Bumped version

Signed-off-by: snipe <snipe@snipe.net> # Conflicts: # config/version.php
Bumped version
2023-07-05 14:41:34 +01:00 · 2023-07-05 14:40:54 +01:00 · 2023-07-05 14:37:53 +01:00 · 2023-07-05 14:37:32 +01:00 · 2023-07-05 14:31:08 +01:00 · 2023-07-05 14:27:10 +01:00
3231 changed files with 74980 additions and 34446 deletions
@@ -2621,6 +2621,337 @@
      "contributions": [
        "code"
      ]
+    },
+    {
+      "login": "denzfarid",
+      "name": "denzfarid",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1294403?v=4",
+      "profile": "https://github.com/denzfarid",
+      "contributions": []
+    },
+    {
+      "login": "ntbutler-nbcs",
+      "name": "ntbutler-nbcs",
+      "avatar_url": "https://avatars.githubusercontent.com/u/94018771?v=4",
+      "profile": "https://github.com/ntbutler-nbcs",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "naveensrinivasan",
+      "name": "Naveen",
+      "avatar_url": "https://avatars.githubusercontent.com/u/172697?v=4",
+      "profile": "https://naveensrinivasan.dev",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "mikeroq",
+      "name": "Mike Roquemore",
+      "avatar_url": "https://avatars.githubusercontent.com/u/55674383?v=4",
+      "profile": "https://github.com/mikeroq",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "reederda",
+      "name": "Daniel Reeder",
+      "avatar_url": "https://avatars.githubusercontent.com/u/7991086?v=4",
+      "profile": "https://github.com/reederda",
+      "contributions": [
+        "translation",
+        "translation",
+        "code"
+      ]
+    },
+    {
+      "login": "vickyjaura183",
+      "name": "vickyjaura183",
+      "avatar_url": "https://avatars.githubusercontent.com/u/109422491?v=4",
+      "profile": "https://github.com/vickyjaura183",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "julian-piehl",
+      "name": "Peace",
+      "avatar_url": "https://avatars.githubusercontent.com/u/32363424?v=4",
+      "profile": "https://github.com/julian-piehl",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "kylegordon",
+      "name": "Kyle Gordon",
+      "avatar_url": "https://avatars.githubusercontent.com/u/231528?v=4",
+      "profile": "https://github.com/kylegordon",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "sunflowerbofh",
+      "name": "Katharina Drexel",
+      "avatar_url": "https://avatars.githubusercontent.com/u/53009155?v=4",
+      "profile": "http://www.bfh.ch",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "dsferruzza",
+      "name": "David Sferruzza",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1931963?v=4",
+      "profile": "https://david.sferruzza.fr/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "rnelsonee",
+      "name": "Rick Nelson",
+      "avatar_url": "https://avatars.githubusercontent.com/u/19511639?v=4",
+      "profile": "https://github.com/rnelsonee",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "BasO12",
+      "name": "BasO12",
+      "avatar_url": "https://avatars.githubusercontent.com/u/94169344?v=4",
+      "profile": "https://github.com/BasO12",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Vautia",
+      "name": "Vautia",
+      "avatar_url": "https://avatars.githubusercontent.com/u/111710123?v=4",
+      "profile": "https://github.com/Vautia",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "chartjes",
+      "name": "Chris Hartjes",
+      "avatar_url": "https://avatars.githubusercontent.com/u/28321?v=4",
+      "profile": "http://www.littlehart.net/atthekeyboard",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "geo-chen",
+      "name": "geo-chen",
+      "avatar_url": "https://avatars.githubusercontent.com/u/2404584?v=4",
+      "profile": "https://github.com/geo-chen",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "nh314",
+      "name": "Phan Nguyen",
+      "avatar_url": "https://avatars.githubusercontent.com/u/6006620?v=4",
+      "profile": "https://github.com/nh314",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "StarlessNights",
+      "name": "Iisakki Jaakkola",
+      "avatar_url": "https://avatars.githubusercontent.com/u/115993812?v=4",
+      "profile": "https://github.com/StarlessNights",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "eltociear",
+      "name": "Ikko Ashimine",
+      "avatar_url": "https://avatars.githubusercontent.com/u/22633385?v=4",
+      "profile": "https://bandism.net/",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "lukasfehling",
+      "name": "Lukas Fehling",
+      "avatar_url": "https://avatars.githubusercontent.com/u/56871540?v=4",
+      "profile": "https://github.com/lukasfehling",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "fernando-almeida",
+      "name": "Fernando Almeida",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1975990?v=4",
+      "profile": "https://github.com/fernando-almeida",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "akemidx",
+      "name": "akemidx",
+      "avatar_url": "https://avatars.githubusercontent.com/u/116301219?v=4",
+      "profile": "https://github.com/akemidx",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "oguzbilgic",
+      "name": "Oguz Bilgic",
+      "avatar_url": "https://avatars.githubusercontent.com/u/144778?v=4",
+      "profile": "http://oguz.site",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "scoo73r",
+      "name": "Scooter Crawford",
+      "avatar_url": "https://avatars.githubusercontent.com/u/9262438?v=4",
+      "profile": "https://github.com/scoo73r",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "subdriven",
+      "name": "subdriven",
+      "avatar_url": "https://avatars.githubusercontent.com/u/5957345?v=4",
+      "profile": "https://github.com/subdriven",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "AndrewSav",
+      "name": "Andrew Savinykh",
+      "avatar_url": "https://avatars.githubusercontent.com/u/658865?v=4",
+      "profile": "https://github.com/AndrewSav",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "kenchan0130",
+      "name": "Tadayuki Onishi",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1155067?v=4",
+      "profile": "https://kenchan0130.github.io",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "floschoepfer",
+      "name": "Florian",
+      "avatar_url": "https://avatars.githubusercontent.com/u/112496896?v=4",
+      "profile": "https://github.com/floschoepfer",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "spencerrlongg",
+      "name": "Spencer Long",
+      "avatar_url": "https://avatars.githubusercontent.com/u/7305753?v=4",
+      "profile": "http://spencerlong.com",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "marcusmoore",
+      "name": "Marcus Moore",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1141514?v=4",
+      "profile": "https://github.com/marcusmoore",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "Mezzle",
+      "name": "Martin Meredith",
+      "avatar_url": "https://avatars.githubusercontent.com/u/570639?v=4",
+      "profile": "https://github.com/Mezzle",
+      "contributions": []
+    },
+    {
+      "login": "dboth",
+      "name": "dboth",
+      "avatar_url": "https://avatars.githubusercontent.com/u/5731963?v=4",
+      "profile": "http://dboth.de",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "zacharyfleck",
+      "name": "Zachary Fleck",
+      "avatar_url": "https://avatars.githubusercontent.com/u/87536651?v=4",
+      "profile": "https://github.com/zacharyfleck",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "vikaas-cyper",
+      "name": "VIKAAS-A",
+      "avatar_url": "https://avatars.githubusercontent.com/u/74609912?v=4",
+      "profile": "https://github.com/vikaas-cyper",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "ak-piracha",
+      "name": "Abdul Kareem",
+      "avatar_url": "https://avatars.githubusercontent.com/u/88882041?v=4",
+      "profile": "https://github.com/ak-piracha",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "NojoudAlshehri",
+      "name": "NojoudAlshehri",
+      "avatar_url": "https://avatars.githubusercontent.com/u/111287779?v=4",
+      "profile": "https://github.com/NojoudAlshehri",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "stefanstidlffg",
+      "name": "Stefan Stidl",
+      "avatar_url": "https://avatars.githubusercontent.com/u/54367449?v=4",
+      "profile": "https://github.com/stefanstidlffg",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "qay21",
+      "name": "Quentin Aymard",
+      "avatar_url": "https://avatars.githubusercontent.com/u/87803479?v=4",
+      "profile": "https://github.com/qay21",
+      "contributions": [
+        "code"
+      ]
    }
  ]
 }
@@ -0,0 +1,63 @@
+version: 1
+
+environment:
+  php: 8.0
+  node: 12
+
+services:
+  - mysql: 5.7
+  - dusk:
+
+on:
+  push:
+    branches:
+      - master
+      - develop
+
+  pull_request:
+    branches:
+      - master
+      - develop
+
+pipeline:
+  - name: Setup
+    cmd: |
+      cp -v .env.example .env
+      
+      composer install --no-interaction --prefer-dist --optimize-autoloader
+
+  - name: Generate Key
+    cmd: |
+      php artisan key:generate --force
+
+  - name: Passport Keys
+    cmd: |
+      php artisan passport:keys
+
+  - name: Run Migrations
+    cmd: |
+      # php artisan migrate --force
+
+  - name: PHPUnit Unit Tests
+    cmd: |
+      # php artisan test --testsuite Unit
+
+  - name: PHPUnit Feature Tests
+    cmd: |
+      # php artisan test --testsuite Feature
+
+#  - name: Browser Tests
+#    cmd: |
+#      cp -v .env.dusk.example .env.dusk.ci
+#      sed -i "s@APP_ENV=.*@APP_ENV=ci@g" .env.dusk.ci
+#      sed -i "s@APP_URL=.*@APP_URL=http://$BUILD_HOST:8000@g" .env.dusk.ci
+#      #sed -i "s@DB_HOST=.*@DB_HOST=mysql@g" .env.dusk.ci
+#      sed -i "s@DB_HOST=.*@DB_HOST=$DB_HOST@g" .env.dusk.ci
+#      sed -i "s@DB_USERNAME=.*@DB_USERNAME=chipperci@g" .env.dusk.ci
+#      sed -i "s@DB_DATABASE=.*@DB_DATABASE=chipperci@g" .env.dusk.ci
+#      sed -i "s@DB_PASSWORD=.*@DB_PASSWORD=secret@g" .env.dusk.ci
+#
+#      php -S [::0]:8000 -t public 2>server.log &
+#      sleep 2
+#      php artisan dusk:chrome-driver $CHROME_DRIVER
+#      php artisan dusk --env=ci
@@ -155,8 +155,8 @@ RESET_PASSWORD_LINK_EXPIRES=900
 # --------------------------------------------
 # OPTIONAL: MISC
 # --------------------------------------------
-APP_LOG=stderr
-APP_LOG_MAX_FILES=10
+LOG_CHANNEL=stderr
+LOG_MAX_DAYS=10
 APP_LOCKED=false
 APP_CIPHER=AES-256-CBC
 GOOGLE_MAPS_API=
@@ -20,12 +20,13 @@ PUBLIC_FILESYSTEM_DISK=local_public
 # REQUIRED: DATABASE SETTINGS
 # --------------------------------------------
 DB_CONNECTION=mysql
-DB_HOST=localhost
-DB_DATABASE=snipeit-local
-DB_USERNAME=snipeit-local
-DB_PASSWORD=snipeit-local
+DB_HOST=127.0.0.1
+DB_PORT=3306
+DB_DATABASE=null
+DB_USERNAME=null
+DB_PASSWORD=null
 DB_PREFIX=null
-DB_DUMP_PATH='/Applications/MAMP/Library/bin'
+#DB_DUMP_PATH=

 # --------------------------------------------
 # OPTIONAL: SSL DATABASE SETTINGS
@@ -93,7 +94,7 @@ DISABLE_NOSAML_LOCAL_LOGIN=true
 # --------------------------------------------
 # OPTIONAL: MISC
 # --------------------------------------------
-APP_LOG=single
+LOG_CHANNEL=single
 LOG_LEVEL=debug
 LOG_CHANNEL=stack
 LOG_SLACK_WEBHOOK_URL=null
@@ -24,6 +24,7 @@ PUBLIC_FILESYSTEM_DISK=local_public
 # --------------------------------------------
 DB_CONNECTION=mysql
 DB_HOST=127.0.0.1
+DB_PORT=3306
 DB_DATABASE=null
 DB_USERNAME=null
 DB_PASSWORD=null
@@ -70,11 +71,13 @@ IMAGE_LIB=gd
 MAIL_BACKUP_NOTIFICATION_DRIVER=null
 MAIL_BACKUP_NOTIFICATION_ADDRESS=null
 BACKUP_ENV=true
-
+ALLOW_BACKUP_DELETE=false
+ALLOW_DATA_PURGE=false

 # --------------------------------------------
 # OPTIONAL: SESSION SETTINGS
 # --------------------------------------------
+SESSION_DRIVER=file
 SESSION_LIFETIME=12000
 EXPIRE_ON_CLOSE=false
 ENCRYPT=false
@@ -97,7 +100,6 @@ ENABLE_HSTS=false
 # OPTIONAL: CACHE SETTINGS
 # --------------------------------------------
 CACHE_DRIVER=file
-SESSION_DRIVER=file
 QUEUE_DRIVER=sync
 CACHE_PREFIX=snipeit

@@ -146,13 +148,19 @@ AWS_DEFAULT_REGION=null
 # --------------------------------------------
 LOGIN_MAX_ATTEMPTS=5
 LOGIN_LOCKOUT_DURATION=60
-RESET_PASSWORD_LINK_EXPIRES=900
+
+# --------------------------------------------
+# OPTIONAL: FORGOTTEN PASSWORD SETTINGS
+# --------------------------------------------
+RESET_PASSWORD_LINK_EXPIRES=15
+PASSWORD_CONFIRM_TIMEOUT=10800
+PASSWORD_RESET_MAX_ATTEMPTS_PER_MIN=50

 # --------------------------------------------
 # OPTIONAL: MISC
 # --------------------------------------------
-APP_LOG=single
-APP_LOG_MAX_FILES=10
+LOG_CHANNEL=single
+LOG_MAX_DAYS=10
 APP_LOCKED=false
 APP_CIPHER=AES-256-CBC
 APP_FORCE_TLS=false
@@ -165,3 +173,19 @@ IMPORT_MEMORY_LIMIT=500M
 REPORT_TIME_LIMIT=12000
 REQUIRE_SAML=false
 API_THROTTLE_PER_MINUTE=120
+CSV_ESCAPE_FORMULAS=true
+
+# --------------------------------------------
+# OPTIONAL: HASHING
+# --------------------------------------------
+HASHING_DRIVER='bcrypt'
+BCRYPT_ROUNDS=10
+ARGON_MEMORY=1024
+ARGON_THREADS=2
+ARGON_TIME=2
+
+# --------------------------------------------
+# OPTIONAL: SCIM
+# --------------------------------------------
+SCIM_TRACE=false
+SCIM_STANDARDS_COMPLIANCE=false
@@ -1,74 +0,0 @@
-# --------------------------------------------
-# REQUIRED: BASIC APP SETTINGS
-# --------------------------------------------
-APP_ENV=testing
-APP_DEBUG=true
-APP_KEY=base64:glJpcM7BYwWiBggp3SQ/+NlRkqsBQMaGEOjemXqJzOU=
-APP_URL=http://localhost:8000
-APP_TIMEZONE='US/Pacific'
-APP_LOCALE=en
-FILESYSTEM_DISK=local
-
-# --------------------------------------------
-# REQUIRED: DATABASE SETTINGS
-# --------------------------------------------
-DB_CONNECTION=sqlite_testing
-DB_HOST=localhost
-DB_DATABASE=testing.sqlite
-DB_USERNAME=null
-DB_PASSWORD=null
-
-# --------------------------------------------
-# REQUIRED: OUTGOING MAIL SERVER SETTINGS
-# --------------------------------------------
-MAIL_DRIVER=log
-MAIL_HOST=email-smtp.us-west-2.amazonaws.com
-MAIL_PORT=587
-MAIL_USERNAME=YOURUSERNAME
-MAIL_PASSWORD=YOURPASSWORD
-MAIL_ENCRYPTION=null
-MAIL_FROM_ADDR=you@example.com
-MAIL_FROM_NAME=Snipe-IT
-
-# --------------------------------------------
-# REQUIRED: IMAGE LIBRARY
-# This should be gd or imagick
-# --------------------------------------------
-IMAGE_LIB=gd
-
-
-# --------------------------------------------
-# OPTIONAL: AWS SETTINGS
-# --------------------------------------------
-AWS_SECRET_ACCESS_KEY=null
-AWS_ACCESS_KEY_ID=null
-AWS_DEFAULT_REGION=null
-AWS_BUCKET=null
-AWS_BUCKET_ROOT=null
-AWS_URL=null
-
-
-# --------------------------------------------
-# OPTIONAL: CACHE SETTINGS
-# --------------------------------------------
-CACHE_DRIVER=file
-SESSION_DRIVER=file
-QUEUE_DRIVER=sync
-
-
-# --------------------------------------------
-# OPTIONAL: SESSION SETTINGS
-# --------------------------------------------
-SESSION_LIFETIME=12000
-EXPIRE_ON_CLOSE=false
-ENCRYPT=false
-COOKIE_NAME=snipeittest_session
-COOKIE_DOMAIN=null
-SECURE_COOKIES=false
-
-
-# --------------------------------------------
-# OPTIONAL: APP LOG FORMAT
-# --------------------------------------------
-APP_LOG=single
-APP_LOG_LEVEL=debug
@@ -14,6 +14,7 @@ FILESYSTEM_DISK=local
 # --------------------------------------------
 DB_CONNECTION=sqlite
 DB_HOST=localhost
+DB_PORT=3306
 DB_DATABASE='sqlite_testing'
 DB_USERNAME=root
 DB_PASSWORD=null
@@ -34,4 +35,4 @@ IMAGE_LIB=gd
 # --------------------------------------------
 # OPTIONAL: APP LOG FORMAT
 # --------------------------------------------
-APP_LOG=single
+LOG_CHANNEL=single
@@ -0,0 +1,19 @@
+# --------------------------------------------
+# REQUIRED: BASIC APP SETTINGS
+# --------------------------------------------
+APP_ENV=testing
+APP_DEBUG=true
+APP_KEY=base64:glJpcM7BYwWiBggp3SQ/+NlRkqsBQMaGEOjemXqJzOU=
+APP_URL=http://localhost:8000
+APP_TIMEZONE='UTC'
+APP_LOCALE=en
+
+# --------------------------------------------
+# REQUIRED: DATABASE SETTINGS
+# --------------------------------------------
+DB_CONNECTION=mysql
+DB_HOST=127.0.0.1
+DB_PORT=3306
+DB_DATABASE=null
+DB_USERNAME=null
+DB_PASSWORD=null
@@ -4,6 +4,7 @@ APP_URL=http://snipe-it.localapp
 DB_CONNECTION=mysql
 DB_DEFAULT=mysql
 DB_HOST=localhost
+DB_PORT=3306
 DB_DATABASE=snipeittests
 DB_USERNAME=snipeit
 DB_PASSWORD=snipe
@@ -4,6 +4,7 @@ APP_URL=http://snipe-it.localapp
 DB_CONNECTION=sqlite_testing
 DB_DEFAULT=sqlite_testing
 DB_HOST=localhost
+DB_PORT=3306
 APP_KEY=base64:tu9NRh/a6+dCXBDGvg0Gv/0TcABnFsbT4AKxrr8mwQo=


@@ -15,8 +15,8 @@
 #  *.js    @octocat @github/js


-app/Importer/*  @dmeltzer
 app/Http/Controllers/CustomFields* @uberbrady
 app/Http/Controllers/Api/CustomFields* @uberbrady
 resources/views/custom_fields/* @uberbrady
 docker/* @uberbrady
+app/Providers/SamlServiceProvider.php @uberbrady
@@ -2,8 +2,6 @@ name: Feature Request
 description: Suggest an idea for this project
 title: "[Feature Request]: "
 labels: ["feature request"]
-assignees:
-  - snipe
 body:
  - type: textarea
    attributes:
@@ -1,4 +1,22 @@
-frontend: ["*.js", "*.css", "*.vue", "*.scss", "*.less", "*.blade.*"]
-backend: ["/app", "*.php"]
-legal: ["LICENSE*", "NOTICES*"]
+frontend: ["*.js", "*.css", "*.vue", "*.scss", "*.less", "*.blade.*", "resources/views/livewire/*"]
+skins: ["*.js", "*.css", "*.scss", "*.less"]
+css: ["*.css","*.scss", "*.less"]
+javascript: ["*.js", "package.json", "package.lock"]
+backend: ["/app/*", "composer.json", "composer.lock"]
+translations: ["/resources/lang"]
+livewire: ["/app/Http/Livewire/*", "resources/views/livewire/*"]
+backups: ["*backup*"]
+restore: ["*restore*"]
+saml: ["*saml*"]
+scim: ["*scim*"]
+custom fields: ["*fields*", "*fieldsets*"]
+dependencies: ["composer.json", "composer.lock", "package.json", "package.lock"]
+consumables: ["*consumables*"]
+api: ["/app/Http/Controllers/Api/*"]
+notifications: ["/app/Notifications/*"]
+importer: ["/app/Importer/*","/app/Http/Livewire/Importer.php", "resources/views/livewire/importer.php"]
+cli / artisan: ["/app/Console/*"]
+LDAP: ["*Ldap*", "/app/Console/Commands/Ldap*","/app/Models/Ldap.php"]
+docker: ["*docker/*", "Dockerfile", "Dockerfile.alpine", "Dockerfile.fpm-alpine", ".dockerignore", ".env.docker"]
+tests: ["/tests/*", "/stubs"]
 config: .github
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
@@ -26,14 +26,14 @@ jobs:
        language: [ 'javascript' ]
    steps:
    - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3.3.0

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
      with:
        languages: ${{ matrix.language }}
    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2
@@ -17,18 +17,26 @@ on:
  schedule:
    - cron: '36 23 * * 3'

+permissions:
+  contents: read
+
 jobs:
  codacy-security-scan:
+    # Ensure schedule job never runs on forked repos. It's only executed for 'snipe/snipe-it'
+    permissions:
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
+    if: (github.repository == 'snipe/snipe-it') || ((github.repository != 'snipe/snipe-it') && (github.event_name != 'schedule'))
    name: Codacy Security Scan
    runs-on: ubuntu-latest
    steps:
      # Checkout the repository to the GitHub Actions runner
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.3.0

      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
      - name: Run Codacy Analysis CLI
-        uses: codacy/codacy-analysis-cli-action@1.1.0
+        uses: codacy/codacy-analysis-cli-action@v4.3.0
        with:
          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
          # You can also omit the token and run the tools that support default configurations
@@ -44,6 +52,6 @@ jobs:

      # Upload the SARIF file generated in the previous step
      - name: Upload SARIF results file
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: results.sarif
@@ -0,0 +1,21 @@
+name: Crowdin Action
+
+on:
+  push:
+    branches: [ develop ]
+
+jobs:
+  upload-sources-to-crowdin:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Crowdin push
+        uses: crowdin/github-action@v1
+        with:
+          upload_sources: true
+          upload_translations: false
+          download_translations: false
+          project_id: ${{ secrets.CROWDIN_PROJECT_ID }}
+          token: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
@@ -15,6 +15,9 @@ on:

  pull_request:

+permissions:
+  contents: read
+
 jobs:
  docker:
    # Ensure this job never runs on forked repos. It's only executed for 'snipe/snipe-it'
@@ -38,17 +41,17 @@ jobs:
    steps:
      # https://github.com/actions/checkout
      - name: Checkout codebase
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.3.0

      # https://github.com/docker/setup-buildx-action
      - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2

      # https://github.com/docker/login-action
      - name: Login to DockerHub
        # Only login if not a PR, as PRs only trigger a Docker build and not a push
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
@@ -60,7 +63,7 @@ jobs:
      # Get Metadata for docker_build step below
      - name: Sync metadata (tags, labels) from GitHub to Docker for 'snipe-it' image
        id: meta_build
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
        with:
          images: snipe/snipe-it
          tags: ${{ env.IMAGE_TAGS }}
@@ -69,11 +72,11 @@ jobs:
      # https://github.com/docker/build-push-action
      - name: Build and push 'snipe-it' image
        id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
        with:
          context: .
          file: ./Dockerfile.alpine
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
          # For pull requests, we run the Docker build (to ensure no PR changes break the build),
          # but we ONLY do an image push to DockerHub if it's NOT a PR
          push: ${{ github.event_name != 'pull_request' }}
@@ -15,6 +15,9 @@ on:

  pull_request:

+permissions:
+  contents: read
+
 jobs:
  docker:
    # Ensure this job never runs on forked repos. It's only executed for 'snipe/snipe-it'
@@ -38,17 +41,17 @@ jobs:
    steps:
      # https://github.com/actions/checkout
      - name: Checkout codebase
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.3.0

      # https://github.com/docker/setup-buildx-action
      - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2

      # https://github.com/docker/login-action
      - name: Login to DockerHub
        # Only login if not a PR, as PRs only trigger a Docker build and not a push
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
@@ -60,7 +63,7 @@ jobs:
      # Get Metadata for docker_build step below
      - name: Sync metadata (tags, labels) from GitHub to Docker for 'snipe-it' image
        id: meta_build
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
        with:
          images: snipe/snipe-it
          tags: ${{ env.IMAGE_TAGS }}
@@ -69,11 +72,11 @@ jobs:
      # https://github.com/docker/build-push-action
      - name: Build and push 'snipe-it' image
        id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
        with:
          context: .
          file: ./Dockerfile
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
          # For pull requests, we run the Docker build (to ensure no PR changes break the build),
          # but we ONLY do an image push to DockerHub if it's NOT a PR
          push: ${{ github.event_name != 'pull_request' }}
@@ -1,6 +1,10 @@
 .couscous
 .DS_Store
 .env
+.env.dusk.*
+!.env.dusk.example
+.env.testing
+phpstan.neon
 .idea
 /bin/
 /bootstrap/compiled.php
@@ -1,4 +1,4 @@
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 LABEL maintainer="Brady Wetherington <bwetherington@grokability.com>"

 # No need to add `apt-get clean` here, reference:
@@ -14,15 +14,17 @@ RUN export DEBIAN_FRONTEND=noninteractive; \
 apt-utils \
 apache2 \
 apache2-bin \
-libapache2-mod-php7.4 \
-php7.4-curl \
-php7.4-ldap \
-php7.4-mysql \
-php7.4-gd \
-php7.4-xml \
-php7.4-mbstring \
-php7.4-zip \
-php7.4-bcmath \
+libapache2-mod-php8.1 \
+php8.1-curl \
+php8.1-ldap \
+php8.1-mysql \
+php8.1-gd \
+php8.1-xml \
+php8.1-mbstring \
+php8.1-zip \
+php8.1-bcmath \
+php8.1-redis \
+php-memcached \
 patch \
 curl \
 wget  \
@@ -36,9 +38,10 @@ gcc \
 make \
 autoconf \
 libc-dev \
+libldap-common \
 pkg-config \
 libmcrypt-dev \
-php7.4-dev \
+php8.1-dev \
 ca-certificates \
 unzip \
 dnsutils \
@@ -48,16 +51,16 @@ dnsutils \
 RUN curl -L -O https://github.com/pear/pearweb_phars/raw/master/go-pear.phar
 RUN php go-pear.phar

-RUN pecl install mcrypt-1.0.3
+RUN pecl install mcrypt

-RUN bash -c "echo extension=/usr/lib/php/20190902/mcrypt.so > /etc/php/7.4/mods-available/mcrypt.ini"
+RUN bash -c "echo extension=/usr/lib/php/20210902/mcrypt.so > /etc/php/8.1/mods-available/mcrypt.ini"

 RUN phpenmod mcrypt
 RUN phpenmod gd
 RUN phpenmod bcmath

-RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.4/apache2/php.ini
-RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.4/cli/php.ini
+RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/8.1/apache2/php.ini
+RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/8.1/cli/php.ini

 RUN useradd -m --uid 1000 --gid 50 docker

@@ -138,4 +141,4 @@ RUN chmod +x /startup.sh /usr/bin/supervisor-exit-event-listener
 CMD ["/startup.sh"]

 EXPOSE 80
-EXPOSE 443
+EXPOSE 443
@@ -1,32 +1,34 @@
-FROM alpine:3.14.2
+FROM alpine:3.17.3
 # Apache + PHP
 RUN  apk add --no-cache \
        apache2 \
-        php7 \
-        php7-common \
-        php7-apache2 \
-        php7-curl \
-        php7-ldap \
-        php7-mysqli \
-        php7-gd \
-        php7-xml \
-        php7-mbstring \
-        php7-zip \
-        php7-ctype \
-        php7-tokenizer \
-        php7-pdo_mysql \
-        php7-openssl \
-        php7-bcmath \
-        php7-phar \
-        php7-json \
-        php7-iconv \
-        php7-fileinfo \
-        php7-simplexml \
-        php7-session \
-        php7-dom \
-        php7-xmlwriter \
-        php7-xmlreader \
-        php7-sodium \
+        php81 \
+        php81-common \
+        php81-apache2 \
+        php81-curl \
+        php81-ldap \
+        php81-mysqli \
+        php81-gd \
+        php81-xml \
+        php81-mbstring \
+        php81-zip \
+        php81-ctype \
+        php81-tokenizer \
+        php81-pdo_mysql \
+        php81-openssl \
+        php81-bcmath \
+        php81-phar \
+        php81-json \
+        php81-iconv \
+        php81-fileinfo \
+        php81-simplexml \
+        php81-session \
+        php81-dom \
+        php81-xmlwriter \
+        php81-xmlreader \
+        php81-sodium \
+        php81-redis \
+        php81-pecl-memcached \
        curl \
        wget \
        vim \
@@ -39,7 +41,7 @@ COPY docker/column-statistics.cnf /etc/mysql/conf.d/column-statistics.cnf
 # Where apache's PID lives
 RUN mkdir -p /run/apache2 && chown apache:apache /run/apache2

-RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php7/php.ini
+RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php81/php.ini
 COPY  docker/000-default-2.4.conf /etc/apache2/conf.d/default.conf

 # Enable mod_rewrite
@@ -84,4 +86,4 @@ ENTRYPOINT ["/sbin/tini", "--"]

 CMD ["/entrypoint.sh"]

-EXPOSE 80
+EXPOSE 80
@@ -1,8 +1,8 @@
 ARG ENVIRONMENT=production
-ARG SNIPEIT_RELEASE=5.1.3
-ARG PHP_VERSION=7.4.16
-ARG PHP_ALPINE_VERSION=3.13
-ARG COMPOSER_VERSION=2.0.11
+ARG SNIPEIT_RELEASE=6.1.0
+ARG PHP_VERSION=8.2
+ARG PHP_ALPINE_VERSION=3.17
+ARG COMPOSER_VERSION=2

 # Cannot use arguments with 'COPY --from' workaround
 # https://github.com/moby/moby/issues/34482#issuecomment-454716952
@@ -52,7 +52,7 @@ RUN { \

 # Install php extensions inside docker containers easily
 # https://github.com/mlocati/docker-php-extension-installer
-COPY --from=mlocati/php-extension-installer:1.2.19 /usr/bin/install-php-extensions /usr/local/bin/
+COPY --from=mlocati/php-extension-installer:2.1.15 /usr/bin/install-php-extensions /usr/local/bin/
 RUN set -eux; \
    install-php-extensions \
        bcmath \
@@ -75,14 +75,14 @@ RUN set -eux; \
 	rm snipeit.tar.gz; \
 # Install composer php dependencies
    if [ "$ENVIRONMENT" = "production" ]; then \
-        echo "production enviroment detected!"; \
+        echo "production environment detected!"; \
        composer update \
            --no-cache \
            --no-dev \
            --optimize-autoloader \
            --working-dir=/var/www/html; \
    else \
-        echo "development enviroment detected!"; \
+        echo "development environment detected!"; \
        apk add --no-cache \
            ${DEV_PACKAGES}; \
        composer update \
@@ -100,4 +100,4 @@ COPY --chown=www-data:www-data docker/docker-secrets.env /var/www/html/.env
 COPY --chmod=655 docker/docker-entrypoint.sh /usr/local/bin/docker-snipeit-entrypoint
 COPY docker/column-statistics.cnf /etc/mysql/conf.d/column-statistics.cnf
 ENTRYPOINT [ "/usr/local/bin/docker-snipeit-entrypoint" ]
-CMD [ "/usr/local/bin/docker-php-entrypoint", "php-fpm" ]
+CMD [ "/usr/local/bin/docker-php-entrypoint", "php-fpm" ]
@@ -1,5 +1,5 @@
 ![Build Status](https://app.chipperci.com/projects/0e5f8979-31eb-4ee6-9abf-050b76ab0383/status/master) [![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeitapp.svg?style=social)](https://twitter.com/snipeitapp)  [![Codacy Badge](https://api.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://www.codacy.com/app/snipe/snipe-it?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=snipe/snipe-it&amp;utm_campaign=Badge_Grade)
-[![All Contributors](https://img.shields.io/badge/all_contributors-286-orange.svg?style=flat-square)](#contributors) [![Discord](https://badgen.net/badge/icon/discord?icon=discord&label)](https://discord.gg/yZFtShAcKk) [![huntr](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev)
+[![All Contributors](https://img.shields.io/badge/all_contributors-325-orange.svg?style=flat-square)](#contributors) [![Discord](https://badgen.net/badge/icon/discord?icon=discord&label)](https://discord.gg/yZFtShAcKk) [![huntr](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev)

 ## Snipe-IT - Open Source Asset Management System

@@ -59,14 +59,20 @@ Since the release of the JSON REST API, several third-party developers have been
 - [SnipeSharp - .NET module in C#](https://github.com/barrycarey/SnipeSharp) by [@barrycarey](https://github.com/barrycarey)
 - [InQRy -unmaintained-](https://github.com/Microsoft/InQRy) by [@Microsoft](https://github.com/Microsoft)
 - [SnipeitPS](https://github.com/snazy2000/SnipeitPS) by [@snazy2000](https://github.com/snazy2000) - Powershell API Wrapper for Snipe-it
- [jamf2snipe](https://github.com/ParadoxGuitarist/jamf2snipe) by [@ParadoxGuitarist](https://github.com/ParadoxGuitarist) - Python script to sync assets between a JAMFPro instance and a Snipe-IT instance
+- [jamf2snipe](https://github.com/grokability/jamf2snipe) - Python script to sync assets between a JAMFPro instance and a Snipe-IT instance
+- [jamf-snipe-rename](https://macblog.org/jamf-snipe-rename/) - Python script to rename computers in Jamf from Snipe-IT
 - [Marksman](https://github.com/Scope-IT/marksman) - A Windows agent for Snipe-IT
 - [Snipe-IT plugin for Jira Service Desk](https://marketplace.atlassian.com/apps/1220964/snipe-it-for-jira)
 - [Python 3 CSV importer](https://github.com/gastamper/snipeit-csvimporter) - allows importing assets into Snipe-IT based on Item Name rather than Asset Tag.
 - [Snipe-IT Kubernetes Helm Chart](https://github.com/t3n/helm-charts/tree/master/snipeit) - For more information, [click here](https://hub.helm.sh/charts/t3n/snipeit).
 - [Snipe-IT Bulk Edit](https://github.com/bricelabelle/snipe-it-bulkedit) - Google Script files to use Google Sheets as a bulk checkout/checkin/edit tool for Snipe-it.
+- [MosyleSnipeSync](https://github.com/RodneyLeeBrands/MosyleSnipeSync) by [@Karpadiem](https://github.com/Karpadiem) - Python script to synchronize information between Mosyle and Snipe-IT
+- [WWW::SnipeIT](https://github.com/SEDC/perl-www-snipeit) by [@SEDC](https://github.com/SEDC) - perl module for accessing the API
+- [UniFi to Snipe-IT](https://github.com/RodneyLeeBrands/UnifiSnipeSync) by [@karpadiem](https://github.com/karpadiem) - Python script that synchronizes UniFi devices with Snipe-IT.
+- [Kandji2Snipe](https://github.com/grokability/kandji2snipe) by [@briangoldstein](https://github.com/briangoldstein) - Python script that synchronizes Kandji with Snipe-IT.
+- [SnipeAgent](https://github.com/ReticentRobot/SnipeAgent) by @ReticentRobot - Windows agent for Snipe-IT
                                                     
-As these were created by third-parties, Snipe-IT cannot provide support for these project, and you should contact the developers directly if you need assistance. Additionally, Snipe-IT makes no guarantees as to the reliability, accuracy or maintainability of these libraries. Use at your own risk. :) 
+As these were created by third-parties, Snipe-IT cannot provide support for these project, and you should contact the developers directly if you need assistance. Additionally, Snipe-IT makes no guarantees as to the reliability, accuracy or maintainability of these libraries. Use at your own risk. :)

 -----

@@ -77,6 +83,8 @@ Please see the documentation on [contributing and developing for Snipe-IT](https

 Please note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.

