Add @ColinMcNeil as a contributor

Add @bigtreeEdo as a contributor
Add @Godmartinz as a contributor
2020-03-04 22:38:09 -08:00 · 2020-03-04 22:37:57 -08:00 · 2020-03-04 22:37:45 -08:00 · 2020-03-04 22:37:17 -08:00 · 2020-03-04 22:19:59 -08:00 · 2020-03-04 22:15:31 -08:00
365 changed files with 8405 additions and 1676 deletions
@@ -1659,6 +1659,42 @@
      "contributions": [
        "code"
      ]
+    },
+    {
+      "login": "mskrip",
+      "name": "Marián Skrip",
+      "avatar_url": "https://avatars0.githubusercontent.com/u/17459600?v=4",
+      "profile": "https://github.com/mskrip",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Godmartinz",
+      "name": "Godfrey Martinez",
+      "avatar_url": "https://avatars2.githubusercontent.com/u/47435081?v=4",
+      "profile": "https://github.com/Godmartinz",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "bigtreeEdo",
+      "name": "bigtreeEdo",
+      "avatar_url": "https://avatars1.githubusercontent.com/u/2075128?v=4",
+      "profile": "https://github.com/bigtreeEdo",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "ColinMcNeil",
+      "name": "Colin  McNeil",
+      "avatar_url": "https://avatars0.githubusercontent.com/u/5000430?v=4",
+      "profile": "https://colinmcneil.me/",
+      "contributions": [
+        "code"
+      ]
    }
  ]
 }
@@ -7,6 +7,7 @@ APP_KEY=ChangeMe
 APP_URL=null
 APP_TIMEZONE='UTC'
 APP_LOCALE=en
+MAX_RESULTS=500

 # --------------------------------------------
 # REQUIRED: DATABASE SETTINGS
@@ -25,6 +26,7 @@ DB_COLLATION=utf8mb4_unicode_ci
 # OPTIONAL: SSL DATABASE SETTINGS
 # --------------------------------------------
 DB_SSL=false
+DB_SSL_IS_PAAS=false
 DB_SSL_KEY_PATH=null
 DB_SSL_CERT_PATH=null
 DB_SSL_CA_PATH=null
@@ -64,8 +66,11 @@ SECURE_COOKIES=false
 # --------------------------------------------
 # OPTIONAL: SECURITY HEADER SETTINGS
 # --------------------------------------------
+APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
+ALLOW_IFRAMING=false
 REFERRER_POLICY=same-origin
 ENABLE_CSP=false
+CORS_ALLOWED_ORIGINS=null

 # --------------------------------------------
 # OPTIONAL: CACHE SETTINGS
@@ -109,8 +114,8 @@ APP_LOG=single
 APP_LOG_MAX_FILES=10
 APP_LOCKED=false
 FILESYSTEM_DISK=local
-APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
-ALLOW_IFRAMING=false
 APP_CIPHER=AES-256-CBC
 GOOGLE_MAPS_API=
 BACKUP_ENV=true
+LDAP_MEM_LIM=500M
+LDAP_TIME_LIM=600
@@ -1,5 +1,5 @@
 [![Build Status](https://travis-ci.org/snipe/snipe-it.svg?branch=master)](https://travis-ci.org/snipe/snipe-it) [![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/snipe/snipe-it?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeitapp.svg?style=social)](https://twitter.com/snipeitapp)  [![Codacy Badge](https://api.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://www.codacy.com/app/snipe/snipe-it?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=snipe/snipe-it&amp;utm_campaign=Badge_Grade)
-[![All Contributors](https://img.shields.io/badge/all_contributors-181-orange.svg?style=flat-square)](#contributors) [![Open Source Helpers](https://www.codetriage.com/snipe/snipe-it/badges/users.svg)](https://www.codetriage.com/snipe/snipe-it)
+[![All Contributors](https://img.shields.io/badge/all_contributors-185-orange.svg?style=flat-square)](#contributors) [![Open Source Helpers](https://www.codetriage.com/snipe/snipe-it/badges/users.svg)](https://www.codetriage.com/snipe/snipe-it)


 ## Snipe-IT - Open Source Asset Management System
@@ -61,6 +61,8 @@ Since the release of the JSON REST API, several third-party developers have been
 - [jamf2snipe](https://github.com/ParadoxGuitarist/jamf2snipe) by [@ParadoxGuitarist](https://github.com/ParadoxGuitarist) - Python script to sync assets between a JAMFPro instance and a Snipe-IT instance
 - [Marksman](https://github.com/Scope-IT/marksman) - A Windows agent for Snipe-IT
 - [Snipe-IT plugin for Jira Service Desk (beta)](https://marketplace.atlassian.com/apps/1220379/snipe-it-for-jira-service-desk-beta?hosting=cloud&tab=overview) - for the upcoming Snipe-IT v5 only
+- [Python 3 CSV importer](https://github.com/gastamper/snipeit-csvimporter) - allows importing assets into Snipe-IT based on Item Name rather than Asset Tag.
+- [Snipe-IT Kubernetes Helm Chart](https://github.com/t3n/helm-charts/tree/master/snipeit) - For more information, [click here](https://hub.helm.sh/charts/t3n/snipeit).

 As these were created by third-parties, Snipe-IT cannot provide support for these project, and you should contact the developers directly if you need assistance. Additionally, Snipe-IT makes no guarantees as to the reliability, accuracy or maintainability of these libraries. Use at your own risk. :) 

@@ -103,7 +105,8 @@ Thanks goes to all of these wonderful people ([emoji key](https://github.com/ken
 | [<img src="https://avatars2.githubusercontent.com/u/982885?v=4" width="110px;"/><br /><sub>Martin Stub</sub>](http://martinstub.dk)<br />[🌍](#translation-stubben "Translation") | [<img src="https://avatars2.githubusercontent.com/u/28959963?v=4" width="110px;"/><br /><sub>Meyer Flavio</sub>](https://github.com/meyerf99)<br />[🌍](#translation-meyerf99 "Translation") | [<img src="https://avatars3.githubusercontent.com/u/796443?v=4" width="110px;"/><br /><sub>Micael Rodrigues</sub>](https://github.com/MicaelRodrigues)<br />[🌍](#translation-MicaelRodrigues "Translation") | [<img src="https://avatars0.githubusercontent.com/u/10481331?v=4" width="110px;"/><br /><sub>Mikael Rasmussen</sub>](http://rubixy.com/)<br />[🌍](#translation-mikaelssen "Translation") | [<img src="https://avatars1.githubusercontent.com/u/1544552?v=4" width="110px;"/><br /><sub>IxFail</sub>](https://github.com/IxFail)<br />[🌍](#translation-IxFail "Translation") | [<img src="https://avatars3.githubusercontent.com/u/18483118?v=4" width="110px;"/><br /><sub>Mohammed Fota</sub>](http://www.mohammedfota.com)<br />[🌍](#translation-MohammedFota "Translation") | [<img src="https://avatars0.githubusercontent.com/u/227080?v=4" width="110px;"/><br /><sub>Moayad Alserihi</sub>](https://github.com/omego)<br />[🌍](#translation-omego "Translation") |
 | [<img src="https://avatars0.githubusercontent.com/u/1680266?v=4" width="110px;"/><br /><sub>saymd</sub>](https://github.com/saymd)<br />[🌍](#translation-saymd "Translation") | [<img src="https://avatars0.githubusercontent.com/u/1826808?v=4" width="110px;"/><br /><sub>Patrik Larsson</sub>](https://nordsken.se)<br />[🌍](#translation-pooot "Translation") | [<img src="https://avatars1.githubusercontent.com/u/20584746?v=4" width="110px;"/><br /><sub>drcryo</sub>](https://github.com/drcryo)<br />[🌍](#translation-drcryo "Translation") | [<img src="https://avatars1.githubusercontent.com/u/19408004?v=4" width="110px;"/><br /><sub>pawel1615</sub>](https://github.com/pawel1615)<br />[🌍](#translation-pawel1615 "Translation") | [<img src="https://avatars2.githubusercontent.com/u/23340468?v=4" width="110px;"/><br /><sub>bodrovics</sub>](https://github.com/bodrovics)<br />[🌍](#translation-bodrovics "Translation") | [<img src="https://avatars0.githubusercontent.com/u/3257654?v=4" width="110px;"/><br /><sub>priatna</sub>](https://github.com/priatna)<br />[🌍](#translation-priatna "Translation") | [<img src="https://avatars1.githubusercontent.com/u/5358374?v=4" width="110px;"/><br /><sub>Fan Jiang</sub>](https://amayume.net)<br />[🌍](#translation-ProfFan "Translation") |
 | [<img src="https://avatars1.githubusercontent.com/u/22555451?v=4" width="110px;"/><br /><sub>ragnarcx</sub>](https://github.com/ragnarcx)<br />[🌍](#translation-ragnarcx "Translation") | [<img src="https://avatars2.githubusercontent.com/u/18654582?v=4" width="110px;"/><br /><sub>Rein van Haaren</sub>](http://www.reinvanhaaren.nl/)<br />[🌍](#translation-reinvanhaaren "Translation") | [<img src="https://avatars1.githubusercontent.com/u/386672?v=4" width="110px;"/><br /><sub>Teguh Dwicaksana</sub>](http://dheche.songolimo.net)<br />[🌍](#translation-dheche "Translation") | [<img src="https://avatars2.githubusercontent.com/u/2572552?v=4" width="110px;"/><br /><sub>fraccie</sub>](https://github.com/FRaccie)<br />[🌍](#translation-FRaccie "Translation") | [<img src="https://avatars0.githubusercontent.com/u/35182720?v=4" width="110px;"/><br /><sub>vinzruzell</sub>](https://github.com/vinzruzell)<br />[🌍](#translation-vinzruzell "Translation") | [<img src="https://avatars1.githubusercontent.com/u/7883603?v=4" width="110px;"/><br /><sub>Kevin Austin</sub>](http://kevinaustin.com)<br />[🌍](#translation-vipsystem "Translation") | [<img src="https://avatars3.githubusercontent.com/u/3861828?v=4" width="110px;"/><br /><sub>Wira Sandy</sub>](http://azuraweb.xyz)<br />[🌍](#translation-wira-sandy "Translation") |
-| [<img src="https://avatars2.githubusercontent.com/u/8663789?v=4" width="110px;"/><br /><sub>Илья</sub>](https://github.com/GrayHoax)<br />[🌍](#translation-GrayHoax "Translation") | [<img src="https://avatars3.githubusercontent.com/u/30119111?v=4" width="110px;"/><br /><sub>GodUseVPN</sub>](https://github.com/godusevpn)<br />[🌍](#translation-godusevpn "Translation") | [<img src="https://avatars1.githubusercontent.com/u/745576?v=4" width="110px;"/><br /><sub>周周</sub>](https://github.com/EngrZhou)<br />[🌍](#translation-EngrZhou "Translation") | [<img src="https://avatars3.githubusercontent.com/u/1631095?v=4" width="110px;"/><br /><sub>Sam</sub>](https://github.com/takuy)<br />[💻](https://github.com/snipe/snipe-it/commits?author=takuy "Code") | [<img src="https://avatars1.githubusercontent.com/u/264022?v=4" width="110px;"/><br /><sub>Azerothian</sub>](https://www.illisian.com.au)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Azerothian "Code") | [<img src="https://avatars1.githubusercontent.com/u/7632599?v=4" width="110px;"/><br /><sub>Tim Farmer</sub>](https://github.com/timothyfarmer)<br />[💻](https://github.com/snipe/snipe-it/commits?author=timothyfarmer "Code") |
+| [<img src="https://avatars2.githubusercontent.com/u/8663789?v=4" width="110px;"/><br /><sub>Илья</sub>](https://github.com/GrayHoax)<br />[🌍](#translation-GrayHoax "Translation") | [<img src="https://avatars3.githubusercontent.com/u/30119111?v=4" width="110px;"/><br /><sub>GodUseVPN</sub>](https://github.com/godusevpn)<br />[🌍](#translation-godusevpn "Translation") | [<img src="https://avatars1.githubusercontent.com/u/745576?v=4" width="110px;"/><br /><sub>周周</sub>](https://github.com/EngrZhou)<br />[🌍](#translation-EngrZhou "Translation") | [<img src="https://avatars3.githubusercontent.com/u/1631095?v=4" width="110px;"/><br /><sub>Sam</sub>](https://github.com/takuy)<br />[💻](https://github.com/snipe/snipe-it/commits?author=takuy "Code") | [<img src="https://avatars1.githubusercontent.com/u/264022?v=4" width="110px;"/><br /><sub>Azerothian</sub>](https://www.illisian.com.au)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Azerothian "Code") | [<img src="https://avatars1.githubusercontent.com/u/7632599?v=4" width="110px;"/><br /><sub>Tim Farmer</sub>](https://github.com/timothyfarmer)<br />[💻](https://github.com/snipe/snipe-it/commits?author=timothyfarmer "Code") | [<img src="https://avatars0.githubusercontent.com/u/17459600?v=4" width="110px;"/><br /><sub>Marián Skrip</sub>](https://github.com/mskrip)<br />[💻](https://github.com/snipe/snipe-it/commits?author=mskrip "Code") |
+| [<img src="https://avatars2.githubusercontent.com/u/47435081?v=4" width="110px;"/><br /><sub>Godfrey Martinez</sub>](https://github.com/Godmartinz)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Godmartinz "Code") | [<img src="https://avatars1.githubusercontent.com/u/2075128?v=4" width="110px;"/><br /><sub>bigtreeEdo</sub>](https://github.com/bigtreeEdo)<br />[💻](https://github.com/snipe/snipe-it/commits?author=bigtreeEdo "Code") | [<img src="https://avatars0.githubusercontent.com/u/5000430?v=4" width="110px;"/><br /><sub>Colin  McNeil</sub>](https://colinmcneil.me/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=ColinMcNeil "Code") |
 <!-- ALL-CONTRIBUTORS-LIST:END -->

 This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind welcome!
@@ -42,9 +42,8 @@ class LdapSync extends Command
     */
    public function handle()
    {
-        ini_set('max_execution_time', 600); //600 seconds = 10 minutes
-        ini_set('memory_limit', '500M');
-
+        ini_set('max_execution_time', env('LDAP_TIME_LIM', 600)); //600 seconds = 10 minutes
+        ini_set('memory_limit', env('LDAP_MEM_LIM', '500M'));
        $ldap_result_username = Setting::getSettings()->ldap_username_field;
        $ldap_result_last_name = Setting::getSettings()->ldap_lname_field;
        $ldap_result_first_name = Setting::getSettings()->ldap_fname_field;
@@ -189,7 +188,7 @@ class LdapSync extends Command
                // Sync activated state for Active Directory.
                if ( array_key_exists('useraccountcontrol', $results[$i]) ) {
                  $enabled_accounts = [
-                    '512', '544', '66048', '66080', '262656', '262688', '328192', '328224'
+                    '512', '544', '66048', '66080', '262656', '262688', '328192', '328224', '4260352'
                  ];
                  $user->activated = ( in_array($results[$i]['useraccountcontrol'][0], $enabled_accounts) ) ? 1 : 0;
                }
@@ -0,0 +1,135 @@
+<?php
+
+namespace App\Console\Commands;
+
+use Illuminate\Console\Command;
+use Artisan;
+use App\Models\CustomField;
+use App\Models\Asset;
+use App\Models\Setting;
+use \Illuminate\Encryption\Encrypter;
+
+class RotateAppKey extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'snipeit:rotate-key';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Command description';
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+        if ($this->confirm("\n****************************************************\nTHIS WILL MODIFY YOUR APP_KEY AND DE-CRYPT YOUR ENCRYPTED CUSTOM FIELDS AND \nRE-ENCRYPT THEM WITH A NEWLY GENERATED KEY. \n\nThere is NO undo. \n\nMake SURE you have a database backup and a backup of your .env generated BEFORE running this command. \n\nIf you do not save the newly generated APP_KEY to your .env in this process, \nyour encrypted data will no longer be decryptable. \n\nAre you SURE you wish to continue, and have confirmed you have a database backup and an .env backup? "))  {
+
+
+
+            // Get the existing app_key and ciphers
+            // We put them in a variable since we clear the cache partway through here.
+            $old_app_key = config('app.key');
+            $cipher = config('app.cipher');
+
+            // Generate a new one
+            Artisan::call('key:generate', ['--show' => true]);
+            $new_app_key = Artisan::output();
+
+            // Clear the config cache
+            Artisan::call('config:clear');
+
+            $this->warn('Your app cipher is: '.$cipher);
+            $this->warn('Your old APP_KEY is: '.$old_app_key);
+            $this->warn('Your new APP_KEY is: '.$new_app_key);
+
+            // Write the new app key to the .env file
+            $this->writeNewEnvironmentFileWith($new_app_key);
+
+            // Manually create an old encrypter instance using the old app key
+            // and also create a new encrypter instance so we can re-crypt the field
+            // using the newly generated app key
+            $oldEncrypter = new Encrypter(base64_decode(substr($old_app_key, 7)), $cipher);
+            $newEncrypter = new Encrypter(base64_decode(substr($new_app_key, 7)), $cipher);
+
+            $fields = CustomField::where('field_encrypted', '1')->get();
+
+
+            foreach ($fields as $field) {
+
+                $assets = Asset::whereNotNull($field->db_column)->get();
+
+                foreach ($assets as $asset) {
+
+                    $asset->{$field->db_column} = $oldEncrypter->decrypt($asset->{$field->db_column});
+                    $this->line('DECRYPTED: '. $field->db_column);
+                    $asset->{$field->db_column} = $newEncrypter->encrypt($asset->{$field->db_column});
+                    $this->line('ENCRYPTED: '.$field->db_column);
+                    $asset->save();
+
+                }
+
+            }
+
+            // Handle the LDAP password if one is provided
+            $setting = Setting::first();
+            if ($setting->ldap_pword!='') {
+                $setting->ldap_pword =  $oldEncrypter->decrypt($setting->ldap_pword);
+                $setting->ldap_pword =  $newEncrypter->encrypt($setting->ldap_pword);
+                $setting->save();
+                $this->warn('LDAP password has been re-encrypted.');
+            }
+
+
+        } else {
+            $this->info('This operation has been canceled. No changes have been made.');
+        }
+    }
+
+    /**
+     * Write a new environment file with the given key.
+     *
+     * @param  string  $key
+     * @return void
+     */
+    protected function writeNewEnvironmentFileWith($key)
+    {
+
+        file_put_contents($this->laravel->environmentFilePath(), preg_replace(
+            $this->keyReplacementPattern(),
+            'APP_KEY='.$key,
+            file_get_contents($this->laravel->environmentFilePath())
+        ));
+    }
+
+    /**
+     * Get a regex pattern that will match env APP_KEY with any random key.
+     *
+     * @return string
+     */
+    protected function keyReplacementPattern()
+    {
+        $escaped = preg_quote('='.$this->laravel['config']['app.key'], '/');
+        return "/^APP_KEY{$escaped}/m";
+    }
+
+}
@@ -3,40 +3,13 @@
 namespace App\Console;

 use App\Console\Commands\ImportLocations;
+use App\Console\Commands\ReEncodeCustomFieldNames;
 use App\Console\Commands\RestoreDeletedUsers;
 use Illuminate\Console\Scheduling\Schedule;
 use Illuminate\Foundation\Console\Kernel as ConsoleKernel;

 class Kernel extends ConsoleKernel
 {
-    /**
-     * The Artisan commands provided by your application.
-     *
-     * @var array
-     */
-    protected $commands = [
-        Commands\PaveIt::class,
-        Commands\CreateAdmin::class,
-        Commands\SendExpirationAlerts::class,
-        Commands\SendInventoryAlerts::class,
-        Commands\SendExpectedCheckinAlerts::class,
-        Commands\ObjectImportCommand::class,
-        Commands\Version::class,
-        Commands\SystemBackup::class,
-        Commands\DisableLDAP::class,
-        Commands\Purge::class,
-        Commands\LdapSync::class,
-        Commands\FixDoubleEscape::class,
-        Commands\RecryptFromMcrypt::class,
-        Commands\ResetDemoSettings::class,
-        Commands\SyncAssetLocations::class,
-        Commands\RegenerateAssetTags::class,
-        Commands\SyncAssetCounters::class,
-        Commands\RestoreDeletedUsers::class,
-        Commands\SendUpcomingAuditReport::class,
-        Commands\ImportLocations::class,
-        Commands\ReEncodeCustomFieldNames::class,
-    ];

