.
|
||||
if ($request->boolean('sign_in_place')) {
|
||||
$acceptance = CheckoutAcceptance::where('checkoutable_type', Consumable::class)
|
||||
->where('checkoutable_id', $consumable->id)
|
||||
->where('assigned_to_id', $user->id)
|
||||
->pending()
|
||||
->latest()
|
||||
->first();
|
||||
|
||||
// If requireAcceptance() is false the listener won't have created one; create it now.
|
||||
if (! $acceptance) {
|
||||
$acceptance = new CheckoutAcceptance;
|
||||
$acceptance->checkoutable()->associate($consumable);
|
||||
$acceptance->assignedTo()->associate($user);
|
||||
$acceptance->qty = $quantity;
|
||||
$acceptance->save();
|
||||
}
|
||||
|
||||
session([
|
||||
'sign_in_place_acceptance_id' => $acceptance->id,
|
||||
'sign_in_place_item_id' => $consumable->id,
|
||||
'sign_in_place_resource_type' => 'Consumables',
|
||||
]);
|
||||
|
||||
return redirect()->route('account.accept.item', $acceptance->id)
|
||||
->with('success', trans('admin/consumables/message.checkout.success'));
|
||||
}
|
||||
session()->put(['redirect_option' => $request->input('redirect_option'), 'checkout_to_type' => $request->input('checkout_to_type')]);
|
||||
|
||||
// Redirect to the new consumable page
|
||||
return Helper::getRedirectOption($request, $consumable->id, 'Consumables')
|
||||
|
||||
@@ -26,10 +26,8 @@ namespace App\Http\Controllers;
|
||||
use App\Models\Accessory;
|
||||
use App\Models\Asset;
|
||||
use App\Models\AssetModel;
|
||||
use App\Models\Company;
|
||||
use App\Models\Component;
|
||||
use App\Models\Consumable;
|
||||
use App\Models\Department;
|
||||
use App\Models\License;
|
||||
use App\Models\Location;
|
||||
use App\Models\Maintenance;
|
||||
@@ -48,8 +46,6 @@ abstract class Controller extends BaseController
|
||||
|
||||
public static $map_object_type = [
|
||||
'accessories' => Accessory::class,
|
||||
'companies' => Company::class,
|
||||
'departments' => Department::class,
|
||||
'maintenances' => Maintenance::class,
|
||||
'assets' => Asset::class,
|
||||
'audits' => Asset::class,
|
||||
@@ -68,8 +64,6 @@ abstract class Controller extends BaseController
|
||||
'maintenances' => 'private_uploads/maintenances/',
|
||||
'assets' => 'private_uploads/assets/',
|
||||
'audits' => 'private_uploads/audits/',
|
||||
'departments' => 'private_uploads/departments/',
|
||||
'companies' => 'private_uploads/companies/',
|
||||
'components' => 'private_uploads/components/',
|
||||
'consumables' => 'private_uploads/consumables/',
|
||||
'hardware' => 'private_uploads/assets/',
|
||||
@@ -85,8 +79,6 @@ abstract class Controller extends BaseController
|
||||
'maintenances' => 'maintenance',
|
||||
'assets' => 'asset',
|
||||
'audits' => 'audits',
|
||||
'companies' => 'company',
|
||||
'departments' => 'department',
|
||||
'components' => 'component',
|
||||
'consumables' => 'consumable',
|
||||
'hardware' => 'asset',
|
||||
|
||||
@@ -54,7 +54,7 @@ class DepartmentsController extends Controller
|
||||
$department->created_by = auth()->id();
|
||||
$department->manager_id = ($request->filled('manager_id') ? $request->input('manager_id') : null);
|
||||
$department->location_id = ($request->filled('location_id') ? $request->input('location_id') : null);
|
||||
$department->company_id = ($request->filled('company_id') ? Company::getIdForCurrentUser($request->input('company_id')) : null);
|
||||
$department->company_id = ($request->filled('company_id') ? $request->input('company_id') : null);
|
||||
$department->tag_color = $request->input('tag_color');
|
||||
$department->notes = $request->input('notes');
|
||||
$department = $request->handleImages($department);
|
||||
@@ -107,8 +107,12 @@ class DepartmentsController extends Controller
|
||||
*
|
||||
* @since [v4.0]
|
||||
*/
|
||||
public function destroy(Department $department): RedirectResponse
|
||||
public function destroy($id): RedirectResponse
|
||||
{
|
||||
if (is_null($department = Department::find($id))) {
|
||||
return redirect()->to(route('departments.index'))->with('error', trans('admin/departments/message.not_found'));
|
||||
}
|
||||
|
||||
$this->authorize('delete', $department);
|
||||
|
||||
if ($department->users->count() > 0) {
|
||||
@@ -164,7 +168,7 @@ class DepartmentsController extends Controller
|
||||
$department->fill($request->all());
|
||||
$department->manager_id = ($request->filled('manager_id') ? $request->input('manager_id') : null);
|
||||
$department->location_id = ($request->filled('location_id') ? $request->input('location_id') : null);
|
||||
$department->company_id = ($request->filled('company_id') ? Company::getIdForCurrentUser($request->input('company_id')) : null);
|
||||
$department->company_id = ($request->filled('company_id') ? $request->input('company_id') : null);
|
||||
$department->phone = $request->input('phone');
|
||||
$department->fax = $request->input('fax');
|
||||
$department->tag_color = $request->input('tag_color');
|
||||
|
||||
@@ -54,7 +54,6 @@ class GoogleAuthController extends Controller
|
||||
Log::debug('Google user '.$socialUser->getEmail().' found in Snipe-IT');
|
||||
$user->update([
|
||||
'avatar' => $socialUser->avatar,
|
||||
'last_login' => \Carbon::now(),
|
||||
]);
|
||||
|
||||
Auth::login($user, true);
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Actions\Permissions\NormalizePermissionsPayloadAction;
|
||||
use App\Helpers\Helper;
|
||||
use App\Models\Group;
|
||||
use App\Models\User;
|
||||
@@ -80,12 +79,14 @@ class GroupsController extends Controller
|
||||
// create a new group instance
|
||||
$group = new Group;
|
||||
$group->name = $request->input('name');
|
||||
$group->permissions = json_encode(
|
||||
Helper::selectedPermissionsArray(
|
||||
config('permissions'),
|
||||
NormalizePermissionsPayloadAction::run($request->input('permission'))
|
||||
)
|
||||
);
|
||||
|
||||
if ($request->filled('permission')) {
|
||||
$group->permissions = json_encode($request->array('permission'));
|
||||
} else {
|
||||
$group->permissions = null;
|
||||
}
|
||||
|
||||
$group->permissions = json_encode($request->input('permission'));
|
||||
$group->created_by = auth()->id();
|
||||
$group->notes = $request->input('notes');
|
||||
|
||||
@@ -166,17 +167,15 @@ class GroupsController extends Controller
|
||||
public function update(Request $request, Group $group): RedirectResponse
|
||||
{
|
||||
$group->name = $request->input('name');
|
||||
$group->notes = $request->input('notes');
|
||||
|
||||
if ($request->has('permission')) {
|
||||
$group->permissions = json_encode(
|
||||
Helper::selectedPermissionsArray(
|
||||
config('permissions'),
|
||||
NormalizePermissionsPayloadAction::run($request->input('permission'))
|
||||
)
|
||||
);
|
||||
if ($request->filled('permission')) {
|
||||
$group->permissions = json_encode($request->array('permission'));
|
||||
} else {
|
||||
$group->permissions = null;
|
||||
}
|
||||
|
||||
$group->notes = $request->input('notes');
|
||||
|
||||
if (! config('app.lock_passwords')) {
|
||||
if ($group->save()) {
|
||||
|
||||
@@ -208,15 +207,9 @@ class GroupsController extends Controller
|
||||
public function destroy($id): RedirectResponse
|
||||
{
|
||||
if (! config('app.lock_passwords')) {
|
||||
|
||||
if (! $group = Group::find($id)) {
|
||||
return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', ['id' => $id]));
|
||||
}
|
||||
|
||||
if (! $group->isDeletable()) {
|
||||
return redirect()->route('groups.index')->with('error', trans('admin/groups/message.assoc_users'));
|
||||
}
|
||||
|
||||
$group->delete();
|
||||
|
||||
return redirect()->route('groups.index')->with('success', trans('admin/groups/message.success.delete'));
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
namespace App\Http\Controllers\Kits;
|
||||
|
||||
use App\Http\Controllers\CheckInOutRequest;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Traits\CheckInOutTrait;
|
||||
use App\Models\Asset;
|
||||
use App\Models\PredefinedKit;
|
||||
use App\Models\User;
|
||||
@@ -23,7 +23,7 @@ class CheckoutKitController extends Controller
|
||||
{
|
||||
public $kitService;
|
||||
|
||||
use CheckInOutTrait;
|
||||
use CheckInOutRequest;
|
||||
|
||||
public function __construct(PredefinedKitCheckoutService $kitService)
|
||||
{
|
||||
@@ -53,8 +53,6 @@ class CheckoutKitController extends Controller
|
||||
*/
|
||||
public function store(Request $request, $kit_id)
|
||||
{
|
||||
$this->authorize('checkout', Asset::class);
|
||||
|
||||
$user_id = e($request->input('user_id'));
|
||||
if (is_null($user = User::find($user_id))) {
|
||||
return redirect()->back()->with('error', trans('admin/users/message.user_not_found'));
|
||||
|
||||
@@ -43,9 +43,7 @@ class LabelsController extends Controller
|
||||
'name' => trans('admin/labels/table.example_company'),
|
||||
'phone' => '1-555-555-5555',
|
||||
'email' => 'company@example.com',
|
||||
'logo' => 'label-preview-logo.png',
|
||||
]);
|
||||
$exampleAsset->is_label_preview = true;
|
||||
|
||||
$exampleAsset->setRelation('assignedTo', new User(['first_name' => 'Luke', 'last_name' => 'Skywalker']));
|
||||
$exampleAsset->defaultLoc = new Location(['name' => trans('admin/labels/table.example_defaultloc'), 'phone' => '1-555-555-5555']);
|
||||
|
||||
@@ -1,67 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Licenses;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Models\License;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
|
||||
class BulkLicensesController extends Controller
|
||||
{
|
||||
public function destroy(Request $request)
|
||||
{
|
||||
$this->authorize('delete', License::class);
|
||||
|
||||
$errors = [];
|
||||
$success_count = 0;
|
||||
|
||||
foreach ($request->input('ids', []) as $id) {
|
||||
$license = License::find($id);
|
||||
|
||||
if (is_null($license)) {
|
||||
$errors[] = trans('admin/licenses/message.does_not_exist');
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if (! Gate::allows('delete', $license)) {
|
||||
$errors[] = trans('general.insufficient_permissions');
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if ($license->assigned_seats_count > 0) {
|
||||
$errors[] = trans('admin/licenses/message.delete.bulk_checkout_warning', ['license_name' => $license->name]);
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
// Since assigned_seats_count == 0, all seats already have assigned_to and asset_id as null,
|
||||
// so this update is effectively a no-op. It mirrors the single destroy() and is kept as a
|
||||
// safety net. Bypassing Eloquent events here is intentional and safe — there is nothing
|
||||
// assigned to trigger events on. Prior checkout/checkin history is preserved in action_log
|
||||
// (keyed by LicenseSeat item_type/item_id) and remains accessible even after soft-delete.
|
||||
DB::table('license_seats')
|
||||
->where('license_id', $license->id)
|
||||
->update(['assigned_to' => null, 'asset_id' => null]);
|
||||
|
||||
$license->licenseseats()->delete();
|
||||
$license->delete();
|
||||
$success_count++;
|
||||
}
|
||||
|
||||
if (count($errors) > 0) {
|
||||
if ($success_count > 0) {
|
||||
return redirect()->route('licenses.index')
|
||||
->with('success', trans_choice('admin/licenses/message.delete.partial_success', $success_count, ['count' => $success_count]))
|
||||
->with('multi_error_messages', $errors);
|
||||
}
|
||||
|
||||
return redirect()->route('licenses.index')->with('multi_error_messages', $errors);
|
||||
}
|
||||
|
||||
return redirect()->route('licenses.index')->with('success', trans('admin/licenses/message.delete.bulk_success'));
|
||||
}
|
||||
}
|
||||
@@ -13,7 +13,6 @@ use Illuminate\Auth\Access\AuthorizationException;
|
||||
use Illuminate\Contracts\View\View;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use Illuminate\Support\Facades\Validator;
|
||||
|
||||
@@ -36,7 +35,7 @@ class LicenseCheckinController extends Controller
|
||||
{
|
||||
// Check if the asset exists
|
||||
$license = License::find($licenseSeat->license_id);
|
||||
$this->authorize('checkin', $license);
|
||||
$this->authorize('checkout', $license);
|
||||
|
||||
return view('licenses/checkin', compact('licenseSeat'))->with('backto', $backTo);
|
||||
}
|
||||
@@ -70,7 +69,7 @@ class LicenseCheckinController extends Controller
|
||||
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.checkin.error'));
|
||||
}
|
||||
|
||||
$this->authorize('checkin', $license);
|
||||
$this->authorize('checkout', $license);
|
||||
|
||||
// Declare the rules for the form validation
|
||||
$rules = [
|
||||
@@ -128,45 +127,10 @@ class LicenseCheckinController extends Controller
|
||||
* @see LicenseCheckinController::create() method that provides the form view
|
||||
* @since [v6.1.1]
|
||||
*
|
||||
* @return RedirectResponse
|
||||
*
|
||||
* @throws AuthorizationException
|
||||
*/
|
||||
public function bulkCheckinSelected(Request $request): RedirectResponse
|
||||
{
|
||||
$this->authorize('checkin', License::class);
|
||||
|
||||
$seatIds = $request->input('ids', []);
|
||||
|
||||
if (empty($seatIds)) {
|
||||
return redirect()->back()->with('warning', trans('admin/licenses/general.bulk.checkin_selected.no_seats_selected'));
|
||||
}
|
||||
|
||||
$seats = LicenseSeat::whereIn('id', $seatIds)
|
||||
->where(function ($query) {
|
||||
$query->whereNotNull('assigned_to')->orWhereNotNull('asset_id');
|
||||
})
|
||||
->with('license', 'user', 'asset')
|
||||
->get();
|
||||
|
||||
$count = 0;
|
||||
foreach ($seats as $seat) {
|
||||
if (! $seat->license || ! Gate::allows('checkin', $seat->license)) {
|
||||
continue;
|
||||
}
|
||||
$target = $seat->user ?? $seat->asset;
|
||||
$seat->assigned_to = null;
|
||||
$seat->asset_id = null;
|
||||
if (! $seat->license->reassignable) {
|
||||
$seat->unreassignable_seat = true;
|
||||
}
|
||||
if ($seat->save()) {
|
||||
event(new CheckoutableCheckedIn($seat, $target, auth()->user(), null));
|
||||
$count++;
|
||||
}
|
||||
}
|
||||
|
||||
return redirect()->back()->with('success', trans_choice('admin/licenses/general.bulk.checkin_selected.success', $count, ['count' => $count]));
|
||||
}
|
||||
|
||||
public function bulkCheckin(Request $request, $licenseId)
|
||||
{
|
||||
|
||||
|
||||
@@ -7,16 +7,13 @@ use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\LicenseCheckoutRequest;
|
||||
use App\Models\Asset;
|
||||
use App\Models\CheckoutAcceptance;
|
||||
use App\Models\License;
|
||||
use App\Models\LicenseSeat;
|
||||
use App\Models\Setting;
|
||||
use App\Models\User;
|
||||
use Illuminate\Auth\Access\AuthorizationException;
|
||||
use Illuminate\Contracts\View\View;
|
||||
use Illuminate\Http\Exceptions\HttpResponseException;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
|
||||
class LicenseCheckoutController extends Controller
|
||||
@@ -96,91 +93,25 @@ class LicenseCheckoutController extends Controller
|
||||
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.checkout.license_is_inactive'));
|
||||
}
|
||||
|
||||
if (Setting::getSettings()->full_multiple_companies_support == '1') {
|
||||
if ($request->filled('asset_id')) {
|
||||
$fmcsTarget = Asset::find($request->input('asset_id'));
|
||||
if ($fmcsTarget && ! $license->canCheckoutTo($fmcsTarget)) {
|
||||
return redirect()->route('licenses.index')->with('error', trans('general.error_checkout_company_mismatch', [
|
||||
'item' => trans('general.license').' "'.$license->name.'"',
|
||||
'item_company' => $license->company?->name ?? trans('general.unassigned'),
|
||||
'target' => trans('general.asset').' "'.$fmcsTarget->display_name.'"',
|
||||
]));
|
||||
}
|
||||
} elseif ($request->filled('assigned_to')) {
|
||||
$fmcsTarget = User::find($request->input('assigned_to'));
|
||||
if ($fmcsTarget && ! $license->canCheckoutTo($fmcsTarget)) {
|
||||
return redirect()->route('licenses.index')->with('error', trans('general.error_checkout_company_mismatch', [
|
||||
'item' => trans('general.license').' "'.$license->name.'"',
|
||||
'item_company' => $license->company?->name ?? trans('general.unassigned'),
|
||||
'target' => trans('general.user').' "'.$fmcsTarget->username.'"',
|
||||
]));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$licenseSeat = null;
|
||||
$checkoutTarget = null;
|
||||
|
||||
DB::transaction(function () use ($request, $license, $seatId, &$licenseSeat, &$checkoutTarget): void {
|
||||
$licenseSeat = $this->findLicenseSeatToCheckout($license, $seatId, lock: true);
|
||||
$licenseSeat->created_by = auth()->id();
|
||||
$licenseSeat->notes = $request->input('notes');
|
||||
|
||||
if ($request->filled('asset_id')) {
|
||||
$checkoutTarget = $this->checkoutToAsset($licenseSeat);
|
||||
} elseif ($request->filled('assigned_to')) {
|
||||
$checkoutTarget = $this->checkoutToUser($licenseSeat);
|
||||
}
|
||||
});
|
||||
$licenseSeat = $this->findLicenseSeatToCheckout($license, $seatId);
|
||||
$licenseSeat->created_by = auth()->id();
|
||||
$licenseSeat->notes = $request->input('notes');
|
||||
|
||||
if ($request->filled('asset_id')) {
|
||||
session()->put(['checkout_to_type' => 'asset']);
|
||||
$checkoutTarget = $this->checkoutToAsset($licenseSeat);
|
||||
$request->request->add(['assigned_asset' => $checkoutTarget->id]);
|
||||
session()->put([
|
||||
'redirect_option' => $request->input('redirect_option'),
|
||||
'checkout_to_type' => 'asset',
|
||||
'sign_in_place' => $request->boolean('sign_in_place'),
|
||||
]);
|
||||
session()->put(['redirect_option' => $request->input('redirect_option'), 'checkout_to_type' => 'asset']);
|
||||
|
||||
} elseif ($request->filled('assigned_to')) {
|
||||
session()->put(['checkout_to_type' => 'user']);
|
||||
$checkoutTarget = $this->checkoutToUser($licenseSeat);
|
||||
$request->request->add(['assigned_user' => $checkoutTarget->id]);
|
||||
session()->put([
|
||||
'redirect_option' => $request->input('redirect_option'),
|
||||
'checkout_to_type' => 'user',
|
||||
'sign_in_place' => $request->boolean('sign_in_place'),
|
||||
]);
|
||||
session()->put(['redirect_option' => $request->input('redirect_option'), 'checkout_to_type' => 'user']);
|
||||
}
|
||||
|
||||
if ($checkoutTarget) {
|
||||
|
||||
// When sign_in_place is requested and the target is a user, redirect to the
|
||||
// acceptance/signature page so the user can sign in person.