+The ERD is available [online here](https://drawsql.app/templates/snipe-it).
+
 -----

 ### Security
@@ -131,7 +139,13 @@ Thanks goes to all of these wonderful people ([emoji key](https://github.com/ken
 | [<img src="https://avatars.githubusercontent.com/u/1975640?v=4" width="110px;"/><br /><sub>Evan Taylor</sub>](https://github.com/Delta5)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Delta5 "Code") | [<img src="https://avatars.githubusercontent.com/u/8735148?v=4" width="110px;"/><br /><sub>Petri Asikainen</sub>](https://github.com/PetriAsi)<br />[💻](https://github.com/snipe/snipe-it/commits?author=PetriAsi "Code") | [<img src="https://avatars.githubusercontent.com/u/11424540?v=4" width="110px;"/><br /><sub>derdeagle</sub>](https://github.com/derdeagle)<br />[💻](https://github.com/snipe/snipe-it/commits?author=derdeagle "Code") | [<img src="https://avatars.githubusercontent.com/u/176950?v=4" width="110px;"/><br /><sub>Mike Frysinger</sub>](https://wh0rd.org/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=vapier "Code") | [<img src="https://avatars.githubusercontent.com/u/22044358?v=4" width="110px;"/><br /><sub>ALPHA</sub>](https://github.com/AL4AL)<br />[💻](https://github.com/snipe/snipe-it/commits?author=AL4AL "Code") | [<img src="https://avatars.githubusercontent.com/u/1042587?v=4" width="110px;"/><br /><sub>FliegenKLATSCH</sub>](https://www.ifern.de)<br />[💻](https://github.com/snipe/snipe-it/commits?author=FliegenKLATSCH "Code") | [<img src="https://avatars.githubusercontent.com/u/442138?v=4" width="110px;"/><br /><sub>Jeremy Price</sub>](https://github.com/jerm)<br />[💻](https://github.com/snipe/snipe-it/commits?author=jerm "Code") |
 | [<img src="https://avatars.githubusercontent.com/u/84392209?v=4" width="110px;"/><br /><sub>Toreg87</sub>](https://github.com/Toreg87)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Toreg87 "Code") | [<img src="https://avatars.githubusercontent.com/u/67638596?v=4" width="110px;"/><br /><sub>Matthew Nickson</sub>](https://github.com/Computroniks)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Computroniks "Code") | [<img src="https://avatars.githubusercontent.com/u/1646397?v=4" width="110px;"/><br /><sub>Jethro Nederhof</sub>](https://jethron.id.au)<br />[💻](https://github.com/snipe/snipe-it/commits?author=jethron "Code") | [<img src="https://avatars.githubusercontent.com/u/23289826?v=4" width="110px;"/><br /><sub>Oskar Stenberg</sub>](https://github.com/01ste02)<br />[💻](https://github.com/snipe/snipe-it/commits?author=01ste02 "Code") | [<img src="https://avatars.githubusercontent.com/u/82208283?v=4" width="110px;"/><br /><sub>Robert-Azelis</sub>](https://github.com/Robert-Azelis)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Robert-Azelis "Code") | [<img src="https://avatars.githubusercontent.com/u/60648387?v=4" width="110px;"/><br /><sub>Alexander William Smith</sub>](https://github.com/alwism)<br />[💻](https://github.com/snipe/snipe-it/commits?author=alwism "Code") | [<img src="https://avatars.githubusercontent.com/u/24418301?v=4" width="110px;"/><br /><sub>LEITWERK AG</sub>](https://www.leitwerk.de/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=leitwerk-ag "Code") |
 | [<img src="https://avatars.githubusercontent.com/u/1911435?v=4" width="110px;"/><br /><sub>Adam</sub>](http://www.aboutcher.co.uk)<br />[💻](https://github.com/snipe/snipe-it/commits?author=adamboutcher "Code") | [<img src="https://avatars.githubusercontent.com/u/16104273?v=4" width="110px;"/><br /><sub>Ian</sub>](https://snksrv.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=sneak-it "Code") | [<img src="https://avatars.githubusercontent.com/u/4023909?v=4" width="110px;"/><br /><sub>Shao Yu-Lung (Allen)</sub>](http://blog.bestlong.idv.tw/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=bestlong "Code") | [<img src="https://avatars.githubusercontent.com/u/76475453?v=4" width="110px;"/><br /><sub>Haxatron</sub>](https://github.com/Haxatron)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Haxatron "Code") | [<img src="https://avatars.githubusercontent.com/u/88776392?v=4" width="110px;"/><br /><sub>PlaneNuts</sub>](https://github.com/PlaneNuts)<br />[💻](https://github.com/snipe/snipe-it/commits?author=PlaneNuts "Code") | [<img src="https://avatars.githubusercontent.com/u/3842948?v=4" width="110px;"/><br /><sub>Bradley Coudriet</sub>](http://bjcpgd.cias.rit.edu)<br />[💻](https://github.com/snipe/snipe-it/commits?author=exula "Code") | [<img src="https://avatars.githubusercontent.com/u/21966173?v=4" width="110px;"/><br /><sub>Dalton Durst</sub>](https://daltondur.st)<br />[💻](https://github.com/snipe/snipe-it/commits?author=UniversalSuperBox "Code") |
-| [<img src="https://avatars.githubusercontent.com/u/38761237?v=4" width="110px;"/><br /><sub>Alex Janes</sub>](https://adagiohealth.org)<br />[💻](https://github.com/snipe/snipe-it/commits?author=adagioajanes "Code") | [<img src="https://avatars.githubusercontent.com/u/32387849?v=4" width="110px;"/><br /><sub>Nuraeil</sub>](https://github.com/nuraeil)<br />[💻](https://github.com/snipe/snipe-it/commits?author=nuraeil "Code") | [<img src="https://avatars.githubusercontent.com/u/48162670?v=4" width="110px;"/><br /><sub>TenOfTens</sub>](https://github.com/TenOfTens)<br />[💻](https://github.com/snipe/snipe-it/commits?author=TenOfTens "Code") | [<img src="https://avatars.githubusercontent.com/u/9415391?v=4" width="110px;"/><br /><sub>waffle</sub>](https://ditisjens.be/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=insert-waffle "Code") | [<img src="https://avatars.githubusercontent.com/u/19945501?v=4" width="110px;"/><br /><sub>Yevhenii Huzii</sub>](https://github.com/QveenSi)<br />[💻](https://github.com/snipe/snipe-it/commits?author=QveenSi "Code") | [<img src="https://avatars.githubusercontent.com/u/3839381?v=4" width="110px;"/><br /><sub>Achmad Fienan Rahardianto</sub>](https://github.com/veenone)<br />[💻](https://github.com/snipe/snipe-it/commits?author=veenone "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/38761237?v=4" width="110px;"/><br /><sub>Alex Janes</sub>](https://adagiohealth.org)<br />[💻](https://github.com/snipe/snipe-it/commits?author=adagioajanes "Code") | [<img src="https://avatars.githubusercontent.com/u/32387849?v=4" width="110px;"/><br /><sub>Nuraeil</sub>](https://github.com/nuraeil)<br />[💻](https://github.com/snipe/snipe-it/commits?author=nuraeil "Code") | [<img src="https://avatars.githubusercontent.com/u/48162670?v=4" width="110px;"/><br /><sub>TenOfTens</sub>](https://github.com/TenOfTens)<br />[💻](https://github.com/snipe/snipe-it/commits?author=TenOfTens "Code") | [<img src="https://avatars.githubusercontent.com/u/9415391?v=4" width="110px;"/><br /><sub>waffle</sub>](https://ditisjens.be/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=insert-waffle "Code") | [<img src="https://avatars.githubusercontent.com/u/19945501?v=4" width="110px;"/><br /><sub>Yevhenii Huzii</sub>](https://github.com/QveenSi)<br />[💻](https://github.com/snipe/snipe-it/commits?author=QveenSi "Code") | [<img src="https://avatars.githubusercontent.com/u/3839381?v=4" width="110px;"/><br /><sub>Achmad Fienan Rahardianto</sub>](https://github.com/veenone)<br />[💻](https://github.com/snipe/snipe-it/commits?author=veenone "Code") | [<img src="https://avatars.githubusercontent.com/u/19945501?v=4" width="110px;"/><br /><sub>Yevhenii Huzii</sub>](https://github.com/QveenSi)<br />[💻](https://github.com/snipe/snipe-it/commits?author=QveenSi "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/97299851?v=4" width="110px;"/><br /><sub>Christian Weirich</sub>](https://github.com/chrisweirich)<br />[💻](https://github.com/snipe/snipe-it/commits?author=chrisweirich "Code") | [<img src="https://avatars.githubusercontent.com/u/1294403?v=4" width="110px;"/><br /><sub>denzfarid</sub>](https://github.com/denzfarid)<br /> | [<img src="https://avatars.githubusercontent.com/u/94018771?v=4" width="110px;"/><br /><sub>ntbutler-nbcs</sub>](https://github.com/ntbutler-nbcs)<br />[💻](https://github.com/snipe/snipe-it/commits?author=ntbutler-nbcs "Code") | [<img src="https://avatars.githubusercontent.com/u/172697?v=4" width="110px;"/><br /><sub>Naveen</sub>](https://naveensrinivasan.dev)<br />[💻](https://github.com/snipe/snipe-it/commits?author=naveensrinivasan "Code") | [<img src="https://avatars.githubusercontent.com/u/55674383?v=4" width="110px;"/><br /><sub>Mike Roquemore</sub>](https://github.com/mikeroq)<br />[💻](https://github.com/snipe/snipe-it/commits?author=mikeroq "Code") | [<img src="https://avatars.githubusercontent.com/u/7991086?v=4" width="110px;"/><br /><sub>Daniel Reeder</sub>](https://github.com/reederda)<br />[🌍](#translation-reederda "Translation") [🌍](#translation-reederda "Translation") [💻](https://github.com/snipe/snipe-it/commits?author=reederda "Code") | [<img src="https://avatars.githubusercontent.com/u/109422491?v=4" width="110px;"/><br /><sub>vickyjaura183</sub>](https://github.com/vickyjaura183)<br />[💻](https://github.com/snipe/snipe-it/commits?author=vickyjaura183 "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/32363424?v=4" width="110px;"/><br /><sub>Peace</sub>](https://github.com/julian-piehl)<br />[💻](https://github.com/snipe/snipe-it/commits?author=julian-piehl "Code") | [<img src="https://avatars.githubusercontent.com/u/231528?v=4" width="110px;"/><br /><sub>Kyle Gordon</sub>](https://github.com/kylegordon)<br />[💻](https://github.com/snipe/snipe-it/commits?author=kylegordon "Code") | [<img src="https://avatars.githubusercontent.com/u/53009155?v=4" width="110px;"/><br /><sub>Katharina Drexel</sub>](http://www.bfh.ch)<br />[💻](https://github.com/snipe/snipe-it/commits?author=sunflowerbofh "Code") | [<img src="https://avatars.githubusercontent.com/u/1931963?v=4" width="110px;"/><br /><sub>David Sferruzza</sub>](https://david.sferruzza.fr/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=dsferruzza "Code") | [<img src="https://avatars.githubusercontent.com/u/19511639?v=4" width="110px;"/><br /><sub>Rick Nelson</sub>](https://github.com/rnelsonee)<br />[💻](https://github.com/snipe/snipe-it/commits?author=rnelsonee "Code") | [<img src="https://avatars.githubusercontent.com/u/94169344?v=4" width="110px;"/><br /><sub>BasO12</sub>](https://github.com/BasO12)<br />[💻](https://github.com/snipe/snipe-it/commits?author=BasO12 "Code") | [<img src="https://avatars.githubusercontent.com/u/111710123?v=4" width="110px;"/><br /><sub>Vautia</sub>](https://github.com/Vautia)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Vautia "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/28321?v=4" width="110px;"/><br /><sub>Chris Hartjes</sub>](http://www.littlehart.net/atthekeyboard)<br />[💻](https://github.com/snipe/snipe-it/commits?author=chartjes "Code") | [<img src="https://avatars.githubusercontent.com/u/2404584?v=4" width="110px;"/><br /><sub>geo-chen</sub>](https://github.com/geo-chen)<br />[💻](https://github.com/snipe/snipe-it/commits?author=geo-chen "Code") | [<img src="https://avatars.githubusercontent.com/u/6006620?v=4" width="110px;"/><br /><sub>Phan Nguyen</sub>](https://github.com/nh314)<br />[💻](https://github.com/snipe/snipe-it/commits?author=nh314 "Code") | [<img src="https://avatars.githubusercontent.com/u/115993812?v=4" width="110px;"/><br /><sub>Iisakki Jaakkola</sub>](https://github.com/StarlessNights)<br />[💻](https://github.com/snipe/snipe-it/commits?author=StarlessNights "Code") | [<img src="https://avatars.githubusercontent.com/u/22633385?v=4" width="110px;"/><br /><sub>Ikko Ashimine</sub>](https://bandism.net/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=eltociear "Code") | [<img src="https://avatars.githubusercontent.com/u/56871540?v=4" width="110px;"/><br /><sub>Lukas Fehling</sub>](https://github.com/lukasfehling)<br />[💻](https://github.com/snipe/snipe-it/commits?author=lukasfehling "Code") | [<img src="https://avatars.githubusercontent.com/u/1975990?v=4" width="110px;"/><br /><sub>Fernando Almeida</sub>](https://github.com/fernando-almeida)<br />[💻](https://github.com/snipe/snipe-it/commits?author=fernando-almeida "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/116301219?v=4" width="110px;"/><br /><sub>akemidx</sub>](https://github.com/akemidx)<br />[💻](https://github.com/snipe/snipe-it/commits?author=akemidx "Code") | [<img src="https://avatars.githubusercontent.com/u/144778?v=4" width="110px;"/><br /><sub>Oguz Bilgic</sub>](http://oguz.site)<br />[💻](https://github.com/snipe/snipe-it/commits?author=oguzbilgic "Code") | [<img src="https://avatars.githubusercontent.com/u/9262438?v=4" width="110px;"/><br /><sub>Scooter Crawford</sub>](https://github.com/scoo73r)<br />[💻](https://github.com/snipe/snipe-it/commits?author=scoo73r "Code") | [<img src="https://avatars.githubusercontent.com/u/5957345?v=4" width="110px;"/><br /><sub>subdriven</sub>](https://github.com/subdriven)<br />[💻](https://github.com/snipe/snipe-it/commits?author=subdriven "Code") | [<img src="https://avatars.githubusercontent.com/u/658865?v=4" width="110px;"/><br /><sub>Andrew Savinykh</sub>](https://github.com/AndrewSav)<br />[💻](https://github.com/snipe/snipe-it/commits?author=AndrewSav "Code") | [<img src="https://avatars.githubusercontent.com/u/1155067?v=4" width="110px;"/><br /><sub>Tadayuki Onishi</sub>](https://kenchan0130.github.io)<br />[💻](https://github.com/snipe/snipe-it/commits?author=kenchan0130 "Code") | [<img src="https://avatars.githubusercontent.com/u/112496896?v=4" width="110px;"/><br /><sub>Florian</sub>](https://github.com/floschoepfer)<br />[💻](https://github.com/snipe/snipe-it/commits?author=floschoepfer "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/7305753?v=4" width="110px;"/><br /><sub>Spencer Long</sub>](http://spencerlong.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=spencerrlongg "Code") | [<img src="https://avatars.githubusercontent.com/u/1141514?v=4" width="110px;"/><br /><sub>Marcus Moore</sub>](https://github.com/marcusmoore)<br />[💻](https://github.com/snipe/snipe-it/commits?author=marcusmoore "Code") | [<img src="https://avatars.githubusercontent.com/u/570639?v=4" width="110px;"/><br /><sub>Martin Meredith</sub>](https://github.com/Mezzle)<br /> | [<img src="https://avatars.githubusercontent.com/u/5731963?v=4" width="110px;"/><br /><sub>dboth</sub>](http://dboth.de)<br />[💻](https://github.com/snipe/snipe-it/commits?author=dboth "Code") | [<img src="https://avatars.githubusercontent.com/u/87536651?v=4" width="110px;"/><br /><sub>Zachary Fleck</sub>](https://github.com/zacharyfleck)<br />[💻](https://github.com/snipe/snipe-it/commits?author=zacharyfleck "Code") | [<img src="https://avatars.githubusercontent.com/u/74609912?v=4" width="110px;"/><br /><sub>VIKAAS-A</sub>](https://github.com/vikaas-cyper)<br />[💻](https://github.com/snipe/snipe-it/commits?author=vikaas-cyper "Code") | [<img src="https://avatars.githubusercontent.com/u/88882041?v=4" width="110px;"/><br /><sub>Abdul Kareem</sub>](https://github.com/ak-piracha)<br />[💻](https://github.com/snipe/snipe-it/commits?author=ak-piracha "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/111287779?v=4" width="110px;"/><br /><sub>NojoudAlshehri</sub>](https://github.com/NojoudAlshehri)<br />[💻](https://github.com/snipe/snipe-it/commits?author=NojoudAlshehri "Code") | [<img src="https://avatars.githubusercontent.com/u/54367449?v=4" width="110px;"/><br /><sub>Stefan Stidl</sub>](https://github.com/stefanstidlffg)<br />[💻](https://github.com/snipe/snipe-it/commits?author=stefanstidlffg "Code") | [<img src="https://avatars.githubusercontent.com/u/87803479?v=4" width="110px;"/><br /><sub>Quentin Aymard</sub>](https://github.com/qay21)<br />[💻](https://github.com/snipe/snipe-it/commits?author=qay21 "Code") |
 <!-- ALL-CONTRIBUTORS-LIST:END -->

 This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind welcome!
@@ -0,0 +1,51 @@
+# Running the Test Suite
+
+This document is targeted at developers looking to make modifications to this application's code base and want to run the existing test suite.
+
+Before starting, follow the [instructions](README.md#installation) for installing the application locally and ensure you can load it in a browser properly.
+
+## Unit and Feature Tests
+
+Before attempting to run the test suite copy the example environment file for tests and update the values to match your environment:
+
+`cp .env.testing.example .env.testing`
+> Since the data in the database is flushed after each test it is recommended you create a separate mysql database for specifically for tests
+
+Now you are ready to run the entire test suite from your terminal:
+
+`php artisan test`
+
+To run individual test files, you can pass the path to the test that you want to run:
+
+`php artisan test tests/Unit/AccessoryTest.php`
+
+## Browser Tests 
+
+Browser tests are run via [Laravel Dusk](https://laravel.com/docs/8.x/dusk) and require Google Chrome to be installed.
+
+Before attempting to run Dusk tests copy the example environment file for Dusk and update the values to match your environment:
+
+`cp .env.dusk.example .env.dusk.local`
+> `local` refers to the value of `APP_ENV` in your `.env` so if you have it set to `dev` then the file should be named `.env.dusk.dev`.
+
+**Important**: Dusk tests cannot be run using an in-memory SQLite database. Additionally, the Dusk test suite uses the `DatabaseMigrations` trait which will leave the database in a fresh state after running. Therefore, it is recommended that you create a test database and point `DB_DATABASE` in `.env.dusk.local` to it.  
+
+### Running Browser Tests
+
+Your application needs to be configured and up and running in order for the browser tests to actually run. When running the tests locally, you can start the application using the following command:
+
+`php artisan serve`
+
+Now you are ready to run the test suite. Use the following command from another terminal tab or window:
+
+`php artisan dusk`
+
+To run individual test files, you can pass the path to the test that you want to run:
+
+`php artisan dusk tests/Browser/LoginTest.php`
+
+If you get an error when attempting to run Dusk tests that says `Couldn't connect to server` run:
+
+`php artisan dusk:chrome-driver --detect`
+
+This command will install the specific ChromeDriver Dusk needs for your operating system and Chrome version.
@@ -118,7 +118,7 @@
        "description": "The duration (in seconds) that the user should be blocked from attempting to authenticate again.",
        "value": "60"
      },
-      "APP_LOG": {
+      "LOG_CHANNEL": {
        "description": "Driver to send logs to. (errorlog for stderr)",
        "value": "errorlog"
      },
@@ -148,7 +148,7 @@
    "image": "heroku/php",
    "addons": [
      "cleardb:ignite",
-      "heroku-redis:hobby-dev",
+      "heroku-redis:mini",
      "papertrail:choklad"
    ]
-  }
+  }
@@ -22,7 +22,7 @@ class CheckoutLicenseToAllUsers extends Command
     *
     * @var string
     */
-    protected $description = 'Command description';
+    protected $description = 'Checks out licenses to all users';

    /**
     * Create a new command instance.
@@ -56,7 +56,7 @@ class CheckoutLicenseToAllUsers extends Command
            return false;
        }

-        $users = User::whereNull('deleted_at')->with('licenses')->get();
+        $users = User::whereNull('deleted_at')->where('autoassign_licenses', '=', 1)->with('licenses')->get();

        if ($users->count() > $license->getAvailSeatsCountAttribute()) {
            $this->info('You do not have enough free seats to complete this task, so we will check out as many as we can. ');
@@ -3,15 +3,31 @@
 namespace App\Console\Commands;

 use Illuminate\Console\Command;
+use \App\Models\User;
+

 class CreateAdmin extends Command
 {
+
+    /** @mixin User **/
    /**
-     * The name and signature of the console command.
-     *
-     * @var string
+     * App\Console\CreateAdmin
+     * @property mixed $first_name
+     * @property string $last_name
+     * @property string $username
+     * @property string $email
+     * @property string $permissions
+     * @property string $password
+     * @property boolean $activated
+     * @property boolean $show_in_list
+     * @property boolean $autoassign_licenses
+     * @property \Illuminate\Support\Carbon|null $created_at
+     * @property mixed $created_by
     */
-    protected $signature = 'snipeit:create-admin {--first_name=} {--last_name=}  {--email=}  {--username=}  {--password=}   {show_in_list?}';
+
+
+
+    protected $signature = 'snipeit:create-admin {--first_name=} {--last_name=}  {--email=}  {--username=}  {--password=} {show_in_list?} {autoassign_licenses?}';

    /**
     * The console command description.
@@ -30,11 +46,7 @@ class CreateAdmin extends Command
        parent::__construct();
    }

-    /**
-     * Execute the console command.
-     *
-     * @return mixed
-     */
+
    public function handle()
    {
        $first_name = $this->option('first_name');
@@ -43,11 +55,14 @@ class CreateAdmin extends Command
        $email = $this->option('email');
        $password = $this->option('password');
        $show_in_list = $this->argument('show_in_list');
+        $autoassign_licenses = $this->argument('autoassign_licenses');
+
+

        if (($first_name == '') || ($last_name == '') || ($username == '') || ($email == '') || ($password == '')) {
            $this->info('ERROR: All fields are required.');
        } else {
-            $user = new \App\Models\User;
+            $user = new User;
            $user->first_name = $first_name;
            $user->last_name = $last_name;
            $user->username = $username;
@@ -59,6 +74,11 @@ class CreateAdmin extends Command
            if ($show_in_list == 'false') {
                $user->show_in_list = 0;
            }
+
+            if ($autoassign_licenses == 'false') {
+                $user->autoassign_licenses = 0;
+            }
+
            if ($user->save()) {
                $this->info('New user created');
                $user->groups()->attach(1);
@@ -0,0 +1,97 @@
+<?php
+
+namespace App\Console\Commands;
+
+use App\Helpers\Helper;
+use Illuminate\Console\Command;
+use App\Models\User;
+use Laravel\Passport\TokenRepository;
+use Illuminate\Contracts\Validation\Factory as ValidationFactory;
+use DB;
+
+class GeneratePersonalAccessToken extends Command
+{
+
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'snipeit:make-api-key 
+                        {--user_id= : The ID of the user to create the token for.}
+                        {--name= : The name of the new API token}
+                        {--key-only : Only return the value of the API key}';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'This console command allows you to generate Personal API tokens to be used with the Snipe-IT JSON REST API on behalf of a user.';
+
+
+    /**
+     * The token repository implementation.
+     *
+     * @var \Laravel\Passport\TokenRepository
+     */
+    protected $tokenRepository;
+
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct(TokenRepository $tokenRepository, ValidationFactory $validation)
+    {
+        $this->validation = $validation;
+        $this->tokenRepository = $tokenRepository;
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return int
+     */
+    public function handle()
+    {
+
+        $accessTokenName = $this->option('name');
+        if ($accessTokenName=='') {
+            $accessTokenName = 'CLI Auth Token';
+        }
+
+        if ($this->option('user_id')=='') {
+            return $this->error('ERROR: user_id cannot be blank.');
+        }
+
+        if ($user = User::find($this->option('user_id'))) {
+
+            $createAccessToken = $user->createToken($accessTokenName)->accessToken;
+
+            if ($this->option('key-only')) {
+                $this->info($createAccessToken);
+
+            } else {
+
+                $this->warn('Your API Token has been created. Be sure to copy this token now, as it will not be accessible again.');
+
+                if ($token = DB::table('oauth_access_tokens')->where('user_id', '=', $user->id)->where('name','=',$accessTokenName)->orderBy('created_at', 'desc')->first()) {
+                    $this->info('API Token ID: '.$token->id);
+                }
+
+                $this->info('API Token User: '.$user->present()->fullName.' ('.$user->username.')');
+                $this->info('API Token Name: '.$accessTokenName);
+                $this->info('API Token: '.$createAccessToken);
+            }
+        } else {
+           return $this->error('ERROR: Invalid user. API key was not created.');
+        }
+
+
+
+
+    }
+}
@@ -3,6 +3,7 @@
 namespace App\Console\Commands;

 use App\Models\Department;
+use App\Models\Group;
 use Illuminate\Console\Command;
 use App\Models\Setting;
 use App\Models\Ldap;
@@ -17,7 +18,7 @@ class LdapSync extends Command
     *
     * @var string
     */
-    protected $signature = 'snipeit:ldap-sync {--location=} {--location_id=} {--base_dn=} {--summary} {--json_summary}';
+    protected $signature = 'snipeit:ldap-sync {--location=} {--location_id=} {--base_dn=} {--filter=} {--summary} {--json_summary}';

    /**
     * The console command description.
@@ -43,20 +44,28 @@ class LdapSync extends Command
     */
    public function handle()
    {
+
+        // If LDAP enabled isn't set to 1 (ldap_enabled!=1) then we should cut this short immediately without going any further
+        if (Setting::getSettings()->ldap_enabled!='1') {
+            $this->error('LDAP is not enabled. Aborting. See Settings > LDAP to enable it.');
+            exit();
+        }
+
        ini_set('max_execution_time', env('LDAP_TIME_LIM', 600)); //600 seconds = 10 minutes
        ini_set('memory_limit', env('LDAP_MEM_LIM', '500M'));
        $ldap_result_username = Setting::getSettings()->ldap_username_field;
        $ldap_result_last_name = Setting::getSettings()->ldap_lname_field;
        $ldap_result_first_name = Setting::getSettings()->ldap_fname_field;
-
-        $ldap_result_active_flag = Setting::getSettings()->ldap_active_flag_field;
+        $ldap_result_active_flag = Setting::getSettings()->ldap_active_flag;
        $ldap_result_emp_num = Setting::getSettings()->ldap_emp_num;
        $ldap_result_email = Setting::getSettings()->ldap_email;
        $ldap_result_phone = Setting::getSettings()->ldap_phone_field;
        $ldap_result_jobtitle = Setting::getSettings()->ldap_jobtitle;
        $ldap_result_country = Setting::getSettings()->ldap_country;
+        $ldap_result_location = Setting::getSettings()->ldap_location;
        $ldap_result_dept = Setting::getSettings()->ldap_dept;
        $ldap_result_manager = Setting::getSettings()->ldap_manager;
+        $ldap_default_group = Setting::getSettings()->ldap_default_group;

        try {
            $ldapconn = Ldap::connectToLdap();
@@ -66,7 +75,7 @@ class LdapSync extends Command
                $json_summary = ['error' => true, 'error_message' => $e->getMessage(), 'summary' => []];
                $this->info(json_encode($json_summary));
            }
-            LOG::info($e);
+            Log::info($e);

            return [];
        }
@@ -76,17 +85,21 @@ class LdapSync extends Command
        try {
            if ($this->option('base_dn') != '') {
                $search_base = $this->option('base_dn');
-                LOG::debug('Importing users from specified base DN: \"'.$search_base.'\".');
+                Log::debug('Importing users from specified base DN: \"'.$search_base.'\".');
            } else {
                $search_base = null;
            }
-            $results = Ldap::findLdapUsers($search_base);
+            if ($this->option('filter') != '') {
+                $results = Ldap::findLdapUsers($search_base, -1, $this->option('filter'));
+            } else {
+                $results = Ldap::findLdapUsers($search_base);
+            }
        } catch (\Exception $e) {
            if ($this->option('json_summary')) {
                $json_summary = ['error' => true, 'error_message' => $e->getMessage(), 'summary' => []];
                $this->info(json_encode($json_summary));
            }
-            LOG::info($e);
+            Log::info($e);

            return [];
        }
@@ -96,20 +109,20 @@ class LdapSync extends Command

        if ($this->option('location') != '') {
            $location = Location::where('name', '=', $this->option('location'))->first();
-            LOG::debug('Location name '.$this->option('location').' passed');
-            LOG::debug('Importing to '.$location->name.' ('.$location->id.')');
+            Log::debug('Location name '.$this->option('location').' passed');
+            Log::debug('Importing to '.$location->name.' ('.$location->id.')');
        } elseif ($this->option('location_id') != '') {
            $location = Location::where('id', '=', $this->option('location_id'))->first();
-            LOG::debug('Location ID '.$this->option('location_id').' passed');
-            LOG::debug('Importing to '.$location->name.' ('.$location->id.')');
+            Log::debug('Location ID '.$this->option('location_id').' passed');
+            Log::debug('Importing to '.$location->name.' ('.$location->id.')');
        }

        if (! isset($location)) {
-            LOG::debug('That location is invalid or a location was not provided, so no location will be assigned by default.');
+            Log::debug('That location is invalid or a location was not provided, so no location will be assigned by default.');
        }

        /* Process locations with explicitly defined OUs, if doing a full import. */
-        if ($this->option('base_dn') == '') {
+        if ($this->option('base_dn') == '' && $this->option('filter') == '') {
            // Retrieve locations with a mapped OU, and sort them from the shallowest to deepest OU (see #3993)
            $ldap_ou_locations = Location::where('ldap_ou', '!=', '')->get()->toArray();
            $ldap_ou_lengths = [];
@@ -121,7 +134,7 @@ class LdapSync extends Command
            array_multisort($ldap_ou_lengths, SORT_ASC, $ldap_ou_locations);

            if (count($ldap_ou_locations) > 0) {
-                LOG::debug('Some locations have special OUs set. Locations will be automatically set for users in those OUs.');
+                Log::debug('Some locations have special OUs set. Locations will be automatically set for users in those OUs.');
            }

            // Inject location information fields
@@ -139,7 +152,7 @@ class LdapSync extends Command
                        $json_summary = ['error' => true, 'error_message' => trans('admin/users/message.error.ldap_could_not_search').' Location: '.$ldap_loc['name'].' (ID: '.$ldap_loc['id'].') cannot connect to "'.$ldap_loc['ldap_ou'].'" - '.$e->getMessage(), 'summary' => []];
                        $this->info(json_encode($json_summary));
                    }
-                    LOG::info($e);
+                    Log::info($e);

                    return [];
                }
@@ -171,22 +184,37 @@ class LdapSync extends Command
        $tmp_pass = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, 20);
        $pass = bcrypt($tmp_pass);

-        for ($i = 0; $i < $results['count']; $i++) {
-            if (empty($ldap_result_active_flag) || $results[$i][$ldap_result_active_flag][0] == 'TRUE') {
-                $item = [];
-                $item['username'] = isset($results[$i][$ldap_result_username][0]) ? $results[$i][$ldap_result_username][0] : '';
-                $item['employee_number'] = isset($results[$i][$ldap_result_emp_num][0]) ? $results[$i][$ldap_result_emp_num][0] : '';
-                $item['lastname'] = isset($results[$i][$ldap_result_last_name][0]) ? $results[$i][$ldap_result_last_name][0] : '';
-                $item['firstname'] = isset($results[$i][$ldap_result_first_name][0]) ? $results[$i][$ldap_result_first_name][0] : '';
-                $item['email'] = isset($results[$i][$ldap_result_email][0]) ? $results[$i][$ldap_result_email][0] : '';
-                $item['ldap_location_override'] = isset($results[$i]['ldap_location_override']) ? $results[$i]['ldap_location_override'] : '';
-                $item['location_id'] = isset($results[$i]['location_id']) ? $results[$i]['location_id'] : '';
-                $item['telephone'] = isset($results[$i][$ldap_result_phone][0]) ? $results[$i][$ldap_result_phone][0] : '';
-                $item['jobtitle'] = isset($results[$i][$ldap_result_jobtitle][0]) ? $results[$i][$ldap_result_jobtitle][0] : '';
-                $item['country'] = isset($results[$i][$ldap_result_country][0]) ? $results[$i][$ldap_result_country][0] : '';
-                $item['department'] = isset($results[$i][$ldap_result_dept][0]) ? $results[$i][$ldap_result_dept][0] : '';
-                $item['manager'] = isset($results[$i][$ldap_result_manager][0]) ? $results[$i][$ldap_result_manager][0] : '';
+        $manager_cache = [];

+        if($ldap_default_group != null) {
+
+            $default = Group::find($ldap_default_group);
+            if (!$default) {
+                $ldap_default_group = null; // un-set the default group if that group doesn't exist
+            }
+
+        }
+
+
+        for ($i = 0; $i < $results['count']; $i++) {
+                $item = [];
+                $item['username'] = $results[$i][$ldap_result_username][0] ?? '';
+                $item['employee_number'] = $results[$i][$ldap_result_emp_num][0] ?? '';
+                $item['lastname'] = $results[$i][$ldap_result_last_name][0] ?? '';
+                $item['firstname'] = $results[$i][$ldap_result_first_name][0] ?? '';
+                $item['email'] = $results[$i][$ldap_result_email][0] ?? '';
+                $item['ldap_location_override'] = $results[$i]['ldap_location_override'] ?? '';
+                $item['location_id'] = $results[$i]['location_id'] ?? '';
+                $item['telephone'] = $results[$i][$ldap_result_phone][0] ?? '';
+                $item['jobtitle'] = $results[$i][$ldap_result_jobtitle][0] ?? '';
+                $item['country'] = $results[$i][$ldap_result_country][0] ?? '';
+                $item['department'] = $results[$i][$ldap_result_dept][0] ?? '';
+                $item['manager'] = $results[$i][$ldap_result_manager][0] ?? '';
+                $item['location'] = $results[$i][$ldap_result_location][0] ?? '';
+
+                $location = Location::firstOrCreate([
+                    'name' => $item['location'],
+                ]);
                $department = Department::firstOrCreate([
                    'name' => $item['department'],
                ]);
@@ -199,7 +227,7 @@ class LdapSync extends Command
                    // Creating a new user.
                    $user = new User;
                    $user->password = $pass;
-                    $user->activated = 0;
+                    $user->activated = 1; // newly created users can log in by default, unless AD's UAC is in use, or an active flag is set (below)
                    $item['createorupdate'] = 'created';
                }