    /**
     * Define the application's command schedule.
@@ -85,26 +85,7 @@ class AccessoriesController extends Controller
        $accessory->qty                     = request('qty');
        $accessory->user_id                 = Auth::user()->id;
        $accessory->supplier_id             = request('supplier_id');
-
-        if ($request->hasFile('image')) {
-
-            if (!config('app.lock_passwords')) {
-                $image = $request->file('image');
-                $ext = $image->getClientOriginalExtension();
-                $file_name = "accessory-".str_random(18).'.'.$ext;
-                $path = public_path('/uploads/accessories');
-                if ($image->getClientOriginalExtension()!='svg') {
-                    Image::make($image->getRealPath())->resize(null, 800, function ($constraint) {
-                        $constraint->aspectRatio();
-                        $constraint->upsize();
-                    })->save($path.'/'.$file_name);
-                } else {
-                    $image->move($path, $file_name);
-                }
-                $accessory->image = $file_name;
-            }
-        }
-
+        $accessory = $request->handleImages($accessory,600, public_path().'/uploads/accessories');


        // Was the accessory created?
@@ -165,28 +146,7 @@ class AccessoriesController extends Controller
        $accessory->qty                     = request('qty');
        $accessory->supplier_id             = request('supplier_id');

-        if ($request->hasFile('image')) {
-
-            if (!config('app.lock_passwords')) {
-                $image = $request->file('image');
-                $ext = $image->getClientOriginalExtension();
-                $file_name = "accessory-".str_random(18).'.'.$ext;
-                $path = public_path('/uploads/accessories');
-                if ($image->getClientOriginalExtension()!='svg') {
-                    Image::make($image->getRealPath())->resize(null, 800, function ($constraint) {
-                        $constraint->aspectRatio();
-                        $constraint->upsize();
-                    })->save($path.'/'.$file_name);
-                } else {
-                    $image->move($path, $file_name);
-                }
-                if (($accessory->image) && (file_exists($path.'/'.$accessory->image))) {
-                    unlink($path.'/'.$accessory->image);
-                }
-
-                $accessory->image = $file_name;
-            }
-        }
+        $accessory = $request->handleImages($accessory,600, public_path().'/uploads/accessories');


        // Was the accessory updated?
@@ -8,7 +8,10 @@ use App\Helpers\Helper;
 use App\Models\Accessory;
 use App\Http\Transformers\AccessoriesTransformer;
 use App\Models\Company;
-
+use App\Models\User;
+use Carbon\Carbon;
+use Auth;
+use DB;

 class AccessoriesController extends Controller
 {
@@ -46,8 +49,14 @@ class AccessoriesController extends Controller
            $accessories->where('supplier_id','=',$request->input('supplier_id'));
        }

-        $offset = (($accessories) && (request('offset') > $accessories->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($accessories) && ($request->get('offset') > $accessories->count())) ? $accessories->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
+
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';

@@ -191,4 +200,94 @@ class AccessoriesController extends Controller
        return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/accessories/message.delete.success')));

    }
+
+
+    /**
+     * Save the Accessory checkout information.
+     *
+     * If Slack is enabled and/or asset acceptance is enabled, it will also
+     * trigger a Slack message and send an email.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param  int  $accessoryId
+     * @return Redirect
+     */
+    public function checkout(Request $request, $accessoryId)
+    {
+        // Check if the accessory exists
+        if (is_null($accessory = Accessory::find($accessoryId))) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.does_not_exist')));
+        }
+
+        $this->authorize('checkout', $accessory);
+
+
+        if ($accessory->numRemaining() > 0) {
+
+            if (!$user = User::find($request->input('assigned_to'))) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.checkout.user_does_not_exist')));
+            }
+
+            // Update the accessory data
+            $accessory->assigned_to = $request->input('assigned_to');
+
+            $accessory->users()->attach($accessory->id, [
+                'accessory_id' => $accessory->id,
+                'created_at' => Carbon::now(),
+                'user_id' => Auth::id(),
+                'assigned_to' => $request->get('assigned_to')
+            ]);
+
+            $accessory->logCheckout($request->input('note'), $user);
+
+            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/accessories/message.checkout.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, 'No accessories remaining'));
+
+    }
+
+    /**
+     * Check in the item so that it can be checked out again to someone else
+     *
+     * @uses Accessory::checkin_email() to determine if an email can and should be sent
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param Request $request
+     * @param integer $accessoryUserId
+     * @param string $backto
+     * @return Redirect
+     * @internal param int $accessoryId
+     */
+    public function checkin(Request $request, $accessoryUserId = null)
+    {
+        if (is_null($accessory_user = DB::table('accessories_users')->find($accessoryUserId))) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.does_not_exist')));
+        }
+
+        $accessory = Accessory::find($accessory_user->accessory_id);
+        $this->authorize('checkin', $accessory);
+
+        $logaction = $accessory->logCheckin(User::find($accessoryUserId), $request->input('note'));
+
+        // Was the accessory updated?
+        if (DB::table('accessories_users')->where('id', '=', $accessory_user->id)->delete()) {
+            if (!is_null($accessory_user->assigned_to)) {
+                $user = User::find($accessory_user->assigned_to);
+            }
+
+            $data['log_id'] = $logaction->id;
+            $data['first_name'] = $user->first_name;
+            $data['last_name'] = $user->last_name;
+            $data['item_name'] = $accessory->name;
+            $data['checkin_date'] = $logaction->created_at;
+            $data['item_tag'] = '';
+            $data['note'] = $logaction->note;
+
+            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/accessories/message.checkin.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/accessories/message.checkin.error')));
+
+    }
+
 }
@@ -44,8 +44,13 @@ class AssetMaintenancesController extends Controller
            $maintenances->where('asset_id', '=', $request->input('asset_id'));
        }

-        $offset = (($maintenances) && (request('offset') > $maintenances->count())) ? 0 : request('offset', 0);
-        $limit = request('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($maintenances) && ($request->get('offset') > $maintenances->count())) ? $maintenances->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+

        $allowed_columns = [
                                'id',
@@ -60,8 +60,13 @@ class AssetModelsController extends Controller
            $assetmodels->TextSearch($request->input('search'));
        }

-        $offset = (($assetmodels) && (request('offset') > $assetmodels->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($assetmodels) && ($request->get('offset') > $assetmodels->count())) ? $assetmodels->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'models.created_at';

@@ -144,8 +144,15 @@ class AssetsController extends Controller

        $request->filled('order_number') ? $assets = $assets->where('assets.order_number', '=', e($request->get('order_number'))) : '';

-        $offset = (($assets) && (request('offset') > $assets->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($assets) && ($request->get('offset') > $assets->count())) ? $assets->count() : $request->get('offset', 0);
+
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';

        // This is used by the audit reporting routes
@@ -522,6 +529,10 @@ class AssetsController extends Controller
                    $location = $target->location_id;
                } elseif (($request->filled('assigned_asset')) && ($target = Asset::find($request->get('assigned_asset')))) {
                    $location = $target->location_id;
+
+                    Asset::where('assigned_type', '\\App\\Models\\Asset')->where('assigned_to', $id)
+                        ->update(['location_id' => $target->location_id]);
+
                } elseif (($request->filled('assigned_location')) && ($target = Location::find($request->get('assigned_location')))) {
                    $location = $target->id;
                }
@@ -645,7 +656,7 @@ class AssetsController extends Controller
            return response()->json(Helper::formatStandardApiResponse('success', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkout.success')));
        }

-        return response()->json(Helper::formatStandardApiResponse('error', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkout.error')))->withErrors($asset->getErrors());
+        return response()->json(Helper::formatStandardApiResponse('error', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkout.error')));
    }


@@ -674,7 +685,11 @@ class AssetsController extends Controller
        $asset->assigned_to = null;
        $asset->assignedTo()->disassociate($asset);
        $asset->accepted = null;
-        $asset->name = Input::get('name');
+
+        if ($request->filled('name')) {
+            $asset->name = $request->input('name');
+        }
+        
        $asset->location_id =  $asset->rtd_location_id;

        if ($request->filled('location_id')) {
@@ -30,8 +30,13 @@ class CategoriesController extends Controller
            $categories = $categories->TextSearch($request->input('search'));
        }

-        $offset = (($categories) && (request('offset') > $categories->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($categories) && ($request->get('offset') > $categories->count())) ? $categories->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'assets_count';
        $categories->orderBy($sort, $order);
@@ -41,8 +41,13 @@ class CompaniesController extends Controller
            $companies->TextSearch($request->input('search'));
        }

-        $offset = (($companies) && (request('offset') > $companies->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($companies) && ($request->get('offset') > $companies->count())) ? $companies->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
        $companies->orderBy($sort, $order);
@@ -43,8 +43,12 @@ class ComponentsController extends Controller
            $components->where('location_id','=',$request->input('location_id'));
        }

-        $offset = (($components) && (request('offset') > $components->count())) ? 0 : request('offset', 0);
-        $limit = request('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($components) && ($request->get('offset') > $components->count())) ? $components->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');

        $allowed_columns = ['id','name','min_amt','order_number','serial','purchase_date','purchase_cost','company','category','qty','location','image'];
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
@@ -44,8 +44,13 @@ class ConsumablesController extends Controller
        }


-        $offset = (($consumables) && (request('offset') > $consumables->count())) ? 0 : request('offset', 0);
-        $limit = request('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($consumables) && ($request->get('offset') > $consumables->count())) ? $consumables->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
        $allowed_columns = ['id','name','order_number','min_amt','purchase_date','purchase_cost','company','category','model_number', 'item_no', 'manufacturer','location','qty','image'];
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -24,7 +24,7 @@ class CustomFieldsController extends Controller

    public function index()
    {
-        $this->authorize('index', CustomFields::class);
+        $this->authorize('index', CustomField::class);
        $fields = CustomField::get();
        return (new CustomFieldsTransformer)->transformCustomFields($fields, $fields->count());
    }
@@ -38,7 +38,7 @@ class CustomFieldsController extends Controller
    */
    public function show($id)
    {
-      $this->authorize('show', CustomField::class);
+      $this->authorize('view', CustomField::class);
        if ($field = CustomField::find($id)) {
            return (new CustomFieldsTransformer)->transformCustomField($field);
        }
@@ -58,7 +58,7 @@ class CustomFieldsetsController extends Controller
    */
    public function show($id)
    {
-      $this->authorize('show', CustomFieldset::class);
+      $this->authorize('view', CustomFieldset::class);
        if ($fieldset = CustomFieldset::find($id)) {
            return (new CustomFieldsetsTransformer)->transformCustomFieldset($fieldset);
        }
@@ -15,7 +15,7 @@ class DepartmentsController extends Controller
    /**
     * Display a listing of the resource.
     *
-     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @author [Godfrey Martinez] [<snipe@snipe.net>]
     * @since [v4.0]
     * @return \Illuminate\Http\Response
     */
@@ -39,8 +39,13 @@ class DepartmentsController extends Controller
            $departments = $departments->TextSearch($request->input('search'));
        }

-        $offset = (($departments) && (request('offset') > $departments->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($departments) && ($request->get('offset') > $departments->count())) ? $departments->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';

@@ -158,5 +163,28 @@ class DepartmentsController extends Controller
        return (new SelectlistTransformer)->transformSelectlist($departments);

    }
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [Godfrey Martinez] [<gmartinez@grokability.com>]
+     * @since [v4.0]
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(Request $request, $id)
+    {
+        $this->authorize('update', Department::class);
+        $departments = Department::findOrFail($id);
+        $departments->fill($request->all());
+
+        if ($departments->save()) {
+            return response()
+                ->json(Helper::formatStandardApiResponse('success', (new DepartmentsTransformer())->transformdepartment($departments), trans('admin/departments/message.update.success')));
+        }
+
+        return response()
+            ->json(Helper::formatStandardApiResponse('error', null, $departments->getErrors()));
+    }

 }
@@ -28,8 +28,13 @@ class DepreciationsController extends Controller
            $depreciations = $depreciations->TextSearch($request->input('search'));
        }

-        $offset = (($depreciations) && (request('offset') > $depreciations->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($depreciations) && ($request->get('offset') > $depreciations->count())) ? $depreciations->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
        $depreciations->orderBy($sort, $order);
@@ -28,8 +28,13 @@ class GroupsController extends Controller
            $groups = $groups->TextSearch($request->input('search'));
        }

-        $offset = (($groups) && (request('offset') > $groups->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($groups) && ($request->get('offset') > $groups->count())) ? $groups->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
        $groups->orderBy($sort, $order);
@@ -82,8 +82,13 @@ class LicensesController extends Controller
        }


-        $offset = (($licenses) && (request('offset') > $licenses->count())) ? 0 : request('offset', 0);
-        $limit = request('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($licenses) && ($request->get('offset') > $licenses->count())) ? $licenses->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';


@@ -225,14 +230,21 @@ class LicensesController extends Controller

            $this->authorize('view', $license);

-            $seats = LicenseSeat::where('license_id', $licenseId)->with('license', 'user', 'asset');
+            $seats = LicenseSeat::where('license_seats.license_id', $licenseId)
+                ->with('license', 'user', 'asset', 'user.department');

-            $offset = (($seats) && (request('offset') > $seats->count())) ? 0 : request('offset', 0);
-
-            $limit = request('limit', 50);
            $order = $request->input('order') === 'asc' ? 'asc' : 'desc';

+            if ($request->input('sort')=='department') {
+                $seats->OrderDepartments($order);
+            } else {
+                $seats->orderBy('id', $order);
+            }
+
            $total = $seats->count();
+            $offset = (($seats) && (request('offset') > $total)) ? 0 : request('offset', 0);
+            $limit = request('limit', 50);
+            
            $seats = $seats->skip($offset)->take($limit)->get();

            if ($seats) {
@@ -8,6 +8,8 @@ use App\Helpers\Helper;
 use App\Models\Location;
 use App\Http\Transformers\LocationsTransformer;
 use App\Http\Transformers\SelectlistTransformer;
+use Illuminate\Pagination\LengthAwarePaginator;
+use Illuminate\Support\Collection;

 class LocationsController extends Controller
 {
@@ -26,7 +28,7 @@ class LocationsController extends Controller
                'updated_at','manager_id','image',
                'assigned_assets_count','users_count','assets_count','currency'];

-        $locations = Location::with('parent', 'manager', 'childLocations')->select([
+        $locations = Location::with('parent', 'manager', 'children')->select([
            'locations.id',
            'locations.name',
            'locations.address',
@@ -50,9 +52,13 @@ class LocationsController extends Controller
        }


+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($locations) && ($request->get('offset') > $locations->count())) ? $locations->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');

-        $offset = (($locations) && (request('offset') > $locations->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';

@@ -106,7 +112,7 @@ class LocationsController extends Controller
    public function show($id)
    {
        $this->authorize('view', Location::class);
-        $location = Location::with('parent', 'manager', 'childLocations')
+        $location = Location::with('parent', 'manager', 'children')
            ->select([
                'locations.id',
                'locations.name',
@@ -143,6 +149,13 @@ class LocationsController extends Controller
    {
        $this->authorize('update', Location::class);
        $location = Location::findOrFail($id);
+
+        if ($request->input('parent_id') == $id) {
+
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'A location cannot be its own parent. Please select a different parent ID.'));
+        }
+
+
        $location->fill($request->all());

        if ($location->save()) {
@@ -178,6 +191,27 @@ class LocationsController extends Controller
    /**
     * Gets a paginated collection for the select2 menus
     *
+     * This is handled slightly differently as of ~4.7.8-pre, as
+     * we have to do some recursive magic to get the hierarchy to display
+     * properly when looking at the parent/child relationship in the
+     * rich menus.
+     *
+     * This means we can't use the normal pagination that we use elsewhere
+     * in our selectlists, since we have to get the full set before we can
+     * determine which location is parent/child/grandchild, etc.
+     *
+     * This also means that hierarchy display gets a little funky when people
+     * use the Select2 search functionality, but there's not much we can do about
+     * that right now.
+     *
+     * As a result, instead of paginating as part of the query, we have to grab
+     * the entire data set, and then invoke a paginator manually and pass that
+     * through to the SelectListTransformer.
+     *
+     * Many thanks to @uberbrady for the help getting this working better.
+     * Recursion still sucks, but I guess he doesn't have to get in the
+     * sea... this time.
+     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0.16]
     * @see \App\Http\Transformers\SelectlistTransformer
@@ -189,25 +223,44 @@ class LocationsController extends Controller
        $locations = Location::select([
            'locations.id',
            'locations.name',
+            'locations.parent_id',
            'locations.image',
        ]);

+        $page = 1;
+        if ($request->filled('page')) {
+            $page = $request->input('page');
+        }
+
        if ($request->filled('search')) {
-            $locations = $locations->where('locations.name', 'LIKE', '%'.$request->get('search').'%');
+            $locations = $locations->where('locations.name', 'LIKE', '%'.$request->input('search').'%');
        }