|
||||
if ($request->boolean('sign_in_place') && $checkoutTarget instanceof User) {
|
||||
$acceptance = CheckoutAcceptance::where('checkoutable_type', LicenseSeat::class)
|
||||
->where('checkoutable_id', $licenseSeat->id)
|
||||
->where('assigned_to_id', $checkoutTarget->id)
|
||||
->pending()
|
||||
->latest()
|
||||
->first();
|
||||
|
||||
// If requireAcceptance() is false the listener won't have created one; create it now.
|
||||
if (! $acceptance) {
|
||||
$acceptance = new CheckoutAcceptance;
|
||||
$acceptance->checkoutable()->associate($licenseSeat);
|
||||
$acceptance->assignedTo()->associate($checkoutTarget);
|
||||
$acceptance->save();
|
||||
}
|
||||
|
||||
session([
|
||||
'sign_in_place_acceptance_id' => $acceptance->id,
|
||||
'sign_in_place_item_id' => $license->id,
|
||||
'sign_in_place_resource_type' => 'Licenses',
|
||||
]);
|
||||
|
||||
return redirect()->route('account.accept.item', $acceptance->id)
|
||||
->with('success', trans('admin/licenses/message.checkout.success'));
|
||||
}
|
||||
|
||||
return Helper::getRedirectOption($request, $license->id, 'Licenses')
|
||||
->with('success', trans('admin/licenses/message.checkout.success'));
|
||||
}
|
||||
@@ -188,11 +119,9 @@ class LicenseCheckoutController extends Controller
|
||||
return redirect()->route('licenses.index')->with('error', trans('Something went wrong handling this checkout.'));
|
||||
}
|
||||
|
||||
protected function findLicenseSeatToCheckout($license, $seatId, bool $lock = false)
|
||||
protected function findLicenseSeatToCheckout($license, $seatId)
|
||||
{
|
||||
$licenseSeat = $seatId
|
||||
? LicenseSeat::where('id', $seatId)->when($lock, fn ($q) => $q->lockForUpdate())->first()
|
||||
: $license->freeSeat(lock: $lock);
|
||||
$licenseSeat = LicenseSeat::find($seatId) ?? $license->freeSeat();
|
||||
|
||||
if (! $licenseSeat) {
|
||||
if ($seatId) {
|
||||
@@ -221,7 +150,7 @@ class LicenseCheckoutController extends Controller
|
||||
$licenseSeat->assigned_to = $target->assigned_to;
|
||||
}
|
||||
if ($licenseSeat->save()) {
|
||||
event(new CheckoutableCheckedOut($licenseSeat, $target, auth()->user(), request('notes'), [], 1, request()->boolean('sign_in_place')));
|
||||
event(new CheckoutableCheckedOut($licenseSeat, $target, auth()->user(), request('notes')));
|
||||
|
||||
return $target;
|
||||
}
|
||||
@@ -238,7 +167,7 @@ class LicenseCheckoutController extends Controller
|
||||
$licenseSeat->assigned_to = request('assigned_to');
|
||||
|
||||
if ($licenseSeat->save()) {
|
||||
event(new CheckoutableCheckedOut($licenseSeat, $target, auth()->user(), request('notes'), [], 1, request()->boolean('sign_in_place')));
|
||||
event(new CheckoutableCheckedOut($licenseSeat, $target, auth()->user(), request('notes')));
|
||||
|
||||
return $target;
|
||||
}
|
||||
@@ -263,10 +192,14 @@ class LicenseCheckoutController extends Controller
|
||||
|
||||
Log::debug('Checking out '.$licenseId.' via bulk');
|
||||
$license = License::findOrFail($licenseId);
|
||||
$this->authorize('checkout', $license);
|
||||
$this->authorize('checkin', $license);
|
||||
$avail_count = $license->getAvailSeatsCountAttribute();
|
||||
|
||||
if ($license->isInactive()) {
|
||||
return redirect()->back()->with('error', trans('admin/licenses/message.checkout.license_is_inactive'));
|
||||
$users = User::whereNull('deleted_at')->where('autoassign_licenses', '=', 1)->with('licenses')->get();
|
||||
Log::debug($avail_count.' will be assigned');
|
||||
|
||||
if ($users->count() > $avail_count) {
|
||||
Log::debug('You do not have enough free seats to complete this task, so we will check out as many as we can. ');
|
||||
}
|
||||
|
||||
// If the license is valid, check that there is an available seat
|
||||
@@ -274,19 +207,6 @@ class LicenseCheckoutController extends Controller
|
||||
return redirect()->back()->with('error', trans('admin/licenses/general.bulk.checkout_all.error_no_seats'));
|
||||
}
|
||||
|
||||
$avail_count = $license->getAvailSeatsCountAttribute();
|
||||
|
||||
$usersQuery = User::whereNull('deleted_at')->where('autoassign_licenses', '=', 1)->with('licenses');
|
||||
if (Setting::getSettings()->full_multiple_companies_support && $license->company_id) {
|
||||
$usersQuery->where('company_id', '=', $license->company_id);
|
||||
}
|
||||
$users = $usersQuery->get();
|
||||
Log::debug($avail_count.' will be assigned');
|
||||
|
||||
if ($users->count() > $avail_count) {
|
||||
Log::debug('You do not have enough free seats to complete this task, so we will check out as many as we can. ');
|
||||
}
|
||||
|
||||
$assigned_count = 0;
|
||||
|
||||
foreach ($users as $user) {
|
||||
|
||||
@@ -12,7 +12,6 @@ use Illuminate\Contracts\View\View;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use League\Csv\EscapeFormula;
|
||||
use Symfony\Component\HttpFoundation\StreamedResponse;
|
||||
|
||||
/**
|
||||
@@ -263,7 +262,7 @@ class LicensesController extends Controller
|
||||
*/
|
||||
public function show(License $license)
|
||||
{
|
||||
$license = License::with('assignedusers')->withCount('freeSeats as free_seats_count')->find($license->id);
|
||||
$license = License::with('assignedusers')->find($license->id);
|
||||
|
||||
$users_count = User::where('autoassign_licenses', '1')->count();
|
||||
|
||||
@@ -389,8 +388,6 @@ class LicensesController extends Controller
|
||||
|
||||
fputcsv($handle, $headers);
|
||||
|
||||
$formatter = new EscapeFormula('`');
|
||||
|
||||
foreach ($licenses as $license) {
|
||||
// Add a new row with data
|
||||
$values = [
|
||||
@@ -422,14 +419,7 @@ class LicensesController extends Controller
|
||||
$license->created_at,
|
||||
];
|
||||
|
||||
// CSV_ESCAPE_FORMULAS is set to false in the .env
|
||||
if (config('app.escape_formulas') === false) {
|
||||
fputcsv($handle, $values);
|
||||
|
||||
// CSV_ESCAPE_FORMULAS is set to true or is not set in the .env
|
||||
} else {
|
||||
fputcsv($handle, $formatter->escapeRecord($values));
|
||||
}
|
||||
fputcsv($handle, $values);
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
@@ -89,24 +89,19 @@ class LocationsController extends Controller
|
||||
$location->fax = request('fax');
|
||||
$location->tag_color = $request->input('tag_color');
|
||||
$location->notes = $request->input('notes');
|
||||
$location->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
|
||||
// Only scope the location if the setting is enabled
|
||||
if (Setting::getSettings()->scope_locations_fmcs) {
|
||||
$location->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
// check if parent is set and has a different company
|
||||
if ($location->parent_id && Location::find($location->parent_id)->company_id != $location->company_id) {
|
||||
return redirect()->back()->withInput()->withInput()->with('error', 'different company than parent');
|
||||
}
|
||||
} else {
|
||||
$location->company_id = $request->input('company_id');
|
||||
}
|
||||
|
||||
// Parent company check applies whenever FMCS is on, independent of scope_locations_fmcs.
|
||||
if (Setting::getSettings()->full_multiple_companies_support) {
|
||||
$parent = $location->parent_id ? Location::find($location->parent_id) : null;
|
||||
if ($parent && $parent->company_id != $location->company_id) {
|
||||
return redirect()->back()->withInput()->with('error', trans('general.error_location_parent_company', [
|
||||
'parent' => $parent->name,
|
||||
'parent_company' => $parent->company?->name ?? trans('general.unassigned'),
|
||||
'location_company' => $location->company?->name ?? trans('general.unassigned'),
|
||||
]));
|
||||
}
|
||||
}
|
||||
|
||||
if ($request->has('use_cloned_image')) {
|
||||
$cloned_model_img = Location::select('image')->find($request->input('clone_image_from_id'));
|
||||
if ($cloned_model_img) {
|
||||
@@ -176,34 +171,17 @@ class LocationsController extends Controller
|
||||
$location->tag_color = $request->input('tag_color');
|
||||
$location->notes = $request->input('notes');
|
||||
|
||||
// Only scope the location if the setting is enabled
|
||||
if (Setting::getSettings()->scope_locations_fmcs) {
|
||||
$location->company_id = Company::getIdForCurrentUser($request->input('company_id'));
|
||||
// check if there are related objects with different company
|
||||
if ($mismatched = Helper::test_locations_fmcs(false, $location->id, $location->company_id)) {
|
||||
$first = $mismatched[0];
|
||||
|
||||
return redirect()->back()->withInput()->with('error', trans('general.error_location_scoped_items', [
|
||||
'item_type' => trans('general.'.strtolower($first[0])),
|
||||
'item_name' => $first[2],
|
||||
'item_company' => $first[5] ?? trans('general.unassigned'),
|
||||
]));
|
||||
if (Helper::test_locations_fmcs(false, $location->id, $location->company_id)) {
|
||||
return redirect()->back()->withInput()->withInput()->with('error', 'error scoped locations');
|
||||
}
|
||||
} else {
|
||||
$location->company_id = $request->input('company_id');
|
||||
}
|
||||
|
||||
// Parent company check applies whenever FMCS is on, independent of scope_locations_fmcs.
|
||||
if (Setting::getSettings()->full_multiple_companies_support) {
|
||||
$parent = $location->parent_id ? Location::find($location->parent_id) : null;
|
||||
if ($parent && $parent->company_id != $location->company_id) {
|
||||
return redirect()->back()->withInput()->with('error', trans('general.error_location_parent_company', [
|
||||
'parent' => $parent->name,
|
||||
'parent_company' => $parent->company?->name ?? trans('general.unassigned'),
|
||||
'location_company' => $location->company?->name ?? trans('general.unassigned'),
|
||||
]));
|
||||
}
|
||||
}
|
||||
|
||||
$location = $request->handleImages($location);
|
||||
|
||||
if ($location->save()) {
|
||||
@@ -299,7 +277,7 @@ class LocationsController extends Controller
|
||||
->with('assignedAssets', $location->assignedAssets)
|
||||
->with('accessories', $location->accessories)
|
||||
->with('assignedAccessories', $location->assignedAccessories)
|
||||
->with('users', $location->users()->with('companies')->get())
|
||||
->with('users', $location->users)
|
||||
->with('location', $location)
|
||||
->with('consumables', $location->consumables)
|
||||
->with('components', $location->components)
|
||||
@@ -319,7 +297,7 @@ class LocationsController extends Controller
|
||||
->with('assignedAssets', $location->assignedAssets)
|
||||
->with('accessories', $location->accessories)
|
||||
->with('assignedAccessories', $location->assignedAccessories)
|
||||
->with('users', $location->users()->with('companies')->get())
|
||||
->with('users', $location->users)
|
||||
->with('location', $location)
|
||||
->with('consumables', $location->consumables)
|
||||
->with('components', $location->components)
|
||||
|
||||
@@ -1,72 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Models\MaintenanceType;
|
||||
use Illuminate\Contracts\View\View;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
class MaintenanceTypesController extends Controller
|
||||
{
|
||||
public function index(): View
|
||||
{
|
||||
$this->authorize('index', MaintenanceType::class);
|
||||
|
||||
return view('maintenance-types.index');
|
||||
}
|
||||
|
||||
public function create(): View
|
||||
{
|
||||
$this->authorize('create', MaintenanceType::class);
|
||||
|
||||
return view('maintenance-types.edit')->with('item', new MaintenanceType);
|
||||
}
|
||||
|
||||
public function store(Request $request): RedirectResponse
|
||||
{
|
||||
$this->authorize('create', MaintenanceType::class);
|
||||
|
||||
$type = new MaintenanceType;
|
||||
$type->name = $request->input('name');
|
||||
$type->created_by = auth()->id();
|
||||
|
||||
if ($type->save()) {
|
||||
return redirect()->route('maintenance-types.index')
|
||||
->with('success', trans('admin/maintenance_types/message.create.success'));
|
||||
}
|
||||
|
||||
return redirect()->back()->withInput()->withErrors($type->getErrors());
|
||||
}
|
||||
|
||||
public function edit(MaintenanceType $maintenanceType): View
|
||||
{
|
||||
$this->authorize('update', $maintenanceType);
|
||||
|
||||
return view('maintenance-types.edit')->with('item', $maintenanceType);
|
||||
}
|
||||
|
||||
public function update(Request $request, MaintenanceType $maintenanceType): RedirectResponse
|
||||
{
|
||||
$this->authorize('update', $maintenanceType);
|
||||
|
||||
$maintenanceType->name = $request->input('name');
|
||||
|
||||
if ($maintenanceType->save()) {
|
||||
return redirect()->route('maintenance-types.index')
|
||||
->with('success', trans('admin/maintenance_types/message.update.success'));
|
||||
}
|
||||
|
||||
return redirect()->back()->withInput()->withErrors($maintenanceType->getErrors());
|
||||
}
|
||||
|
||||
public function destroy(MaintenanceType $maintenanceType): RedirectResponse
|
||||
{
|
||||
$this->authorize('delete', $maintenanceType);
|
||||
|
||||
$maintenanceType->delete();
|
||||
|
||||
return redirect()->route('maintenance-types.index')
|
||||
->with('success', trans('admin/maintenance_types/message.delete.success'));
|
||||
}
|
||||
}
|
||||
@@ -2,19 +2,13 @@
|
||||
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Enums\ActionType;
|
||||
use App\Http\Requests\ImageUploadRequest;
|
||||
use App\Http\Requests\UploadFileRequest;
|
||||
use App\Models\Actionlog;
|
||||
use App\Models\Asset;
|
||||
use App\Models\Company;
|
||||
use App\Models\Maintenance;
|
||||
use App\Models\MaintenanceType;
|
||||
use Carbon\Carbon;
|
||||
use Illuminate\Contracts\View\View;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use Illuminate\Support\Facades\Validator;
|
||||
|
||||
/**
|
||||
* This controller handles all actions related to Asset Maintenance for
|
||||
@@ -60,7 +54,6 @@ class MaintenancesController extends Controller
|
||||
|
||||
return view('maintenances/edit')
|
||||
->with('maintenanceType', Maintenance::getImprovementOptions())
|
||||
->with('maintenanceTypes', MaintenanceType::orderBy('name')->get())
|
||||
->with('asset', $asset)
|
||||
->with('item', new Maintenance);
|
||||
}
|
||||
@@ -79,17 +72,12 @@ class MaintenancesController extends Controller
|
||||
public function store(ImageUploadRequest $request): RedirectResponse
|
||||
{
|
||||
$this->authorize('update', Asset::class);
|
||||
$this->validateUploadedFiles($request);
|
||||
|
||||
$assets = Asset::whereIn('id', $request->input('selected_assets'))->get();
|
||||
|
||||
// Loop through the selected assets
|
||||
foreach ($assets as $asset) {
|
||||
|
||||
if (! Company::isCurrentUserHasAccess($asset)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$maintenance = new Maintenance;
|
||||
$maintenance->supplier_id = $request->input('supplier_id');
|
||||
$maintenance->is_warranty = $request->input('is_warranty');
|
||||
@@ -100,21 +88,26 @@ class MaintenancesController extends Controller
|
||||
// Save the asset maintenance data
|
||||
$maintenance->asset_id = $asset->id;
|
||||
$maintenance->asset_maintenance_type = $request->input('asset_maintenance_type');
|
||||
$maintenance->maintenance_type_id = $request->input('maintenance_type_id');
|
||||
$maintenance->name = $request->input('name');
|
||||
$maintenance->start_date = $request->input('start_date');
|
||||
$maintenance->completion_date = $request->input('completion_date');
|
||||
$maintenance->responsible_party_id = $request->input('responsible_party_id') ?: auth()->id();
|
||||
$maintenance->created_by = auth()->id();
|
||||
|
||||
$request->handleImages($maintenance);
|
||||
if (($maintenance->completion_date !== null)
|
||||
&& ($maintenance->start_date !== '')
|
||||
&& ($maintenance->start_date !== '0000-00-00')
|
||||
) {
|
||||
$startDate = Carbon::parse($maintenance->start_date);
|
||||
$completionDate = Carbon::parse($maintenance->completion_date);
|
||||
$maintenance->asset_maintenance_time = (int) $completionDate->diffInDays($startDate, true);
|
||||
}
|
||||
|
||||
$maintenance = $request->handleImages($maintenance);
|
||||
|
||||
// Was the asset maintenance created?