@@ -212,21 +240,64 @@ class LdapSync extends Command
                $user->jobtitle = $item['jobtitle'];
                $user->country = $item['country'];
                $user->department_id = $department->id;
+                $user->location_id = $location->id;

                if($item['manager'] != null) {
-                    //Captures only the Canonical Name
-                    $item['manager'] = ltrim($item['manager'], "CN=");
-                    $item['manager'] = substr($item['manager'],0, strpos($item['manager'], ','));
-                    $ldap_manager = User::where('username', $item['manager'])->first();
-                    if ( $ldap_manager && isset($ldap_manager->id) ) {
-                        $user->manager_id = $ldap_manager->id;
+                    // Check Cache first
+                    if (isset($manager_cache[$item['manager']])) {
+                        // found in cache; use that and avoid extra lookups
+                        $user->manager_id = $manager_cache[$item['manager']];
+                    } else {
+                        // Get the LDAP Manager
+                        try {
+                            $ldap_manager = Ldap::findLdapUsers($item['manager'], -1, $this->option('filter'));
+                        } catch (\Exception $e) {
+                            \Log::warning("Manager lookup caused an exception: " . $e->getMessage() . ". Falling back to direct username lookup");
+                            // Hail-mary for Okta manager 'shortnames' - will only work if
+                            // Okta configuration is using full email-address-style usernames
+                            $ldap_manager = [
+                                "count" => 1,
+                                0 => [
+                                    $ldap_result_username => [$item['manager']]
+                                ]
+                            ];
+                        }
+
+                        if ($ldap_manager["count"] > 0) {
+
+                            // Get the Manager's username
+                            // PHP LDAP returns every LDAP attribute as an array, and 90% of the time it's an array of just one item. But, hey, it's an array.
+                            $ldapManagerUsername = $ldap_manager[0][$ldap_result_username][0];
+
+                            // Get User from Manager username.
+                            $ldap_manager = User::where('username', $ldapManagerUsername)->first();
+
+                            if ($ldap_manager && isset($ldap_manager->id)) {
+                                // Link user to manager id.
+                                $user->manager_id = $ldap_manager->id;
+                            }
+                        }
+                        $manager_cache[$item['manager']] = $ldap_manager && isset($ldap_manager->id)  ? $ldap_manager->id : null; // Store results in cache, even if 'failed'
+
                    }
                }

-
                // Sync activated state for Active Directory.
-                if (array_key_exists('useraccountcontrol', $results[$i])) {
-                    /* The following is _probably_ the correct logic, but we can't use it because
+                if ( !empty($ldap_result_active_flag)) { // IF we have an 'active' flag set....
+                    // ....then *most* things that are truthy will activate the user. Anything falsey will deactivate them.
+                    // (Specifically, we don't handle a value of '0.0' correctly)
+                    $raw_value = @$results[$i][$ldap_result_active_flag][0];
+                    $filter_var = filter_var($raw_value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
+                    $boolean_cast = (bool)$raw_value;
+
+                    $user->activated = $filter_var ?? $boolean_cast; // if filter_var() was true or false, use that. If it's null, use the $boolean_cast
+
+                } elseif (array_key_exists('useraccountcontrol', $results[$i]) ) {
+                    // ....otherwise, (ie if no 'active' LDAP flag is defined), IF the UAC setting exists,
+                    // ....then use the UAC setting on the account to determine can-log-in vs. cannot-log-in
+
+
+                   /* The following is _probably_ the correct logic, but we can't use it because
                       some users may have been dependent upon the previous behavior, and this
                       could cause additional access to be available to users they don't want
                       to allow to log in.
@@ -243,25 +314,25 @@ class LdapSync extends Command
                        $user->activated = 0;
                    } */
                    $enabled_accounts = [
-                    '512',    // 0x200    NORMAL_ACCOUNT
-                    '544',    // 0x220    NORMAL_ACCOUNT, PASSWD_NOTREQD
-                    '66048',  // 0x10200  NORMAL_ACCOUNT, DONT_EXPIRE_PASSWORD
-                    '66080',  // 0x10220  NORMAL_ACCOUNT, PASSWD_NOTREQD, DONT_EXPIRE_PASSWORD
-                    '262656', // 0x40200  NORMAL_ACCOUNT, SMARTCARD_REQUIRED
-                    '262688', // 0x40220  NORMAL_ACCOUNT, PASSWD_NOTREQD, SMARTCARD_REQUIRED
-                    '328192', // 0x50200  NORMAL_ACCOUNT, SMARTCARD_REQUIRED, DONT_EXPIRE_PASSWORD
-                    '328224', // 0x50220  NORMAL_ACCOUNT, PASSWD_NOT_REQD, SMARTCARD_REQUIRED, DONT_EXPIRE_PASSWORD
-                    '4194816',// 0x400200 NORMAL_ACCOUNT, DONT_REQ_PREAUTH
+                    '512',    //     0x200 NORMAL_ACCOUNT
+                    '544',    //     0x220 NORMAL_ACCOUNT, PASSWD_NOTREQD
+                    '66048',  //   0x10200 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWORD
+                    '66080',  //   0x10220 NORMAL_ACCOUNT, PASSWD_NOTREQD, DONT_EXPIRE_PASSWORD
+                    '262656', //   0x40200 NORMAL_ACCOUNT, SMARTCARD_REQUIRED
+                    '262688', //   0x40220 NORMAL_ACCOUNT, PASSWD_NOTREQD, SMARTCARD_REQUIRED
+                    '328192', //   0x50200 NORMAL_ACCOUNT, SMARTCARD_REQUIRED, DONT_EXPIRE_PASSWORD
+                    '328224', //   0x50220 NORMAL_ACCOUNT, PASSWD_NOT_REQD, SMARTCARD_REQUIRED, DONT_EXPIRE_PASSWORD
+                    '4194816',//  0x400200 NORMAL_ACCOUNT, DONT_REQ_PREAUTH
                    '4260352', // 0x410200 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWORD, DONT_REQ_PREAUTH
                    '1049088', // 0x100200 NORMAL_ACCOUNT, NOT_DELEGATED
+                    '1114624', // 0x110200 NORMAL_ACCOUNT, DONT_EXPIRE_PASSWORD, NOT_DELEGATED,
                  ];
                    $user->activated = (in_array($results[$i]['useraccountcontrol'][0], $enabled_accounts)) ? 1 : 0;
-                }

                // If we're not using AD, and there isn't an activated flag set, activate all users
-                elseif (empty($ldap_result_active_flag)) {
-                    $user->activated = 1;
-                }
+                } /* implied 'else' here - leave the $user->activated flag alone. Newly-created accounts will be active.
+                already-existing accounts will be however the administrator has set them */
+

                if ($item['ldap_location_override'] == true) {
                    $user->location_id = $item['location_id'];
@@ -280,6 +351,10 @@ class LdapSync extends Command
                if ($user->save()) {
                    $item['note'] = $item['createorupdate'];
                    $item['status'] = 'success';
+                    if ( $item['createorupdate'] === 'created' && $ldap_default_group) {
+                         $user->groups()->attach($ldap_default_group);
+                    }
+
                } else {
                    foreach ($user->getErrors()->getMessages() as $key => $err) {
                        $errors .= $err[0];
@@ -289,7 +364,6 @@ class LdapSync extends Command
                }

                array_push($summary, $item);
-            }
        }

        if ($this->option('summary')) {
@@ -27,6 +27,19 @@ function ip_in_range( $ip, $range ) {
 }
 // NOTE - this function was shamelessly stolen from this gist: https://gist.github.com/tott/7684443

+/**
+ * Ensure LDAP filters are parentheses-wrapped
+ */
+function parenthesized_filter($filter)
+{
+    if(substr($filter,0,1) == "(" ) {
+        return $filter;
+    } else {
+        return "(".$filter.")";
+    }
+
+}
+
 class LdapTroubleshooter extends Command
 {
    /**
@@ -70,6 +83,47 @@ class LdapTroubleshooter extends Command
        }
    }

+    /**
+     * Clean the results from ldap_get_entries into something useful
+     * @param array $array
+     * @return array
+     */
+    public function ldap_results_cleaner ($array) {
+        $cleaned = [];
+        for($i = 0; $i < $array['count']; $i++) {
+            $row = $array[$i];
+            $clean_row = [];
+            foreach($row AS $key => $val ) {
+                $this->debugout("Key is: ".$key);
+                if($key == "count" || is_int($key) || $key == "dn") {
+                    $this->debugout(" and we're gonna skip it\n");
+                    continue;
+                }
+                $this->debugout(" And that seems fine.\n");
+                if(array_key_exists('count',$val)) {
+                    if($val['count'] == 1) {
+                        $clean_row[$key] = $val[0];
+                    } else {
+                        unset($val['count']); //these counts are annoying
+                        $elements = [];
+                        foreach($val as $entry) {
+                            if(isset($ldap_constants[$entry])) {
+                                $elements[] = $ldap_constants[$entry];
+                            } else {
+                                $elements[] = $entry;
+                            }
+                        }
+                        $clean_row[$key] = $elements;
+                    }
+                } else {
+                    $clean_row[$key] = $val;
+                }
+            }
+            $cleaned[$i] = $clean_row;
+        }
+        return $cleaned;
+    }
+
    /**
     * Execute the console command.
     *
@@ -102,16 +156,12 @@ class LdapTroubleshooter extends Command
                $output[] = "LDAPTLS_KEY=storage/ldap_client_tls.key";
            }
            $output[] = "ldapsearch";
-            $output[] = $settings->ldap_server;
+            $output[] = "-H ".$settings->ldap_server;
            $output[] = "-x";
            $output[] = "-b ".escapeshellarg($settings->ldap_basedn);
            $output[] = "-D ".escapeshellarg($settings->ldap_uname);
            $output[] = "-w ".escapeshellarg(\Crypt::Decrypt($settings->ldap_pword));
-            if(substr($settings->ldap_filter,0,1) == "(" ) {
-                $output[] = escapeshellarg($settings->ldap_filter);
-            } else {
-                $output[] = escapeshellarg("(".$settings->ldap_filter.")");
-            }
+            $output[] = escapeshellarg(parenthesized_filter($settings->ldap_filter));
            if($settings->ldap_tls) {
                $this->line("# adding STARTTLS option");
                $output[] = "-Z";
@@ -290,45 +340,8 @@ class LdapTroubleshooter extends Command
        }
        $this->debugout("LDAP constants are: ".print_r($ldap_constants,true));

-        // recursive function that 'cleans' the returned array from ldap_get_entries which are formatted awfully
-        $cleaner = function ($array) {
-            $cleaned = [];
-            for($i = 0; $i < $array['count']; $i++) {
-                $row = $array[$i];
-                $clean_row = [];
-                foreach($row AS $key => $val ) {
-                    $this->debugout("Key is: ".$key);
-                    if($key == "count" || is_int($key) || $key == "dn") {
-                        $this->debugout(" and we're gonna skip it\n");
-                        continue;
-                    }
-                    $this->debugout(" And that seems fine.\n");
-                    if(array_key_exists('count',$val)) {
-                        if($val['count'] == 1) {
-                            $clean_row[$key] = $val[0];
-                        } else {
-                            unset($val['count']); //these counts are annoying
-                            $elements = [];
-                            foreach($val as $entry) {
-                                if(isset($ldap_constants[$entry])) {
-                                    $elements[] = $ldap_constants[$entry];
-                                } else {
-                                    $elements[] = $entry;
-                                }
-                            }
-                            $clean_row[$key] = $elements;
-                        }
-                    } else {
-                        $clean_row[$key] = $val;
-                    }
-                }
-                $cleaned[$i] = $clean_row;
-            }
-            return $cleaned;
-        };
-        
        foreach($ldap_urls AS $ldap_url) {
-            if($this->test_informational_bind($ldap_url[0],$ldap_url[1],$ldap_url[2],$settings->ldap_uname,Crypt::decrypt($settings->ldap_pword))) {
+            if($this->test_informational_bind($ldap_url[0],$ldap_url[1],$ldap_url[2],$settings->ldap_uname,Crypt::decrypt($settings->ldap_pword),$settings)) {
                $this->info("Success getting informational bind!");
            } else {
                $this->error("Unable to get information from bind.");
@@ -422,9 +435,9 @@ class LdapTroubleshooter extends Command
        });
    }

-    public function test_informational_bind($ldap_url, $check_cert, $start_tls, $username, $password)
+    public function test_informational_bind($ldap_url, $check_cert, $start_tls, $username, $password,$settings)
    {
-        return $this->timed_boolean_execute(function () use ($ldap_url, $check_cert, $start_tls, $username, $password) {
+        return $this->timed_boolean_execute(function () use ($ldap_url, $check_cert, $start_tls, $username, $password, $settings) {
            try { // TODO - copypasta'ed from test_authed_bind
                $conn = $this->connect_to_ldap($ldap_url, $check_cert, $start_tls);
                $bind_results = ldap_bind($conn, $username, $password);
@@ -435,12 +448,13 @@ class LdapTroubleshooter extends Command
                $this->info("SUCCESS - Able to bind to $ldap_url as $username");
                $result = ldap_read($conn, '', '(objectClass=*)'/* , ['supportedControl']*/);
                $results = ldap_get_entries($conn, $result);
-                $cleaned_results = $cleaner($results);
+                $cleaned_results = $this->ldap_results_cleaner($results);
                $this->line(print_r($cleaned_results,true));
                //okay, great - now how do we display those results? I have no idea.
                // I don't see why this throws an Exception for Google LDAP, but I guess we ought to try and catch it?
                $this->comment("I guess we're trying to do the ldap search here, but sometimes it takes too long?");
-                $search_results = ldap_search($conn, $settings->base_dn, $settings->filter);
+                $this->debugout("Base DN is: ".$settings->ldap_basedn." and filter is: ".parenthesized_filter($settings->ldap_filter));
+                $search_results = ldap_search($conn, $settings->ldap_basedn, parenthesized_filter($settings->ldap_filter));
                $this->info("Printing first 10 results: ");
                for($i=0;$i<10;$i++) {
                    $this->info($search_results[$i]);
@@ -0,0 +1,52 @@
+<?php
+
+namespace App\Console\Commands;
+
+use Illuminate\Console\Command;
+use App\Models\User;
+
+class NormalizeUserNames extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'snipeit:normalize-names';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Normalizes weirdly formatted names as first-letter upercased';
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return int
+     */
+    public function handle()
+    {
+
+        $users = User::get();
+            $this->info($users->count() . ' users');
+
+            foreach ($users as $user) {
+                $user->first_name = ucwords(strtolower($user->first_name));
+                $user->last_name = ucwords(strtolower($user->last_name));
+                $user->email = strtolower($user->email);
+                $user->save();
+        }
+    }
+}
@@ -71,22 +71,31 @@ class ReEncodeCustomFieldNames extends Command
                     */
                    $last_part = substr(strrchr($asset_column, '_snipeit_'), 1);
                    $custom_field_columns[$last_part] = $asset_column;
+
                }
            }

            foreach ($fields as $field) {
-                $this->info($field->name.' ('.$field->id.') column should be '.$field->convertUnicodeDbSlug().'');
+                $this->info($field->name.' ('.$field->id.') column should be '.$field->convertUnicodeDbSlug());

                /** The assets table has the column it should have, all is well */
-                if (\Schema::hasColumn('assets', $field->convertUnicodeDbSlug())) {
-                    $this->info('-- ✓ This field exists - all good');
+                if ($field->db_column == $field->convertUnicodeDbSlug() && \Schema::hasColumn('assets', $field->convertUnicodeDbSlug())) {
+                    $this->info('-- ✓ This field exists on the assets table and the value for db_column matches in the custom_fields table.');

                /**
                 * There is a mismatch between the fieldname on the assets table and
                 * what $field->convertUnicodeDbSlug() is *now* expecting.
                 */
                } else {
-                    $this->warn('-- X Field mismatch: updating... ');
+
+                    if ($field->db_column != $field->convertUnicodeDbSlug()) {
+                        $this->error('-- ✘ Field mismatch: '.$field->name.' value should be '.$field->convertUnicodeDbSlug().' but is '.$field->db_column.' in the custom_fields table');
+
+                    } else {
+                        $this->error('-- ✘ Field mismatch: '.$field->name.' column should be '.$field->convertUnicodeDbSlug().' but is '.$custom_field_columns[$field->id].' on the assets table.');
+
+                    }
+

                    /** Make sure the custom_field_columns array has the ID */
                    if (array_key_exists($field->id, $custom_field_columns)) {
@@ -95,13 +104,19 @@ class ReEncodeCustomFieldNames extends Command
                         * Update the asset schema to the corrected fieldname that will be recognized by the
                         *  system elsewhere that we use $field->convertUnicodeDbSlug()
                         */
+                        $this->info('-- ✓ Updating field from '.$field->db_column.' to '.$field->convertUnicodeDbSlug().' in the assets table');
                        \Schema::table('assets', function ($table) use ($custom_field_columns, $field) {
                            $table->renameColumn($custom_field_columns[$field->id], $field->convertUnicodeDbSlug());
                        });

-                        $this->warn('-- ✓ Field updated from '.$custom_field_columns[$field->id].' to '.$field->convertUnicodeDbSlug());
+                        $this->info('-- ✓ Updating field from '.$field->db_column.' to '.$field->convertUnicodeDbSlug().' in the custom fields table');
+
+                        $field->db_column = $field->convertUnicodeDbSlug();
+                        $field->save();
+
+
                    } else {
-                        $this->warn('-- X WARNING: There is no field on the assets table ending in  '.$field->id.'. This may require more in-depth investigation and may mean the schema was altered manually.');
+                        $this->warn('-- ✘ WARNING: There is no field on the assets table ending in  '.$field->id.'. This may require more in-depth investigation and may mean the schema was altered manually.');
                    }
                }

@@ -149,7 +149,7 @@ class RestoreFromBackup extends Command
                $boring_files[] = $raw_path;
                continue;
            }
-            if (@pathinfo($raw_path)['extension'] == 'sql') {
+            if (@pathinfo($raw_path, PATHINFO_EXTENSION) == 'sql') {
                \Log::debug("Found a sql file!");
                $sqlfiles[] = $raw_path;
                $sqlfile_indices[] = $i;
@@ -214,7 +214,7 @@ class RestoreFromBackup extends Command
        $env_vars['MYSQL_PWD'] = config('database.connections.mysql.password');
        // TODO notes: we are stealing the dump_binary_path (which *probably* also has your copy of the mysql binary in it. But it might not, so we might need to extend this)
        //             we unilaterally prepend a slash to the `mysql` command. This might mean your path could look like /blah/blah/blah//mysql - which should be fine. But maybe in some environments it isn't?
-        $mysql_binary = config('database.connections.mysql.dump.dump_binary_path').'/mysql';
+        $mysql_binary = config('database.connections.mysql.dump.dump_binary_path').\DIRECTORY_SEPARATOR.'mysql'.(\DIRECTORY_SEPARATOR == '\\' ? ".exe" : "");
        if( ! file_exists($mysql_binary) ) {
            return $this->error("mysql tool at: '$mysql_binary' does not exist, cannot restore. Please edit DB_DUMP_PATH in your .env to point to a directory that contains the mysqldump and mysql binary");
        }
@@ -39,33 +39,39 @@ class SyncAssetCounters extends Command
    public function handle()
    {
        $start = microtime(true);
+
+        // We need the whole count of all assets in order to set up the progress bar
+        $assets_count = Asset::withTrashed()->count();
+        $bar = $this->output->createProgressBar($assets_count);
+
        $assets = Asset::withCount('checkins as checkins_count', 'checkouts as checkouts_count', 'userRequests as user_requests_count')
-            ->withTrashed()->get();
+            ->withTrashed()->chunk(100, function ($assets) use ($bar) {

-        if ($assets) {
-            if ($assets->count() > 0) {
-                $bar = $this->output->createProgressBar($assets->count());
+                if ($assets->count() > 0) {

-                foreach ($assets as $asset) {
-                    $asset->checkin_counter = (int) $asset->checkins_count;
-                    $asset->checkout_counter = (int) $asset->checkouts_count;
-                    $asset->requests_counter = (int) $asset->user_requests_count;
-                    $asset->unsetEventDispatcher();
-                    $asset->save();
-                    $output['info'][] = 'Asset: '.$asset->id.' has '.$asset->checkin_counter.' checkins, '.$asset->checkout_counter.' checkouts, and '.$asset->requests_counter.' requests';
-                    $bar->advance();
-                }
-                $bar->finish();
+                    foreach ($assets as $asset) {

-                foreach ($output['info'] as $key => $output_text) {
-                    $this->info($output_text);
-                }
+                        $asset->checkin_counter = (int) $asset->checkins_count;
+                        $asset->checkout_counter = (int) $asset->checkouts_count;
+                        $asset->requests_counter = (int) $asset->user_requests_count;
+                        $asset->unsetEventDispatcher();
+                        $asset->save();
+                        $bar->advance();
+
+                        \Log::debug('Asset: '.$asset->id.' has '.$asset->checkin_counter.' checkins, '.$asset->checkout_counter.' checkouts, and '.$asset->requests_counter.' requests');
+
+                    }

-                $time_elapsed_secs = microtime(true) - $start;
-                $this->info('Sync executed in '.$time_elapsed_secs.' seconds');
            } else {
                $this->info('No assets to sync');
            }
-        }
+        });
+        
+
+        $bar->finish();
+        $time_elapsed_secs = microtime(true) - $start;
+        $this->info("\nSync of ".$assets_count.' assets executed in '.$time_elapsed_secs.' seconds');
+
+
    }
 }
@@ -11,7 +11,7 @@ class SystemBackup extends Command
     *
     * @var string
     */
-    protected $name = 'snipeit:backup';
+    protected $signature = 'snipeit:backup {--filename=}';

    /**
     * The console command description.
@@ -37,7 +37,18 @@ class SystemBackup extends Command
     */
    public function handle()
    {
-        //
-        $this->call('backup:run');
+        if ($this->option('filename')) {
+            $filename = $this->option('filename');
+
+            // Make sure the filename ends in .zip
+            if (!ends_with($filename, '.zip')) {
+                $filename = $filename.'.zip';
+            }
+
+            $this->call('backup:run', ['--filename' => $filename]);
+        } else {
+            $this->call('backup:run');
+        }
+
    }
 }
@@ -24,6 +24,7 @@ class Kernel extends ConsoleKernel
        $schedule->command('snipeit:backup')->weekly();
        $schedule->command('backup:clean')->daily();
        $schedule->command('snipeit:upcoming-audits')->daily();
+        $schedule->command('auth:clear-resets')->everyFifteenMinutes();
    }

    /**
@@ -0,0 +1,24 @@
+<?php
+
+namespace App\Events;
+
+use Illuminate\Foundation\Events\Dispatchable;
+use Illuminate\Queue\SerializesModels;
+use App\Models\User;
+
+class UserMerged
+{
+    use Dispatchable, SerializesModels;
+
+    /**
+     * Create a new event instance.
+     *
+     * @return void
+     */
+    public function __construct(User $from_user, User $to_user, User $admin)
+    {
+        $this->merged_from        = $from_user;
+        $this->merged_to      = $to_user;
+        $this->admin            = $admin;
+    }
+}
@@ -6,10 +6,11 @@ use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
 use App\Helpers\Helper;
 use Illuminate\Validation\ValidationException;
 use Illuminate\Auth\AuthenticationException;
+use ArieTimmerman\Laravel\SCIMServer\Exceptions\SCIMException;
 use Log;
 use Throwable;
 use JsonException;
-
+use Carbon\Exceptions\InvalidFormatException;

 class Handler extends ExceptionHandler
 {
@@ -28,6 +29,8 @@ class Handler extends ExceptionHandler
        \Intervention\Image\Exception\NotSupportedException::class,
        \League\OAuth2\Server\Exception\OAuthServerException::class,
        JsonException::class,
+        SCIMException::class, //these generally don't need to be reported
+        InvalidFormatException::class,
    ];

    /**
@@ -41,7 +44,9 @@ class Handler extends ExceptionHandler
    public function report(Throwable $exception)
    {
        if ($this->shouldReport($exception)) {
-            \Log::error($exception);
+            if (class_exists(\Log::class)) {
+                \Log::error($exception);
+            }
            return parent::report($exception);
        }
    }
@@ -51,7 +56,7 @@ class Handler extends ExceptionHandler
     * 
     * @param  \Illuminate\Http\Request  $request
     * @param  \Exception  $e
-     * @return \Illuminate\Http\Response
+     * @return \Illuminate\Http\JsonResponse|\Illuminate\Http\RedirectResponse|\Illuminate\Http\Response
     */
    public function render($request, Throwable $e)
    {
@@ -65,18 +70,39 @@ class Handler extends ExceptionHandler
        // Invalid JSON exception
        // TODO: don't understand why we have to do this when we have the invalidJson() method, below, but, well, whatever
        if ($e instanceof JsonException) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, 'invalid JSON'), 422);
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Invalid JSON'), 422);
        }

+        // Handle SCIM exceptions
+        if ($e instanceof SCIMException) {
+            try {
+                $e->report(); // logs as 'debug', so shouldn't get too noisy
+            } catch(\Exception $reportException) {
+                //do nothing
+            }
+            return $e->render($request); // ALL SCIMExceptions have the 'render()' method
+        }

-        // Handle Ajax requests that fail because the model doesn't exist
+        // Handle standard requests that fail because Carbon cannot parse the date on validation (when a submitted date value is definitely not a date)
+        if ($e instanceof InvalidFormatException) {
+            return redirect()->back()->withInput()->with('error', trans('validation.date', ['attribute' => 'date']));
+        }
+
+        // Handle API requests that fail
        if ($request->ajax() || $request->wantsJson()) {

+            // Handle API requests that fail because Carbon cannot parse the date on validation (when a submitted date value is definitely not a date)
+            if ($e instanceof InvalidFormatException) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('validation.date', ['attribute' => 'date'])), 200);
+            }
+
+            // Handle API requests that fail because the model doesn't exist
            if ($e instanceof \Illuminate\Database\Eloquent\ModelNotFoundException) {
                $className = last(explode('\\', $e->getModel()));
                return response()->json(Helper::formatStandardApiResponse('error', null, $className . ' not found'), 200);
            }

+            // Handle API requests that fail because of an HTTP status code and return a useful error message
            if ($this->isHttpException($e)) {

                $statusCode = $e->getStatusCode();
@@ -96,6 +122,8 @@ class Handler extends ExceptionHandler
        }


+
+
        if ($this->isHttpException($e) && (isset($statusCode)) && ($statusCode == '404' )) {
            return response()->view('layouts/basic', [
                'content' => view('errors/404')
@@ -111,8 +139,8 @@ class Handler extends ExceptionHandler
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Illuminate\Auth\AuthenticationException  $exception
-     * @return \Illuminate\Http\Response
-     */
+     * @return \Illuminate\Http\JsonResponse|\Illuminate\Http\RedirectResponse
+  */
    protected function unauthenticated($request, AuthenticationException $exception)
    {
        if ($request->expectsJson()) {
@@ -12,6 +12,7 @@ use App\Models\Statuslabel;
 use Crypt;
 use Illuminate\Contracts\Encryption\DecryptException;
 use Image;
+use Carbon\Carbon;

 class Helper
 {
@@ -22,12 +23,13 @@ class Helper
     * @since [v2.0]
     * @return string
     */
-    public static function parseEscapedMarkedown($str)
+    public static function parseEscapedMarkedown($str = null)
    {
        $Parsedown = new \Parsedown();
+        $Parsedown->setSafeMode(true);

        if ($str) {
-            return $Parsedown->text(e($str));
+            return $Parsedown->text($str);
        }
    }

@@ -332,7 +334,11 @@ class Helper
            '#92896B',
        ];

+        $total_colors = count($colors);

+        if ($index >= $total_colors) {
+            $index = $index - $total_colors;
+        }

        return $colors[$index];
    }
@@ -526,20 +532,23 @@ class Helper
     * @since [v2.5]
     * @return array
     */
-    public static function categoryTypeList()
+    public static function categoryTypeList($selection=null)
    {
        $category_types = [
            '' => '',
-            'accessory' => 'Accessory',
-            'asset' => 'Asset',
-            'consumable' => 'Consumable',
-            'component' => 'Component',
-            'license' => 'License',
+            'accessory' => trans('general.accessory'),
+            'asset' => trans('general.asset'),
+            'consumable' => trans('general.consumable'),
+            'component' => trans('general.component'),
+            'license' => trans('general.license'),
        ];

+        if($selection != null){
+            return $category_types[$selection];
+        }
+        else
        return $category_types;
    }
-
    /**
     * Get the list of custom fields in an array to make a dropdown menu
     *
@@ -623,7 +632,7 @@ class Helper
    {
        $consumables = Consumable::withCount('consumableAssignments as consumable_assignments_count')->whereNotNull('min_amt')->get();
        $accessories = Accessory::withCount('users as users_count')->whereNotNull('min_amt')->get();
-        $components = Component::withCount('assets as assets_count')->whereNotNull('min_amt')->get();
+        $components = Component::whereNotNull('min_amt')->get();

        $avail_consumables = 0;
        $items_array = [];
@@ -668,7 +677,7 @@ class Helper
        }

        foreach ($components as $component) {
-            $avail = $component->qty - $component->assets_count;
+            $avail = $component->numRemaining();
            if ($avail < ($component->min_amt) + \App\Models\Setting::getSettings()->alert_threshold) {
                if ($component->qty > 0) {
                    $percent = number_format((($avail / $component->qty) * 100), 0);
@@ -841,6 +850,16 @@ class Helper
        return preg_replace('/\s+/u', '_', trim($string));
    }

+    /**
+     * Return an array (or null) of the the raw and formatted date object for easy use in
+     * the API and the bootstrap table listings.
+     *
+     * @param $date
+     * @param $type
+     * @param $array
+     * @return array|string|null
+     */
+
    public static function getFormattedDateObject($date, $type = 'datetime', $array = true)
    {
        if ($date == '') {
@@ -848,21 +867,42 @@ class Helper
        }

        $settings = Setting::getSettings();
-        $tmp_date = new \Carbon($date);

-        if ($type == 'datetime') {
-            $dt['datetime'] = $tmp_date->format('Y-m-d H:i:s');
-            $dt['formatted'] = $tmp_date->format($settings->date_display_format.' '.$settings->time_display_format);
-        } else {
-            $dt['date'] = $tmp_date->format('Y-m-d');
-            $dt['formatted'] = $tmp_date->format($settings->date_display_format);
+        /**
+         * Wrap this in a try/catch so that if Carbon crashes, for example if the $date value
+         * isn't actually valid, we don't crash out completely.
+         *
+         * While this *shouldn't* typically happen since we validate dates before entering them
+         * into the database (and we use date/datetime fields for native fields in the system),
+         * it is a possible scenario that a custom field could be created as an "ANY" field, data gets
+         * added, and then the custom field format gets edited later. If someone put bad data in the
+         * database before then - or if they manually edited the field's value - it will crash.
+         *
+         */
+
+
+        try {
+            $tmp_date = new \Carbon($date);
+
+            if ($type == 'datetime') {
+                $dt['datetime'] = $tmp_date->format('Y-m-d H:i:s');
+                $dt['formatted'] = $tmp_date->format($settings->date_display_format.' '.$settings->time_display_format);
+            } else {
+                $dt['date'] = $tmp_date->format('Y-m-d');
+                $dt['formatted'] = $tmp_date->format($settings->date_display_format);
+            }
+
+            if ($array == 'true') {
+                return $dt;
+            }
+
+            return $dt['formatted'];
+
+        } catch (\Exception $e) {
+            \Log::warning($e);
+            return $date.' (Invalid '.$type.' value.)';
        }

-        if ($array == 'true') {
-            return $dt;
-        }
-
-        return $dt['formatted'];
    }

    // Nicked from Drupal :)
@@ -1059,6 +1099,15 @@ class Helper
        return $file_name;
    }

+
+    /**
+     * Universal helper to show file size in human-readable formats
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since 5.0
+     *
+     * @return string[]
+     */
    public static function formatFilesizeUnits($bytes)
    {
        if ($bytes >= 1073741824)
@@ -1088,10 +1137,91 @@ class Helper

        return $bytes;
    }
+
+    /**
+     * This is weird but used by the side nav to determine which URL to point the user to
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since 5.0
+     *
+     * @return string[]
+     */
    public static function SettingUrls(){
        $settings=['#','fields.index', 'statuslabels.index', 'models.index', 'categories.index', 'manufacturers.index', 'suppliers.index', 'departments.index', 'locations.index', 'companies.index', 'depreciations.index'];

        return $settings;
        }

+
+    /**
+     * Generic helper (largely used by livewire right now) that returns the font-awesome icon
+     * for the object type.
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since 6.1.0
+     *
+     * @return string
+     */
+    public static function iconTypeByItem($item) {
+
+        switch ($item) {
+            case 'asset':
+                return 'fas fa-barcode';
+                break;
+            case 'accessory':
+                return 'fas fa-keyboard';
+                break;
+            case 'component':
+                return 'fas fa-hdd';
+                break;
+            case 'consumable':
+                return 'fas fa-tint';
+                break;
+            case 'license':
+                return 'far fa-save';
+                break;
+            case 'location':
+                return 'fas fa-map-marker-alt';
+                break;
+            case 'user':
+                return 'fas fa-user';
+                break;
+        }
+
+    }
+
+
+     /*
+     * This is a shorter way to see if the app is in demo mode.
+     *
+     * This makes it cleanly available in blades and in controllers, e.g.
+     *
+     * Blade:
+     * {{ Helper::isDemoMode() ? ' disabled' : ''}} for form blades where we need to disable a form
+     *
+     * Controller:
+     * if (Helper::isDemoMode()) {
+     *      // don't allow the thing
+     * }
+     * @todo - use this everywhere else in the app where we have very long if/else config('app.lock_passwords') stuff
+     */
+    public static function isDemoMode() {
+        if (config('app.lock_passwords') === true) {
+            return true;
+            \Log::debug('app locked!');
+        }
+
+        return false;
+    }
+
+
+    /*
+     * I know it's gauche  to return a shitty HTML string, but this is just a helper and since it will be the same every single time,
+     * it seemed pretty safe to do here. Don't you judge me.
+     */
+    public static function showDemoModeFieldWarning() {
+        if (Helper::isDemoMode()) {
+            return "<p class=\"text-warning\"><i class=\"fas fa-lock\"></i>" . trans('general.feature_disabled') . "</p>";
+        }
+    }
 }
@@ -9,6 +9,7 @@ use App\Models\Accessory;
 use App\Models\Company;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Facades\Validator;
 use Redirect;

 /** This controller handles all actions related to Accessories for
@@ -62,6 +63,7 @@ class AccessoriesController extends Controller
    public function store(ImageUploadRequest $request)
    {
        $this->authorize(Accessory::class);
+        
        // create a new model instance
        $accessory = new Accessory();

@@ -75,13 +77,12 @@ class AccessoriesController extends Controller
        $accessory->manufacturer_id         = request('manufacturer_id');
        $accessory->model_number            = request('model_number');
        $accessory->purchase_date           = request('purchase_date');
-        $accessory->purchase_cost           = Helper::ParseCurrency(request('purchase_cost'));
+        $accessory->purchase_cost           = request('purchase_cost');
        $accessory->qty                     = request('qty');
        $accessory->user_id                 = Auth::user()->id;
        $accessory->supplier_id             = request('supplier_id');
        $accessory->notes                   = request('notes');

-
        $accessory = $request->handleImages($accessory);

        // Was the accessory created?
@@ -114,6 +115,33 @@ class AccessoriesController extends Controller

    }

+    /**
+     * Returns a view that presents a form to clone an accessory.
+     *
+     * @author [J. Vinsmoke]
+     * @param int $accessoryId
+     * @since [v6.0]
+     * @return View
+     */
+    public function getClone($accessoryId = null)
+    {
+
+        $this->authorize('create', Accesory::class);
+
+        // Check if the asset exists
+        if (is_null($accessory_to_clone = Accessory::find($accessoryId))) {
+            // Redirect to the asset management page
+            return redirect()->route('accessory.index')->with('error', trans('admin/accessories/message.does_not_exist'));
+        }
+
+        $accessory = clone $accessory_to_clone;
+        $accessory->id = null;
+        $accessory->location_id = null;
+
+        return view('accessories/edit')
+            ->with('item', $accessory);
+        
+    }