-        $locations = $locations->orderBy('name', 'ASC')->paginate(50);
+        $locations = $locations->orderBy('name', 'ASC')->get();
+
+        $locations_with_children = [];

-        // Loop through and set some custom properties for the transformer to use.
-        // This lets us have more flexibility in special cases like assets, where
-        // they may not have a ->name value but we want to display something anyway
        foreach ($locations as $location) {
-            $location->use_text = $location->name;
-            $location->use_image = ($location->image) ? url('/').'/uploads/locations/'.$location->image : null;
+            if (!array_key_exists($location->parent_id, $locations_with_children)) {
+                $locations_with_children[$location->parent_id] = [];
+            }
+            $locations_with_children[$location->parent_id][] = $location;
        }

-        return (new SelectlistTransformer)->transformSelectlist($locations);
+        if ($request->filled('search')) {
+            $locations_formatted =  $locations;
+        } else {
+            $location_options = Location::indenter($locations_with_children);
+            $locations_formatted = new Collection($location_options);
+
+        }
+
+        $paginated_results =  new LengthAwarePaginator($locations_formatted->forPage($page, 500), $locations_formatted->count(), 500, $page, []);
+
+        //return [];
+        return (new SelectlistTransformer)->transformSelectlist($paginated_results);

    }

+
 }
@@ -37,10 +37,13 @@ class ManufacturersController extends Controller
        }


+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($manufacturers) && ($request->get('offset') > $manufacturers->count())) ? $manufacturers->count() : $request->get('offset', 0);

+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');

-        $offset = (($manufacturers) && (request('offset') > $manufacturers->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
        $manufacturers->orderBy($sort, $order);
@@ -30,8 +30,13 @@ class StatuslabelsController extends Controller
            $statuslabels = $statuslabels->TextSearch($request->input('search'));
        }

-        $offset = (($statuslabels) && (request('offset') > $statuslabels->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($statuslabels) && ($request->get('offset') > $statuslabels->count())) ? $statuslabels->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
        $statuslabels->orderBy($sort, $order);
@@ -33,8 +33,13 @@ class SuppliersController extends Controller
            $suppliers = $suppliers->TextSearch($request->input('search'));
        }

-        $offset = (($suppliers) && (request('offset') > $suppliers->count())) ? 0 : request('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($suppliers) && ($request->get('offset') > $suppliers->count())) ? $suppliers->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
        $suppliers->orderBy($sort, $order);
@@ -13,6 +13,7 @@ use App\Models\Asset;
 use App\Http\Transformers\AssetsTransformer;
 use App\Http\Transformers\SelectlistTransformer;
 use App\Http\Transformers\AccessoriesTransformer;
+use App\Http\Transformers\LicensesTransformer;

 class UsersController extends Controller
 {
@@ -87,8 +88,14 @@ class UsersController extends Controller
        }

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-        $offset = (($users) && (request('offset') > $users->count())) ? 0 : request('offset', 0);
-        $limit = request('limit',  20);
+
+        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
+        // case we override with the actual count, so we should return 0 items.
+        $offset = (($users) && ($request->get('offset') > $users->count())) ? $users->count() : $request->get('offset', 0);
+
+        // Check to make sure the limit is not higher than the max allowed
+        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+

        switch ($request->input('sort')) {
            case 'manager':
@@ -225,7 +232,7 @@ class UsersController extends Controller
    public function show($id)
    {
        $this->authorize('view', User::class);
-        $user = User::findOrFail($id);
+        $user = User::withCount('assets as assets_count','licenses as licenses_count','accessories as accessories_count','consumables as consumables_count')->findOrFail($id);
        return (new UsersTransformer)->transformUser($user);
    }

@@ -352,6 +359,23 @@ class UsersController extends Controller
        return (new AccessoriesTransformer)->transformAccessories($accessories, $accessories->count());
    }

+    /**
+     * Return JSON containing a list of licenses assigned to a user.
+     *
+     * @author [N. Mathar] [<snipe@snipe.net>]
+     * @since [v5.0]
+     * @param $userId
+     * @return string JSON
+     */
+    public function licenses($id)
+    {
+        $this->authorize('view', User::class);
+        $this->authorize('view', License::class);
+        $user = User::where('id', $id)->withTrashed()->first();
+        $licenses = $user->licenses()->get();
+        return (new LicensesTransformer())->transformLicenses($licenses, $licenses->count());
+    }
+
    /**
     * Reset the user's two-factor status
     *
@@ -390,6 +414,6 @@ class UsersController extends Controller
     */
    public function getCurrentUserInfo(Request $request)
    {
-        return response()->json($request->user());
+        return (new UsersTransformer)->transformUser($request->user());
    }
 }
@@ -90,23 +90,7 @@ class AssetModelsController extends Controller
            $model->fieldset_id = e($request->input('custom_fieldset'));
        }

-        if (Input::file('image')) {
-
-            $image = Input::file('image');
-            $file_name = str_slug($image->getClientOriginalName()) . "." . $image->getClientOriginalExtension();
-            $path = app('models_upload_path');
-
-            if ($image->getClientOriginalExtension()!='svg') {
-                Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
-                    $constraint->aspectRatio();
-                    $constraint->upsize();
-                })->save($path.'/'.$file_name);
-            } else {
-                $image->move($path, $file_name);
-            }
-            $model->image = $file_name;
-
-        }
+        $model = $request->handleImages($model,600, public_path().'/uploads/models');

            // Was it created?
        if ($model->save()) {
@@ -182,37 +166,7 @@ class AssetModelsController extends Controller
            }
        }

-        $old_image = $model->image;
-
-        // Set the model's image property to null if the image is being deleted
-        if ($request->input('image_delete') == 1) {
-            $model->image = null;
-        }
-
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = $model->id.'-'.str_slug($image->getClientOriginalName()) . "." . $image->getClientOriginalExtension();
-
-            if ($image->getClientOriginalExtension()!='svg') {
-                Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
-                    $constraint->aspectRatio();
-                    $constraint->upsize();
-                })->save(app('models_upload_path').$file_name);
-            } else {
-                $image->move(app('models_upload_path'), $file_name);
-            }
-            $model->image = $file_name;
-
-        }
-
-        if ((($request->file('image')) && (isset($old_image)) && ($old_image!='')) || ($request->input('image_delete') == 1)) {
-            try  {
-                unlink(app('models_upload_path').$old_image);
-            } catch (\Exception $e) {
-                \Log::info($e);
-            }
-        }
-
+        $model = $request->handleImages($model,600, public_path().'/uploads/models');

        if ($model->save()) {
            return redirect()->route("models.index")->with('success', trans('admin/models/message.update.success'));
@@ -326,7 +326,7 @@ class AssetsController extends Controller
                unlink(public_path().'/uploads/assets/'.$asset->image);
                $asset->image = '';
            } catch (\Exception $e) {
-                \Log::info($e);
+                \Log::debug($e);
            }

        }
@@ -394,6 +394,12 @@ class AssetsController extends Controller


        if ($asset->save()) {
+
+             // Update any assigned assets with the new location_id from the parent asset
+
+            Asset::where('assigned_type', '\\App\\Models\\Asset')->where('assigned_to', $asset->id)
+                ->update(['location_id' => $asset->location_id]);
+
            // Redirect to the new asset page
            \Session::flash('success', trans('admin/hardware/message.update.success'));
            return response()->json(['redirect_url' => route("hardware.show", $assetId)]);
@@ -499,6 +505,7 @@ class AssetsController extends Controller
        $barcode_file = public_path().'/uploads/barcodes/'.str_slug($settings->alt_barcode).'-'.str_slug($asset->asset_tag).'.png';

        if (isset($asset->id, $asset->asset_tag)) {
+
            if (file_exists($barcode_file)) {
                $header = ['Content-type' => 'image/png'];
                return response()->file($barcode_file, $header);
@@ -507,10 +514,22 @@ class AssetsController extends Controller
                $barcode_width = ($settings->labels_width - $settings->labels_display_sgutter) * 96.000000000001;

                $barcode = new \Com\Tecnick\Barcode\Barcode();
-                $barcode_obj = $barcode->getBarcodeObj($settings->alt_barcode,$asset->asset_tag,($barcode_width < 300 ? $barcode_width : 300),50);

-                file_put_contents($barcode_file, $barcode_obj->getPngData());
-                return response($barcode_obj->getPngData())->header('Content-type', 'image/png');
+                try {
+
+                    $barcode_obj = $barcode->getBarcodeObj($settings->alt_barcode,$asset->asset_tag,($barcode_width < 300 ? $barcode_width : 300),50);
+
+                    file_put_contents($barcode_file, $barcode_obj->getPngData());
+                    return response($barcode_obj->getPngData())->header('Content-type', 'image/png');
+
+                } catch (\Exception $e) {
+                    \Log::debug('Error creating barcode: '.$e->getMessage());
+                    \Log::debug('This usually happens because the asset tags are of a format that is not compatible with the selected barcode type.');
+                    $img = file_get_contents(public_path().'/uploads/barcodes/invalid_barcode.gif');
+                    return response($img)->header('Content-type', 'image/gif');
+                }
+
+
            }
        }
    }
@@ -570,15 +589,17 @@ class AssetsController extends Controller
     */
    public function postImportHistory(Request $request)
    {
+
+        if (!$request->hasFile('user_import_csv')) {
+            return back()->with('error', 'No file provided. Please select a file for import and try again. ');
+        }
+
        if (!ini_get("auto_detect_line_endings")) {
            ini_set("auto_detect_line_endings", '1');
        }

        $csv = Reader::createFromPath(Input::file('user_import_csv'));
-        $csv->setNewline("\r\n");
-        //get the first row, usually the CSV header
-        //$headers = $csv->fetchOne();
-
+        $csv->setHeaderOffset(0);
        $results = $csv->getRecords();
        $item = array();
        $status = array();
@@ -595,7 +616,9 @@ class AssetsController extends Controller
                }
                $batch_counter = count($item[$asset_tag]);

-                $item[$asset_tag][$batch_counter]['checkout_date'] = Carbon::parse(Helper::array_smart_fetch($row, "date"))->format('Y-m-d H:i:s');
+                $item[$asset_tag][$batch_counter]['checkout_date'] = Carbon::parse(Helper::array_smart_fetch($row, "checkout date"))->format('Y-m-d H:i:s');
+                $item[$asset_tag][$batch_counter]['checkin_date'] = Carbon::parse(Helper::array_smart_fetch($row, "checkin date"))->format('Y-m-d H:i:s');
+                \Log::debug($item[$asset_tag][$batch_counter]['checkin_date']);

                $item[$asset_tag][$batch_counter]['asset_tag'] = Helper::array_smart_fetch($row, "asset tag");
                $item[$asset_tag][$batch_counter]['name'] = Helper::array_smart_fetch($row, "name");
@@ -678,9 +701,11 @@ class AssetsController extends Controller
                // Only do this if a matching user was found
                if ((array_key_exists('checkedout_to', $asset_batch[$x])) && ($asset_batch[$x]['checkedout_to']!='')) {
                    if (($total_in_batch > 1) && ($x < $total_in_batch) && (array_key_exists($next, $asset_batch))) {
-                        $checkin_date = Carbon::parse($asset_batch[$next]['checkout_date'])->subDay(1)->format('Y-m-d H:i:s');
+                        $checkin_date = Carbon::parse($asset_batch[$next]['checkin_date'])->format('Y-m-d H:i:s');
                        $asset_batch[$x]['real_checkin'] = $checkin_date;

+                        \Log::debug($asset_batch[$next]['checkin_date']);
+                        \Log::debug($checkin_date);
                        Actionlog::firstOrCreate(array(
                            'item_id' => $asset_batch[$x]['asset_id'],
                            'item_type' => Asset::class,
@@ -5,6 +5,7 @@ namespace App\Http\Controllers\Auth;
 use App\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Validator;

 class ForgotPasswordController extends Controller
 {
@@ -41,6 +42,8 @@ class ForgotPasswordController extends Controller
        return property_exists($this, 'subject') ? $this->subject : \Lang::get('mail.reset_link');
    }

+
+
    /**
     * Send a reset link to the given user.
     *
@@ -49,11 +52,21 @@ class ForgotPasswordController extends Controller
     */
    public function sendResetLinkEmail(Request $request)
    {
-        $this->validate($request, ['email' => 'required|email']);

-        // We will send the password reset link to this user. Once we have attempted
-        // to send the link, we will examine the response then see the message we
-        // need to show to the user. Finally, we'll send out a proper response.
+        /**
+         * Let's set a max character count here to prevent potential
+         * buffer overflow issues with attackers sending very large
+         * payloads through.
+         */
+        $this->validate($request, ['email' => 'required|email|max:250']);
+
+        /**
+         * If we find a matching email with an activated user, we will
+         * send the password reset link to the user.
+         *
+         * Once we have attempted to send the link, we will examine the response
+         * then see the message we need to show to the user. Finally, we'll send out a proper response.
+         */
        $response = $this->broker()->sendResetLink(
            array_merge(
                $request->only('email'),
@@ -65,9 +78,25 @@ class ForgotPasswordController extends Controller
            return redirect()->route('login')->with('status', trans($response));
        }

-        // If an error was returned by the password broker, we will get this message
-        // translated so we can notify a user of the problem. We'll redirect back
-        // to where the users came from so they can attempt this process again.
+
+        /**
+         * If an error was returned by the password broker, we will get this message
+         * translated so we can notify a user of the problem. We'll redirect back
+         * to where the users came from so they can attempt this process again.
+         *
+         * HOWEVER, we do not want to translate the message if the user isn't found
+         * or isn't active, since that would allow an attacker to walk through
+         * a dictionary attack and figure out registered user email addresses.
+         *
+         * Instead we tell the user we've sent an email even though we haven't.
+         * It's bad UX, but better security. The compromises we sometimes have to make.
+        */
+
+        if ($response == 'passwords.user') {
+            \Log::debug('User with email '.$request->input('email').' attempted a password reset request but was not found. No email was sent.');
+            return redirect()->route('login')->with('success', trans('passwords.user_inactive'));
+        }
+
        return back()->withErrors(
            ['email' => trans($response)]
        );
@@ -83,17 +83,7 @@ class CategoriesController extends Controller
        $category->checkin_email        = $request->input('checkin_email', '0');
        $category->user_id              = Auth::id();

-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_random(25).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/categories/'.$file_name);
-            Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $category->image = $file_name;
-        }
-
+        $category = $request->handleImages($category,600, public_path().'/uploads/categories');

        if ($category->save()) {
            return redirect()->route('categories.index')->with('success', trans('admin/categories/message.create.success'));
@@ -152,37 +142,12 @@ class CategoriesController extends Controller
        $category->require_acceptance   = $request->input('require_acceptance', '0');
        $category->checkin_email        = $request->input('checkin_email', '0');

-        $old_image = $category->image;
-
        // Set the model's image property to null if the image is being deleted
        if ($request->input('image_delete') == 1) {
            $category->image = null;
        }

-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = $category->id.'-'.str_slug($image->getClientOriginalName()) . "." . $image->getClientOriginalExtension();
-
-            if ($image->getClientOriginalExtension()!='svg') {
-                Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
-                    $constraint->aspectRatio();
-                    $constraint->upsize();
-                })->save(app('categories_upload_path').$file_name);
-            } else {
-                $image->move(app('categories_upload_path'), $file_name);
-            }
-            $category->image = $file_name;
-
-        }
-
-        if ((($request->file('image')) && (isset($old_image)) && ($old_image!='')) || ($request->input('image_delete') == 1)) {
-            try  {
-                unlink(app('categories_upload_path').$old_image);
-            } catch (\Exception $e) {
-                \Log::info($e);
-            }
-        }
-
+        $category = $request->handleImages($category,600, public_path().'/uploads/categories');

        if ($category->save()) {
            // Redirect to the new category page
@@ -63,16 +63,7 @@ final class CompaniesController extends Controller
        $company = new Company;
        $company->name = $request->input('name');

-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_random(25).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/companies/'.$file_name);
-            Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $company->image = $file_name;
-        }
+        $company = $request->handleImages($company,600, public_path().'/uploads/companies');

        if ($company->save()) {
            return redirect()->route('companies.index')
@@ -121,36 +112,12 @@ final class CompaniesController extends Controller

        $company->name = $request->input('name');

-        $old_image = $company->image;
-
        // Set the model's image property to null if the image is being deleted
        if ($request->input('image_delete') == 1) {
            $company->image = null;
        }

-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = $company->id.'-'.str_slug($image->getClientOriginalName()) . "." . $image->getClientOriginalExtension();
-
-            if ($image->getClientOriginalExtension()!='svg') {
-                Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
-                    $constraint->aspectRatio();
-                    $constraint->upsize();
-                })->save(app('companies_upload_path').$file_name);
-            } else {
-                $image->move(app('companies_upload_path'), $file_name);
-            }
-            $company->image = $file_name;
-
-        }
-
-        if ((($request->file('image')) && (isset($old_image)) && ($old_image!='')) || ($request->input('image_delete') == 1)) {
-            try  {
-                unlink(app('companies_upload_path').$old_image);
-            } catch (\Exception $e) {
-                \Log::info($e);
-            }
-        }
+        $company = $request->handleImages($company,600, public_path().'/uploads/companies');


        if ($company->save()) {
@@ -91,16 +91,7 @@ class ComponentsController extends Controller
        $component->user_id                = Auth::id();


-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_random(25).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/components/'.$file_name);
-            Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $component->image = $file_name;
-        }
+        $component = $request->handleImages($component,600, public_path().'/uploads/components');

        if ($component->save()) {
            return redirect()->route('components.index')->with('success', trans('admin/components/message.create.success'));
@@ -164,18 +155,7 @@ class ComponentsController extends Controller
        $component->purchase_cost          = request('purchase_cost');
        $component->qty                    = Input::get('qty');

-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_random(25).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/components/'.$file_name);
-            Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $component->image = $file_name;
-        } elseif ($request->input('image_delete')=='1') {
-            $component->image = null;
-        }
+        $component = $request->handleImages($component,600, public_path().'/uploads/components');

        if ($component->save()) {
            return redirect()->route('components.index')->with('success', trans('admin/components/message.update.success'));
@@ -87,16 +87,8 @@ class ConsumablesController extends Controller
        $consumable->user_id                = Auth::id();


-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_random(25).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/consumables/'.$file_name);
-            Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $consumable->image = $file_name;
-        }
+        $consumable = $request->handleImages($consumable,600, public_path().'/uploads/components');
+

        if ($consumable->save()) {
            return redirect()->route('consumables.index')->with('success', trans('admin/consumables/message.create.success'));
@@ -212,7 +204,7 @@ class ConsumablesController extends Controller
        if (isset($consumable->id)) {
            return view('consumables/view', compact('consumable'));
        }
-        return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.does_not_exist', compact('id')));
+        return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.does_not_exist'));
    }

