Clean up the fieldset experience for custom fields for users

Merge branch 'has_custom_fields_trait_rebase' into custom_fields_on_user
Clean up this migration so it runs forwards and backwards OK
2023-09-21 14:56:29 +01:00 · 2023-09-18 13:45:35 +01:00 · 2023-09-14 21:14:26 +01:00 · 2023-09-14 20:27:06 +01:00 · 2023-09-12 08:35:30 +01:00 · 2023-09-11 17:40:59 -06:00
2387 changed files with 44326 additions and 39957 deletions
@@ -2882,6 +2882,85 @@
      "contributions": [
        "code"
      ]
+    },
+    {
+      "login": "Mezzle",
+      "name": "Martin Meredith",
+      "avatar_url": "https://avatars.githubusercontent.com/u/570639?v=4",
+      "profile": "https://github.com/Mezzle",
+      "contributions": []
+    },
+    {
+      "login": "dboth",
+      "name": "dboth",
+      "avatar_url": "https://avatars.githubusercontent.com/u/5731963?v=4",
+      "profile": "http://dboth.de",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "zacharyfleck",
+      "name": "Zachary Fleck",
+      "avatar_url": "https://avatars.githubusercontent.com/u/87536651?v=4",
+      "profile": "https://github.com/zacharyfleck",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "vikaas-cyper",
+      "name": "VIKAAS-A",
+      "avatar_url": "https://avatars.githubusercontent.com/u/74609912?v=4",
+      "profile": "https://github.com/vikaas-cyper",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "ak-piracha",
+      "name": "Abdul Kareem",
+      "avatar_url": "https://avatars.githubusercontent.com/u/88882041?v=4",
+      "profile": "https://github.com/ak-piracha",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "NojoudAlshehri",
+      "name": "NojoudAlshehri",
+      "avatar_url": "https://avatars.githubusercontent.com/u/111287779?v=4",
+      "profile": "https://github.com/NojoudAlshehri",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "stefanstidlffg",
+      "name": "Stefan Stidl",
+      "avatar_url": "https://avatars.githubusercontent.com/u/54367449?v=4",
+      "profile": "https://github.com/stefanstidlffg",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "qay21",
+      "name": "Quentin Aymard",
+      "avatar_url": "https://avatars.githubusercontent.com/u/87803479?v=4",
+      "profile": "https://github.com/qay21",
+      "contributions": [
+        "code"
+      ]
+    },
+    {
+      "login": "cram42",
+      "name": "Grant Le Roux",
+      "avatar_url": "https://avatars.githubusercontent.com/u/5396871?v=4",
+      "profile": "https://github.com/cram42",
+      "contributions": [
+        "code"
+      ]
    }
  ]
 }
@@ -0,0 +1,44 @@
+version: 1
+
+environment:
+  php: 8.0
+  node: 12
+
+services:
+  - mysql: 5.7
+
+on:
+  push:
+    branches:
+      - master
+      - develop
+
+  pull_request:
+    branches: .*
+
+pipeline:
+  - name: Setup
+    cmd: |
+      cp -v .env.testing.example .env
+      cp -v .env.testing.example .env.testing
+      composer install --no-interaction --prefer-dist --optimize-autoloader
+
+  - name: Generate Key
+    cmd: |
+      php artisan key:generate --force
+
+  - name: Passport Keys
+    cmd: |
+      php artisan passport:keys
+
+  - name: Run Migrations
+    cmd: |
+      php artisan migrate --force
+
+  - name: PHPUnit Unit Tests
+    cmd: |
+      php artisan test --testsuite Unit
+
+  - name: PHPUnit Feature Tests
+    cmd: |
+      php artisan test --testsuite Feature
@@ -85,6 +85,7 @@ COOKIE_NAME=snipeit_session
 COOKIE_DOMAIN=null
 SECURE_COOKIES=false
 API_TOKEN_EXPIRATION_YEARS=15
+BS_TABLE_STORAGE=cookieStorage

 # --------------------------------------------
 # OPTIONAL: SECURITY HEADER SETTINGS
@@ -148,6 +149,7 @@ AWS_DEFAULT_REGION=null
 # --------------------------------------------
 LOGIN_MAX_ATTEMPTS=5
 LOGIN_LOCKOUT_DURATION=60
+LOGIN_AUTOCOMPLETE=false