|
||||
if (! $maintenance->save()) {
|
||||
return redirect()->back()->withInput()->withErrors($maintenance->getErrors());
|
||||
}
|
||||
|
||||
$this->storeUploadedFiles($request, $maintenance);
|
||||
}
|
||||
|
||||
return redirect()->route('maintenances.index')
|
||||
@@ -142,7 +135,6 @@ class MaintenancesController extends Controller
|
||||
->with('selected_assets', $maintenance->asset->pluck('id')->toArray())
|
||||
->with('asset_ids', request()->input('asset_ids', []))
|
||||
->with('maintenanceType', Maintenance::getImprovementOptions())
|
||||
->with('maintenanceTypes', MaintenanceType::orderBy('name')->get())
|
||||
->with('item', $maintenance);
|
||||
}
|
||||
|
||||
@@ -164,24 +156,37 @@ class MaintenancesController extends Controller
|
||||
{
|
||||
$this->authorize('update', Asset::class);
|
||||
$this->authorize('update', $maintenance->asset);
|
||||
$this->validateUploadedFiles($request);
|
||||
|
||||
$maintenance->supplier_id = $request->input('supplier_id');
|
||||
$maintenance->is_warranty = $request->input('is_warranty', 0);
|
||||
$maintenance->cost = $request->input('cost');
|
||||
$maintenance->notes = $request->input('notes');
|
||||
$maintenance->asset_maintenance_type = $request->input('asset_maintenance_type');
|
||||
$maintenance->maintenance_type_id = $request->input('maintenance_type_id');
|
||||
$maintenance->name = $request->input('name');
|
||||
$maintenance->start_date = $request->input('start_date');
|
||||
$maintenance->completion_date = $request->input('completion_date');
|
||||
$maintenance->responsible_party_id = $request->input('responsible_party_id');
|
||||
$maintenance->url = $request->input('url');
|
||||
$request->handleImages($maintenance);
|
||||
|
||||
// Todo - put this in a getter/setter?
|
||||
if (($maintenance->completion_date == null)) {
|
||||
if (($maintenance->asset_maintenance_time !== 0)
|
||||
|| (! is_null($maintenance->asset_maintenance_time))
|
||||
) {
|
||||
$maintenance->asset_maintenance_time = null;
|
||||
}
|
||||
}
|
||||
|
||||
if (($maintenance->completion_date !== null)
|
||||
&& ($maintenance->start_date !== '')
|
||||
&& ($maintenance->start_date !== '0000-00-00')
|
||||
) {
|
||||
$startDate = Carbon::parse($maintenance->start_date);
|
||||
$completionDate = Carbon::parse($maintenance->completion_date);
|
||||
$maintenance->asset_maintenance_time = (int) $completionDate->diffInDays($startDate, true);
|
||||
}
|
||||
$maintenance = $request->handleImages($maintenance);
|
||||
|
||||
if ($maintenance->save()) {
|
||||
$this->storeUploadedFiles($request, $maintenance);
|
||||
|
||||
return redirect()->route('maintenances.index')
|
||||
->with('success', trans('admin/maintenances/message.edit.success'));
|
||||
}
|
||||
@@ -189,86 +194,6 @@ class MaintenancesController extends Controller
|
||||
return redirect()->back()->withInput()->withErrors($maintenance->getErrors());
|
||||
}
|
||||
|
||||
/**
|
||||
* Stores any generic file uploads submitted from the maintenance form.
|
||||
*/
|
||||
private function storeUploadedFiles(ImageUploadRequest $request, Maintenance $maintenance): void
|
||||
{
|
||||
if (! $request->hasFile('file')) {
|
||||
return;
|
||||
}
|
||||
|
||||
$objectType = 'maintenances';
|
||||
$storagePath = self::$map_storage_path[$objectType];
|
||||
|
||||
if (! Storage::exists($storagePath)) {
|
||||
Storage::makeDirectory($storagePath, 775);
|
||||
}
|
||||
|
||||
$uploadFileRequest = app(UploadFileRequest::class);
|
||||
|
||||
foreach ((array) $request->file('file') as $file) {
|
||||
if (! $file) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$fileName = $uploadFileRequest->handleFile(
|
||||
$storagePath,
|
||||
self::$map_file_prefix[$objectType].'-'.$maintenance->id,
|
||||
$file
|
||||
);
|
||||
|
||||
$maintenance->logUpload($fileName, $request->input('file_notes'));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Validate generic file uploads with the shared UploadFileRequest rules.
|
||||
*/
|
||||
private function validateUploadedFiles(ImageUploadRequest $request): void
|
||||
{
|
||||
if (! $request->hasFile('file')) {
|
||||
return;
|
||||
}
|
||||
|
||||
$uploadFileRequest = app(UploadFileRequest::class);
|
||||
|
||||
Validator::make(
|
||||
array_merge($request->all(), ['file' => $request->file('file')]),
|
||||
$uploadFileRequest->rules()
|
||||
)->validate();
|
||||
}
|
||||
|
||||
/**
|
||||
* Mark a maintenance record as complete, logging who completed it and when.
|
||||
*/
|
||||
public function complete(Request $request, Maintenance $maintenance): RedirectResponse
|
||||
{
|
||||
$this->authorize('update', $maintenance->asset);
|
||||
|
||||
if ($maintenance->completed_at) {
|
||||
return redirect()->back()
|
||||
->with('warning', trans('admin/maintenances/form.already_complete'));
|
||||
}
|
||||
|
||||
$maintenance->completed_at = now();
|
||||
$maintenance->completed_by = auth()->id();
|
||||
$maintenance->asset_maintenance_time = (int) $maintenance->created_at->diffInDays(now(), true);
|
||||
$maintenance->saveQuietly();
|
||||
|
||||
$logAction = new Actionlog;
|
||||
$logAction->item_type = Maintenance::class;
|
||||
$logAction->item_id = $maintenance->id;
|
||||
$logAction->target_type = Asset::class;
|
||||
$logAction->target_id = $maintenance->asset_id;
|
||||
$logAction->created_by = auth()->id();
|
||||
$logAction->note = $request->input('note');
|
||||
$logAction->logaction(ActionType::MaintenanceComplete);
|
||||
|
||||
return redirect()->back()
|
||||
->with('success', trans('admin/maintenances/message.complete.success'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete an asset maintenance
|
||||
*
|
||||
|
||||
@@ -30,7 +30,6 @@ class ModalController extends Controller
|
||||
'kit-consumable',
|
||||
'kit-accessory',
|
||||
'location',
|
||||
'maintenance-type',
|
||||
'manufacturer',
|
||||
'model',
|
||||
'statuslabel',
|
||||
|
||||
@@ -4,15 +4,13 @@ namespace App\Http\Controllers;
|
||||
|
||||
use App\Models\Actionlog;
|
||||
use App\Models\Asset;
|
||||
use App\Models\Maintenance;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
class NotesController extends Controller
|
||||
{
|
||||
public function store(Request $request): RedirectResponse
|
||||
public function store(Request $request)
|
||||
{
|
||||
$this->authorize('update', Asset::class);
|
||||
|
||||
@@ -21,19 +19,13 @@ class NotesController extends Controller
|
||||
'note' => 'required|string|max:50000',
|
||||
'type' => [
|
||||
'required',
|
||||
Rule::in(['asset', 'maintenance']),
|
||||
Rule::in(['asset']),
|
||||
],
|
||||
]);
|
||||
|
||||
if ($validated['type'] === 'maintenance') {
|
||||
$item = Maintenance::findOrFail($validated['id']);
|
||||
$this->authorize('update', $item->asset);
|
||||
$redirect = redirect()->route('maintenances.show', $validated['id']);
|
||||
} else {
|
||||
$item = Asset::findOrFail($validated['id']);
|
||||
$this->authorize('update', $item);
|
||||
$redirect = redirect()->route('hardware.show', $validated['id']);
|
||||
}
|
||||
$item = Asset::findOrFail($validated['id']);
|
||||
|
||||
$this->authorize('update', $item);
|
||||
|
||||
$logaction = new Actionlog;
|
||||
$logaction->item_id = $item->id;
|
||||
@@ -42,6 +34,9 @@ class NotesController extends Controller
|
||||
$logaction->created_by = Auth::id();
|
||||
$logaction->logaction('note added');
|
||||
|
||||
return $redirect->withFragment('notes')->with('success', trans('general.note_added'));
|
||||
return redirect()
|
||||
->route('hardware.show', $validated['id'])
|
||||
->withFragment('history')
|
||||
->with('success', trans('general.note_added'));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -8,7 +8,6 @@ use App\Models\Asset;
|
||||
use App\Models\Setting;
|
||||
use App\Models\User;
|
||||
use App\Notifications\CurrentInventory;
|
||||
use App\Rules\CssColor;
|
||||
use Illuminate\Contracts\View\View;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\Request;
|
||||
@@ -64,12 +63,6 @@ class ProfileController extends Controller
|
||||
|
||||
$user->enable_sounds = $request->input('enable_sounds', false);
|
||||
$user->enable_confetti = $request->input('enable_confetti', false);
|
||||
$request->validate([
|
||||
'link_light_color' => ['nullable', new CssColor],
|
||||
'link_dark_color' => ['nullable', new CssColor],
|
||||
'nav_link_color' => ['nullable', new CssColor],
|
||||
]);
|
||||
|
||||
$user->link_light_color = $request->input('link_light_color', '#296282');
|
||||
$user->link_dark_color = $request->input('link_dark_color', '#296282');
|
||||
$user->nav_link_color = $request->input('nav_link_color', '#FFFFFF');
|
||||
@@ -218,19 +211,14 @@ class ProfileController extends Controller
|
||||
*/
|
||||
public function printInventory(): View
|
||||
{
|
||||
$userId = auth()->id();
|
||||
$show_users = User::where('id', auth()->user()->id)->get();
|
||||
|
||||
$show_user = User::withInventoryRelations($userId)->first();
|
||||
|
||||
$indirectItemsCount =
|
||||
$show_user->assets->flatMap->assignedAssets->count()
|
||||
+ $show_user->assets->flatMap->components->count()
|
||||
+ $show_user->assets->flatMap->licenses->count()
|
||||
+ $show_user->assets->flatMap->assignedAccessories->count();
|
||||
|
||||
return view('users.print')
|
||||
->with('users', [$show_user])
|
||||
->with('indirectItemsCount', $indirectItemsCount)
|
||||
return view('users/print')
|
||||
->with('assets', auth()->user()->assets())
|
||||
->with('licenses', auth()->user()->licenses()->get())
|
||||
->with('accessories', auth()->user()->accessories()->get())
|
||||
->with('consumables', auth()->user()->consumables()->get())
|
||||
->with('users', $show_users)
|
||||
->with('settings', Setting::getSettings());
|
||||
}
|
||||
|
||||
@@ -263,7 +251,6 @@ class ProfileController extends Controller
|
||||
|
||||
public function getStoredEula($filename): Response|BinaryFileResponse|RedirectResponse
|
||||
{
|
||||
$filename = basename((string) $filename);
|
||||
|
||||
$logentry = Actionlog::where('filename', $filename)->first();
|
||||
|
||||
|
||||
@@ -1,66 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Helpers\Helper;
|
||||
use App\Models\Setting;
|
||||
use Com\Tecnick\Barcode\Barcode;
|
||||
use Illuminate\Http\Response;
|
||||
use Symfony\Component\HttpFoundation\BinaryFileResponse;
|
||||
|
||||
class QrCodeController extends Controller
|
||||
{
|
||||
public static $map_show_route = [
|
||||
'accessories' => 'accessories.show',
|
||||
'assets' => 'hardware.show',
|
||||
'companies' => 'companies.show',
|
||||
'components' => 'components.show',
|
||||
'consumables' => 'consumables.show',
|
||||
'hardware' => 'hardware.show',
|
||||
'licenses' => 'licenses.show',
|
||||
'locations' => 'locations.show',
|
||||
'models' => 'models.show',
|
||||
'users' => 'users.show',
|
||||
];
|
||||
|
||||
public function show($object_type, $id): Response|BinaryFileResponse|string|bool
|
||||
{
|
||||
$settings = Setting::getSettings();
|
||||
|
||||
if ($settings->label2_2d_type === 'none') {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (! array_key_exists($object_type, self::$map_show_route)) {
|
||||
return $object_type.' is not a valid type.';
|
||||
}
|
||||
|
||||
$object = self::$map_object_type[$object_type]::withTrashed()->find($id);
|
||||
|
||||
if (! $object) {
|
||||
return 'That item is invalid';
|
||||
}
|
||||
|
||||
$this->authorize('view', $object);
|
||||
|
||||
$size = Helper::barcodeDimensions($settings->label2_2d_type);
|
||||
$qr_file = public_path().'/uploads/barcodes/qr-'.str_slug($object_type).'-'.str_slug($id).'.png';
|
||||
|
||||
if (file_exists($qr_file)) {
|
||||
return response()->file($qr_file, ['Content-type' => 'image/png']);
|
||||
}
|
||||
|
||||
$barcode = new Barcode;
|
||||
$barcode_obj = $barcode->getBarcodeObj(
|
||||
$settings->label2_2d_type,
|
||||
route(self::$map_show_route[$object_type], $id),
|
||||
$size['height'],
|
||||
$size['width'],
|
||||
'black',
|
||||
[-2, -2, -2, -2]
|
||||
);
|
||||
file_put_contents($qr_file, $barcode_obj->getPngData());
|
||||
|
||||
return response($barcode_obj->getPngData())->header('Content-type', 'image/png');
|
||||
}
|
||||
}
|
||||
@@ -32,10 +32,11 @@ use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Http\Response;
|
||||
use Illuminate\Mail\Mailable;
|
||||
use Illuminate\Support\Facades\Gate;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use Illuminate\Support\Facades\Mail;
|
||||
use League\Csv\EscapeFormula;
|
||||
use League\Csv\Reader;
|
||||
use League\Csv\Writer;
|
||||
use Symfony\Component\HttpFoundation\StreamedResponse;
|
||||
|
||||
/**
|
||||
@@ -54,31 +55,6 @@ class ReportsController extends Controller
|
||||
parent::__construct();
|
||||
}
|
||||
|
||||
public function index(): View
|
||||
{
|
||||
$this->authorize('reports.view');
|
||||
$settings = Setting::getSettings();
|
||||
|
||||
$audit_alert_count = Asset::DueOrOverdueForAudit($settings)->count();
|
||||
$checkin_alert_count = Asset::DueOrOverdueForCheckin($settings)->count();
|
||||
// CheckoutAcceptance has no company_id column; scope through the checkoutable
|
||||
// relationship so each type's CompanyableTrait global scope is applied.
|
||||
$pending_acceptance_count = CheckoutAcceptance::pending()
|
||||
->whereHasMorph('checkoutable', [Asset::class, LicenseSeat::class, Accessory::class, Component::class, Consumable::class])
|
||||
->count();
|
||||
$licenses_low_count = License::withCount(['freeSeats as free_seats_count'])
|
||||
->get()
|
||||
->filter(fn ($l) => $l->free_seats_count <= 0)
|
||||
->count();
|
||||
|
||||
return view('reports/index', compact(
|
||||
'audit_alert_count',
|
||||
'checkin_alert_count',
|
||||
'pending_acceptance_count',
|
||||
'licenses_low_count',
|
||||
));
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a view that displays the accessories report.