    /**
@@ -53,16 +53,7 @@ class DepartmentsController extends Controller
        $department->user_id = Auth::user()->id;
        $department->manager_id = ($request->filled('manager_id' ) ? $request->input('manager_id') : null);

-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_random(25).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/departments/'.$file_name);
-            Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $department->image = $file_name;
-        }
+        $department = $request->handleImages($department,600, public_path().'/uploads/departments');

        if ($department->save()) {
            return redirect()->route("departments.index")->with('success', trans('admin/departments/message.create.success'));
@@ -164,36 +155,7 @@ class DepartmentsController extends Controller
        $department->fill($request->all());
        $department->manager_id = ($request->filled('manager_id' ) ? $request->input('manager_id') : null);

-        $old_image = $department->image;
-
-        // Set the model's image property to null if the image is being deleted
-        if ($request->input('image_delete') == 1) {
-            $department->image = null;
-        }
-
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = $department->id.'-'.str_slug($image->getClientOriginalName()) . "." . $image->getClientOriginalExtension();
-
-            if ($image->getClientOriginalExtension()!='svg') {
-                Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
-                    $constraint->aspectRatio();
-                    $constraint->upsize();
-                })->save(app('departments_upload_path').$file_name);
-            } else {
-                $image->move(app('departments_upload_path'), $file_name);
-            }
-            $department->image = $file_name;
-
-        }
-
-        if ((($request->file('image')) && (isset($old_image)) && ($old_image!='')) || ($request->input('image_delete') == 1)) {
-            try  {
-                unlink(app('departments_upload_path').$old_image);
-            } catch (\Exception $e) {
-                \Log::info($e);
-            }
-        }
+        $department = $request->handleImages($department,600, public_path().'/uploads/departments');

        if ($department->save()) {
            return redirect()->route("departments.index")->with('success', trans('admin/departments/message.update.success'));
@@ -41,8 +41,6 @@ class LocationsController extends Controller
    {
        // Grab all the locations
        $this->authorize('view', Location::class);
-        $locations = Location::orderBy('created_at', 'DESC')->with('parent', 'assets', 'assignedassets')->get();
-
        // Show the page
        return view('locations/index');
    }
@@ -59,14 +57,7 @@ class LocationsController extends Controller
    public function create()
    {
        $this->authorize('create', Location::class);
-        $locations = Location::orderBy('name', 'ASC')->get();
-
-        $location_options_array = Location::getLocationHierarchy($locations);
-        $location_options = Location::flattenLocationsArray($location_options_array);
-        $location_options = array('' => 'Top Level') + $location_options;
-
        return view('locations/edit')
-            ->with('location_options', $location_options)
            ->with('item', new Location);
    }

@@ -97,16 +88,7 @@ class LocationsController extends Controller
        $location->manager_id       = $request->input('manager_id');
        $location->user_id          = Auth::id();

-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_random(25).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/locations/'.$file_name);
-            Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $location->image = $file_name;
-        }
+        $location = $request->handleImages($location,600, public_path().'/uploads/locations');

        if ($location->save()) {
            return redirect()->route("locations.index")->with('success', trans('admin/locations/message.create.success'));
@@ -132,14 +114,8 @@ class LocationsController extends Controller
            return redirect()->route('locations.index')->with('error', trans('admin/locations/message.does_not_exist'));
        }

-        // Show the page
-        $locations = Location::orderBy('name', 'ASC')->get();
-        $location_options_array = Location::getLocationHierarchy($locations);
-        $location_options = Location::flattenLocationsArray($location_options_array);
-        $location_options = array('' => 'Top Level') + $location_options;

-        return view('locations/edit', compact('item'))
-            ->with('location_options', $location_options);
+        return view('locations/edit', compact('item'));
    }


@@ -160,6 +136,11 @@ class LocationsController extends Controller
            return redirect()->route('locations.index')->with('error', trans('admin/locations/message.does_not_exist'));
        }

+        if ($request->input('parent_id') == $locationId) {
+            return redirect()->back()->withInput()->with('error', 'A location cannot be its own parent. Please select a different parent location.');
+        }
+
+
        // Update the location data
        $location->name         = $request->input('name');
        $location->parent_id    = $request->input('parent_id', null);
@@ -172,37 +153,7 @@ class LocationsController extends Controller
        $location->zip          = $request->input('zip');
        $location->ldap_ou      = $request->input('ldap_ou');
        $location->manager_id   = $request->input('manager_id');
-
-        $old_image = $location->image;
-
-        // Set the model's image property to null if the image is being deleted
-        if ($request->input('image_delete') == 1) {
-            $location->image = null;
-        }
-
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = $location->id.'-'.str_slug($image->getClientOriginalName()) . "." . $image->getClientOriginalExtension();
-
-            if ($image->getClientOriginalExtension()!='svg') {
-                Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
-                    $constraint->aspectRatio();
-                    $constraint->upsize();
-                })->save(app('locations_upload_path').$file_name);
-            } else {
-                $image->move(app('locations_upload_path'), $file_name);
-            }
-            $location->image = $file_name;
-
-        }
-
-        if ((($request->file('image')) && (isset($old_image)) && ($old_image!='')) || ($request->input('image_delete') == 1)) {
-            try  {
-                unlink(app('locations_upload_path').$old_image);
-            } catch (\Exception $e) {
-                \Log::info($e);
-            }
-        }
+        $location = $request->handleImages($location,600, public_path().'/uploads/locations');


        if ($location->save()) {
@@ -229,7 +180,7 @@ class LocationsController extends Controller
        if ($location->users->count() > 0) {
            return redirect()->to(route('locations.index'))->with('error', trans('admin/locations/message.assoc_users'));

-        } elseif ($location->childLocations->count() > 0) {
+        } elseif ($location->children->count() > 0) {
            return redirect()->to(route('locations.index'))->with('error', trans('admin/locations/message.assoc_child_loc'));

        } elseif ($location->assets->count() > 0) {
@@ -75,18 +75,7 @@ class ManufacturersController extends Controller
        $manufacturer->support_url     = $request->input('support_url');
        $manufacturer->support_phone    = $request->input('support_phone');
        $manufacturer->support_email    = $request->input('support_email');
-
-
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_slug($image->getClientOriginalName()).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/manufacturers/'.$file_name);
-            Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $manufacturer->image = $file_name;
-        }
+        $manufacturer = $request->handleImages($manufacturer,600, public_path().'/uploads/manufacturers');



@@ -142,37 +131,14 @@ class ManufacturersController extends Controller
        $manufacturer->support_url     = $request->input('support_url');
        $manufacturer->support_phone    = $request->input('support_phone');
        $manufacturer->support_email    = $request->input('support_email');
-
-        $old_image = $manufacturer->image;
-
+        
        // Set the model's image property to null if the image is being deleted
        if ($request->input('image_delete') == 1) {
            $manufacturer->image = null;
        }

-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = $manufacturer->id.'-'.str_slug($image->getClientOriginalName()) . "." . $image->getClientOriginalExtension();
+        $manufacturer = $request->handleImages($manufacturer,600, public_path().'/uploads/manufacturers');

-            if ($image->getClientOriginalExtension()!='svg') {
-                Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
-                    $constraint->aspectRatio();
-                    $constraint->upsize();
-                })->save(app('manufacturers_upload_path').$file_name);
-            } else {
-                $image->move(app('manufacturers_upload_path'), $file_name);
-            }
-            $manufacturer->image = $file_name;
-
-        }
-
-        if ((($request->file('image')) && (isset($old_image)) && ($old_image!='')) || ($request->input('image_delete') == 1)) {
-            try  {
-                unlink(app('manufacturers_upload_path').$old_image);
-            } catch (\Exception $e) {
-                \Log::info($e);
-            }
-        }


        if ($manufacturer->save()) {
@@ -307,12 +307,18 @@ class ReportsController extends Controller
    public function postCustom(Request $request)
    {

+        ini_set('max_execution_time', 12000);
+
+
        \Debugbar::disable();
        $customfields = CustomField::get();
        $response = new StreamedResponse(function () use ($customfields, $request) {

+            \Log::debug('Starting streamed response');
+
            // Open output stream
            $handle = fopen('php://output', 'w');
+            stream_set_timeout($handle, 2000);
            
            if ($request->filled('use_bom')) {
                fprintf($handle, chr(0xEF) . chr(0xBB) . chr(0xBF));
@@ -464,8 +470,12 @@ class ReportsController extends Controller
                }
            }

-
+            $executionTime = microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"];
+            \Log::debug('Starting headers: '.$executionTime);
            fputcsv($handle, $header);
+            $executionTime = microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"];
+            \Log::debug('Added headers: '.$executionTime);
+

            $assets = \App\Models\Company::scopeCompanyables(Asset::select('assets.*'))->with(
                'location', 'assetstatus', 'assetlog', 'company', 'defaultLoc','assignedTo',
@@ -520,9 +530,13 @@ class ReportsController extends Controller
                $assets->whereBetween('assets.expected_checkin', [$request->input('expected_checkin_start'), $request->input('expected_checkin_end')]);
            }
            
-            $assets->orderBy('assets.created_at', 'ASC')->chunk(500, function($assets) use($handle, $customfields, $request) {
+            $assets->orderBy('assets.created_at', 'ASC')->chunk(20, function($assets) use($handle, $customfields, $request) {

+                $executionTime = microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"];
+                \Log::debug('Walking results: '.$executionTime);
+                $count = 0;
                foreach ($assets as $asset) {
+                    $count++;
                    $row = [];
                    
                    if ($request->filled('company')) {
@@ -695,17 +709,24 @@ class ReportsController extends Controller
                        }
                    }
                    fputcsv($handle, $row);
+                    $executionTime = microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"];
+                    \Log::debug('-- Record '.$count.' Asset ID:' .$asset->id. ' in '. $executionTime);
+
                }
            });

            // Close the output stream
            fclose($handle);
+            $executionTime = microtime(true) - $_SERVER["REQUEST_TIME_FLOAT"];
+            \Log::debug('-- SCRIPT COMPLETED IN '. $executionTime);
+
        }, 200, [
            'Content-Type' => 'text/csv',
            'Content-Disposition'
            => 'attachment; filename="custom-assets-report-'.date('Y-m-d-his').'.csv"',
        ]);

+
        return $response;


@@ -1,6 +1,7 @@
 <?php
 namespace App\Http\Controllers;

+use enshrined\svgSanitize\Sanitizer;
 use Input;
 use Lang;
 use Illuminate\Http\Request;
@@ -426,12 +427,23 @@ class SettingsController extends Controller
                $file_name = "logo.".$image->getClientOriginalExtension();
                $path = public_path('uploads');
                if ($image->getClientOriginalExtension()!='svg') {
+
                    Image::make($image->getRealPath())->resize(null, 150, function ($constraint) {
                        $constraint->aspectRatio();
                        $constraint->upsize();
                    })->save($path.'/'.$file_name);
                } else {
-                    $image->move($path, $file_name);
+
+                    // This is kinda copypasta from the ImageUploadRequest - should refactor the ImageUploadRequest to better handle maybe
+                    $sanitizer = new Sanitizer();
+                    $dirtySVG = file_get_contents($image->getRealPath());
+                    $cleanSVG = $sanitizer->sanitize($dirtySVG);
+
+                    try {
+                        file_put_contents($path.'/'.$file_name, $cleanSVG);
+                    } catch (\Exception $e) {
+                        \Log::debug($e);
+                    }
                }
                $setting->logo = $file_name;
            }
@@ -78,17 +78,8 @@ class SuppliersController extends Controller
        $supplier->notes                = request('notes');
        $supplier->url                  = $supplier->addhttp(request('url'));
        $supplier->user_id              = Auth::id();
+        $supplier = $request->handleImages($supplier,600, public_path().'/uploads/suppliers');

-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = str_random(25).".".$image->getClientOriginalExtension();
-            $path = public_path('uploads/suppliers/'.$file_name);
-            Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
-                $constraint->aspectRatio();
-                $constraint->upsize();
-            })->save($path);
-            $supplier->image = $file_name;
-        }

        if ($supplier->save()) {
            return redirect()->route('suppliers.index')->with('success', trans('admin/suppliers/message.create.success'));
@@ -145,39 +136,7 @@ class SuppliersController extends Controller
        $supplier->email                = request('email');
        $supplier->url                  = $supplier->addhttp(request('url'));
        $supplier->notes                = request('notes');
-
-
-        $old_image = $supplier->image;
-
-        // Set the model's image property to null if the image is being deleted
-        if ($request->input('image_delete') == 1) {
-            $supplier->image = null;
-        }
-
-        if ($request->file('image')) {
-            $image = $request->file('image');
-            $file_name = $supplier->id.'-'.str_slug($image->getClientOriginalName()) . "." . $image->getClientOriginalExtension();
-
-            if ($image->getClientOriginalExtension()!='svg') {
-                Image::make($image->getRealPath())->resize(800, null, function ($constraint) {
-                    $constraint->aspectRatio();
-                    $constraint->upsize();
-                })->save(app('suppliers_upload_path').$file_name);
-            } else {
-                $image->move(app('suppliers_upload_path'), $file_name);
-            }
-            $supplier->image = $file_name;
-
-        }
-
-        if ((($request->file('image')) && (isset($old_image)) && ($old_image!='')) || ($request->input('image_delete') == 1)) {
-            try  {
-                unlink(app('suppliers_upload_path').$old_image);
-            } catch (\Exception $e) {
-                \Log::info($e);
-            }
-        }
-
+        $supplier = $request->handleImages($supplier,600, public_path().'/uploads/suppliers');

        if ($supplier->save()) {
            return redirect()->route('suppliers.index')->with('success', trans('admin/suppliers/message.update.success'));
@@ -44,6 +44,7 @@ class Kernel extends HttpKernel
        ],

        'api' => [
+            \Barryvdh\Cors\HandleCors::class,
            'throttle:120,1',
            'auth:api',
        ],
@@ -2,7 +2,9 @@

 namespace App\Http\Requests;

-use App\Http\Requests\Request;
+use App\Models\SnipeModel;
+use Intervention\Image\Facades\Image;
+use enshrined\svgSanitize\Sanitizer;

 class ImageUploadRequest extends Request
 {
@@ -33,4 +35,83 @@ class ImageUploadRequest extends Request
    {
        return $this->redirector->back()->withInput()->withErrors($errors, $this->errorBag);
    }
-}
+
+    /**
+     * Handle and store any images attached to request
+     * @param SnipeModel $item Item the image is associated with
+     * @param String $path  location for uploaded images, defaults to uploads/plural of item type.
+     * @return SnipeModel        Target asset is being checked out to.
+     */
+    public function handleImages($item, $w = 600, $path = null)
+    {
+
+        $type = strtolower(class_basename(get_class($item)));
+
+        if (is_null($path)) {
+            $path =  str_plural($type);
+        }
+
+        \Log::debug('Trying to upload to '. $path);
+
+        if ($this->hasFile('image')) {
+
+            if (!config('app.lock_passwords')) {
+
+
+                if (!is_dir($path)) {
+                    \Log::debug($path.' does not exist');
+                    mkdir($path);
+                }
+
+                $image = $this->file('image');
+                $ext = $image->getClientOriginalExtension();
+                $file_name = $type.'-'.str_random(18).'.'.$ext;
+                \Log::debug('File name will be: '.$file_name);
+
+                if ($image->getClientOriginalExtension()!=='svg') {
+                    \Log::debug('Not an SVG - resize');
+                    \Log::debug('Trying to upload to: '.$path.'/'.$file_name);
+                    $upload = Image::make($image->getRealPath())->resize(null, $w, function ($constraint) {
+                        $constraint->aspectRatio();
+                        $constraint->upsize();
+                    })->save($path.'/'.$file_name);
+                } else {
+                    \Log::debug('This is an SVG');
+                    $sanitizer = new Sanitizer();
+                    $dirtySVG = file_get_contents($image->getRealPath());
+                    $cleanSVG = $sanitizer->sanitize($dirtySVG);
+
+                    try {
+                        \Log::debug('Trying to upload to: '.$path.'/'.$file_name);
+                        file_put_contents($path.'/'.$file_name, $cleanSVG);
+                    } catch (\Exception $e) {
+                        \Log::debug($e);
+                    }
+                }
+
+
+                // Remove Current image if exists
+                if (($item->image) && (file_exists($path.'/'.$item->image))) {
+                    try {
+                        unlink($path.'/'.$item->image);
+                    } catch (\Exception $e) {
+                        \Log::debug($e);
+                    }
+                }
+
+                $item->image = $file_name;
+            }
+
+        } elseif ($this->input('image_delete')=='1') {
+
+            try {
+                unlink($path.'/'.$item->image);
+            } catch (\Exception $e) {
+                \Log::debug($e);
+            }
+
+            $item->image = null;
+        }
+        return $item;
+    }
+}
@@ -30,10 +30,49 @@ class ActionlogsTransformer
        // This is necessary since we can't escape special characters within a JSON object
        if (($actionlog->log_meta) && ($actionlog->log_meta!='')) {
            $meta_array = json_decode($actionlog->log_meta);
-            foreach ($meta_array as $key => $value) {
-                foreach ($value as $meta_key => $meta_value) {
-                    $clean_meta[$key][$meta_key] = e($meta_value);
+
+            if ($meta_array) {
+                foreach ($meta_array as $key => $value) {
+                    foreach ($value as $meta_key => $meta_value) {
+
+                        if (is_array($meta_value)) {
+                            foreach ($meta_value as $meta_value_key => $meta_value_value) {
+                                $clean_meta[$key][$meta_value_key] = e($meta_value_value);
+                            }
+                        } else {
+
+                            // This object stuff is weird, and is used to make up for the fact that
+                            // older data can get strangely formatted if an asset existed,
+                            // then a new custom field is added, and the asset is saved again.
+                            // It can result in funnily-formatted strings like:
+                            //
+                            // {"_snipeit_right_sized_fault_tolerant_localareanetwo_1":
+                            // {"old":null,"new":{"value":"1579490695972","_snipeit_new_field_2":2,"_snipeit_new_field_3":"Monday, 20 January 2020 2:24:55 PM"}}
+                            // so we have to walk down that next level
+
+                            if (is_object($meta_value)) {
+
+                                foreach ($meta_value as $meta_value_key => $meta_value_value) {
+
+                                    if ($meta_value_key == 'value') {
+                                        $clean_meta[$key]['old'] = null;
+                                        $clean_meta[$key]['new'] = e($meta_value->value);
+                                    } else {
+                                        $clean_meta[$meta_value_key]['old'] = null;
+                                        $clean_meta[$meta_value_key]['new'] = e($meta_value_value);
+                                    }
+                                }
+
+
+
+                            } else {
+                                $clean_meta[$key][$meta_key] = e($meta_value);
+                            }
+                        }
+
+                    }
                }
+
            }
        }