    /**
     * Save edited Accessory from form post
@@ -126,34 +154,47 @@ class AccessoriesController extends Controller
     */
    public function update(ImageUploadRequest $request, $accessoryId = null)
    {
-        if (is_null($accessory = Accessory::find($accessoryId))) {
+        if ($accessory = Accessory::withCount('users as users_count')->find($accessoryId)) {
+
+            $this->authorize($accessory);
+
+            $validator = Validator::make($request->all(), [
+                "qty" => "required|numeric|min:$accessory->users_count"
+            ]);
+
+            if ($validator->fails()) {
+                return redirect()->back()
+                    ->withErrors($validator)
+                    ->withInput();
+            }
+
+
+
+            // Update the accessory data
+            $accessory->name = request('name');
+            $accessory->location_id = request('location_id');
+            $accessory->min_amt = request('min_amt');
+            $accessory->category_id = request('category_id');
+            $accessory->company_id = Company::getIdForCurrentUser(request('company_id'));
+            $accessory->manufacturer_id = request('manufacturer_id');
+            $accessory->order_number = request('order_number');
+            $accessory->model_number = request('model_number');
+            $accessory->purchase_date = request('purchase_date');
+            $accessory->purchase_cost = request('purchase_cost');
+            $accessory->qty = request('qty');
+            $accessory->supplier_id = request('supplier_id');
+            $accessory->notes = request('notes');
+
+            $accessory = $request->handleImages($accessory);
+
+            // Was the accessory updated?
+            if ($accessory->save()) {
+                return redirect()->route('accessories.index')->with('success', trans('admin/accessories/message.update.success'));
+            }
+        } else {
            return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.does_not_exist'));
        }

-        $this->authorize($accessory);
-
-        // Update the accessory data
-        $accessory->name                    = request('name');
-        $accessory->location_id             = request('location_id');
-        $accessory->min_amt                 = request('min_amt');
-        $accessory->category_id             = request('category_id');
-        $accessory->company_id              = Company::getIdForCurrentUser(request('company_id'));
-        $accessory->manufacturer_id         = request('manufacturer_id');
-        $accessory->order_number            = request('order_number');
-        $accessory->model_number            = request('model_number');
-        $accessory->purchase_date           = request('purchase_date');
-        $accessory->purchase_cost           = Helper::ParseCurrency(request('purchase_cost'));
-        $accessory->qty                     = request('qty');
-        $accessory->supplier_id             = request('supplier_id');
-        $accessory->notes                   = request('notes');
-
-        $accessory = $request->handleImages($accessory);
-
-        // Was the accessory updated?
-        if ($accessory->save()) {
-            return redirect()->route('accessories.index')->with('success', trans('admin/accessories/message.update.success'));
-        }
-
        return redirect()->back()->withInput()->withErrors($accessory->getErrors());
    }

@@ -205,7 +246,7 @@ class AccessoriesController extends Controller
     */
    public function show($accessoryID = null)
    {
-        $accessory = Accessory::find($accessoryID);
+        $accessory = Accessory::withCount('users as users_count')->find($accessoryID);
        $this->authorize('view', $accessory);
        if (isset($accessory->id)) {
            return view('accessories/view', compact('accessory'));
@@ -0,0 +1,186 @@
+<?php
+
+namespace App\Http\Controllers\Accessories;
+
+use App\Helpers\StorageHelper;
+use App\Http\Controllers\Controller;
+use App\Http\Requests\AssetFileRequest;
+use App\Models\Actionlog;
+use App\Models\Accessory;
+use Illuminate\Support\Facades\Response;
+use Illuminate\Support\Facades\Storage;
+use Symfony\Accessory\HttpFoundation\JsonResponse;
+use enshrined\svgSanitize\Sanitizer;
+
+class AccessoriesFilesController extends Controller
+{
+    /**
+     * Validates and stores files associated with a accessory.
+     *
+     * @todo Switch to using the AssetFileRequest form request validator.
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.0]
+     * @param AssetFileRequest $request
+     * @param int $accessoryId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function store(AssetFileRequest $request, $accessoryId = null)
+    {
+
+        if (config('app.lock_passwords')) {
+            return redirect()->route('accessories.show', ['accessory'=>$accessoryId])->with('error', trans('general.feature_disabled'));
+        }
+
+
+        $accessory = Accessory::find($accessoryId);
+
+        if (isset($accessory->id)) {
+            $this->authorize('accessories.files', $accessory);
+
+            if ($request->hasFile('file')) {
+                if (! Storage::exists('private_uploads/accessories')) {
+                    Storage::makeDirectory('private_uploads/accessories', 775);
+                }
+
+                foreach ($request->file('file') as $file) {
+
+                    $extension = $file->getClientOriginalExtension();
+                    $file_name = 'accessory-'.$accessory->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension;
+
+
+                    // Check for SVG and sanitize it
+                    if ($extension == 'svg') {
+                        \Log::debug('This is an SVG');
+                        \Log::debug($file_name);
+
+                        $sanitizer = new Sanitizer();
+                        $dirtySVG = file_get_contents($file->getRealPath());
+                        $cleanSVG = $sanitizer->sanitize($dirtySVG);
+
+                        try {
+                            Storage::put('private_uploads/accessories/'.$file_name, $cleanSVG);
+                        } catch (\Exception $e) {
+                            \Log::debug('Upload no workie :( ');
+                            \Log::debug($e);
+                        }
+
+                    } else {
+                        Storage::put('private_uploads/accessories/'.$file_name, file_get_contents($file));
+                    }
+
+                    //Log the upload to the log
+                    $accessory->logUpload($file_name, e($request->input('notes')));
+                }
+
+
+                return redirect()->route('accessories.show', $accessory->id)->with('success', trans('general.file_upload_success'));
+
+            }
+
+            return redirect()->route('accessories.show', $accessory->id)->with('error', trans('general.no_files_uploaded'));
+        }
+        // Prepare the error message
+        return redirect()->route('accessories.index')
+            ->with('error', trans('general.file_does_not_exist'));
+    }
+
+    /**
+     * Deletes the selected accessory file.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.0]
+     * @param int $accessoryId
+     * @param int $fileId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function destroy($accessoryId = null, $fileId = null)
+    {
+        $accessory = Accessory::find($accessoryId);
+
+        // the asset is valid
+        if (isset($accessory->id)) {
+            $this->authorize('update', $accessory);
+            $log = Actionlog::find($fileId);
+
+            // Remove the file if one exists
+            if (Storage::exists('accessories/'.$log->filename)) {
+                try {
+                    Storage::delete('accessories/'.$log->filename);
+                } catch (\Exception $e) {
+                    \Log::debug($e);
+                }
+            }
+
+            $log->delete();
+
+            return redirect()->back()
+                ->with('success', trans('admin/hardware/message.deletefile.success'));
+        }
+
+        // Redirect to the licence management page
+        return redirect()->route('accessories.index')->with('error', trans('general.file_does_not_exist'));
+    }
+
+    /**
+     * Allows the selected file to be viewed.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.4]
+     * @param int $accessoryId
+     * @param int $fileId
+     * @return \Symfony\Accessory\HttpFoundation\Response
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function show($accessoryId = null, $fileId = null, $download = true)
+    {
+
+        \Log::debug('Private filesystem is: '.config('filesystems.default'));
+        $accessory = Accessory::find($accessoryId);
+
+
+
+        // the accessory is valid
+        if (isset($accessory->id)) {
+            $this->authorize('view', $accessory);
+            $this->authorize('accessories.files', $accessory);
+
+            if (! $log = Actionlog::find($fileId)) {
+                return response('No matching record for that asset/file', 500)
+                    ->header('Content-Type', 'text/plain');
+            }
+
+            $file = 'private_uploads/accessories/'.$log->filename;
+
+            if (Storage::missing($file)) {
+                \Log::debug('FILE DOES NOT EXISTS for '.$file);
+                \Log::debug('URL should be '.Storage::url($file));
+
+                return response('File '.$file.' ('.Storage::url($file).') not found on server', 404)
+                    ->header('Content-Type', 'text/plain');
+            } else {
+
+                // We have to override the URL stuff here, since local defaults in Laravel's Flysystem
+                // won't work, as they're not accessible via the web
+                if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
+                    return StorageHelper::downloader($file);
+                } else {
+                    if ($download != 'true') {
+                        \Log::debug('display the file');
+                        if ($contents = file_get_contents(Storage::url($file))) { // TODO - this will fail on private S3 files or large public ones
+                            return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
+                        }
+
+                        return JsonResponse::create(['error' => 'Failed validation: '], 500);
+                    }
+
+                    return StorageHelper::downloader($file);
+
+                }
+            }
+        }
+
+        return redirect()->route('accessories.index')->with('error', trans('general.file_does_not_exist', ['id' => $fileId]));
+    }
+}
@@ -25,11 +25,16 @@ class AccessoryCheckoutController extends Controller
    public function create($accessoryId)
    {
        // Check if the accessory exists
-        if (is_null($accessory = Accessory::find($accessoryId))) {
+        if (is_null($accessory = Accessory::withCount('users as users_count')->find($accessoryId))) {
            // Redirect to the accessory management page with error
            return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.not_found'));
        }

+        // Make sure there is at least one available to checkout
+        if ($accessory->numRemaining() <= 0){
+            return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.checkout.unavailable'));
+        }
+        
        if ($accessory->category) {
            $this->authorize('checkout', $accessory);

@@ -55,17 +60,23 @@ class AccessoryCheckoutController extends Controller
    public function store(Request $request, $accessoryId)
    {
        // Check if the accessory exists
-        if (is_null($accessory = Accessory::find($accessoryId))) {
+        if (is_null($accessory = Accessory::withCount('users as users_count')->find($accessoryId))) {
            // Redirect to the accessory management page with error
            return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.user_not_found'));
        }

        $this->authorize('checkout', $accessory);

-        if (! $user = User::find($request->input('assigned_to'))) {
-            return redirect()->route('checkout/accessory', $accessory->id)->with('error', trans('admin/accessories/message.checkout.user_does_not_exist'));
+        if (!$user = User::find($request->input('assigned_to'))) {
+            return redirect()->route('accessories.checkout.show', $accessory->id)->with('error', trans('admin/accessories/message.checkout.user_does_not_exist'));
        }

+        // Make sure there is at least one available to checkout
+        if ($accessory->numRemaining() <= 0){
+            return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.checkout.unavailable'));
+        }
+
+
        // Update the accessory data
        $accessory->assigned_to = e($request->input('assigned_to'));

@@ -12,9 +12,15 @@ use App\Models\Asset;
 use App\Models\CheckoutAcceptance;
 use App\Models\Company;
 use App\Models\Contracts\Acceptable;
+use App\Models\Setting;
 use App\Models\User;
 use App\Models\AssetModel;
 use App\Models\Accessory;
+use App\Models\License;
+use App\Models\Component;
+use App\Models\Consumable;
+use App\Notifications\AcceptanceAssetAcceptedNotification;
+use App\Notifications\AcceptanceAssetDeclinedNotification;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
@@ -23,6 +29,7 @@ use Illuminate\Support\Str;
 use App\Http\Controllers\SettingsController;
 use Barryvdh\DomPDF\Facade\Pdf;
 use Carbon\Carbon;
+use phpDocumentor\Reflection\Types\Compound;

 class AcceptanceController extends Controller
 {
@@ -106,12 +113,7 @@ class AcceptanceController extends Controller
            Storage::makeDirectory('private_uploads/signatures', 775);
        }

-        /**
-         * Check for the eula-pdfs directory
-         */
-        if (! Storage::exists('private_uploads/eula-pdfs')) {
-            Storage::makeDirectory('private_uploads/eula-pdfs', 775);
-        }
+

        $item = $acceptance->checkoutable_type::find($acceptance->checkoutable_id);
        $display_model = '';
@@ -119,50 +121,114 @@ class AcceptanceController extends Controller
        $pdf_filename = 'accepted-eula-'.date('Y-m-d-h-i-s').'.pdf';
        $sig_filename='';

-
        if ($request->input('asset_acceptance') == 'accepted') {

-            // The item was accepted, check for a signature
-            if ($request->filled('signature_output')) {
-                $sig_filename = 'siglog-'.Str::uuid().'-'.date('Y-m-d-his').'.png';
-                $data_uri = $request->input('signature_output');
-                $encoded_image = explode(',', $data_uri);
-                $decoded_image = base64_decode($encoded_image[1]);
-                Storage::put('private_uploads/signatures/'.$sig_filename, (string) $decoded_image);
+            /**
+             * Check for the eula-pdfs directory
+             */
+            if (! Storage::exists('private_uploads/eula-pdfs')) {
+                Storage::makeDirectory('private_uploads/eula-pdfs', 775);
            }

+            if (Setting::getSettings()->require_accept_signature == '1') {
+                
+                // Check if the signature directory exists, if not create it
+                if (!Storage::exists('private_uploads/signatures')) {
+                    Storage::makeDirectory('private_uploads/signatures', 775);
+                }
+
+                // The item was accepted, check for a signature
+                if ($request->filled('signature_output')) {
+                    $sig_filename = 'siglog-' . Str::uuid() . '-' . date('Y-m-d-his') . '.png';
+                    $data_uri = $request->input('signature_output');
+                    $encoded_image = explode(',', $data_uri);
+                    $decoded_image = base64_decode($encoded_image[1]);
+                    Storage::put('private_uploads/signatures/' . $sig_filename, (string)$decoded_image);
+
+                    // No image data is present, kick them back.
+                    // This mostly only applies to users on super-duper crapola browsers *cough* IE *cough*
+                } else {
+                    return redirect()->back()->with('error', trans('general.shitty_browser'));
+                }
+            }

            // this is horrible
-            if ($acceptance->checkoutable_type == 'App\Models\Asset') {
-                $pdf_view_route ='account.accept.accept-asset-eula';
-                $asset_model = AssetModel::find($item->model_id);
-                $display_model = $asset_model->name;
-                $assigned_to = User::find($item->assigned_to)->present()->fullName;
+            switch($acceptance->checkoutable_type){
+                case 'App\Models\Asset':
+                        $pdf_view_route ='account.accept.accept-asset-eula';
+                        $asset_model = AssetModel::find($item->model_id);
+                        if (!$asset_model) {
+                            return redirect()->back()->with('error', trans('admin/models/message.does_not_exist'));
+                        }
+                        $display_model = $asset_model->name;
+                        $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
+                break;

-            } elseif ($acceptance->checkoutable_type== 'App\Models\Accessory') {
-                $pdf_view_route ='account.accept.accept-accessory-eula';
-                $accessory = Accessory::find($item->id);
-                $display_model = $accessory->name;
-                $assigned_to = User::find($item->assignedTo);
+                case 'App\Models\Accessory':
+                        $pdf_view_route ='account.accept.accept-accessory-eula';
+                        $accessory = Accessory::find($item->id);
+                        $display_model = $accessory->name;
+                        $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
+                break;

+                case 'App\Models\LicenseSeat':
+                        $pdf_view_route ='account.accept.accept-license-eula';
+                        $license = License::find($item->license_id);
+                        $display_model = $license->name;
+                        $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
+                break;
+
+                case 'App\Models\Component':
+                        $pdf_view_route ='account.accept.accept-component-eula';
+                        $component = Component::find($item->id);
+                        $display_model = $component->name;
+                        $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
+                break;
+
+                case 'App\Models\Consumable':
+                        $pdf_view_route ='account.accept.accept-consumable-eula';
+                        $consumable = Consumable::find($item->id);
+                        $display_model = $consumable->name;
+                        $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
+                break;
            }
+//            if ($acceptance->checkoutable_type == 'App\Models\Asset') {
+//                $pdf_view_route ='account.accept.accept-asset-eula';
+//                $asset_model = AssetModel::find($item->model_id);
+//                $display_model = $asset_model->name;
+//                $assigned_to = User::find($item->assigned_to)->present()->fullName;
+//
+//            } elseif ($acceptance->checkoutable_type== 'App\Models\Accessory') {
+//                $pdf_view_route ='account.accept.accept-accessory-eula';
+//                $accessory = Accessory::find($item->id);
+//                $display_model = $accessory->name;
+//                $assigned_to = User::find($item->assignedTo);
+//
+//            }

            /**
             * Gather the data for the PDF. We fire this whether there is a signature required or not,
             * since we want the moment-in-time proof of what the EULA was when they accepted it.
             */
            $branding_settings = SettingsController::getPDFBranding();
+
+            if (is_null($branding_settings->logo)){
+                $path_logo = "";
+            } else {
+                $path_logo = public_path() . '/uploads/' . $branding_settings->logo;
+            }
+            
            $data = [
                'item_tag' => $item->asset_tag,
                'item_model' => $display_model,
                'item_serial' => $item->serial,
                'eula' => $item->getEula(),
-                'check_out_date' => Carbon::parse($acceptance->created_at)->format($branding_settings->date_display_format),
-                'accepted_date' => Carbon::parse($acceptance->accepted_at)->format($branding_settings->date_display_format),
+                'check_out_date' => Carbon::parse($acceptance->created_at)->format('Y-m-d'),
+                'accepted_date' => Carbon::parse($acceptance->accepted_at)->format('Y-m-d'),
                'assigned_to' => $assigned_to,
                'company_name' => $branding_settings->site_name,
                'signature' => ($sig_filename) ? storage_path() . '/private_uploads/signatures/' . $sig_filename : null,
-                'logo' => public_path() . '/uploads/' . $branding_settings->logo,
+                'logo' => $path_logo,
                'date_settings' => $branding_settings->date_display_format,
            ];

@@ -173,12 +239,55 @@ class AcceptanceController extends Controller
            }

            $acceptance->accept($sig_filename, $item->getEula(), $pdf_filename);
+            $acceptance->notify(new AcceptanceAssetAcceptedNotification($data));
            event(new CheckoutAccepted($acceptance));

            $return_msg = trans('admin/users/message.accepted');

        } else {
+            // Format the data to send the declined notification
+            $branding_settings = SettingsController::getPDFBranding();
+
+            // This is the most horriblest
+            switch($acceptance->checkoutable_type){
+                case 'App\Models\Asset':
+                    $asset_model = AssetModel::find($item->model_id);
+                    $display_model = $asset_model->name;
+                    $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
+                    break;
+
+                case 'App\Models\Accessory':
+                    $accessory = Accessory::find($item->id);
+                    $display_model = $accessory->name;
+                    $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
+                    break;
+
+                case 'App\Models\LicenseSeat':
+                    $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
+                    break;
+
+                case 'App\Models\Component':
+                    $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
+                    break;
+
+                case 'App\Models\Consumable':
+                    $consumable = Consumable::find($item->id);
+                    $display_model = $consumable->name;
+                    $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
+                    break;
+            }
+            $data = [
+                'item_tag' => $item->asset_tag,
+                'item_model' => $display_model,
+                'item_serial' => $item->serial,
+                'declined_date' => Carbon::parse($acceptance->declined_at)->format('Y-m-d'),
+                'assigned_to' => $assigned_to,
+                'company_name' => $branding_settings->site_name,
+                'date_settings' => $branding_settings->date_display_format,
+            ];
+
            $acceptance->decline($sig_filename);
+            $acceptance->notify(new AcceptanceAssetDeclinedNotification($data));
            event(new CheckoutDeclined($acceptance));
            $return_msg = trans('admin/users/message.declined');
        }
@@ -187,4 +296,4 @@ class AcceptanceController extends Controller
        return redirect()->to('account/accept')->with('success', $return_msg);

    }
-}
+}
@@ -26,9 +26,11 @@ class AccessoriesController extends Controller
     */
    public function index(Request $request)
    {
-        $this->authorize('view', Accessory::class);
-        $allowed_columns = ['id', 'name', 'model_number', 'eol', 'notes', 'created_at', 'min_amt', 'company_id'];
-        
+        if ($request->user()->cannot('reports.view')) {
+            $this->authorize('view', Accessory::class);
+        }
+
+
        // This array is what determines which fields should be allowed to be sorted on ON the table itself, no relations
        // Relations will be handled in query scopes a little further down.
        $allowed_columns = 
@@ -42,10 +44,13 @@ class AccessoriesController extends Controller
                'min_amt',
                'company_id',
                'notes',
+                'users_count',
+                'qty',
            ];


-        $accessories = Accessory::select('accessories.*')->with('category', 'company', 'manufacturer', 'users', 'location', 'supplier');
+        $accessories = Accessory::select('accessories.*')->with('category', 'company', 'manufacturer', 'users', 'location', 'supplier')
+                                ->withCount('users as users_count');

        if ($request->filled('search')) {
            $accessories = $accessories->TextSearch($request->input('search'));
@@ -75,12 +80,9 @@ class AccessoriesController extends Controller
            $accessories->where('notes','=',$request->input('notes'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($accessories) && ($request->get('offset') > $accessories->count())) ? $accessories->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $accessories->count()) ? $accessories->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort_override =  $request->input('sort');
@@ -148,7 +150,7 @@ class AccessoriesController extends Controller
    public function show($id)
    {
        $this->authorize('view', Accessory::class);
-        $accessory = Accessory::findOrFail($id);
+        $accessory = Accessory::withCount('users as users_count')->findOrFail($id);

        return (new AccessoriesTransformer)->transformAccessory($accessory);
    }
@@ -35,7 +35,8 @@ class AssetMaintenancesController extends Controller
    public function index(Request $request)
    {
        $this->authorize('view', Asset::class);
-        $maintenances = AssetMaintenance::with('asset', 'asset.model', 'asset.location', 'supplier', 'asset.company', 'admin');
+
+        $maintenances = AssetMaintenance::select('asset_maintenances.*')->with('asset', 'asset.model', 'asset.location', 'asset.defaultLoc', 'supplier', 'asset.company', 'admin');

        if ($request->filled('search')) {
            $maintenances = $maintenances->TextSearch($request->input('search'));
@@ -45,12 +46,18 @@ class AssetMaintenancesController extends Controller
            $maintenances->where('asset_id', '=', $request->input('asset_id'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($maintenances) && ($request->get('offset') > $maintenances->count())) ? $maintenances->count() : $request->get('offset', 0);
+        if ($request->filled('supplier_id')) {
+            $maintenances->where('supplier_id', '=', $request->input('supplier_id'));
+        }

-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        if ($request->filled('asset_maintenance_type')) {
+            $maintenances->where('asset_maintenance_type', '=', $request->input('asset_maintenance_type'));
+        }
+
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $maintenances->count()) ? $maintenances->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $allowed_columns = [
                                'id',
@@ -64,6 +71,8 @@ class AssetMaintenancesController extends Controller
                                'asset_tag',
                                'asset_name',
                                'user_id',
+                                'supplier',
+                                'is_warranty',
                            ];
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'created_at';
@@ -72,6 +81,9 @@ class AssetMaintenancesController extends Controller
            case 'user_id':
                $maintenances = $maintenances->OrderAdmin($order);
                break;
+            case 'supplier':
+                $maintenances = $maintenances->OrderBySupplier($order);
+                break;
            case 'asset_tag':
                $maintenances = $maintenances->OrderByTag($order);
                break;
@@ -107,7 +119,7 @@ class AssetMaintenancesController extends Controller
        $assetMaintenance = new AssetMaintenance();
        $assetMaintenance->supplier_id = $request->input('supplier_id');
        $assetMaintenance->is_warranty = $request->input('is_warranty');
-        $assetMaintenance->cost =  Helper::ParseCurrency($request->input('cost'));
+        $assetMaintenance->cost =  $request->input('cost');
        $assetMaintenance->notes = e($request->input('notes'));
        $asset = Asset::find(e($request->input('asset_id')));

@@ -164,7 +176,7 @@ class AssetMaintenancesController extends Controller

        $assetMaintenance->supplier_id = e($request->input('supplier_id'));
        $assetMaintenance->is_warranty = e($request->input('is_warranty'));
-        $assetMaintenance->cost =  Helper::ParseCurrency($request->input('cost'));
+        $assetMaintenance->cost =  $request->input('cost');
        $assetMaintenance->notes = e($request->input('notes'));

        $asset = Asset::find(request('asset_id'));
@@ -63,23 +63,24 @@ class AssetModelsController extends Controller
            'models.deleted_at',
            'models.updated_at',
         ])
-            ->with('category', 'depreciation', 'manufacturer', 'fieldset')
+            ->with('category', 'depreciation', 'manufacturer', 'fieldset.fields.defaultValues')
            ->withCount('assets as assets_count');

        if ($request->input('status')=='deleted') {
            $assetmodels->onlyTrashed();
        }

+        if ($request->filled('category_id')) {
+            $assetmodels = $assetmodels->where('models.category_id', '=', $request->input('category_id'));
+        }
+
        if ($request->filled('search')) {
            $assetmodels->TextSearch($request->input('search'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($assetmodels) && ($request->get('offset') > $assetmodels->count())) ? $assetmodels->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $assetmodels->count()) ? $assetmodels->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'models.created_at';
@@ -100,6 +100,8 @@ class AssetsController extends Controller
            'checkout_counter',
            'checkin_counter',
            'requests_counter',
+            'byod',
+            'asset_eol_date',
        ];

        $filter = [];
@@ -113,22 +115,22 @@ class AssetsController extends Controller
            $allowed_columns[] = $field->db_column_name();
        }

-        $assets = Company::scopeCompanyables(Asset::select('assets.*'), 'company_id', 'assets')
+        $assets = Asset::select('assets.*')
            ->with('location', 'assetstatus', 'company', 'defaultLoc','assignedTo',
                'model.category', 'model.manufacturer', 'model.fieldset','supplier'); //it might be tempting to add 'assetlog' here, but don't. It blows up update-heavy users.


        if ($filter_non_deprecable_assets) {
            $non_deprecable_models = AssetModel::select('id')->whereNotNull('depreciation_id')->get();
-
            $assets->InModelList($non_deprecable_models->toArray());
        }

+
+
        // These are used by the API to query against specific ID numbers.
        // They are also used by the individual searches on detail pages like
        // locations, etc.

-
        // Search custom fields by column name
        foreach ($all_custom_fields as $field) {
            if ($request->filled($field->db_column_name())) {
@@ -136,64 +138,12 @@ class AssetsController extends Controller
            }
        }

-
-        if ($request->filled('status_id')) {
-            $assets->where('assets.status_id', '=', $request->input('status_id'));
+        if ((! is_null($filter)) && (count($filter)) > 0) {
+            $assets->ByFilter($filter);
+        } elseif ($request->filled('search')) {
+            $assets->TextSearch($request->input('search'));
        }

-        if ($request->input('requestable') == 'true') {
-            $assets->where('assets.requestable', '=', '1');
-        }
-
-        if ($request->filled('model_id')) {
-            $assets->InModelList([$request->input('model_id')]);
-        }
-
-        if ($request->filled('category_id')) {
-            $assets->InCategory($request->input('category_id'));
-        }
-
-        if ($request->filled('location_id')) {
-            $assets->where('assets.location_id', '=', $request->input('location_id'));
-        }
-
-        if ($request->filled('rtd_location_id')) {
-            $assets->where('assets.rtd_location_id', '=', $request->input('rtd_location_id'));
-        }
-
-        if ($request->filled('supplier_id')) {
-            $assets->where('assets.supplier_id', '=', $request->input('supplier_id'));
-        }
-
-        if (($request->filled('assigned_to')) && ($request->filled('assigned_type'))) {
-            $assets->where('assets.assigned_to', '=', $request->input('assigned_to'))
-                ->where('assets.assigned_type', '=', $request->input('assigned_type'));
-        }
-
-        if ($request->filled('company_id')) {
-            $assets->where('assets.company_id', '=', $request->input('company_id'));
-        }
-
-        if ($request->filled('manufacturer_id')) {
-            $assets->ByManufacturer($request->input('manufacturer_id'));
-        }
-
-        if ($request->filled('depreciation_id')) {
-            $assets->ByDepreciationId($request->input('depreciation_id'));
-        }
-
-        $request->filled('order_number') ? $assets = $assets->where('assets.order_number', '=', e($request->get('order_number'))) : '';
-
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($assets) && ($request->get('offset') > $assets->count())) ? $assets->count() : $request->get('offset', 0);
-
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
-
-        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-
        // This is used by the audit reporting routes
        if (Gate::allows('audit', Asset::class)) {
            switch ($audit) {
@@ -207,7 +157,6 @@ class AssetsController extends Controller
        }


-
        // This is used by the sidenav, mostly

        // We switched from using query scopes here because of a Laravel bug
@@ -257,7 +206,12 @@ class AssetsController extends Controller
                break;
            case 'Deployed':
                // more sad, horrible workarounds for laravel bugs when doing full text searches
-                $assets->where('assets.assigned_to', '>', '0');
+                $assets->whereNotNull('assets.assigned_to');
+                break;
+            case 'byod':
+                // This is kind of redundant, since we already check for byod=1 above, but this keeps the
+                // sidebar nav links a little less chaotic
+                $assets->where('assets.byod', '=', '1');
                break;
            default:

@@ -278,12 +232,71 @@ class AssetsController extends Controller
        }


-        if ((! is_null($filter)) && (count($filter)) > 0) {
-            $assets->ByFilter($filter);
-        } elseif ($request->filled('search')) {
-            $assets->TextSearch($request->input('search'));
+        // Leave these under the TextSearch scope, else the fuzziness will override the specific ID (status ID, etc) requested
+        if ($request->filled('status_id')) {
+            $assets->where('assets.status_id', '=', $request->input('status_id'));
        }

+        if ($request->filled('asset_tag')) {
+            $assets->where('assets.asset_tag', '=', $request->input('asset_tag'));
+        }
+
+        if ($request->filled('serial')) {
+            $assets->where('assets.serial', '=', $request->input('serial'));
+        }
+
+        if ($request->input('requestable') == 'true') {
+            $assets->where('assets.requestable', '=', '1');
+        }
+
+        if ($request->filled('model_id')) {
+            $assets->InModelList([$request->input('model_id')]);
+        }
+
+        if ($request->filled('category_id')) {
+            $assets->InCategory($request->input('category_id'));
+        }
+
+        if ($request->filled('location_id')) {
+            $assets->where('assets.location_id', '=', $request->input('location_id'));
+        }
+
+        if ($request->filled('rtd_location_id')) {
+            $assets->where('assets.rtd_location_id', '=', $request->input('rtd_location_id'));
+        }
+
+        if ($request->filled('supplier_id')) {
+            $assets->where('assets.supplier_id', '=', $request->input('supplier_id'));
+        }
+
+        if ($request->filled('asset_eol_date')) {
+            $assets->where('assets.asset_eol_date', '=', $request->input('asset_eol_date'));
+        }
+
+        if (($request->filled('assigned_to')) && ($request->filled('assigned_type'))) {
+            $assets->where('assets.assigned_to', '=', $request->input('assigned_to'))
+                ->where('assets.assigned_type', '=', $request->input('assigned_type'));
+        }
+
+        if ($request->filled('company_id')) {
+            $assets->where('assets.company_id', '=', $request->input('company_id'));
+        }
+
+        if ($request->filled('manufacturer_id')) {
+            $assets->ByManufacturer($request->input('manufacturer_id'));
+        }
+
+        if ($request->filled('depreciation_id')) {
+            $assets->ByDepreciationId($request->input('depreciation_id'));
+        }
+
+        if ($request->filled('byod')) {
+            $assets->where('assets.byod', '=', $request->input('byod'));
+        }
+
+        if ($request->filled('order_number')) {
+            $assets->where('assets.order_number', '=', $request->get('order_number'));
+        }

        // This is kinda gross, but we need to do this because the Bootstrap Tables
        // API passes custom field ordering as custom_fields.fieldname, and we have to strip
@@ -294,7 +307,8 @@ class AssetsController extends Controller
        // in the allowed_columns array)
        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'assets.created_at';

-
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+        
        switch ($sort_override) {
            case 'model':
                $assets->OrderModels($order);
@@ -331,6 +345,10 @@ class AssetsController extends Controller
        }


+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $assets->count()) ? $assets->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');
+
        $total = $assets->count();
        $assets = $assets->skip($offset)->take($limit)->get();
        
@@ -357,19 +375,38 @@ class AssetsController extends Controller
    /**
     * Returns JSON with information about an asset (by tag) for detail view.
     *
-     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @param string $tag
     * @since [v4.2.1]
-     * @return JsonResponse
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @return \Illuminate\Http\JsonResponse
     */
    public function showByTag(Request $request, $tag)
    {
-        if ($asset = Asset::with('assetstatus')->with('assignedTo')->where('asset_tag', $tag)->first()) {
-            $this->authorize('view', $asset);
+        $this->authorize('index', Asset::class);
+        $assets = Asset::where('asset_tag', $tag)->with('assetstatus')->with('assignedTo');

-            return (new AssetsTransformer)->transformAsset($asset, $request);
+        // Check if they've passed ?deleted=true
+        if ($request->input('deleted', 'false') == 'true') {
+            $assets = $assets->withTrashed();
        }
-        return response()->json(Helper::formatStandardApiResponse('error', null, 'Asset not found'), 200);
+
+        if (($assets = $assets->get()) && ($assets->count()) > 0) {
+
+            // If there is exactly one result and the deleted parameter is not passed, we should pull the first (and only)
+            // asset from the returned collection, since transformAsset() expects an Asset object, NOT a collection
+            if (($assets->count() == 1) && ($request->input('deleted') != 'true')) {
+                return (new AssetsTransformer)->transformAsset($assets->first());
+
+                // If there is more than one result OR if the endpoint is requesting deleted items (even if there is only one
+                // match, return the normal collection transformed.
+            } else {
+                return (new AssetsTransformer)->transformAssets($assets, $assets->count());
+            }
+
+        }
+
+        // If there are 0 results, return the "no such asset" response
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 200);

    }

@@ -379,29 +416,25 @@ class AssetsController extends Controller
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @param string $serial
     * @since [v4.2.1]
-     * @return JsonResponse
+     * @return \Illuminate\Http\JsonResponse
     */
    public function showBySerial(Request $request, $serial)
    {
        $this->authorize('index', Asset::class);
-        if ($assets = Asset::with('assetstatus')->with('assignedTo')
-            ->withTrashed()->where('serial', $serial)->get()) {
-                return (new AssetsTransformer)->transformAssets($assets, $assets->count());
-        }
-        return response()->json(Helper::formatStandardApiResponse('error', null, 'Asset not found'), 200);
+        $assets = Asset::where('serial', $serial)->with('assetstatus')->with('assignedTo');

-        $assets = Asset::with('assetstatus')->with('assignedTo');
-
-        if ($request->input('deleted', 'false') === 'true') {
+        // Check if they've passed ?deleted=true
+        if ($request->input('deleted', 'false') == 'true') {
            $assets = $assets->withTrashed();
-    }
-
-        $assets = $assets->where('serial', $serial)->get();
-        if ($assets) {
-            return (new AssetsTransformer)->transformAssets($assets, $assets->count());
-        } else {
-            return response()->json(Helper::formatStandardApiResponse('error', null, 'Asset not found'), 200);
        }
+        
+        if (($assets = $assets->get()) && ($assets->count()) > 0) {
+             return (new AssetsTransformer)->transformAssets($assets, $assets->count());
+        }
+
+        // If there are 0 results, return the "no such asset" response
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 200);
+
    }

    /**
@@ -428,7 +461,7 @@ class AssetsController extends Controller
    {
        $this->authorize('view', Asset::class);
        $this->authorize('view', License::class);
-        $asset = Asset::where('id', $id)->withTrashed()->first();
+        $asset = Asset::where('id', $id)->withTrashed()->firstorfail();
        $licenses = $asset->licenses()->get();

        return (new LicensesTransformer())->transformLicenses($licenses, $licenses->count());
@@ -446,7 +479,7 @@ class AssetsController extends Controller
    public function selectlist(Request $request)
    {

-        $assets = Company::scopeCompanyables(Asset::select([
+        $assets = Asset::select([
            'assets.id',
            'assets.name',
            'assets.asset_tag',
@@ -454,7 +487,7 @@ class AssetsController extends Controller
            'assets.assigned_to',
            'assets.assigned_type',
            'assets.status_id',
-            ])->with('model', 'assetstatus', 'assignedTo')->NotArchived(), 'company_id', 'assets');
+            ])->with('model', 'assetstatus', 'assignedTo')->NotArchived();

        if ($request->filled('assetStatusType') && $request->input('assetStatusType') === 'RTD') {
            $assets = $assets->RTD();
@@ -519,7 +552,8 @@ class AssetsController extends Controller
        $asset->depreciate              = '0';
        $asset->status_id               = $request->get('status_id', 0);
        $asset->warranty_months         = $request->get('warranty_months', null);
-        $asset->purchase_cost           = Helper::ParseCurrency($request->get('purchase_cost')); // this is the API's store method, so I don't know that I want to do this? Confusing. FIXME (or not?!)
+        $asset->purchase_cost           = $request->get('purchase_cost');
+        $asset->asset_eol_date          = $request->get('asset_eol_date', $asset->present()->eol_date());
        $asset->purchase_date           = $request->get('purchase_date', null);
        $asset->assigned_to             = $request->get('assigned_to', null);
        $asset->supplier_id             = $request->get('supplier_id');
@@ -527,6 +561,7 @@ class AssetsController extends Controller
        $asset->rtd_location_id         = $request->get('rtd_location_id', null);
        $asset->location_id             = $request->get('rtd_location_id', null);