 # --------------------------------------------
 # OPTIONAL: FORGOTTEN PASSWORD SETTINGS
@@ -175,6 +177,15 @@ REQUIRE_SAML=false
 API_THROTTLE_PER_MINUTE=120
 CSV_ESCAPE_FORMULAS=true

+# --------------------------------------------
+# OPTIONAL: HASHING
+# --------------------------------------------
+HASHING_DRIVER='bcrypt'
+BCRYPT_ROUNDS=10
+ARGON_MEMORY=1024
+ARGON_THREADS=2
+ARGON_TIME=2
+
 # --------------------------------------------
 # OPTIONAL: SCIM
 # --------------------------------------------
@@ -1,18 +1,22 @@
-frontend: ["*.js", "*.css", "*.vue", "*.scss", "*.less", "*.blade.*", "*livewire*"]
+frontend: ["*.js", "*.css", "*.vue", "*.scss", "*.less", "*.blade.*", "resources/views/livewire/*"]
 skins: ["*.js", "*.css", "*.scss", "*.less"]
 css: ["*.css","*.scss", "*.less"]
-backend: ["/app/*", "*.php"]
+javascript: ["*.js", "package.json", "package.lock"]
+backend: ["/app/*", "composer.json", "composer.lock"]
+translations: ["/resources/lang"]
+livewire: ["/app/Http/Livewire/*", "resources/views/livewire/*"]
 backups: ["*backup*"]
 restore: ["*restore*"]
 saml: ["*saml*"]
 scim: ["*scim*"]
 custom fields: ["*fields*", "*fieldsets*"]
-dependencies: ["composer.json"]
+dependencies: ["composer.json", "composer.lock", "package.json", "package.lock"]
 consumables: ["*consumables*"]
-api: ["/app/Http/Controllers/api/*"]
+api: ["/app/Http/Controllers/Api/*"]
 notifications: ["/app/Notifications/*"]
-importer: ["/app/Importer/*"]
+importer: ["/app/Importer/*","/app/Http/Livewire/Importer.php", "resources/views/livewire/importer.php"]
 cli / artisan: ["/app/Console/*"]
-LDAP: ["*LDAP*", "/app/Console/Commands/Ldap*","/app/Models/Ldap.php"]
+LDAP: ["*Ldap*", "/app/Console/Commands/Ldap*","/app/Models/Ldap.php"]
 docker: ["*docker/*", "Dockerfile", "Dockerfile.alpine", "Dockerfile.fpm-alpine", ".dockerignore", ".env.docker"]
+tests: ["/tests/*", "/stubs"]
 config: .github
@@ -76,7 +76,7 @@ jobs:
        with:
          context: .
          file: ./Dockerfile.alpine
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
          # For pull requests, we run the Docker build (to ensure no PR changes break the build),
          # but we ONLY do an image push to DockerHub if it's NOT a PR
          push: ${{ github.event_name != 'pull_request' }}
@@ -76,7 +76,7 @@ jobs:
        with:
          context: .
          file: ./Dockerfile
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
          # For pull requests, we run the Docker build (to ensure no PR changes break the build),
          # but we ONLY do an image push to DockerHub if it's NOT a PR
          push: ${{ github.event_name != 'pull_request' }}
@@ -0,0 +1,73 @@
+name: Tests
+
+on:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+
+    services:
+      mysql:
+        image: mysql:5.7
+        env:
+          MYSQL_ALLOW_EMPTY_PASSWORD: yes
+          MYSQL_DATABASE: snipeit
+        ports:
+          - 33306:3306
+        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
+
+    strategy:
+      fail-fast: false
+      matrix:
+        php-version:
+          - "7.4"
+          - "8.0"
+          - "8.1.1"
+
+    name: PHP ${{ matrix.php-version }}
+
+    steps:
+      - uses: shivammathur/setup-php@v2
+        with:
+          php-version: "${{ matrix.php-version }}"
+          coverage: none
+
+      - uses: actions/checkout@v3
+
+      - name: Get Composer Cache Directory
+        id: composer-cache
+        run: |
+          echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+      - uses: actions/cache@v3
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-${{ matrix.php-version }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-composer-
+
+      - name: Copy .env
+        run: |
+          cp -v .env.testing.example .env
+          cp -v .env.testing.example .env.testing
+
+      - name: Install Dependencies
+        run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
+
+      - name: Generate key
+        run: php artisan key:generate
+
+      - name: Directory Permissions
+        run: chmod -R 777 storage bootstrap/cache
+
+      - name: Execute tests (Unit and Feature tests) via PHPUnit
+        env:
+          DB_CONNECTION: mysql
+          DB_DATABASE: snipeit
+          DB_PORT: ${{ job.services.mysql.ports[3306] }}
+          DB_USERNAME: root
+        run: php artisan test --parallel
@@ -1,8 +1,6 @@
 .couscous
 .DS_Store
 .env
-.env.dusk.*
-!.env.dusk.example
 .env.testing
 phpstan.neon
 .idea
@@ -1 +1 @@
-v12.22.1
+v18.16.0
@@ -1,4 +1,4 @@
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 LABEL maintainer="Brady Wetherington <bwetherington@grokability.com>"