|
||||
*
|
||||
@@ -103,46 +79,36 @@ class ReportsController extends Controller
|
||||
* @see ManufacturersController::getDatatable() method that generates the JSON response
|
||||
* @since [v1.0]
|
||||
*/
|
||||
public function exportAccessoryReport(): StreamedResponse
|
||||
public function exportAccessoryReport(): Response
|
||||
{
|
||||
$this->authorize('reports.view');
|
||||
$accessories = Accessory::orderBy('created_at', 'DESC')->get();
|
||||
|
||||
$response = new StreamedResponse(function () {
|
||||
$handle = fopen('php://output', 'w');
|
||||
$rows = [];
|
||||
$header = [
|
||||
trans('admin/accessories/table.title'),
|
||||
trans('admin/accessories/general.accessory_category'),
|
||||
trans('admin/accessories/general.total'),
|
||||
trans('admin/accessories/general.remaining'),
|
||||
];
|
||||
$header = array_map('trim', $header);
|
||||
$rows[] = implode(', ', $header);
|
||||
|
||||
$header = [
|
||||
trans('admin/accessories/table.title'),
|
||||
trans('admin/accessories/general.accessory_category'),
|
||||
trans('admin/accessories/general.total'),
|
||||
trans('admin/accessories/general.remaining'),
|
||||
];
|
||||
fputcsv($handle, $header);
|
||||
// Row per accessory
|
||||
foreach ($accessories as $accessory) {
|
||||
$row = [];
|
||||
$row[] = e($accessory->accessory_name);
|
||||
$row[] = e($accessory->accessory_category);
|
||||
$row[] = e($accessory->total);
|
||||
$row[] = e($accessory->remaining);
|
||||
|
||||
$formatter = new EscapeFormula('`');
|
||||
$rows[] = implode(',', $row);
|
||||
}
|
||||
|
||||
Accessory::with('category')->orderBy('created_at', 'DESC')
|
||||
->chunk(500, function ($accessories) use ($handle, $formatter) {
|
||||
foreach ($accessories as $accessory) {
|
||||
$row = [
|
||||
$accessory->name,
|
||||
$accessory->category?->name,
|
||||
$accessory->qty,
|
||||
$accessory->numRemaining(),
|
||||
];
|
||||
|
||||
if (config('app.escape_formulas') === false) {
|
||||
fputcsv($handle, $row);
|
||||
} else {
|
||||
fputcsv($handle, $formatter->escapeRecord($row));
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
fclose($handle);
|
||||
}, 200, [
|
||||
'Content-Type' => 'text/csv',
|
||||
'Content-Disposition' => 'attachment; filename="accessories-report-'.date('Y-m-d-his').'.csv"',
|
||||
]);
|
||||
$csv = implode("\n", $rows);
|
||||
$response = response()->make($csv, 200);
|
||||
$response->header('Content-Type', 'text/csv');
|
||||
$response->header('Content-disposition', 'attachment;filename=report.csv');
|
||||
|
||||
return $response;
|
||||
}
|
||||
@@ -171,80 +137,74 @@ class ReportsController extends Controller
|
||||
*
|
||||
* @since [v1.0]
|
||||
*/
|
||||
public function exportDeprecationReport(): StreamedResponse
|
||||
public function exportDeprecationReport(): Response
|
||||
{
|
||||
$this->authorize('reports.view');
|
||||
// Grab all the assets
|
||||
$assets = Asset::with('model', 'assignedTo', 'assetstatus', 'defaultLoc', 'assetlog')
|
||||
->orderBy('created_at', 'DESC')->get();
|
||||
|
||||
$response = new StreamedResponse(function () {
|
||||
$handle = fopen('php://output', 'w');
|
||||
$formatter = new EscapeFormula('`');
|
||||
$csv = Writer::createFromFileObject(new \SplTempFileObject);
|
||||
$csv->setOutputBOM(Reader::BOM_UTF16_BE);
|
||||
|
||||
$header = [
|
||||
trans('admin/hardware/table.asset_tag'),
|
||||
trans('admin/hardware/table.title'),
|
||||
trans('admin/hardware/table.serial'),
|
||||
trans('admin/hardware/table.checkoutto'),
|
||||
trans('admin/hardware/table.location'),
|
||||
trans('admin/hardware/table.purchase_date'),
|
||||
trans('admin/hardware/table.purchase_cost'),
|
||||
trans('admin/hardware/table.book_value'),
|
||||
trans('admin/hardware/table.diff'),
|
||||
];
|
||||
fputcsv($handle, $header);
|
||||
$rows = [];
|
||||
|
||||
Asset::with('model', 'assignedTo', 'status', 'defaultLoc', 'assetlog')
|
||||
->orderBy('created_at', 'DESC')
|
||||
->chunk(500, function ($assets) use ($handle, $formatter) {
|
||||
foreach ($assets as $asset) {
|
||||
$currency = $asset->location
|
||||
? $asset->location->currency
|
||||
: Setting::getSettings()->default_currency;
|
||||
// Create the header row
|
||||
$header = [
|
||||
trans('admin/hardware/table.asset_tag'),
|
||||
trans('admin/hardware/table.title'),
|
||||
trans('admin/hardware/table.serial'),
|
||||
trans('admin/hardware/table.checkoutto'),
|
||||
trans('admin/hardware/table.location'),
|
||||
trans('admin/hardware/table.purchase_date'),
|
||||
trans('admin/hardware/table.purchase_cost'),
|
||||
trans('admin/hardware/table.book_value'),
|
||||
trans('admin/hardware/table.diff'),
|
||||
];
|
||||
|
||||
if ($target = $asset->assignedTo) {
|
||||
$assignedTo = $target->display_name;
|
||||
} else {
|
||||
$assignedTo = '';
|
||||
}
|
||||
// we insert the CSV header
|
||||
$csv->insertOne($header);
|
||||
|
||||
if (($asset->assigned_to > 0) && ($location = $asset->location)) {
|
||||
if ($location->city) {
|
||||
$locationStr = $location->city.', '.$location->state;
|
||||
} elseif ($location->name) {
|
||||
$locationStr = $location->name;
|
||||
} else {
|
||||
$locationStr = '';
|
||||
}
|
||||
} else {
|
||||
$locationStr = '';
|
||||
}
|
||||
// Create a row per asset
|
||||
foreach ($assets as $asset) {
|
||||
$row = [];
|
||||
$row[] = e($asset->asset_tag);
|
||||
$row[] = e($asset->name);
|
||||
$row[] = e($asset->serial);
|
||||
|
||||
$row = [
|
||||
$asset->asset_tag,
|
||||
$asset->name,
|
||||
$asset->serial,
|
||||
$assignedTo,
|
||||
$locationStr,
|
||||
Helper::getFormattedDateObject($asset->purchase_date, 'date', false),
|
||||
$currency.Helper::formatCurrencyOutput($asset->purchase_cost),
|
||||
$currency.Helper::formatCurrencyOutput($asset->getDepreciatedValue()),
|
||||
$currency.Helper::formatCurrencyOutput($asset->purchase_cost - $asset->getDepreciatedValue()),
|
||||
];
|
||||
if ($target = $asset->assignedTo) {
|
||||
$row[] = e($target->display_name);
|
||||
} else {
|
||||
$row[] = ''; // Empty string if unassigned
|
||||
}
|
||||
|
||||
if (config('app.escape_formulas') === false) {
|
||||
fputcsv($handle, $row);
|
||||
} else {
|
||||
fputcsv($handle, $formatter->escapeRecord($row));
|
||||
}
|
||||
}
|
||||
});
|
||||
if (($asset->assigned_to > 0) && ($location = $asset->location)) {
|
||||
if ($location->city) {
|
||||
$row[] = e($location->city).', '.e($location->state);
|
||||
} elseif ($location->name) {
|
||||
$row[] = e($location->name);
|
||||
} else {
|
||||
$row[] = '';
|
||||
}
|
||||
} else {
|
||||
$row[] = ''; // Empty string if location is not set
|
||||
}
|
||||
|
||||
fclose($handle);
|
||||
}, 200, [
|
||||
'Content-Type' => 'text/csv',
|
||||
'Content-Disposition' => 'attachment; filename="depreciation-report-'.date('Y-m-d-his').'.csv"',
|
||||
]);
|
||||
if ($asset->location) {
|
||||
$currency = e($asset->location->currency);
|
||||
} else {
|
||||
$currency = e(Setting::getSettings()->default_currency);
|
||||
}
|
||||
|
||||
return $response;
|
||||
$row[] = Helper::getFormattedDateObject($asset->purchase_date, 'date', false);
|
||||
$row[] = $currency.Helper::formatCurrencyOutput($asset->purchase_cost);
|
||||
$row[] = $currency.Helper::formatCurrencyOutput($asset->getDepreciatedValue());
|
||||
$row[] = $currency.Helper::formatCurrencyOutput(($asset->purchase_cost - $asset->getDepreciatedValue()));
|
||||
$csv->insertOne($row);
|
||||
}
|
||||
|
||||
$csv->output('depreciation-report-'.date('Y-m-d').'.csv');
|
||||
exit;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -291,7 +251,6 @@ class ReportsController extends Controller
|
||||
|
||||
$response = new StreamedResponse(function () {
|
||||
Log::debug('Starting streamed response');
|
||||
Log::debug('CSV escaping is set to: '.config('app.escape_formulas'));
|
||||
|
||||
// Open output stream
|
||||
$handle = fopen('php://output', 'w');
|
||||
@@ -327,8 +286,6 @@ class ReportsController extends Controller
|
||||
Log::debug('Walking results: '.$executionTime);
|
||||
$count = 0;
|
||||
|
||||
$formatter = new EscapeFormula('`');
|
||||
|
||||
foreach ($actionlogs as $actionlog) {
|
||||
$count++;
|
||||
$target_name = '';
|
||||
@@ -359,15 +316,7 @@ class ReportsController extends Controller
|
||||
$actionlog->action_source,
|
||||
$actionlog->log_meta,
|
||||
];
|
||||
|
||||
// CSV_ESCAPE_FORMULAS is set to false in the .env
|
||||
if (config('app.escape_formulas') === false) {
|
||||
fputcsv($handle, $row);
|
||||
|
||||
// CSV_ESCAPE_FORMULAS is set to true or is not set in the .env
|
||||
} else {
|
||||
fputcsv($handle, $formatter->escapeRecord($row));
|
||||
}
|
||||
fputcsv($handle, $row);
|
||||
}
|
||||
});
|
||||
|
||||
@@ -409,52 +358,45 @@ class ReportsController extends Controller
|
||||
*
|
||||
* @since [v1.0]
|
||||
*/
|
||||
public function exportLicenseReport(): StreamedResponse
|
||||
public function exportLicenseReport(): Response
|
||||
{
|
||||
$this->authorize('reports.view');
|
||||
$licenses = License::orderBy('created_at', 'DESC')->get();
|
||||
|
||||
$response = new StreamedResponse(function () {
|
||||
$handle = fopen('php://output', 'w');
|
||||
$formatter = new EscapeFormula('`');
|
||||
$rows = [];
|
||||
$header = [
|
||||
trans('admin/licenses/table.title'),
|
||||
trans('admin/licenses/table.serial'),
|
||||
trans('admin/licenses/form.seats'),
|
||||
trans('admin/licenses/form.remaining_seats'),
|
||||
trans('admin/licenses/form.expiration'),
|
||||
trans('general.purchase_date'),
|
||||
trans('general.depreciation'),
|
||||
trans('general.purchase_cost'),
|
||||
];
|
||||
|
||||
$header = [
|
||||
trans('admin/licenses/table.title'),
|
||||
trans('admin/licenses/table.serial'),
|
||||
trans('admin/licenses/form.seats'),
|
||||
trans('admin/licenses/form.remaining_seats'),
|
||||
trans('admin/licenses/form.expiration'),
|
||||
trans('general.purchase_date'),
|
||||
trans('general.depreciation'),
|
||||
trans('general.purchase_cost'),
|
||||
];
|
||||
fputcsv($handle, $header);
|
||||
$header = array_map('trim', $header);
|
||||
$rows[] = implode(', ', $header);
|
||||
|
||||
License::orderBy('created_at', 'DESC')->chunk(500, function ($licenses) use ($handle, $formatter) {
|
||||
foreach ($licenses as $license) {
|
||||
$row = [
|
||||
$license->name,
|
||||
$license->serial,
|
||||
$license->seats,
|
||||
$license->remaincount(),
|
||||
$license->expiration_date,
|
||||
$license->purchase_date,
|
||||
($license->depreciation != '') ? $license->depreciation->name : '',
|
||||
Helper::formatCurrencyOutput($license->purchase_cost),
|
||||
];
|
||||
// Row per license
|
||||
foreach ($licenses as $license) {
|
||||
$row = [];
|
||||
$row[] = e($license->name);
|
||||
$row[] = e($license->serial);
|
||||
$row[] = e($license->seats);
|
||||
$row[] = $license->remaincount();
|
||||
$row[] = $license->expiration_date;
|
||||
$row[] = $license->purchase_date;
|
||||
$row[] = ($license->depreciation != '') ? '' : e($license->depreciation->name);
|
||||
$row[] = '"'.Helper::formatCurrencyOutput($license->purchase_cost).'"';
|
||||
|
||||
if (config('app.escape_formulas') === false) {
|
||||
fputcsv($handle, $row);
|
||||
} else {
|
||||
fputcsv($handle, $formatter->escapeRecord($row));
|
||||
}
|
||||
}
|
||||
});
|
||||
$rows[] = implode(',', $row);
|
||||
}
|
||||
|
||||
fclose($handle);
|
||||
}, 200, [
|
||||
'Content-Type' => 'text/csv',
|
||||
'Content-Disposition' => 'attachment; filename="licenses-report-'.date('Y-m-d-his').'.csv"',
|
||||
]);
|
||||
$csv = implode("\n", $rows);
|
||||
$response = response()->make($csv, 200);
|
||||
$response->header('Content-Type', 'text/csv');
|
||||
$response->header('Content-disposition', 'attachment;filename=report.csv');
|
||||
|
||||
return $response;
|
||||
}
|
||||
@@ -733,7 +675,7 @@ class ReportsController extends Controller
|
||||
}
|
||||
|
||||
$assets = Asset::select('assets.*')->with(
|
||||
'location', 'status', 'company', 'defaultLoc', 'assignedTo',
|
||||
'location', 'assetstatus', 'company', 'defaultLoc', 'assignedTo',
|
||||
'model.category', 'model.manufacturer', 'supplier');
|
||||
|
||||
if ($request->filled('by_location_id')) {
|
||||
@@ -799,11 +741,12 @@ class ReportsController extends Controller
|
||||
$checkout_start = Carbon::parse($request->input('checkout_date_start'))->startOfDay();
|
||||
$checkout_end = Carbon::parse($request->input('checkout_date_end', now()))->endOfDay();
|
||||
|
||||
$actionlogassets = Actionlog::select('id')->where('action_type', '=', 'checkout')
|
||||
->where('item_type', '=', Asset::class)
|
||||
->whereBetween('action_date', [$checkout_start, $checkout_end]); // we are *not* doing ->get()...
|
||||
$actionlogassets = Actionlog::where('action_type', '=', 'checkout')
|
||||
->where('item_type', 'LIKE', '%Asset%')
|
||||
->whereBetween('action_date', [$checkout_start, $checkout_end])
|
||||
->pluck('item_id');
|
||||
|
||||
$assets->whereIn('id', $actionlogassets); // ...because this _should_ act as a 'subquery'
|
||||
$assets->whereIn('assets.id', $actionlogassets);
|
||||
}
|
||||
|
||||
if (($request->filled('checkin_date_start'))) {
|
||||
@@ -854,14 +797,6 @@ class ReportsController extends Controller
|
||||
$assets->onlyTrashed();
|
||||
}
|
||||
|
||||
if ($request->input('assignment_status') === 'assigned') {
|
||||
$assets->whereNotNull('assets.assigned_to');
|
||||
}
|
||||
|
||||
if ($request->input('assignment_status') === 'unassigned') {
|
||||
$assets->whereNull('assets.assigned_to');
|
||||
}
|
||||
|
||||
$assets->orderBy('assets.id', 'ASC')->chunk(500, function ($assets) use ($handle, $customfields, $request) {
|
||||
|
||||
$executionTime = microtime(true) - $_SERVER['REQUEST_TIME_FLOAT'];
|
||||
@@ -908,7 +843,7 @@ class ReportsController extends Controller
|
||||
}
|
||||
|
||||
if ($request->filled('purchase_date')) {
|
||||
$row[] = ($asset->purchase_date) ? Carbon::parse($asset->purchase_date)->format('Y-m-d') : '';
|
||||
$row[] = ($asset->purchase_date) ? $asset->purchase_date : '';
|
||||
}
|
||||
|
||||
if ($request->filled('purchase_cost')) {
|
||||
@@ -916,7 +851,7 @@ class ReportsController extends Controller
|
||||
}
|
||||
|
||||
if ($request->filled('eol')) {
|
||||
$row[] = ($asset->asset_eol_date != '') ? Carbon::parse($asset->asset_eol_date)->format('Y-m-d') : '';
|
||||
$row[] = ($asset->asset_eol_date != '') ? $asset->asset_eol_date : '';
|
||||
}
|
||||
|
||||
if ($request->filled('warranty')) {
|
||||
@@ -982,7 +917,7 @@ class ReportsController extends Controller
|
||||
|
||||
if ($request->filled('user_company')) {
|
||||
if ($asset->checkedOutToUser()) {
|
||||
$row[] = ($asset->assignedto?->company) ? $asset->assignedto?->company?->display_name : '';
|
||||
$row[] = ($asset->assignedto->company) ? $asset->assignedto->company->display_name : '';
|
||||
} else {
|
||||
$row[] = ''; // Empty string if unassigned
|
||||
}
|
||||
@@ -1087,7 +1022,7 @@ class ReportsController extends Controller
|
||||
}
|
||||
|
||||
if ($request->filled('status')) {
|
||||
$row[] = ($asset->status) ? $asset->status->name.' ('.$asset->present()->statusMeta.')' : '';
|
||||
$row[] = ($asset->assetstatus) ? $asset->assetstatus->name.' ('.$asset->present()->statusMeta.')' : '';
|
||||
}
|
||||
|
||||
if ($request->filled('checkout_date')) {
|
||||
@@ -1135,13 +1070,7 @@ class ReportsController extends Controller
|
||||
foreach ($customfields as $customfield) {
|
||||
$column_name = $customfield->db_column_name();
|
||||
if ($request->filled($customfield->db_column_name())) {
|
||||
$value = $asset->$column_name;
|
||||
|
||||
if (($customfield->field_encrypted == '1') && Gate::allows('assets.view.encrypted_custom_fields')) {
|
||||
$value = Helper::gracefulDecrypt($customfield, $value);
|
||||
}
|
||||
|
||||
$row[] = $value;
|
||||
$row[] = $asset->$column_name;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1192,60 +1121,56 @@ class ReportsController extends Controller
|
||||
*
|
||||
* @version v1.0
|
||||
*/
|
||||
public function exportMaintenancesReport(): StreamedResponse
|
||||
public function exportMaintenancesReport(): Response
|
||||
{
|
||||
$this->authorize('reports.view');
|
||||
// Grab all the improvements
|
||||
$Maintenances = Maintenance::with('asset', 'supplier')
|
||||
->orderBy('created_at', 'DESC')
|
||||
->get();
|
||||
|
||||
$response = new StreamedResponse(function () {
|
||||
$handle = fopen('php://output', 'w');
|
||||
$formatter = new EscapeFormula('`');
|
||||
$rows = [];
|
||||
|
||||
$header = [
|
||||
trans('admin/hardware/table.asset_tag'),
|
||||
trans('admin/maintenances/table.asset_name'),
|
||||
trans('general.supplier'),
|
||||
trans('admin/maintenances/form.asset_maintenance_type'),
|
||||
trans('admin/maintenances/form.title'),
|
||||
trans('admin/maintenances/form.start_date'),
|
||||
trans('admin/maintenances/form.completion_date'),
|
||||
trans('admin/maintenances/form.asset_maintenance_time'),
|
||||
trans('admin/maintenances/form.cost'),
|
||||
];
|
||||
fputcsv($handle, $header);
|
||||
$header = [
|
||||
trans('admin/hardware/table.asset_tag'),
|
||||
trans('admin/maintenances/table.asset_name'),
|
||||
trans('general.supplier'),
|
||||
trans('admin/maintenances/form.asset_maintenance_type'),
|
||||
trans('admin/maintenances/form.title'),