+
        /**
        * this is here just legacy reasons. Api\AssetController
        * used image_source  once to allow encoded image uploads.
@@ -540,15 +575,16 @@ class AssetsController extends Controller
        // Update custom fields in the database.
        // Validation for these fields is handled through the AssetRequest form request
        $model = AssetModel::find($request->get('model_id'));
+
        if (($model) && ($model->fieldset)) {
            foreach ($model->fieldset->fields as $field) {

                // Set the field value based on what was sent in the request
-                $field_val = $request->input($field->convertUnicodeDbSlug(), null);
+                $field_val = $request->input($field->db_column, null);

                // If input value is null, use custom field's default value
                if ($field_val == null) {
-                    \Log::debug('Field value for '.$field->convertUnicodeDbSlug().' is null');
+                    \Log::debug('Field value for '.$field->db_column.' is null');
                    $field_val = $field->defaultValue($request->get('model_id'));
                    \Log::debug('Use the default fieldset value of '.$field->defaultValue($request->get('model_id')));
                }
@@ -563,13 +599,13 @@ class AssetsController extends Controller
                        if (($field_val == null) && ($request->has('model_id') != '')) {
                            $field_val = \Crypt::encrypt($field->defaultValue($request->get('model_id')));
                        } else {
-                            $field_val = \Crypt::encrypt($request->input($field->convertUnicodeDbSlug()));
+                            $field_val = \Crypt::encrypt($request->input($field->db_column));
                        }
                    }
                }


-                $asset->{$field->convertUnicodeDbSlug()} = $field_val;
+                $asset->{$field->db_column} = $field_val;
            }
        }

@@ -634,13 +670,13 @@ class AssetsController extends Controller
            // Update custom fields
            if (($model = AssetModel::find($asset->model_id)) && (isset($model->fieldset))) {
                foreach ($model->fieldset->fields as $field) {
-                    if ($request->has($field->convertUnicodeDbSlug())) {
+                    if ($request->has($field->db_column)) {
                        if ($field->field_encrypted == '1') {
                            if (Gate::allows('admin')) {
-                                $asset->{$field->convertUnicodeDbSlug()} = \Crypt::encrypt($request->input($field->convertUnicodeDbSlug()));
+                                $asset->{$field->db_column} = \Crypt::encrypt($request->input($field->db_column));
                            }
                        } else {
-                            $asset->{$field->convertUnicodeDbSlug()} = $request->input($field->convertUnicodeDbSlug());
+                            $asset->{$field->db_column} = $request->input($field->db_column);
                        }
                    }
                }
@@ -714,30 +750,53 @@ class AssetsController extends Controller
     * @since [v5.1.18]
     * @return JsonResponse
     */
-    public function restore($assetId = null)
+    public function restore(Request $request, $assetId = null)
    {
        // Get asset information
        $asset = Asset::withTrashed()->find($assetId);
        $this->authorize('delete', $asset);
+
        if (isset($asset->id)) {
-            // Restore the asset
-            Asset::withTrashed()->where('id', $assetId)->restore();

-            $logaction = new Actionlog();
-            $logaction->item_type = Asset::class;
-            $logaction->item_id = $asset->id;
-            $logaction->created_at =  date("Y-m-d H:i:s");
-            $logaction->user_id = Auth::user()->id;
-            $logaction->logaction('restored');
+            if ($asset->deleted_at=='') {
+               $message = 'Asset was not deleted. No data was changed.';

-            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/hardware/message.restore.success')));
+            } else {
+
+                $message = trans('admin/hardware/message.restore.success');
+                // Restore the asset
+                Asset::withTrashed()->where('id', $assetId)->restore();
+
+                $logaction = new Actionlog();
+                $logaction->item_type = Asset::class;
+                $logaction->item_id = $asset->id;
+                $logaction->created_at =  date("Y-m-d H:i:s");
+                $logaction->user_id = Auth::user()->id;
+                $logaction->logaction('restored');
+            }
+
+            return response()->json(Helper::formatStandardApiResponse('success', (new AssetsTransformer)->transformAsset($asset, $request), $message));
        

        }
        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 200);
    }

-
+    /**
+     * Checkout an asset by its tag.
+     *
+     * @author [N. Butler]
+     * @param string $tag
+     * @since [v6.0.5]
+     * @return JsonResponse
+     */
+    public function checkoutByTag(AssetCheckoutRequest $request, $tag)
+    {
+        if ($asset = Asset::where('asset_tag', $tag)->first()) {
+            return $this->checkout($request, $asset->id);
+        }
+        return response()->json(Helper::formatStandardApiResponse('error', null, 'Asset not found'), 200);
+    }

    /**
     * Checkout an asset
@@ -774,7 +833,6 @@ class AssetsController extends Controller

        } elseif (request('checkout_to_type') == 'asset') {
            $target = Asset::where('id', '!=', $asset_id)->find(request('assigned_asset'));
-            $asset->location_id = $target->rtd_location_id;
            // Override with the asset's location_id if it has one
            $asset->location_id = (($target) && (isset($target->location_id))) ? $target->location_id : '';
            $error_payload['target_id'] = $request->input('assigned_asset');
@@ -802,7 +860,8 @@ class AssetsController extends Controller
        $checkout_at = request('checkout_at', date('Y-m-d H:i:s'));
        $expected_checkin = request('expected_checkin', null);
        $note = request('note', null);
-        $asset_name = request('name', null);
+        // Using `->has` preserves the asset name if the name parameter was not included in request.
+        $asset_name = request()->has('name') ? request('name') : $asset->name;

        // Set the location ID to the RTD location id if there is one
        // Wait, why are we doing this? This overrides the stuff we set further up, which makes no sense.
@@ -849,7 +908,7 @@ class AssetsController extends Controller
        $asset->assignedTo()->disassociate($asset);
        $asset->accepted = null;

-        if ($request->filled('name')) {
+        if ($request->has('name')) {
            $asset->name = $request->input('name');
        }

@@ -862,11 +921,9 @@ class AssetsController extends Controller
        if ($request->has('status_id')) {
            $asset->status_id = $request->input('status_id');
        }
+        
+        $checkin_at = $request->filled('checkin_at') ? $request->input('checkin_at').' '. date('H:i:s') : date('Y-m-d H:i:s');

-        $checkin_at = null;
-        if ($request->filled('checkin_at')) {
-            $checkin_at = $request->input('checkin_at');
-        }

        if ($asset->save()) {
            event(new CheckoutableCheckedIn($asset, $target, Auth::user(), $request->input('note'), $checkin_at));
@@ -884,18 +941,21 @@ class AssetsController extends Controller
     * @since [v6.0]
     * @return JsonResponse
     */
-    public function checkinByTag(Request $request)
+    public function checkinByTag(Request $request, $tag = null)
    {
        $this->authorize('checkin', Asset::class);
-        $asset = Asset::where('asset_tag', $request->input('asset_tag'))->first();
+        if(null == $tag && null !== ($request->input('asset_tag'))) {
+            $tag = $request->input('asset_tag');
+        }
+        $asset = Asset::where('asset_tag', $tag)->first();

-        if($asset) {
+        if ($asset) {
            return $this->checkin($request, $asset->id);
        }

        return response()->json(Helper::formatStandardApiResponse('error', [
-            'asset'=> e($request->input('asset_tag'))
-        ], 'Asset with tag '.e($request->input('asset_tag')).' not found'));
+            'asset'=> e($tag)
+        ], 'Asset with tag '.e($tag).' not found'));
    }


@@ -972,9 +1032,10 @@ class AssetsController extends Controller
    {
        $this->authorize('viewRequestable', Asset::class);

-        $assets = Company::scopeCompanyables(Asset::select('assets.*'), 'company_id', 'assets')
+        $assets = Asset::select('assets.*')
            ->with('location', 'assetstatus', 'assetlog', 'company', 'defaultLoc','assignedTo',
-                'model.category', 'model.manufacturer', 'model.fieldset', 'supplier')->requestableAssets();
+                'model.category', 'model.manufacturer', 'model.fieldset', 'supplier')
+            ->requestableAssets();

        $offset = request('offset', 0);
        $limit = $request->input('limit', 50);
@@ -10,6 +10,7 @@ use App\Models\Category;
 use Illuminate\Http\Request;
 use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Facades\Validator;

 class CategoriesController extends Controller
 {
@@ -23,21 +24,76 @@ class CategoriesController extends Controller
    public function index(Request $request)
    {
        $this->authorize('view', Category::class);
-        $allowed_columns = ['id', 'name', 'category_type', 'category_type', 'use_default_eula', 'eula_text', 'require_acceptance', 'checkin_email', 'assets_count', 'accessories_count', 'consumables_count', 'components_count', 'licenses_count', 'image'];
+        $allowed_columns = [
+            'id',
+            'name',
+            'category_type',
+            'category_type',
+            'use_default_eula',
+            'eula_text',
+            'require_acceptance',
+            'checkin_email',
+            'assets_count',
+            'accessories_count',
+            'consumables_count',
+            'components_count',
+            'licenses_count',
+            'image',
+        ];

-        $categories = Category::select(['id', 'created_at', 'updated_at', 'name', 'category_type', 'use_default_eula', 'eula_text', 'require_acceptance', 'checkin_email', 'image'])
-            ->withCount('assets as assets_count', 'accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'licenses as licenses_count');
+        $categories = Category::select([
+            'id',
+            'created_at',
+            'updated_at',
+            'name', 'category_type',
+            'use_default_eula',
+            'eula_text',
+            'require_acceptance',
+            'checkin_email',
+            'image'
+            ])->withCount('accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'licenses as licenses_count');
+
+
+        /*
+         * This checks to see if we should override the Admin Setting to show archived assets in list.
+         * We don't currently use it within the Snipe-IT GUI, but will be useful for API integrations where they
+         * may actually need to fetch assets that are archived.
+         *
+         * @see \App\Models\Category::showableAssets()
+         */
+        if ($request->input('archived')=='true') {
+            $categories = $categories->withCount('assets as assets_count');
+        } else {
+            $categories = $categories->withCount('showableAssets as assets_count');
+        }

        if ($request->filled('search')) {
            $categories = $categories->TextSearch($request->input('search'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($categories) && ($request->get('offset') > $categories->count())) ? $categories->count() : $request->get('offset', 0);
+        if ($request->filled('name')) {
+            $categories->where('name', '=', $request->input('name'));
+        }

-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        if ($request->filled('category_type')) {
+            $categories->where('category_type', '=', $request->input('category_type'));
+        }
+
+        if ($request->filled('use_default_eula')) {
+            $categories->where('use_default_eula', '=', $request->input('use_default_eula'));
+        }
+
+        if ($request->filled('require_acceptance')) {
+            $categories->where('require_acceptance', '=', $request->input('require_acceptance'));
+        }
+
+        if ($request->filled('checkin_email')) {
+            $categories->where('checkin_email', '=', $request->input('checkin_email'));
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $categories->count()) ? $categories->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'assets_count';
@@ -85,7 +141,7 @@ class CategoriesController extends Controller
    public function show($id)
    {
        $this->authorize('view', Category::class);
-        $category = Category::findOrFail($id);
+        $category = Category::withCount('assets as assets_count', 'accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'licenses as licenses_count')->findOrFail($id);
        return (new CategoriesTransformer)->transformCategory($category);

    }
@@ -104,8 +160,14 @@ class CategoriesController extends Controller
    {
        $this->authorize('update', Category::class);
        $category = Category::findOrFail($id);
+
+        // Don't allow the user to change the category_type once it's been created
+        if (($request->filled('category_type')) && ($category->category_type != $request->input('category_type'))) {
+            return response()->json(
+                Helper::formatStandardApiResponse('error', null,  trans('admin/categories/message.update.cannot_change_category_type'))
+            );
+        }
        $category->fill($request->all());
-        $category->category_type = strtolower($request->input('category_type'));
        $category = $request->handleImages($category);

        if ($category->save()) {
@@ -126,7 +188,7 @@ class CategoriesController extends Controller
    public function destroy($id)
    {
        $this->authorize('delete', Category::class);
-        $category = Category::findOrFail($id);
+        $category = Category::withCount('assets as assets_count', 'accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'licenses as licenses_count')->findOrFail($id);

        if (! $category->isDeletable()) {
            return response()->json(
@@ -43,12 +43,15 @@ class CompaniesController extends Controller
            $companies->TextSearch($request->input('search'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($companies) && ($request->get('offset') > $companies->count())) ? $companies->count() : $request->get('offset', 0);
+        if ($request->filled('name')) {
+            $companies->where('name', '=', $request->input('name'));
+        }
+
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $companies->count()) ? $companies->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -12,6 +12,7 @@ use App\Http\Requests\ImageUploadRequest;
 use App\Events\CheckoutableCheckedIn;
 use App\Events\ComponentCheckedIn;
 use App\Models\Asset;
+use Illuminate\Support\Facades\Validator;

 class ComponentsController extends Controller
 {
@@ -43,14 +44,17 @@ class ComponentsController extends Controller
                'notes',
            ];

-
-        $components = Company::scopeCompanyables(Component::select('components.*')
-            ->with('company', 'location', 'category', 'assets'));
+        $components = Component::select('components.*')
+            ->with('company', 'location', 'category', 'assets', 'supplier');

        if ($request->filled('search')) {
            $components = $components->TextSearch($request->input('search'));
        }

+        if ($request->filled('name')) {
+            $components->where('name', '=', $request->input('name'));
+        }
+
        if ($request->filled('company_id')) {
            $components->where('company_id', '=', $request->input('company_id'));
        }
@@ -59,6 +63,10 @@ class ComponentsController extends Controller
            $components->where('category_id', '=', $request->input('category_id'));
        }

+        if ($request->filled('supplier_id')) {
+            $components->where('supplier_id', '=', $request->input('supplier_id'));
+        }
+
        if ($request->filled('location_id')) {
            $components->where('location_id', '=', $request->input('location_id'));
        }
@@ -67,14 +75,10 @@ class ComponentsController extends Controller
            $components->where('notes','=',$request->input('notes'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($components) && ($request->get('offset') > $components->count())) ? $components->count() : $request->get('offset', 0);
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $components->count()) ? $components->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
-
-        
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort_override =  $request->input('sort');
        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'created_at';
@@ -89,6 +93,9 @@ class ComponentsController extends Controller
            case 'company':
                $components = $components->OrderCompany($order);
                break;
+            case 'supplier':
+                $components = $components->OrderSupplier($order);
+                break;
            default:
                $components = $components->orderBy($column_sort, $order);
                break;
@@ -221,20 +228,30 @@ class ComponentsController extends Controller
    public function checkout(Request $request, $componentId)
    {
        // Check if the component exists
-        if (is_null($component = Component::find($componentId))) {
+        if (!$component = Component::find($componentId)) {
            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.does_not_exist')));
        }

        $this->authorize('checkout', $component);

+        $validator = Validator::make($request->all(), [
+            'asset_id'          => 'required|exists:assets,id',
+            'assigned_qty'      => "required|numeric|min:1|digits_between:1,".$component->numRemaining(),
+        ]);
+
+        if ($validator->fails()) {
+            return response()->json(Helper::formatStandardApiResponse('error', $validator->errors()));
+
+        }
+
+        // Make sure there is at least one available to checkout
+        if ($component->numRemaining() <= $request->get('assigned_qty')) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.checkout.unavailable', ['remaining' => $component->numRemaining(), 'requested' => $request->get('assigned_qty')])));
+        }

        if ($component->numRemaining() >= $request->get('assigned_qty')) {

-            if (!$asset = Asset::find($request->input('assigned_to'))) {
-                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')));
-            }
-
-            // Update the accessory data
+            $asset = Asset::find($request->input('assigned_to'));
            $component->assigned_to = $request->input('assigned_to');

            $component->assets()->attach($component->id, [
@@ -242,7 +259,8 @@ class ComponentsController extends Controller
                'created_at' => \Carbon::now(),
                'assigned_qty' => $request->get('assigned_qty', 1),
                'user_id' => \Auth::id(),
-                'asset_id' => $request->get('assigned_to')
+                'asset_id' => $request->get('assigned_to'),
+                'note' => $request->get('note'),
            ]);

            $component->logCheckout($request->input('note'), $asset);
@@ -250,7 +268,7 @@ class ComponentsController extends Controller
            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/components/message.checkout.success')));
        }

-        return response()->json(Helper::formatStandardApiResponse('error', null, 'Not enough components remaining: '.$component->numRemaining().' remaining, '.$request->get('assigned_qty').' requested.'));
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.checkout.unavailable', ['remaining' => $component->numRemaining(), 'requested' => $request->get('assigned_qty')])));
    }

    /**
@@ -45,16 +45,17 @@ class ConsumablesController extends Controller
                'notes',
                ];

-
-        $consumables = Company::scopeCompanyables(
-            Consumable::select('consumables.*')
-                ->with('company', 'location', 'category', 'users', 'manufacturer')
-        );
+        $consumables = Consumable::select('consumables.*')
+            ->with('company', 'location', 'category', 'users', 'manufacturer');

        if ($request->filled('search')) {
            $consumables = $consumables->TextSearch(e($request->input('search')));
        }

+        if ($request->filled('name')) {
+            $consumables->where('name', '=', $request->input('name'));
+        }
+
        if ($request->filled('company_id')) {
            $consumables->where('company_id', '=', $request->input('company_id'));
        }
@@ -71,6 +72,10 @@ class ConsumablesController extends Controller
            $consumables->where('manufacturer_id', '=', $request->input('manufacturer_id'));
        }

+        if ($request->filled('supplier_id')) {
+            $consumables->where('supplier_id', '=', $request->input('supplier_id'));
+        }
+
        if ($request->filled('location_id')) {
            $consumables->where('location_id','=',$request->input('location_id'));
        }
@@ -80,12 +85,9 @@ class ConsumablesController extends Controller
        }


-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($consumables) && ($request->get('offset') > $consumables->count())) ? $consumables->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $consumables->count()) ? $consumables->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $allowed_columns = ['id', 'name', 'order_number', 'min_amt', 'purchase_date', 'purchase_cost', 'company', 'category', 'model_number', 'item_no', 'manufacturer', 'location', 'qty', 'image'];
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
@@ -107,6 +109,9 @@ class ConsumablesController extends Controller
            case 'company':
                $consumables = $consumables->OrderCompany($order);
                break;
+            case 'supplier':
+                $components = $consumables->OrderSupplier($order);
+                break;
            default:
                $consumables = $consumables->orderBy($column_sort, $order);
                break;
@@ -150,7 +155,7 @@ class ConsumablesController extends Controller
    public function show($id)
    {
        $this->authorize('view', Consumable::class);
-        $consumable = Consumable::findOrFail($id);
+        $consumable = Consumable::with('users')->findOrFail($id);

        return (new ConsumablesTransformer)->transformConsumable($consumable);
    }
@@ -224,9 +229,11 @@ class ConsumablesController extends Controller

        foreach ($consumable->consumableAssignments as $consumable_assignment) {
            $rows[] = [
+                'avatar' => ($consumable_assignment->user) ? e($consumable_assignment->user->present()->gravatar) : '',
                'name' => ($consumable_assignment->user) ? $consumable_assignment->user->present()->nameUrl() : 'Deleted User',
                'created_at' => Helper::getFormattedDateObject($consumable_assignment->created_at, 'datetime'),
-                'admin' => ($consumable_assignment->admin) ? $consumable_assignment->admin->present()->nameUrl() : '',
+                'note' => ($consumable_assignment->note) ? e($consumable_assignment->note) : null,
+                'admin' => ($consumable_assignment->admin) ? $consumable_assignment->admin->present()->nameUrl() : null,
            ];
        }

@@ -247,32 +254,39 @@ class ConsumablesController extends Controller
    public function checkout(Request $request, $id)
    {
        // Check if the consumable exists
-        if (is_null($consumable = Consumable::find($id))) {
+        if (!$consumable = Consumable::with('users')->find($id)) {
            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/consumables/message.does_not_exist')));
        }

        $this->authorize('checkout', $consumable);

-        if ($consumable->qty > 0) {
+        // Make sure there is at least one available to checkout
+        if ($consumable->numRemaining() <= 0) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/consumables/message.checkout.unavailable')));
+            \Log::debug('No enough remaining');
+        }

-            // Check if the user exists
-            $assigned_to = $request->input('assigned_to');
-            if (is_null($user = User::find($assigned_to))) {
-                // Return error message
-                return response()->json(Helper::formatStandardApiResponse('error', null, 'No user found'));
-            }
+        // Check if the user exists - @TODO:  this should probably be handled via validation, not here??
+        if (!$user = User::find($request->input('assigned_to'))) {
+            // Return error message
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'No user found'));
+            \Log::debug('No valid user');
+        }

-            // Update the consumable data
-            $consumable->assigned_to = e($assigned_to);
+        // Update the consumable data
+        $consumable->assigned_to = $request->input('assigned_to');

-            $consumable->users()->attach($consumable->id, [
-                'consumable_id' => $consumable->id,
-                'user_id' => $user->id,
-                'assigned_to' => $assigned_to,
-            ]);
+        $consumable->users()->attach($consumable->id,
+                [
+                    'consumable_id' => $consumable->id,
+                    'user_id' => $user->id,
+                    'assigned_to' => $request->input('assigned_to'),
+                    'note' => $request->input('note'),
+                ]
+            );

            // Log checkout event
-            $logaction = $consumable->logCheckout(e($request->input('note')), $user);
+            $logaction = $consumable->logCheckout($request->input('note'), $user);
            $data['log_id'] = $logaction->id;
            $data['eula'] = $consumable->getEula();
            $data['first_name'] = $user->first_name;
@@ -282,9 +296,7 @@ class ConsumablesController extends Controller
            $data['require_acceptance'] = $consumable->requireAcceptance();

            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/consumables/message.checkout.success')));
-        }

-        return response()->json(Helper::formatStandardApiResponse('error', null, 'No consumables remaining'));
    }

    /**
@@ -96,7 +96,7 @@ class CustomFieldsController extends Controller
        $data = $request->all();
        $regex_format = null;

-        if (str_contains($data['format'], 'regex:')) {
+        if ((array_key_exists('format', $data)) && (str_contains($data['format'], 'regex:'))) {
            $regex_format = $data['format'];
        }

@@ -7,6 +7,7 @@ use App\Http\Controllers\Controller;
 use App\Http\Transformers\CustomFieldsetsTransformer;
 use App\Http\Transformers\CustomFieldsTransformer;
 use App\Models\CustomFieldset;
+use App\Models\CustomField;
 use Illuminate\Http\Request;
 use Redirect;
 use View;
@@ -33,7 +34,7 @@ class CustomFieldsetsController extends Controller
     */
    public function index()
    {
-        $this->authorize('index', CustomFieldset::class);
+        $this->authorize('index', CustomField::class);
        $fieldsets = CustomFieldset::withCount('fields as fields_count', 'models as models_count')->get();

        return (new CustomFieldsetsTransformer)->transformCustomFieldsets($fieldsets, $fieldsets->count());
@@ -49,7 +50,7 @@ class CustomFieldsetsController extends Controller
     */
    public function show($id)
    {
-        $this->authorize('view', CustomFieldset::class);
+        $this->authorize('view', CustomField::class);
        if ($fieldset = CustomFieldset::find($id)) {
            return (new CustomFieldsetsTransformer)->transformCustomFieldset($fieldset);
        }
@@ -68,7 +69,7 @@ class CustomFieldsetsController extends Controller
     */
    public function update(Request $request, $id)
    {
-        $this->authorize('update', CustomFieldset::class);
+        $this->authorize('update', CustomField::class);
        $fieldset = CustomFieldset::findOrFail($id);
        $fieldset->fill($request->all());

@@ -89,11 +90,23 @@ class CustomFieldsetsController extends Controller
     */
    public function store(Request $request)
    {
-        $this->authorize('create', CustomFieldset::class);
+        $this->authorize('create', CustomField::class);
        $fieldset = new CustomFieldset;
        $fieldset->fill($request->all());

        if ($fieldset->save()) {
+            // Sync fieldset with auto_add_to_fieldsets
+            $fields = CustomField::select('id')->where('auto_add_to_fieldsets', '=', '1')->get();
+
+            if ($fields->count() > 0) {
+
+                foreach ($fields as $field) {
+                    $field_ids[] = $field->id;
+                }
+
+                $fieldset->fields()->sync($field_ids);
+            }
+
            return response()->json(Helper::formatStandardApiResponse('success', $fieldset, trans('admin/custom_fields/message.fieldset.create.success')));
        }

@@ -109,7 +122,7 @@ class CustomFieldsetsController extends Controller
     */
    public function destroy($id)
    {
-        $this->authorize('delete', CustomFieldset::class);
+        $this->authorize('delete', CustomField::class);
        $fieldset = CustomFieldset::findOrFail($id);

        $modelsCount = $fieldset->models->count();
@@ -136,7 +149,7 @@ class CustomFieldsetsController extends Controller
     */
    public function fields($id)
    {
-        $this->authorize('view', CustomFieldset::class);
+        $this->authorize('view', CustomField::class);
        $set = CustomFieldset::findOrFail($id);
        $fields = $set->fields;

@@ -153,7 +166,7 @@ class CustomFieldsetsController extends Controller
     */
    public function fieldsWithDefaultValues($fieldsetId, $modelId)
    {
-        $this->authorize('view', CustomFieldset::class);
+        $this->authorize('view', CustomField::class);

        $set = CustomFieldset::findOrFail($fieldsetId);

@@ -42,12 +42,25 @@ class DepartmentsController extends Controller
            $departments = $departments->TextSearch($request->input('search'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($departments) && ($request->get('offset') > $departments->count())) ? $departments->count() : $request->get('offset', 0);
+        if ($request->filled('name')) {
+            $departments->where('name', '=', $request->input('name'));
+        }

-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        if ($request->filled('company_id')) {
+            $departments->where('company_id', '=', $request->input('company_id'));
+        }
+
+        if ($request->filled('manager_id')) {
+            $departments->where('manager_id', '=', $request->input('manager_id'));
+        }
+
+        if ($request->filled('location_id')) {
+            $departments->where('location_id', '=', $request->input('location_id'));
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $departments->count()) ? $departments->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -28,12 +28,9 @@ class DepreciationsController extends Controller
            $depreciations = $depreciations->TextSearch($request->input('search'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($depreciations) && ($request->get('offset') > $depreciations->count())) ? $depreciations->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $depreciations->count()) ? $depreciations->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -8,6 +8,7 @@ use App\Http\Transformers\GroupsTransformer;
 use App\Models\Group;
 use Illuminate\Http\Request;

+
 class GroupsController extends Controller
 {
    /**
@@ -19,6 +20,8 @@ class GroupsController extends Controller
     */
    public function index(Request $request)
    {
+        $this->authorize('superadmin');
+
        $this->authorize('view', Group::class);
        $allowed_columns = ['id', 'name', 'created_at', 'users_count'];

@@ -28,12 +31,13 @@ class GroupsController extends Controller
            $groups = $groups->TextSearch($request->input('search'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($groups) && ($request->get('offset') > $groups->count())) ? $groups->count() : $request->get('offset', 0);
+        if ($request->filled('name')) {
+            $groups->where('name', '=', $request->input('name'));
+        }

-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $groups->count()) ? $groups->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -55,9 +59,11 @@ class GroupsController extends Controller
     */
    public function store(Request $request)
    {
-        $this->authorize('create', Group::class);
+        $this->authorize('superadmin');
        $group = new Group;
-        $group->fill($request->all());
+
+        $group->name = $request->input('name');
+        $group->permissions = $request->input('permissions'); // Todo - some JSON validation stuff here

        if ($group->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.create.success')));
@@ -76,7 +82,7 @@ class GroupsController extends Controller
     */
    public function show($id)
    {
-        $this->authorize('view', Group::class);
+        $this->authorize('superadmin');
        $group = Group::findOrFail($id);

        return (new GroupsTransformer)->transformGroup($group);
@@ -93,9 +99,11 @@ class GroupsController extends Controller
     */
    public function update(Request $request, $id)
    {
-        $this->authorize('update', Group::class);
+        $this->authorize('superadmin');
        $group = Group::findOrFail($id);
-        $group->fill($request->all());
+
+        $group->name = $request->input('name');
+        $group->permissions = $request->input('permissions'); // Todo - some JSON validation stuff here

        if ($group->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.update.success')));
@@ -114,9 +122,8 @@ class GroupsController extends Controller
     */
    public function destroy($id)
    {
-        $this->authorize('delete', Group::class);
+        $this->authorize('superadmin');
        $group = Group::findOrFail($id);
-        $this->authorize('delete', $group);
        $group->delete();

        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/groups/message.delete.success')));
@@ -10,6 +10,7 @@ use App\Models\Asset;
 use App\Models\Company;
 use App\Models\Import;
 use Artisan;
+use Illuminate\Database\Eloquent\JsonEncodingException;
 use Illuminate\Support\Facades\Request;
 use Illuminate\Support\Facades\Session;
 use Illuminate\Support\Facades\Storage;
@@ -35,7 +36,7 @@ class ImportController extends Controller
     * Process and store a CSV upload file.
     *
     * @param  \Illuminate\Http\Request  $request
-     * @return \Illuminate\Http\Response
+     * @return \Illuminate\Http\JsonResponse
     */
    public function store()
    {
@@ -56,7 +57,7 @@ class ImportController extends Controller
                    'text/tsv', ])) {
                    $results['error'] = 'File type must be CSV. Uploaded file is '.$file->getMimeType();

-                    return response()->json(Helper::formatStandardApiResponse('error', null, $results['error']), 500);
+                    return response()->json(Helper::formatStandardApiResponse('error', null, $results['error']), 422);
                }

                //TODO: is there a lighter way to do this?
@@ -64,7 +65,19 @@ class ImportController extends Controller
                    ini_set('auto_detect_line_endings', '1');
                }
                $reader = Reader::createFromFileObject($file->openFile('r')); //file pointer leak?
-                $import->header_row = $reader->fetchOne(0);
+
+                try {
+                    $import->header_row = $reader->fetchOne(0);
+                } catch (JsonEncodingException $e) {
+                    return response()->json(
+                        Helper::formatStandardApiResponse(
+                            'error',
+                            null,
+                            trans('admin/hardware/message.import.header_row_has_malformed_characters')
+                        ),
+                        422
+                    );
+                }

                //duplicate headers check
                $duplicate_headers = [];
@@ -82,11 +95,22 @@ class ImportController extends Controller
                    }
                }
                if (count($duplicate_headers) > 0) {
-                    return response()->json(Helper::formatStandardApiResponse('error', null, implode('; ', $duplicate_headers)), 500); //should this be '4xx'?
+                    return response()->json(Helper::formatStandardApiResponse('error', null, implode('; ', $duplicate_headers)),422);
                }

-                // Grab the first row to display via ajax as the user picks fields
-                $import->first_row = $reader->fetchOne(1);
+                try {
+                    // Grab the first row to display via ajax as the user picks fields
+                    $import->first_row = $reader->fetchOne(1);
+                } catch (JsonEncodingException $e) {
+                    return response()->json(
+                        Helper::formatStandardApiResponse(
+                            'error',
+                            null,
+                            trans('admin/hardware/message.import.content_row_has_malformed_characters')
+                        ),
+                        422
+                    );
+                }

                $date = date('Y-m-d-his');
                $fixed_filename = str_slug($file->getClientOriginalName());
@@ -102,18 +126,25 @@ class ImportController extends Controller
                }
                $file_name = date('Y-m-d-his').'-'.$fixed_filename;
                $import->file_path = $file_name;
+                $import->filesize = null;
+
+                if (!file_exists($path.'/'.$file_name)) {
+                    return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.file_not_found')), 500);
+                }
+
                $import->filesize = filesize($path.'/'.$file_name);
+                
                $import->save();
                $results[] = $import;
            }
            $results = (new ImportsTransformer)->transformImports($results);

-            return [
+            return response()->json([
                'files' => $results,
-            ];
+            ]);
        }

-        return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.feature_disabled')), 500);
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.feature_disabled')), 422);
    }

    /**
@@ -127,9 +158,9 @@ class ImportController extends Controller
        $this->authorize('import');

        // Run a backup immediately before processing
-        if ($request->has('run-backup')) {
+        if ($request->get('run-backup')) {
            \Log::debug('Backup manually requested via importer');
-            Artisan::call('backup:run');
+            Artisan::call('snipeit:backup', ['--filename' => 'pre-import-backup-'.date('Y-m-d-H:i:s')]);
        } else {
            \Log::debug('NO BACKUP requested via importer');
        }
@@ -162,6 +193,9 @@ class ImportController extends Controller
            case 'user':
                $redirectTo = 'users.index';
                break;
+            case 'location':
+                $redirectTo = 'locations.index';
+                break;
        }

        if ($errors) { //Failure
@@ -39,8 +39,10 @@ class LicenseSeatsController extends Controller
            }

            $total = $seats->count();
-            $offset = (($seats) && (request('offset') > $total)) ? 0 : request('offset', 0);
-            $limit = request('limit', 50);
+
+            // Make sure the offset and limit are actually integers and do not exceed system limits
+            $offset = ($request->input('offset') > $seats->count()) ? $seats->count() : abs($request->input('offset'));
+            $limit = app('api_limit_value');

            $seats = $seats->skip($offset)->take($limit)->get();

@@ -116,16 +118,20 @@ class LicenseSeatsController extends Controller
            return response()->json(Helper::formatStandardApiResponse('success', $licenseSeat, trans('admin/licenses/message.update.success')));
        }

+        // the logging functions expect only one "target". if both asset and user are present in the request,
+        // we simply let assets take precedence over users...
+        if ($licenseSeat->isDirty('assigned_to')) {
+            $target = $is_checkin ? $oldUser : User::find($licenseSeat->assigned_to);
+        }
+        if ($licenseSeat->isDirty('asset_id')) {
+            $target = $is_checkin ? $oldAsset : Asset::find($licenseSeat->asset_id);
+        }
+
+        if (is_null($target)){
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Target not found'));
+        }
+
        if ($licenseSeat->save()) {
-            // the logging functions expect only one "target". if both asset and user are present in the request,
-            // we simply let assets take precedence over users...
-            $changes = $licenseSeat->getChanges();
-            if (array_key_exists('assigned_to', $changes)) {
-                $target = $is_checkin ? $oldUser : User::find($changes['assigned_to']);
-            }
-            if (array_key_exists('asset_id', $changes)) {
-                $target = $is_checkin ? $oldAsset : Asset::find($changes['asset_id']);
-            }

            if ($is_checkin) {
                $licenseSeat->logCheckin($target, $request->input('note'));
@@ -26,8 +26,8 @@ class LicensesController extends Controller
    public function index(Request $request)
    {
        $this->authorize('view', License::class);
-        $licenses = Company::scopeCompanyables(License::with('company', 'manufacturer', 'supplier','category')->withCount('freeSeats as free_seats_count'));

+        $licenses = License::with('company', 'manufacturer', 'supplier','category')->withCount('freeSeats as free_seats_count');

        if ($request->filled('company_id')) {
            $licenses->where('company_id', '=', $request->input('company_id'));
@@ -73,9 +73,6 @@ class LicensesController extends Controller
            $licenses->where('depreciation_id', '=', $request->input('depreciation_id'));
        }

-        if ($request->filled('supplier_id')) {
-            $licenses->where('supplier_id', '=', $request->input('supplier_id'));
-        }

        if (($request->filled('maintained')) && ($request->input('maintained')=='true')) {
            $licenses->where('maintained','=',1);
@@ -97,12 +94,9 @@ class LicensesController extends Controller
            $licenses->onlyTrashed();
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($licenses) && ($request->get('offset') > $licenses->count())) ? $licenses->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $licenses->count()) ? $licenses->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';

