Merge branch 'develop'

Bumped version
2017-10-02 15:27:33 -07:00 · 2017-10-02 15:27:18 -07:00 · 2017-10-02 13:31:08 -07:00 · 2017-10-02 13:29:42 -07:00 · 2017-10-02 13:29:14 -07:00 · 2017-10-02 13:09:17 -07:00
119 changed files with 2293 additions and 1789 deletions
@@ -737,6 +737,24 @@
      "contributions": [
        "code"
      ]
+    },
+    {
+      "login": "richardhofman6",
+      "name": "Richard Hofman",
+      "avatar_url": "https://avatars1.githubusercontent.com/u/6551003?v=4",
+      "profile": "https://github.com/richardhofman6",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "gizzmojr",
+      "name": "gizzmojr",
+      "avatar_url": "https://avatars0.githubusercontent.com/u/3697569?v=4",
+      "profile": "https://github.com/gizzmojr",
+      "contributions": [
+        "code"
+      ]
    }
  ]
 }
@@ -19,6 +19,8 @@ DB_USERNAME=null
 DB_PASSWORD=null
 DB_PREFIX=null
 DB_DUMP_PATH='/usr/bin'
+DB_CHARSET=utf8mb4
+DB_COLLATION=utf8mb4_unicode_ci

 # --------------------------------------------
 # OPTIONAL: SSL DATABASE SETTINGS
@@ -63,6 +65,13 @@ COOKIE_DOMAIN=null
 SECURE_COOKIES=false


+# --------------------------------------------
+# OPTIONAL: SECURITY HEADER SETTINGS
+# --------------------------------------------
+REFERRER_POLICY=strict-origin
+ENABLE_CSP=false
+
+
 # --------------------------------------------
 # OPTIONAL: CACHE SETTINGS
 # --------------------------------------------
@@ -12,20 +12,27 @@

 #### Please confirm you have done the following before posting your bug report:

- [ ] I have enabled debug mode
+- [ ] I have enabled debug mode 
 - [ ] I have read [checked the Common Issues page](https://snipe-it.readme.io/docs/common-issues)

 -----
-#### Please provide answers to these questions before posting your bug report:
+#### Provide answers to these questions:

+- Is this a fresh install or an upgrade? 
 - Version of Snipe-IT you're running
+- Version of PHP you're running
+- Version of MySQL/MariaDB you're running
 - What OS and web server you're running Snipe-IT on
 - What method you used to install Snipe-IT (install.sh, manual installation, docker, etc)
 - WITH DEBUG TURNED ON, if you're getting an error in your browser, include that error
 - What specific Snipe-IT page you're on, and what specific element you're interacting with to trigger the error
 - If a stacktrace is provided in the error, include that too.
 - Any errors that appear in your browser's error console.
- Confirm whether the error is [reproduceable on the demo](https://snipeitapp.com/demo).
+- Confirm whether the error is reproduceable on the demo: https://snipeitapp.com/demo.
 - Include any additional information you can find in `app/storage/logs` and your webserver's logs.
 - Include what you've done so far in the installation, and if you got any error messages along the way.
 - Indicate whether or not you've manually edited any data directly in the database
+
+Please do not post an issue without answering the related questions above. If you have opened a different issue and already answered these questions, answer them again, once for every ticket. It will be next to impossible for us to help you.
+
+https://snipe-it.readme.io/docs/getting-help
@@ -43,7 +43,7 @@ before_script:
 # use the $DB env variable to determine the phpunit.xml to use
 # script: ./vendor/bin/codecept run --env testing-ci
 script:
-  - ./vendor/bin/codecept run unit --env testing-ci
+  - ./vendor/bin/codecept run unit
 #  - ./vendor/bin/codecept run acceptance --env=testing-ci
  - ./vendor/bin/codecept run functional --env=functional-travis
 #script: ./vendor/bin/codecept run
@@ -1,5 +1,5 @@
 [![Build Status](https://travis-ci.org/snipe/snipe-it.svg?branch=develop)](https://travis-ci.org/snipe/snipe-it) [![Stories in Ready](https://badge.waffle.io/snipe/snipe-it.png?label=ready+for+dev&amp;title=Ready+for+development)](http://waffle.io/snipe/snipe-it) [![Maintenance](https://img.shields.io/maintenance/yes/2017.svg)]() [![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.png)](https://crowdin.com/project/snipe-it) [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/snipe/snipe-it?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeyhead.svg?style=social)](https://twitter.com/snipeyhead) [![Zenhub](https://raw.githubusercontent.com/ZenHubIO/support/master/zenhub-badge.png)](https://zenhub.io) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://www.codacy.com/app/snipe/snipe-it?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=snipe/snipe-it&amp;utm_campaign=Badge_Grade)
-[![All Contributors](https://img.shields.io/badge/all_contributors-79-orange.svg?style=flat-square)](#contributors)
+[![All Contributors](https://img.shields.io/badge/all_contributors-81-orange.svg?style=flat-square)](#contributors)


 ## Snipe-IT - Open Source Asset Management System
@@ -67,7 +67,7 @@ Thanks goes to all of these wonderful people ([emoji key](https://github.com/ken
 | [<img src="https://avatars0.githubusercontent.com/u/8341172?v=3" width="110px;"/><br /><sub>Jay Richards</sub>](http://www.cordeos.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=technogenus "Code") | [<img src="https://avatars2.githubusercontent.com/u/7295127?v=3" width="110px;"/><br /><sub>Alexander Innes</sub>](https://necurity.co.uk)<br />[💻](https://github.com/snipe/snipe-it/commits?author=leostat "Code") | [<img src="https://avatars2.githubusercontent.com/u/334485?v=3" width="110px;"/><br /><sub>Danny Garcia</sub>](https://buzzedword.codes)<br />[💻](https://github.com/snipe/snipe-it/commits?author=buzzedword "Code") | [<img src="https://avatars2.githubusercontent.com/u/366855?v=3" width="110px;"/><br /><sub>archpoint</sub>](https://github.com/archpoint)<br />[💻](https://github.com/snipe/snipe-it/commits?author=archpoint "Code") | [<img src="https://avatars1.githubusercontent.com/u/67991?v=3" width="110px;"/><br /><sub>Jake McGraw</sub>](http://www.jakemcgraw.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=jakemcgraw "Code") | [<img src="https://avatars1.githubusercontent.com/u/1714374?v=3" width="110px;"/><br /><sub>FleischKarussel</sub>](https://github.com/FleischKarussel)<br />[📖](https://github.com/snipe/snipe-it/commits?author=FleischKarussel "Documentation") | [<img src="https://avatars3.githubusercontent.com/u/319644?v=3" width="110px;"/><br /><sub>Dylan Yi</sub>](https://github.com/feeva)<br />[💻](https://github.com/snipe/snipe-it/commits?author=feeva "Code") |
 | [<img src="https://avatars2.githubusercontent.com/u/857740?v=3" width="110px;"/><br /><sub>Gil Rutkowski</sub>](http://FlashingCursor.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=flashingcursor "Code") | [<img src="https://avatars3.githubusercontent.com/u/129360?v=3" width="110px;"/><br /><sub>Desmond Morris</sub>](http://www.desmondmorris.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=desmondmorris "Code") | [<img src="https://avatars2.githubusercontent.com/u/52936?v=3" width="110px;"/><br /><sub>Nick Peelman</sub>](http://peelman.us)<br />[💻](https://github.com/snipe/snipe-it/commits?author=peelman "Code") | [<img src="https://avatars0.githubusercontent.com/u/53161?v=3" width="110px;"/><br /><sub>Abraham Vegh</sub>](https://abrahamvegh.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=abrahamvegh "Code") | [<img src="https://avatars0.githubusercontent.com/u/2818680?v=3" width="110px;"/><br /><sub>Mohamed Rashid</sub>](https://github.com/rashivkp)<br />[📖](https://github.com/snipe/snipe-it/commits?author=rashivkp "Documentation") | [<img src="https://avatars3.githubusercontent.com/u/1509456?v=3" width="110px;"/><br /><sub>Kasey</sub>](http://hinchk.github.io)<br />[💻](https://github.com/snipe/snipe-it/commits?author=HinchK "Code") | [<img src="https://avatars2.githubusercontent.com/u/10522541?v=3" width="110px;"/><br /><sub>Brett</sub>](https://github.com/BrettFagerlund)<br />[⚠️](https://github.com/snipe/snipe-it/commits?author=BrettFagerlund "Tests") |
 | [<img src="https://avatars2.githubusercontent.com/u/16108587?v=3" width="110px;"/><br /><sub>Jason Spriggs</sub>](http://jasonspriggs.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=jasonspriggs "Code") | [<img src="https://avatars2.githubusercontent.com/u/1134568?v=3" width="110px;"/><br /><sub>Nate Felton</sub>](http://n8felton.wordpress.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=n8felton "Code") | [<img src="https://avatars2.githubusercontent.com/u/14036694?v=3" width="110px;"/><br /><sub>Manasses Ferreira</sub>](http://homepages.dcc.ufmg.br/~manassesferreira)<br />[💻](https://github.com/snipe/snipe-it/commits?author=manassesferreira "Code") | [<img src="https://avatars0.githubusercontent.com/u/15913949?v=3" width="110px;"/><br /><sub>Steve</sub>](https://github.com/steveelwood)<br />[⚠️](https://github.com/snipe/snipe-it/commits?author=steveelwood "Tests") | [<img src="https://avatars1.githubusercontent.com/u/3361683?v=3" width="110px;"/><br /><sub>matc</sub>](http://twitter.com/matc)<br />[⚠️](https://github.com/snipe/snipe-it/commits?author=matc "Tests") | [<img src="https://avatars3.githubusercontent.com/u/7405702?v=3" width="110px;"/><br /><sub>Cole R. Davis</sub>](http://www.davisracingteam.com)<br />[⚠️](https://github.com/snipe/snipe-it/commits?author=VanillaNinjaD "Tests") | [<img src="https://avatars2.githubusercontent.com/u/10167681?v=3" width="110px;"/><br /><sub>gibsonjoshua55</sub>](https://github.com/gibsonjoshua55)<br />[💻](https://github.com/snipe/snipe-it/commits?author=gibsonjoshua55 "Code") |
-| [<img src="https://avatars2.githubusercontent.com/u/2809241?v=4" width="110px;"/><br /><sub>Robin Temme</sub>](https://github.com/zwerch)<br />[💻](https://github.com/snipe/snipe-it/commits?author=zwerch "Code") | [<img src="https://avatars0.githubusercontent.com/u/6961695?v=4" width="110px;"/><br /><sub>Iman</sub>](https://github.com/imanghafoori1)<br />[💻](https://github.com/snipe/snipe-it/commits?author=imanghafoori1 "Code") |
+| [<img src="https://avatars2.githubusercontent.com/u/2809241?v=4" width="110px;"/><br /><sub>Robin Temme</sub>](https://github.com/zwerch)<br />[💻](https://github.com/snipe/snipe-it/commits?author=zwerch "Code") | [<img src="https://avatars0.githubusercontent.com/u/6961695?v=4" width="110px;"/><br /><sub>Iman</sub>](https://github.com/imanghafoori1)<br />[💻](https://github.com/snipe/snipe-it/commits?author=imanghafoori1 "Code") | [<img src="https://avatars1.githubusercontent.com/u/6551003?v=4" width="110px;"/><br /><sub>Richard Hofman</sub>](https://github.com/richardhofman6)<br />[💻](https://github.com/snipe/snipe-it/commits?author=richardhofman6 "Code") | [<img src="https://avatars0.githubusercontent.com/u/3697569?v=4" width="110px;"/><br /><sub>gizzmojr</sub>](https://github.com/gizzmojr)<br />[💻](https://github.com/snipe/snipe-it/commits?author=gizzmojr "Code") |
 <!-- ALL-CONTRIBUTORS-LIST:END -->

 This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind welcome!
@@ -76,7 +76,7 @@ This project follows the [all-contributors](https://github.com/kentcdodds/all-co

 ### Contributing

-Please see the documentation on [contributing and developing for Snipe-IT](https://snipe-it.readme.io/docs/contributing).
+Please see the documentation on [contributing and developing for Snipe-IT](https://snipe-it.readme.io/docs/contributing-overview).


 Please note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.
@@ -78,12 +78,7 @@ class ObjectImportCommand extends Command

        $logFile = $this->option('logfile');
        \Log::useFiles($logFile);
-        if ($this->option('testrun')) {
-            $this->comment('====== TEST ONLY Item Import for '.$filename.' ====');
-            $this->comment('============== NO DATA WILL BE WRITTEN ==============');
-        } else {
-            $this->comment('======= Importing Items from '.$filename.' =========');
-        }
+        $this->comment('======= Importing Items from '.$filename.' =========');
        $importer->import();

        $this->bar = null;
@@ -274,7 +274,7 @@ class AccessoriesController extends Controller
        $data['note'] = $logaction->note;
        $data['require_acceptance'] = $accessory->requireAcceptance();
        // TODO: Port this to new mail notifications
-        if (($accessory->requireAcceptance()=='1')  || ($accessory->getEula())) {
+        if ((($accessory->requireAcceptance()=='1')  || ($accessory->getEula())) && ($user->email!='')) {

            Mail::send('emails.accept-accessory', $data, function ($m) use ($user) {
                $m->to($user->email, $user->first_name . ' ' . $user->last_name);
@@ -351,7 +351,7 @@ class AccessoriesController extends Controller
            $data['item_tag'] = '';
            $data['note'] = e($logaction->note);

-            if (($accessory->checkin_email()=='1')) {
+            if ((($accessory->checkin_email()=='1')) && ($user->email!='')) {

                Mail::send('emails.checkin-asset', $data, function ($m) use ($user) {
                    $m->to($user->email, $user->first_name . ' ' . $user->last_name);
@@ -129,9 +129,8 @@ class AccessoriesController extends Controller
    {
        $this->authorize('view', Accessory::class);
        $accessory = Accessory::findOrFail($id)->with('users')->first();
-        $accessories_users = $accessory->users;
-        $total = $accessories_users->count();
-        return (new AccessoriesTransformer)->transformCheckedoutAccessories($accessories_users, $total);
+        $total = $accessory->users->count();
+        return (new AccessoriesTransformer)->transformCheckedoutAccessory($accessory, $total);
    }


@@ -73,7 +73,7 @@ class GroupsController extends Controller
    {
        $this->authorize('view', Group::class);
        $group = Group::findOrFail($id);
-        return $group;
+        return (new GroupsTransformer)->transformGroup($group);
    }


@@ -13,6 +13,7 @@ use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\Session;
 use League\Csv\Reader;
 use Symfony\Component\HttpFoundation\File\Exception\FileException;
+use Artisan;

 class ImportController extends Controller
 {
@@ -94,6 +95,8 @@ class ImportController extends Controller
    public function process(ItemImportRequest $request, $import_id)
    {
        $this->authorize('create', Asset::class);
+        // Run a backup immediately before processing
+        Artisan::call('backup:run');
        $errors = $request->import(Import::find($import_id));
        $redirectTo = "hardware.index";
        switch ($request->get('import-type')) {
@@ -23,7 +23,7 @@ class LocationsController extends Controller
        $allowed_columns = ['id','name','address','address2','city','state','country','zip','created_at',
        'updated_at','parent_id', 'manager_id'];

-        $locations = Location::select([
+        $locations = Location::with('parent', 'manager', 'childLocations')->select([
            'locations.id',
            'locations.name',
            'locations.address',
@@ -37,7 +37,10 @@ class LocationsController extends Controller
            'locations.created_at',
            'locations.updated_at',
            'locations.currency'
-        ])->withCount('assets')->withCount('users');
+        ])->withCount('locationAssets')
+        ->withCount('assignedAssets')
+        ->withCount('assets')
+        ->withCount('users');

        if ($request->has('search')) {
            $locations = $locations->TextSearch($request->input('search'));
@@ -52,7 +55,6 @@ class LocationsController extends Controller
        $total = $locations->count();
        $locations = $locations->skip($offset)->take($limit)->get();
        return (new LocationsTransformer)->transformLocations($locations, $total);
-
    }


@@ -74,7 +76,6 @@ class LocationsController extends Controller
            return response()->json(Helper::formatStandardApiResponse('success', (new LocationsTransformer)->transformLocation($location), trans('admin/locations/message.create.success')));
        }
        return response()->json(Helper::formatStandardApiResponse('error', null, $location->getErrors()));
-
    }