|
||||
trans('admin/maintenances/form.start_date'),
|
||||
trans('admin/maintenances/form.completion_date'),
|
||||
trans('admin/maintenances/form.asset_maintenance_time'),
|
||||
trans('admin/maintenances/form.cost'),
|
||||
];
|
||||
|
||||
Maintenance::with('asset', 'supplier')
|
||||
->orderBy('created_at', 'DESC')
|
||||
->chunk(500, function ($maintenances) use ($handle, $formatter) {
|
||||
foreach ($maintenances as $maintenance) {
|
||||
$improvementTime = is_null($maintenance->asset_maintenance_time)
|
||||
? (int) Carbon::now()->diffInDays(Carbon::parse($maintenance->start_date), true)
|
||||
: (int) $maintenance->asset_maintenance_time;
|
||||
$header = array_map('trim', $header);
|
||||
$rows[] = implode(',', $header);
|
||||
|
||||
$row = [
|
||||
$maintenance->asset->asset_tag,
|
||||
$maintenance->asset->name,
|
||||
$maintenance->supplier->name,
|
||||
$maintenance->improvement_type,
|
||||
$maintenance->name,
|
||||
$maintenance->start_date,
|
||||
$maintenance->completion_date,
|
||||
$improvementTime,
|
||||
trans('general.currency').Helper::formatCurrencyOutput($maintenance->cost),
|
||||
];
|
||||
foreach ($Maintenances as $maintenance) {
|
||||
$row = [];
|
||||
$row[] = str_replace(',', '', e($maintenance->asset->asset_tag));
|
||||
$row[] = str_replace(',', '', e($maintenance->asset->name));
|
||||
$row[] = str_replace(',', '', e($maintenance->supplier->name));
|
||||
$row[] = e($maintenance->improvement_type);
|
||||
$row[] = e($maintenance->name);
|
||||
$row[] = e($maintenance->start_date);
|
||||
$row[] = e($maintenance->completion_date);
|
||||
if (is_null($maintenance->asset_maintenance_time)) {
|
||||
$improvementTime = (int) Carbon::now()
|
||||
->diffInDays(Carbon::parse($maintenance->start_date), true);
|
||||
} else {
|
||||
$improvementTime = (int) $maintenance->asset_maintenance_time;
|
||||
}
|
||||
$row[] = $improvementTime;
|
||||
$row[] = trans('general.currency').Helper::formatCurrencyOutput($maintenance->cost);
|
||||
$rows[] = implode(',', $row);
|
||||
}
|
||||
|
||||
if (config('app.escape_formulas') === false) {
|
||||
fputcsv($handle, $row);
|
||||
} else {
|
||||
fputcsv($handle, $formatter->escapeRecord($row));
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
fclose($handle);
|
||||
}, 200, [
|
||||
'Content-Type' => 'text/csv',
|
||||
'Content-Disposition' => 'attachment; filename="maintenances-report-'.date('Y-m-d-his').'.csv"',
|
||||
]);
|
||||
// spit out a csv
|
||||
$csv = implode("\n", $rows);
|
||||
$response = response()->make($csv, 200);
|
||||
$response->header('Content-Type', 'text/csv');
|
||||
$response->header('Content-disposition', 'attachment;filename=report.csv');
|
||||
|
||||
return $response;
|
||||
}
|
||||
@@ -1260,9 +1185,6 @@ class ReportsController extends Controller
|
||||
public function getAssetAcceptanceReport($deleted = false): View
|
||||
{
|
||||
$this->authorize('reports.view');
|
||||
|
||||
$this->disableDebugbar();
|
||||
|
||||
$showDeleted = $deleted == 'deleted';
|
||||
|
||||
$query = CheckoutAcceptance::Pending()
|
||||
@@ -1324,11 +1246,6 @@ class ReportsController extends Controller
|
||||
// Redirect to the unaccepted items report page with error
|
||||
return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data'));
|
||||
}
|
||||
|
||||
if (! $this->currentUserCanAccessAcceptance($acceptance)) {
|
||||
return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.insufficient_permissions'));
|
||||
}
|
||||
|
||||
$item = $acceptance->checkoutable;
|
||||
$assignee = $acceptance->assignedTo ?? $item->assignedTo ?? null;
|
||||
$email = $assignee?->email;
|
||||
@@ -1363,33 +1280,6 @@ class ReportsController extends Controller
|
||||
return redirect()->route('reports/unaccepted_assets')->with('success', trans('admin/reports/general.reminder_sent'));
|
||||
}
|
||||
|
||||
private function currentUserCanAccessAcceptance(CheckoutAcceptance $acceptance): bool
|
||||
{
|
||||
if (Setting::getSettings()->full_multiple_companies_support != '1') {
|
||||
return true;
|
||||
}
|
||||
|
||||
$user = auth()->user();
|
||||
|
||||
if (! $user->company_id || $user->isSuperUser()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Bypass Eloquent global scopes so cross-company items are still found
|
||||
$checkoutableType = $acceptance->checkoutable_type;
|
||||
$checkoutable = $checkoutableType::withoutGlobalScopes()->find($acceptance->checkoutable_id);
|
||||
|
||||
if ($checkoutable instanceof LicenseSeat) {
|
||||
$itemCompanyId = License::withoutGlobalScopes()
|
||||
->where('id', $checkoutable->license_id)
|
||||
->value('company_id');
|
||||
} else {
|
||||
$itemCompanyId = $checkoutable?->company_id;
|
||||
}
|
||||
|
||||
return $itemCompanyId === null || (int) $itemCompanyId === (int) $user->company_id;
|
||||
}
|
||||
|
||||
private function getCheckoutMailType(CheckoutAcceptance $acceptance, $logItem): Mailable
|
||||
{
|
||||
$lookup = [
|
||||
@@ -1422,21 +1312,11 @@ class ReportsController extends Controller
|
||||
{
|
||||
$this->authorize('reports.view');
|
||||
|
||||
$acceptance = CheckoutAcceptance::pending()
|
||||
->with(['checkoutable' => function (MorphTo $morphTo) {
|
||||
$morphTo->morphWith([LicenseSeat::class => ['license']]);
|
||||
}])
|
||||
->find($acceptanceId);
|
||||
|
||||
if (! $acceptance) {
|
||||
if (! $acceptance = CheckoutAcceptance::pending()->find($acceptanceId)) {
|
||||
// Redirect to the unaccepted assets report page with error
|
||||
return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data'));
|
||||
}
|
||||
|
||||
if (! $this->currentUserCanAccessAcceptance($acceptance)) {
|
||||
return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.insufficient_permissions'));
|
||||
}
|
||||
|
||||
if ($acceptance->delete()) {
|
||||
return redirect()->route('reports/unaccepted_assets')->with('success', trans('admin/reports/general.acceptance_deleted'));
|
||||
} else {
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Enums\ActionType;
|
||||
use App\Helpers\Helper;
|
||||
use App\Helpers\StorageHelper;
|
||||
use App\Http\Requests\ImageUploadRequest;
|
||||
@@ -12,14 +11,12 @@ use App\Http\Requests\StoreLdapSettings;
|
||||
use App\Http\Requests\StoreLocalizationSettings;
|
||||
use App\Http\Requests\StoreNotificationSettings;
|
||||
use App\Http\Requests\StoreSecuritySettings;
|
||||
use App\Models\Actionlog;
|
||||
use App\Models\Asset;
|
||||
use App\Models\CustomField;
|
||||
use App\Models\Group;
|
||||
use App\Models\Setting;
|
||||
use App\Models\User;
|
||||
use App\Notifications\MailTest;
|
||||
use App\Rules\CssColor;
|
||||
use Illuminate\Contracts\View\View;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
@@ -93,12 +90,10 @@ class SettingsController extends Controller
|
||||
$old_locations_fmcs = $setting->scope_locations_fmcs;
|
||||
$setting->full_multiple_companies_support = $request->input('full_multiple_companies_support', '0');
|
||||
$setting->scope_locations_fmcs = $request->input('scope_locations_fmcs', '0');
|
||||
$setting->null_company_is_floater = $request->input('null_company_is_floater', '0');
|
||||
|
||||
// These options make no sense without FullMultipleCompanySupport
|
||||
// Backward compatibility for locations makes no sense without FullMultipleCompanySupport
|
||||
if (! $setting->full_multiple_companies_support) {
|
||||
$setting->scope_locations_fmcs = '0';
|
||||
$setting->null_company_is_floater = '0';
|
||||
}
|
||||
|
||||
// check for inconsistencies when activating scoped locations
|
||||
@@ -192,13 +187,6 @@ class SettingsController extends Controller
|
||||
$request->validate(['site_name' => 'required']);
|
||||
}
|
||||
|
||||
$request->validate([
|
||||
'header_color' => ['nullable', new CssColor],
|
||||
'link_light_color' => ['nullable', new CssColor],
|
||||
'link_dark_color' => ['nullable', new CssColor],
|
||||
'nav_link_color' => ['nullable', new CssColor],
|
||||
]);
|
||||
|
||||
$setting->header_color = $request->input('header_color', '#3c8dbc');
|
||||
$setting->link_light_color = $request->input('link_light_color', '#296282');
|
||||
$setting->link_dark_color = $request->input('link_dark_color', '#5fa4cc');
|
||||
@@ -882,11 +870,6 @@ class SettingsController extends Controller
|
||||
public function downloadFile($filename = null): RedirectResponse|BinaryFileResponse
|
||||
{
|
||||
$path = 'app/backups';
|
||||
$filename = basename((string) $filename);
|
||||
|
||||
if ($this->hasInvalidBackupFilename($filename)) {
|
||||
return redirect()->route('settings.backups.index')->with('error', trans('admin/settings/message.backup.file_not_found'));
|
||||
}
|
||||
|
||||
if (! config('app.lock_passwords')) {
|
||||
if (Storage::exists($path.'/'.$filename)) {
|
||||
@@ -912,12 +895,6 @@ class SettingsController extends Controller
|
||||
*/
|
||||
public function deleteFile($filename = null): RedirectResponse
|
||||
{
|
||||
$filename = basename((string) $filename);
|
||||
|
||||
if ($this->hasInvalidBackupFilename($filename)) {
|
||||
return redirect()->route('settings.backups.index')->with('error', trans('admin/settings/message.backup.file_not_found'));
|
||||
}
|
||||
|
||||
if (config('app.allow_backup_delete') == 'true') {
|
||||
|
||||
if (! config('app.lock_passwords')) {
|
||||
@@ -992,11 +969,6 @@ class SettingsController extends Controller
|
||||
*/
|
||||
public function postRestore(Request $request, $filename = null): RedirectResponse
|
||||
{
|
||||
$filename = basename((string) $filename);
|
||||
|
||||
if ($this->hasInvalidBackupFilename($filename)) {
|
||||
return redirect()->route('settings.backups.index')->with('error', trans('admin/settings/message.backup.file_not_found'));
|
||||
}
|
||||
|
||||
if (! config('app.lock_passwords')) {
|
||||
$path = 'app/backups';
|
||||
@@ -1146,86 +1118,7 @@ class SettingsController extends Controller
|
||||
*/
|
||||
public function api(): View
|
||||
{
|
||||
$personalAccessTokenCount = DB::table('oauth_access_tokens')
|
||||
->join('oauth_clients', 'oauth_access_tokens.client_id', '=', 'oauth_clients.id')
|
||||
->where('oauth_clients.personal_access_client', true)
|
||||
->count();
|
||||
|
||||
return view('settings.api', [
|
||||
'personalAccessTokenCount' => $personalAccessTokenCount,
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Revoke a personal access token from the admin OAuth settings page.
|
||||
*/
|
||||
public function revokePersonalAccessToken(string $token): RedirectResponse
|
||||
{
|
||||
$tokenRow = DB::table('oauth_access_tokens')
|
||||
->join('oauth_clients', 'oauth_access_tokens.client_id', '=', 'oauth_clients.id')
|
||||
->where('oauth_access_tokens.id', $token)
|
||||
->where('oauth_clients.personal_access_client', true)
|
||||
->select(['oauth_access_tokens.id', 'oauth_access_tokens.user_id'])
|
||||
->first();
|
||||
|
||||
if ($tokenRow === null) {
|
||||
return redirect()
|
||||
->to(route('settings.oauth.index').'#personal-access-tokens')
|
||||
->with('error', trans('admin/settings/message.oauth.token_not_found'));
|
||||
}
|
||||
|
||||
DB::table('oauth_access_tokens')
|
||||
->where('id', $tokenRow->id)
|
||||
->update(['revoked' => true]);
|
||||
|
||||
$logaction = new Actionlog;
|
||||
$logaction->item_type = User::class;
|
||||
$logaction->item_id = $tokenRow->user_id;
|
||||
$logaction->target_type = User::class;
|
||||
$logaction->target_id = $tokenRow->user_id;
|
||||
$logaction->created_by = auth()->id();
|
||||
// $logaction->note = 'Token ID: ' . $tokenRow->id;
|
||||
$logaction->logaction(ActionType::TokenRevoked);
|
||||
|
||||
return redirect()
|
||||
->to(route('settings.oauth.index').'#personal-access-tokens')
|
||||
->with('success', trans('admin/settings/message.oauth.token_revoked'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Unrevoke a personal access token from the admin OAuth settings page.
|
||||
*/
|
||||
public function unrevokePersonalAccessToken(string $token): RedirectResponse
|
||||
{
|
||||
$tokenRow = DB::table('oauth_access_tokens')
|
||||
->join('oauth_clients', 'oauth_access_tokens.client_id', '=', 'oauth_clients.id')
|
||||
->where('oauth_access_tokens.id', $token)
|
||||
->where('oauth_clients.personal_access_client', true)
|
||||
->select(['oauth_access_tokens.id', 'oauth_access_tokens.user_id'])
|
||||
->first();
|
||||
|
||||
if ($tokenRow === null) {
|
||||
return redirect()
|
||||
->to(route('settings.oauth.index').'#personal-access-tokens')
|
||||
->with('error', trans('admin/settings/message.oauth.token_not_found'));
|
||||
}
|
||||
|
||||
DB::table('oauth_access_tokens')
|
||||
->where('id', $tokenRow->id)
|
||||
->update(['revoked' => false]);
|
||||
|
||||
$logaction = new Actionlog;
|
||||
$logaction->item_type = User::class;
|
||||
$logaction->item_id = $tokenRow->user_id;
|
||||
$logaction->target_type = User::class;
|
||||
$logaction->target_id = $tokenRow->user_id;
|
||||
$logaction->created_by = auth()->id();
|
||||
// $logaction->note = 'Token ID: ' . $tokenRow->id;
|
||||
$logaction->logaction(ActionType::TokenUnrevoked);
|
||||
|
||||
return redirect()
|
||||
->to(route('settings.oauth.index').'#personal-access-tokens')
|
||||
->with('success', trans('admin/settings/message.oauth.token_unrevoked'));
|
||||
return view('settings.api');
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1262,62 +1155,4 @@ class SettingsController extends Controller
|
||||
{
|
||||
return view('settings.logins');
|
||||
}
|
||||
|
||||
/**
|
||||
* Revoke an OAuth client from the admin OAuth settings page.
|
||||
*/
|
||||
public function revokeOAuthClient(string $client): RedirectResponse
|
||||
{
|
||||
$oauthClient = DB::table('oauth_clients')
|
||||
->where('id', $client)
|
||||
->first();
|
||||
|
||||
if ($oauthClient === null) {
|
||||
return redirect()
|
||||
->to(route('settings.oauth.index').'#oauth-clients')
|
||||
->with('error', trans('admin/settings/message.oauth.client_not_found'));
|
||||
}
|
||||
|
||||
DB::table('oauth_clients')
|
||||
->where('id', $client)
|
||||
->update(['revoked' => true]);
|
||||
|
||||
return redirect()
|
||||
->to(route('settings.oauth.index').'#oauth-clients')
|
||||
->with('success', trans('admin/settings/message.oauth.client_revoked'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Unrevoke an OAuth client from the admin OAuth settings page.
|
||||
*/
|
||||
public function unrevokeOAuthClient(string $client): RedirectResponse
|
||||
{
|
||||
$oauthClient = DB::table('oauth_clients')
|
||||
->where('id', $client)
|
||||
->first();
|
||||
|
||||
if ($oauthClient === null) {
|
||||
return redirect()
|
||||
->to(route('settings.oauth.index').'#oauth-clients')
|
||||
->with('error', trans('admin/settings/message.oauth.client_not_found'));
|
||||
}
|
||||
|
||||
DB::table('oauth_clients')
|
||||
->where('id', $client)
|
||||
->update(['revoked' => false]);
|
||||
|
||||
return redirect()
|
||||
->to(route('settings.oauth.index').'#oauth-clients')
|
||||
->with('success', trans('admin/settings/message.oauth.client_unrevoked'));
|
||||
}
|
||||
|
||||
private function hasInvalidBackupFilename(string $filename): bool
|
||||
{
|
||||
if ($filename === '' || $filename === '.' || $filename === '..') {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Reject path separators in case a crafted value survives route decoding.
|
||||
return str_contains($filename, '/') || str_contains($filename, '\\');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6,7 +6,6 @@ use App\Http\Requests\SetupUserRequest;
|
||||
use App\Models\Setting;
|
||||
use App\Models\User;
|
||||
use App\Notifications\FirstAdminNotification;
|
||||
use App\Rules\CssColor;
|
||||
use Illuminate\Contracts\View\View;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\Response;
|
||||
@@ -167,12 +166,6 @@ class SetupController extends Controller
|
||||
$settings->alerts_enabled = 1;
|
||||
$settings->pwd_secure_min = 10;
|
||||
$settings->brand = 1;
|
||||
$request->validate([
|
||||
'link_light_color' => ['nullable', new CssColor],
|
||||
'link_dark_color' => ['nullable', new CssColor],
|
||||
'nav_link_color' => ['nullable', new CssColor],
|
||||
]);
|
||||
|
||||
$settings->link_light_color = $request->input('link_light_color', '#296282');
|
||||
$settings->link_dark_color = $request->input('link_dark_color', '#296282');
|
||||
$settings->nav_link_color = $request->input('nav_link_color', '#FFFFFF');
|
||||
|
||||
@@ -1,90 +0,0 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Component\HttpFoundation\StreamedResponse;
|
||||
|
||||
class StorageProxyController extends Controller
|
||||
{
|
||||
/**
|
||||
* Proxy files from the "public" storage disk through the application.
|
||||
*
|
||||
* When PUBLIC_S3_PROXY is enabled, this serves files that would normally
|
||||
* be accessed directly from S3 (images, logos, avatars, etc.), allowing
|
||||
* a fully private S3 bucket setup.
|
||||
*/
|
||||
public function show(string $path): Response|StreamedResponse
|
||||
{
|
||||
if ($this->hasPathTraversalSegments($path)) {
|
||||
abort(404);
|
||||
}
|
||||
|
||||
$disk = Storage::disk('public');
|
||||
|
||||
// The S3 adapter includes the disk's root prefix in generated URLs,
|
||||
// but Flysystem also prepends it internally on every operation.