@@ -27,7 +27,7 @@ class LocationsController extends Controller
        $allowed_columns = [
            'id', 'name', 'address', 'address2', 'city', 'state', 'country', 'zip', 'created_at',
            'updated_at', 'manager_id', 'image',
-            'assigned_assets_count', 'users_count', 'assets_count', 'currency', 'ldap_ou', ];
+            'assigned_assets_count', 'users_count', 'assets_count','assigned_assets_count', 'assets_count', 'rtd_assets_count', 'currency', 'ldap_ou', ];

        $locations = Location::with('parent', 'manager', 'children')->select([
            'locations.id',
@@ -47,20 +47,46 @@ class LocationsController extends Controller
            'locations.currency',
        ])->withCount('assignedAssets as assigned_assets_count')
            ->withCount('assets as assets_count')
+            ->withCount('rtd_assets as rtd_assets_count')
            ->withCount('users as users_count');

        if ($request->filled('search')) {
            $locations = $locations->TextSearch($request->input('search'));
        }

-        $offset = (($locations) && (request('offset') > $locations->count())) ? $locations->count() : request('offset', 0);
+        if ($request->filled('name')) {
+            $locations->where('locations.name', '=', $request->input('name'));
+        }

-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        if ($request->filled('address')) {
+            $locations->where('locations.address', '=', $request->input('address'));
+        }
+
+        if ($request->filled('address2')) {
+            $locations->where('locations.address2', '=', $request->input('address2'));
+        }
+
+        if ($request->filled('city')) {
+            $locations->where('locations.city', '=', $request->input('city'));
+        }
+
+        if ($request->filled('zip')) {
+            $locations->where('locations.zip', '=', $request->input('zip'));
+        }
+
+        if ($request->filled('country')) {
+            $locations->where('locations.country', '=', $request->input('country'));
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $locations->count()) ? $locations->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';

+
+
        switch ($request->input('sort')) {
            case 'parent':
                $locations->OrderParent($order);
@@ -133,7 +159,9 @@ class LocationsController extends Controller
            ])
            ->withCount('assignedAssets as assigned_assets_count')
            ->withCount('assets as assets_count')
-            ->withCount('users as users_count')->findOrFail($id);
+            ->withCount('rtd_assets as rtd_assets_count')
+            ->withCount('users as users_count')
+            ->findOrFail($id);

        return (new LocationsTransformer)->transformLocation($location);
    }
@@ -23,10 +23,10 @@ class ManufacturersController extends Controller
    public function index(Request $request)
    {
        $this->authorize('view', Manufacturer::class);
-        $allowed_columns = ['id', 'name', 'url', 'support_url', 'support_email', 'support_phone', 'created_at', 'updated_at', 'image', 'assets_count', 'consumables_count', 'components_count', 'licenses_count'];
+        $allowed_columns = ['id', 'name', 'url', 'support_url', 'support_email', 'warranty_lookup_url', 'support_phone', 'created_at', 'updated_at', 'image', 'assets_count', 'consumables_count', 'components_count', 'licenses_count'];

        $manufacturers = Manufacturer::select(
-            ['id', 'name', 'url', 'support_url', 'support_email', 'support_phone', 'created_at', 'updated_at', 'image', 'deleted_at']
+            ['id', 'name', 'url', 'support_url', 'warranty_lookup_url', 'support_email', 'support_phone', 'created_at', 'updated_at', 'image', 'deleted_at']
        )->withCount('assets as assets_count')->withCount('licenses as licenses_count')->withCount('consumables as consumables_count')->withCount('accessories as accessories_count');

        if ($request->input('deleted') == 'true') {
@@ -37,12 +37,33 @@ class ManufacturersController extends Controller
            $manufacturers = $manufacturers->TextSearch($request->input('search'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($manufacturers) && ($request->get('offset') > $manufacturers->count())) ? $manufacturers->count() : $request->get('offset', 0);
+        if ($request->filled('name')) {
+            $manufacturers->where('name', '=', $request->input('name'));
+        }

-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        if ($request->filled('url')) {
+            $manufacturers->where('url', '=', $request->input('url'));
+        }
+
+        if ($request->filled('support_url')) {
+            $manufacturers->where('support_url', '=', $request->input('support_url'));
+        }
+
+        if ($request->filled('warranty_lookup_url')) {
+            $manufacturers->where('warranty_lookup_url', '=', $request->input('warranty_lookup_url'));
+        }
+
+        if ($request->filled('support_phone')) {
+            $manufacturers->where('support_phone', '=', $request->input('support_phone'));
+        }
+
+        if ($request->filled('support_email')) {
+            $manufacturers->where('support_email', '=', $request->input('support_email'));
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $manufacturers->count()) ? $manufacturers->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -29,8 +29,10 @@ class PredefinedKitsController extends Controller
            $kits = $kits->TextSearch($request->input('search'));
        }

-        $offset = $request->input('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $kits->count()) ? $kits->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');
+
        $order = $request->input('order') === 'desc' ? 'desc' : 'asc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'name';
        $kits->orderBy($sort, $order);
@@ -5,10 +5,37 @@ namespace App\Http\Controllers\Api;
 use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Models\CheckoutRequest;
-use Auth;
+use Illuminate\Http\Response;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Http\Request;
+use Laravel\Passport\TokenRepository;
+use Illuminate\Contracts\Validation\Factory as ValidationFactory;
+use Illuminate\Support\Facades\Gate;
+use DB;

 class ProfileController extends Controller
 {
+
+    /**
+     * The token repository implementation.
+     *
+     * @var \Laravel\Passport\TokenRepository
+     */
+    protected $tokenRepository;
+
+    /**
+     * Create a controller instance.
+     *
+     * @param  \Laravel\Passport\TokenRepository  $tokenRepository
+     * @param  \Illuminate\Contracts\Validation\Factory  $validation
+     * @return void
+     */
+    public function __construct(TokenRepository $tokenRepository, ValidationFactory $validation)
+    {
+        $this->validation = $validation;
+        $this->tokenRepository = $tokenRepository;
+    }
+
    /**
     * Display a listing of requested assets.
     *
@@ -42,4 +69,90 @@ class ProfileController extends Controller

        return $results;
    }
+
+
+    /**
+     * Delete an API token
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.0.5]
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function createApiToken(Request $request) {
+
+        if (!Gate::allows('self.api')) {
+            abort(403);
+        }
+
+        $accessTokenName = $request->input('name', 'Auth Token');
+
+        if ($accessToken = Auth::user()->createToken($accessTokenName)->accessToken) {
+
+            // Get the ID so we can return that with the payload
+            $token = DB::table('oauth_access_tokens')->where('user_id', '=', Auth::user()->id)->where('name','=',$accessTokenName)->orderBy('created_at', 'desc')->first();
+            $accessTokenData['id'] = $token->id;
+            $accessTokenData['token'] = $accessToken;
+            $accessTokenData['name'] = $accessTokenName;
+            return response()->json(Helper::formatStandardApiResponse('success', $accessTokenData, 'Personal access token '.$accessTokenName.' created successfully'));
+        }
+        return response()->json(Helper::formatStandardApiResponse('error', null, 'Token could not be created.'));
+
+    }
+
+
+    /**
+     * Delete an API token
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.0.5]
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function deleteApiToken($tokenId) {
+
+        if (!Gate::allows('self.api')) {
+            abort(403);
+        }
+
+        $token = $this->tokenRepository->findForUser(
+            $tokenId, Auth::user()->getAuthIdentifier()
+        );
+
+        if (is_null($token)) {
+            return new Response('', 404);
+        }
+
+        $token->revoke();
+
+        return new Response('', Response::HTTP_NO_CONTENT);
+
+    }
+
+
+    /**
+     * Show user's API tokens
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.0.5]
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function showApiTokens(Request $request) {
+
+        if (!Gate::allows('self.api')) {
+            abort(403);
+        }
+        
+        $tokens = $this->tokenRepository->forUser(Auth::user()->getAuthIdentifier());
+        $token_values = $tokens->load('client')->filter(function ($token) {
+            return $token->client->personal_access_client && ! $token->revoked;
+        })->values();
+
+        return response()->json(Helper::formatStandardApiResponse('success', $token_values, null));
+
+    }
+
+
+
 }
@@ -20,7 +20,7 @@ class ReportsController extends Controller
    {
        $this->authorize('reports.view');

-        $actionlogs = Actionlog::with('item', 'user', 'target', 'location');
+        $actionlogs = Actionlog::with('item', 'user', 'admin', 'target', 'location');

        if ($request->filled('search')) {
            $actionlogs = $actionlogs->TextSearch(e($request->input('search')));
@@ -54,11 +54,15 @@ class ReportsController extends Controller
            'note',
        ];

+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $actionlogs->count()) ? $actionlogs->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');
+
        $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'created_at';
        $order = ($request->input('order') == 'asc') ? 'asc' : 'desc';
-        $offset = request('offset', 0);
-        $limit = request('limit', 50);
        $total = $actionlogs->count();
+
        $actionlogs = $actionlogs->orderBy($sort, $order)->skip($offset)->take($limit)->get();

        return response()->json((new ActionlogsTransformer)->transformActionlogs($actionlogs, $total), 200, ['Content-Type' => 'application/json;charset=utf8'], JSON_UNESCAPED_UNICODE);
@@ -2,6 +2,9 @@

 namespace App\Http\Controllers\Api;

+use App\Helpers\Helper;
+use App\Helpers\StorageHelper;
+use App\Http\Transformers\DatatablesTransformer;
 use Illuminate\Http\Request;
 use App\Http\Controllers\Controller;
 use App\Models\Ldap;
@@ -140,47 +143,6 @@ class SettingsController extends Controller

    }

-    public function slacktest(SlackSettingsRequest $request)
-    {
-
-        $validator = Validator::make($request->all(), [
-            'slack_endpoint'                      => 'url|required_with:slack_channel|starts_with:https://hooks.slack.com/|nullable',
-            'slack_channel'                       => 'required_with:slack_endpoint|starts_with:#|nullable',
-        ]);
-
-        if ($validator->fails()) {
-            return response()->json(['message' => 'Validation failed', 'errors' => $validator->errors()], 422);
-        }
-
-        // If validation passes, continue to the curl request
-            $slack = new Client([
-                'base_url' => e($request->input('slack_endpoint')),
-                'defaults' => [
-                    'exceptions' => false,
-                ],
-            ]);
-
-            $payload = json_encode(
-                [
-                    'channel'    => e($request->input('slack_channel')),
-                    'text'       => trans('general.slack_test_msg'),
-                    'username'    => e($request->input('slack_botname')),
-                    'icon_emoji' => ':heart:',
-                ]);
-
-            try {
-                $slack->post($request->input('slack_endpoint'), ['body' => $payload]);
-                return response()->json(['message' => 'Success'], 200);
-
-            } catch (\Exception $e) {
-                return response()->json(['message' => 'Please check the channel name and webhook endpoint URL ('.e($request->input('slack_endpoint')).'). Slack responded with: '.$e->getMessage()], 400);
-            }
-
-        //} 
-        return response()->json(['message' => 'Something went wrong :( '], 400);
-    }
-
-
    /**
     * Test the email configuration
     *
@@ -265,4 +227,52 @@ class SettingsController extends Controller

        return (new LoginAttemptsTransformer)->transformLoginAttempts($login_attempt_results, $total);
    }
+
+
+    public function listBackups() {
+        $settings = Setting::getSettings();
+        $path = 'app/backups';
+        $backup_files = Storage::files($path);
+        $files_raw = [];
+        $count = 0;
+
+        if (count($backup_files) > 0) {
+
+            for ($f = 0; $f < count($backup_files); $f++) {
+
+                // Skip dotfiles like .gitignore and .DS_STORE
+                if ((substr(basename($backup_files[$f]), 0, 1) != '.')) {
+                    $file_timestamp = Storage::lastModified($backup_files[$f]);
+
+                    $files_raw[] = [
+                        'filename' => basename($backup_files[$f]),
+                        'filesize' => Setting::fileSizeConvert(Storage::size($backup_files[$f])),
+                        'modified_value' => $file_timestamp,
+                        'modified_display' => date($settings->date_display_format.' '.$settings->time_display_format, $file_timestamp),
+
+                    ];
+                    $count++;
+                }
+
+
+            }
+        }
+
+        $files = array_reverse($files_raw);
+        return (new DatatablesTransformer)->transformDatatables($files, $count);
+
+    }
+
+
+    public function downloadBackup($file) {
+
+        $path = 'app/backups';
+        if (Storage::exists($path.'/'.$file)) {
+            $headers = ['ContentType' => 'application/zip'];
+            return Storage::download($path.'/'.$file, $file, $headers);
+        } else {
+            return response()->json(Helper::formatStandardApiResponse('error', null,  trans('general.file_not_found')));
+        }
+
+    }
 }
@@ -5,10 +5,13 @@ namespace App\Http\Controllers\Api;
 use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Http\Transformers\AssetsTransformer;
+use App\Http\Transformers\SelectlistTransformer;
 use App\Http\Transformers\StatuslabelsTransformer;
 use App\Models\Asset;
 use App\Models\Statuslabel;
 use Illuminate\Http\Request;
+use App\Http\Transformers\PieChartTransformer;
+use Illuminate\Support\Arr;

 class StatuslabelsController extends Controller
 {
@@ -30,6 +33,10 @@ class StatuslabelsController extends Controller
            $statuslabels = $statuslabels->TextSearch($request->input('search'));
        }

+        if ($request->filled('name')) {
+            $statuslabels->where('name', '=', $request->input('name'));
+        }
+

        // if a status_type is passed, filter by that
        if ($request->filled('status_type')) {
@@ -44,12 +51,9 @@ class StatuslabelsController extends Controller
            }
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($statuslabels) && ($request->get('offset') > $statuslabels->count())) ? $statuslabels->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $statuslabels->count()) ? $statuslabels->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -184,43 +188,55 @@ class StatuslabelsController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v3.0]
-     * @return \Illuminate\Http\Response
+     * @return array
     */
    public function getAssetCountByStatuslabel()
    {
        $this->authorize('view', Statuslabel::class);
-
        $statuslabels = Statuslabel::withCount('assets')->get();
-
-        $labels = [];
-        $points = [];
-        $default_color_count = 0;
-        $colors_array = [];
+        $total = Array();

        foreach ($statuslabels as $statuslabel) {
-            if ($statuslabel->assets_count > 0) {
-                $labels[] = $statuslabel->name.' ('.number_format($statuslabel->assets_count).')';
-                $points[] = $statuslabel->assets_count;

-                if ($statuslabel->color != '') {
-                    $colors_array[] = $statuslabel->color;
-                } else {
-                    $colors_array[] = Helper::defaultChartColors($default_color_count);
-                }
-                $default_color_count++;
+            $total[$statuslabel->name]['label'] = $statuslabel->name;
+            $total[$statuslabel->name]['count'] = $statuslabel->assets_count;
+
+            if ($statuslabel->color != '') {
+                $total[$statuslabel->name]['color'] = $statuslabel->color;
            }
        }

-        $result = [
-            'labels' => $labels,
-            'datasets' => [[
-                'data' => $points,
-                'backgroundColor' => $colors_array,
-                'hoverBackgroundColor' =>  $colors_array,
-            ]],
-        ];
+        return (new PieChartTransformer())->transformPieChartDate($total);

-        return $result;
+    }
+
+    /**
+     * Show a count of assets by meta status type for pie chart
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.0.11]
+     * @return array
+     */
+    public function getAssetCountByMetaStatus()
+    {
+        $this->authorize('view', Statuslabel::class);
+
+        $total['rtd']['label'] = trans('general.ready_to_deploy');
+        $total['rtd']['count'] = Asset::RTD()->count();
+
+        $total['deployed']['label'] = trans('general.deployed');
+        $total['deployed']['count'] = Asset::Deployed()->count();
+
+        $total['archived']['label'] = trans('general.archived');
+        $total['archived']['count'] = Asset::Archived()->count();
+
+        $total['pending']['label'] = trans('general.pending');
+        $total['pending']['count'] = Asset::Pending()->count();
+
+        $total['undeployable']['label'] = trans('general.undeployable');
+        $total['undeployable']['count'] = Asset::Undeployable()->count();
+
+        return (new PieChartTransformer())->transformPieChartDate($total);
    }

    /**
@@ -276,4 +292,45 @@ class StatuslabelsController extends Controller

        return '0';
    }
+
+    /**
+     * Gets a paginated collection for the select2 menus
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.1.1]
+     * @see \App\Http\Transformers\SelectlistTransformer
+     */
+    public function selectlist(Request $request)
+    {
+
+        $this->authorize('view.selectlists');
+        $statuslabels = Statuslabel::orderBy('default_label', 'desc')->orderBy('name', 'asc')->orderBy('deployable', 'desc');
+
+        if ($request->filled('search')) {
+            $statuslabels = $statuslabels->where('name', 'LIKE', '%'.$request->get('search').'%');
+        }
+
+        if ($request->filled('deployable')) {
+            $statuslabels = $statuslabels->where('deployable', '=', '1');
+        }
+
+        if ($request->filled('pending')) {
+            $statuslabels = $statuslabels->where('pending', '=', '1');
+        }
+
+        if ($request->filled('archived')) {
+            $statuslabels = $statuslabels->where('archived', '=', '1');
+        }
+
+        $statuslabels = $statuslabels->orderBy('name', 'ASC')->paginate(50);
+
+        // Loop through and set some custom properties for the transformer to use.
+        // This lets us have more flexibility in special cases like assets, where
+        // they may not have a ->name value but we want to display something anyway
+        foreach ($statuslabels as $statuslabel) {
+            $statuslabels->use_text = $statuslabel->name;
+        }
+
+        return (new SelectlistTransformer)->transformSelectlist($statuslabels);
+    }
 }
@@ -23,23 +23,79 @@ class SuppliersController extends Controller
    public function index(Request $request)
    {
        $this->authorize('view', Supplier::class);
-        $allowed_columns = ['id', 'name', 'address', 'phone', 'contact', 'fax', 'email', 'image', 'assets_count', 'licenses_count', 'accessories_count', 'url'];
+        $allowed_columns = ['
+            id',
+            'name',
+            'address',
+            'phone',
+            'contact',
+            'fax',
+            'email',
+            'image',
+            'assets_count',
+            'licenses_count',
+            'accessories_count',
+            'components_count',
+            'consumables_count',
+            'url',
+        ];
        
        $suppliers = Supplier::select(
-                ['id', 'name', 'address', 'address2', 'city', 'state', 'country', 'fax', 'phone', 'email', 'contact', 'created_at', 'updated_at', 'deleted_at', 'image', 'notes']
-            )->withCount('assets as assets_count')->withCount('licenses as licenses_count')->withCount('accessories as accessories_count');
+                ['id', 'name', 'address', 'address2', 'city', 'state', 'country', 'fax', 'phone', 'email', 'contact', 'created_at', 'updated_at', 'deleted_at', 'image', 'notes'])
+                    ->withCount('assets as assets_count')
+                    ->withCount('licenses as licenses_count')
+                    ->withCount('accessories as accessories_count')
+                    ->withCount('components as components_count')
+                    ->withCount('consumables as consumables_count');


        if ($request->filled('search')) {
            $suppliers = $suppliers->TextSearch($request->input('search'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($suppliers) && ($request->get('offset') > $suppliers->count())) ? $suppliers->count() : $request->get('offset', 0);
+        if ($request->filled('name')) {
+            $suppliers->where('name', '=', $request->input('name'));
+        }

-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        if ($request->filled('address')) {
+            $suppliers->where('address', '=', $request->input('address'));
+        }
+
+        if ($request->filled('address2')) {
+            $suppliers->where('address2', '=', $request->input('address2'));
+        }
+
+        if ($request->filled('city')) {
+            $suppliers->where('city', '=', $request->input('city'));
+        }
+
+        if ($request->filled('zip')) {
+            $suppliers->where('zip', '=', $request->input('zip'));
+        }
+
+        if ($request->filled('country')) {
+            $suppliers->where('country', '=', $request->input('country'));
+        }
+
+        if ($request->filled('fax')) {
+            $suppliers->where('fax', '=', $request->input('fax'));
+        }
+
+        if ($request->filled('email')) {
+            $suppliers->where('email', '=', $request->input('email'));
+        }
+
+        if ($request->filled('url')) {
+            $suppliers->where('url', '=', $request->input('url'));
+        }
+
+        if ($request->filled('notes')) {
+            $suppliers->where('notes', '=', $request->input('notes'));
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $suppliers->count()) ? $suppliers->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -15,10 +15,12 @@ use App\Models\Asset;
 use App\Models\Company;
 use App\Models\License;
 use App\Models\User;
+use App\Notifications\CurrentInventory;
 use Auth;
 use Illuminate\Http\Request;
 use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Facades\Validator;

 class UsersController extends Controller
 {
@@ -36,6 +38,7 @@ class UsersController extends Controller

        $users = User::select([
            'users.activated',
+            'users.created_by',
            'users.address',
            'users.avatar',
            'users.city',
@@ -65,8 +68,12 @@ class UsersController extends Controller
            'users.zip',
            'users.remote',
            'users.ldap_import',
+            'users.start_date',
+            'users.end_date',
+            'users.vip',
+            'users.autoassign_licenses',

-        ])->with('manager', 'groups', 'userloc', 'company', 'department', 'assets', 'licenses', 'accessories', 'consumables')
+        ])->with('manager', 'groups', 'userloc', 'company', 'department', 'assets', 'licenses', 'accessories', 'consumables', 'createdBy',)
            ->withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count');
        $users = Company::scopeCompanyables($users);

@@ -89,6 +96,10 @@ class UsersController extends Controller
            $users = $users->where('users.location_id', '=', $request->input('location_id'));
        }

+        if ($request->filled('created_by')) {
+            $users = $users->where('users.created_by', '=', $request->input('created_by'));
+        }
+
        if ($request->filled('email')) {
            $users = $users->where('users.email', '=', $request->input('email'));
        }
@@ -141,6 +152,26 @@ class UsersController extends Controller
            $users = $users->where('remote', '=', $request->input('remote'));
        }

+        if ($request->filled('vip')) {
+            $users = $users->where('vip', '=', $request->input('vip'));
+        }
+
+        if ($request->filled('two_factor_enrolled')) {
+            $users = $users->where('two_factor_enrolled', '=', $request->input('two_factor_enrolled'));
+        }
+
+        if ($request->filled('two_factor_optin')) {
+            $users = $users->where('two_factor_optin', '=', $request->input('two_factor_optin'));
+        }
+
+        if ($request->filled('start_date')) {
+            $users = $users->where('users.start_date', '=', $request->input('start_date'));
+        }
+
+        if ($request->filled('end_date')) {
+            $users = $users->where('users.end_date', '=', $request->input('end_date'));
+        }
+
        if ($request->filled('assets_count')) {
           $users->has('assets', '=', $request->input('assets_count'));
        }
@@ -157,19 +188,19 @@ class UsersController extends Controller
            $users->has('accessories', '=', $request->input('accessories_count'));
        }

+        if ($request->filled('autoassign_licenses')) {
+            $users->where('autoassign_licenses', '=', $request->input('autoassign_licenses'));
+        }
+
        if ($request->filled('search')) {
            $users = $users->TextSearch($request->input('search'));
        }

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-        $offset = (($users) && (request('offset') > $users->count())) ? 0 : request('offset', 0);

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($users) && ($request->get('offset') > $users->count())) ? $users->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $users->count()) ? $users->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');


        switch ($request->input('sort')) {
@@ -182,17 +213,58 @@ class UsersController extends Controller
            case 'department':
                $users = $users->OrderDepartment($order);
                break;
+            case 'created_by':
+                $users = $users->OrderByCreatedBy($order);
+                break;
            case 'company':
                $users = $users->OrderCompany($order);
                break;
+            case 'first_name':
+                $users->orderBy('first_name', $order);
+                $users->orderBy('last_name', $order);
+                break;
+            case 'last_name':
+                $users->orderBy('last_name', $order);
+                $users->orderBy('first_name', $order);
+                break;
            default:
                $allowed_columns =
                    [
-                        'last_name', 'first_name', 'email', 'jobtitle', 'username', 'employee_num',
-                        'assets', 'accessories', 'consumables', 'licenses', 'groups', 'activated', 'created_at',
-                        'two_factor_enrolled', 'two_factor_optin', 'last_login', 'assets_count', 'licenses_count',
-                        'consumables_count', 'accessories_count', 'phone', 'address', 'city', 'state',
-                        'country', 'zip', 'id', 'ldap_import', 'remote',
+                        'last_name',
+                        'first_name',
+                        'email',
+                        'jobtitle',
+                        'username',
+                        'employee_num',
+                        'assets',
+                        'accessories',
+                        'consumables',
+                        'licenses',
+                        'groups',
+                        'activated',
+                        'created_at',
+                        'two_factor_enrolled',
+                        'two_factor_optin',
+                        'last_login',
+                        'assets_count',
+                        'licenses_count',
+                        'consumables_count',
+                        'accessories_count',
+                        'phone',
+                        'address',
+                        'city',
+                        'state',
+                        'country',
+                        'zip',
+                        'id',
+                        'ldap_import',
+                        'two_factor_optin',
+                        'two_factor_enrolled',
+                        'remote',
+                        'vip',
+                        'start_date',
+                        'end_date',
+                        'autoassign_licenses',
                    ];

                $sort = in_array($request->get('sort'), $allowed_columns) ? $request->get('sort') : 'first_name';
@@ -231,9 +303,11 @@ class UsersController extends Controller
        $users = Company::scopeCompanyables($users);

        if ($request->filled('search')) {
-            $users = $users->SimpleNameSearch($request->get('search'))
-                ->orWhere('username', 'LIKE', '%'.$request->get('search').'%')
-                ->orWhere('employee_num', 'LIKE', '%'.$request->get('search').'%');
+            $users = $users->where(function ($query) use ($request) {
+                $query->SimpleNameSearch($request->get('search'))
+                    ->orWhere('username', 'LIKE', '%'.$request->get('search').'%')
+                    ->orWhere('employee_num', 'LIKE', '%'.$request->get('search').'%');
+            });
        }

        $users = $users->orderBy('last_name', 'asc')->orderBy('first_name', 'asc');
@@ -288,7 +362,7 @@ class UsersController extends Controller
            $user->permissions = $permissions_array;
        }

-        $tmp_pass = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, 20);
+        $tmp_pass = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, 40);
        $user->password = bcrypt($request->get('password', $tmp_pass));

        app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'image', 'avatars', 'avatar');
@@ -394,6 +468,13 @@ class UsersController extends Controller

            // Check if the request has groups passed and has a value
            if ($request->filled('groups')) {
+                $validator = Validator::make($request->all(), [
+                    'groups.*' => 'integer|exists:permission_groups,id',
+                ]);
+                
+                if ($validator->fails()){
+                    return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
+                }
                $user->groups()->sync($request->input('groups'));
            // The groups field has been passed but it is null, so we should blank it out
            } elseif ($request->has('groups')) {
@@ -471,6 +552,27 @@ class UsersController extends Controller
        return (new AssetsTransformer)->transformAssets($assets, $assets->count(), $request);
    }

+    /**
+     * Notify a specific user via email with all of their assigned assets.
+     *
+     * @author [Lukas Fehling] [<lukas.fehling@adabay.rocks>]
+     * @since [v6.0.13]
+     * @param Request $request
+     * @param $id
+     * @return string JSON
+     */
+    public function emailAssetList(Request $request, $id)
+    {
+        $user = User::findOrFail($id);
+
+        if (empty($user->email)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.inventorynotification.error')));
+        }
+
+        $user->notify((new CurrentInventory($user)));
+ 
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.inventorynotification.success')));
+    }

    /**
     * Return JSON containing a list of consumables assigned to a user.
@@ -519,10 +621,14 @@ class UsersController extends Controller
    {
        $this->authorize('view', User::class);
        $this->authorize('view', License::class);
-        $user = User::where('id', $id)->withTrashed()->first();
-        $licenses = $user->licenses()->get();
+        
+        if ($user = User::where('id', $id)->withTrashed()->first()) {
+            $licenses = $user->licenses()->get();
+            return (new LicensesTransformer())->transformLicenses($licenses, $licenses->count());
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.user_not_found', compact('id'))));

-        return (new LicensesTransformer())->transformLicenses($licenses, $licenses->count());
    }

    /**
@@ -101,7 +101,7 @@ class AssetMaintenancesController extends Controller
        $assetMaintenance = new AssetMaintenance();
        $assetMaintenance->supplier_id = $request->input('supplier_id');
        $assetMaintenance->is_warranty = $request->input('is_warranty');
-        $assetMaintenance->cost = Helper::ParseCurrency($request->input('cost'));
+        $assetMaintenance->cost = $request->input('cost');
        $assetMaintenance->notes = $request->input('notes');
        $asset = Asset::find($request->input('asset_id'));

@@ -211,7 +211,7 @@ class AssetMaintenancesController extends Controller

        $assetMaintenance->supplier_id = $request->input('supplier_id');
        $assetMaintenance->is_warranty = $request->input('is_warranty');
-        $assetMaintenance->cost =  Helper::ParseCurrency($request->input('cost'));
+        $assetMaintenance->cost =  $request->input('cost');
        $assetMaintenance->notes = $request->input('notes');

        $asset = Asset::find(request('asset_id'));
@@ -8,6 +8,7 @@ use App\Models\AssetModel;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\View;
+use Illuminate\Support\Facades\Validator;
 use Redirect;
 use Request;
 use Storage;
@@ -81,8 +82,8 @@ class AssetModelsController extends Controller
        $model->user_id = Auth::id();
        $model->requestable = Request::has('requestable');

-        if ($request->input('custom_fieldset') != '') {
-            $model->fieldset_id = e($request->input('custom_fieldset'));
+        if ($request->input('fieldset_id') != '') {
+            $model->fieldset_id = e($request->input('fieldset_id'));
        }

        $model = $request->handleImages($model);
@@ -90,7 +91,9 @@ class AssetModelsController extends Controller
        // Was it created?
        if ($model->save()) {
            if ($this->shouldAddDefaultValues($request->input())) {
-                $this->assignCustomFieldsDefaultValues($model, $request->input('default_values'));
+                if (!$this->assignCustomFieldsDefaultValues($model, $request->input('default_values'))){
+                    return redirect()->back()->withInput()->with('error', trans('admin/custom_fields/message.fieldset_default_value.error'));
+                }
            }

            // Redirect to the new model  page
@@ -157,13 +160,15 @@ class AssetModelsController extends Controller

        $this->removeCustomFieldsDefaultValues($model);

-        if ($request->input('custom_fieldset') == '') {
+        if ($request->input('fieldset_id') == '') {
            $model->fieldset_id = null;
        } else {
-            $model->fieldset_id = $request->input('custom_fieldset');
+            $model->fieldset_id = $request->input('fieldset_id');

            if ($this->shouldAddDefaultValues($request->input())) {
-                $this->assignCustomFieldsDefaultValues($model, $request->input('default_values'));
+                if (!$this->assignCustomFieldsDefaultValues($model, $request->input('default_values'))){
+                    return redirect()->back()->withInput()->with('error', trans('admin/custom_fields/message.fieldset_default_value.error'));
+                }
            }
        }

@@ -439,7 +444,7 @@ class AssetModelsController extends Controller
    {
        return ! empty($input['add_default_values'])
            && ! empty($input['default_values'])
-            && ! empty($input['custom_fieldset']);
+            && ! empty($input['fieldset_id']);
    }

    /**
@@ -451,6 +456,32 @@ class AssetModelsController extends Controller
     */
    private function assignCustomFieldsDefaultValues(AssetModel $model, array $defaultValues)
    {
+        $data = array();
+        foreach ($defaultValues as $customFieldId => $defaultValue) {
+            $customField = \App\Models\CustomField::find($customFieldId);
+
+            $data[$customField->db_column] = $defaultValue;
+        }
+
+        $fieldsets = $model->fieldset->validation_rules();
+        $rules = array();
+
+        foreach ($fieldsets as $fieldset => $validation){
+            // If the field is marked as required, eliminate the rule so it doesn't interfere with the default values
+            // (we are at model level, the rule still applies when creating a new asset using this model)
+            $index = array_search('required', $validation);
+            if ($index !== false){
+                $validation[$index] = 'nullable';
+            }
+            $rules[$fieldset] = $validation;
+        }
+
+        $validator = Validator::make($data, $rules);
+
+        if($validator->fails()){
+            return false;
+        }
+
        foreach ($defaultValues as $customFieldId => $defaultValue) {
            if(is_array($defaultValue)){
                $model->defaultValues()->attach($customFieldId, ['default_value' => implode(', ', $defaultValue)]);
@@ -458,6 +489,7 @@ class AssetModelsController extends Controller
                $model->defaultValues()->attach($customFieldId, ['default_value' => $defaultValue]);
            }
        }
+        return true;
    }

    /**
@@ -0,0 +1,155 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Helpers\StorageHelper;
+use App\Http\Requests\AssetFileRequest;
+use App\Models\Actionlog;
+use App\Models\AssetModel;
+use Illuminate\Support\Facades\Response;
+use Illuminate\Support\Facades\Storage;
+use enshrined\svgSanitize\Sanitizer;
+
+class AssetModelsFilesController extends Controller
+{
+    /**
+     * Upload a file to the server.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param AssetFileRequest $request
+     * @param int $modelId
+     * @return Redirect
+     * @since [v1.0]
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function store(AssetFileRequest $request, $modelId = null)
+    {
+        if (! $model = AssetModel::find($modelId)) {
+            return redirect()->route('models.index')->with('error', trans('admin/hardware/message.does_not_exist'));
+        }
+
+        $this->authorize('update', $model);
+
+        if ($request->hasFile('file')) {
+            if (! Storage::exists('private_uploads/assetmodels')) {
+                Storage::makeDirectory('private_uploads/assetmodels', 775);
+            }
+
+            foreach ($request->file('file') as $file) {
+
+                $extension = $file->getClientOriginalExtension();
+                $file_name = 'model-'.$model->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension;
+
+                // Check for SVG and sanitize it
+                if ($extension=='svg') {
+                    \Log::debug('This is an SVG');
+
+                    $sanitizer = new Sanitizer();
+                    $dirtySVG = file_get_contents($file->getRealPath());
+                    $cleanSVG = $sanitizer->sanitize($dirtySVG);
+
+                    try {
+                        Storage::put('private_uploads/assetmodels/'.$file_name, $cleanSVG);
+                    } catch (\Exception $e) {
+                        \Log::debug('Upload no workie :( ');
+                        \Log::debug($e);
+                    }
+                } else {
+                    Storage::put('private_uploads/assetmodels/'.$file_name, file_get_contents($file));
+                }
+
+
+                $model->logUpload($file_name, e($request->get('notes')));
+            }
+
+            return redirect()->back()->with('success', trans('general.file_upload_success'));
+        }
+
+        return redirect()->back()->with('error', trans('admin/hardware/message.upload.nofiles'));
+    }
+
+    /**
+     * Check for permissions and display the file.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param  int $modelId
+     * @param  int $fileId
+     * @since [v1.0]
+     * @return View
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function show($modelId = null, $fileId = null, $download = true)
+    {
+        $model = AssetModel::find($modelId);
+        // the asset is valid
+        if (isset($model->id)) {
+            $this->authorize('view', $model);
+
+            if (! $log = Actionlog::find($fileId)) {
+                return response('No matching record for that model/file', 500)
+                    ->header('Content-Type', 'text/plain');
+            }
+
+            $file = 'private_uploads/assetmodels/'.$log->filename;
+            \Log::debug('Checking for '.$file);
+
+
+            if (! Storage::exists($file)) {
+                return response('File '.$file.' not found on server', 404)
+                    ->header('Content-Type', 'text/plain');
+            }
+
+            if ($download != 'true') {
+                if ($contents = file_get_contents(Storage::url($file))) {
+                    return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
+                }
+
+                return JsonResponse::create(['error' => 'Failed validation: '], 500);
+            }
+
+            return StorageHelper::downloader($file);
+        }
+        // Prepare the error message
+        $error = trans('admin/hardware/message.does_not_exist', ['id' => $fileId]);
+
+        // Redirect to the hardware management page
+        return redirect()->route('hardware.index')->with('error', $error);
+    }
+
+    /**
+     * Delete the associated file
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param  int $modelId
+     * @param  int $fileId
+     * @since [v1.0]
+     * @return View
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function destroy($modelId = null, $fileId = null)
+    {
+        $model = AssetModel::find($modelId);
+        $this->authorize('update', $model);
+        $rel_path = 'private_uploads/assetmodels';
+
+        // the asset is valid
+        if (isset($model->id)) {
+            $this->authorize('update', $model);
+            $log = Actionlog::find($fileId);
+            if ($log) {
+                if (Storage::exists($rel_path.'/'.$log->filename)) {
+                    Storage::delete($rel_path.'/'.$log->filename);
+                }
+                $log->delete();
+
+                return redirect()->back()->with('success', trans('admin/hardware/message.deletefile.success'));
+            }
+
+            return redirect()->back()
+                ->with('success', trans('admin/hardware/message.deletefile.success'));
+        }
+
+        // Redirect to the hardware management page
+        return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
+    }
+}
@@ -27,7 +27,7 @@ class AssetCheckoutController extends Controller
    public function create($assetId)
    {
        // Check if the asset exists
-        if (is_null($asset = Asset::find(e($assetId)))) {
+        if (is_null($asset = Asset::with('company')->find(e($assetId)))) {
            return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
        }