@@ -5,6 +5,7 @@ use App\Models\AssetMaintenance;
 use Gate;
 use Illuminate\Database\Eloquent\Collection;
 use App\Helpers\Helper;
+use App\Models\Asset;

 class AssetMaintenancesTransformer
 {
@@ -29,7 +29,14 @@ class LicenseSeatsTransformer
            'name' => 'Seat '.$seat_count,
            'assigned_user' => ($seat->user) ? [
                'id' => (int) $seat->user->id,
-                'name'=> e($seat->user->present()->fullName)
+                'name'=> e($seat->user->present()->fullName),
+                'department'=>
+                    ($seat->user->department) ?
+                        [
+                            "id" => (int) $seat->user->department->id,
+                            "name" => e($seat->user->department->name)
+
+                        ] : null
            ] : null,
            'assigned_asset' => ($seat->asset) ? [
                'id' => (int) $seat->asset->id,
@@ -23,7 +23,7 @@ class LocationsTransformer
        if ($location) {

            $children_arr = [];
-            foreach($location->childLocations as $child) {
+            foreach($location->children as $child) {
                $children_arr[] = [
                    'id' => (int) $child->id,
                    'name' => $child->name
@@ -27,9 +27,17 @@ class AssetImporter extends ItemImporter

            foreach ($this->customFields as $customField) {
                $customFieldValue = $this->array_smart_custom_field_fetch($row, $customField);
+
                if ($customFieldValue) {
-                    $this->item['custom_fields'][$customField->db_column_name()] = $customFieldValue;
-                    $this->log('Custom Field '. $customField->name.': '.$customFieldValue);
+
+                    if ($customField->field_encrypted == 1) {
+                        $this->item['custom_fields'][$customField->db_column_name()] = \Crypt::encrypt($customFieldValue);
+                        $this->log('Custom Field '. $customField->name.': '.\Crypt::encrypt($customFieldValue));
+                    } else {
+                        $this->item['custom_fields'][$customField->db_column_name()] = $customFieldValue;
+                        $this->log('Custom Field '. $customField->name.': '.$customFieldValue);
+                    }
+
                } else {
                    // Clear out previous data.
                    $this->item['custom_fields'][$customField->db_column_name()] = null;
@@ -68,6 +76,8 @@ class AssetImporter extends ItemImporter
        }

        $this->item['image'] = $this->findCsvMatch($row, "image");
+        $this->item['requestable'] = $this->fetchHumanBoolean($this->findCsvMatch($row, "requestable"));;
+        $asset->requestable =  $this->fetchHumanBoolean($this->findCsvMatch($row, "requestable"));
        $this->item['warranty_months'] = intval($this->findCsvMatch($row, "warranty_months"));
        $this->item['model_id'] = $this->createOrFetchAssetModel($row);

@@ -443,11 +443,7 @@ abstract class Importer

    public function fetchHumanBoolean($value)
    {
-        if (($value =='1') || (strtolower($value) =='true') || (strtolower($value) =='yes'))
-        {
-            return '1';
-        }
-        return '0';
+       return (int) filter_var($value, FILTER_VALIDATE_BOOLEAN);
    }

    /**
@@ -111,6 +111,7 @@ class Asset extends Depreciable
        'status_id',
        'supplier_id',
        'warranty_months',
+        'requestable',
    ];

    use Searchable;
@@ -604,20 +605,26 @@ class Asset extends Depreciable

    public function requireAcceptance()
    {
-        return $this->model->category->require_acceptance;
+        if (($this->model) && ($this->model->category)) {
+            return $this->model->category->require_acceptance;
+        }
+
    }

    public function getEula()
    {
        $Parsedown = new \Parsedown();
-
-        if ($this->model->category->eula_text) {
-            return $Parsedown->text(e($this->model->category->eula_text));
-        } elseif ($this->model->category->use_default_eula == '1') {
-            return $Parsedown->text(e(Setting::getSettings()->default_eula_text));
-        } else {
-            return false;
+        
+        if (($this->model) && ($this->model->category)) {
+            if ($this->model->category->eula_text) {
+                return $Parsedown->text(e($this->model->category->eula_text));
+            } elseif ($this->model->category->use_default_eula == '1') {
+                return $Parsedown->text(e(Setting::getSettings()->default_eula_text));
+            } else {
+                return false;
+            }
        }
+        return false;
    }

    /**
@@ -821,9 +828,11 @@ class Asset extends Depreciable

    public function scopeDueForAudit($query, $settings)
    {
+        $interval = $settings->audit_warning_days ?? 0;
+
        return $query->whereNotNull('assets.next_audit_date')
            ->where('assets.next_audit_date', '>=', Carbon::now())
-            ->whereRaw("DATE_SUB(assets.next_audit_date, INTERVAL $settings->audit_warning_days DAY) <= '".Carbon::now()."'")
+            ->whereRaw("DATE_SUB(assets.next_audit_date, INTERVAL $interval DAY) <= '".Carbon::now()."'")
            ->where('assets.archived', '=', 0)
            ->NotArchived();
    }
@@ -1167,7 +1176,29 @@ class Asset extends Depreciable
                }
            }

-            if (($fieldname!='category') && ($fieldname!='model_number') && ($fieldname!='location') && ($fieldname!='supplier')
+            /**
+             * THIS CLUNKY BIT IS VERY IMPORTANT
+             *
+             * Although inelegant, this section matters a lot when querying against fields that do not
+             * exist on the asset table. There's probably a better way to do this moving forward, for
+             * example using the Schema:: methods to determine whether or not a column actually exists,
+             * or even just using the $searchableRelations variable earlier in this file.
+             *
+             * In short, this set of statements tells the query builder to ONLY query against an
+             * actual field that's being passed if it doesn't meet known relational fields. This
+             * allows us to query custom fields directly in the assetsv table
+             * (regardless of their name) and *skip* any fields that we already know can only be
+             * searched through relational searches that we do earlier in this method.
+             *
+             * For example, we do not store "location" as a field on the assets table, we store
+             * that relationship through location_id on the assets table, therefore querying
+             * assets.location would fail, as that field doesn't exist -- plus we're already searching
+             * against those relationships earlier in this method.
+             *
+             * - snipe 
+             *
+             */
+            if (($fieldname!='category') && ($fieldname!='model_number') && ($fieldname!='rtd_location') && ($fieldname!='location') && ($fieldname!='supplier')
                && ($fieldname!='status_label') && ($fieldname!='model') && ($fieldname!='company') && ($fieldname!='manufacturer')) {
                    $query->orWhere('assets.'.$fieldname, 'LIKE', '%' . $search_val . '%');
            }
@@ -1367,8 +1398,7 @@ class Asset extends Depreciable


    /**
-     * Query builder scope to search on location ID
-     *
+     * Query builder scope to search on depreciation name
     * @param  \Illuminate\Database\Query\Builder  $query  Query builder instance
     * @param  text                              $search      Search term
     *
@@ -73,7 +73,8 @@ class AssetMaintenance extends Model implements ICompanyableChild
            trans('admin/asset_maintenances/general.upgrade')     => trans('admin/asset_maintenances/general.upgrade'),
            'PAT test'      => 'PAT test',
            trans('admin/asset_maintenances/general.calibration')     => trans('admin/asset_maintenances/general.calibration'),
-            'PAT test'      => 'PAT test',
+            'Software Support'      => trans('admin/asset_maintenances/general.software_support'),
+            'Hardware Support'      => trans('admin/asset_maintenances/general.hardware_support'),
        ];
    }

@@ -48,7 +48,7 @@ class License extends Depreciable
    protected $table = 'licenses';
    protected $rules = array(
        'name'   => 'required|string|min:3|max:255',
-        'seats'   => 'required|min:1|max:1000000|integer',
+        'seats'   => 'required|min:1|max:999|integer',
        'license_email'   => 'email|nullable|max:120',
        'license_name'   => 'string|nullable|max:100',
        'notes'   => 'string|nullable',
@@ -55,4 +55,23 @@ class LicenseSeat extends Model implements ICompanyableChild
        return false;

    }
+
+    /**
+     * Query builder scope to order on department
+     *
+     * @param  \Illuminate\Database\Query\Builder  $query  Query builder instance
+     * @param  text                              $order         Order
+     *
+     * @return \Illuminate\Database\Query\Builder          Modified query builder
+     */
+    public function scopeOrderDepartments($query, $order)
+    {
+        return $query->leftJoin('users as license_seat_users',  'license_seats.assigned_to', '=', 'license_seat_users.id')
+            ->leftJoin('departments as license_user_dept',  'license_user_dept.id', '=', 'license_seat_users.department_id')
+            ->orderBy('license_user_dept.name', $order);
+    }
+
+
+
+
 }
@@ -113,7 +113,8 @@ class Location extends SnipeModel

    public function parent()
    {
-        return $this->belongsTo('\App\Models\Location', 'parent_id','id');
+        return $this->belongsTo('\App\Models\Location', 'parent_id','id')
+            ->with('parent');
    }

    public function manager()
@@ -121,9 +122,9 @@ class Location extends SnipeModel
        return $this->belongsTo('\App\Models\User', 'manager_id');
    }

-    public function childLocations()
-    {
-        return $this->hasMany('\App\Models\Location', 'parent_id');
+    public function children() {
+        return $this->hasMany('\App\Models\Location','parent_id')
+            ->with('children');
    }

    // I don't think we need this anymore since we de-normed location_id in assets?
@@ -137,59 +138,39 @@ class Location extends SnipeModel
        return $this->attributes['ldap_ou'] = empty($ldap_ou) ? null : $ldap_ou;
    }

-    public static function getLocationHierarchy($locations, $parent_id = null)
-    {

+    /**
+     * Query builder scope to order on parent
+     *
+     * @param  Illuminate\Database\Query\Builder  $query  Query builder instance
+     * @param  text                              $order       Order
+     *
+     * @return Illuminate\Database\Query\Builder          Modified query builder
+     */

-        $op = array();
-
-        foreach ($locations as $location) {
-
-            if ($location['parent_id'] == $parent_id) {
-                $op[$location['id']] =
-                    array(
-                        'name' => $location['name'],
-                        'parent_id' => $location['parent_id']
-                    );
-
-                // Using recursion
-                $children =  Location::getLocationHierarchy($locations, $location['id']);
-                if ($children) {
-                    $op[$location['id']]['children'] = $children;
-                }
-
-            }
+    public static function indenter($locations_with_children, $parent_id = null, $prefix = '') {
+        $results = Array();

+        
+        if (!array_key_exists($parent_id, $locations_with_children)) {
+            return [];
        }
-        return $op;
+
+
+        foreach ($locations_with_children[$parent_id] as $location) {
+            $location->use_text = $prefix.' '.$location->name;
+            $location->use_image = ($location->image) ? url('/').'/uploads/locations/'.$location->image : null;
+            $results[] = $location;
+            //now append the children. (if we have any)
+            if (array_key_exists($location->id, $locations_with_children)) {
+                $results = array_merge($results, Location::indenter($locations_with_children, $location->id,$prefix.'--'));
+            }
+        }
+        return $results;
    }


-    public static function flattenLocationsArray($location_options_array = null)
-    {
-        $location_options = array();
-        foreach ($location_options_array as $id => $value) {

-            // get the top level key value
-            $location_options[$id] = $value['name'];
-
-                // If there is a key named children, it has child locations and we have to walk it
-            if (array_key_exists('children', $value)) {
-
-                foreach ($value['children'] as $child_id => $child_location_array) {
-                    $child_location_options = Location::flattenLocationsArray($value['children']);
-
-                    foreach ($child_location_options as $child_id => $child_name) {
-                        $location_options[$child_id] = '--'.$child_name;
-                    }
-                }
-
-            }
-
-        }
-
-        return $location_options;
-    }

    /**
    * Query builder scope to order on parent
@@ -23,7 +23,7 @@ class Setting extends Model
          'slack_endpoint'   => 'url|required_with:slack_channel|nullable',
          'slack_channel'   => 'regex:/(?<!\w)#\w+/|required_with:slack_endpoint|nullable',
          'slack_botname'   => 'string|nullable',
-          'labels_per_page' => 'numeric',
+          'labels_per_page' => 'numeric|min:1',
          'labels_width' => 'numeric',
          'labels_height' => 'numeric',
          'labels_pmargin_left' => 'numeric|nullable',
@@ -258,13 +258,17 @@ class AssetPresenter extends Presenter
            $query->whereHas('models');
        })->get();

+
+        // Note: We do not need to e() escape the field names here, as they are already escaped when
+        // they are presented in the blade view. If we escape them here, custom fields with quotes in their
+        // name can break the listings page. - snipe
        foreach ($fields as $field) {
            $layout[] = [
                "field" => 'custom_fields.'.$field->convertUnicodeDbSlug(),
                "searchable" => true,
                "sortable" => true,
                "switchable" => true,
-                "title" => ($field->field_encrypted=='1') ?'<i class="fa fa-lock"></i> '.e($field->name) : e($field->name),
+                "title" => ($field->field_encrypted=='1') ?'<i class="fa fa-lock"></i> '.$field->name : $field->name,
                "formatter" => "customFieldsFormatter"
            ];

@@ -391,7 +395,7 @@ class AssetPresenter extends Presenter
    public function eol_date()
    {

-        if (( $this->purchase_date ) && ( $this->model ) && ($this->model->model->eol) ) {
+        if (( $this->purchase_date ) && ( $this->model->model ) && ($this->model->model->eol) ) {
            $date = date_create($this->purchase_date);
            date_add($date, date_interval_create_from_date_string($this->model->model->eol . ' months'));
            return date_format($date, 'Y-m-d');
@@ -176,6 +176,15 @@ class LicensePresenter extends Presenter
                "visible" => true,
                "formatter" => "usersLinkObjFormatter"
            ], [
+                "field" => "department",
+                "searchable" => false,
+                "sortable" => true,
+                "switchable" => true,
+                "title" => trans('general.department'),
+                "visible" => false,
+                "formatter" => "departmentNameLinkFormatter"
+            ],
+            [
                "field" => "assigned_asset",
                "searchable" => false,
                "sortable" => false,
@@ -191,7 +200,8 @@ class LicensePresenter extends Presenter
                "title" => trans('general.location'),
                "visible" => true,
                "formatter" => "locationsLinkObjFormatter"
-            ], [
+            ],
+            [
                "field" => "checkincheckout",
                "searchable" => false,
                "sortable" => false,
@@ -6,6 +6,7 @@
  "type": "project",
    "require": {
    "php": ">=7.1.2",
+    "barryvdh/laravel-cors": "^0.11.3",
    "barryvdh/laravel-debugbar": "^3.2",
    "doctrine/cache": "^1.8",
    "doctrine/common": "^2.10",
@@ -13,6 +14,7 @@
    "doctrine/inflector": "^1.3",
    "doctrine/instantiator": "^1.2",
    "eduardokum/laravel-mail-auto-embed": "^1.0",
+    "enshrined/svg-sanitize": "^0.13.3",
    "erusev/parsedown": "^1.7",
    "fideloper/proxy": "^4.1",
    "guzzlehttp/guzzle": "^6.3",
@@ -26,7 +28,7 @@
    "maknz/slack": "^1.7",
    "neitanod/forceutf8": "^2.0",
    "patchwork/utf8": "^1.3",
-    "phpdocumentor/reflection-docblock": "3.2.2",
+    "phpdocumentor/reflection-docblock": "^4.0",
    "phpspec/prophecy": "^1.8",
    "pragmarx/google2fa": "^5.0",
    "pragmarx/google2fa-laravel": "^1.0",
@@ -36,6 +36,19 @@ return [

    'env' => env('APP_ENV', 'production'),

+    /*
+    |--------------------------------------------------------------------------
+    | Result Limit
+    |--------------------------------------------------------------------------
+    |
+    | This value determines the max number of results to return, even if a higher limit
+    | is passed in the API request. This is done to prevent server timeouts when
+    | custom scripts are requesting 100k assets at a time.
+    |
+    */
+
+    'max_results' => env('MAX_RESULTS', 500),
+
    /*
    |--------------------------------------------------------------------------
    | Application Debug Mode
@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * ---------------------------------------------------------------------
+ * THIS IS $allowed_origins code IS NOT PART OF THE ORIGINAL CORS PACKAGE.
+ * IT IS A MODIFICATION BY SNIPE-IT TO ALLOW ADDING ALLOWED ORIGINS VIA THE ENV.
+ * ---------------------------------------------------------------------
+ *
+ * Since we don't really want people editing config files (lest they get
+ * overwritten later), this enables the person managing the Snipe-IT
+ * installation to modify these values without modifying the code.
+ *
+ * If APP_CORS_ALLOWED_ORIGINS is not set in the .env (for example if no one added it
+ * after an upgrade from a previous version that didn't include it in the .env.example) or is null,
+ * set it to * to allow all. If there is a value, either a single url or a comma-delimited
+ * list of urls, explode that out into an array to whitelist just those urls.
+ */
+
+$allowed_origins = env('CORS_ALLOWED_ORIGINS') !== null ?
+    explode(',', env('CORS_ALLOWED_ORIGINS')) : [];
+
+/**
+ * Original Laravel CORS package config file modifications end here
+ *
+ */
+
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | Laravel CORS
+    |--------------------------------------------------------------------------
+    |
+    | allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
+    | to accept any value.
+    |
+    */
+   
+    'supportsCredentials' => false,
+    'allowedOrigins' => $allowed_origins,
+    'allowedOriginsPatterns' => [],
+    'allowedHeaders' => ['*'],
+    'allowedMethods' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE'],
+    'exposedHeaders' => [],
+    'maxAge' => 0,
+
+];
@@ -87,12 +87,14 @@ return [
                //'exclude_tables' => ['table1', 'table2'],
                //'add_extra_option' => '--optionname=optionvalue',
            ],
-            'options' => (env('DB_SSL')) ? [
-                PDO::MYSQL_ATTR_SSL_KEY    => env('DB_SSL_KEY_PATH'),  // /path/to/key.pem
-                PDO::MYSQL_ATTR_SSL_CERT   => env('DB_SSL_CERT_PATH'), // /path/to/cert.pem
-                PDO::MYSQL_ATTR_SSL_CA     => env('DB_SSL_CA_PATH'),   // /path/to/ca.pem
-                PDO::MYSQL_ATTR_SSL_CIPHER => env('DB_SSL_CIPHER')
-            ] : []
+            'options' => (env('DB_SSL')) ? ((env('DB_SSL_IS_PAAS')) ? [
+                PDO::MYSQL_ATTR_SSL_CA                  => env('DB_SSL_CA_PATH'),   // /path/to/ca.pem
+            ] : [
+                PDO::MYSQL_ATTR_SSL_KEY                 => env('DB_SSL_KEY_PATH'),  // /path/to/key.pem
+                PDO::MYSQL_ATTR_SSL_CERT                => env('DB_SSL_CERT_PATH'), // /path/to/cert.pem
+                PDO::MYSQL_ATTR_SSL_CA                  => env('DB_SSL_CA_PATH'),   // /path/to/ca.pem
+                PDO::MYSQL_ATTR_SSL_CIPHER              => env('DB_SSL_CIPHER')
+            ]) : []
        ],