|
||||
// Strip it here to avoid double-prefixing.
|
||||
$root = trim(config('filesystems.disks.public.root', ''), '/');
|
||||
if ($root !== '' && str_starts_with($path, $root.'/')) {
|
||||
$path = substr($path, strlen($root) + 1);
|
||||
}
|
||||
|
||||
if (! $disk->exists($path)) {
|
||||
abort(404);
|
||||
}
|
||||
|
||||
$mimeType = $disk->mimeType($path) ?: 'application/octet-stream';
|
||||
$lastModified = $disk->lastModified($path);
|
||||
$etag = md5($path.$lastModified);
|
||||
$size = $disk->size($path);
|
||||
|
||||
if ($this->isNotModified($etag, $lastModified)) {
|
||||
return response('', 304)
|
||||
->header('ETag', '"'.$etag.'"')
|
||||
->header('Cache-Control', 'public, max-age=86400');
|
||||
}
|
||||
|
||||
return new StreamedResponse(function () use ($disk, $path) {
|
||||
$stream = $disk->readStream($path);
|
||||
fpassthru($stream);
|
||||
if (is_resource($stream)) {
|
||||
fclose($stream);
|
||||
}
|
||||
}, 200, [
|
||||
'Content-Type' => $mimeType,
|
||||
'Content-Length' => $size,
|
||||
'ETag' => '"'.$etag.'"',
|
||||
'Last-Modified' => gmdate('D, d M Y H:i:s', $lastModified).' GMT',
|
||||
'Cache-Control' => 'public, max-age=86400',
|
||||
]);
|
||||
}
|
||||
|
||||
private function isNotModified(string $etag, int $lastModified): bool
|
||||
{
|
||||
$requestEtag = request()->header('If-None-Match');
|
||||
if ($requestEtag && $requestEtag === '"'.$etag.'"') {
|
||||
return true;
|
||||
}
|
||||
|
||||
$ifModifiedSince = request()->header('If-Modified-Since');
|
||||
if ($ifModifiedSince && strtotime($ifModifiedSince) >= $lastModified) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
private function hasPathTraversalSegments(string $path): bool
|
||||
{
|
||||
$normalizedPath = str_replace('\\', '/', $path);
|
||||
|
||||
return str_contains($normalizedPath, "\0")
|
||||
|| str_starts_with($normalizedPath, '/')
|
||||
|| str_contains($normalizedPath, '../')
|
||||
|| str_contains($normalizedPath, '/..')
|
||||
|| str_ends_with($normalizedPath, '/..')
|
||||
|| $normalizedPath === '..';
|
||||
}
|
||||
}
|
||||
@@ -37,7 +37,7 @@ class UploadedFilesController extends Controller
|
||||
|
||||
// Check the permissions to make sure the user can view the object
|
||||
$object = self::$map_object_type[$object_type]::withTrashed()->find($id);
|
||||
$this->authorize('files', $object);
|
||||
$this->authorize('update', $object);
|
||||
|
||||
if (! $object) {
|
||||
return redirect()->back()->withFragment('files')->with('error', trans('general.file_upload_status.invalid_object'));
|
||||
@@ -85,7 +85,7 @@ class UploadedFilesController extends Controller
|
||||
{
|
||||
// Check the permissions to make sure the user can view the object
|
||||
$object = self::$map_object_type[$object_type]::withTrashed()->find($id);
|
||||
$this->authorize('files', $object);
|
||||
$this->authorize('view', $object);
|
||||
|
||||
if (! $object) {
|
||||
return redirect()->back()->withFragment('files')->with('error', trans('general.file_upload_status.invalid_object'));
|
||||
@@ -96,21 +96,19 @@ class UploadedFilesController extends Controller
|
||||
return redirect()->back()->withFragment('files')->with('error', trans('general.file_upload_status.invalid_id'));
|
||||
}
|
||||
|
||||
if (! Storage::exists(self::$map_storage_path[$object_type].$log->filename)) {
|
||||
if (! Storage::exists(self::$map_storage_path[$object_type].'/'.$log->filename)) {
|
||||
return redirect()->back()->withFragment('files')->with('error', trans('general.file_upload_status.file_not_found'));
|
||||
}
|
||||
|
||||
if (request('inline') == 'true') {
|
||||
$path = self::$map_storage_path[$object_type];
|
||||
$headers = [
|
||||
'Content-Disposition' => 'inline',
|
||||
];
|
||||
|
||||
if (! StorageHelper::allowSafeInline($path.$log->filename)) {
|
||||
return StorageHelper::downloader($path.$log->filename);
|
||||
}
|
||||
|
||||
return Storage::download($path.$log->filename, $log->filename, ['Content-Disposition' => 'inline']);
|
||||
return Storage::download(self::$map_storage_path[$object_type].'/'.$log->filename, $log->filename, $headers);
|
||||
}
|
||||
|
||||
return StorageHelper::downloader(self::$map_storage_path[$object_type].$log->filename);
|
||||
return StorageHelper::downloader(self::$map_storage_path[$object_type].'/'.$log->filename);
|
||||
|
||||
}
|
||||
|
||||
@@ -131,7 +129,7 @@ class UploadedFilesController extends Controller
|
||||
|
||||
// Check the permissions to make sure the user can view the object
|
||||
$object = self::$map_object_type[$object_type]::withTrashed()->find($id);
|
||||
$this->authorize('files', $object);
|
||||
$this->authorize('update', $object);
|
||||
|
||||
if (! $object) {
|
||||
return redirect()->back()->withFragment('files')->with('error', trans('general.file_upload_status.invalid_object'));
|
||||
@@ -143,8 +141,8 @@ class UploadedFilesController extends Controller
|
||||
|
||||
if ($log) {
|
||||
// Check the file actually exists, and delete it
|
||||
if (Storage::exists(self::$map_storage_path[$object_type].$log->filename)) {
|
||||
Storage::delete(self::$map_storage_path[$object_type].$log->filename);
|
||||
if (Storage::exists(self::$map_storage_path[$object_type].'/'.$log->filename)) {
|
||||
Storage::delete(self::$map_storage_path[$object_type].'/'.$log->filename);
|
||||
}
|
||||
// Delete the record of the file
|
||||
if ($log->logUploadDelete($object, $log->filename)) {
|
||||
|
||||
@@ -8,7 +8,6 @@ use App\Http\Controllers\Controller;
|
||||
use App\Models\Accessory;
|
||||
use App\Models\Actionlog;
|
||||
use App\Models\Asset;
|
||||
use App\Models\Company;
|
||||
use App\Models\ConsumableAssignment;
|
||||
use App\Models\Group;
|
||||
use App\Models\License;
|
||||
@@ -169,21 +168,23 @@ class BulkUsersController extends Controller
|
||||
|
||||
$this->conditionallyAddItem('location_id')
|
||||
->conditionallyAddItem('department_id')
|
||||
->conditionallyAddItem('company_id')
|
||||
->conditionallyAddItem('locale')
|
||||
->conditionallyAddItem('remote')
|
||||
->conditionallyAddItem('ldap_import')
|
||||
->conditionallyAddItem('activated')
|
||||
->conditionallyAddItem('display_name')
|
||||
->conditionallyAddItem('start_date')
|
||||
->conditionallyAddItem('end_date')
|
||||
->conditionallyAddItem('city')
|
||||
->conditionallyAddItem('autoassign_licenses')
|
||||
->conditionallyAddItem('phone')
|
||||
->conditionallyAddItem('jobtitle')
|
||||
->conditionallyAddItem('address')
|
||||
->conditionallyAddItem('state')
|
||||
->conditionallyAddItem('country')
|
||||
->conditionallyAddItem('zip')
|
||||
->conditionallyAddItem('website')
|
||||
->conditionallyAddItem('notes');
|
||||
->conditionallyAddItem('autoassign_licenses');
|
||||
|
||||
// Check that the user can manage contact info for users
|
||||
if (auth()->user()->can('manageContactInfo')) {
|
||||
$this->conditionallyAddItem('city')
|
||||
->conditionallyAddItem('state')
|
||||
->conditionallyAddItem('country')
|
||||
->conditionallyAddItem('zip');
|
||||
}
|
||||
|
||||
// If the manager_id is one of the users being updated, generate a warning.
|
||||
if (array_search($request->input('manager_id'), $user_raw_array)) {
|
||||
@@ -208,7 +209,7 @@ class BulkUsersController extends Controller
|
||||
$this->update_array['manager_id'] = null;
|
||||
}
|
||||
|
||||
if ($request->input('null_company_ids') == '1') {
|
||||
if ($request->input('null_company_id') == '1') {
|
||||
$this->update_array['company_id'] = null;
|
||||
}
|
||||
|
||||
@@ -228,46 +229,6 @@ class BulkUsersController extends Controller
|
||||
$this->update_array['display_name'] = null;
|
||||
}
|
||||
|
||||
if ($request->input('null_city') == '1') {
|
||||
$this->update_array['city'] = null;
|
||||
}
|
||||
|
||||
if ($request->input('null_phone') == '1') {
|
||||
$this->update_array['phone'] = null;
|
||||
}
|
||||
|
||||
if ($request->input('null_jobtitle') == '1') {
|
||||
$this->update_array['jobtitle'] = null;
|
||||
}
|
||||
|
||||
if ($request->input('null_employee_num') == '1') {
|
||||
$this->update_array['employee_num'] = null;
|
||||
}
|
||||
|
||||
if ($request->input('null_address') == '1') {
|
||||
$this->update_array['address'] = null;
|
||||
}
|
||||
|
||||
if ($request->input('null_state') == '1') {
|
||||
$this->update_array['state'] = null;
|
||||
}
|
||||
|
||||
if ($request->input('null_country') == '1') {
|
||||
$this->update_array['country'] = null;
|
||||
}
|
||||
|
||||
if ($request->input('null_zip') == '1') {
|
||||
$this->update_array['zip'] = null;
|
||||
}
|
||||
|
||||
if ($request->input('null_website') == '1') {
|
||||
$this->update_array['website'] = null;
|
||||
}
|
||||
|
||||
if ($request->input('null_notes') == '1') {
|
||||
$this->update_array['notes'] = null;
|
||||
}
|
||||
|
||||
if (! $manager_conflict) {
|
||||
$this->conditionallyAddItem('manager_id');
|
||||
}
|
||||
@@ -281,50 +242,11 @@ class BulkUsersController extends Controller
|
||||
->update(['location_id' => $this->update_array['location_id']]);
|
||||
}
|
||||
|
||||
// Handle company pivot sync separately from the mass update.
|
||||
// company_ids[] comes from the multi-select; null_company_ids clears all memberships.
|
||||
$bulkCompanyIds = array_filter(array_map('intval', (array) $request->input('company_ids', [])));
|
||||
$clearCompanies = $request->input('null_company_ids') == '1';
|
||||
// Only sync groups if groups were selected
|
||||
if ($request->filled('groups')) {
|
||||
|
||||
if ($bulkCompanyIds || $clearCompanies) {
|
||||
$allowedIds = Company::getIdsForCurrentUser($bulkCompanyIds);
|
||||
// Also update the scalar company_id column for display/backward compat.
|
||||
$scalarCompanyId = $allowedIds[0] ?? null;
|
||||
User::whereIn('id', $user_raw_array)->where('id', '!=', auth()->id())
|
||||
->update(['company_id' => $scalarCompanyId]);
|
||||
foreach ($users as $user) {
|
||||
if ($clearCompanies && ! auth()->user()->isSuperUser() && Company::isFullMultipleCompanySupportEnabled()) {
|
||||
// Non-superusers can only detach companies they belong to; sync([]) would
|
||||
// also wipe memberships for companies outside their scope.
|
||||
$user->companies()->detach(Company::getIdsForCurrentUser(
|
||||
$user->companies()->pluck('companies.id')->toArray()
|
||||
));
|
||||
} else {
|
||||
$user->companies()->sync($allowedIds);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Fields that require canEditAuthFields (non-admins cannot touch admins/superusers,
|
||||
// admins cannot touch superusers) must be applied per-user, not via mass update.
|
||||
foreach ($users as $user) {
|
||||
if (auth()->user()->can('canEditAuthFields', $user) && auth()->user()->can('editableOnDemo')) {
|
||||
$authFieldUpdate = [];
|
||||
if ($request->filled('activated')) {
|
||||
$authFieldUpdate['activated'] = $request->input('activated');
|
||||
}
|
||||
if ($request->filled('ldap_import')) {
|
||||
$authFieldUpdate['ldap_import'] = $request->input('ldap_import');
|
||||
}
|
||||
if ($request->filled('email')) {
|
||||
$authFieldUpdate['email'] = $request->input('email');
|
||||
} elseif ($request->input('null_email') == '1') {
|
||||
$authFieldUpdate['email'] = null;
|
||||
}
|
||||
if (! empty($authFieldUpdate)) {
|
||||
$user->update($authFieldUpdate);
|
||||
}
|
||||
if ($request->filled('groups') && auth()->user()->isSuperUser()) {
|
||||
if (auth()->user()->can('canEditAuthFields', $user) && auth()->user()->can('editableOnDemo')) {
|
||||
$user->groups()->sync($request->input('groups'));
|
||||
}
|
||||
}
|
||||
@@ -395,31 +317,6 @@ class BulkUsersController extends Controller
|
||||
return redirect()->route('users.index')->with('error', 'No status selected');
|
||||
}
|
||||
|
||||
// Enforce per-item checkin permissions before touching anything (catches FMCS company scoping).
|
||||
foreach ($assets as $asset) {
|
||||
if (auth()->user()->cannot('checkin', $asset)) {
|
||||
return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
|
||||
}
|
||||
}
|
||||
|
||||
$licenseModels = License::whereIn('id', $licenses->pluck('license_id')->unique())->get();
|
||||
foreach ($licenseModels as $license) {
|
||||
if (auth()->user()->cannot('checkin', $license)) {
|
||||
return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
|
||||
}
|
||||
}
|
||||
|
||||
$accessoryModels = Accessory::whereIn('id', $accessoryUserRows->pluck('accessory_id')->unique())->get();
|
||||
foreach ($accessoryModels as $accessory) {
|
||||
if (auth()->user()->cannot('checkin', $accessory)) {
|
||||
return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
|
||||
}
|
||||
}
|
||||
|
||||
if ($request->input('delete_user') == '1' && $users->isNotEmpty() && auth()->user()->cannot('delete', User::class)) {
|
||||
return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
|
||||
}
|
||||
|
||||
$this->logItemCheckinAndDelete($assets, Asset::class);
|
||||
$this->logAccessoriesCheckin($accessoryUserRows);
|
||||
$this->logItemCheckinAndDelete($licenses, License::class);
|
||||
@@ -472,9 +369,7 @@ class BulkUsersController extends Controller
|
||||
$logAction->target_id = $item->assigned_to;
|
||||
$logAction->target_type = User::class;
|
||||
$logAction->created_by = auth()->id();
|
||||
$logAction->action_date = now();
|
||||
$logAction->created_at = now();
|
||||
$logAction->note = 'Bulk checkin items on user bulk edit/delete';
|
||||
$logAction->note = 'Bulk checkin items';
|
||||
$logAction->logaction('checkin from');
|
||||
}
|
||||
}
|
||||
@@ -488,9 +383,7 @@ class BulkUsersController extends Controller
|
||||
$logAction->target_id = $accessoryUserRow->assigned_to;
|
||||
$logAction->target_type = User::class;
|
||||
$logAction->created_by = auth()->id();
|
||||
$logAction->created_at = now();
|
||||
$logAction->action_date = now();
|
||||
$logAction->note = 'Bulk checkin accessory on user bulk edit/delete';
|
||||
$logAction->note = 'Bulk checkin items';
|
||||
$logAction->logaction('checkin from');
|
||||
}
|
||||
}
|
||||
@@ -508,7 +401,7 @@ class BulkUsersController extends Controller
|
||||
*/
|
||||
public function merge(Request $request)
|
||||
{
|
||||
$this->authorize('delete', User::class);
|
||||
$this->authorize('update', User::class);
|
||||
|
||||
if (config('app.lock_passwords')) {
|
||||
return redirect()->route('users.index')->with('error', trans('general.feature_disabled'));
|
||||
@@ -526,17 +419,9 @@ class BulkUsersController extends Controller
|
||||
$users_to_merge = User::whereIn('id', $user_ids_to_merge)->with('assets', 'manager', 'userlog', 'licenses', 'consumables', 'accessories', 'managedLocations', 'uploads', 'acceptances')->get();
|
||||
$admin = User::find(auth()->id());
|
||||
|
||||
if (! auth()->user()->can('canEditAuthFields', $merge_into_user) || ! auth()->user()->can('editableOnDemo')) {
|
||||
return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
|
||||
}
|
||||
|
||||
// Walk users
|
||||
foreach ($users_to_merge as $user_to_merge) {
|
||||
|
||||
if (! auth()->user()->can('canEditAuthFields', $user_to_merge) || ! auth()->user()->can('editableOnDemo')) {
|
||||
return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
|
||||
}
|
||||
|
||||
foreach ($user_to_merge->assets as $asset) {
|
||||
Log::debug('Updating asset: '.$asset->asset_tag.' to '.$merge_into_user->id);
|
||||
$asset->assigned_to = $request->input('merge_into_id');
|
||||
@@ -579,12 +464,6 @@ class BulkUsersController extends Controller
|
||||
$managedLocation->save();
|
||||
}
|
||||
|
||||
// Carry over company pivot memberships from the merged user into the target.