    /**
@@ -109,7 +110,13 @@ class LocationsController extends Controller
        $location->fill($request->all());

        if ($location->save()) {
-            return response()->json(Helper::formatStandardApiResponse('success',  (new LocationsTransformer)->transformLocation($location), trans('admin/locations/message.update.success')));
+            return response()->json(
+                Helper::formatStandardApiResponse(
+                    'success',
+                    (new LocationsTransformer)->transformLocation($location),
+                    trans('admin/locations/message.update.success')
+                )
+            );
        }

        return response()->json(Helper::formatStandardApiResponse('error', null, $location->getErrors()));
@@ -129,7 +136,6 @@ class LocationsController extends Controller
        $location = Location::findOrFail($id);
        $this->authorize('delete', $location);
        $location->delete();
-        return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/locations/message.delete.success')));
-
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/locations/message.delete.success')));
    }
 }
@@ -82,7 +82,7 @@ class AssetModelsController extends Controller
        $model->manufacturer_id     = $request->input('manufacturer_id');
        $model->category_id         = $request->input('category_id');
        $model->notes               = $request->input('notes');
-        $model->user_id             = Auth::guard('api')->user();
+        $model->user_id             = Auth::id();
        $model->requestable         = Input::has('requestable');

        if ($request->input('custom_fieldset')!='') {
@@ -75,7 +75,7 @@ class AssetsController extends Controller
        } else {
            $company = null;
        }
-        return view('hardware/index')->with('company',$company);
+        return view('hardware/index')->with('company', $company);
    }

    /**
@@ -94,7 +94,6 @@ class AssetsController extends Controller
        }
        $this->authorize('view', $asset);
        return redirect()->route('hardware.show', $asset->id)->with('topsearch', $topsearch);
-
    }

    /**
@@ -126,9 +125,7 @@ class AssetsController extends Controller
        if ($request->has('model_id')) {
            $selected_model = AssetModel::find($request->input('model_id'));
            $view->with('selected_model', $selected_model);
-        } else {
        }
-
        return $view;
    }

@@ -168,7 +165,6 @@ class AssetsController extends Controller

        // Create the image (if one was chosen.)
        if (Input::has('image')) {
-
            $image = Input::get('image');

            // After modification, the image is prefixed by mime info like the following:
@@ -201,7 +197,6 @@ class AssetsController extends Controller
                    ->put('default', $messageBag));
                return response()->json(['image' => $e->getMessage()], 422);
            }
-
        }


@@ -211,31 +206,26 @@ class AssetsController extends Controller
        // Need to investigate and fix. Using static method for now.
        $model = AssetModel::find($request->get('model_id'));

-
-
        if ($model->fieldset) {
            foreach ($model->fieldset->fields as $field) {
-
                if ($field->field_encrypted=='1') {
                    if (Gate::allows('admin')) {
                        $asset->{$field->convertUnicodeDbSlug()} = \Crypt::encrypt($request->input($field->convertUnicodeDbSlug()));
                    }
-
                } else {
                    $asset->{$field->convertUnicodeDbSlug()} = $request->input($field->convertUnicodeDbSlug());
                }
-
            }
        }

            // Was the asset created?
        if ($asset->save()) {
            $asset->logCreate();
-            if(request('assigned_user')) {
+            if (request('assigned_user')) {
                $target = User::find(request('assigned_user'));
-            } elseif(request('assigned_asset')) {
+            } elseif (request('assigned_asset')) {
                $target = Asset::find(request('assigned_asset'));
-            } elseif(request('assigned_location')) {
+            } elseif (request('assigned_location')) {
                $target = Location::find(request('assigned_location'));
            }
            if (isset($target)) {
@@ -268,15 +258,15 @@ class AssetsController extends Controller
        $this->authorize($item);

        return view('hardware/edit', compact('item'))
-        ->with('model_list', Helper::modelList())
-        ->with('supplier_list', Helper::suppliersList())
-        ->with('company_list', Helper::companyList())
-        ->with('locations_list', Helper::locationsList())
-        ->with('statuslabel_list', Helper::statusLabelList())
-        ->with('assigned_to', Helper::usersList())
-        ->with('manufacturer', Helper::manufacturerList())
-        ->with('statuslabel_types', Helper::statusTypeList())
-        ->with('category', Helper::categoryList('asset'));
+            ->with('model_list', Helper::modelList())
+            ->with('supplier_list', Helper::suppliersList())
+            ->with('company_list', Helper::companyList())
+            ->with('locations_list', Helper::locationsList())
+            ->with('statuslabel_list', Helper::statusLabelList())
+            ->with('assigned_to', Helper::usersList())
+            ->with('manufacturer', Helper::manufacturerList())
+            ->with('statuslabel_types', Helper::statusTypeList())
+            ->with('category', Helper::categoryList('asset'));
    }


@@ -291,7 +281,6 @@ class AssetsController extends Controller

    public function update(AssetRequest $request, $assetId = null)
    {
-
        // Check if the asset exists
        if (!$asset = Asset::find($assetId)) {
            // Redirect to the asset management page with error
@@ -369,7 +358,6 @@ class AssetsController extends Controller
                    if (Gate::allows('admin')) {
                        $asset->{$field->convertUnicodeDbSlug()} = \Crypt::encrypt(e($request->input($field->convertUnicodeDbSlug())));
                    }
-
                } else {
                    $asset->{$field->convertUnicodeDbSlug()} = $request->input($field->convertUnicodeDbSlug());
                }
@@ -380,12 +368,11 @@ class AssetsController extends Controller
        if ($asset->save()) {
            // Redirect to the new asset page
            \Session::flash('success', trans('admin/hardware/message.update.success'));
-            return response()->json(['redirect_url' => route("view/hardware", $assetId)]);
+            return response()->json(['redirect_url' => route("hardware.show", $assetId)]);
        }
        \Input::flash();
        \Session::flash('errors', $asset->getErrors());
        return response()->json(['errors' => $asset->getErrors()], 500);
-
    }

    /**
@@ -407,8 +394,8 @@ class AssetsController extends Controller
        $this->authorize('delete', $asset);

        DB::table('assets')
-        ->where('id', $asset->id)
-        ->update(array('assigned_to' => null));
+            ->where('id', $asset->id)
+            ->update(array('assigned_to' => null));

        $asset->delete();

@@ -447,7 +434,6 @@ class AssetsController extends Controller
            ->with('users_list', Helper::usersList())
            ->with('assets_list', Helper::assetsList())
            ->with('locations_list', Helper::locationsList());
-
    }

    /**
@@ -469,11 +455,11 @@ class AssetsController extends Controller
        }
        $this->authorize('checkout', $asset);

-        if(request('assigned_user')) {
+        if (request('assigned_user')) {
            $target = User::find(request('assigned_user'));
-        } elseif(request('assigned_asset')) {
+        } elseif (request('assigned_asset')) {
            $target = Asset::find(request('assigned_asset'));
-        } elseif(request('assigned_location')) {
+        } elseif (request('assigned_location')) {
            $target = Location::find(request('assigned_location'));
        }
        // $user = User::find(Input::get('assigned_to'));
@@ -519,7 +505,6 @@ class AssetsController extends Controller

        $this->authorize('checkin', $asset);
        return view('hardware/checkin', compact('asset'))->with('statusLabel_list', Helper::statusLabelList())->with('backto', $backto);
-
    }


@@ -544,7 +529,7 @@ class AssetsController extends Controller
        $this->authorize('checkin', $asset);

        $admin = Auth::user();
-        if($asset->assignedType() == Asset::USER) {
+        if ($asset->assignedType() == Asset::USER) {
            $user = $asset->assignedTo;
        }
        if (is_null($target = $asset->assignedTo)) {
@@ -583,7 +568,7 @@ class AssetsController extends Controller
            }

            if ($backto=='user') {
-                return redirect()->to("admin/users/".$user->id.'/view')->with('success', trans('admin/hardware/message.checkin.success'));
+                return redirect()->route("users.show", $user->id)->with('success', trans('admin/hardware/message.checkin.success'));
            }
            return redirect()->route("hardware.index")->with('success', trans('admin/hardware/message.checkin.success'));
        }
@@ -607,15 +592,16 @@ class AssetsController extends Controller
        $asset = Asset::withTrashed()->find($assetId);
        $this->authorize('view', $asset);
        $settings = Setting::getSettings();
-        $audit_log = Actionlog::where('action_type','=','audit')->where('item_id','=',$assetId)->where('item_type','=',Asset::class)->orderBy('created_at','DESC')->first();
+        $audit_log = Actionlog::where('action_type', '=', 'audit')
+            ->where('item_id', '=', $assetId)
+            ->where('item_type', '=', Asset::class)
+            ->orderBy('created_at', 'DESC')->first();


        if (isset($asset)) {
-
            if (!is_null($asset->assetloc)) {
                $use_currency = $asset->assetloc->currency;
            } else {
-
                if ($settings->default_currency!='') {
                    $use_currency = $settings->default_currency;
                } else {
@@ -629,7 +615,7 @@ class AssetsController extends Controller
            );

            return view('hardware/view', compact('asset', 'qr_code', 'settings'))
-                ->with('use_currency', $use_currency)->with('audit_log',$audit_log);
+                ->with('use_currency', $use_currency)->with('audit_log', $audit_log);
        }

        return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist', compact('id')));
@@ -652,8 +638,7 @@ class AssetsController extends Controller
            $size = Helper::barcodeDimensions($settings->barcode_type);
            $qr_file = public_path().'/uploads/barcodes/qr-'.str_slug($asset->asset_tag).'-'.str_slug($asset->id).'.png';

-            if (isset($asset->id,$asset->asset_tag)) {
-
+            if (isset($asset->id, $asset->asset_tag)) {
                if (file_exists($qr_file)) {
                    $header = ['Content-type' => 'image/png'];
                    return response()->file($qr_file, $header);
@@ -665,7 +650,6 @@ class AssetsController extends Controller
                }
            }
        }
-
    }


@@ -683,8 +667,7 @@ class AssetsController extends Controller
        $asset = Asset::find($assetId);
        $barcode_file = public_path().'/uploads/barcodes/'.str_slug($settings->alt_barcode).'-'.str_slug($asset->asset_tag).'.png';

-        if (isset($asset->id,$asset->asset_tag)) {
-
+        if (isset($asset->id, $asset->asset_tag)) {
            if (file_exists($barcode_file)) {
                $header = ['Content-type' => 'image/png'];
                return response()->file($barcode_file, $header);
@@ -695,7 +678,6 @@ class AssetsController extends Controller
                return response($barcode_obj->getPngData())->header('Content-type', 'image/png');
            }
        }
-
    }

    /**
@@ -762,7 +744,6 @@ class AssetsController extends Controller
     */
    public function postImportHistory(Request $request)
    {
-
        if (!ini_get("auto_detect_line_endings")) {
            ini_set("auto_detect_line_endings", '1');
        }
@@ -780,9 +761,7 @@ class AssetsController extends Controller


        foreach ($results as $row) {
-
            if (is_array($row)) {
-
                $row = array_change_key_case($row, CASE_LOWER);
                $asset_tag = Helper::array_smart_fetch($row, "asset tag");
                if (!array_key_exists($asset_tag, $item)) {
@@ -797,7 +776,6 @@ class AssetsController extends Controller
                $item[$asset_tag][$batch_counter]['email'] = Helper::array_smart_fetch($row, "email");

                if ($asset = Asset::where('asset_tag', '=', $asset_tag)->first()) {
-
                    $item[$asset_tag][$batch_counter]['asset_id'] = $asset->id;

                    $base_username = User::generateFormattedNameFromFullName(Setting::getSettings()->username_format, $item[$asset_tag][$batch_counter]['name']);
@@ -854,12 +832,10 @@ class AssetsController extends Controller
                        } else {
                            $status['error'][]['asset'][$asset_tag]['msg'] = 'Asset and user was matched but could not be saved.';
                        }
-
                    } else {
                        $item[$asset_tag][$batch_counter]['checkedout_to'] = null;
                        $status['error'][]['user'][Helper::array_smart_fetch($row, "name")]['msg'] = 'User does not exist so no checkin log was created.';
                    }
-
                } else {
                    $item[$asset_tag][$batch_counter]['asset_id'] = null;
                    $status['error'][]['asset'][$asset_tag]['msg'] = 'Asset does not exist so no match was attempted.';
@@ -875,7 +851,6 @@ class AssetsController extends Controller

                // Only do this if a matching user was found
                if ((array_key_exists('checkedout_to', $asset_batch[$x])) && ($asset_batch[$x]['checkedout_to']!='')) {
-
                    if (($total_in_batch > 1) && ($x < $total_in_batch) && (array_key_exists($next, $asset_batch))) {
                        $checkin_date = Carbon::parse($asset_batch[$next]['checkout_date'])->subDay(1)->format('Y-m-d H:i:s');
                        $asset_batch[$x]['real_checkin'] = $checkin_date;
@@ -982,7 +957,6 @@ class AssetsController extends Controller
            }
            $log->delete();
            return redirect()->back()->with('success', trans('admin/hardware/message.deletefile.success'));
-
        }
        // Prepare the error message
        $error = trans('admin/hardware/message.does_not_exist', compact('id'));
@@ -1049,25 +1023,19 @@ class AssetsController extends Controller


        if ($request->has('bulk_actions')) {
-
            if ($request->input('bulk_actions')=='labels') {
-
                $count = 0;
                return view('hardware/labels')
                    ->with('assets', Asset::find($asset_ids))
                    ->with('settings', Setting::getSettings())
                    ->with('count', $count)
-                    ->with('settings',
-                    Setting::getSettings()
-                );
-
+                    ->with('settings', Setting::getSettings());
            } elseif ($request->input('bulk_actions')=='delete') {
                $assets = Asset::with('assignedTo', 'assetloc')->find($asset_ids);
-                $assets->each(function($asset) {
-                    $this->authorize('delete',$asset);
+                $assets->each(function ($asset) {
+                    $this->authorize('delete', $asset);
                });
                return view('hardware/bulk-delete')->with('assets', $assets);
-
             // Bulk edit
            } elseif ($request->input('bulk_actions')=='edit') {
                return view('hardware/bulk')
@@ -1148,9 +1116,8 @@ class AssetsController extends Controller
                    }

                    DB::table('assets')
-                    ->where('id', $key)
-                    ->update($update_array);
-
+                        ->where('id', $key)
+                        ->update($update_array);
                } // endforeach
                return redirect()->to("hardware")->with('success', trans('admin/hardware/message.update.success'));
            // no values given, nothing to update
@@ -1171,8 +1138,7 @@ class AssetsController extends Controller
    public function postBulkDelete()
    {
        $this->authorize('delete', Asset::class);
-        
-        
+
        if (Input::has('ids')) {
            $assets = Asset::find(Input::get('ids'));
            foreach ($assets as $asset) {
@@ -1180,9 +1146,8 @@ class AssetsController extends Controller
                $update_array['assigned_to'] = null;

                DB::table('assets')
-                ->where('id', $asset->id)
-                ->update($update_array);
-
+                    ->where('id', $asset->id)
+                    ->update($update_array);
            } // endforeach
            return redirect()->to("hardware")->with('success', trans('admin/hardware/message.delete.success'));
            // no values given, nothing to update
@@ -1230,7 +1195,7 @@ class AssetsController extends Controller
            foreach ($asset_ids as $asset_id) {
                $asset = Asset::find($asset_id);
                $this->authorize('checkout', $asset);
-                $error = $asset->checkOutToUser($user, $admin, $checkout_at, $expected_checkin, e(Input::get('note')), null);
+                $error = $asset->checkOut($user, $admin, $checkout_at, $expected_checkin, e(Input::get('note')), null);

                if ($error) {
                    array_merge_recursive($errors, $asset->getErrors()->toArray());
@@ -1282,10 +1247,8 @@ class AssetsController extends Controller
        $asset->next_audit_date = $request->input('next_audit_date');

        if ($asset->save()) {
-            $asset->logAudit(request('note'),request('location_id'));
+            $asset->logAudit(request('note'), request('location_id'));
            return redirect()->to("hardware")->with('success', trans('admin/hardware/message.audit.success'));
        }
    }
-
-
 }
@@ -0,0 +1,15 @@
+<?php
+
+namespace App\Http\Controllers\Auth;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Foundation\Auth\ResetsPasswords;
+
+class RegisterController extends Controller
+{
+
+    public function __construct()
+    {
+        $this->middleware('guest');
+    }
+}
@@ -25,7 +25,7 @@ class ResetPasswordController extends Controller
     *
     * @var string
     */
-    protected $redirectTo = '/home';
+    protected $redirectTo = '/';