        'pgsql' => [
@@ -1,10 +1,10 @@
 <?php
 return array (
-  'app_version' => 'v4.7.5',
-  'full_app_version' => 'v4.7.5 - build 4137-g55ee90b25',
-  'build_version' => '4137',
+  'app_version' => 'v4.9.0',
+  'full_app_version' => 'v4.9.0 - build 4210-g8b2f8ef3c',
+  'build_version' => '4210',
  'prerelease_version' => '',
-  'hash_version' => 'g55ee90b25',
-  'full_hash' => 'v4.7.5-18-g55ee90b25',
+  'hash_version' => 'g8b2f8ef3c',
+  'full_hash' => 'v4.9.0-21-g8b2f8ef3c',
  'branch' => 'master',
-);
+);
@@ -10,7 +10,7 @@
    "production": "cross-env NODE_ENV=production node_modules/webpack/bin/webpack.js --progress --hide-modules --config=node_modules/laravel-mix/setup/webpack.config.js "
  },
  "devDependencies": {
-    "axios": "^0.16.2",
+    "axios": ">=0.18.1",
    "babel-preset-latest": "^6.24.1",
    "cross-env": "^5.0.5",
    "jquery": "^3.1.1",
@@ -0,0 +1,22 @@
+<?php
+
+return array(
+    'about_accessories_title' 			=> 'Amdan Ategolion',
+    'about_accessories_text'  			=> 'Mae ategolion yn unrhyw offer sydd yn cael eu ddosbarthu i defnyddwyr ond ddim hefo rhif cofrestru. (Neu nid oes angen tracio). Er enghraifft, llygod, ategolion.',
+    'accessory_category' 				=> 'Categori Ategolyn',
+    'accessory_name'  					=> 'Enw Ategolyn',
+    'checkout'  							=> 'Cofnodi ategolyn allan',
+    'checkin'  							=> 'Cofnodi ategolyn i fewn',
+    'create'  							=> 'Creu Ategolyn',
+    'edit'  							=> 'Golygu Ategolyn',
+    'eula_text'							=> 'Categori CTDT',
+    'eula_text_help'					=> 'Mae\'r blwch yma yn caniatau i chi addasu eich CTDTs ar gyfer mathau penodol o asedau. Os ydych yn defnyddio un CTDT ar gyfer eich asedau yna cewch ticio\'r blwch isod i defnyddio\'r fersiwn diofyn.',
+    'require_acceptance'				=> 'Gorfodi defnyddwyr i cadarnhau derbyn asedau yn y categori yma.',
+    'no_default_eula'					=> 'Wedi methu darganfod CTDT, Ychwanegwch un yn gosodiadau.',
+    'total'  							=> 'Cyfanswm',
+    'remaining'  						=> 'Yn weddill',
+    'update'  							=> 'Diweddaru Ategolyn',
+    'use_default_eula'					=> 'Defnyddio\'r <a href="#" data-toggle="modal" data-target="#eulaModal">prif CTDT diofyn</a> yn lle.',
+    'use_default_eula_disabled'			=> '<del>Defnyddio\'r CTDT diofn yn lle\'r un presennol.</del>Nid oes prif CTDT diofyn wedi gosod. Ychwanegwch un yn gosodiadau os gwelwch yn dda.',
+
+);
@@ -0,0 +1,37 @@
+<?php
+
+return array(
+
+    'does_not_exist' => 'Nid yw\'r ategolyn yn bodoli.',
+    'assoc_users'	 => 'Mae\'r ategolyn yma hefo :count eitem wedi nodi allan i defnyddwyr. Nodwch yr ategolion yn ol i fewn ac yna ceisiwch eto. ',
+
+    'create' => array(
+        'error'   => 'Ni crewyd yr ategolyn, ceisiwch eto o.g.y.dd.',
+        'success' => 'Ategolyn wedi creu yn llwyddiannus.'
+    ),
+
+    'update' => array(
+        'error'   => 'Ni diweddarwyd yr ategolyn, ceisiwch eto o.g.y.dd',
+        'success' => 'Diweddarwyd yr ategolyn yn llwyddiannus.'
+    ),
+
+    'delete' => array(
+        'confirm'   => 'Ydych chi\'n sicr eich bod eisiau dileu\'r eitem hwn?',
+        'error'   => 'Nid oedd yn bosib dileu\'r eitem. Ceisiwch eto o.g.y.dd.',
+        'success' => 'Ategolyn wedi dileu yn llwyddiannus.'
+    ),
+
+     'checkout' => array(
+        'error'   		=> 'Ategolyn heb ei nodi allan, ceisiwch eto o. g. y. dd',
+        'success' 		=> 'Ategolyn wedi nodi allan yn llwyddiannus.',
+        'user_does_not_exist' => 'Nid yw\'r defnyddiwr yna yn ddilys. Ceisiwch eto o.g.y.dd.'
+    ),
+
+    'checkin' => array(
+        'error'   		=> 'Nid oedd yn bosib nodi\'r ategolyn i fewn, ceisiwch eto o.g.y.dd',
+        'success' 		=> 'Ategolyn wedi nodi i fewn yn llwyddiannus.',
+        'user_does_not_exist' => 'Nid yw\'r defnyddiwr yna yn ddilys. Ceisiwch eto o.g.y.dd.'
+    )
+
+
+);
@@ -0,0 +1,11 @@
+<?php
+
+return array(
+	'dl_csv'      				=> 'Lawrlwytho CSV',
+	'eula_text'      			=> 'CTDT',
+    'id'      					=> 'Rhif Unigryw',
+    'require_acceptance'      	=> 'Derbyn',
+    'title'      				=> 'Enw Ategolyn',
+
+
+);
@@ -0,0 +1,14 @@
+<?php
+
+    return [
+        'asset_maintenance_type' => 'Manylion Cynnal a Chadw',
+        'title'                  => 'Teitl',
+        'start_date'             => 'Wedi cychwyn',
+        'completion_date'        => 'Wedi cwbwlhau',
+        'cost'                   => 'Cost',
+        'is_warranty'            => 'Gwelliant Gwarant',
+        'asset_maintenance_time' => 'Dyddiau',
+        'notes'                  => 'Nodiadau',
+        'update'                 => 'Diweddaru',
+        'create'                 => 'Creu'
+    ];
@@ -0,0 +1,11 @@
+<?php
+
+    return [
+        'asset_maintenances' => 'Cynnal a chadw Ased',
+        'edit'               => 'Golygu Cynnal a Chadw Ased',
+        'delete'             => 'Dileu Cynnal a Chadw Ased',
+        'view'               => 'Gweld manylder Cynnal a Chadw Ased',
+        'repair'             => 'Trwsio',
+        'maintenance'        => 'Cynnal a Chadw',
+        'upgrade'            => 'Uwchraddio'
+    ];
@@ -0,0 +1,21 @@
+<?php
+
+    return [
+        'not_found'                    => 'Ni ddarganfuwyd cofnod Cynnal a Chadw Ased yr oeddech yn edrych amdan!',
+        'delete'                       => [
+            'confirm' => 'Ydych chi\'n sicr eich bod eisiau dileu\'r cofnod cynnal a chadw yma?',
+            'error'   => 'Nid oedd yn bosib dileu\'r nodyn cynnal a chadw. Ceisiwch eto o.g.y.dd.',
+            'success' => 'Nodyn cynnal a chadw wedi\'i dileu\'n llwyddiannus.'
+        ],
+        'create'                       => [
+            'error'   => 'Ni crewyd y cofnod cynnal a chadw, ceisiwch eto o.g.y.dd.',
+            'success' => 'Nodyn cynnal a chadw wedi\'i greu\'n llwyddiannus.'
+        ],
+        'edit'                       => [
+            'error'   => 'Wedi methu newid y cofnod cynnal a chadw, ceisiwch eto o.g.y.dd.',
+            'success' => 'Nodyn cynnal a chadw wedi\'i diweddaru\'n llwyddiannus.'
+        ],
+        'asset_maintenance_incomplete' => 'Heb cwbwlhau eto',
+        'warranty'                     => 'Warant',
+        'not_warranty'                 => 'Dim Warant',
+    ];
@@ -0,0 +1,8 @@
+<?php
+
+    return [
+        'title'         => 'Cynnal a chadw Ased',
+        'asset_name'    => 'Enw Ased',
+        'is_warranty'   => 'Warant',
+        'dl_csv'        => 'Lawrlwytho CSV'
+    ];
@@ -0,0 +1,24 @@
+<?php
+
+return array(
+    'about_categories_title' 			=> 'Amdan Categoriau',
+    'about_categories'  				=> 'Mae categoriau yn cynorthwyo chi i cadw trefn ar eich eitemau. Enghreifftiau o categoriau yw &quot;Cyfrifiadur pen-bwrdd&quot;, &quot;Gliniadur&quot;, &quot;Ffôn Symudol&quot;, &quot;Tabledi&quot;, ac yn y blaen, ond cewch gosod rhain yn ol eich angen.',
+    'asset_categories' 					=> 'Categoriau Asedau',
+    'category_name'  					=> 'Enw categori',
+    'checkin_email'                     => 'Gyrru ebost i defnyddiwr wrth nodi fewn/allan.',
+    'checkin_email_notification'        => 'Fe geith y defnyddiwr yma ebost wrth nodi i fewn/allan.',
+    'clone'                             => 'Dyblygu Categori',
+    'create'  							=> 'Creu Categori Newydd',
+    'edit'                              => 'Golygu Categori',
+    'eula_text'							=> 'CTDT Categori',
+    'eula_text_help'					=> 'Mae\'r blwch yma yn caniatau i chi addasu eich CTDTs ar gyfer mathau penodol o asedau. Os ydych yn defnyddio un CTDT ar gyfer eich asedau yna cewch ticio\'r blwch isod i defnyddio\'r fersiwn diofyn.',
+    'name'                              => 'Enw\'r categori',
+    'require_acceptance'				=> 'Gorfodi defnyddwyr i cadarnhau derbyn asedau yn y categori yma.',
+    'required_acceptance'				=> 'Fe geith y defnyddiwr yma ebost hefo linc i cofnodi derbyn yr eitem yma.',
+    'required_eula'						=> 'Fe geith y defnyddiwr yma copi o\'r CTDT trwy ebost',
+    'no_default_eula'					=> 'Wedi methu darganfod CTDT, Ychwanegwch un yn gosodiadau.',
+    'update'  							=> 'Diweddaru Categori',
+    'use_default_eula'					=> 'Defnyddio\'r <a href="#" data-toggle="modal" data-target="#eulaModal">prif CTDT diofyn</a> yn lle.',
+    'use_default_eula_disabled'			=> '<del>Defnyddio\'r CTDT diofyn yn lle\'r un presennol.</del>Nid oes prif CTDT diofyn wedi gosod. Ychwanegwch yn ynj gosodiadau os gwelwch yn dda.',
+
+);
@@ -0,0 +1,25 @@
+<?php
+
+return array(
+
+    'does_not_exist' => 'Categori ddim yn bodoli.',
+    'assoc_models'	 => 'Mae\'r categori yma wedi perthnasu i oleiaf un model a nid yw\'n bosib dileu. Diweddarwch eich modelau i beidio cyfeirio at y categori yma ac yna ceisiwch eto. ',
+    'assoc_items'	 => 'Mae\'r categori yma wedi perthnasu i :asset_type a nid yw\'n bosib dileu. Diweddarwch eich :asset_type i beidio cyfeirio at y categori yma ac yna ceisiwch eto. ',
+
+    'create' => array(
+        'error'   => 'Ni crewyd y categori, ceisiwch eto o. g. y. dd.',
+        'success' => 'Categori wedi creu\'n llwyddiannus.'
+    ),
+
+    'update' => array(
+        'error'   => 'Ni diweddarwyd y categori, ceisiwch eto o. g. y. dd',
+        'success' => 'Categori wedi diweddaru\'n llwyddiannus.'
+    ),
+
+    'delete' => array(
+        'confirm'   => 'Ydych chi\'n siwr eich bod eisiau dileu\'r categori yma?',
+        'error'   => 'Nid oedd yn bosib dileu\'r categori. Ceisiwch eto o.g.y.dd.',
+        'success' => 'Categori wedi dileu\'n llwyddiannus.'
+    )
+
+);
@@ -0,0 +1,10 @@
+<?php
+
+return array(
+	'eula_text'      			=> 'CTDT',
+    'id'      					=> 'Rhif Unigryw',
+    'parent'   					=> 'Rhiant',
+    'require_acceptance'      	=> 'Derbyn',
+    'title'      				=> 'Enw Categori Ased',
+
+);
@@ -0,0 +1,6 @@
+<?php
+return [
+    'about_companies_title'            => 'Amdan Cwmniau',
+    'about_companies_text'                  => 'Defnyddir cwmniau fel maes syml, neu i rheoli mynediad at grwpiau o offer, defnyddwyr os ydi cefnogaeth cwmniau wedi alluogi.',
+    'select_company' => 'Dewis Cwmni',
+];
@@ -0,0 +1,18 @@
+<?php
+return array(
+    'does_not_exist' => 'Nid ywr cwmni\'n bodoli.',
+    'assoc_users'    => 'Mae\'r cwmni yma wedi perthnasu i oleiaf un model a nid yw\'n bosib dileu. Diweddarwch eich modelau i beidio cyfeirio at y cwmni yma ac yna ceisiwch eto. ',
+    'create' => array(
+        'error'   => 'Ni crewyd y cwmni, ceisiwch eto o. g. y. dd.',
+        'success' => 'Cwmni wedi creu yn llwyddiannus.'
+    ),
+    'update' => array(
+        'error'   => 'Ni diweddarwyd y cwmni, ceisiwch eto o. g. y. dd',
+        'success' => 'Cwmni wedi diweddaru\'n llwyddiannus.'
+    ),
+    'delete' => array(
+        'confirm' => 'Ydych chi\'n siwr eich bod eisiau dileu\'r cwmni yma?',
+        'error'   => 'Nid oedd yn bosib dileu\'r cwmni. Ceisiwch eto o. g. y. dd.',
+        'success' => 'Cwmni wedi dileu\'n llwyddiannus.'
+    )
+);
@@ -0,0 +1,9 @@
+<?php
+return array(
+    'companies' => 'Cwmniau',
+    'create'    => 'Creu Cwmni',
+    'title'     => 'Cwmni',
+    'update'    => 'Diweddaru Cwmni',
+    'name'      => 'Enw Cwmni',
+    'id'        => 'Rhif Unigryw',
+);
@@ -0,0 +1,17 @@
+<?php
+
+return array(
+    'about_components_title' 			=> 'Amdan Cydranau',
+    'about_components_text'  			=> 'Mae cydrannau yn darnau sydd yn rhan o ased, er enghraifft cof, disg caled, ayyb.',
+    'component_name'                  => 'Enw Cydran',
+    'checkin'                             => 'Nodi\'r gydran allan',
+    'checkout'                             => 'Nodi\'r gydran allan',
+    'cost'				=> 'Cost pwrcasu',
+    'create'                             => 'Creu Cydran',
+    'edit'                             => 'Addasu Cydran',
+    'date'					=> 'Dyddiad Pwrcasu',
+    'order'					=> 'Rhif Archeb',
+    'remaining' 			             => 'Yn weddill',
+    'total' 			                 => 'Cyfanswm',
+    'update'                            => 'Diweddaru Cydran',
+);
@@ -0,0 +1,36 @@
+<?php
+
+return array(
+
+    'does_not_exist' => 'Nid ywr cydran yn bodoli.',
+
+    'create' => array(
+        'error'   => 'Ni crewyd y cydran, ceisiwch eto o. g. y. dd.',
+        'success' => 'Cydran wedi creu yn llwyddiannus.'
+    ),
+
+    'update' => array(
+        'error'   => 'Ni ddiweddarwyd y cydran, ceisiwch eto o. g. y. dd',
+        'success' => 'Diweddarwyd y gydran yn llwyddiannus.'
+    ),
+
+    'delete' => array(
+        'confirm'   => 'Ydych chi\'n siwr eich bod eisiau dileu\'r cydran yma?',
+        'error'   => 'Nid oedd yn bosib dileu\'r cydran. Ceisiwch eto o. g. y. dd.',
+        'success' => 'Cydran wedi dileu\'n llwyddiannus.'
+    ),
+
+     'checkout' => array(
+        'error'   		=> 'Cydran heb ei nodi allan, ceisiwch eto o. g. y. dd',
+        'success' 		=> 'Cydran wedi nodi allan yn llwyddiannus.',
+        'user_does_not_exist' => 'Nid yw\'r defnyddiwr yna yn ddilys. Ceisiwch eto o. g. y. dd.'
+    ),
+
+    'checkin' => array(
+        'error'   		=> 'Cydran heb ei nodi i fewn, ceisiwch eto o. g. y. dd',
+        'success' 		=> 'Cydran wedi nodi i fewn yn llwyddiannus.',
+        'user_does_not_exist' => 'Nid yw\'r defnyddiwr yna yn ddilys. Ceisiwch eto o. g. y. dd.'
+    )
+
+
+);
@@ -0,0 +1,5 @@
+<?php
+
+return array(
+    'title'      				=> 'Enw Cydran',
+);
@@ -0,0 +1,13 @@
+<?php
+
+return array(
+    'about_consumables_title' 			=> 'Amdan Nwyddau Traul',
+    'about_consumables_text'  			=> 'Mae unrhwy eitem sydd yn cael eu defnyddio i fyny dros amser yn nwydd traul. Er enghraifft, inc neu paper argraffydd.',
+    'checkout'                          => 'Nodi nwydd traul allan i defnyddiwr',
+    'consumable_name'                   => 'Enw nwydd traul',
+    'create'                            => 'Creu nwydd traul',
+    'item_no'                           => 'Rhif eitem.',
+    'remaining' 			            => 'Yn weddill',
+    'total' 			                => 'Cyfanswm',
+    'update'                            => 'Diweddaru nwydd traul',
+);
@@ -0,0 +1,36 @@
+<?php
+
+return array(
+
+    'does_not_exist' => 'Nid yw\'r nwydd traul yn bodoli.',
+
+    'create' => array(
+        'error'   => 'Ni crewyd y nwydd traul, ceisiwch eto o. g. y. dd.',
+        'success' => 'Nwydd traul wedi creu yn llwyddiannus.'
+    ),
+
+    'update' => array(
+        'error'   => 'Ni diweddarwyd y nwydd traul, ceisiwch eto o. g. y. dd',
+        'success' => 'Nwydd traul wedi diweddaru\'n llwyddiannus.'
+    ),