@@ -12,14 +12,16 @@ use App\Models\CheckoutRequest;
 use App\Models\Company;
 use App\Models\Location;
 use App\Models\Setting;
+use App\Models\Statuslabel;
 use App\Models\User;
 use Auth;
 use Carbon\Carbon;
 use DB;
-use Gate;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Cache;
 use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Facades\Cookie;
 use Input;
 use Intervention\Image\Facades\Image;
 use League\Csv\Reader;
@@ -139,12 +141,14 @@ class AssetsController extends Controller
            $asset->depreciate              = '0';
            $asset->status_id               = request('status_id');
            $asset->warranty_months         = request('warranty_months', null);
-            $asset->purchase_cost           = Helper::ParseCurrency($request->get('purchase_cost'));
+            $asset->purchase_cost           = request('purchase_cost');
            $asset->purchase_date           = request('purchase_date', null);
+            $asset->asset_eol_date          = request('asset_eol_date', $asset->present()->eol_date());
            $asset->assigned_to             = request('assigned_to', null);
            $asset->supplier_id             = request('supplier_id', null);
            $asset->requestable             = request('requestable', 0);
            $asset->rtd_location_id         = request('rtd_location_id', null);
+            $asset->byod                    = request('byod', 0);

            if (! empty($settings->audit_interval)) {
                $asset->next_audit_date = Carbon::now()->addMonths($settings->audit_interval)->toDateString();
@@ -167,17 +171,17 @@ class AssetsController extends Controller
                foreach ($model->fieldset->fields as $field) {
                    if ($field->field_encrypted == '1') {
                        if (Gate::allows('admin')) {
-                            if (is_array($request->input($field->convertUnicodeDbSlug()))) {
-                                $asset->{$field->convertUnicodeDbSlug()} = \Crypt::encrypt(implode(', ', $request->input($field->convertUnicodeDbSlug())));
+                            if (is_array($request->input($field->db_column))) {
+                                $asset->{$field->db_column} = \Crypt::encrypt(implode(', ', $request->input($field->db_column)));
                            } else {
-                                $asset->{$field->convertUnicodeDbSlug()} = \Crypt::encrypt($request->input($field->convertUnicodeDbSlug()));
+                                $asset->{$field->db_column} = \Crypt::encrypt($request->input($field->db_column));
                            }
                        }
                    } else {
-                        if (is_array($request->input($field->convertUnicodeDbSlug()))) {
-                            $asset->{$field->convertUnicodeDbSlug()} = implode(', ', $request->input($field->convertUnicodeDbSlug()));
+                        if (is_array($request->input($field->db_column))) {
+                            $asset->{$field->db_column} = implode(', ', $request->input($field->db_column));
                        } else {
-                            $asset->{$field->convertUnicodeDbSlug()} = $request->input($field->convertUnicodeDbSlug());
+                            $asset->{$field->db_column} = $request->input($field->db_column);
                        }
                    }
                }
@@ -201,18 +205,30 @@ class AssetsController extends Controller
                }

                $success = true;
+                
            }
        }

        if ($success) {
            // Redirect to the asset listing page
+            $minutes = 518400;
+            // dd( $_POST['options']);
+            // Cookie::queue(Cookie::make('optional_info', json_decode($_POST['options']), $minutes));
            return redirect()->route('hardware.index')
                ->with('success', trans('admin/hardware/message.create.success'));
+               
+      
        }

        return redirect()->back()->withInput()->withErrors($asset->getErrors());
    }

+    public function getOptionCookie(Request $request){
+        $value = $request->cookie('optional_info');
+        echo $value;
+        return $value;
+     }
+
    /**
     * Returns a view that presents a form to edit an existing asset.
     *
@@ -297,7 +313,9 @@ class AssetsController extends Controller

        $asset->status_id = $request->input('status_id', null);
        $asset->warranty_months = $request->input('warranty_months', null);
-        $asset->purchase_cost = Helper::ParseCurrency($request->input('purchase_cost', null));
+        $asset->purchase_cost = $request->input('purchase_cost', null);
+        $asset->asset_eol_date  = request('asset_eol_date', null);
+
        $asset->purchase_date = $request->input('purchase_date', null);
        $asset->supplier_id = $request->input('supplier_id', null);
        $asset->expected_checkin = $request->input('expected_checkin', null);
@@ -305,6 +323,13 @@ class AssetsController extends Controller
        // If the box isn't checked, it's not in the request at all.
        $asset->requestable = $request->filled('requestable');
        $asset->rtd_location_id = $request->input('rtd_location_id', null);
+        $asset->byod = $request->input('byod', 0);
+
+        $status = Statuslabel::find($asset->status_id);
+
+        if($status->archived){
+            $asset->assigned_to = null;
+        }

        if ($asset->assigned_to == '') {
            $asset->location_id = $request->input('rtd_location_id', null);
@@ -343,17 +368,17 @@ class AssetsController extends Controller
            foreach ($model->fieldset->fields as $field) {
                if ($field->field_encrypted == '1') {
                    if (Gate::allows('admin')) {
-                        if (is_array($request->input($field->convertUnicodeDbSlug()))) {
-                            $asset->{$field->convertUnicodeDbSlug()} = \Crypt::encrypt(implode(', ', $request->input($field->convertUnicodeDbSlug())));
+                        if (is_array($request->input($field->db_column))) {
+                            $asset->{$field->db_column} = \Crypt::encrypt(implode(', ', $request->input($field->db_column)));
                        } else {
-                            $asset->{$field->convertUnicodeDbSlug()} = \Crypt::encrypt($request->input($field->convertUnicodeDbSlug()));
+                            $asset->{$field->db_column} = \Crypt::encrypt($request->input($field->db_column));
                        }
                    }
                } else {
-                    if (is_array($request->input($field->convertUnicodeDbSlug()))) {
-                        $asset->{$field->convertUnicodeDbSlug()} = implode(', ', $request->input($field->convertUnicodeDbSlug()));
+                    if (is_array($request->input($field->db_column))) {
+                        $asset->{$field->db_column} = implode(', ', $request->input($field->db_column));
                    } else {
-                        $asset->{$field->convertUnicodeDbSlug()} = $request->input($field->convertUnicodeDbSlug());
+                        $asset->{$field->db_column} = $request->input($field->db_column);
                    }
                }
            }
@@ -609,7 +634,11 @@ class AssetsController extends Controller
        $csv->setHeaderOffset(0);
        $header = $csv->getHeader();
        $isCheckinHeaderExplicit = in_array('checkin date', (array_map('strtolower', $header)));
-        $results = $csv->getRecords();
+        try {
+            $results = $csv->getRecords();
+        } catch (\Exception $e) {
+            return back()->with('error', trans('general.error_in_import_file', ['error' => $e->getMessage()]));
+        } 
        $item = [];
        $status = [];
        $status['error'] = [];
@@ -12,6 +12,7 @@ use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Session;
+use App\Http\Requests\AssetCheckoutRequest;

 class BulkAssetsController extends Controller
 {
@@ -28,39 +29,48 @@ class BulkAssetsController extends Controller
     */
    public function edit(Request $request)
    {
-        $this->authorize('update', Asset::class);
+        $this->authorize('view', Asset::class);

        if (! $request->filled('ids')) {
            return redirect()->back()->with('error', trans('admin/hardware/message.update.no_assets_selected'));
-
        }

        // Figure out where we need to send the user after the update is complete, and store that in the session
        $bulk_back_url = request()->headers->get('referer');
        session(['bulk_back_url' => $bulk_back_url]);

-        \Log::debug('Back to url: '.$bulk_back_url);
-
-
-
        $asset_ids = array_values(array_unique($request->input('ids')));

        if ($request->filled('bulk_actions')) {
            switch ($request->input('bulk_actions')) {
                case 'labels':
+                    $this->authorize('view', Asset::class);
                    return view('hardware/labels')
                        ->with('assets', Asset::find($asset_ids))
                        ->with('settings', Setting::getSettings())
                        ->with('bulkedit', true)
                        ->with('count', 0);
+
                case 'delete':
+                    $this->authorize('delete', Asset::class);
                    $assets = Asset::with('assignedTo', 'location')->find($asset_ids);
                    $assets->each(function ($asset) {
                        $this->authorize('delete', $asset);
                    });

                    return view('hardware/bulk-delete')->with('assets', $assets);
+                   
+                case 'restore':
+                    $this->authorize('update', Asset::class);
+                    $assets = Asset::withTrashed()->find($asset_ids); 
+                    $assets->each(function ($asset) {
+                        $this->authorize('delete', $asset);
+                    });
+
+                    return view('hardware/bulk-restore')->with('assets', $assets);
+
                case 'edit':
+                    $this->authorize('update', Asset::class);
                    return view('hardware/bulk')
                        ->with('assets', $asset_ids)
                        ->with('statuslabel_list', Helper::statusLabelList());
@@ -106,6 +116,11 @@ class BulkAssetsController extends Controller
            || ($request->filled('company_id'))
            || ($request->filled('status_id'))
            || ($request->filled('model_id'))
+            || ($request->filled('next_audit_date'))
+            || ($request->filled('null_purchase_date'))
+            || ($request->filled('null_expected_checkin_date'))
+            || ($request->filled('null_next_audit_date'))
+
        ) {
            foreach ($assets as $assetId) {

@@ -118,10 +133,23 @@ class BulkAssetsController extends Controller
                    ->conditionallyAddItem('requestable')
                    ->conditionallyAddItem('status_id')
                    ->conditionallyAddItem('supplier_id')
-                    ->conditionallyAddItem('warranty_months');
+                    ->conditionallyAddItem('warranty_months')
+                    ->conditionallyAddItem('next_audit_date');
+
+                if ($request->input('null_purchase_date')=='1') {
+                    $this->update_array['purchase_date'] = null;
+                }
+
+                if ($request->input('null_expected_checkin_date')=='1') {
+                    $this->update_array['expected_checkin'] = null;
+                }
+
+                if ($request->input('null_next_audit_date')=='1') {
+                    $this->update_array['next_audit_date'] = null;
+                }

                if ($request->filled('purchase_cost')) {
-                    $this->update_array['purchase_cost'] =  Helper::ParseCurrency($request->input('purchase_cost'));
+                    $this->update_array['purchase_cost'] =  $request->input('purchase_cost');
                }

                if ($request->filled('company_id')) {
@@ -243,7 +271,7 @@ class BulkAssetsController extends Controller
     * Process Multiple Checkout Request
     * @return View
     */
-    public function storeCheckout(Request $request)
+    public function storeCheckout(AssetCheckoutRequest $request)
    {

        $this->authorize('checkout', Asset::class);
@@ -254,7 +282,7 @@ class BulkAssetsController extends Controller
            $target = $this->determineCheckoutTarget();

            if (! is_array($request->get('selected_assets'))) {
-                return redirect()->route('hardware/bulkcheckout')->withInput()->with('error', trans('admin/hardware/message.checkout.no_assets_selected'));
+                return redirect()->route('hardware.bulkcheckout.show')->withInput()->with('error', trans('admin/hardware/message.checkout.no_assets_selected'));
            }

            $asset_ids = array_filter($request->get('selected_assets'));
@@ -282,7 +310,8 @@ class BulkAssetsController extends Controller
                foreach ($asset_ids as $asset_id) {
                    $asset = Asset::findOrFail($asset_id);
                    $this->authorize('checkout', $asset);
-                    $error = $asset->checkOut($target, $admin, $checkout_at, $expected_checkin, e($request->get('note')), null);
+
+                    $error = $asset->checkOut($target, $admin, $checkout_at, $expected_checkin, e($request->get('note')), $asset->name, null);

                    if ($target->location_id != '') {
                        $asset->location_id = $target->location_id;
@@ -301,9 +330,23 @@ class BulkAssetsController extends Controller
                return redirect()->to('hardware')->with('success', trans('admin/hardware/message.checkout.success'));
            }
            // Redirect to the asset management page with error
-            return redirect()->to('hardware/bulk-checkout')->with('error', trans('admin/hardware/message.checkout.error'))->withErrors($errors);
+            return redirect()->route('hardware.bulkcheckout.show')->with('error', trans('admin/hardware/message.checkout.error'))->withErrors($errors);
        } catch (ModelNotFoundException $e) {
-            return redirect()->to('hardware/bulk-checkout')->with('error', $e->getErrors());
+            return redirect()->route('hardware.bulkcheckout.show')->with('error', $e->getErrors());
+        }
+        
+    }
+    public function restore(Request $request) {
+        $this->authorize('update', Asset::class);
+       $assetIds = $request->get('ids');
+      if (empty($assetIds)) {
+          return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.restore.nothing_updated'));
+        } else {
+            foreach ($assetIds as $key => $assetId) {
+                    $asset = Asset::withTrashed()->find($assetId);
+                    $asset->restore(); 
+            } 
+        return redirect()->route('hardware.index')->with('success', trans('admin/hardware/message.restore.success'));
        }
    }
 }
@@ -116,7 +116,7 @@ class LoginController extends Controller
                    Auth::login($user);
                } else {
                    $username = $saml->getUsername();
-                    \Log::warning("SAML user '$username' could not be found in database.");
+                    \Log::debug("SAML user '$username' could not be found in database.");
                    $request->session()->flash('error', trans('auth/message.signin.error'));
                    $saml->clearData();
                }
@@ -127,7 +127,7 @@ class LoginController extends Controller
                }
                
            } catch (\Exception $e) {
-                \Log::warning('There was an error authenticating the SAML user: '.$e->getMessage());
+                \Log::debug('There was an error authenticating the SAML user: '.$e->getMessage());
                throw new \Exception($e->getMessage());
            }

@@ -135,14 +135,11 @@ class LoginController extends Controller
        } else {

            // Better logging
-            if (!$saml->isEnabled()) {
-                \Log::warning("SAML page requested, but SAML does not seem to enabled.");
-            } else {
-                \Log::warning("SAML page requested, but samlData seems empty.");
+            if (empty($samlData)) {
+                \Log::debug("SAML page requested, but samlData seems empty.");
            }
        }

-        \Log::warning("Something else went wrong while trying to login as SAML user");


    }
@@ -474,6 +471,11 @@ class LoginController extends Controller
        }

        $request->session()->regenerate(true);
+
+        if ($request->session()->has('password_hash_'.Auth::getDefaultDriver())){
+            $request->session()->remove('password_hash_'.Auth::getDefaultDriver());
+        }
+
        Auth::logout();

        if (! empty($sloRedirectUrl)) {
@@ -3,13 +3,11 @@
 namespace App\Http\Controllers\Auth;

 use App\Http\Controllers\Controller;
-use App\Http\Requests\SaveUserRequest;
 use App\Models\Setting;
 use App\Models\User;
 use Illuminate\Foundation\Auth\ResetsPasswords;
 use Illuminate\Http\Request;
-use Illuminate\Validation\Rule;
-use Illuminate\Validation\Validator;
+

 class ResetPasswordController extends Controller
 {
@@ -43,6 +41,7 @@ class ResetPasswordController extends Controller
    public function __construct()
    {
        $this->middleware('guest');
+        $this->middleware('throttle:10,1');
    }

    protected function rules()
@@ -63,6 +62,14 @@ class ResetPasswordController extends Controller

    public function showResetForm(Request $request, $token = null)
    {
+
+        $credentials =  $request->only('email', 'token');
+
+        if (is_null($this->broker()->getUser($credentials))) {
+            \Log::debug('Password reset form FAILED - this token is not valid.');
+            return redirect()->route('password.request')->with('error', trans('passwords.token'));
+        }
+
        return view('auth.passwords.reset')->with(
            [
                'token' => $token,
@@ -73,38 +80,53 @@ class ResetPasswordController extends Controller

    public function reset(Request $request)
    {
+
+        $broker = $this->broker();
+
        $messages = [
            'password.not_in' => trans('validation.disallow_same_pwd_as_user_fields'),
        ];

        $request->validate($this->rules(), $request->all(), $this->validationErrorMessages());

-        // Check to see if the user even exists
-        $user = User::where('username', '=', $request->input('username'))->first();
+        \Log::debug('Checking if '.$request->input('username').' exists');
+        // Check to see if the user even exists - we'll treat the response the same to prevent user sniffing
+        if ($user = User::where('username', '=', $request->input('username'))->where('activated', '1')->whereNotNull('email')->first()) {
+            \Log::debug($user->username.' exists');
+
+
+            // handle the password validation rules set by the admin settings
+            if (strpos(Setting::passwordComplexityRulesSaving('store'), 'disallow_same_pwd_as_user_fields') !== false) {
+                $request->validate(
+                    [
+                        'password' => 'required|notIn:["'.$user->email.'","'.$user->username.'","'.$user->first_name.'","'.$user->last_name.'"',
+                    ], $messages);
+            }
+
+
+            // set the response
+            $response = $broker->reset(
+                $this->credentials($request), function ($user, $password) {
+                $this->resetPassword($user, $password);
+            });
+
+            // Check if the password reset above actually worked
+            if ($response == \Password::PASSWORD_RESET) {
+                \Log::debug('Password reset for '.$user->username.' worked');
+                return redirect()->guest('login')->with('success', trans('passwords.reset'));
+            }
+
+            \Log::debug('Password reset for '.$user->username.' FAILED - this user exists but the token is not valid');
+            return redirect()->back()->withInput($request->only('email'))->with('success', trans('passwords.reset'));

-        $broker = $this->broker();
-        if (strpos(Setting::passwordComplexityRulesSaving('store'), 'disallow_same_pwd_as_user_fields') !== false) {
-            $request->validate(
-                [
-                'password' => 'required|notIn:["'.$user->email.'","'.$user->username.'","'.$user->first_name.'","'.$user->last_name.'"',
-            ], $messages);
        }

-        $response = $broker->reset(
-            $this->credentials($request), function ($user, $password) {
-                $this->resetPassword($user, $password);
-            }
-        );

-        return $response == \Password::PASSWORD_RESET
-            ? $this->sendResetResponse($request, $response)
-            : $this->sendResetFailedResponse($request, $response);
+        \Log::debug('Password reset for '.$request->input('username').' FAILED - user does not exist or does not have an email address - but make it look like it succeeded');
+        return redirect()->guest('login')->with('success', trans('passwords.reset'));
+
    }

-    protected function sendResetFailedResponse(Request $request, $response)
-    {
-        return redirect()->back()
-            ->withInput(['username'=> $request->input('username')])
-            ->withErrors(['username' => trans($response), 'password' => trans($response)]);
-    }
+
+
 }
@@ -142,6 +142,6 @@ class SamlController extends Controller
            return view('errors.403');
        }

-        return redirect()->route('logout')->with(['saml_logout' => true,'saml_slo_redirect_url' => $sloUrl]);
+        return redirect()->route('logout.get')->with(['saml_logout' => true,'saml_slo_redirect_url' => $sloUrl]);
    }
 }
@@ -92,7 +92,7 @@ class BulkAssetModelsController extends Controller
            AssetModel::whereIn('id', $models_raw_array)->update($update_array);

            return redirect()->route('models.index')
-                ->with('success', trans('admin/models/message.bulkedit.success'));
+                ->with('success', trans_choice('admin/models/message.bulkedit.success', count($models_raw_array), ['model_count' => count($models_raw_array)]));
        }

        return redirect()->route('models.index')
@@ -33,6 +33,11 @@ class ComponentCheckoutController extends Controller
        }
        $this->authorize('checkout', $component);

+        // Make sure there is at least one available to checkout
+        if ($component->numRemaining() <= 0){
+            return redirect()->route('components.index')->with('error', trans('admin/components/message.checkout.unavailable'));
+        }
+
        return view('components/checkout', compact('component'));
    }

@@ -50,7 +55,7 @@ class ComponentCheckoutController extends Controller
    public function store(Request $request, $componentId)
    {
        // Check if the component exists
-        if (is_null($component = Component::find($componentId))) {
+        if (!$component = Component::find($componentId)) {
            // Redirect to the component management page with error
            return redirect()->route('components.index')->with('error', trans('admin/components/message.not_found'));
        }
@@ -58,9 +63,15 @@ class ComponentCheckoutController extends Controller
        $this->authorize('checkout', $component);

        $max_to_checkout = $component->numRemaining();
+
+        // Make sure there are at least the requested number of components available to checkout
+        if ($max_to_checkout < $request->get('assigned_qty')) {
+            return redirect()->back()->withInput()->with('error', trans('admin/components/message.checkout.unavailable', ['remaining' => $max_to_checkout, 'requested' => $request->get('assigned_qty')]));
+        }
+
        $validator = Validator::make($request->all(), [
-            'asset_id'          => 'required',
-            'assigned_qty'      => "required|numeric|between:1,$max_to_checkout",
+            'asset_id'          => 'required|exists:assets,id',
+            'assigned_qty'      => "required|numeric|min:1|digits_between:1,$max_to_checkout",
        ]);

        if ($validator->fails()) {
@@ -69,24 +80,18 @@ class ComponentCheckoutController extends Controller
                ->withInput();
        }

-        $admin_user = Auth::user();
-        $asset_id = e($request->input('asset_id'));
-
        // Check if the user exists
-        if (is_null($asset = Asset::find($asset_id))) {
-            // Redirect to the component management page with error
-            return redirect()->route('components.index')->with('error', trans('admin/components/message.asset_does_not_exist'));
-        }
+        $asset = Asset::find($request->input('asset_id'));

        // Update the component data
-        $component->asset_id = $asset_id;
-
+        $component->asset_id = $request->input('asset_id');
        $component->assets()->attach($component->id, [
            'component_id' => $component->id,
-            'user_id' => $admin_user->id,
+            'user_id' => Auth::user(),
            'created_at' => date('Y-m-d H:i:s'),
            'assigned_qty' => $request->input('assigned_qty'),
-            'asset_id' => $asset_id,
+            'asset_id' => $request->input('asset_id'),
+            'note' => $request->input('note'),
        ]);

        event(new CheckoutableCheckedOut($component, $asset, Auth::user(), $request->input('note')));
@@ -71,13 +71,14 @@ class ComponentsController extends Controller
        $component = new Component();
        $component->name                   = $request->input('name');
        $component->category_id            = $request->input('category_id');
+        $component->supplier_id            = $request->input('supplier_id');
        $component->location_id            = $request->input('location_id');
        $component->company_id             = Company::getIdForCurrentUser($request->input('company_id'));
        $component->order_number           = $request->input('order_number', null);
        $component->min_amt                = $request->input('min_amt', null);
        $component->serial                 = $request->input('serial', null);
        $component->purchase_date          = $request->input('purchase_date', null);
-        $component->purchase_cost          = Helper::ParseCurrency($request->input('purchase_cost', null));
+        $component->purchase_cost          = $request->input('purchase_cost', null);
        $component->qty                    = $request->input('qty');
        $component->user_id                = Auth::id();
        $component->notes                  = $request->input('notes');
@@ -129,7 +130,7 @@ class ComponentsController extends Controller
        if (is_null($component = Component::find($componentId))) {
            return redirect()->route('components.index')->with('error', trans('admin/components/message.does_not_exist'));
        }
-        $min = $component->numCHeckedOut();
+        $min = $component->numCheckedOut();
        $validator = Validator::make($request->all(), [
            'qty' => "required|numeric|min:$min",
        ]);
@@ -145,13 +146,14 @@ class ComponentsController extends Controller
        // Update the component data
        $component->name                   = $request->input('name');
        $component->category_id            = $request->input('category_id');
+        $component->supplier_id            = $request->input('supplier_id');
        $component->location_id            = $request->input('location_id');
        $component->company_id             = Company::getIdForCurrentUser($request->input('company_id'));
        $component->order_number           = $request->input('order_number');
        $component->min_amt                = $request->input('min_amt');
        $component->serial                 = $request->input('serial');
        $component->purchase_date          = $request->input('purchase_date');
-        $component->purchase_cost          = Helper::ParseCurrency(request('purchase_cost'));
+        $component->purchase_cost          = request('purchase_cost');
        $component->qty                    = $request->input('qty');
        $component->notes                  = $request->input('notes');

@@ -0,0 +1,180 @@
+<?php
+
+namespace App\Http\Controllers\Components;
+
+use App\Helpers\StorageHelper;
+use App\Http\Controllers\Controller;
+use App\Http\Requests\AssetFileRequest;
+use App\Models\Actionlog;
+use App\Models\Component;
+use Illuminate\Support\Facades\Response;
+use Illuminate\Support\Facades\Storage;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use enshrined\svgSanitize\Sanitizer;
+
+class ComponentsFilesController extends Controller
+{
+    /**
+     * Validates and stores files associated with a component.
+     *
+     * @todo Switch to using the AssetFileRequest form request validator.
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.0]
+     * @param AssetFileRequest $request
+     * @param int $componentId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function store(AssetFileRequest $request, $componentId = null)
+    {
+
+        if (config('app.lock_passwords')) {
+            return redirect()->route('components.show', ['component'=>$componentId])->with('error', trans('general.feature_disabled'));
+        }
+
+        $component = Component::find($componentId);
+
+        if (isset($component->id)) {
+            $this->authorize('update', $component);
+
+            if ($request->hasFile('file')) {
+                if (! Storage::exists('private_uploads/components')) {
+                    Storage::makeDirectory('private_uploads/components', 775);
+                }
+
+                foreach ($request->file('file') as $file) {
+
+                    $extension = $file->getClientOriginalExtension();
+                    $file_name = 'component-'.$component->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension;
+
+
+                    // Check for SVG and sanitize it
+                    if ($extension == 'svg') {
+                        \Log::debug('This is an SVG');
+                        \Log::debug($file_name);
+
+                        $sanitizer = new Sanitizer();
+                        $dirtySVG = file_get_contents($file->getRealPath());
+                        $cleanSVG = $sanitizer->sanitize($dirtySVG);
+
+                        try {
+                            Storage::put('private_uploads/components/'.$file_name, $cleanSVG);
+                        } catch (\Exception $e) {
+                            \Log::debug('Upload no workie :( ');
+                            \Log::debug($e);
+                        }
+
+                    } else {
+                        Storage::put('private_uploads/components/'.$file_name, file_get_contents($file));
+                    }
+
+                    //Log the upload to the log
+                    $component->logUpload($file_name, e($request->input('notes')));
+                }
+
+
+                return redirect()->route('components.show', $component->id)->with('success', trans('general.file_upload_success'));
+
+            }
+
+            return redirect()->route('components.show', $component->id)->with('error', trans('general.no_files_uploaded'));
+        }
+        // Prepare the error message
+        return redirect()->route('components.index')
+            ->with('error', trans('general.file_does_not_exist'));
+    }
+
+    /**
+     * Deletes the selected component file.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.0]
+     * @param int $componentId
+     * @param int $fileId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function destroy($componentId = null, $fileId = null)
+    {
+        $component = Component::find($componentId);
+
+        // the asset is valid
+        if (isset($component->id)) {
+            $this->authorize('update', $component);
+            $log = Actionlog::find($fileId);
+
+            // Remove the file if one exists
+            if (Storage::exists('components/'.$log->filename)) {
+                try {
+                    Storage::delete('components/'.$log->filename);
+                } catch (\Exception $e) {
+                    \Log::debug($e);
+                }
+            }
+
+            $log->delete();
+
+            return redirect()->back()
+                ->with('success', trans('admin/hardware/message.deletefile.success'));
+        }
+
+        // Redirect to the licence management page
+        return redirect()->route('components.index')->with('error', trans('general.file_does_not_exist'));
+    }
+
+    /**
+     * Allows the selected file to be viewed.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.4]
+     * @param int $componentId
+     * @param int $fileId
+     * @return \Symfony\Component\HttpFoundation\Response
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function show($componentId = null, $fileId = null, $download = true)
+    {
+        \Log::debug('Private filesystem is: '.config('filesystems.default'));
+        $component = Component::find($componentId);
+
+        // the component is valid
+        if (isset($component->id)) {
+            $this->authorize('view', $component);
+            $this->authorize('components.files', $component);
+
+            if (! $log = Actionlog::find($fileId)) {
+                return response('No matching record for that asset/file', 500)
+                    ->header('Content-Type', 'text/plain');
+            }
+
+            $file = 'private_uploads/components/'.$log->filename;
+
+            if (Storage::missing($file)) {
+                \Log::debug('FILE DOES NOT EXISTS for '.$file);
+                \Log::debug('URL should be '.Storage::url($file));
+
+                return response('File '.$file.' ('.Storage::url($file).') not found on server', 404)
+                    ->header('Content-Type', 'text/plain');
+            } else {
+
+                if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
+                    return StorageHelper::downloader($file);
+                } else {
+                    if ($download != 'true') {
+                        \Log::debug('display the file');
+                        if ($contents = file_get_contents(Storage::url($file))) { // TODO - this will fail on private S3 files or large public ones
+                            return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
+                        }
+
+                        return JsonResponse::create(['error' => 'Failed validation: '], 500);
+                    }
+
+                    return StorageHelper::downloader($file);
+
+                }
+            }
+        }
+
+        return redirect()->route('components.index')->with('error', trans('general.file_does_not_exist', ['id' => $fileId]));
+    }
+}
@@ -24,9 +24,16 @@ class ConsumableCheckoutController extends Controller
     */
    public function create($consumableId)
    {
-        if (is_null($consumable = Consumable::find($consumableId))) {
+
+        if (is_null($consumable = Consumable::with('users')->find($consumableId))) {
            return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.does_not_exist'));
        }
+
+        // Make sure there is at least one available to checkout
+        if ($consumable->numRemaining() <= 0){
+            return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.checkout.unavailable'));
+        }
+
        $this->authorize('checkout', $consumable);

        return view('consumables/checkout', compact('consumable'));
@@ -44,19 +51,25 @@ class ConsumableCheckoutController extends Controller
     */
    public function store(Request $request, $consumableId)
    {
-        if (is_null($consumable = Consumable::find($consumableId))) {
+        if (is_null($consumable = Consumable::with('users')->find($consumableId))) {
            return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.not_found'));
        }

        $this->authorize('checkout', $consumable);

+        // Make sure there is at least one available to checkout
+        if ($consumable->numRemaining() <= 0) {
+            return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.checkout.unavailable'));
+        }
+
+
        $admin_user = Auth::user();
        $assigned_to = e($request->input('assigned_to'));

        // Check if the user exists
        if (is_null($user = User::find($assigned_to))) {
            // Redirect to the consumable management page with error
-            return redirect()->route('checkout/consumable', $consumable)->with('error', trans('admin/consumables/message.checkout.user_does_not_exist'));
+            return redirect()->route('consumables.checkout.show', $consumable)->with('error', trans('admin/consumables/message.checkout.user_does_not_exist'))->withInput();
        }

        // Update the consumable data
@@ -66,6 +79,7 @@ class ConsumableCheckoutController extends Controller
            'consumable_id' => $consumable->id,
            'user_id' => $admin_user->id,
            'assigned_to' => e($request->input('assigned_to')),
+            'note' => $request->input('note'),
        ]);

        event(new CheckoutableCheckedOut($consumable, $user, Auth::user(), $request->input('note')));
@@ -9,6 +9,7 @@ use App\Models\Company;
 use App\Models\Consumable;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Input;
+use Illuminate\Support\Facades\Validator;

 /**
 * This controller handles all actions related to Consumables for
@@ -67,6 +68,7 @@ class ConsumablesController extends Controller
        $consumable = new Consumable();
        $consumable->name                   = $request->input('name');
        $consumable->category_id            = $request->input('category_id');
+        $consumable->supplier_id            = $request->input('supplier_id');
        $consumable->location_id            = $request->input('location_id');
        $consumable->company_id             = Company::getIdForCurrentUser($request->input('company_id'));
        $consumable->order_number           = $request->input('order_number');
@@ -75,7 +77,7 @@ class ConsumablesController extends Controller
        $consumable->model_number           = $request->input('model_number');
        $consumable->item_no                = $request->input('item_no');
        $consumable->purchase_date          = $request->input('purchase_date');
-        $consumable->purchase_cost          = Helper::ParseCurrency($request->input('purchase_cost'));
+        $consumable->purchase_cost          = $request->input('purchase_cost');
        $consumable->qty                    = $request->input('qty');
        $consumable->user_id                = Auth::id();
        $consumable->notes                  = $request->input('notes');
@@ -128,10 +130,22 @@ class ConsumablesController extends Controller
            return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.does_not_exist'));
        }

+        $min = $consumable->numCheckedOut();
+        $validator = Validator::make($request->all(), [
+            "qty" => "required|numeric|min:$min"
+        ]);
+
+        if ($validator->fails()) {
+            return redirect()->back()
+                ->withErrors($validator)
+                ->withInput();
+        }
+
        $this->authorize($consumable);

        $consumable->name                   = $request->input('name');
        $consumable->category_id            = $request->input('category_id');
+        $consumable->supplier_id            = $request->input('supplier_id');
        $consumable->location_id            = $request->input('location_id');
        $consumable->company_id             = Company::getIdForCurrentUser($request->input('company_id'));
        $consumable->order_number           = $request->input('order_number');
@@ -140,7 +154,7 @@ class ConsumablesController extends Controller
        $consumable->model_number           = $request->input('model_number');
        $consumable->item_no                = $request->input('item_no');
        $consumable->purchase_date          = $request->input('purchase_date');
-        $consumable->purchase_cost          = Helper::ParseCurrency($request->input('purchase_cost'));
+        $consumable->purchase_cost          = $request->input('purchase_cost');
        $consumable->qty                    = Helper::ParseFloat($request->input('qty'));
        $consumable->notes                  = $request->input('notes');