    /**
     * Create a new controller instance.
@@ -74,20 +74,20 @@ class ComponentsController extends Controller
    * @since [v3.0]
    * @return \Illuminate\Http\RedirectResponse
     */
-    public function store()
+    public function store(Request $request)
    {
        $this->authorize('create', Component::class);
        $component = new Component();
-        $component->name                   = Input::get('name');
-        $component->category_id            = Input::get('category_id');
-        $component->location_id            = Input::get('location_id');
-        $component->company_id             = Company::getIdForCurrentUser(Input::get('company_id'));
-        $component->order_number           = Input::get('order_number');
-        $component->min_amt                = Input::get('min_amt');
-        $component->serial                 = Input::get('serial');
-        $component->purchase_date       = Input::get('purchase_date');
-        $component->purchase_cost       = request('purchase_cost');
-        $component->qty                    = Input::get('qty');
+        $component->name                   = $request->input('name');
+        $component->category_id            = $request->input('category_id');
+        $component->location_id            = $request->input('location_id');
+        $component->company_id             = Company::getIdForCurrentUser($request->input('company_id'));
+        $component->order_number           = $request->input('order_number', null);
+        $component->min_amt                = $request->input('min_amt', null);
+        $component->serial                 = $request->input('serial', null);
+        $component->purchase_date          = $request->input('purchase_date', null);
+        $component->purchase_cost          = $request->input('purchase_cost', null);
+        $component->qty                    = $request->input('qty');
        $component->user_id                = Auth::id();

        if ($component->save()) {
@@ -37,19 +37,25 @@ class CustomFieldsetsController extends Controller
    public function show($id)
    {
        $cfset = CustomFieldset::with('fields')->where('id', '=', $id)->orderBy('id', 'ASC')->first();
-        $custom_fields_list = ["" => "Add New Field to Fieldset"] + CustomField::pluck("name", "id")->toArray();

-        $maxid = 0;
-        foreach ($cfset->fields() as $field) {
-            if ($field->pivot->order > $maxid) {
-                $maxid=$field->pivot->order;
-            }
-            if (isset($custom_fields_list[$field->id])) {
-                unset($custom_fields_list[$field->id]);
+        if ($cfset) {
+            $custom_fields_list = ["" => "Add New Field to Fieldset"] + CustomField::pluck("name", "id")->toArray();
+
+            $maxid = 0;
+            foreach ($cfset->fields() as $field) {
+                if ($field->pivot->order > $maxid) {
+                    $maxid=$field->pivot->order;
+                }
+                if (isset($custom_fields_list[$field->id])) {
+                    unset($custom_fields_list[$field->id]);
+                }
            }
+
+            return view("custom_fields.fieldsets.view")->with("custom_fieldset", $cfset)->with("maxid", $maxid+1)->with("custom_fields_list", $custom_fields_list);
        }

-        return view("custom_fields.fieldsets.view")->with("custom_fieldset", $cfset)->with("maxid", $maxid+1)->with("custom_fields_list", $custom_fields_list);
+        return redirect()->route("fields.index")->with("error", trans('admin/custom_fields/message.fieldset.does_not_exist'));
+
    }


@@ -133,16 +139,21 @@ class CustomFieldsetsController extends Controller
    */
    public function destroy($id)
    {
-        //
        $fieldset = CustomFieldset::find($id);

-        $models = AssetModel::where("fieldset_id", "=", $id);
-        if ($models->count() == 0) {
-            $fieldset->delete();
-            return redirect()->route("fields.show")->with("success", trans('admin/custom_fields/message.fieldset.delete.success'));
-        } else {
-            return redirect()->route("fields.show")->with("error", trans('admin/custom_fields/message.fieldset.delete.in_use'));
+        if ($fieldset) {
+            $models = AssetModel::where("fieldset_id", "=", $id);
+            if ($models->count() == 0) {
+                $fieldset->delete();
+                return redirect()->route("fields.index")->with("success", trans('admin/custom_fields/message.fieldset.delete.success'));
+            } else {
+                return redirect()->route("fields.index")->with("error", trans('admin/custom_fields/message.fieldset.delete.in_use'));
+            }
        }
+
+        return redirect()->route("fields.index")->with("error", trans('admin/custom_fields/message.fieldset.does_not_exist'));
+
+
    }


@@ -279,7 +279,7 @@ class LicensesController extends Controller

        // Declare the rules for the form validation
        $rules = [
-            'note'   => 'string',
+            'note'   => 'string|nullable',
            'asset_id'  => 'required_without:assigned_to',
        ];

@@ -306,8 +306,8 @@ class LicensesController extends Controller
                return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.asset_does_not_exist'));
            }

-            if (($target->assigned_to!='') && (($target->assigned_to!=$assigned_to)) && ($target!='')) {
-                return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.owner_doesnt_match_asset'));
+            if (($request->has('assigned_to')) && ($request->has('asset_id'))) {
+                return redirect()->back()->withInput()->with('error', trans('admin/licenses/message.select_asset_or_person'));
            }
        }

@@ -334,15 +334,14 @@ class LicensesController extends Controller
        if ($licenseSeat->save()) {
            $licenseSeat->logCheckout($request->input('note'), $target);

-            $data['license_id'] =$licenseSeat->license_id;
+            $data['license_id'] = $licenseSeat->license_id;
            $data['note'] = $request->input('note');

            // Redirect to the new asset page
            return redirect()->route("licenses.index")->with('success', trans('admin/licenses/message.checkout.success'));
        }
-
-        // Redirect to the asset management page with error
-        return redirect()->to("admin/licenses/{$asset_id}/checkout")->with('error', trans('admin/licenses/message.create.error'))->with('license', new License);
+        
+        return redirect()->route("licenses.index")->with('error', trans('admin/licenses/message.checkout.error'));
    }


@@ -358,12 +357,12 @@ class LicensesController extends Controller
    public function getCheckin($seatId = null, $backTo = null)
    {
        // Check if the asset exists
-        if (is_null($licenseseat = LicenseSeat::find($seatId))) {
+        if (is_null($licenseSeat = LicenseSeat::find($seatId))) {
            // Redirect to the asset management page with error
            return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.not_found'));
        }
-        $this->authorize('checkin', $licenseseat);
-        return view('licenses/checkin', compact('licenseseat'))->with('backto', $backTo);
+        $this->authorize('checkin', $licenseSeat);
+        return view('licenses/checkin', compact('licenseSeat'))->with('backto', $backTo);
    }


@@ -491,7 +490,7 @@ class LicensesController extends Controller
    * @param int $licenseId
    * @return \Illuminate\Http\RedirectResponse
     */
-    public function postUpload($licenseId = null)
+    public function postUpload(Request $request, $licenseId = null)
    {
        $license = License::find($licenseId);
        // the license is valid
@@ -520,13 +519,16 @@ class LicensesController extends Controller
                    //Log the upload to the log
                    $license->logUpload($filename, e($request->input('notes')));
                }
-
+                // This being called from a modal seems to confuse redirect()->back()
+                // It thinks we should go to the dashboard.  As this is only used
+                // from the modal at present, hardcode the redirect.  Longterm
+                // maybe we evaluate something else.
                if ($upload_success) {
-                    return redirect()->back()->with('success', trans('admin/licenses/message.upload.success'));
+                    return redirect()->route('licenses.show', $license->id)->with('success', trans('admin/licenses/message.upload.success'));
                }
-                return redirect()->back()->with('error', trans('admin/licenses/message.upload.error'));
+                return redirect()->route('licenses.show', $license->id)->with('error', trans('admin/licenses/message.upload.error'));
            }
-            return redirect()->back()->with('error', trans('admin/licenses/message.upload.nofiles'));
+            return redirect()->route('licenses.show', $license->id)->with('error', trans('admin/licenses/message.upload.nofiles'));
        }
        // Prepare the error message
        $error = trans('admin/licenses/message.does_not_exist', compact('id'));
@@ -338,7 +338,10 @@ class SettingsController extends Controller
        $setting->email_format = $request->input('email_format');
        $setting->username_format = $request->input('username_format');
        $setting->require_accept_signature = $request->input('require_accept_signature');
-        $setting->login_note = $request->input('login_note');
+        if (!config('app.lock_passwords')) {
+            $setting->login_note = $request->input('login_note');
+        }
+
        $setting->default_eula_text = $request->input('default_eula_text');
        $setting->thumbnail_max_h = $request->input('thumbnail_max_h');

@@ -992,6 +995,8 @@ class SettingsController extends Controller
    {
        if (!config('app.lock_passwords')) {
            if (Input::get('confirm_purge')=='DELETE') {
+                // Run a backup immediately before processing
+                Artisan::call('backup:run');
                Artisan::call('snipeit:purge', ['--force'=>'true','--no-interaction'=>true]);
                $output = Artisan::output();
                return view('settings/purge')
@@ -87,9 +87,8 @@ class SuppliersController extends Controller
                $supplier->image = $file_name;
        }

-            // Was it created?
        if ($supplier->save()) {
-          // Redirect to the new supplier  page
+          // Redirect to the nw supplier  page
            return redirect()->route('suppliers.index')->with('success', trans('admin/suppliers/message.create.success'));
        }
        return redirect()->back()->withInput()->withErrors($supplier->getErrors());
@@ -376,6 +376,11 @@ class UsersController extends Controller
                return redirect()->route('users.index')->with('error', 'This user still has ' . $user->assets()->count() . ' assets associated with them.');
            }

+            if (count($user->assets) > 0) {
+                // Redirect to the user management page
+                return redirect()->route('users.index')->with('error', 'This user still has ' . count($user->assets) . ' assets associated with them.');
+            }
+
            if ($user->licenses()->count() > 0) {
                // Redirect to the user management page
                return redirect()->route('users.index')->with('error', 'This user still has ' . $user->assets()->count() . ' assets associated with them.');
@@ -19,10 +19,13 @@ class Kernel extends HttpKernel
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\FrameGuard::class,
        \App\Http\Middleware\XssProtectHeader::class,
+        \App\Http\Middleware\ReferrerPolicyHeader::class,
+        \App\Http\Middleware\ContentSecurityPolicyHeader::class,
        \App\Http\Middleware\NosniffGuard::class,
        \App\Http\Middleware\CheckForSetup::class,
        \Fideloper\Proxy\TrustProxies::class,
        \App\Http\Middleware\CheckForDebug::class,
+        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
    ];

    /**
@@ -0,0 +1,35 @@
+<?php
+namespace App\Http\Middleware;
+
+use Closure;
+
+class ContentSecurityPolicyHeader
+{
+    /**
+     * Handle the given request and get the response.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return \Illuminate\Http\Response
+     */
+    public function handle($request, Closure $next)
+    {
+        if ((config('app.debug')=='true')  || (config('app.enable_csp')!='true')) {
+            $response = $next($request);
+            return $response;
+        }
+
+        $policy[] = "default-src 'self'";
+        $policy[] = "style-src 'self' 'unsafe-inline' oss.maxcdn.com";
+        $policy[] = "script-src 'self' 'unsafe-inline' oss.mafxcdn.com cdnjs.cloudflare.com 'nonce-".csrf_token()."'";
+        $policy[] = "connect-src 'self'";
+        $policy[] = "object-src 'none'";
+        $policy[] = "font-src 'self' data:";
+        $policy[] = "img-src 'self' data: gravatar.com";
+        $policy = join(';', $policy);
+
+        $response = $next($request);
+        $response->headers->set('Content-Security-Policy', $policy);
+        return $response;
+    }
+}
@@ -0,0 +1,21 @@
+<?php
+namespace App\Http\Middleware;
+
+use Closure;
+
+class ReferrerPolicyHeader
+{
+    /**
+     * Handle the given request and get the response.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return \Illuminate\Http\Response
+     */
+    public function handle($request, Closure $next)
+    {
+        $response = $next($request);
+        $response->headers->set('Referrer-Policy', config('app.referrer_policy'));
+        return $response;
+    }
+}
@@ -14,8 +14,9 @@ class XssProtectHeader
     */
    public function handle($request, Closure $next)
    {
+        $mode = '1;mode=block';
        $response = $next($request);
-        $response->headers->set('X-XSS-Protection', '1');
+        $response->headers->set('X-XSS-Protection', $mode);
        return $response;
    }
 }
@@ -59,13 +59,30 @@ class AccessoriesTransformer
    }


-    public function transformCheckedoutAccessories (Collection $accessories_users, $total)
+    public function transformCheckedoutAccessory (Accessory $accessory, $total)
    {

+
+        
+
        $array = array();
-        foreach ($accessories_users as $user) {
-            $array[] = (new UsersTransformer)->transformUser($user);
+        foreach ($accessory->users as $user) {
+            $array[] = [
+                'assigned_pivot_id' => $user->pivot->id,
+                'id' => (int) $user->id,
+                'username' => e($user->username),
+                'name' => e($user->getFullNameAttribute()),
+                'first_name'=> e($user->first_name),
+                'last_name'=> e($user->last_name),
+                'employee_number' =>  e($user->employee_num),
+                'type' => 'user',
+                'available_actions' => ['checkin' => true]
+            ];
+
        }
+
+
+
        return (new DatatablesTransformer)->transformDatatables($array, $total);
    }

@@ -52,7 +52,8 @@ class ActionlogsTransformer
                'type' => e($actionlog->targetType()),
            ] : null,

-            'note'          => e($actionlog->note),
+            'note'          => ($actionlog->note) ? e($actionlog->note): null,
+            'signature_file'   => ($actionlog->accept_signature) ? route('log.signature.view', ['filename' => $actionlog->accept_signature ]) : null,


        ];
@@ -33,7 +33,8 @@ class AssetsTransformer
            'model_number' => ($asset->model) ? e($asset->model->model_number) : null,
            'status_label' => ($asset->assetstatus) ? [
                'id' => (int) $asset->assetstatus->id,
-                'name'=> e($asset->assetstatus->name)
+                'name'=> e($asset->present()->statusText),
+                'status_meta' =>  e($asset->present()->statusMeta),
            ] : null,
            'category' => ($asset->model->category) ? [
                'id' => (int) $asset->model->category->id,
@@ -75,8 +76,9 @@ class AssetsTransformer
        ];


-        if ($asset->model->fieldset) {
+        if (($asset->model->fieldset) && (count($asset->model->fieldset->fields)> 0)) {
            $fields_array = array();
+
            foreach ($asset->model->fieldset->fields as $field) {

                if ($field->isFieldDecryptable($asset->{$field->convertUnicodeDbSlug()})) {
@@ -23,7 +23,7 @@ class GroupsTransformer
        $array = [
            'id' => (int) $group->id,
            'name' => e($group->name),
-            'permissions' => $group->permissions,
+            'permissions' => json_decode($group->permissions),
            'users_count' => (int) $group->users_count,
            'created_at' => Helper::getFormattedDateObject($group->created_at, 'datetime'),
            'updated_at' => Helper::getFormattedDateObject($group->updated_at, 'datetime'),
@@ -29,7 +29,6 @@ class ImportsTransformer
            'header_row' => $import->header_row,
            'first_row'  => $import->first_row,
            'field_map'  => $import->field_map,
-
        ];

        return $array;
@@ -33,8 +33,9 @@ class LicensesTransformer
            'depreciation' => ($license->depreciation) ? ['id' => (int) $license->depreciation->id,'name'=> e($license->depreciation->name)] : null,
            'notes' => e($license->notes),
            'expiration_date' => Helper::getFormattedDateObject($license->expiration_date, 'date'),
-            'total_seats' => (int) $license->total_seats,
-            'remaining_qty' => $license->remaincount(),
+            'total_seats' => (int) $license->seats,
+            'next_seat' => ($license->freeSeat()) ?  (int) $license->freeSeat()->id : null,
+            'remaining_qty' => (int) $license->remaincount(),
            'min_qty' => $license->remaincount(),
            'license_name' =>  e($license->license_name),
            'license_email' => e($license->license_email),
@@ -36,9 +36,11 @@ class LocationsTransformer
                'address' => e($location->address),
                'city' => e($location->city),
                'state' => e($location->state),
-                'assets_checkedout' => $location->assets()->count(),
-                'assets_default'    => $location->assignedassets()->count(),
                'country' => e($location->country),
+                'zip' => e($location->zip),
+                'assets_checkedout' => $location->location_assets_count,
+                'assets_default'    => $location->assigned_assets_count,
+
                'created_at' => Helper::getFormattedDateObject($location->created_at, 'datetime'),
                'updated_at' => Helper::getFormattedDateObject($location->updated_at, 'datetime'),
                'parent' => ($location->parent) ? [
@@ -179,13 +179,14 @@ class Asset extends Depreciable

    public function getDetailedNameAttribute()
    {
-        if ($this->assignedTo) {
-            $user_name = $this->assignedTo->present()->name();
+        if ($this->assignedto) {
+            $user_name = $this->assignedto->present()->name();
        } else {
            $user_name = "Unassigned";
        }
        return $this->asset_tag . ' - ' . $this->name . ' (' . $user_name . ') ' . $this->model->name;
    }
+
    public function validationRules($id = '0')
    {
        return $this->rules;
@@ -262,11 +263,12 @@ class Asset extends Depreciable
                return $this->assignedTo();
            }
            if ($this->assignedType() == self::USER) {
+                if (!$this->assignedTo) {
+                    return $this->defaultLoc();
+                }
                return $this->assignedTo->userLoc();
            }
-            if (!$this->assignedTo) {
-                return $this->defaultLoc();
-            }
+
        }
        return $this->defaultLoc();
    }
@@ -724,7 +726,8 @@ class Asset extends Depreciable


    /**
-    * Query builder scope to search on text for complex Bootstrap Tables API
+    * Query builder scope to search on text for complex Bootstrap Tables API.
+    * This is really horrible, but I can't think of a less-awful way to do it.
    *
    * @param  \Illuminate\Database\Query\Builder  $query  Query builder instance
    * @param  text                              $search      Search term
@@ -735,7 +738,16 @@ class Asset extends Depreciable
    {
        $search = explode(' OR ', $search);