+
+    'delete' => array(
+        'confirm'   => 'Ydych chi\'n siwr eich bod eisiau dileu\'r nwydd traul yma?',
+        'error'   => 'Nid oedd yn bosib dileu\'r nwydd traul. Ceisiwch eto o. g. y. dd.',
+        'success' => 'Nwydd traul wedi dileu\'n llwyddiannus.'
+    ),
+
+     'checkout' => array(
+        'error'   		=> 'Nwydd traul heb ei nodi allan, ceisiwch eto o. g. y. dd',
+        'success' 		=> 'Nwydd traul wedi nodi allan yn llwyddiannus.',
+        'user_does_not_exist' => 'Nid yw\'r defnyddiwr yna yn ddilys. Ceisiwch eto o. g. y. dd.'
+    ),
+
+    'checkin' => array(
+        'error'   		=> 'Nwydd traul heb ei nodi i fewn, ceisiwch eto o. g. y. dd',
+        'success' 		=> 'Nwydd traul wedi nodi i fewn yn llwyddiannus.',
+        'user_does_not_exist' => 'Nid yw\'r defnyddiwr yna yn ddilys. Ceisiwch eto o. g. y. dd.'
+    )
+
+
+);
@@ -0,0 +1,5 @@
+<?php
+
+return array(
+    'title'      				=> 'Enw nwydd traul',
+);
@@ -0,0 +1,32 @@
+<?php
+
+return array(
+    'custom_fields'		        => 'Meysydd addasedig',
+    'field'		                => 'Meysydd',
+    'about_fieldsets_title'		=> 'Amdan grwpiau meysydd',
+    'about_fieldsets_text'		=> 'Mae grwpiau meysydd yn caniatau i chi creu grwpiau o meysydd addasedig sydd yn cael ei defnyddio yn amal ar gyfer mathau penodol o asedau.',
+    'custom_format'             => 'Fformat Regex addasedig...',
+    'encrypt_field'      	        => 'Hamcryptio gwerth y maes yma yn y basdata',
+    'encrypt_field_help'      => 'RHYBUDD: Mae hamcryptio maes yn feddwl nid oes modd chwilio amdano.',
+    'encrypted'      	        => 'Wedi hamcryptio',
+    'fieldset'      	        => 'Setiau maes',
+    'qty_fields'      	      => 'Nifer o meysydd',
+    'fieldsets'      	        => 'Setiau maes',
+    'fieldset_name'           => 'Enw set maes',
+    'field_name'              => 'Enw maes',
+    'field_values'            => 'Gwerthoedd maes',
+    'field_values_help'       => 'Ychwanegwch opsiynau selectable, un fesul llinell. Anwybyddir llinellau gwag heblaw\'r llinell gyntaf.',
+    'field_element'           => 'Ffurf Elfen',
+    'field_element_short'     => 'Elfen',
+    'field_format'            => 'Fformat',
+    'field_custom_format'     => 'Fformat Regex addasedig',
+    'field_custom_format_help'     => 'Mae\'r maes hwn yn caniatáu ichi ddefnyddio mynegiad regex i\'w ddilysu. Dylai ddechrau gyda "regex:" - er enghraifft, i ddilysu bod gwerth maes arferiad yn cynnwys IMEI dilys (15 digid rhifol), byddech chi\'n defnyddio <code>regex:/^[0-9]{15}$/</code>.',
+    'required'   		          => 'Gofynnol',
+    'req'   		              => 'Angen.',
+    'used_by_models'   		    => 'Defnyddir gan modelau',
+    'order'   		            => 'Trefn',
+    'create_fieldset'         => 'Set maes newydd',
+    'create_field'            => 'Maes Addasedig newydd',
+    'value_encrypted'      	        => 'Mae gwerth y maes hwn wedi\'i amgryptio yn y gronfa ddata. Dim ond defnyddwyr gweinyddol fydd yn gallu gweld y gwerth wedi\'i ddadgryptio',
+    'show_in_email'     => 'Cynnwys gwerth y maes hwn mewn e-byst talu a anfonir at y defnyddiwr? Ni ellir cynnwys meysydd wedi\'u hamgryptio mewn e-byst.',
+);
@@ -0,0 +1,57 @@
+<?php
+
+return array(
+
+    'field' => array(
+        'invalid'   => 'Nid yw\'r maes yn bodoli.',
+        'already_added'   => 'Maes eisoes yn bodoli',
+
+        'create' => array(
+            'error'   => 'Ni crewyd y maes, ceisiwch eto o. g. y. dd.',
+            'success' => 'Maes wedi creu yn llwyddiannus.',
+            'assoc_success' => 'Maes wedi ychwanegu\'n llwyddiannus ir set maes.'
+        ),
+
+        'update' => array(
+            'error'   => 'Ni diweddarwyd y maes, ceisiwch eto o. g. y. dd',
+            'success' => 'Maes wedi diweddaru\'n llwyddiannus.'
+        ),
+
+        'delete' => array(
+            'confirm'   	=> 'Ydych chi\'n siwr eich bod eisiau dileu\'r maes yma?',
+            'error'   => 'Nid oedd yn bosib dileu\'r maes. Ceisiwch eto o. g. y. dd.',
+            'success' => 'Maes wedi dileu\'n llwyddiannus.',
+            'in_use'   => 'Maes mewn defnydd.',
+        )
+
+    ),
+
+    'fieldset' => array(
+
+        'does_not_exist' => 'Nid yw\'r set maes yn bodoli',
+
+        'create' => array(
+            'error'   => 'Ni crewyd y set maes, ceisiwch eto o. g. y. dd.',
+            'success' => 'Set maes wedi creu yn llwyddiannus.'
+        ),
+
+        'update' => array(
+            'error'   => 'Ni diweddarwyd y set maes, ceisiwch eto o. g. y. dd',
+            'success' => 'Set maes wedi diweddaru\'n llwyddiannus.'
+        ),
+
+        'delete' => array(
+            'confirm'   	=> 'Ydych chi\'n siwr eich bod eisiau dileu\'r set maes yma?',
+            'error'   => 'Nid oedd yn bosib dileu\'r set maes. Ceisiwch eto o. g. y. dd.',
+            'success' => 'Set maes wedi dileu\'n llwyddiannus.',
+            'in_use'   => 'Set maes mewn defnydd.',
+        )
+
+    ),
+
+
+
+
+
+
+);
@@ -0,0 +1,21 @@
+<?php
+
+return array(
+
+    'does_not_exist' => 'Nid yw\'r adran yn bodoli.',
+    'assoc_users'	 => 'Mae\'r adran yma wedi perthnasu i oleiaf un defnyddiwr a nid yw\'n bosib dileu. Diweddarwch eich defnyddwyr i beidio cyfeirio at yr adran yma ac yna ceisiwch eto. ',
+    'create' => array(
+        'error'   => 'Ni crewyd yr adran, ceisiwch eto o. g. y. dd.',
+        'success' => 'Adran wedi creu yn llwyddiannus.'
+    ),
+    'update' => array(
+        'error'   => 'Ni diweddarwyd yr adran, ceisiwch eto o. g. y. dd',
+        'success' => 'Adran wedi diweddaru\'n llwyddiannus.'
+    ),
+    'delete' => array(
+        'confirm'   	=> 'Ydych chi\'n sicr eich bod eisiau dileu\'r adran yma?',
+        'error'   => 'Nid oedd yn bosib dileu\'r adran. Ceisiwch eto o. g. y. dd.',
+        'success' => 'Adran wedi dileu\'n llwyddiannus.'
+    )
+
+);
@@ -0,0 +1,11 @@
+<?php
+
+return array(
+
+    'id'                        => 'Rhif Unigryw',
+    'name'                      => 'Enw Adran',
+    'manager'                   => 'Rheolwr',
+    'location'                  => 'Lleoliad',
+    'create'                    => 'Creu Adran',
+    'update'                    => 'Diweddaru Adran',
+    );
@@ -0,0 +1,12 @@
+<?php
+
+return array(
+    'about_asset_depreciations'  			=> 'Amdan Dibrisiant Asedau',
+    'about_depreciations'  					=> 'Cewch creu mathau o dibrisiant i dibrisio asedau yn seiliedig ar dibrisiant llinell syth.',
+    'asset_depreciations'  					=> 'Dibrisiant Asedau',
+    'create'  					            => 'Creu Dibrisiant',
+    'depreciation_name'  					=> 'Enw Dibrisiant',
+    'number_of_months'  					=> 'Nifer o Fisoedd',
+    'update'  					            => 'Diweddaru Dibrisiant',
+
+);
@@ -0,0 +1,25 @@
+<?php
+
+return array(
+
+    'does_not_exist' => 'Nid yw\'r dosbarth yma o dibrsiant yn bodoli.',
+    'assoc_users'	 => 'Mae\'r dibrisiantyma wedi perthnasu hefo un neu mwy o modelau a nid oes modd i\'w dileu. Fydd rhaid dileu\'r modelau ac yna trio eto. ',
+
+
+    'create' => array(
+        'error'   => 'Ni crewyd y dosbarth dibrisiant, ceisiwch eto o. g. y. dd. :(',
+        'success' => 'Dosbarth dibrisiant wedi\'i creu yn llwyddiannus. :)'
+    ),
+
+    'update' => array(
+        'error'   => 'Ni diweddarwyd y dosbarth dibrisiant, ceisiwch eto o. g. y. dd',
+        'success' => 'Dosbarth dibrisiant wedi\'i diweddaru yn llwyddiannus.'
+    ),
+
+    'delete' => array(
+        'confirm'   => 'Ydych chi\'n siwr eich bod eisiau dileu\'r dosbarth dibrisiant yma?',
+        'error'   => 'Nid oedd yn bosib dileu\'r dosbarth dibrisiant. Ceisiwch eto o. g. y. dd.',
+        'success' => 'Dosbarth dibrisiant wedi\'i dileu yn llwyddiannus.'
+    )
+
+);
@@ -0,0 +1,10 @@
+<?php
+
+return array(
+
+    'id'      => 'Rhif Unigryw',
+    'months'   => 'Misoedd',
+    'term'   => 'Cyfnod',
+    'title'      => 'Enw ',
+
+);
@@ -0,0 +1,22 @@
+<?php
+
+return array(
+
+    'group_exists'        => 'Grwp yn bodoli yn barod!',
+    'group_not_found'     => 'Nid yw grwp [:id] yn bodoli.',
+    'group_name_required' => 'Mae angen llenwi\'r maes enw',
+
+    'success' => array(
+        'create' => 'Wedi llwyddo i creu\'r grwp.',
+        'update' => 'Wedi llwyddo i diweddaru\'r grwp.',
+        'delete' => 'Wedi llwyddo i dileu\'r grwp.',
+    ),
+
+    'delete' => array(
+        'confirm'   => 'Ydych chi\'n sicr eich bod eisiau dileu\'r grwp yma?',
+        'create' => 'Roedd problem wrth ceisio creu\'r grwp. Ceisiwch eto o. g. y. dd.',
+        'update' => 'Roedd problem wrth ceisio diweddaru\'r grwp. Ceisiwch eto o. g. y. dd.',
+        'delete' => 'Roedd problem wrth ceisio dileu\'r grwp. Ceisiwch eto o. g. y. dd.',
+    ),
+
+);
@@ -0,0 +1,9 @@
+<?php
+
+return array(
+
+    'id'         => 'Rhif Unigryw',
+    'name'       => 'Enw',
+    'users'      => '# o defnyddwyr',
+
+);
@@ -0,0 +1,14 @@
+<?php
+
+return array(
+    'about_groups_title'            => 'Amdan Grwpiau',
+    'about_groups'                  => 'Defnyddir grwpiau i gosod hawliau defnyddwyr.',
+    'group_management' 	 	=> 'Rheoli Grwpiau',
+    'create' 	 	 	    => 'Creu Grwp Newydd',
+    'update' 	 		        => 'Addasu Grwp',
+    'group_name' 	 		=> 'Enw Grwp',
+    'group_admin' 	 		=> 'Gweinyddwr Grwp',
+    'allow' 	 			=> 'Caniatau',
+    'deny' 	 				=> 'Gwrthod',
+
+);
@@ -0,0 +1,44 @@
+<?php
+
+return array(
+	'bulk_delete'		=> 'Cadarnahu Dileu Nifer o Asedau',
+  'bulk_delete_help'	=> 'Adolygwch yr asedau ar gyfer dileu isod. Ar ôl eu dileu, gellir adfer yr asedau hyn, ond ni fyddant yn gysylltiedig mwyach ag unrhyw ddefnyddwyr y maent wedi\'u neilltuo iddynt ar hyn o bryd.',
+  'bulk_delete_warn'	=> 'Rydych am dileu :asset_count assets.',
+	'bulk_update'		=> 'Diweddaru Nifer o Asedau',
+	'bulk_update_help'	=> 'Mae\'r ffurflen hon yn caniatáu ichi ddiweddaru nifer o asedau ar unwaith. Llenwch y meysydd sydd angen i chi eu newid yn unig. Bydd unrhyw bwlch a adewir yn wag yn aros yr un fath. ',
+	'bulk_update_warn'	=> 'Rydych am newid manylder am :asset_count o asedau.',
+    'checkedout_to'		=> 'Wedi aseinio i',
+    'checkout_date'		=> 'Dyddiad allan',
+    'checkin_date'		=> 'Dyddian i mewn',
+    'checkout_to'		=> 'Dynodi i',
+    'cost'				=> 'Cost pwrcasu',
+    'create'			=> 'Creu Ased',
+    'date'				=> 'Dyddiad Pwrcasu',
+    'depreciation'	    => 'Dibrisiant',
+    'depreciates_on'	=> 'Dibrisio Ar',
+    'default_location'	=> 'Lleoliad diofyn',
+    'eol_date'			=> 'Dyddiad DB',
+    'eol_rate'			=> 'Cyfradd DB',
+    'expected_checkin'  => 'Dyddiad disgwl i mewn',
+    'expires'			=> 'Dod i ben',
+    'fully_depreciated'	=> 'Dibrisiant Llwyr',
+    'help_checkout'		=> 'Os ydych chi am aseinio\'r ased hwn ar unwaith, dewiswch "Barod i\'w Ddefnyddio" o\'r rhestr statws uchod. ',
+    'mac_address'		=> 'Cyfeiriad MAC',
+    'manufacturer'		=> 'Gwneuthyrwr',
+    'model'				=> 'Model',
+    'months'			=> 'misoedd',
+    'name'				=> 'Enw Ased',
+    'notes'				=> 'Nodiadau',
+    'order'				=> 'Rhif Archeb',
+    'qr'				=> 'Côd QR',
+    'requestable'		=> 'Gellir ddefnyddwyr gwneud cais am yr ased yma',
+    'select_statustype'	=> 'Dewis Math o Statws',
+    'serial'			=> 'Serial',
+    'status'			=> 'Statws',
+    'tag'				=> 'Tag Ased',
+    'update'			=> 'Diweddaru Ased',
+    'warranty'			=> 'Warant',
+		'warranty_expires'		=> 'Warrant yn dod I ben',
+    'years'				=> 'blynyddoedd',
+)
+;
@@ -0,0 +1,22 @@
+<?php
+
+return array(
+    'about_assets_title'           => 'Amdan Asedau',
+    'about_assets_text'            => 'Mae asedau wedi tracio trwy rhif cofrestru neu rhif ased. Maen yn tueddu fod yn eitemau gwerthfawr lle mae adnabod offer penodol yn bwysig.',
+	'archived'  				=> 'Archifwyd',
+    'asset'  					=> 'Ased',
+    'bulk_checkout'             => 'Nodi Asedau Allan',
+    'checkin'  					=> 'Nodi Asedau I Mewn',
+    'checkout'  				=> 'Nodi Asedau Allan',
+    'clone'  					=> 'Dyblygu Ased',
+    'deployable'  				=> 'Gellir ei ddefnyddio',
+    'deleted'  					=> 'Mae\'r ased yma wedi dileu. <a href="/hardware/:asset_id/restore">Cliciwch yma i\'w adfer</a>.',
+    'edit'  					=> 'Addasu Ased',
+    'model_deleted'  			=> 'Mae\'r model yma o ased wedi\'i dileu. Rhaid i chi adfer y model cyn fedrwch chi adfer y\'r ased. <br/> <a href="/hardware/models/:model_id/restore">Cliciwch yma i adfer yr ased</a>.',
+    'requestable'               => 'Ar gael',
+    'requested'				    => 'Gofynnwyd amdano',
+    'restore'  					=> 'Adfer Ased',
+    'pending'  					=> 'Yn disgwl',
+    'undeployable'  			=> 'Dim ar gael',
+    'view'  					=> 'Gweld Ased',
+);
@@ -0,0 +1,83 @@
+<?php
+
+return array(
+
+    'undeployable' 		=> '<strong> Rhybudd: </strong> Mae\'r ased hwn wedi\'i nodi fel un na ellir ei ddefnyddio ar hyn o bryd.
+                        Os yw\'r statws hwn wedi newid, diweddarwch statws yr ased.',
+    'does_not_exist' 	=> 'Nid yw\'r ased yn bodoli.',
+    'does_not_exist_or_not_requestable' => 'Ymdrech da. Nid yw\'r ased yma yn bodoli neu ar gael.',
+    'assoc_users'	 	=> 'Ar hyn o bryd mae\'r ased yma allan gan ddefnyddiwr ac ni ellir ei ddileu. Cofnodwch yr ased yn ol i fewn yn gyntaf, ac yna ceisiwch ei ddileu eto. ',
+
+    'create' => array(
+        'error'   		=> 'Ni crewyd yr ased, ceisiwch eto o. g. y. dd. :(',
+        'success' 		=> 'Ased wedi creu yn llwyddiannus. :)'
+    ),
+
+    'update' => array(
+        'error'   			=> 'Ni diweddarwyd yr assed, ceisiwch eto o. g. y. dd',
+        'success' 			=> 'Ased wedi diweddaru\'n llwyddiannus.',
+        'nothing_updated'	=>  'Dim newid mewn manylder, felly dim byd wedi\'i diweddaru.',
+    ),
+
+    'restore' => array(
+        'error'   		=> 'Nid oedd yn bosib adfer yr ased, ceisiwch eto o. g. y. dd',
+        'success' 		=> 'Ased wedi adfer yn llwyddiannus.'
+    ),
+
+    'audit' => array(
+        'error'   		=> 'Roedd archwiliad asedau yn aflwyddiannus. Ceisiwch eto o. g. y. dd.',
+        'success' 		=> 'Cofnodwyd archwiliad asedau yn llwyddiannus.'
+    ),
+
+
+    'deletefile' => array(
+        'error'   => 'Ffeil heb ei ddileu. Ceisiwch eto o.g.y.dd.',
+        'success' => 'Ffeil wedi dileu yn llwyddiannus.',
+    ),
+
+    'upload' => array(
+        'error'   => 'Ffeil(iau) heb ei uwchlwytho. Ceisiwch eto o. g. y. dd.',
+        'success' => 'Ffeil(iau) wedi uwchlwytho yn llwyddiannus.',