|
||||
$mergedCompanyIds = $user_to_merge->companies()->pluck('companies.id')->toArray();
|
||||
if (! empty($mergedCompanyIds)) {
|
||||
$merge_into_user->companies()->syncWithoutDetaching($mergedCompanyIds);
|
||||
}
|
||||
|
||||
$user_to_merge->delete();
|
||||
|
||||
event(new UserMerged($user_to_merge, $merge_into_user, $admin));
|
||||
|
||||
@@ -2,34 +2,26 @@
|
||||
|
||||
namespace App\Http\Controllers\Users;
|
||||
|
||||
use App\Actions\Permissions\NormalizePermissionsPayloadAction;
|
||||
use App\Actions\Permissions\PreserveUnauthorizedPrivilegedPermissionsAction;
|
||||
use App\Helpers\Helper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\DeleteUserRequest;
|
||||
use App\Http\Requests\ImageUploadRequest;
|
||||
use App\Http\Requests\SaveUserRequest;
|
||||
use App\Mail\UnacceptedAssetReminderMail;
|
||||
use App\Models\Accessory;
|
||||
use App\Models\Actionlog;
|
||||
use App\Models\Asset;
|
||||
use App\Models\CheckoutAcceptance;
|
||||
use App\Models\Company;
|
||||
use App\Models\Consumable;
|
||||
use App\Models\Group;
|
||||
use App\Models\License;
|
||||
use App\Models\Setting;
|
||||
use App\Models\User;
|
||||
use App\Notifications\CurrentInventory;
|
||||
use App\Notifications\WelcomeNotification;
|
||||
use Illuminate\Auth\Access\AuthorizationException;
|
||||
use Illuminate\Contracts\View\View;
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use Illuminate\Support\Facades\Mail;
|
||||
use Illuminate\Support\Facades\Password;
|
||||
use League\Csv\EscapeFormula;
|
||||
use Symfony\Component\HttpFoundation\StreamedResponse;
|
||||
|
||||
/**
|
||||
@@ -106,11 +98,21 @@ class UsersController extends Controller
|
||||
public function store(SaveUserRequest $request)
|
||||
{
|
||||
$this->authorize('create', User::class);
|
||||
|
||||
$authenticatedUser = auth()->user();
|
||||
$user = new User;
|
||||
// Username, email, and password need to be handled specially because the need to respect config values on an edit.
|
||||
$user->email = trim($request->input('email'));
|
||||
|
||||
if (auth()->user()->can('manageContactInfo')) {
|
||||
$user->email = trim($request->input('email'));
|
||||
$user->phone = $request->input('phone');
|
||||
$user->mobile = $request->input('mobile');
|
||||
$user->address = $request->input('address', null);
|
||||
$user->city = $request->input('city', null);
|
||||
$user->state = $request->input('state', null);
|
||||
$user->country = $request->input('country', null);
|
||||
$user->zip = $request->input('zip', null);
|
||||
$user->website = $request->input('website', null);
|
||||
}
|
||||
|
||||
$user->username = trim($request->input('username'));
|
||||
$user->display_name = $request->input('display_name');
|
||||
if ($request->filled('password')) {
|
||||
@@ -122,29 +124,40 @@ class UsersController extends Controller
|
||||
$user->employee_num = $request->input('employee_num');
|
||||
$user->activated = $request->input('activated', 0);
|
||||
$user->jobtitle = $request->input('jobtitle');
|
||||
$user->phone = $request->input('phone');
|
||||
$user->mobile = $request->input('mobile');
|
||||
|
||||
$user->location_id = $request->input('location_id', null);
|
||||
$user->department_id = $request->input('department_id', null);
|
||||
$companyIds = array_filter(array_map('intval', (array) ($request->input('company_ids') ?? ($request->filled('company_id') ? [$request->input('company_id')] : []))));
|
||||
$user->company_id = Company::getIdForUser($request->input('company_id', null));
|
||||
$user->manager_id = $request->input('manager_id', null);
|
||||
$user->notes = $request->input('notes');
|
||||
$user->address = $request->input('address', null);
|
||||
$user->city = $request->input('city', null);
|
||||
$user->state = $request->input('state', null);
|
||||
$user->country = $request->input('country', null);
|
||||
$user->zip = $request->input('zip', null);
|
||||
|
||||
$user->remote = $request->input('remote', 0);
|
||||
$user->website = $request->input('website', null);
|
||||
|
||||
$user->created_by = auth()->id();
|
||||
$user->start_date = $request->input('start_date', null);
|
||||
$user->end_date = $request->input('end_date', null);
|
||||
$user->autoassign_licenses = $request->input('autoassign_licenses', 0);
|
||||
|
||||
$user->permissions = json_encode(PreserveUnauthorizedPrivilegedPermissionsAction::run(
|
||||
requestedPermissions: NormalizePermissionsPayloadAction::run($request->input('permission')),
|
||||
authenticatedUser: $authenticatedUser,
|
||||
));
|
||||
// Strip out the superuser permission if the user isn't a superadmin
|
||||
$permissions_array = $request->input('permission');
|
||||
|
||||
// Strip out the individual superuser permission if the API user isn't a superadmin
|
||||
if (! auth()->user()->isSuperUser()) {
|
||||
|
||||
if ((is_array($permissions_array)) && (array_key_exists('superuser', $permissions_array))) {
|
||||
unset($permissions_array['superuser']);
|
||||
}
|
||||
}
|
||||
|
||||
// Strip out the individual admin permission if the API user isn't an admin
|
||||
if (! auth()->user()->isAdmin()) {
|
||||
|
||||
if ((is_array($permissions_array)) && (array_key_exists('admin', $permissions_array))) {
|
||||
unset($permissions_array['admin']);
|
||||
}
|
||||
}
|
||||
|
||||
$user->permissions = json_encode($permissions_array);
|
||||
|
||||
// we have to invoke the form request here to handle image uploads
|
||||
app(ImageUploadRequest::class)->handleImages($user, 600, 'avatar', 'avatars', 'avatar');
|
||||
@@ -156,7 +169,6 @@ class UsersController extends Controller
|
||||
}
|
||||
|
||||
if ($user->save()) {
|
||||
$user->syncCompaniesWithLogging(Company::getIdsForCurrentUser($companyIds));
|
||||
|
||||
if (($user->activated == '1') && ($user->email != '') && ($request->input('send_welcome') == '1')) {
|
||||
|
||||
@@ -168,8 +180,12 @@ class UsersController extends Controller
|
||||
|
||||
}
|
||||
|
||||
if (auth()->user()->isSuperUser() && auth()->user()->can('editableOnDemo')) {
|
||||
$user->groups()->sync($request->input('groups'));
|
||||
if ($request->filled('groups')) {
|
||||
if (auth()->user()->can('canEditAuthFields', $user) && auth()->user()->can('editableOnDemo')) {
|
||||
$user->groups()->sync($request->input('groups'));
|
||||
}
|
||||
} else {
|
||||
$user->groups()->sync([]);
|
||||
}
|
||||
|
||||
return Helper::getRedirectOption($request, $user->id, 'Users')
|
||||
@@ -247,8 +263,6 @@ class UsersController extends Controller
|
||||
{
|
||||
$this->authorize('update', $user);
|
||||
|
||||
$authenticatedUser = auth()->user();
|
||||
|
||||
// This is a janky hack to prevent people from changing admin demo user data on the public demo.
|
||||
// The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
|
||||
// Thanks, jerks. You are why we can't have nice things. - snipe
|
||||
@@ -265,10 +279,36 @@ class UsersController extends Controller
|
||||
|
||||
$this->authorize('update', $user);
|
||||
|
||||
$orig_permissions_array = NormalizePermissionsPayloadAction::run($user->decodePermissions());
|
||||
// Figure out of this user was an admin before this edit
|
||||
$orig_permissions_array = $user->decodePermissions();
|
||||
$orig_superuser = '0';
|
||||
$orig_admin = '0';
|
||||
if (is_array($orig_permissions_array)) {
|
||||
if (array_key_exists('superuser', $orig_permissions_array)) {
|
||||
$orig_superuser = $orig_permissions_array['superuser'];
|
||||
}
|
||||
}
|
||||
|
||||
if (is_array($orig_permissions_array)) {
|
||||
if (array_key_exists('admin', $orig_permissions_array)) {
|
||||
$orig_admin = $orig_permissions_array['admin'];
|
||||
}
|
||||
}
|
||||
|
||||
// Update the user fields
|
||||
|
||||
if (auth()->user()->can('manageContactInfo')) {
|
||||
$user->email = trim($request->input('email'));
|
||||
$user->phone = $request->input('phone');
|
||||
$user->mobile = $request->input('mobile');
|
||||
$user->address = $request->input('address', null);
|
||||
$user->city = $request->input('city', null);
|
||||
$user->state = $request->input('state', null);
|
||||
$user->country = $request->input('country', null);
|
||||
$user->zip = $request->input('zip', null);
|
||||
$user->website = $request->input('website', null);
|
||||
}
|
||||
|
||||
$user->first_name = $request->input('first_name');
|
||||
$user->last_name = $request->input('last_name');
|
||||
$user->display_name = $request->input('display_name');
|
||||
@@ -276,21 +316,13 @@ class UsersController extends Controller
|
||||
$user->locale = $request->input('locale');
|
||||
$user->employee_num = $request->input('employee_num');
|
||||
$user->jobtitle = $request->input('jobtitle', null);
|
||||
$user->phone = $request->input('phone');
|
||||
$user->mobile = $request->input('mobile');
|
||||
$user->location_id = $request->input('location_id', null);
|
||||
$companyIds = array_filter(array_map('intval', (array) ($request->input('company_ids') ?? ($request->filled('company_id') ? [$request->input('company_id')] : []))));
|
||||
$user->company_id = Company::getIdForUser($request->input('company_id', null));
|
||||
$user->manager_id = $request->input('manager_id', null);
|
||||
$user->notes = $request->input('notes');
|
||||
$user->department_id = $request->input('department_id', null);
|
||||
$user->address = $request->input('address', null);
|
||||
$user->city = $request->input('city', null);
|
||||
$user->state = $request->input('state', null);
|
||||
$user->country = $request->input('country', null);
|
||||
$user->zip = $request->input('zip', null);
|
||||
$user->remote = $request->input('remote', 0);
|
||||
$user->vip = $request->input('vip', 0);
|
||||
$user->website = $request->input('website', null);
|
||||
$user->start_date = $request->input('start_date', null);
|
||||
$user->end_date = $request->input('end_date', null);
|
||||
$user->autoassign_licenses = $request->input('autoassign_licenses', 0);
|
||||
@@ -315,15 +347,21 @@ class UsersController extends Controller
|
||||
$user->password = bcrypt($request->input('password'));
|
||||
}
|
||||
|
||||
if ($request->has('permission')) {
|
||||
$user->permissions = json_encode(PreserveUnauthorizedPrivilegedPermissionsAction::run(
|
||||
requestedPermissions: NormalizePermissionsPayloadAction::run($request->input('permission')),
|
||||
authenticatedUser: $authenticatedUser,
|
||||
originalPermissions: $orig_permissions_array,
|
||||
targetUser: $user,
|
||||
));
|
||||
$permissions_array = $request->input('permission');
|
||||
|
||||
// Strip out the superuser permission if the user isn't a superadmin
|
||||
if (! auth()->user()->isSuperUser()) {
|
||||
unset($permissions_array['superuser']);
|
||||
$permissions_array['superuser'] = $orig_superuser;
|
||||
}
|
||||
|
||||
if ((! auth()->user()->isSuperUser()) && (! auth()->user()->isAdmin())) {
|
||||
unset($permissions_array['admin']);
|
||||
$permissions_array['admin'] = $orig_admin;
|
||||
}
|
||||
|
||||
$user->permissions = json_encode($permissions_array);
|
||||
|
||||
// Only save groups if the user is a superuser
|
||||
if (auth()->user()->isSuperUser()) {
|
||||
$user->groups()->sync($request->input('groups'));
|
||||
@@ -340,8 +378,6 @@ class UsersController extends Controller
|
||||
session()->put(['redirect_option' => $request->input('redirect_option')]);
|
||||
|
||||
if ($user->save()) {
|
||||
$user->syncCompaniesWithLogging(Company::getIdsForCurrentUser($companyIds));
|
||||
|
||||
// Redirect to the user page
|
||||
return Helper::getRedirectOption($request, $user->id, 'Users')
|
||||
->with('success', trans('admin/users/message.success.update'));
|
||||
@@ -449,7 +485,6 @@ class UsersController extends Controller
|
||||
'accessories',
|
||||
'licenses',
|
||||
'userloc',
|
||||
'groups',
|
||||
])
|
||||
->withTrashed()
|
||||
->find($user->id);
|
||||
@@ -460,7 +495,6 @@ class UsersController extends Controller
|
||||
return view('users/view', [
|
||||
'user' => $user,
|
||||
'settings' => Setting::getSettings(),
|
||||
'effectivePermissionsBySection' => $user->getEffectivePermissionsBySection(),
|
||||
]);
|
||||
}
|
||||
|
||||
@@ -486,7 +520,7 @@ class UsersController extends Controller
|
||||
$permissions = $request->input('permissions', []);
|
||||
app('request')->request->set('permissions', $permissions);
|
||||
|
||||
$user_to_clone = User::with('userloc', 'companies')->withTrashed()->find($user->id);
|
||||
$user_to_clone = User::with('userloc')->withTrashed()->find($user->id);
|
||||
// Make sure they can view this particular user
|
||||
$this->authorize('view', $user_to_clone);
|
||||
|
||||
@@ -497,11 +531,15 @@ class UsersController extends Controller
|
||||
// Blank out some fields
|
||||
$user->first_name = '';
|
||||
$user->last_name = '';
|
||||
$user->email = substr($user->email, ($pos = strpos($user->email, '@')) !== false ? $pos : 0);
|
||||
|
||||
$user->id = null;
|
||||
$user->username = null;
|
||||
$user->avatar = null;
|
||||
|
||||
if (auth()->user()->can('manageContactInfo')) {
|
||||
$user->email = substr($user->email, ($pos = strpos($user->email, '@')) !== false ? $pos : 0);
|
||||
}
|
||||
|
||||
// Get this user's groups
|
||||
$userGroups = $user_to_clone->groups()->pluck('name', 'id');
|
||||
|
||||
@@ -552,67 +590,85 @@ class UsersController extends Controller
|
||||
trans('admin/users/table.first_name'),
|
||||
trans('admin/users/table.last_name'),
|
||||
trans('admin/users/table.name'),
|
||||
trans('admin/users/table.display_name'),
|
||||
trans('admin/users/table.username'),
|
||||
trans('admin/users/table.email'),
|
||||
trans('admin/users/table.phone'),
|
||||
trans('admin/users/table.mobile'),
|
||||
trans('general.website'),
|
||||
trans('general.address'),
|
||||
trans('general.city'),
|
||||
trans('general.state'),
|
||||
trans('general.country'),
|
||||
trans('general.zip'),
|
||||
trans('admin/users/table.display_name'),
|
||||
];
|
||||
|
||||
if (auth()->user()->can('manageContactInfo')) {
|
||||
array_push($headers,
|
||||
trans('admin/users/table.email'),
|
||||
trans('admin/users/table.phone'),
|
||||
trans('admin/users/table.mobile'),
|
||||
trans('general.address'),
|
||||
trans('general.city'),
|
||||
trans('general.state'),
|
||||
trans('general.country'),
|
||||
trans('general.zip'),
|
||||
trans('general.website'));
|
||||
|
||||
}
|
||||
|
||||
array_push($headers,
|
||||
trans('admin/users/table.manager'),
|
||||
trans('admin/users/table.location'),
|
||||
trans('general.department'),
|
||||
trans('admin/users/general.department_manager'),
|
||||
trans('general.assets'),
|
||||
trans('general.licenses'),
|
||||
trans('general.accessories'),
|
||||
trans('general.consumables'),
|
||||
trans('admin/users/table.managed_users'),
|
||||
trans('admin/users/table.managed_locations'),
|
||||
trans('general.groups'),
|
||||
trans('general.permissions'),
|
||||
trans('general.notes'),
|
||||
trans('admin/users/table.activated'),
|
||||
trans('general.created_at'),
|
||||
trans('general.importer.vip'),
|
||||
trans('admin/users/general.remote'),
|
||||
trans('general.language'),
|
||||
trans('general.autoassign_licenses'),
|
||||
trans('general.ldap_sync'),
|
||||
trans('admin/settings/general.ldap_enabled'),
|
||||
trans('admin/users/general.two_factor_enrolled'),
|
||||
trans('admin/users/general.two_factor_active'),
|
||||
trans('admin/users/table.managed_users'),
|
||||
trans('admin/users/table.managed_locations'),
|
||||
trans('admin/users/general.department_manager'),
|
||||
trans('general.created_by'),
|
||||
trans('general.updated_at'),
|
||||
trans('general.autoassign_licenses'),
|
||||
trans('admin/users/general.remote'),
|
||||
trans('admin/users/general.vip_label'),
|
||||
trans('general.language'),
|
||||
trans('general.start_date'),
|
||||
trans('general.end_date'),
|
||||
trans('admin/users/table.last_login'),
|
||||
trans('admin/licenses/table.deleted_at'),
|
||||
];
|
||||
|
||||
fputcsv($handle, $headers);
|
||||
trans('general.last_login'),
|
||||
trans('general.updated_at'),
|
||||
trans('general.created_at'),
|
||||
trans('general.created_by'),
|
||||
);
|
||||
|
||||
$users = User::with(
|
||||
'assets',
|
||||
'accessories',
|
||||
'consumables',
|
||||
'department.manager',
|
||||
'department',
|
||||
'licenses',
|
||||
'manager',
|
||||
'groups',
|
||||
'userloc',
|
||||
'companies',
|
||||
'createdBy'
|
||||
)->withCount(['managesUsers as manages_users_count', 'managedLocations as manages_locations_count'])
|
||||
->orderBy('created_at', 'DESC')
|
||||
->chunk(500, function ($users) use ($handle) {
|
||||
'company'