-        return $query->where(function ($query) use ($search) {
+        return $query->leftJoin('users',function ($leftJoin) {
+            $leftJoin->on("users.id", "=", "assets.assigned_to")
+                ->where("assets.assigned_type", "=", User::class);
+        })->leftJoin('locations',function ($leftJoin) {
+            $leftJoin->on("locations.id","=","assets.assigned_to")
+                ->where("assets.assigned_type","=",Location::class);
+        })->leftJoin('assets as assigned_assets',function ($leftJoin) {
+            $leftJoin->on('assigned_assets.id', '=', 'assets.assigned_to')
+                ->where('assets.assigned_type', '=', Asset::class);
+        })->where(function ($query) use ($search) {
            foreach ($search as $search) {
                $query->whereHas('model', function ($query) use ($search) {
                    $query->whereHas('category', function ($query) use ($search) {
@@ -768,26 +780,15 @@ class Asset extends Depreciable
                    $query->whereHas('defaultLoc', function ($query) use ($search) {
                        $query->where('locations.name', 'LIKE', '%'.$search.'%');
                    });
-                    //FIXME: This needs attention to work with checkout to not-users.
-                // })->orWhere(function ($query) use ($search) {
-                    // $query->whereHas('assignedTo', function ($query) use ($search) {
-                    //     $query->where(function ($query) use ($search) {
-                    //         $query->where('assets.assigned_type', '=', User::class)
-                    //         ->join('users', 'users.id', '=', 'assets.assigned_to')
-                    //         ->where(function($query) use ($search) {
-                    //             $query->where('users.first_name', 'LIKE', '%'.$search.'%')
-                    //             ->orWhere('users.last_name', 'LIKE', '%'.$search.'%');
-                    //         });
-                    //     })->orWhere(function ($query) use ($search) {
-                    //         $query->where('assets.assigned_type', '=', Location::class)
-                    //         ->join('locations', 'locations.id', '=', 'assets.assigned_to')
-                    //         ->where('locations.name', 'LIKE', '%'.$search.'%');
-                    //     })->orWhere(function ($query) use ($search) {
-                    //         $query->where('assets.assigned_type', '=', Asset::class)
-                    //         ->join('assets as assigned_asset', 'assigned_assets.id', '=', 'assets.assigned_to')
-                    //         ->where('assigned_assets.name', 'LIKE', '%'.$search.'%');
-                    //     });
-                    // });
+                 })->orWhere(function ($query) use ($search) {
+
+                     $query->whereHas('assignedTo', function ($query) use ($search) {
+                         $query->where('users.first_name', 'LIKE', '%'.$search.'%')
+                         ->orWhere('users.last_name', 'LIKE', '%'.$search.'%')
+                         ->orWhere('users.username', 'LIKE', '%'.$search.'%')
+                         ->orWhere('locations.name', 'LIKE', '%'.$search.'%')
+                         ->orWhere('assigned_assets.name', 'LIKE', '%'.$search.'%');
+                     });
                })->orWhere('assets.name', 'LIKE', '%'.$search.'%')
                    ->orWhere('assets.asset_tag', 'LIKE', '%'.$search.'%')
                    ->orWhere('assets.serial', 'LIKE', '%'.$search.'%')
@@ -795,9 +796,9 @@ class Asset extends Depreciable
                    ->orWhere('assets.notes', 'LIKE', '%'.$search.'%');
            }
            foreach (CustomField::all() as $field) {
-                $query->orWhere($field->db_column_name(), 'LIKE', "%$search%");
+                $query->orWhere('assets.'.$field->db_column_name(), 'LIKE', "%$search%");
            }
-        });
+        })->withTrashed()->whereNull("assets.deleted_at"); //workaround for laravel bug
    }


@@ -53,6 +53,7 @@ class Component extends SnipeModel
        'name',
        'purchase_cost',
        'purchase_date',
+        'min_amt',
        'qty',
    ];

@@ -47,9 +47,7 @@ class CustomFieldset extends Model

            if (($field->field_encrypted!='1') ||
                  (($field->field_encrypted =='1')  && (Gate::allows('admin')) )) {
-                if ($field->pivot->required) {
-                    $rule[]="required";
-                }
+                    $rule[] = ($field->pivot->required=='1') ? "required" : "nullable";
            }

            array_push($rule, $field->attributes['format']);
@@ -31,10 +31,10 @@ class License extends Depreciable
    protected $rules = array(
        'name'   => 'required|string|min:3|max:255',
        'seats'   => 'required|min:1|max:1000000|integer',
-        'license_email'   => 'email|min:0|max:120',
-        'license_name'   => 'string|min:0|max:100',
-        'note'   => 'string',
-        'notes'   => 'string|min:0',
+        'license_email'   => 'email|nullable|max:120',
+        'license_name'   => 'string|nullable|max:100',
+        'note'   => 'string|nullable',
+        'notes'   => 'string|nullable',
        'company_id' => 'integer|nullable',
    );

@@ -332,14 +332,17 @@ class License extends Depreciable
        return $this->belongsTo('\App\Models\Supplier', 'supplier_id');
    }

+    /*
+     * Get the next available free seat - used by
+     * the API to populate next_seat
+     */
    public function freeSeat()
    {
-        $seat = LicenseSeat::where('license_id', '=', $this->id)
+        return $this->licenseseats()
                    ->whereNull('deleted_at')
                    ->whereNull('assigned_to')
                    ->whereNull('asset_id')
                    ->first();
-        return $seat->id;
    }

    public static function getExpiringLicenses($days = 60)
@@ -43,20 +43,23 @@ trait Loggable
        $log->target_type = get_class($target);
        $log->target_id = $target->id;

-        $class = get_class($target);
-        if ($class == Location::class) {
+        $target_class = get_class($target);
+
+        // Figure out what the target is
+        if ($target_class == Location::class) {
            // We can checkout to a location
            $log->location_id = $target->id;
-        } else if ($class== Asset::class) {
+        } elseif ($target_class== Asset::class) {
            $log->location_id = $target->rtd_location_id;
        } else {
            $log->location_id = $target->location_id;
        }
+
        $log->note = $note;
        $log->logaction('checkout');

        $params = [
-            'item' => $this,
+            'item' => $log->item,
            'target' => $target,
            'admin' => $log->user,
            'note' => $note,
@@ -77,6 +77,25 @@ class SnipeModel extends Model
        return;
    }

+    public function setMinAmtAttribute($value)
+    {
+        if ($value == '') {
+            $value = null;
+        }
+        $this->attributes['min_amt'] = $value;
+        return;
+    }
+
+    public function setParentIdAttribute($value)
+    {
+        if ($value == '') {
+            $value = null;
+        }
+        $this->attributes['parent_id'] = $value;
+        return;
+    }
+
+
    //
    public function getDisplayNameAttribute()
    {
@@ -21,7 +21,7 @@ class Statuslabel extends SnipeModel

    protected $rules = array(
        'name'  => 'required|string|unique_undeleted',
-        'notes'   => 'string',
+        'notes'   => 'string|nullable',
        'deployable' => 'required',
        'pending' => 'required',
        'archived' => 'required',
@@ -15,18 +15,18 @@ class Supplier extends SnipeModel

    protected $rules = array(
        'name'              => 'required|min:3|max:255|unique_undeleted',
-        'address'           => 'min:3|max:50',
-        'address2'          => 'min:2|max:50',
-        'city'              => 'min:3|max:255',
-        'state'             => 'min:0|max:32',
-        'country'           => 'min:0|max:2',
-        'fax'               => 'min:7|max:35',
-        'phone'             => 'min:7|max:35',
-        'contact'           => 'min:0|max:100',
-        'notes'             => 'min:0|max:255',
-        'email'             => 'email|min:5|max:150',
-        'zip'               => 'min:0|max:10',
-        'url'               => 'min:3|max:250',
+        'address'           => 'max:50|nullable',
+        'address2'          => 'max:50|nullable',
+        'city'              => 'max:255|nullable',
+        'state'             => 'max:32|nullable',
+        'country'           => 'max:3|nullable',
+        'fax'               => 'min:7|max:35|nullable',
+        'phone'             => 'min:7|max:35|nullable',
+        'contact'           => 'max:100|nullable',
+        'notes'             => 'max:255|nullable',
+        'email'             => 'email|max:150|nullable',
+        'zip'               => 'max:10|nullable',
+        'url'               => 'sometimes|nullable|string|max:250',
    );

    /**
@@ -41,10 +41,12 @@ class CheckinNotification extends Notification
            $notifyBy[] = 'slack';
        }
        $item = $this->params['item'];
-        if ((method_exists($item, 'requireAcceptance') && ($item->requireAcceptance()=='1'))
-            || (method_exists($item, 'getEula') && ($item->getEula()))
-        ) {
-            $notifyBy[] = 'mail';
+        if (class_basename(get_class($this->params['item']))=='Asset') {
+            if ((method_exists($item, 'requireAcceptance') && ($item->requireAcceptance() == '1'))
+                || (method_exists($item, 'getEula') && ($item->getEula()))
+            ) {
+                $notifyBy[] = 'mail';
+            }
        }
        return $notifyBy;
    }
@@ -44,7 +44,9 @@ class CheckoutNotification extends Notification
        }
        $item = $this->params['item'];

-        $notifyBy[]='mail';
+        if (class_basename(get_class($this->params['item']))=='Asset') {
+            $notifyBy[] = 'mail';
+        }
        // if ((method_exists($item, 'requireAcceptance') && ($item->requireAcceptance()=='1'))
        //     || (method_exists($item, 'getEula') && ($item->getEula()))
        // ) {
@@ -81,30 +83,31 @@ class CheckoutNotification extends Notification
     */
    public function toMail($notifiable)
    {
-        //TODO: Expand for non assets.
-        $item = $this->params['item'];
-        $admin_user = $this->params['admin'];
-        $target = $this->params['target'];
-        $data = [
-            'eula' => method_exists($item, 'getEula') ? $item->getEula() : '',
-            'first_name' => $target->present()->fullName(),
-            'item_name' => $item->present()->name(),
-            'checkout_date' => $item->last_checkout,
-            'expected_checkin' => $item->expected_checkin,
-            'item_tag' => $item->asset_tag,
-            'note' => $this->params['note'],
-            'item_serial' => $item->serial,
-            'require_acceptance' => $item->requireAcceptance(),
-            'log_id' => $this->params['log_id'],
-        ];
-        return (new MailMessage)
-                    ->view('emails.accept-asset', $data)
-                    ->subject(trans('mail.Confirm_asset_delivery'));
-            // \Mail::send('emails.accept-asset', $data, function ($m) use ($target) {
-            //     $m->to($target->email, $target->first_name . ' ' . $target->last_name);
-            //     $m->replyTo(config('mail.reply_to.address'), config('mail.reply_to.name'));
-            //     $m->subject(trans('mail.Confirm_asset_delivery'));
-            // });
+
+            //TODO: Expand for non assets.
+            $item = $this->params['item'];
+            $admin_user = $this->params['admin'];
+            $target = $this->params['target'];
+            $data = [
+                'eula' => method_exists($item, 'getEula') ? $item->getEula() : '',
+                'first_name' => $target->present()->fullName(),
+                'item_name' => $item->present()->name(),
+                'checkout_date' => $item->last_checkout,
+                'expected_checkin' => $item->expected_checkin,
+                'item_tag' => $item->asset_tag,
+                'note' => $this->params['note'],
+                'item_serial' => $item->serial,
+                'require_acceptance' => method_exists($item, 'requireAcceptance') ? $item->requireAcceptance() : '',
+                'log_id' => $this->params['log_id'],
+            ];
+
+            return (new MailMessage)
+                ->view('emails.accept-asset', $data)
+                ->subject(trans('mail.Confirm_asset_delivery'));
+
+
+
+
    }

    /**
@@ -325,6 +325,24 @@ class AssetPresenter extends Presenter
        return $interval;
    }

+    /**
+     * @return string
+     * This handles the status label "meta" status of "deployed" if
+     * it's assigned. Should maybe deprecate.
+     */
+    public function statusMeta()
+    {
+        if ($this->model->assignedTo) {
+            return strtolower(trans('general.deployed'));
+        }
+        return $this->model->assetstatus->getStatuslabelType();
+    }
+
+    /**
+     * @return string
+     * This handles the status label "meta" status of "deployed" if
+     * it's assigned. Should maybe deprecate.
+     */
    public function statusText()
    {
        if ($this->model->assignedTo) {
@@ -332,6 +350,7 @@ class AssetPresenter extends Presenter
        }
        return $this->model->assetstatus->name;
    }
+
    /**
     * Date the warantee expires.
     * @return false|string
@@ -146,6 +146,16 @@ class LicensePresenter extends Presenter
        return (string)link_to_route('licenses.show', $this->name, $this->id);
    }

+    /**
+     * Link to this licenses Name
+     * @return string
+     */
+    public function fullName()
+    {
+        return $this->name;
+    }
+
+
    /**
     * Link to this licenses serial
     * @return string
@@ -1 +1 @@
-{"version":3,"file":"css/AdminLTE.css","sources":[],"mappings":";;;;;;","sourceRoot":""}
+{"version":3,"file":"css/AdminLTE.css","sources":[],"mappings":";;;;;;A","sourceRoot":""}
@@ -1 +1 @@
-{"version":3,"file":"css/app.css","sources":[],"mappings":";;;;;;;;","sourceRoot":""}
+{"version":3,"file":"css/app.css","sources":[],"mappings":";;;;;;;;A","sourceRoot":""}
@@ -1,23 +1,12 @@
 {
-  "/build/vue.js": "/build/vue.js",
-  "/mix.js": "/mix.js",
-  "/build/app.css": "/build/app.535d8af1016a2377e449920c617f0197.css",
-  "/build/AdminLTE.css": "/build/AdminLTE.3d8a2b2e33baa060b1b324363ad5e1c2.css",
-  "/build/overrides.css": "/build/overrides.617623c6a96be3e0cbd11c5d4039ec10.css",
-  "/css/all.css": "/css/all.css",
-  "/js/all.js": "/js/all.js",
-  "/css/app.css": "/css/app.css",
-  "/css/dist/all.css": "/css/dist/all.css",
-  "/js/dist/all.js": "/js/dist/all.js",
-  "/css/AdminLTE.css": "/css/AdminLTE.css",
-  "/css/overrides.css": "/css/overrides.css",
-  "/css/skin-blue.css": "/css/skin-blue.css",
-  "/vue.js": "/vue.js",
-  "/vue.js.map": "/vue.js.map",
-  "/mix.js.map": "/mix.js.map",
-  "/css/AdminLTE.css.map": "/css/AdminLTE.css.map",
-  "/css/app.css.map": "/css/app.css.map",
-  "/css/overrides.css.map": "/css/overrides.css.map",
-  "public/css/dist/all.css": "public/css/dist/all.css",
-  "public/js/dist/all.js": "public/js/dist/all.js"
+    "/vue.js": "/vue.js",
+    "/css/AdminLTE.css": "/css/AdminLTE.css",
+    "/css/app.css": "/css/app.css",
+    "/css/overrides.css": "/css/overrides.css",
+    "/vue.js.map": "/vue.js.map",
+    "/css/AdminLTE.css.map": "/css/AdminLTE.css.map",
+    "/css/app.css.map": "/css/app.css.map",
+    "/css/overrides.css.map": "/css/overrides.css.map",
+    "/public/css/dist/all.css": "/public/css/dist/all.css",
+    "/public/js/dist/all.js": "/public/js/dist/all.js"
 }
@@ -10,12 +10,14 @@
    "barryvdh/laravel-debugbar": "^2.4",
    "doctrine/cache": "^1.6",
    "doctrine/common": "^2.7",
-    "doctrine/dbal": "v2.4.2",
+    "doctrine/dbal": "v2.5.13",
+    "doctrine/inflector": "1.1.*",
+    "doctrine/instantiator": "1.0.*",
    "erusev/parsedown": "^1.6",
    "fideloper/proxy": "^3.1",
    "intervention/image": "^2.3",
    "javiereguiluz/easyslugger": "^1.0",
-    "laravel/framework": "5.4.20",
+    "laravel/framework": "5.4.*",
    "laravel/passport": "^1.0",
    "laravel/tinker": "^1.0",
    "laravelcollective/html": "^5.3",
@@ -27,17 +29,18 @@
    "schuppo/password-strength": "~1.5",
    "spatie/laravel-backup": "^3.0.0",
    "tecnickcom/tc-lib-barcode": "^1.15",
+    "tightenco/ziggy": "^0.4.1",
    "unicodeveloper/laravel-password": "^1.0",
    "watson/validating": "^3.0",
-    "doctrine/instantiator": "1.0.5",
-    "doctrine/inflector": "1.0.*"
+    "phpspec/prophecy": "1.6.2",
+    "phpdocumentor/reflection-docblock": "3.2.2"
  },
    "require-dev": {
        "fzaninotto/faker": "~1.4",
        "phpunit/phpunit": "~5.7",
        "symfony/css-selector": "3.1.*",
        "symfony/dom-crawler": "3.1.*",
-        "codeception/codeception": "2.2.9",
+        "codeception/codeception": "2.3.6",
        "squizlabs/php_codesniffer": "*",
        "phpunit/php-token-stream": "1.4.11"