+        'nofiles' => 'Ni wnaethoch chi ddewis unrhyw ffeiliau i\'w uwchlwytho, neu mae\'r ffeil rydych chi\'n ceisio ei huwchlwytho yn rhy fawr',
+        'invalidfiles' => 'Mae un neu mwy o\'r ffeiliau unai yn rhy fawr neu ddim y math cywir. Derbynir png, gif, fjp, doc, docx, pdf a txt.',
+    ),
+
+    'import' => array(
+        'error'                 => 'Rhai eitemau heb ei mewnforio\'n gywir.',
+        'errorDetail'           => 'Ni fewnforiwyd yr eitemau canlynol oherwydd gwallau.',
+        'success'               => "Mae'ch ffeil wedi'i mewnforio",
+        'file_delete_success'   => "Mae eich ffeil wedi'i dileu yn llwyddiannus",
+        'file_delete_error'      => "Nid oedd yn bosib dileu'r ffeil",
+    ),
+
+
+    'delete' => array(
+        'confirm'   	=> 'Ydych chi\'n sicr eich bod eisiau dileu\'r ased yma?',
+        'error'   		=> 'Roedd problem wrth ceisio dileu\'r ased. Ceisiwch eto o. g. y. dd.',
+        'nothing_updated'   => 'Dim asedau wedi dewis, felly dim byd wedi\'i dileu.',
+        'success' 		=> 'Ased wedi dileu\'n llwyddiannus.'
+    ),
+
+    'checkout' => array(
+        'error'   		=> 'Ased heb ei nodi fel allan, ceisiwch eto o. g. y. dd',
+        'success' 		=> 'Ased wedi nodi fel allan yn llwyddiannus.',
+        'user_does_not_exist' => 'Nid yw\'r defnyddiwr yna yn ddilys. Ceisiwch eto o.g.y.dd.',
+        'not_available' => 'Nid yw\'r ased yma ar gael i\'w defnyddio!',
+        'no_assets_selected' => 'Rhaid i chi ddewis o leiaf un ased o\'r rhestr'
+    ),
+
+    'checkin' => array(
+        'error'   		=> 'Ased heb ei nodi i mewn, ceisiwch eto o. g. y. dd',
+        'success' 		=> 'Ased wedi nodi i mewn yn llwyddiannus.',
+        'user_does_not_exist' => 'Nid yw\'r defnyddiwr yna yn ddilys. Ceisiwch eto o. g. y. dd.',
+        'already_checked_in'  => 'Ased wedi nodi i mewn yn gywir.',
+
+    ),
+
+    'requests' => array(
+        'error'   		=> 'Nid oedd cais am yr ased, ceisiwch eto o. g. y. dd',
+        'success' 		=> 'Cais am ased yn llwyddiannus.',
+        'canceled'      => 'Wedi llwydo i canslo cais am ased'
+    )
+
+);
@@ -0,0 +1,24 @@
+<?php
+
+return array(
+
+    'asset_tag'   	=> 'Rhif Ased (tag)',
+    'asset_model'       => 'Model',
+    'book_value'  	=> 'Gwerth',
+    'change' 		=> 'Mewn/Allan',
+    'checkout_date' => 'Dyddiad Allan',
+    'checkoutto' 	=> 'Allan',
+    'diff' 			=> 'Gwahaniaeth',
+    'dl_csv' 		=> 'Lawrlwytho CSV',
+    'eol' 			=> 'DB',
+    'id'      		=> 'Rhif Unigryw',
+    'location' 		=> 'Lleoliad',
+    'purchase_cost'	=> 'Cost',
+    'purchase_date'	=> 'Dyddiad Pwrcasu',
+    'serial'   		=> 'Serial',
+    'status'   		=> 'Statws',
+    'title'      	=> 'Ased ',
+    'image'		=> 'Delwedd Dyfais',
+    'days_without_acceptance' => 'Diwrnodau Heb Derbyn'
+
+);
@@ -0,0 +1,22 @@
+<?php
+
+return array(
+
+    'asset'             => 'Ased',
+    'checkin'           => 'Nodi i mewn',
+    'create'            => 'Creu Trwydded',
+    'expiration'        => 'Dyddiad Terfynu',
+    'license_key'       => 'Goriad',
+    'maintained'        => 'Cynnal a chadw',
+    'name'              => 'Enw Meddalwedd',
+    'no_depreciation'   => 'Peidio dibrisio',
+    'purchase_order'    => 'Rhif Archeb',
+    'reassignable'      => 'Posib ail dynodi',
+    'remaining_seats'   => 'Seddi yn weddill',
+    'seats'             => 'Seddi',
+    'termination_date'  => 'Dyddiad Terfynu',
+    'to_email'          => 'Ebost wedi trwyddedu',
+    'to_name'           => 'Enw wedi trwyddedu',
+    'update'            => 'Diweddaru Trwydded',
+    'checkout_help'     => 'Fedrwch nodi trwydded allan yn erbyn ased neu person. Fedrwch dewis y ddau ond rhaid i\'r person cydfynd hefo perchenog yr ased.'
+);
@@ -0,0 +1,21 @@
+<?php
+
+return array(
+    'about_licenses_title'            => 'Amdan trwyddedau',
+    'about_licenses'                  => 'Mae trwyddedau yn tracio feddalwedd. May yna nifer o seddi fedrwch nodi yn erbyn unigolion',
+    'checkin'  					=> 'Nodi sedd trwydded i fewn',
+    'checkout_history'  		=> 'Hanes nodi allan',
+    'checkout'  				=> 'Nodi sedd trwydded allan',
+    'edit'  					=> 'Golygu Trwydded',
+    'filetype_info'				=> 'Math o ffeiliau a caniateir yw png, gif, jpg, jpeg, doc, docx, pdf, txt, zip, a rar.',
+    'clone'  					=> 'Dyblygu Trwydded',
+    'history_for'  				=> 'Hanes ar gyfer ',
+    'in_out'  					=> 'Mewn/Allan',
+    'info'  					=> 'Gwybodaeth Trwydded',
+    'license_seats'  			=> 'Seddi Trwydded',
+    'seat'  					=> 'Sedd',
+    'seats'  					=> 'Seddi',
+    'software_licenses'  		=> 'Trwyddedau Meddalwedd',
+    'user'  					=> 'Defnyddiwr',
+    'view'  					=> 'Gweld Trwydded',
+);
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
snipe	61bdb88ba5	Add @ColinMcNeil as a contributor	2020-03-04 22:38:09 -08:00
snipe	36696ab56e	Add @bigtreeEdo as a contributor	2020-03-04 22:37:57 -08:00
snipe	f0f9b93652	Add @Godmartinz as a contributor	2020-03-04 22:37:45 -08:00
snipe	a2fae76eaf	Bumped version	2020-03-04 22:37:17 -08:00
snipe	8b2f8ef3cb	Spelling is hard :(	2020-03-04 22:19:59 -08:00
snipe	5307e57bd9	Fix for CVE-2019-10772 Vuln in SVG sanitizer library	2020-03-04 22:15:31 -08:00
snipe	15518852aa	Added validation to reject email addresses over 250 characters	2020-03-04 22:08:07 -08:00
snipe	60fc1d3f6d	Added/matched forgotten password strings in lang files	2020-03-04 22:07:35 -08:00
snipe	d1a8d76d85	Set maxlength in password reset form to 250	2020-03-04 22:06:43 -08:00
snipe	803f5ad0ab	Fixed #7870 : fixed SSL connectivity for PaaS DBs (#7874 )	2020-03-04 19:39:23 -08:00
Godfrey Martinez	0e0fe967e4	BadMethodCallException Method update does [ch10544] (#7804 )	2020-02-10 19:27:23 -08:00
snipe	192917cc84	Slightly better fix for requestable import bug	2020-02-10 17:34:32 -08:00
snipe	81880645ed	Possible requestable fix	2020-02-10 11:40:39 -08:00
snipe	9eb4b0dda7	Disallow 0 as a number for labels per page	2020-02-04 19:14:58 -08:00
snipe	2f0ed129f0	Use “invalid barcode” image and suppress errors when barcode format is wrong	2020-02-04 18:15:01 -08:00
snipe	3361b859c0	Changes offset to use the actual item count as override instead of 0 (#7788 )	2020-02-04 12:32:24 -08:00
bigtreeEdo	e27a9b137b	added 'requestable' to fillable attributes. (#7787 )	2020-02-03 19:37:03 -08:00
snipe	89e2a3ae3c	Fixed #7752 - reformat /api/v1/users/me to use transformer	2020-01-30 13:12:43 -08:00
snipe	5f85d8132b	Fix for weird JSON parsing in actionlogs (#7753 ) * Fix for weird JSON parsing in actionlogs * Removed debugging code * Check for the meta array (If no fields, no array)	2020-01-24 17:31:43 -08:00
snipe	ca1285ec08	Updated favicon	2020-01-23 19:49:46 -08:00
Ivan Nieto	75bf8f3d58	Remove not existent variable 'id' in the redirect causing [ch10602] (#7732 )	2020-01-17 16:12:24 -08:00
snipe	324da7c0c8	Include correct license, asset, etc count on user show API call	2019-12-19 18:09:53 -08:00
snipe	779fc6d195	Added license endpoint for users	2019-12-19 18:00:36 -08:00
Colin McNeil	db59106c3e	Move ldap import ini settings to config (#7679 )	2019-12-19 11:51:55 -08:00
snipe	88fb1370f0	Added slightly friendlier error handling for assets without models This scenario should never happen, barring someone manually editing their data, but better to handle that scenario in a more user-friendly way.	2019-12-06 18:17:03 -08:00
snipe	943cf40247	Merge branch 'master' of https://github.com/snipe/snipe-it	2019-12-06 13:14:31 -08:00
snipe	ff57f10e9f	Fix for searching on child location names (#7646 ) * Fix for child locations * Reverts temp changes to indenter	2019-12-06 13:14:10 -08:00
snipe	91bb76fd8a	Bumped version	2019-12-06 13:05:20 -08:00
snipe	893454dca7	Updated translations	2019-12-06 12:03:04 -08:00
snipe	de0b5a6149	Fixes #6440 - quote marks in the right place	2019-12-06 11:04:16 -08:00
Dustin B	8fd4e35244	Closes #6440 Print All Assigned - New Tab (#7135 ) Should add the functionality to, by default open in a new tab and not reference back to the source page. Reduces overhead and should resolve #6440. Untested, need confirmation.	2019-12-06 11:00:01 -08:00
snipe	e71e57f16a	Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639 ) * Added enshrined/svg-sanitize * Added modular image resizing/SVG cleaning method (This already exists in v5, so I mostly ported it forward and added the SVG sanitizer.) * Use improved handleImages method to upload/resize/clean images * Removed $old_image This is handled in the ImageUpload request now	2019-12-05 22:23:05 -08:00
snipe	3f5840d390	Bumped vendor files	2019-12-05 19:53:01 -08:00
dependabot[bot]	d3f4205f09	Bump symfony/http-foundation from 3.4.30 to 3.4.36 (#7638 ) Bumps [symfony/http-foundation](https://github.com/symfony/http-foundation) from 3.4.30 to 3.4.36. - [Release notes](https://github.com/symfony/http-foundation/releases) - [Changelog](https://github.com/symfony/http-foundation/blob/master/CHANGELOG.md) - [Commits](https://github.com/symfony/http-foundation/compare/v3.4.30...v3.4.36) Signed-off-by: dependabot[bot] <support@github.com>	2019-12-05 19:37:00 -08:00
Godfrey Martinez	5b946087c4	added a proper response for password errors (#7636 )	2019-12-05 17:49:56 -08:00
snipe	ff8d98c97c	Update child assets to reflect asset parent location (#7458 )	2019-12-04 16:19:25 -08:00
snipe	2fbbe430b5	Removed escaping on custom fields in presenter (#7631 )	2019-12-03 17:42:13 -08:00
Godfrey Martinez	f0af750b0a	Fixed comment (#7617 ) * Set theme jekyll-theme-hacker * fixed commenty about scopebyDeprecationID being identified as a method to location ID * fixed commenty about scopebyDeprecationID being identified as a method to location ID	2019-11-22 16:13:42 -08:00
snipe	88cf456386	Adding Dept to license seats (#7609 ) * Adding Dept to license seats * Added query scope to order by department * Make license seat department sortable * Disable license seat internal search - this never actually worked	2019-11-21 22:03:56 -08:00
snipe	d8049209ca	Fixed bug where deleted consumable would throw an error on print page	2019-11-21 21:43:54 -08:00
snipe	dd40ddf5a5	Fixed an error on audit due list when no audit_warning_days had been set [ch9764]	2019-11-21 21:34:41 -08:00
snipe	a73fd24695	Fix maintenances permissions check to allow users who can edit assets to edit maintenances	2019-11-08 17:02:17 -08:00
snipe	70c8ad9797	Bumped minor version	2019-10-28 13:55:21 -07:00
snipe	0290257734	Limit license seats to 999 to prevent latency	2019-10-28 13:48:18 -07:00
snipe	4fe689dc5d	Merge branch 'master' of https://github.com/snipe/snipe-it	2019-10-21 15:45:17 -07:00
snipe	0769f585ea	Disallow locations from being their own parents	2019-10-21 15:45:05 -07:00
snipe	04562e6d4a	Added 4260352 to ldapsync enabled account constraint	2019-10-18 17:48:50 -07:00
snipe	22d2ad9248	Fixes nested location selectlist (#7483 ) * Rename child locations method * Use Ajax dropdown for locations selectlist for edit/create * Removed locations database call on edit/create blades for faster loading * Updated locations controller to use the new iterator * Increase pagination on locations controller to 500 We’re already loading all of that data up beforehand anyway, so no point in keeping the query smaller. * Fixed the else to make codacy happy * Improve the design and performance of the nested location selectlist (#7484) * Improve the design and performance of the nested location selectlist * Fixed parse errors * Removed debugging code/comments	2019-10-02 03:56:56 -07:00
snipe	6deb26fafe	Remove unused variable	2019-09-30 19:37:52 -07:00
snipe	6c1de7ff05	Apply fix for #6642 to master	2019-09-30 19:21:57 -07:00
snipe	7f5f4a1297	Added softwarew support and hardware support to maintenance types	2019-09-24 01:34:23 -07:00
snipe	c68c0e1208	Account for limit if none is passed in the request	2019-09-03 20:28:49 -07:00
snipe	c256536d21	Math is hard	2019-09-03 14:29:58 -07:00
snipe	4159a0effa	Bumped version	2019-09-03 14:12:13 -07:00
snipe	b8f7cd81eb	Limit API request results per page (#7405 )	2019-09-03 14:02:08 -07:00
snipe	b381528668	Added console rekey tool (#7330 ) * Removed console command specifications, since they’re pulled dynamically now * Added rekey console command * Removed unused code * Comment clarifiction * Handle LDAP password	2019-09-03 11:03:32 -07:00
snipe	6d66d7e215	Removed withErrors on JSON response	2019-08-22 21:36:47 -07:00
snipe	b5bf8e9a37	Smaller chunking for custom report, add max_execution_time	2019-08-15 06:14:25 -07:00
snipe	ba197c8857	Fixed #7259 - upgraded phpdocumentor/reflection-docblock to v4	2019-08-15 03:02:24 -07:00
snipe	124b249df4	Fixed #7289 - git fetch before checkout in upgrade.php	2019-08-15 01:32:20 -07:00
snipe	2a6919c438	Fixed #7321 - added link to Helm Chart repo	2019-08-15 01:07:30 -07:00
snipe	8b4a9aa382	Fixes to history importer	2019-08-13 18:15:42 -07:00
snipe	99cd552d5c	History importer fixes	2019-08-13 18:00:21 -07:00
snipe	6c7e5cb9cf	Merge branch 'master' of https://github.com/snipe/snipe-it	2019-08-10 17:49:23 -07:00
snipe	6ebb01a081	Group related variables in .env	2019-08-10 17:48:03 -07:00
Greg Stamper	5591c861b9	Update README.md (#7334 ) Add reference to CSV importer.	2019-08-07 23:12:46 -07:00
snipe	d37280567d	Fixed CVE-2019-10742 https://nvd.nist.gov/vuln/detail/CVE-2019-10742	2019-08-06 21:11:38 -07:00
snipe	e7b0ee2539	Added accessories checkout/checkin API endpoint	2019-08-02 15:08:26 -07:00
snipe	c593b3645c	Added comments to the ByFilter query scope for clarity	2019-07-31 14:24:01 -07:00
Ivan Nieto	28ae90fa8a	Added condition to deal with fieldname 'rtd_location' which can be tried to be queried in some places and doesn't exist in database (#7317 )	2019-07-31 13:55:21 -07:00
snipe	c7be25078e	Bumped version	2019-07-26 13:02:47 -07:00
snipe	3dc2cc9f22	CORS for api (#7292 ) * Added CORS support to API * Changed order so CORS will still work if throttle hit * Added APP_CORS_ALLOWED_ORIGINS env option * Fixed typo * Clarified header comments * More clarification * DIsable CORS allowed origins by default to replicate existing behavior * Change variable name to be clearer	2019-07-26 12:38:31 -07:00
snipe	ab86e42b2e	Fixed #7270 - Checking-in Assets via API Removes the Item's Asset Name	2019-07-26 12:37:38 -07:00
snipe	9af9ed9eb9	Add @mskrip as a contributor	2019-07-24 11:01:28 -07:00
snipe	250a797339	Fixed #7250 - permission issue for API fieldsets and fields endpoints This applies the change from #7294 to master	2019-07-24 11:00:42 -07:00