@@ -0,0 +1,180 @@
+<?php
+
+namespace App\Http\Controllers\Consumables;
+
+use App\Helpers\StorageHelper;
+use App\Http\Controllers\Controller;
+use App\Http\Requests\AssetFileRequest;
+use App\Models\Actionlog;
+use App\Models\Consumable;
+use Illuminate\Support\Facades\Response;
+use Illuminate\Support\Facades\Storage;
+use Symfony\Consumable\HttpFoundation\JsonResponse;
+use enshrined\svgSanitize\Sanitizer;
+
+class ConsumablesFilesController extends Controller
+{
+    /**
+     * Validates and stores files associated with a consumable.
+     *
+     * @todo Switch to using the AssetFileRequest form request validator.
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.0]
+     * @param AssetFileRequest $request
+     * @param int $consumableId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function store(AssetFileRequest $request, $consumableId = null)
+    {
+        if (config('app.lock_passwords')) {
+            return redirect()->route('consumables.show', ['consumable'=>$consumableId])->with('error', trans('general.feature_disabled'));
+        }
+
+        $consumable = Consumable::find($consumableId);
+
+        if (isset($consumable->id)) {
+            $this->authorize('update', $consumable);
+
+            if ($request->hasFile('file')) {
+                if (! Storage::exists('private_uploads/consumables')) {
+                    Storage::makeDirectory('private_uploads/consumables', 775);
+                }
+
+                foreach ($request->file('file') as $file) {
+
+                    $extension = $file->getClientOriginalExtension();
+                    $file_name = 'consumable-'.$consumable->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension;
+
+
+                    // Check for SVG and sanitize it
+                    if ($extension == 'svg') {
+                        \Log::debug('This is an SVG');
+                        \Log::debug($file_name);
+
+                        $sanitizer = new Sanitizer();
+                        $dirtySVG = file_get_contents($file->getRealPath());
+                        $cleanSVG = $sanitizer->sanitize($dirtySVG);
+
+                        try {
+                            Storage::put('private_uploads/consumables/'.$file_name, $cleanSVG);
+                        } catch (\Exception $e) {
+                            \Log::debug('Upload no workie :( ');
+                            \Log::debug($e);
+                        }
+
+                    } else {
+                        Storage::put('private_uploads/consumables/'.$file_name, file_get_contents($file));
+                    }
+
+                    //Log the upload to the log
+                    $consumable->logUpload($file_name, e($request->input('notes')));
+                }
+
+
+                return redirect()->route('consumables.show', $consumable->id)->with('success', trans('general.file_upload_success'));
+
+            }
+
+            return redirect()->route('consumables.show', $consumable->id)->with('error', trans('general.no_files_uploaded'));
+        }
+        // Prepare the error message
+        return redirect()->route('consumables.index')
+            ->with('error', trans('general.file_does_not_exist'));
+    }
+
+    /**
+     * Deletes the selected consumable file.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.0]
+     * @param int $consumableId
+     * @param int $fileId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function destroy($consumableId = null, $fileId = null)
+    {
+        $consumable = Consumable::find($consumableId);
+
+        // the asset is valid
+        if (isset($consumable->id)) {
+            $this->authorize('update', $consumable);
+            $log = Actionlog::find($fileId);
+
+            // Remove the file if one exists
+            if (Storage::exists('consumables/'.$log->filename)) {
+                try {
+                    Storage::delete('consumables/'.$log->filename);
+                } catch (\Exception $e) {
+                    \Log::debug($e);
+                }
+            }
+
+            $log->delete();
+
+            return redirect()->back()
+                ->with('success', trans('admin/hardware/message.deletefile.success'));
+        }
+
+        // Redirect to the licence management page
+        return redirect()->route('consumables.index')->with('error', trans('general.file_does_not_exist'));
+    }
+
+    /**
+     * Allows the selected file to be viewed.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.4]
+     * @param int $consumableId
+     * @param int $fileId
+     * @return \Symfony\Consumable\HttpFoundation\Response
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function show($consumableId = null, $fileId = null, $download = true)
+    {
+        $consumable = Consumable::find($consumableId);
+
+        // the consumable is valid
+        if (isset($consumable->id)) {
+            $this->authorize('view', $consumable);
+            $this->authorize('consumables.files', $consumable);
+
+            if (! $log = Actionlog::find($fileId)) {
+                return response('No matching record for that asset/file', 500)
+                    ->header('Content-Type', 'text/plain');
+            }
+
+            $file = 'private_uploads/consumables/'.$log->filename;
+
+            if (Storage::missing($file)) {
+                \Log::debug('FILE DOES NOT EXISTS for '.$file);
+                \Log::debug('URL should be '.Storage::url($file));
+
+                return response('File '.$file.' ('.Storage::url($file).') not found on server', 404)
+                    ->header('Content-Type', 'text/plain');
+            } else {
+
+                // We have to override the URL stuff here, since local defaults in Laravel's Flysystem
+                // won't work, as they're not accessible via the web
+                if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
+                    return StorageHelper::downloader($file);
+                } else {
+                    if ($download != 'true') {
+                        \Log::debug('display the file');
+                        if ($contents = file_get_contents(Storage::url($file))) { // TODO - this will fail on private S3 files or large public ones
+                            return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
+                        }
+
+                        return JsonResponse::create(['error' => 'Failed validation: '], 500);
+                    }
+
+                    return StorageHelper::downloader($file);
+
+                }
+            }
+        }
+
+        return redirect()->route('consumables.index')->with('error', trans('general.file_does_not_exist', ['id' => $fileId]));
+    }
+}
@@ -9,11 +9,11 @@
 *
 * **THIS DOCUMENTATION DOES NOT COVER INSTALLATION.** If you're here and you're not a
 * developer, you're probably in the wrong place. Please see the
- * [Installation documentation](http://docs.snipeitapp.com) for
+ * [Installation documentation](https://snipe-it.readme.io) for
 * information on how to install Snipe-IT.
 *
 * To learn how to set up a development environment and get started developing for Snipe-IT,
- * please see the [contributing documentation](http://docs.snipeitapp.com/contributing.html).
+ * please see the [contributing documentation](https://snipe-it.readme.io/docs/contributing-overview).
 *
 * Only the Snipe-IT specific controllers, models, helpers, service providers,
 * etc have been included in this documentation (excluding vendors, Laravel core, etc)
@@ -7,6 +7,7 @@ use App\Http\Requests\CustomFieldRequest;
 use App\Models\CustomField;
 use App\Models\CustomFieldset;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Http\Request;
 use Redirect;

 /**
@@ -45,7 +46,7 @@ class CustomFieldsController extends Controller
     * @see CustomFieldsController::storeField()
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v5.1.5]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
    public function show()
@@ -63,14 +64,17 @@ class CustomFieldsController extends Controller
     * @return \Illuminate\Support\Facades\View
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
-    public function create()
+    public function create(Request $request)
    {
        $this->authorize('create', CustomField::class);
+        $fieldsets = CustomFieldset::get();

        return view('custom_fields.fields.edit', [
            'predefinedFormats' => Helper::predefined_formats(),
-        'customFormat' => '',
-        ])->with('field', new CustomField());
+            'customFormat' => '',
+            'fieldsets' => $fieldsets,
+            'field' => new CustomField(),
+        ]);
    }

    /**
@@ -79,36 +83,57 @@ class CustomFieldsController extends Controller
     * @see CustomFieldsController::createField()
     * @author [Brady Wetherington] [<uberbrady@gmail.com>]
     * @since [v1.8]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
    public function store(CustomFieldRequest $request)
    {
        $this->authorize('create', CustomField::class);

+        $show_in_email = $request->get("show_in_email", 0);
+        $display_in_user_view = $request->get("display_in_user_view", 0);
+
+        // Override the display settings if the field is encrypted
+        if ($request->get("field_encrypted") == '1') {
+            $show_in_email = '0';
+            $display_in_user_view = '0';
+        }
+
        $field = new CustomField([
            "name" => trim($request->get("name")),
            "element" => $request->get("element"),
            "help_text" => $request->get("help_text"),
            "field_values" => $request->get("field_values"),
            "field_encrypted" => $request->get("field_encrypted", 0),
-            "show_in_email" => $request->get("show_in_email", 0),
+            "show_in_email" => $show_in_email,
            "is_unique" => $request->get("is_unique", 0),
+            "display_in_user_view" => $display_in_user_view,
+            "auto_add_to_fieldsets" => $request->get("auto_add_to_fieldsets", 0),
            "user_id" => Auth::id()
        ]);


        if ($request->filled('custom_format')) {
-            $field->format = e($request->get('custom_format'));
+            $field->format = $request->get('custom_format');
        } else {
-            $field->format = e($request->get('format'));
+            $field->format = $request->get('format');
        }

        if ($field->save()) {
+
+            // Sync fields with fieldsets
+            $fieldset_array = $request->input('associate_fieldsets');
+            if ($request->has('associate_fieldsets') && (is_array($fieldset_array))) {
+                $field->fieldset()->sync(array_keys($fieldset_array));
+            } else {
+                $field->fieldset()->sync([]);
+            }
+
+
            return redirect()->route('fields.index')->with('success', trans('admin/custom_fields/message.field.create.success'));
        }

-        return redirect()->back()->withInput()
+        return redirect()->back()->with('selected_fieldsets', $request->input('associate_fieldsets'))->withInput()
            ->with('error', trans('admin/custom_fields/message.field.create.error'));
    }

@@ -118,7 +143,7 @@ class CustomFieldsController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v3.0]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
    public function deleteFieldFromFieldset($field_id, $fieldset_id)
@@ -137,8 +162,7 @@ class CustomFieldsController extends Controller
                ->with('success', trans('admin/custom_fields/message.field.delete.success'));
            } else {
                return redirect()->back()->withErrors(['message' => "Field is in use and cannot be deleted."]);
-            }  
-
+            }
        }

        return redirect()->back()->withErrors(['message' => "Error deleting field from fieldset"]);
@@ -151,7 +175,7 @@ class CustomFieldsController extends Controller
     *
     * @author [Brady Wetherington] [<uberbrady@gmail.com>]
     * @since [v1.8]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
    public function destroy($field_id)
@@ -180,12 +204,12 @@ class CustomFieldsController extends Controller
     * @return \Illuminate\Support\Facades\View
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
-    public function edit($id)
+    public function edit(Request $request, $id)
    {
        if ($field = CustomField::find($id)) {

        $this->authorize('update', $field);
-
+        $fieldsets = CustomFieldset::get();
        $customFormat = '';
        if ((stripos($field->format, 'regex') === 0) && ($field->format !== CustomField::PREDEFINED_FORMATS['MAC'])) {
            $customFormat = $field->format;
@@ -194,6 +218,7 @@ class CustomFieldsController extends Controller
        return view('custom_fields.fields.edit', [
            'field'             => $field,
            'customFormat'      => $customFormat,
+            'fieldsets'         => $fieldsets,
            'predefinedFormats' => Helper::predefined_formats(),
        ]);
        } 
@@ -212,7 +237,7 @@ class CustomFieldsController extends Controller
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @param  int $id
     * @since [v4.0]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
    public function update(CustomFieldRequest $request, $id)
@@ -221,13 +246,25 @@ class CustomFieldsController extends Controller

        $this->authorize('update', $field);

+
+        $show_in_email = $request->get("show_in_email", 0);
+        $display_in_user_view = $request->get("display_in_user_view", 0);
+
+        // Override the display settings if the field is encrypted
+        if ($request->get("field_encrypted") == '1') {
+            $show_in_email = '0';
+            $display_in_user_view = '0';
+        }
+        
        $field->name          = trim(e($request->get("name")));
        $field->element       = e($request->get("element"));
        $field->field_values  = e($request->get("field_values"));
        $field->user_id       = Auth::id();
        $field->help_text     = $request->get("help_text");
-        $field->show_in_email = $request->get("show_in_email", 0);
+        $field->show_in_email = $show_in_email;
        $field->is_unique     = $request->get("is_unique", 0);
+        $field->display_in_user_view = $display_in_user_view;
+        $field->auto_add_to_fieldsets = $request->get("auto_add_to_fieldsets", 0);

        if ($request->get('format') == 'CUSTOM REGEX') {
            $field->format = e($request->get('custom_format'));
@@ -235,7 +272,21 @@ class CustomFieldsController extends Controller
            $field->format = e($request->get('format'));
        }

+        if ($field->element == 'checkbox' || $field->element == 'radio'){
+            $field->format = 'ANY';
+        }
+
        if ($field->save()) {
+
+
+            // Sync fields with fieldsets
+            $fieldset_array = $request->input('associate_fieldsets');
+            if ($request->has('associate_fieldsets') && (is_array($fieldset_array))) {
+                $field->fieldset()->sync(array_keys($fieldset_array));
+            } else {
+                $field->fieldset()->sync([]);
+            }
+
            return redirect()->route('fields.index')->with('success', trans('admin/custom_fields/message.field.update.success'));
        }

@@ -75,9 +75,9 @@ class CustomFieldsetsController extends Controller
     */
    public function create()
    {
-        $this->authorize('create', CustomFieldset::class);
+        $this->authorize('create', CustomField::class);

-        return view('custom_fields.fieldsets.edit');
+        return view('custom_fields.fieldsets.edit')->with('item', new CustomFieldset());
    }

    /**
@@ -91,18 +91,29 @@ class CustomFieldsetsController extends Controller
     */
    public function store(Request $request)
    {
-        $this->authorize('create', CustomFieldset::class);
+        $this->authorize('create', CustomField::class);

-        $cfset = new CustomFieldset([
+        $fieldset = new CustomFieldset([
                'name' => e($request->get('name')),
                'user_id' => Auth::user()->id,
        ]);

-        $validator = Validator::make($request->all(), $cfset->rules);
-        if ($validator->passes()) {
-            $cfset->save();
+        $validator = Validator::make($request->all(), $fieldset->rules);

-            return redirect()->route('fieldsets.show', [$cfset->id])
+        if ($validator->passes()) {
+            $fieldset->save();
+
+            // Sync fieldset with auto_add_to_fieldsets
+            $fields = CustomField::select('id')->where('auto_add_to_fieldsets', '=', '1')->get();
+            if ($fields->count() > 0) {
+                foreach ($fields as $field) {
+                    $field_ids[] = $field->id;
+                }
+
+                $fieldset->fields()->sync($field_ids);
+            }
+
+            return redirect()->route('fieldsets.show', [$fieldset->id])
                ->with('success', trans('admin/custom_fields/message.fieldset.create.success'));
        }

@@ -110,31 +121,52 @@ class CustomFieldsetsController extends Controller
    }

    /**
-     * What the actual fuck, Brady?
+     * Presents edit form for fieldset
     *
-     * @todo Uhh, build this?
-     * @author [Brady Wetherington] [<uberbrady@gmail.com>]
+     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @param  int  $id
-     * @since [v1.8]
-     * @return Fuckall
+     * @since [v6.0.14]
+     * @return Redirect
+     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
    public function edit($id)
    {
-        //
+        $this->authorize('create', CustomField::class);
+
+        if ($fieldset = CustomFieldset::find($id)) {
+            return view('custom_fields.fieldsets.edit')->with('item', $fieldset);
+        }
+
+        return redirect()->route('fields.index')->with('error', trans('admin/custom_fields/general.fieldset_does_not_exist', ['id' => $id]));
+
    }

    /**
-     * GET IN THE SEA BRADY.
+     * Saves updated fieldset data
     *
-     * @todo Uhh, build this too?
-     * @author [Brady Wetherington] [<uberbrady@gmail.com>]
+     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @param  int  $id
-     * @since [v1.8]
-     * @return Fuckall
+     * @since [v6.0.14]
+     * @return Redirect
+     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
-    public function update($id)
+    public function update(Request $request, $id)
    {
-        //
+        $this->authorize('create', CustomField::class);
+
+        if ($fieldset = CustomFieldset::find($id)) {
+
+            $fieldset->name = $request->input('name');
+
+            if ($fieldset->save()) {
+                return redirect()->route('fields.index')->with('success', trans('admin/custom_fields/general.fieldset_updated'));
+            }
+
+            return redirect()->back()->withInput()->withErrors($fieldset->getErrors());
+
+        }
+
+        return redirect()->route('fields.index')->with('error', trans('admin/custom_fields/general.fieldset_does_not_exist', ['id' => $id]));
    }

    /**
@@ -202,7 +234,7 @@ class CustomFieldsetsController extends Controller
     */
    public function makeFieldRequired($fieldset_id, $field_id)
    {
-        $this->authorize('update', CustomFieldset::class);
+        $this->authorize('update', CustomField::class);
        $field = CustomField::findOrFail($field_id);
        $fieldset = CustomFieldset::findOrFail($fieldset_id);
        $fields[$field->id] = ['required' => 1];
@@ -220,7 +252,7 @@ class CustomFieldsetsController extends Controller
     */
    public function makeFieldOptional($fieldset_id, $field_id)
    {
-        $this->authorize('update', CustomFieldset::class);
+        $this->authorize('update', CustomField::class);
        $field = CustomField::findOrFail($field_id);
        $fieldset = CustomFieldset::findOrFail($fieldset_id);
        $fields[$field->id] = ['required' => 0];
@@ -34,7 +34,7 @@ class DashboardController extends Controller
            $counts['license'] = \App\Models\License::assetcount();
            $counts['consumable'] = \App\Models\Consumable::count();
            $counts['component'] = \App\Models\Component::count();
-            $counts['user'] = \App\Models\User::count();
+            $counts['user'] = \App\Models\Company::scopeCompanyables(Auth::user())->count();
            $counts['grand_total'] = $counts['asset'] + $counts['accessory'] + $counts['license'] + $counts['consumable'];

            if ((! file_exists(storage_path().'/oauth-private.key')) || (! file_exists(storage_path().'/oauth-public.key'))) {
@@ -54,7 +54,8 @@ class DepartmentsController extends Controller
        $department->fill($request->all());
        $department->user_id = Auth::user()->id;
        $department->manager_id = ($request->filled('manager_id') ? $request->input('manager_id') : null);
-
+        $department->location_id = ($request->filled('location_id') ? $request->input('location_id') : null);
+        $department->company_id = ($request->filled('company_id') ? $request->input('company_id') : null);
        $department = $request->handleImages($department);

        if ($department->save()) {
@@ -167,6 +168,8 @@ class DepartmentsController extends Controller

        $department->fill($request->all());
        $department->manager_id = ($request->filled('manager_id') ? $request->input('manager_id') : null);
+        $department->location_id = ($request->filled('location_id') ? $request->input('location_id') : null);
+        $department->company_id = ($request->filled('company_id') ? $request->input('company_id') : null);

        $department = $request->handleImages($department);

@@ -0,0 +1,74 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\Request;
+use App\Models\User;
+use Illuminate\Support\Facades\Auth;
+use Laravel\Socialite\Facades\Socialite;
+use Laravel\Socialite\Two\InvalidStateException;
+use App\Models\Setting;
+
+
+class GoogleAuthController extends Controller
+{
+    /**
+     * We need this constructor so that we override the socialite expected config variables,
+     * since we want to allow this to be changed via database fields
+     */
+    public function __construct()
+    {
+        parent::__construct();
+        $setting = Setting::getSettings();
+        config(['services.google.redirect' => config('app.url').'/google/callback']);
+        config(['services.google.client_id' => $setting->google_client_id]);
+        config(['services.google.client_secret' => $setting->google_client_secret]);
+    }
+
+    public function redirectToGoogle()
+    {
+        return Socialite::driver('google')->redirect();
+    }
+
+    public function handleGoogleCallback()
+    {
+        try {
+            $socialUser = Socialite::driver('google')->user();
+            \Log::debug('Google user found in Google Workspace');
+        } catch (InvalidStateException $exception) {
+            \Log::debug('Google user NOT found in Google Workspace');
+            return redirect()->route('login')
+                ->withErrors(
+                    [
+                        'username' => [
+                           trans('auth/general.google_login_failed')
+                        ],
+                    ]
+                );
+        }
+
+
+        $user = User::where('username', $socialUser->getEmail())->first();
+
+
+        if ($user) {
+            \Log::debug('Google user '.$socialUser->getEmail().' found in Snipe-IT');
+            $user->update([
+                'avatar'   => $socialUser->avatar,
+            ]);
+
+            Auth::login($user, true);
+            return redirect()->route('home');
+        }
+
+        \Log::debug('Google user '.$socialUser->getEmail().' NOT found in Snipe-IT');
+        return redirect()->route('login')
+            ->withErrors(
+                [
+                    'username' => [
+                        trans('auth/general.google_login_failed'),
+                    ],
+                ]
+            );
+    }
+}
@@ -92,7 +92,7 @@ class GroupsController extends Controller
            return view('groups.edit', compact('group', 'permissions', 'selected_array', 'groupPermissions'));
        }

-        return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found'));
+        return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', ['id' => $id]));
    }

    /**
@@ -107,7 +107,7 @@ class GroupsController extends Controller
    public function update(Request $request, $id = null)
    {
        if (! $group = Group::find($id)) {
-            return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', compact('id')));
+            return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', ['id' => $id]));
        }
        $group->name = $request->input('name');
        $group->permissions = json_encode($request->input('permission'));
@@ -133,14 +133,13 @@ class GroupsController extends Controller
     * @return \Illuminate\Http\RedirectResponse
     * @throws \Exception
     */
-    public function destroy($id = null)
+    public function destroy($id)
    {
        if (! config('app.lock_passwords')) {
            if (! $group = Group::find($id)) {
-                return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', compact('id')));
+                return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', ['id' => $id]));
            }
            $group->delete();
-            // Redirect to the group management page
            return redirect()->route('groups.index')->with('success', trans('admin/groups/message.success.delete'));
        }

@@ -164,6 +163,6 @@ class GroupsController extends Controller
            return view('groups/view', compact('group'));
        }

-        return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', compact('id')));
+        return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', ['id' => $id]));
    }
 }
@@ -1,22 +0,0 @@
-<?php
-
-namespace App\Http\Controllers;
-
-use App\Http\Transformers\ImportsTransformer;
-use App\Models\Asset;
-use App\Models\Import;
-
-class ImportsController extends Controller
-{
-    /**
-     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
-     * @throws \Illuminate\Auth\Access\AuthorizationException
-     */
-    public function index()
-    {
-        $this->authorize('import');
-        $imports = (new ImportsTransformer)->transformImports(Import::latest()->get());
-
-        return view('importer/import')->with('imports', $imports);
-    }
-}
@@ -59,6 +59,12 @@ class LicenseCheckinController extends Controller
        }

        $license = License::find($licenseSeat->license_id);
+
+        // LicenseSeat is not assigned, it can't be checked in
+        if (is_null($licenseSeat->assigned_to) && is_null($licenseSeat->asset_id)) {
+            return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.checkin.error'));
+        }
+
        $this->authorize('checkout', $license);

        if (! $license->reassignable) {
@@ -106,4 +112,54 @@ class LicenseCheckinController extends Controller
        // Redirect to the license page with error
        return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.checkin.error'));
    }
+
+    /**
+     * Bulk checkin all license seats
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @see LicenseCheckinController::create() method that provides the form view
+     * @since [v6.1.1]
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+
+    public function bulkCheckin(Request $request, $licenseId) {
+
+        $license = License::findOrFail($licenseId);
+        $this->authorize('checkin', $license);
+
+        $licenseSeatsByUser = LicenseSeat::where('license_id', '=', $licenseId)
+            ->whereNotNull('assigned_to')
+            ->with('user')
+            ->get();
+
+        foreach ($licenseSeatsByUser as $user_seat) {
+            $user_seat->assigned_to = null;
+
+            if ($user_seat->save()) {
+                \Log::debug('Checking in '.$license->name.' from user '.$user_seat->username);
+                $user_seat->logCheckin($user_seat->user, trans('admin/licenses/general.bulk.checkin_all.log_msg'));
+            }
+        }
+
+        $licenseSeatsByAsset = LicenseSeat::where('license_id', '=', $licenseId)
+            ->whereNotNull('asset_id')
+            ->with('asset')
+            ->get();
+
+        $count = 0;
+        foreach ($licenseSeatsByAsset as $asset_seat) {
+            $asset_seat->asset_id = null;
+
+            if ($asset_seat->save()) {
+                \Log::debug('Checking in '.$license->name.' from asset '.$asset_seat->asset_tag);
+                $asset_seat->logCheckin($asset_seat->asset, trans('admin/licenses/general.bulk.checkin_all.log_msg'));
+                $count++;
+            }
+        }
+
+        return redirect()->back()->with('success', trans_choice('admin/licenses/general.bulk.checkin_all.success', 2, ['count' => $count] ));
+
+    }
+
 }
@@ -30,15 +30,17 @@ class LicenseCheckoutController extends Controller
        // Check that the license is valid
        if ($license = License::find($licenseId)) {

+            $this->authorize('checkout', $license);
            // If the license is valid, check that there is an available seat
            if ($license->avail_seats_count < 1) {
                return redirect()->route('licenses.index')->with('error', 'There are no available seats for this license');
            }
+            return view('licenses/checkout', compact('license'));
        }

-        $this->authorize('checkout', $license);
+        return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.not_found'));
+

-        return view('licenses/checkout', compact('license'));
    }

    /**
@@ -61,6 +63,7 @@ class LicenseCheckoutController extends Controller

        $licenseSeat = $this->findLicenseSeatToCheckout($license, $seatId);
        $licenseSeat->user_id = Auth::id();
+        

        $checkoutMethod = 'checkoutTo'.ucwords(request('checkout_to_type'));
        if ($this->$checkoutMethod($licenseSeat)) {
@@ -76,14 +79,14 @@ class LicenseCheckoutController extends Controller

        if (! $licenseSeat) {
            if ($seatId) {
-                return redirect()->route('licenses.index')->with('error', 'This Seat is not available for checkout.');
+                throw new \Illuminate\Http\Exceptions\HttpResponseException(redirect()->route('licenses.index')->with('error', 'This Seat is not available for checkout.'));
            }
-
-            return redirect()->route('licenses.index')->with('error', 'There are no available seats for this license');
+            
+            throw new \Illuminate\Http\Exceptions\HttpResponseException(redirect()->route('licenses.index')->with('error', 'There are no available seats for this license.'));
        }

        if (! $licenseSeat->license->is($license)) {
-            return redirect()->route('licenses.index')->with('error', 'The license seat provided does not match the license.');
+            throw new \Illuminate\Http\Exceptions\HttpResponseException(redirect()->route('licenses.index')->with('error', 'The license seat provided does not match the license.'));
        }

        return $licenseSeat;
@@ -125,4 +128,70 @@ class LicenseCheckoutController extends Controller

        return false;
    }
+
+    /**
+     * Bulk checkin all license seats
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @see LicenseCheckinController::create() method that provides the form view
+     * @since [v6.1.1]
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+
+    public function bulkCheckout($licenseId) {
+
+        \Log::debug('Checking out '.$licenseId.' via bulk');
+        $license = License::findOrFail($licenseId);
+        $this->authorize('checkin', $license);
+        $avail_count = $license->getAvailSeatsCountAttribute();
+
+        $users = User::whereNull('deleted_at')->where('autoassign_licenses', '=', 1)->with('licenses')->get();
+        \Log::debug($avail_count.' will be assigned');
+
+        if ($users->count() > $avail_count) {
+            \Log::debug('You do not have enough free seats to complete this task, so we will check out as many as we can. ');
+        }
+
+        // If the license is valid, check that there is an available seat
+        if ($license->availCount()->count() < 1) {
+            return redirect()->back()->with('error', trans('admin/licenses/general.bulk.checkout_all.error_no_seats'));
+        }
+
+
+        $assigned_count = 0;
+
+        foreach ($users as $user) {
+
+            // Check to make sure this user doesn't already have this license checked out to them
+            if ($user->licenses->where('id', '=', $licenseId)->count()) {
+                \Log::debug($user->username.' already has this license checked out to them. Skipping... ');
+                continue;
+            }
+
+            $licenseSeat = $license->freeSeat();
+
+            // Update the seat with checkout info
+            $licenseSeat->assigned_to = $user->id;
+
+            if ($licenseSeat->save()) {
+                $avail_count--;
+                $assigned_count++;
+                $licenseSeat->logCheckout(trans('admin/licenses/general.bulk.checkout_all.log_msg'), $user);
+                \Log::debug('License '.$license->name.' seat '.$licenseSeat->id.' checked out to '.$user->username);
+            }
+
+            if ($avail_count ==  0) {
+                return redirect()->back()->with('warning', trans('admin/licenses/general.bulk.checkout_all.warn_not_enough_seats', ['count' => $assigned_count]));
+            }
+        }
+
+        if ($assigned_count ==  0) {
+            return redirect()->back()->with('warning', trans('admin/licenses/general.bulk.checkout_all.warn_no_avail_users', ['count' => $assigned_count]));
+        }
+
+        return redirect()->back()->with('success', trans_choice('admin/licenses/general.bulk.checkout_all.success', 2, ['count' => $assigned_count] ));
+
+
+    }
 }
@@ -91,29 +91,30 @@ class LicenseFilesController extends Controller
     */
    public function destroy($licenseId = null, $fileId = null)
    {
-        $license = License::find($licenseId);
+        if ($license = License::find($licenseId)) {

-        // the asset is valid
-        if (isset($license->id)) {
            $this->authorize('update', $license);
-            $log = Actionlog::find($fileId);

-            // Remove the file if one exists
-            if (Storage::exists('licenses/'.$log->filename)) {
-                try {
-                    Storage::delete('licenses/'.$log->filename);
-                } catch (\Exception $e) {
-                    \Log::debug($e);
+            if ($log = Actionlog::find($fileId)) {
+
+                // Remove the file if one exists
+                if (Storage::exists('licenses/'.$log->filename)) {
+                    try {
+                        Storage::delete('licenses/'.$log->filename);
+                    } catch (\Exception $e) {
+                        \Log::debug($e);
+                    }
                }
+                
+                $log->delete();
+
+                return redirect()->back()
+                    ->with('success', trans('admin/hardware/message.deletefile.success'));
            }

-            $log->delete();
-
-            return redirect()->back()
-                ->with('success', trans('admin/hardware/message.deletefile.success'));
+            return redirect()->route('licenses.index')->with('error', trans('general.log_does_not_exist'));
        }

-        // Redirect to the licence management page
        return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist'));
    }

@@ -129,12 +130,12 @@ class LicenseFilesController extends Controller
     */
    public function show($licenseId = null, $fileId = null, $download = true)
    {
-        \Log::info('Private filesystem is: '.config('filesystems.default'));
        $license = License::find($licenseId);

        // the license is valid
        if (isset($license->id)) {
            $this->authorize('view', $license);
+            $this->authorize('licenses.files', $license);

            if (! $log = Actionlog::find($fileId)) {
                return response('No matching record for that asset/file', 500)
@@ -171,6 +172,6 @@ class LicenseFilesController extends Controller
            }
        }

-        return redirect()->route('license.index')->with('error', trans('admin/licenses/message.does_not_exist', ['id' => $fileId]));
+        return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist', ['id' => $fileId]));
    }
 }
@@ -6,6 +6,8 @@ use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Models\Company;
 use App\Models\License;
+use App\Models\LicenseSeat;
+use App\Models\User;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
@@ -86,7 +88,7 @@ class LicensesController extends Controller
        $license->name              = $request->input('name');
        $license->notes             = $request->input('notes');
        $license->order_number      = $request->input('order_number');
-        $license->purchase_cost     = Helper::ParseCurrency($request->input('purchase_cost'));
+        $license->purchase_cost     = $request->input('purchase_cost');
        $license->purchase_date     = $request->input('purchase_date');
        $license->purchase_order    = $request->input('purchase_order');
        $license->purchase_order    = $request->input('purchase_order');
@@ -164,7 +166,7 @@ class LicensesController extends Controller
        $license->name              = $request->input('name');
        $license->notes             = $request->input('notes');
        $license->order_number      = $request->input('order_number');
-        $license->purchase_cost     = Helper::ParseCurrency($request->input('purchase_cost'));
+        $license->purchase_cost     = $request->input('purchase_cost');
        $license->purchase_date     = $request->input('purchase_date');
        $license->purchase_order    = $request->input('purchase_order');
        $license->reassignable      = $request->input('reassignable', 0);
@@ -233,16 +235,40 @@ class LicensesController extends Controller
    {
        $license = License::with('assignedusers')->find($licenseId);

-        if ($license) {
-            $this->authorize('view', $license);
-
-            return view('licenses/view', compact('license'));
+        if (!$license) {
+            return redirect()->route('licenses.index')
+            ->with('error', trans('admin/licenses/message.does_not_exist'));
        }

-        return redirect()->route('licenses.index')
-            ->with('error', trans('admin/licenses/message.does_not_exist'));
+        $users_count = User::where('autoassign_licenses', '1')->count();
+        $total_seats_count = $license->totalSeatsByLicenseID();
+        $available_seats_count = $license->availCount()->count();
+        $checkedout_seats_count = ($total_seats_count - $available_seats_count);
+
+        \Log::debug('Total: '.$total_seats_count);
+        \Log::debug('Users: '.$users_count);
+        \Log::debug('Available: '.$available_seats_count);
+        \Log::debug('Checkedout: '.$checkedout_seats_count);
+
+
+        $this->authorize('view', $license);
+        return view('licenses.view', compact('license'))
+            ->with('users_count', $users_count)
+            ->with('total_seats_count', $total_seats_count)
+            ->with('available_seats_count', $available_seats_count)
+            ->with('checkedout_seats_count', $checkedout_seats_count);
+
    }

+
+    /**
+     * Returns a view with prepopulated data for clone
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param int $licenseId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
    public function getClone($licenseId = null)
    {
        if (is_null($license_to_clone = License::find($licenseId))) {
@@ -211,23 +211,65 @@ class LocationsController extends Controller

    public function print_assigned($id)
    {
-        $location = Location::where('id', $id)->first();
-        $parent = Location::where('id', $location->parent_id)->first();
-        $manager = User::where('id', $location->manager_id)->first();
-        $users = User::where('location_id', $id)->with('company', 'department', 'location')->get();
-        $assets = Asset::where('assigned_to', $id)->where('assigned_type', Location::class)->with('model', 'model.category')->get();

-        return view('locations/print')->with('assets', $assets)->with('users', $users)->with('location', $location)->with('parent', $parent)->with('manager', $manager);
+        if ($location = Location::where('id', $id)->first()) {
+            $parent = Location::where('id', $location->parent_id)->first();
+            $manager = User::where('id', $location->manager_id)->first();
+            $users = User::where('location_id', $id)->with('company', 'department', 'location')->get();
+            $assets = Asset::where('assigned_to', $id)->where('assigned_type', Location::class)->with('model', 'model.category')->get();
+            return view('locations/print')->with('assets', $assets)->with('users', $users)->with('location', $location)->with('parent', $parent)->with('manager', $manager);
+
+        }
+
+        return redirect()->route('locations.index')->with('error', trans('admin/locations/message.does_not_exist'));
+
+
+
    }

+
+    /**
+     * Returns a view that presents a form to clone a location.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param int $locationId
+     * @since [v6.0.14]
+     * @return View
+     */
+    public function getClone($locationId = null)
+    {
+        $this->authorize('create', Location::class);
+
+        // Check if the asset exists
+        if (is_null($location_to_clone = Location::find($locationId))) {
+            // Redirect to the asset management page
+            return redirect()->route('licenses.index')->with('error', trans('admin/locations/message.does_not_exist'));
+        }
+
+        $location = clone $location_to_clone;
+
+        // unset these values
+        $location->id = null;
+        $location->image = null;
+
+        return view('locations/edit')
+            ->with('item', $location);
+    }
+
+
    public function print_all_assigned($id)
    {
-        $location = Location::where('id', $id)->first();
-        $parent = Location::where('id', $location->parent_id)->first();
-        $manager = User::where('id', $location->manager_id)->first();
-        $users = User::where('location_id', $id)->with('company', 'department', 'location')->get();
-        $assets = Asset::where('location_id', $id)->with('model', 'model.category')->get();
+        if ($location = Location::where('id', $id)->first()) {
+            $parent = Location::where('id', $location->parent_id)->first();
+            $manager = User::where('id', $location->manager_id)->first();
+            $users = User::where('location_id', $id)->with('company', 'department', 'location')->get();
+            $assets = Asset::where('location_id', $id)->with('model', 'model.category')->get();
+            return view('locations/print')->with('assets', $assets)->with('users', $users)->with('location', $location)->with('parent', $parent)->with('manager', $manager);
+
+        }
+        return redirect()->route('locations.index')->with('error', trans('admin/locations/message.does_not_exist'));
+
+

-        return view('locations/print')->with('assets', $assets)->with('users', $users)->with('location', $location)->with('parent', $parent)->with('manager', $manager);
    }
 }
@@ -68,6 +68,7 @@ class ManufacturersController extends Controller
        $manufacturer->user_id = Auth::id();
        $manufacturer->url = $request->input('url');
        $manufacturer->support_url = $request->input('support_url');
+        $manufacturer->warranty_lookup_url = $request->input('warranty_lookup_url');
        $manufacturer->support_phone = $request->input('support_phone');
        $manufacturer->support_email = $request->input('support_email');
        $manufacturer = $request->handleImages($manufacturer);
@@ -123,10 +124,11 @@ class ManufacturersController extends Controller
            return redirect()->route('manufacturers.index')->with('error', trans('admin/manufacturers/message.does_not_exist'));
        }

-        // Save the  data
+        // Save the data
        $manufacturer->name = $request->input('name');
        $manufacturer->url = $request->input('url');
        $manufacturer->support_url = $request->input('support_url');
+        $manufacturer->warranty_lookup_url = $request->input('warranty_lookup_url');
        $manufacturer->support_phone = $request->input('support_phone');
        $manufacturer->support_email = $request->input('support_email');

@@ -17,7 +17,7 @@ class ModalController extends Controller
     * @author [A. Gianotto] [<snipe@snipe.net]
     * @return View
     */
-    function show ($type, $itemId = null) {
+    public function show ($type, $itemId = null) {

        // These values should correspond to a file in resources/views/modals/
        $allowed_types = [
--- a/Show More
+++ b/Show More