@@ -155,6 +155,39 @@ return [
    'allow_iframing' => env('ALLOW_IFRAMING', false),


+    /*
+    |--------------------------------------------------------------------------
+    | REFERRER-POLICY
+    |--------------------------------------------------------------------------
+    |
+    | This is an additional security header that browsers use to determine
+    | whether they should report back URL referrer information.
+    |
+    | Read more: https://www.w3.org/TR/referrer-policy/
+    |
+    */
+
+    'referrer_policy' => env('REFERRER_POLICY', 'strict-origin'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | CSP
+    |--------------------------------------------------------------------------
+    |
+    | Disable the content security policy that restricts what scripts, images
+    | and styles can load. (This should be left as false if you don't know
+    | what this means.)
+    |
+    | Read more: https://www.w3.org/TR/CSP/
+    | Read more: https://content-security-policy.com
+    |
+    */
+
+    'enable_csp' => env('ENABLE_CSP', false),
+
+
+
+
    /*
    |--------------------------------------------------------------------------
    | Demo Mode Lockdown
@@ -222,7 +255,7 @@ return [
        Laravel\Tinker\TinkerServiceProvider::class,
        Unicodeveloper\DumbPassword\DumbPasswordServiceProvider::class,
        Schuppo\PasswordStrength\PasswordStrengthServiceProvider::class,
-
+        Tightenco\Ziggy\ZiggyServiceProvider::class, // Laravel routes in vue

        /*
        * Application Service Providers...
@@ -65,8 +65,8 @@ return [
            'database'  => env('DB_DATABASE', 'forge'),
            'username'  => env('DB_USERNAME', 'forge'),
            'password'  => env('DB_PASSWORD', ''),
-            'charset'   => 'utf8mb4',
-            'collation' => 'utf8mb4_unicode_ci',
+            'charset'   => env('DB_CHARSET', 'utf8mb4'),
+            'collation' => env('DB_COLLATION', 'utf8mb4_unicode_ci'),
            'prefix'    => env('DB_PREFIX', null),
            'strict'    => false,
            'engine'    => null,
@@ -22,6 +22,8 @@ return [
                    base_path('public/uploads'),
                    base_path('config'),
                    base_path('storage/private_uploads'),
+                    base_path('storage/oauth-private.key'),
+                    base_path('storage/oauth-public.key'),
                ],

                /*
@@ -1,7 +1,7 @@
 <?php
 return array (
-  'app_version' => 'v4.0',
-  'build_version' => '1',
-  'hash_version' => 'g998c4a5',
-  'full_hash' => 'v4.0-1-g998c4a5',
+  'app_version' => 'v4.0.7',
+  'build_version' => '89',
+  'hash_version' => 'g7a27fda',
+  'full_hash' => 'v4.0.7-89-g7a27fda',
 );
@@ -19,12 +19,14 @@ $factory->defineAs(Actionlog::class, 'asset-checkout', function (Faker\Generator
    $company =  factory(App\Models\Company::class)->create();
    $user = factory(App\Models\User::class)->create(['company_id' => $company->id]);
    $target = factory(App\Models\User::class)->create(['company_id' => $company->id]);
-    // $item = factory(App\Models\Asset::class)->create(['company_id' => $company->id]);
+    do {
+        $item = factory(App\Models\Asset::class)->create(['company_id' => $company->id]);
+    } while (!$item->isValid());
 // dd($item);
    return [
        'user_id' => $user->id,
        'action_type' => 'checkout',
-        'item_id' => factory(App\Models\Asset::class)->create(['company_id' => $company->id])->id,
+        'item_id' => $item->id,
        'item_type'  => App\Models\Asset::class,
        'target_id' => $target->id,
        'target_type' => get_class($target),
@@ -5,13 +5,16 @@

    RewriteEngine On

-    # Uncomment these two lines to force SSL redirect
+    # Uncomment these two lines to force SSL redirect in Apache
    # RewriteCond %{HTTPS} off
    # RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

+
+
    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
-    RewriteRule ^(.*)/$ /$1 [L,R=301]
+    RewriteCond %{REQUEST_URI} (.+)/$
+    RewriteRule ^ %1 [L,R=301]

    # Handle Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
@@ -21,4 +24,11 @@
    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+
+    # Security Headers
+    # Header set Strict-Transport-Security "max-age=2592000" env=HTTPS
+    # Header set X-XSS-Protection "1; mode=block"
+    # Header set X-Content-Type-Options nosniff
+    # Header set X-Permitted-Cross-Domain-Policies "master-only"
+
 </IfModule>
@@ -1,2 +1,2 @@
 User-agent: *
-Disallow:
+Disallow: /
@@ -67,7 +67,7 @@ tr {

 <script>
    export default {
-        props: ['file'],
+        props: ['file', 'customFields'],
        data() {
            return {
                activeFile: this.file,
@@ -130,14 +130,13 @@ tr {
                        {id: 'jobtitle', text: 'Job Title' },
                        {id: 'phone_number', text: 'Phone Number' },
                    ],
-                    customFields: [],
+                    customFields: this.customFields,
                },
                columnMappings: this.file.field_map || {},
                activeColumn: null,
            }
        },
        created() {
-            this.fetchCustomFields();
            window.eventHub.$on('showDetails', this.toggleExtendedDisplay)
            this.populateSelect2ActiveItems();
        },
@@ -155,36 +154,24 @@ tr {
            }
        },
        methods: {
-            fetchCustomFields() {
-                this.$http.get('/api/v1/fields')
-                .then( ({data}) => {
-                    data = data.rows;
-                    data.forEach((item) => {
-                        this.columnOptions.customFields.push({
-                            'id': item.db_column_name,
-                            'text': item.name,
-                        })
-                    })
-                });
-            },
            postSave() {
                this.statusText = "Processing...";
-                this.$http.post('/api/v1/imports/process/'+this.file.id, {
+                this.$http.post(route('api.imports.importFile', this.file.id), {
                    'import-update': this.options.update,
                    'import-type': this.options.importType,
                    'column-mappings': this.columnMappings
-                }).then( (response) => {
+                }).then( ({body}) => {
                    // Success
                    this.statusText = "Success... Redirecting.";
-                    window.location.href = response.body.messages.redirect_url;
-                }, (response) => {
+                    window.location.href = body.messages.redirect_url;
+                }, ({body}) => {
                    // Failure
-                    if(response.body.status == 'import-errors') {
-                        window.eventHub.$emit('importErrors', response.body.messages);
+                    if(body.status == 'import-errors') {
+                        window.eventHub.$emit('importErrors', body.messages);
                        this.statusText = "Error";
                    } else {
                        this.$emit('alert', {
-                            message: response.body.messages,
+                            message: body.messages,
                            type: "danger",
                            visible: true,
                        })
@@ -30,16 +30,15 @@ th {
                    currentPercent: "0",
                    statusText: '',
                    visible: false
-                }
+                },
+                customFields: [],
            };
        },

-        /**
-         * Prepare the component (Vue 2.x).
-         */
        mounted() {
            window.eventHub.$on('importErrors', this.updateImportErrors);
            this.fetchFiles();
+            this.fetchCustomFields();
            let vm = this;
            $('#fileupload').fileupload({
                dataType: 'json',
@@ -72,7 +71,7 @@ th {

        methods: {
            fetchFiles() {
-                this.$http.get('/api/v1/imports')
+                this.$http.get(route('api.imports.index'))
                .then( ({data}) => this.files = data, // Success
                    //Fail
                (response) => {
@@ -81,8 +80,20 @@ th {
                    this.alert.message="Something went wrong fetching files...";
                });
            },
+            fetchCustomFields() {
+                this.$http.get(route('api.customfields.index'))
+                .then( ({data}) => {
+                    data = data.rows;
+                    data.forEach((item) => {
+                        this.customFields.push({
+                            'id': item.db_column_name,
+                            'text': item.name,
+                        })
+                    })
+                });
+            },
            deleteFile(file, key) {
-                this.$http.delete("/api/v1/imports/"+file.id)
+                this.$http.delete(route('api.imports.destroy', file.id))
                .then((response) => this.files.splice(key, 1), // Success, remove file from array.
                    (response) => {// Fail
                        this.alert.type="danger";
@@ -99,7 +110,7 @@ th {
            },
            updateImportErrors(errors) {
                this.importErrors = errors;
-            }
+            },
        },

        computed: {
@@ -56,6 +56,7 @@

 <script>
    export default {
+        props: ['clientsUrl', 'tokensUrl'],
        /*
         * The component's data.
         */
@@ -91,7 +92,7 @@
             * Get all of the authorized tokens for the user.
             */
            getTokens() {
-                this.$http.get('/oauth/tokens')
+                this.$http.get(this.tokensUrl)
                        .then(response => {
                            this.tokens = response.data;
                        });
@@ -101,7 +102,7 @@
             * Revoke the given token.
             */
            revoke(token) {
-                this.$http.delete('/oauth/tokens/' + token.id)
+                this.$http.delete(this.tokensUrl +'/'+ token.id)
                        .then(response => {
                            this.getTokens();
                        });
@@ -219,6 +219,7 @@
        /*
         * The component's data.
         */
+        props: ['clientsUrl'],
        data() {
            return {
                clients: [],
@@ -271,7 +272,7 @@
             * Get all of the OAuth clients for the user.
             */
            getClients() {
-                this.$http.get('/oauth/clients')
+                this.$http.get(this.clientsUrl)
                        .then(response => {
                            this.clients = response.data;
                        });
@@ -289,7 +290,7 @@
             */
            store() {
                this.persistClient(
-                    'post', '/oauth/clients',
+                    'post', this.clientsUrl,
                    this.createForm, '#modal-create-client'
                );
            },
@@ -310,7 +311,7 @@
             */
            update() {
                this.persistClient(
-                    'put', '/oauth/clients/' + this.editForm.id,
+                    'put', this.clientsUrl + '/' + this.editForm.id,
                    this.editForm, '#modal-edit-client'
                );
            },
@@ -319,8 +320,10 @@
             * Persist the client to storage using the given form.
             */
            persistClient(method, uri, form, modal) {
+                console.log('persisting');
                form.errors = [];

+                console.log('method: ' + method);
                this.$http[method](uri, form)
                    .then(response => {
                        this.getClients();
@@ -344,7 +347,7 @@
             * Destroy the given client.
             */
            destroy(client) {
-                this.$http.delete('/oauth/clients/' + client.id)
+                this.$http.delete(this.clientsUrl +'/' + client.id)
                        .then(response => {
                            this.getClients();
                        });
@@ -160,6 +160,7 @@

 <script>
    export default {
+        props: ['tokenUrl', 'scopesUrl'],
        /*
         * The component's data.
         */
@@ -209,7 +210,7 @@
             * Get all of the personal access tokens for the user.
             */
            getTokens() {
-                this.$http.get('/oauth/personal-access-tokens')
+                this.$http.get(this.tokenUrl)
                        .then(response => {
                            this.tokens = response.data;
                        });
@@ -219,7 +220,7 @@
             * Get all of the available scopes.
             */
            getScopes() {
-                this.$http.get('/oauth/scopes')
+                this.$http.get(this.scopesUrl)
                        .then(response => {
                            this.scopes = response.data;
                        });
@@ -240,7 +241,7 @@

                this.form.errors = [];

-                this.$http.post('/oauth/personal-access-tokens', this.form)
+                this.$http.post(this.tokenUrl, this.form)
                        .then(response => {
                            this.form.name = '';
                            this.form.scopes = [];
@@ -293,7 +294,7 @@
             * Revoke the given token.
             */
            revoke(token) {
-                this.$http.delete('/oauth/personal-access-tokens/' + token.id)
+                this.$http.delete(this.tokenUrl +'/'+ token.id)
                        .then(response => {
                            this.getTokens();
                        });
@@ -7,6 +7,7 @@ return array(
    'asset_does_not_exist' 	=> 'The asset you are trying to associate with this license does not exist.',
    'owner_doesnt_match_asset' => 'The asset you are trying to associate with this license is owned by somene other than the person selected in the assigned to dropdown.',
    'assoc_users'	 => 'This license is currently checked out to a user and cannot be deleted. Please check the license in first, and then try deleting again. ',
+    'select_asset_or_person' => 'You must select an asset or a user, but not both.',


    'create' => array(
@@ -20,6 +20,13 @@ return array(
        'confirm'   => 'Are you sure you wish to delete this Status Label?',
        'error'   => 'There was an issue deleting the Status Label. Please try again.',
        'success' => 'The Status Label was deleted successfully.'
-    )
+    ),
+
+    'help' => array(
+        'undeployable'   => 'These assets cannot be assigned to anyone.',
+        'deployable'   => 'These assets can be checked out. Once they are assigned, they will assume a meta status of <i class="fa fa-circle text-blue"></i> <strong>Deployed</strong>.',
+        'archived'   => 'These assets cannot be checked out, and will only show up in the Archived view. This is useful for retaining information about assets for budgeting/historic purposes but keeping them out of the day-to-day asset list.',
+        'pending'   => 'These assets can not yet be assigned to anyone, often used for items that are out for repair, but are expected to return to circulation.',
+    ),

 );
@@ -2,59 +2,76 @@

 {{-- Page title --}}
@section('title')
-     {{ trans('admin/hardware/general.checkin') }}
+     {{ trans('admin/accessories/general.checkin') }}
@parent
@stop

+@section('header_right')
+    <a href="{{ URL::previous() }}" class="btn btn-primary pull-right">
+        {{ trans('general.back') }}</a>
+@stop
+
+
 {{-- Page content --}}
@section('content')

-<div class="row header">
-    <div class="col-md-12">
-        <a href="{{ URL::previous() }}" class="btn-flat gray pull-right"><i class="fa fa-arrow-left icon-white"></i>  {{ trans('general.back') }}</a>
-        <h3> {{ trans('general.checkin') }}</h3>
-    </div>
-</div>

-<div class="row form-wrapper">
-<!-- left column -->
-<div class="col-md-10 column">

-<form class="form-horizontal" method="post" action="" autocomplete="off">
-    <!-- CSRF Token -->
-    <input type="hidden" name="_token" value="{{ csrf_token() }}" />
+    <div class="row">
+        <div class="col-md-9">
+            <form class="form-horizontal" method="post" action="" autocomplete="off">
+                <!-- CSRF Token -->
+                <input type="hidden" name="_token" value="{{ csrf_token() }}" />

-			@if ($accessory->name)
-            <!-- accessory name -->
-            <div class="form-group">
-                <label class="col-sm-2 control-label">{{ trans('admin/hardware/form.name') }}</label>
-                <div class="col-md-6">
-                  <p class="form-control-static">{{ $accessory->name }}</p>
-                </div>
-            </div>
-            @endif
+                <div class="box box-default">
+                    @if ($accessory->id)
+                        <div class="box-header with-border">
+                            <h3 class="box-title">{{ $accessory->name }}</h3>
+                        </div><!-- /.box-header -->
+                    @endif

-            <!-- Note -->
-            <div class="form-group {{ $errors->has('note') ? 'error' : '' }}">
-                <label for="note" class="col-md-2 control-label">{{ trans('admin/hardware/form.notes') }}</label>
-                <div class="col-md-7">
-                    <textarea class="col-md-6 form-control" id="note" name="note">
-                        {{ Input::old('note', $accessory->note) }}
-                    </textarea>
-                    {!! $errors->first('note', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
-                </div>
-            </div>
-            <!-- Form actions -->
-                <div class="form-group">
-                    <label class="col-md-2 control-label"></label>
-                    <div class="col-md-7">
-                        <a class="btn btn-link" href="{{ URL::previous() }}">{{ trans('button.cancel') }}</a>
-                        <button type="submit" class="btn btn-success"><i class="fa fa-check icon-white"></i>{{ trans('general.checkin') }}</button>
+                    <div class="box-body">
+
+                        <form class="form-horizontal" method="post" action="" autocomplete="off">
+                            <!-- CSRF Token -->
+                            <input type="hidden" name="_token" value="{{ csrf_token() }}" />
+
+                                    @if ($accessory->name)
+                                    <!-- accessory name -->
+                                    <div class="form-group">
+                                        <label class="col-sm-2 control-label">{{ trans('admin/hardware/form.name') }}</label>
+                                        <div class="col-md-6">
+                                          <p class="form-control-static">{{ $accessory->name }}</p>
+                                        </div>
+                                    </div>
+                                    @endif
+
+                                    <!-- Note -->
+                                    <div class="form-group {{ $errors->has('note') ? 'error' : '' }}">
+                                        <label for="note" class="col-md-2 control-label">{{ trans('admin/hardware/form.notes') }}</label>
+                                        <div class="col-md-7">
+                                            <textarea class="col-md-6 form-control" id="note" name="note">
+                                                {{ Input::old('note', $accessory->note) }}
+                                            </textarea>
+                                            {!! $errors->first('note', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
+                                        </div>
+                                    </div>
+                                    <!-- Form actions -->
+                                        <div class="form-group">
+                                            <label class="col-md-2 control-label"></label>
+                                            <div class="col-md-7">
+                                                <a class="btn btn-link" href="{{ URL::previous() }}">{{ trans('button.cancel') }}</a>
+                                                <button type="submit" class="btn btn-success"><i class="fa fa-check icon-white"></i>{{ trans('general.checkin') }}</button>
+                                            </div>
+                                        </div>
+
+                        </form>
                    </div>
-                </div>
-
-</form>
-</div> <!-- .col-md-10.column -->
-</div> <!-- .row.form-wrapper -->
-
+                        <div class="box-footer text-right">
+                            <button type="submit" class="btn btn-success"><i class="fa fa-check icon-white"></i> {{ trans('general.save') }}</button>
+                        </div>
+                </div> <!-- .box.box-default -->
+            </form>
+        </div> <!-- .col-md-9-->
+    </div> <!-- .row -->
@stop
@@ -2,7 +2,7 @@