|
||||
)->withCount([
|
||||
'assets as assets_count' => function (Builder $query) {
|
||||
$query->withoutTrashed();
|
||||
},
|
||||
'licenses as licenses_count',
|
||||
'accessories as accessories_count',
|
||||
'consumables as consumables_count',
|
||||
'managesUsers as manages_users_count',
|
||||
'managedLocations as manages_locations_count',
|
||||
])->orderBy('created_at', 'DESC')
|
||||
->chunk(500, function ($users) use ($handle, $headers) {
|
||||
|
||||
$formatter = new EscapeFormula('`');
|
||||
fputcsv($handle, $headers);
|
||||
|
||||
foreach ($users as $user) {
|
||||
$user_groups = '';
|
||||
|
||||
foreach ($user->groups as $user_group) {
|
||||
$user_groups .= $user_group->name.', ';
|
||||
}
|
||||
|
||||
$permissionstring = '';
|
||||
|
||||
if ($user->isSuperUser()) {
|
||||
@@ -626,61 +682,62 @@ class UsersController extends Controller
|
||||
// Add a new row with data
|
||||
$values = [
|
||||
$user->id,
|
||||
$user->companies->pluck('name')->implode('|'),
|
||||
($user->company) ? $user->company->name : '',
|
||||
$user->jobtitle,
|
||||
$user->employee_num,
|
||||
$user->first_name,
|
||||
$user->last_name,
|
||||
$user->getFullNameAttribute(),
|
||||
$user->getRawOriginal('display_name'),
|
||||
$user->display_name,
|
||||
$user->username,
|
||||
$user->email,
|
||||
$user->phone,
|
||||
$user->mobile,
|
||||
$user->website,
|
||||
$user->address,
|
||||
$user->city,
|
||||
$user->state,
|
||||
$user->country,
|
||||
$user->zip,
|
||||
$user->getRawOriginal('display_name'),
|
||||
];
|
||||
|
||||
if (auth()->user()->can('manageContactInfo')) {
|
||||
|
||||
array_push($values,
|
||||
$user->email,
|
||||
$user->phone,
|
||||
$user->mobile,
|
||||
$user->address,
|
||||
$user->city,
|
||||
$user->state,
|
||||
$user->country,
|
||||
$user->zip,
|
||||
$user->website,
|
||||
);
|
||||
}
|
||||
|
||||
array_push($values,
|
||||
($user->manager) ? $user->manager->display_name : '',
|
||||
($user->userloc) ? $user->userloc->name : '',
|
||||
($user->department) ? $user->department->name : '',
|
||||
$user->assets->count(),
|
||||
$user->licenses->count(),
|
||||
$user->accessories->count(),
|
||||
$user->consumables->count(),
|
||||
$user->groups->pluck('name')->implode(', '),
|
||||
(($user->department) && ($user->department->manager)) ? $user->department->manager->display_name : '',
|
||||
$user->assets_count,
|
||||
$user->licenses_count,
|
||||
$user->accessories_count,
|
||||
$user->consumables_count,
|
||||
$user->manages_users_count,
|
||||
$user->manages_locations_count,
|
||||
$user_groups,
|
||||
$permissionstring,
|
||||
$user->notes,
|
||||
($user->activated == '1') ? trans('general.yes') : trans('general.no'),
|
||||
$user->created_at,
|
||||
($user->vip == '1') ? trans('general.yes') : trans('general.no'),
|
||||
($user->remote == '1') ? trans('general.yes') : trans('general.no'),
|
||||
$user->locale,
|
||||
($user->autoassign_licenses == '1') ? trans('general.yes') : trans('general.no'),
|
||||
($user->ldap_import == '1') ? trans('general.yes') : trans('general.no'),
|
||||
($user->two_factor_active_and_enrolled()) ? trans('general.yes') : trans('general.no'),
|
||||
($user->two_factor_active()) ? trans('general.yes') : trans('general.no'),
|
||||
$user->manages_users_count,
|
||||
$user->manages_locations_count,
|
||||
($user->department && $user->department->manager) ? $user->department->manager->display_name : '',
|
||||
($user->createdBy) ? $user->createdBy->display_name : '',
|
||||
$user->updated_at,
|
||||
($user->autoassign_licenses == '1') ? trans('general.yes') : trans('general.no'),
|
||||
($user->remote == '1') ? trans('general.yes') : trans('general.no'),
|
||||
($user->vip == '1') ? trans('general.yes') : trans('general.no'),
|
||||
$user->locale,
|
||||
$user->start_date,
|
||||
$user->end_date,
|
||||
$user->last_login,
|
||||
$user->deleted_at,
|
||||
];
|
||||
$user->updated_at,
|
||||
$user->created_at,
|
||||
$user->createdBy?->display_name,
|
||||
);
|
||||
|
||||
// CSV_ESCAPE_FORMULAS is set to false in the .env
|
||||
if (config('app.escape_formulas') === false) {
|
||||
fputcsv($handle, $values);
|
||||
|
||||
// CSV_ESCAPE_FORMULAS is set to true or is not set in the .env
|
||||
} else {
|
||||
fputcsv($handle, $formatter->escapeRecord($values));
|
||||
}
|
||||
fputcsv($handle, $values);
|
||||
}
|
||||
});
|
||||
|
||||
@@ -705,24 +762,32 @@ class UsersController extends Controller
|
||||
{
|
||||
$this->authorize('view', User::class);
|
||||
|
||||
$actor = auth()->user();
|
||||
$canViewLicenses = $actor->can('view', License::class);
|
||||
$canViewAccessories = $actor->can('view', Accessory::class);
|
||||
$canViewConsumables = $actor->can('view', Consumable::class);
|
||||
|
||||
$user = User::withInventoryRelations($id, $canViewLicenses, $canViewAccessories, $canViewConsumables)->first();
|
||||
|
||||
$indirectItemsCount = $user?->assets?->flatMap->assignedAssets->count()
|
||||
+ $user?->assets?->flatMap->components->count()
|
||||
+ ($canViewLicenses ? $user?->assets?->flatMap->licenses->count() : 0)
|
||||
+ ($canViewAccessories ? $user?->assets?->flatMap->assignedAccessories->count() : 0);
|
||||
$user = User::where('id', $id)
|
||||
->with([
|
||||
'assets.log' => fn ($query) => $query->withTrashed()->where('target_type', User::class)->where('target_id', $id)->where('action_type', 'accepted'),
|
||||
'assets.assignedAssets.log' => fn ($query) => $query->withTrashed()->where('target_type', User::class)->where('target_id', $id)->where('action_type', 'accepted'),
|
||||
'assets.assignedAssets.defaultLoc',
|
||||
'assets.assignedAssets.location',
|
||||
'assets.assignedAssets.model.category',
|
||||
'assets.defaultLoc',
|
||||
'assets.location',
|
||||
'assets.model.category',
|
||||
'accessories.log' => fn ($query) => $query->withTrashed()->where('target_type', User::class)->where('target_id', $id)->where('action_type', 'accepted'),
|
||||
'accessories.category',
|
||||
'accessories.manufacturer',
|
||||
'consumables.log' => fn ($query) => $query->withTrashed()->where('target_type', User::class)->where('target_id', $id)->where('action_type', 'accepted'),
|
||||
'consumables.category',
|
||||
'consumables.manufacturer',
|
||||
'licenses.category',
|
||||
])
|
||||
->withTrashed()
|
||||
->first();
|
||||
|
||||
if ($user) {
|
||||
$this->authorize('view', $user);
|
||||
|
||||
return view('users.print')
|
||||
->with('users', [$user])
|
||||
->with('indirectItemsCount', $indirectItemsCount)
|
||||
->with('settings', Setting::getSettings());
|
||||
}
|
||||
|
||||
@@ -763,48 +828,6 @@ class UsersController extends Controller
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Resend pending acceptance reminder email for a specific user.
|
||||
*/
|
||||
public function resendAcceptanceReminder(User $user): RedirectResponse
|
||||
{
|
||||
$this->authorize('view', $user);
|
||||
|
||||
if (empty($user->email)) {
|
||||
return redirect()->back()->with('error', trans('admin/users/message.user_has_no_email'));
|
||||
}
|
||||
|
||||
if ($user->activated == '0') {
|
||||
return redirect()->back()->with('error', trans('admin/users/message.not_activated'));
|
||||
}
|
||||
|
||||
$pendingItems = $user->getAssignedItemsWithPendingAcceptance();
|
||||
|
||||
if ($pendingItems->isEmpty()) {
|
||||
return redirect()->back()->with('warning', trans('admin/users/message.error.no_pending_acceptances'));
|
||||
}
|
||||
|
||||
$firstAcceptance = CheckoutAcceptance::query()
|
||||
->forUser($user)
|
||||
->pending()
|
||||
->with('assignedTo')
|
||||
->first();
|
||||
|
||||
if (! $firstAcceptance) {
|
||||
return redirect()->back()->with('warning', trans('admin/users/message.error.no_pending_acceptances'));
|
||||
}
|
||||
|
||||
$mailable = new UnacceptedAssetReminderMail($firstAcceptance, $pendingItems->count());
|
||||
|
||||
if (! empty($user->locale)) {
|
||||
$mailable->locale($user->locale);
|
||||
}
|
||||
|
||||
Mail::to($user->email)->send($mailable);
|
||||
|
||||
return redirect()->back()->with('success', trans_choice('admin/users/message.success.acceptance_reminder_sent', $pendingItems->count(), ['count' => $pendingItems->count()]));
|
||||
}
|
||||
|
||||
/**
|
||||
* Send individual password reset email
|
||||
*
|
||||
|
||||
@@ -19,7 +19,6 @@ use Illuminate\Contracts\View\View;
|
||||
use Illuminate\Http\RedirectResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Collection;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
|
||||
/**
|
||||
* This controller handles all actions related to the ability for users
|
||||
@@ -121,7 +120,6 @@ class ViewAssetsController extends Controller
|
||||
'consumables',
|
||||
'accessories',
|
||||
'licenses',
|
||||
'companies',
|
||||
])->find($selectedUserId);
|
||||
|
||||
// If the user to view couldn't be found (shouldn't happen with proper logic), redirect with error
|
||||
@@ -153,7 +151,7 @@ class ViewAssetsController extends Controller
|
||||
'requests',
|
||||
'assets' => function ($q) {
|
||||
$q->where('requestable', 1)
|
||||
->whereHas('status', fn ($s) => $s->where('archived', 0)
|
||||
->whereHas('assetstatus', fn ($s) => $s->where('archived', 0)
|
||||
->where(fn ($s) => $s->where('deployable', 1)->orWhere('pending', 1)
|
||||
)
|
||||
);
|
||||
@@ -201,39 +199,21 @@ class ViewAssetsController extends Controller
|
||||
|
||||
$settings = Setting::getSettings();
|
||||
|
||||
$is_admin = $user->isSuperUser() || $user->isAdmin();
|
||||
|
||||
if ($cancel_by_admin && ! $is_admin) {
|
||||
return redirect()->back()->with('error', trans('general.insufficient_permissions'));
|
||||
}
|
||||
|
||||
if (($item_request = $item->isRequestedBy($user)) || ($is_admin && $cancel_by_admin)) {
|
||||
$item->cancelRequest($is_admin && $cancel_by_admin ? $requestingUser : null);
|
||||
if (($item_request = $item->isRequestedBy($user)) || $cancel_by_admin) {
|
||||
$item->cancelRequest($requestingUser);
|
||||
$data['item_quantity'] = ($item_request) ? $item_request->qty : 1;
|
||||
$logaction->logaction(ActionType::RequestCanceled);
|
||||
|
||||
if (($settings->alert_email != '') && ($settings->alerts_enabled == '1') && (! config('app.lock_passwords'))) {
|
||||
try {
|
||||
$settings->notify((new RequestAssetCancelation($data))->locale($settings->locale));
|
||||
} catch (Exception $e) {
|
||||
Log::warning('Could not send request cancellation notification: '.$e->getMessage());
|
||||
}
|
||||
$settings->notify(new RequestAssetCancelation($data));
|
||||
}
|
||||
|
||||
return redirect()->back()->with('success')->with('success', trans('admin/hardware/message.requests.canceled'));
|
||||
} else {
|
||||
if ($fullItemType === Asset::class && is_null(Asset::RequestableAssets()->find($item->id))) {
|
||||
return redirect()->back()->with('error', trans('admin/hardware/message.requests.error'));
|
||||
}
|
||||
|
||||
$item->request();
|
||||
if (($settings->alert_email != '') && ($settings->alerts_enabled == '1') && (! config('app.lock_passwords'))) {
|
||||
$logaction->logaction('requested');
|
||||
try {
|
||||
$settings->notify((new RequestAssetNotification($data))->locale($settings->locale));
|
||||
} catch (Exception $e) {
|
||||
Log::warning('Could not send asset request notification: '.$e->getMessage());
|
||||
}
|
||||
$settings->notify(new RequestAssetNotification($data));
|
||||
}
|
||||
|
||||
return redirect()->route('requestable-assets')->with('success')->with('success', trans('admin/hardware/message.requests.success'));
|
||||
|
||||
+2
-4
@@ -2,6 +2,7 @@
|
||||
|
||||
namespace App\Http;
|
||||
|
||||
use App\Http\Middleware\AssetCountForSidebar;
|
||||
use App\Http\Middleware\CheckColorSettings;
|
||||
use App\Http\Middleware\CheckForDebug;
|
||||
use App\Http\Middleware\CheckForSetup;
|
||||
@@ -10,13 +11,11 @@ use App\Http\Middleware\CheckLocale;
|
||||
use App\Http\Middleware\CheckPermissions;
|
||||
use App\Http\Middleware\CheckUserIsActivated;
|
||||
use App\Http\Middleware\EncryptCookies;
|
||||
use App\Http\Middleware\LogAuthedUserHeader;
|
||||
use App\Http\Middleware\NoSessionStore;
|
||||
use App\Http\Middleware\PreventBackHistory;
|
||||
use App\Http\Middleware\RedirectIfAuthenticated;
|
||||
use App\Http\Middleware\SecurityHeaders;
|
||||
use App\Http\Middleware\SetAPIResponseHeaders;
|
||||
use App\Http\Middleware\SetPaginationDefaults;
|
||||
use App\Http\Middleware\TrimStrings;
|
||||
use App\Http\Middleware\TrustProxies;
|
||||
use App\Http\Middleware\VerifyCsrfToken;
|
||||
@@ -74,6 +73,7 @@ class Kernel extends HttpKernel
|
||||
CheckUserIsActivated::class,
|
||||
CheckForTwoFactor::class,
|
||||
CreateFreshApiToken::class,
|
||||
AssetCountForSidebar::class,
|
||||
CheckColorSettings::class,
|
||||
AuthenticateSession::class,
|
||||
SubstituteBindings::class,
|
||||
@@ -82,8 +82,6 @@ class Kernel extends HttpKernel
|
||||
'api' => [
|
||||
'auth:api',
|
||||
CheckLocale::class,
|
||||
LogAuthedUserHeader::class,
|
||||
SetPaginationDefaults::class,
|
||||
SubstituteBindings::class,
|
||||
],
|
||||
|
||||
|
||||
@@ -0,0 +1,119 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use App\Models\Asset;
|
||||
use App\Models\Setting;
|
||||
use Closure;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
|
||||
class AssetCountForSidebar
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param Request $request
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
/**
|
||||
* This needs to be set for the /setup process, since the tables might not exist yet
|
||||
*/
|
||||
$total_assets = 0;
|
||||
$total_due_for_checkin = 0;
|
||||
$total_overdue_for_checkin = 0;
|
||||
$total_due_for_audit = 0;
|
||||
$total_overdue_for_audit = 0;
|
||||
|
||||
try {
|
||||
$settings = Setting::getSettings();
|
||||
view()->share('settings', $settings);
|
||||
} catch (\Exception $e) {
|
||||
Log::debug($e);
|
||||
}
|
||||
|
||||
try {
|
||||
$total_assets = Asset::AssetsForShow()->count();
|
||||
view()->share('total_assets', $total_assets);
|
||||
} catch (\Exception $e) {
|
||||
Log::debug($e);
|
||||
}
|
||||
|
||||
try {
|
||||
$total_rtd_sidebar = Asset::RTD()->count();
|
||||
view()->share('total_rtd_sidebar', $total_rtd_sidebar);
|
||||
} catch (\Exception $e) {
|
||||
Log::debug($e);
|
||||
}
|
||||
|
||||
try {
|
||||
$total_deployed_sidebar = Asset::Deployed()->count();
|
||||
view()->share('total_deployed_sidebar', $total_deployed_sidebar);
|
||||
} catch (\Exception $e) {
|
||||
Log::debug($e);
|
||||
}
|
||||
|
||||
try {
|
||||
$total_archived_sidebar = Asset::Archived()->count();
|
||||
view()->share('total_archived_sidebar', $total_archived_sidebar);
|
||||
} catch (\Exception $e) {
|
||||
Log::debug($e);
|
||||
}
|
||||
|
||||
try {
|
||||
$total_pending_sidebar = Asset::Pending()->count();
|
||||
view()->share('total_pending_sidebar', $total_pending_sidebar);
|
||||
} catch (\Exception $e) {
|
||||
Log::debug($e);
|
||||
}
|
||||
|
||||
try {
|
||||
$total_undeployable_sidebar = Asset::Undeployable()->count();
|
||||
view()->share('total_undeployable_sidebar', $total_undeployable_sidebar);
|
||||
} catch (\Exception $e) {
|
||||
Log::debug($e);
|
||||
}
|
||||
|
||||
try {
|
||||
$total_byod_sidebar = Asset::where('byod', '=', '1')->count();
|
||||
view()->share('total_byod_sidebar', $total_byod_sidebar);
|
||||
} catch (\Exception $e) {
|
||||
Log::debug($e);
|
||||
}
|
||||
|
||||
try {
|
||||
$total_due_for_audit = Asset::DueForAudit($settings)->count();
|
||||
view()->share('total_due_for_audit', $total_due_for_audit);
|
||||
} catch (\Exception $e) {
|
||||
Log::debug($e);
|
||||
}
|
||||
|
||||
try {
|
||||
$total_overdue_for_audit = Asset::OverdueForAudit()->count();
|
||||
view()->share('total_overdue_for_audit', $total_overdue_for_audit);
|
||||
} catch (\Exception $e) {
|
||||
Log::debug($e);
|
||||
}
|
||||
|
||||
try {
|
||||
$total_due_for_checkin = Asset::DueForCheckin($settings)->count();
|
||||
view()->share('total_due_for_checkin', $total_due_for_checkin);
|
||||
} catch (\Exception $e) {
|
||||
Log::debug($e);
|
||||
}
|
||||
|
||||
try {
|
||||
$total_overdue_for_checkin = Asset::OverdueForCheckin()->count();
|
||||
view()->share('total_overdue_for_checkin', $total_overdue_for_checkin);
|
||||
} catch (\Exception $e) {
|
||||
Log::debug($e);
|
||||
}
|
||||
|
||||
view()->share('total_due_and_overdue_for_checkin', ($total_due_for_checkin + $total_overdue_for_checkin));
|
||||
view()->share('total_due_and_overdue_for_audit', ($total_due_for_audit + $total_overdue_for_audit));
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user