 {{-- Page title --}}
@section('title')
-     {{ trans('admin/hardware/general.checkout') }}
+     {{ trans('admin/accessories/general.checkout') }}
@parent
@stop
@section('header_right')
@@ -57,15 +57,15 @@
            name="accessory_users"
            class="table table-striped snipe-table"
            id="table"
-            data-url="{{ route('api.accessories.show', $accessory->id) }}"
+            data-url="{{ route('api.accessories.checkedout', $accessory->id) }}"
            data-cookie="true"
            data-click-to-select="true"
            data-cookie-id-table="accessoryUsersTable"
          >
            <thead>
              <tr>
-                <th data-switchable="false" data-searchable="false" data-formatter="userLinkObjFormatter" data-sortable="false" data-field="name">{{ trans('general.user') }}</th>
-                <th data-switchable="false" data-searchable="false" data-sortable="false" data-field="actions">{{ trans('table.actions') }}</th>
+                <th data-switchable="false" data-searchable="false" data-formatter="usersLinkFormatter" data-sortable="false" data-field="name">{{ trans('general.user') }}</th>
+                <th data-switchable="false" data-searchable="false" data-sortable="false" data-field="actions" data-formatter="accessoriesInOutFormatter">{{ trans('table.actions') }}</th>
              </tr>
            </thead>
          </table>
@@ -94,7 +94,7 @@
@section('moar_scripts')

    <script src="{{ asset('js/signature_pad.min.js') }}"></script>
-    <script>
+    <script nonce="{{ csrf_token() }}">
        var wrapper = document.getElementById("signature-pad"),
                clearButton = wrapper.querySelector("[data-action=clear]"),
                saveButton = wrapper.querySelector("[data-action=save]"),
@@ -9,16 +9,19 @@
 {{-- Page content --}}
@section('content')
     @if (!config('app.lock_passwords'))
-         <passport-personal-access-tokens></passport-personal-access-tokens>
+        <passport-personal-access-tokens
+            token-url="{{ url('oauth/personal-access-tokens') }}"
+            scopes-url="{{ url('oauth/scopes') }}">
+        </passport-personal-access-tokens>
     @else
         <p class="help-block">{{ trans('general.feature_disabled') }}</p>
    @endif
@stop

@section('moar_scripts')
-<script>
+<script nonce="{{ csrf_token() }}">
    new Vue({
        el: "#app",
    });
 </script>
-@endsection
+@endsection
@@ -149,7 +149,7 @@


@section('moar_scripts')
-<script>
+<script nonce="{{ csrf_token() }}">

    $( "a[name='Request']").click(function(event) {
        // event.preventDefault();
@@ -58,7 +58,7 @@

@section('moar_scripts')
@include ('partials.bootstrap-table', ['exportFile' => 'maintenances-export', 'search' => true])
-<script>
+<script nonce="{{ csrf_token() }}">
    function maintenanceActions(value, row) {
        var actions = '<nobr>';
        if ((row) && (row.available_actions.update === true)) {
@@ -59,7 +59,7 @@
                            <button class="btn btn-lg btn-primary btn-block">{{ trans('auth/general.login')  }}</button>
                        </div>
                        <div class="col-md-12 col-sm-12 col-xs-12 text-right" style="padding-top: 10px;">
-                            <a href="{{ url('/') }}/password/reset">{{ trans('auth/general.forgot_password')  }}</a>
+                            <a href="{{ route('password.request')  }}">{{ trans('auth/general.forgot_password')  }}</a>
                        </div>
                    </div> <!-- end login box -->

@@ -134,7 +134,7 @@
@stop

@section('moar_scripts')
-<script>
+<script nonce="{{ csrf_token() }}">
    $(document).ready(function(){

        // Only display the custom format field if it's a custom format validation type
@@ -82,7 +82,7 @@
@stop

@section('moar_scripts')
-  <script>
+  <script nonce="{{ csrf_token() }}">
  var fixHelperModified = function(e, tr) {
      var $originals = tr.children();
      var $helper = tr.clone();
@@ -253,7 +253,7 @@
@endif


-<script>
+<script nonce="{{ csrf_token() }}">



@@ -4,7 +4,7 @@

 <p>{{ trans('mail.a_user_canceled') }} <a href="{{ url('/') }}"> {{ $snipeSettings->site_name }}</a>. </p>

-<p>{{ trans('mail.user') }} <a href="{{ url('/') }}/admin/users/{{ $user_id }}/view">{{ $requested_by }}</a><br>
+<p>{{ trans('mail.user') }} <a href="{{ route('users.show', $user_id) }}">{{ $requested_by }}</a><br>
   {{ trans('mail.item') }} <a href="{{ $item_url }}">{{ $item_name }}</a> ({{ $item_type }}) <br>
   {{ trans('mail.canceled') }} {{ $requested_date }}
 </p>
@@ -4,7 +4,7 @@

 <p>{{ trans('mail.a_user_requested') }} <a href="{{ url('/') }}"> {{ $snipeSettings->site_name }}</a>. </p>

-<p>{{ trans('mail.user') }} <a href="{{ url('/') }}/admin/users/{{ $user_id }}/view">{{ $requested_by }}</a><br>
+<p>{{ trans('mail.user') }} <a href="{{ route('users.show', $user_id) }}">{{ $requested_by }}</a><br>
   {{ trans('mail.item') }} <a href="{{ $item_url }}">{{ $item_name }}</a> ({{ $item_type }}) <br>
   {{ trans('mail.requested') }} {{ $requested_date }}
@if ($item_quantity > 1)
@@ -15,7 +15,7 @@
        @for($i=0; $count > $i; $i++)
            <tr>
                <td>
-                    <a href="{{ url('/') }}/admin/{{ $data[$i]['type'] }}/{{ $data[$i]['id'] }}/view">{{ $data[$i]['name'] }}</a>
+                    <a href="{{ route($data[$i]['type'].'.show', $data[$i]['id']) }}">{{ $data[$i]['name'] }}</a>
                </td>
                <td>{{ $data[$i]['type'] }}</td>
                <td>{{ $data[$i]['remaining'] }}</td>
@@ -7,7 +7,8 @@
@stop

@section('header_right')
-<a href="{{ route('groups.create') }}" class="btn btn-primary pull-right"> {{ trans('general.create') }}</a>
+<a href="{{ route('groups.create') }}" class="btn btn-primary pull-right" style="margin-left: 10px;"> {{ trans('general.create') }}</a>
+<a href="{{ route('settings.index') }}" class="btn btn-default pull-right">{{ trans('general.back') }}</a>
@stop


@@ -32,7 +33,7 @@
               <th data-switchable="true" data-sortable="false" data-field="id" data-visible="false">{{ trans('general.id') }}</th>
               <th data-switchable="true" data-sortable="true" data-field="name" data-visible="true">{{ trans('admin/groups/table.name') }}</th>
               <th data-switchable="true" data-sortable="false" data-field="users_count" data-visible="true">{{ trans('admin/groups/table.users') }}</th>
-               <th data-switchable="true" data-sortable="true" data-field="created_at" data-visible="true" data-formatter="createdAtFormatter">{{ trans('general.created_at') }}</th>
+               <th data-switchable="true" data-sortable="true" data-field="created_at" data-visible="true" data-formatter="dateDisplayFormatter">{{ trans('general.created_at') }}</th>
               <th data-switchable="false" data-searchable="false" data-sortable="false" data-field="actions"   data-formatter="groupsActionsFormatter">{{ trans('table.actions') }}</th>
              </tr>
            </thead>
@@ -82,13 +82,14 @@
              {!! $errors->first('selected_asset', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
            </div>
          </div>
-        </form>
+
      </div> <!--./box-body-->
      <div class="box-footer">
        <a class="btn btn-link" href="{{ URL::previous() }}"> {{ trans('button.cancel') }}</a>
        <button type="submit" class="btn btn-success pull-right"><i class="fa fa-check icon-white"></i> {{ trans('general.checkout') }}</button>
      </div>
    </div>
+      </form>
  </div> <!--/.col-md-7-->

  <!-- right column -->
@@ -107,7 +108,7 @@
@stop

@section('moar_scripts')
-<script>
+<script nonce="{{ csrf_token() }}">
 $(function() {
  $('#assigned_to').on("change",function () {
    // console.warn("Model Id has changed!");
@@ -154,7 +154,7 @@
@stop

@section('moar_scripts')
-<script>
+<script nonce="{{ csrf_token() }}">
 $(function() {
  $('#assigned_user').on("change",function () {
    var userid = $('#assigned_user option:selected').val();
@@ -160,7 +160,7 @@
@stop

@section('moar_scripts')
-<script>
+<script nonce="{{ csrf_token() }}">



@@ -190,7 +190,7 @@
            @endif

        </div></div></div>
-<script>
+<script nonce="{{ csrf_token() }}">
 $(document).ready(function(){

    $('#generate-password').pGenerator({
@@ -125,7 +125,7 @@


@section('moar_scripts')
-    <script>
+    <script nonce="{{ csrf_token() }}">

        $("#audit-form").submit(function (event) {
            $('#audited-div').show();
@@ -152,7 +152,7 @@
                    } else {
                        handleAuditFail(data);
                    }
-
+                    $('input#asset_tag').val('');
                },
                error: function (data) {
                    handleAuditFail(data);
@@ -87,8 +87,8 @@
                            &nbsp; &nbsp;</span>
                        </span>
                        @endif
-                        {{ $asset->present()->statusText() }}
-                        ({{ $asset->assetstatus->getStatuslabelType() }})
+                        <a href="{{ route('statuslabels.show', $asset->assetstatus->id) }}">{{ $asset->assetstatus->name }}</a>
+                          <label class="label label-default">{{ $asset->present()->statusMeta }}</label>
                      </td>
                    </tr>
                    @endif
@@ -603,6 +603,9 @@
                  <th class="col-sm-2" data-field="item" data-formatter="polymorphicItemFormatter">{{ trans('general.item') }}</th>
                  <th class="col-sm-2" data-field="target" data-formatter="polymorphicItemFormatter">{{ trans('general.target') }}</th>
                  <th class="col-sm-2" data-field="note">{{ trans('general.notes') }}</th>
+                  @if  ($snipeSettings->require_accept_signature=='1')
+                    <th class="col-md-3" data-field="signature_file" data-formatter="imageFormatter">{{ trans('general.signature') }}</th>
+                  @endif
                </tr>
                </thead>
              </table>
@@ -700,7 +703,7 @@
@section('moar_scripts')
  @include ('partials.bootstrap-table', ['simple_view' => true])

-<script>
+<script nonce="{{ csrf_token() }}">
    $(document).delegate('*[data-toggle="lightbox"]', 'click', function(event) {
        event.preventDefault();
        $(this).ekkoLightbox();
@@ -62,7 +62,11 @@
                                    				<button class="btn btn-danger" @click="deleteFile(currentFile)"><i class="fa fa-trash icon-white"></i></button>
                                    			</td>
                                    		</tr>
-                                    			<import-file :key="currentFile.id" :file="currentFile" @alert="updateAlert(alert)">
+                                    			<import-file
+                                                    :key="currentFile.id"
+                                                    :file="currentFile"
+                                                    :custom-fields="customFields"
+                                                    @alert="updateAlert(alert)">
                                    			</import-file>
                                    	</template>
                                    </tbody>
@@ -78,7 +82,7 @@
@stop

@section('moar_scripts')
-<script>
+<script nonce="{{ csrf_token() }}">
    new Vue({
        el: '#app'
    });
@@ -10,9 +10,9 @@


    <!-- Select2 -->
-    <link rel="stylesheet" href="{{ asset('js/plugins/select2/select2.min.css') }}">
+    <link rel="stylesheet" href="{{ url(asset('js/plugins/select2/select2.min.css')) }}">

-    <link rel="stylesheet" href="{{ mix('css/dist/all.css') }}">
+    <link rel="stylesheet" href="{{ url(mix('css/dist/all.css')) }}">
    <link rel="shortcut icon" type="image/ico" href="{{ asset('favicon.ico') }}">


@@ -13,27 +13,25 @@
    <meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">

    <!-- Select2 -->
-    <link rel="stylesheet" href="{{ asset('js/plugins/select2/select2.min.css') }}">
+    <link rel="stylesheet" href="{{ url(asset('js/plugins/select2/select2.min.css')) }}">

    <!-- iCheck for checkboxes and radio inputs -->
-    <link rel="stylesheet" href="{{ asset('js/plugins/iCheck/all.css') }}">
+    <link rel="stylesheet" href="{{ url(asset('js/plugins/iCheck/all.css')) }}">

    <!-- bootstrap tables CSS -->
-    <link rel="stylesheet" href="{{ asset('css/bootstrap-table.css') }}">
+    <link rel="stylesheet" href="{{ url(asset('css/bootstrap-table.css')) }}">

-    <link rel="stylesheet" href="{{ mix('css/dist/all.css') }}">
+    <link rel="stylesheet" href="{{ url(mix('css/dist/all.css')) }}">

-    <link rel="shortcut icon" type="image/ico" href="{{ asset('favicon.ico') }}">
+    <link rel="shortcut icon" type="image/ico" href="{{ url(asset('favicon.ico')) }}">

    <meta name="csrf-token" content="{{ csrf_token() }}">

-      <script>
-          window.Laravel = { csrfToken: '{{ csrf_token() }}' };
-      </script>
+    <script nonce="{{ csrf_token() }}">
+      window.Laravel = { csrfToken: '{{ csrf_token() }}' };
+    </script>

-
-
-      <style>
+    <style nonce="{{ csrf_token() }}">
        @if ($snipeSettings)
            @if ($snipeSettings->header_color)
            .main-header .navbar, .main-header .logo {
@@ -68,28 +66,26 @@
    }
    </style>

-
-
-    <script>
+    <script nonce="{{ csrf_token() }}">
          window.snipeit = {
              settings: {
                  "per_page": {{ $snipeSettings->per_page }}
              }
          };
-      </script>
-
+    </script>
+    <!-- Add laravel route sinto javascript  Primarily useful for vue.-->
+    @routes
      <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
      <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
      <!--[if lt IE 9]>

      @if ($snipeSettings->load_remote=='1')
-
-            <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
-            <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
+            <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js" integrity="sha384-qFIkRsVO/J5orlMvxK1sgAt2FXT67og+NyFTITYzvbIP1IJavVEKZM7YWczXkwpB" crossorigin="anonymous"></script>
+            <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js" integrity="sha384-ZoaMbDF+4LeFxg6WdScQ9nnR1QC2MIRxA1O9KWEXQwns1G8UNyIEZIQidzb0T1fo" crossorigin="anonymous"></script>

       @else
-            <script src="{{ asset('js/html5shiv.js') }}"></script>
-            <script src="{{ asset('js/respond.js') }}"></script>
+            <script src="{{ url(asset('js/html5shiv.js')) }}" nonce="{{ csrf_token() }}"></script>
+            <script src="{{ url(asset('js/respond.js')) }}" nonce="{{ csrf_token() }}"></script>
       @endif
       <![endif]-->
  </head>
@@ -383,17 +379,17 @@


                  <li{!! (Request::query('status') == 'Deployed' ? ' class="active"' : '') !!}>
-                    <a href="{{ url('hardware?status=Deployed') }}"><i class="fa fa-circle-o text-blue"></i>@lang('general.deployed')
+                    <a href="{{ url('hardware?status=Deployed') }}"><i class="fa fa-circle-o text-blue"></i>All  @lang('general.deployed')
                    </a>
                  </li>
                  <li{!! (Request::query('status') == 'RTD' ? ' class="active"' : '') !!}>
                    <a href="{{ url('hardware?status=RTD') }}">
                        <i class="fa fa-circle-o text-green"></i>
-                    @lang('general.ready_to_deploy')</a>
+                        All  @lang('general.ready_to_deploy')</a>
                  </li>
-                  <li{!! (Request::query('status') == 'Pending' ? ' class="active"' : '') !!}><a href="{{ url('hardware?status=Pending') }}"><i class="fa fa-circle-o text-orange"></i>@lang('general.pending')</a></li>
-                  <li{!! (Request::query('status') == 'Undeployable' ? ' class="active"' : '') !!} ><a href="{{ url('hardware?status=Undeployable') }}"><i class="fa fa-times text-red"></i>@lang('general.undeployable')</a></li>
-                  <li{!! (Request::query('status') == 'Archived' ? ' class="active"' : '') !!}><a href="{{ url('hardware?status=Archived') }}"><i class="fa fa-times text-red"></i>@lang('admin/hardware/general.archived')</a></li>
+                  <li{!! (Request::query('status') == 'Pending' ? ' class="active"' : '') !!}><a href="{{ url('hardware?status=Pending') }}"><i class="fa fa-circle-o text-orange"></i>All  @lang('general.pending')</a></li>
+                  <li{!! (Request::query('status') == 'Undeployable' ? ' class="active"' : '') !!} ><a href="{{ url('hardware?status=Undeployable') }}"><i class="fa fa-times text-red"></i>All @lang('general.undeployable')</a></li>
+                  <li{!! (Request::query('status') == 'Archived' ? ' class="active"' : '') !!}><a href="{{ url('hardware?status=Archived') }}"><i class="fa fa-times text-red"></i>All  @lang('admin/hardware/general.archived')</a></li>
                    <li{!! (Request::query('status') == 'Requestable' ? ' class="active"' : '') !!}><a href="{{ url('hardware?status=Requestable') }}"><i class="fa fa-check text-blue"></i> @lang('admin/hardware/general.requestable')</a></li>

                  <li class="divider">&nbsp;</li>
@@ -625,11 +621,11 @@
      <footer class="main-footer hidden-print">
        <div class="pull-right hidden-xs">
          <b>Version</b> {{ config('version.app_version') }}  build {{ config('version.build_version') }} ({{ config('version.hash_version') }})
-          <a target="_blank" class="btn btn-default btn-xs" href="https://snipe-it.readme.io/docs/overview">User's Manual</a>
-          <a target="_blank" class="btn btn-default btn-xs" href="https://snipeitapp.com/support/">Report a Bug</a>
+          <a target="_blank" class="btn btn-default btn-xs" href="https://snipe-it.readme.io/docs/overview" rel="noopener">User's Manual</a>
+          <a target="_blank" class="btn btn-default btn-xs" href="https://snipeitapp.com/support/" rel="noopener">Report a Bug</a>
        </div>
-        <a target="_blank" href="https://snipeitapp.com">Snipe-IT</a> is an open source
-          project, made with <i class="fa fa-heart" style="color: #a94442; font-size: 10px"></i> by <a href="https://twitter.com/snipeyhead">@snipeyhead</a> under the <a href="https://www.gnu.org/licenses/agpl-3.0.en.html">AGPL3 license</a>.
+        <a target="_blank" href="https://snipeitapp.com" rel="noopener">Snipe-IT</a> is an open source
+          project, made with <i class="fa fa-heart" style="color: #a94442; font-size: 10px"></i> by <a href="https://twitter.com/snipeyhead" rel="noopener">@snipeyhead</a> under the <a href="https://www.gnu.org/licenses/agpl-3.0.en.html" rel="noopener">AGPL3 license</a>.
      </footer>


@@ -662,8 +658,8 @@



-    <script src="{{ mix('js/dist/all.js') }}"></script>
-    <script>
+    <script src="{{ url(mix('js/dist/all.js')) }}" nonce="{{ csrf_token() }}"></script>
+    <script nonce="{{ csrf_token() }}">
        $(function () {
            var datepicker = $.fn.datepicker.noConflict(); // return $.fn.datepicker to previously assigned value
            $.fn.bootstrapDP = datepicker;
@@ -678,14 +674,18 @@
    @section('moar_scripts')
    @show

-    <script>
+    <script nonce="{{ csrf_token() }}">
        $(function () {
            $('[data-toggle="tooltip"]').tooltip();
        })
+        $(document).on('click', '[data-toggle="lightbox"]', function(event) {
+            event.preventDefault();
+            $(this).ekkoLightbox();
+        });
    </script>

    @if ((Session::get('topsearch')=='true') || (Request::is('/')))
-    <script>
+    <script nonce="{{ csrf_token() }}">
         $("#tagSearch").focus();
    </script>
    @endif
@@ -7,13 +7,13 @@
        @show
      </title>

-        <link rel="stylesheet" href="{{ mix('css/dist/all.css') }}">
+        <link rel="stylesheet" href="{{ url(mix('css/dist/all.css')) }}">





-        <script>
+        <script nonce="{{ csrf_token() }}">
            window.snipeit = {
                settings: {
                    "per_page": 20
@@ -118,9 +118,9 @@
                  </div>
              </div>
          </div>
-          <script src="{{ asset(mix('js/dist/all.js')) }}"></script>
+          <script src="{{ url(mix('js/dist/all.js')) }}" nonce="{{ csrf_token() }}"></script>

-        <script>
+        <script nonce="{{ csrf_token() }}">
            $(function () {
                $(".select2").select2();
            });
@@ -6,28 +6,31 @@
@parent
@stop

+
@section('header_right')
-<a href="{{ URL::previous() }}" class="btn btn-primary pull-right">{{ trans('general.back') }}</a>
+    <a href="{{ URL::previous() }}" class="btn btn-primary pull-right">
+        {{ trans('general.back') }}</a>
@stop

 {{-- Page content --}}
@section('content')
-<div class="row form-wrapper">
-    <!-- left column -->
-    <div class="col-md-10 column">
+    <div class="row">
+        <!-- left column -->
+        <div class="col-md-7">
+            <form class="form-horizontal" method="post" action="{{ route('licenses.checkin.save', $licenseSeat->id) }}" autocomplete="off">
+                {{csrf_field()}}

-        @if ($backto=='user')
-        <form class="form-horizontal" method="post" action="{{ route('licenses.checkin', array('licenseeat_id'=> $licenseseat->id, 'backto'=>'user')) }}" autocomplete="off">
-        @else
-        <form class="form-horizontal" method="post" action="{{ route('licenses.checkin', $licenseseat->id) }}" autocomplete="off">
-        @endif
-        {{csrf_field()}}
+                <div class="box box-default">
+                    <div class="box-header with-border">
+                        <h3 class="box-title"> {{ $licenseSeat->license->name }}</h3>
+                    </div>
+                    <div class="box-body">

-            <!-- Asset name -->
+            <!-- license name -->
            <div class="form-group">
                <label class="col-sm-2 control-label">{{ trans('admin/hardware/form.name') }}</label>
                <div class="col-md-6">
-                    <p class="form-control-static">{{ $licenseseat->license->name }}</p>
+                    <p class="form-control-static">{{ $licenseSeat->license->name }}</p>
                </div>
            </div>

@@ -35,7 +38,7 @@
            <div class="form-group">
                <label class="col-sm-2 control-label">{{ trans('admin/hardware/form.serial') }}</label>
                <div class="col-md-6">
-                    <p class="form-control-static">{{ $licenseseat->license->serial }}</p>
+                    <p class="form-control-static">{{ $licenseSeat->license->serial }}</p>
                </div>
            </div>

@@ -43,20 +46,18 @@
            <div class="form-group {{ $errors->has('note') ? 'error' : '' }}">
                <label for="note" class="col-md-2 control-label">{{ trans('admin/hardware/form.notes') }}</label>
                <div class="col-md-7">
-                    <textarea class="col-md-6 form-control" id="note" name="note">{{ Input::old('note', $licenseseat->note) }}</textarea>
+                    <textarea class="col-md-6 form-control" id="note" name="note">{{ Input::old('note', $licenseSeat->note) }}</textarea>
                    {!! $errors->first('note', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
                </div>
            </div>
-            <!-- Form actions -->
-            <div class="form-group">
-                <label class="col-md-2 control-label"></label>
-                <div class="col-md-7">
-                    <a class="btn btn-link" href="{{ route('licenses.index') }}">{{ trans('button.cancel') }}</a>
-                    <button type="submit" class="btn btn-success"><i class="fa fa-check icon-white"></i> {{ trans('general.checkin') }}</button>
-                </div>
-            </div>
-        </form>
-    </div> <!-- .col-md-10-->
-</div>
+                        <div class="box-footer">
+                            <a class="btn btn-link" href="{{ route('licenses.index') }}">{{ trans('button.cancel') }}</a>
+                            <button type="submit" class="btn btn-success pull-right"><i class="fa fa-check icon-white"></i> {{ trans('general.checkin') }}</button>
+                        </div>
+                    </div> <!-- /.box-->
+            </form>
+        </div> <!-- /.col-md-7-->
+    </div>
+

@stop
@@ -62,7 +62,7 @@

@if (!$item->id)
@section('moar_scripts')
-<script>
+<script nonce="{{ csrf_token() }}">

    var $eventSelect = $(".parent");
    $eventSelect.on("change", function () { parent_details($eventSelect.val()); });
@@ -1,7 +1,7 @@

 <script src="/js/pGenerator.jquery.js"></script>

-<script>
+<script nonce="{{ csrf_token() }}">
    $(document).ready(function () {

        $('#genPassword').pGenerator({
@@ -13,7 +13,7 @@
 <script src="{{ asset('js/extensions/toolbar/bootstrap-table-toolbar.js') }}"></script>
@endif

-<script>
+<script nonce="{{ csrf_token() }}">
 $('.snipe-table').bootstrapTable({
        classes: 'table table-responsive table-no-bordered',
        undefinedText: '',
@@ -139,7 +139,31 @@ $('.snipe-table').bootstrapTable({
    // Use this when we're introspecting into a column object and need to link
    function genericColumnObjLinkFormatter(destination) {
        return function (value,row) {
-            if ((value) && (value.name)) {
+            if ((value) && (value.status_meta)) {
+
+                var text_color;
+                var icon_style;
+
+                switch (value.status_meta) {
+                    case 'deployed':
+                        text_color = 'blue';
+                        icon_style = 'fa-circle';
+                    break;
+                    case 'deployable':
+                        text_color = 'green';
+                        icon_style = 'fa-circle';
+                    break;
+                    case 'pending':
+                        text_color = 'orange';
+                        icon_style = 'fa-circle';
+                        break;
+                    default:
+                        text_color = 'red';
+                        icon_style = 'fa-times';
+                }
+
+                return '<a href="{{ url('/') }}/' + destination + '/' + value.id + '" data-tooltip="true" title="'+ value.status_meta + '"> <i class="fa ' + icon_style + ' text-' + text_color + '"></i> ' + value.name + '</a> ';
+            } else if ((value) && (value.name)) {
                return '<a href="{{ url('/') }}/' + destination + '/' + value.id + '"> ' + value.name + '</a>';
            }
        };
@@ -181,26 +205,34 @@ $('.snipe-table').bootstrapTable({
    function polymorphicItemFormatter(value) {

        var item_destination = '';
+        var item_icon;

        if ((value) && (value.type)) {

            if (value.type == 'asset') {
                item_destination = 'hardware';
+                item_icon = 'fa-barcode';
            } else if (value.type == 'accessory') {
                item_destination = 'accessories';
+                item_icon = 'fa-keyboard-o';
            } else if (value.type == 'component') {
                item_destination = 'components';
+                item_icon = 'fa-hdd-o';
            } else if (value.type == 'consumable') {
                item_destination = 'consumables';
+                item_icon = 'fa-tint';
            } else if (value.type == 'license') {
                item_destination = 'licenses';
+                item_icon = 'fa-floppy-o';
            } else if (value.type == 'user') {
                item_destination = 'users';
+                item_icon = 'fa-user';
            } else if (value.type == 'location') {
                item_destination = 'locations'
+                item_icon = 'fa-map-marker';
            }

-            return '<a href="{{ url('/') }}/' + item_destination +'/' + value.id + '"> ' + value.name + '</a>';
+            return '<a href="{{ url('/') }}/' + item_destination +'/' + value.id + '" data-tooltip="true" title="' + value.type + '"><i class="fa ' + item_icon + ' text-blue"></i> ' + value.name + '</a>';

        } else {
            return '';
@@ -215,15 +247,27 @@ $('.snipe-table').bootstrapTable({

            // The user is allowed to check items out, AND the item is deployable
            if ((row.available_actions.checkout == true) && (row.user_can_checkout == true) && (!row.assigned_to)) {
-                return '<a href="{{ url('/') }}/' + destination + '/' + row.id + '/checkout" class="btn btn-sm btn-primary" data-tooltip="true" title="Check this item out to a user">{{ trans('general.checkout') }}</a>';
+                // case for licenses
+                if (row.next_seat) {
+                    return '<a href="{{ url('/') }}/' + destination + '/' + row.next_seat + '/checkout" class="btn btn-sm btn-primary" data-tooltip="true" title="Check this item out to a user">{{ trans('general.checkout') }}</a>';
+                } else {
+                    return '<a href="{{ url('/') }}/' + destination + '/' + row.id + '/checkout" class="btn btn-sm btn-primary" data-tooltip="true" title="Check this item out to a user">{{ trans('general.checkout') }}</a>';
+                }
+

            // The user is allowed to check items out, but the item is not deployable
            } else if (((row.user_can_checkout == false)) && (row.available_actions.checkout == true) && (!row.assigned_to)) {
                return '<div  data-tooltip="true" title="This item has a status label that is undeployable and cannot be checked out at this time."><a class="btn btn-sm btn-primary disabled">{{ trans('general.checkout') }}</a></div>';

            // The user is allowed to check items in
-            } else if ((row.available_actions.checkin == true)  && (row.assigned_to)) {
-                return '<nobr><a href="{{ url('/') }}/' + destination + '/' + row.id + '/checkin" class="btn btn-sm btn-primary" data-tooltip="true" title="Check this item in so it is available for re-imaging, re-issue, etc.">{{ trans('general.checkin') }}</a>';
+            } else if (row.available_actions.checkin == true)  {
+                if (row.assigned_to) {
+                    return '<nobr><a href="{{ url('/') }}/' + destination + '/' + row.id + '/checkin" class="btn btn-sm btn-primary" data-tooltip="true" title="Check this item in so it is available for re-imaging, re-issue, etc.">{{ trans('general.checkin') }}</a>';
+                } else if (row.assigned_pivot_id) {
+                    return '<nobr><a href="{{ url('/') }}/' + destination + '/' + row.assigned_pivot_id + '/checkin" class="btn btn-sm btn-primary" data-tooltip="true" title="Check this item in so it is available for re-imaging, re-issue, etc.">{{ trans('general.checkin') }}</a>';
+                }
+
+            } else {

            }

@@ -352,7 +396,7 @@ $('.snipe-table').bootstrapTable({

   function imageFormatter(value, row) {
        if (value) {
-            return '<img src="' + value + '" style="max-height: {{ $snipeSettings->thumbnail_max_h }}px; width: auto;">';
+            return '<a href="' + value + '" data-toggle="lightbox" data-type="image"><img src="' + value + '" style="max-height: {{ $snipeSettings->thumbnail_max_h }}px; width: auto;" class="img-responsive"></a>';
        }
    }

@@ -41,30 +41,32 @@
              $totalCost = 0;
                ?>
              @foreach ($assetMaintenances as $assetMaintenance)
-              <tr>
-                <td>{{ is_null($assetMaintenance->asset->company) ? '' : $assetMaintenance->asset->company->name }}</td>
-                <td>{{ $assetMaintenance->asset->asset_tag }}</td>
-                <td>{{ $assetMaintenance->asset->name }}</td>
-                <td>{{ $assetMaintenance->supplier->name }}</td>
-                <td>{{ $assetMaintenance->asset_maintenance_type }}</td>
-                <td>{{ $assetMaintenance->title }}</td>
-                <td>{{ $assetMaintenance->start_date }}</td>
-                <td>{{ is_null($assetMaintenance->completion_date) ? trans('admin/asset_maintenances/message.asset_maintenance_incomplete') : $assetMaintenance->completion_date }}</td>
-                @if (is_null($assetMaintenance->asset_maintenance_time))
-                <?php
-                $assetMaintenanceTime = intval(Carbon::now()->diffInDays(Carbon::parse($assetMaintenance->start_date)));
-                ?>
-                @else
-                <?php
-                $assetMaintenanceTime = intval($assetMaintenance->asset_maintenance_time);
-                ?>
-                @endif
-                <td>{{ $assetMaintenanceTime }}</td>
-                <td>
-                  {{ $snipeSettings->default_currency }}
-                  {{ number_format($assetMaintenance->cost,2) }}
-                </td>
-              </tr>
+                  @if ($assetMaintenance->asset)
+                      <tr>
+                        <td>{{ ($assetMaintenance->asset->company) ? $assetMaintenance->asset->company->name :  '' }}</td>
+                        <td>{{ $assetMaintenance->asset->asset_tag }}</td>
+                        <td>{{ $assetMaintenance->asset->name }}</td>
+                        <td>{{ $assetMaintenance->supplier->name }}</td>
+                        <td>{{ $assetMaintenance->asset_maintenance_type }}</td>
+                        <td>{{ $assetMaintenance->title }}</td>
+                        <td>{{ $assetMaintenance->start_date }}</td>
+                        <td>{{ is_null($assetMaintenance->completion_date) ? trans('admin/asset_maintenances/message.asset_maintenance_incomplete') : $assetMaintenance->completion_date }}</td>
+                        @if (is_null($assetMaintenance->asset_maintenance_time))
+                        <?php
+                        $assetMaintenanceTime = intval(Carbon::now()->diffInDays(Carbon::parse($assetMaintenance->start_date)));
+                        ?>
+                        @else
+                        <?php
+                        $assetMaintenanceTime = intval($assetMaintenance->asset_maintenance_time);
+                        ?>
+                        @endif
+                        <td>{{ $assetMaintenanceTime }}</td>
+                        <td>
+                          {{ $snipeSettings->default_currency }}
+                          {{ number_format($assetMaintenance->cost,2) }}
+                        </td>
+                      </tr>
+                      @endif
                <?php
                $totalDays += $assetMaintenanceTime;
                $totalCost += floatval($assetMaintenance->cost);
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
snipe	6aa5d4d58c	Merge branch 'develop'	2017-10-02 15:27:33 -07:00
snipe	cd2e137fcc	Bumped version	2017-10-02 15:27:18 -07:00
snipe	0b968e1d6b	Merge branch 'develop'	2017-10-02 13:31:08 -07:00
snipe	7a27fda083	Update example env with CSP default	2017-10-02 13:29:42 -07:00
snipe	aab635154a	Default to turning CSP off until we can fix vue/CSP issues	2017-10-02 13:29:14 -07:00
snipe	e389f67629	Merge branch 'develop'	2017-10-02 13:09:17 -07:00
Geoff Young	169dc779fd	Fix box title in Label settings view (#4111 )	2017-10-02 13:00:32 -07:00
tiagom62	26423c5c02	Fix various installer issues. (#4096 ) * Various installer fixes. * CentOS 6 related fixes.	2017-10-02 12:59:53 -07:00
snipe	862543428b	Fix named route for license checkin	2017-10-02 12:58:17 -07:00
snipe	d28e882f5d	Fixed form close tag	2017-10-02 12:57:01 -07:00
snipe	e26d038589	Fixed license checkin form UI	2017-10-01 15:08:32 -07:00
snipe	afc8133acf	URL nullable validation isn’t working in Laravel 5.4?	2017-10-01 14:40:13 -07:00
snipe	abe19a6311	Merge branch 'develop' of github.com:snipe/snipe-it into develop	2017-10-01 14:33:02 -07:00
snipe	07359c76ad	Fixes #4094 - more nullables	2017-10-01 14:32:47 -07:00
Daniel Meltzer	a2453be573	Pass urls to passport vue components to make work in subdirectories. (#4090 )	2017-10-01 13:59:07 -07:00
Daniel Meltzer	c2616412c0	Add laravel routes to javascript (#4092 ) * Add laravel routes to javascript This will clean up a lot of passing of urls. Adds a route() helper and everything... This commit also moves the customfield fetching to only be fetched once and shared with each file, rather than once for each file. * Try to fix travis unit test things. * Downgrade doctrine/inflector for php5 * Attempt to occasional seeder issues on travis if the asset does not generate validatable data. * Update sql dump for functional tests. * Try to fix api tests.	2017-10-01 12:59:55 -07:00
Daniel Meltzer	23ca2d9a0b	Minor fixes (#4091 ) * Fix old urls. Still had some /admin/ urls floating around, which was causing bad redirects in some instances. Should fix #4085 * The modal seems to be confusing license upload. be more explicit in the route we redirect to. * Fix #4039. Use proper methods for location assets. This also fixes a bunch of n+1 issues in the transformer. Also: curious to know what Location::assets() does, because it doesn't do what I want it to :)	2017-10-01 12:57:04 -07:00
snipe	0bb186ad3b	Prod manifest	2017-09-29 19:43:33 -07:00
snipe	b7abd8328a	Prod asset build	2017-09-29 19:43:18 -07:00
snipe	ad2821b4ab	Merge branch 'develop'	2017-09-29 17:57:48 -07:00
snipe	7d5b08446a	Missing colon in status explanations	2017-09-29 17:52:43 -07:00
snipe	ba793355cb	Nullable crap. Again.	2017-09-29 17:50:52 -07:00
Daniel Meltzer	655ca78633	Adjust the import controller to return a url to the process path to enable processing an uploaded file without refresh. (#4080 )	2017-09-29 17:49:35 -07:00
snipe	f00dcb57cf	Merge branch 'develop'	2017-09-29 17:39:09 -07:00
snipe	1e52fb546c	Merge branch 'develop' of github.com:snipe/snipe-it into develop	2017-09-29 17:32:25 -07:00
snipe	24cad588bd	Added preceding icons in polymorphic formatter	2017-09-29 17:32:16 -07:00
Daniel Meltzer	bbffde47f7	Remove conditional related to no longer existant testrun option. (#4079 )	2017-09-29 17:31:39 -07:00
snipe	be7598b279	Fixes all assets showing as unassigned in license checkout	2017-09-29 17:14:38 -07:00
snipe	1a7e3fbb4b	Merge branch 'develop' of github.com:snipe/snipe-it into develop	2017-09-29 17:05:32 -07:00
Daniel Meltzer	e8a0c44e93	Update some composer dependencies to try to fix everything breaking in subdirectories. Attempts to fix #4052 , it seems to help here. (#4078 )	2017-09-29 17:05:20 -07:00
snipe	fe644c76c5	Better explanations of how status label metas work	2017-09-29 17:03:21 -07:00
snipe	9301c56a77	Fixes #4069 - include request handler	2017-09-29 16:17:35 -07:00
snipe	e37503c734	Fixes #4075 - this is janky and should be revisited	2017-09-29 16:09:24 -07:00
snipe	6bc3f194ec	Merge branch 'develop'	2017-09-29 15:59:40 -07:00
snipe	878bde67ac	Few more issue template tweaks	2017-09-29 15:59:04 -07:00
snipe	314d6fa4c5	Expanded issue template	2017-09-29 15:55:58 -07:00
snipe	43ff66e4d9	More UI tweaking for meta statuses	2017-09-29 15:24:33 -07:00
snipe	2ea91266c0	Init lightbox	2017-09-29 14:26:00 -07:00
snipe	a0bd9bce39	Commented out security headers - might req apache module	2017-09-29 14:00:05 -07:00
snipe	5223ec1dbb	Clearer status listing in the sidenav	2017-09-29 12:13:15 -07:00
snipe	4eda2a2f96	ahem	2017-09-29 12:03:12 -07:00
snipe	fe1975067a	Hopefully clearer status label meta info	2017-09-29 12:03:02 -07:00
snipe	b9e79c27a8	Added nonce to basic blade	2017-09-29 05:49:26 -07:00
snipe	b8ed6a53b6	For #3998 - Added nonce to all.js	2017-09-29 04:53:24 -07:00
snipe	efd71f8bfe	For #3998 - Disable CSP if debug=true To avoid all the nonce hell from debugbar	2017-09-29 04:53:09 -07:00
snipe	05a8ba9a8e	Fix weird url if license checkout fails	2017-09-29 04:37:33 -07:00
snipe	9ce2d1f560	Merge branch 'csp-middleware' into develop	2017-09-29 04:14:33 -07:00
snipe	5a1225a8bf	Merge branch 'develop'	2017-09-29 03:48:37 -07:00
snipe	c6069b905b	Bumped version	2017-09-29 03:47:50 -07:00
snipe	2e76620cf8	More specific required check	2017-09-29 03:44:23 -07:00
snipe	a4b30279ee	Fixes #4067 - Make unrequired custom fields nullable	2017-09-29 03:30:13 -07:00
snipe	db59d4b2c4	Merge branch 'develop'	2017-09-29 02:08:06 -07:00
snipe	faf3802971	Fixes #4011 - do not send email to user on license checkout	2017-09-29 02:00:49 -07:00
snipe	7fe2a1f802	Fixes #4051 - use delete method for deleting user files	2017-09-29 01:48:16 -07:00
snipe	3d57d1bd1d	Merge branch 'develop'	2017-09-29 01:30:30 -07:00
snipe	ba8bcce8eb	Hopefully fixes #4020	2017-09-29 01:21:08 -07:00
snipe	8247a73182	Merge branch 'develop'	2017-09-28 22:22:37 -07:00
snipe	aab409dec2	Fixes #4061 - bulk checkout error	2017-09-28 22:22:21 -07:00
snipe	70a9b7bf05	Merge branch 'develop'	2017-09-28 21:21:01 -07:00
snipe	d9824a0454	Bumped version	2017-09-28 21:20:37 -07:00
snipe	e759a249bd	Merge branch 'develop'	2017-09-28 21:18:39 -07:00
snipe	42c2a66946	Small UI tweaks for accessories	2017-09-28 21:18:16 -07:00
snipe	4d32f2b337	Fixes #4059 - accessories view	2017-09-28 21:18:00 -07:00
snipe	0e29744ec2	Don’t try to send an email if the user doesn’t have an email address	2017-09-28 20:57:33 -07:00
snipe	51236a2ad9	Fixes #4056 - check for assets before deleting user	2017-09-28 19:57:52 -07:00
snipe	9b6726a630	Fixes #4056 - check for assets before deleting user	2017-09-28 19:57:03 -07:00
snipe	cbdd05144a	Merge branch 'develop'	2017-09-28 19:50:34 -07:00
snipe	46d87849f4	Added content security middleware	2017-09-28 19:45:15 -07:00
snipe	507f1f196c	Added integrity hashes	2017-09-28 18:46:16 -07:00
snipe	b60febeea2	Removed space in XSS header because safari was getting angry	2017-09-28 18:45:54 -07:00
snipe	b3e0d8f675	Disallow / in robots	2017-09-28 17:47:48 -07:00
snipe	9b84a0d516	eyeroll	2017-09-28 17:34:47 -07:00
snipe	adac5ac544	Check for valid asset	2017-09-28 17:32:37 -07:00
snipe	1775995f26	Is this space necessary? Getting weird results from netsparker	2017-09-28 17:25:04 -07:00
snipe	df4700b411	Merge branch 'develop'	2017-09-28 17:17:03 -07:00
snipe	26a7701cda	Added referrer-policy header	2017-09-28 17:12:58 -07:00
snipe	a34085f1d9	Added mode=block to XSSProtect header	2017-09-28 16:28:27 -07:00
snipe	8e682c715e	Merge branch 'develop'	2017-09-28 16:07:04 -07:00
snipe	915c19ebda	Merge branch 'develop' of github.com:snipe/snipe-it into develop	2017-09-28 16:03:41 -07:00
snipe	7fded367c4	Adds rel="noopener" to footer links	2017-09-28 16:03:36 -07:00
Daniel Meltzer	0a4743210c	Pass urls to vue. Should fix subdirectory issues. (#4054 )	2017-09-28 16:03:04 -07:00
Daniel Meltzer	af19e5d976	Fix old route (#4053 ) Looks like we missed in the v4 port. Fixes the unrelated issue in #4052	2017-09-28 16:02:50 -07:00
snipe	3d7277398c	Fixes #4057 - sig file in lightbox	2017-09-28 15:13:05 -07:00
snipe	a7ad48a02a	Make fields nullable for licenses	2017-09-27 22:11:20 -07:00
snipe	469a3fc608	Merge branch 'develop'	2017-09-27 17:48:32 -07:00
snipe	0fb4ff77f4	Restoring older SnipeModel attribute setters In case needed by API - needs investigation	2017-09-27 16:39:20 -07:00
snipe	ac83dba2bb	Fixes #4034 - save login note	2017-09-27 16:35:54 -07:00
snipe	979ecf961d	Added back button to oauth page	2017-09-27 16:33:51 -07:00
snipe	13dcdf41b8	Fixes #4045 - missing back button	2017-09-27 16:32:37 -07:00
snipe	fc96fa756e	Fix redirect default on password reset	2017-09-27 16:23:21 -07:00
snipe	ea9a502152	Added empty regsitration controller When using the default Laravel auth routes, it expects a registration controller, even though we don’t have a concept of registration. This blank controller just prevents route caching from throwing errors.	2017-09-27 16:23:01 -07:00
snipe	d844734b6c	Use named login route	2017-09-27 16:22:02 -07:00
snipe	ec8a3d2e56	Fixes #4027 - proper redirect on fieldset delete	2017-09-27 16:02:29 -07:00
snipe	5410dc4255	Fixed link to contributing docs in readme	2017-09-27 15:30:20 -07:00
snipe	d1112bbc99	Fix created_at date display for groups index	2017-09-27 15:28:02 -07:00
snipe	ecf041fa10	Fixes #4043 - standardize groups API response	2017-09-27 15:18:29 -07:00
snipe	0ab9bc1db8	Added normalization midddleware, removed	2017-09-27 15:18:05 -07:00
snipe	73e788b94b	Make min_amt fillable	2017-09-27 14:50:56 -07:00
snipe	e91a537552	Use more modern Request handler	2017-09-27 14:50:48 -07:00
snipe	ef8c1abf28	Fixes #3113 and #4040	2017-09-27 14:50:17 -07:00
snipe	bd0498aa69	Fixes #4016 - signature file missing from history tab	2017-09-27 12:58:08 -07:00
snipe	ea45033588	Merge branch 'develop'	2017-09-26 16:03:09 -07:00
snipe	5e1df7049c	Make collation and charset for mysql an env variable	2017-09-26 16:02:55 -07:00
snipe	e27e1a78c3	Fix for case where a fieldset is assigned to a model, but no fields are assigned	2017-09-26 16:01:23 -07:00
snipe	d585a34a26	Prevent users from running this as root/admin user	2017-09-26 13:11:01 -07:00
snipe	4edaba648e	Tweaks to upgrade script	2017-09-26 13:05:34 -07:00
snipe	9dca7396f3	Merge branch 'develop'	2017-09-26 11:12:55 -07:00
snipe	4324242475	Bumped version	2017-09-26 11:12:36 -07:00
snipe	eca5a05335	Fix forgotten password missing route (???)	2017-09-26 11:08:47 -07:00
snipe	aa4d3c3ffb	Fix forgotten password missing route (???)	2017-09-26 11:07:47 -07:00
snipe	d442feb687	Add @gizzmojr as a contributor	2017-09-25 22:18:25 -07:00
snipe	0a88141b18	Merge branch 'develop' of github.com:snipe/snipe-it into develop	2017-09-25 22:17:38 -07:00
snipe	d5e6d82ca1	Bumped version	2017-09-25 22:17:00 -07:00
gizzmojr	f2a62857cb	Clear audit input field (#4010 )	2017-09-25 22:15:29 -07:00
snipe	b354ca817d	Bumped version	2017-09-25 22:10:06 -07:00
snipe	4b9bfc178d	One more try on #4001	2017-09-25 22:05:57 -07:00
snipe	abc2f7e789	Bumped build number	2017-09-25 21:57:16 -07:00
snipe	29cc9a0815	Tweaks to upgrade script	2017-09-25 21:50:41 -07:00
snipe	f2ee7dcabb	Fixes #4001 - license checkout not working	2017-09-25 21:40:43 -07:00
snipe	26203801f6	Fixes #4009 - zip not populating on locations listing page	2017-09-25 20:45:05 -07:00
snipe	fbe9539130	Proto upgrade script	2017-09-25 20:30:18 -07:00
snipe	43ec959385	Add @richardhofman6 as a contributor	2017-09-25 16:58:47 -07:00
snipe	9b6276f281	Bumped version	2017-09-25 16:04:23 -07:00
snipe	0715791229	Include oauth keys in backup	2017-09-25 15:45:33 -07:00
snipe	0a0661bf41	Additional fixes for #3995 in atypical blades	2017-09-25 15:41:02 -07:00
snipe	6ee939d29b	Allegedly fixes #3995 - subdirectory issues with JS/CSS	2017-09-25 15:39:18 -07:00
snipe	c3afbc0e53	Run backups before purging and importing	2017-09-25 15:00:23 -07:00
snipe	38326314ca	Merge branch 'develop'	2017-09-25 11:53:33 -07:00
snipe	865950e766	Fixes #4000 - user_id blank	2017-09-25 11:53:10 -07:00
snipe	d49b67d033	Fix for assigned user location Was breaking requestable page	2017-09-25 11:26:04 -07:00
snipe	6b63808e34	Fix for asset location null on user	2017-09-25 11:25:15 -07:00
snipe	34dfcb5add	Merge branch 'develop'	2017-09-22 17:23:38 -07:00
snipe	30019a144a	Disable login note editing on demo	2017-09-22 17:23:22 -07:00