 # No need to add `apt-get clean` here, reference:
@@ -14,16 +14,16 @@ RUN export DEBIAN_FRONTEND=noninteractive; \
 apt-utils \
 apache2 \
 apache2-bin \
-libapache2-mod-php7.4 \
-php7.4-curl \
-php7.4-ldap \
-php7.4-mysql \
-php7.4-gd \
-php7.4-xml \
-php7.4-mbstring \
-php7.4-zip \
-php7.4-bcmath \
-php7.4-redis \
+libapache2-mod-php8.1 \
+php8.1-curl \
+php8.1-ldap \
+php8.1-mysql \
+php8.1-gd \
+php8.1-xml \
+php8.1-mbstring \
+php8.1-zip \
+php8.1-bcmath \
+php8.1-redis \
 php-memcached \
 patch \
 curl \
@@ -38,9 +38,10 @@ gcc \
 make \
 autoconf \
 libc-dev \
+libldap-common \
 pkg-config \
 libmcrypt-dev \
-php7.4-dev \
+php8.1-dev \
 ca-certificates \
 unzip \
 dnsutils \
@@ -50,16 +51,16 @@ dnsutils \
 RUN curl -L -O https://github.com/pear/pearweb_phars/raw/master/go-pear.phar
 RUN php go-pear.phar

-RUN pecl install mcrypt-1.0.3
+RUN pecl install mcrypt

-RUN bash -c "echo extension=/usr/lib/php/20190902/mcrypt.so > /etc/php/7.4/mods-available/mcrypt.ini"
+RUN bash -c "echo extension=/usr/lib/php/20210902/mcrypt.so > /etc/php/8.1/mods-available/mcrypt.ini"

 RUN phpenmod mcrypt
 RUN phpenmod gd
 RUN phpenmod bcmath

-RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.4/apache2/php.ini
-RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/7.4/cli/php.ini
+RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/8.1/apache2/php.ini
+RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php/8.1/cli/php.ini

 RUN useradd -m --uid 1000 --gid 50 docker

@@ -1,34 +1,34 @@
-FROM alpine:3.14.2
+FROM alpine:3.17.3
 # Apache + PHP
 RUN  apk add --no-cache \
        apache2 \
-        php7 \
-        php7-common \
-        php7-apache2 \
-        php7-curl \
-        php7-ldap \
-        php7-mysqli \
-        php7-gd \
-        php7-xml \
-        php7-mbstring \
-        php7-zip \
-        php7-ctype \
-        php7-tokenizer \
-        php7-pdo_mysql \
-        php7-openssl \
-        php7-bcmath \
-        php7-phar \
-        php7-json \
-        php7-iconv \
-        php7-fileinfo \
-        php7-simplexml \
-        php7-session \
-        php7-dom \
-        php7-xmlwriter \
-        php7-xmlreader \
-        php7-sodium \
-        php7-redis \
-        php7-pecl-memcached \
+        php81 \
+        php81-common \
+        php81-apache2 \
+        php81-curl \
+        php81-ldap \
+        php81-mysqli \
+        php81-gd \
+        php81-xml \
+        php81-mbstring \
+        php81-zip \
+        php81-ctype \
+        php81-tokenizer \
+        php81-pdo_mysql \
+        php81-openssl \
+        php81-bcmath \
+        php81-phar \
+        php81-json \
+        php81-iconv \
+        php81-fileinfo \
+        php81-simplexml \
+        php81-session \
+        php81-dom \
+        php81-xmlwriter \
+        php81-xmlreader \
+        php81-sodium \
+        php81-redis \
+        php81-pecl-memcached \
        curl \
        wget \
        vim \
@@ -41,7 +41,7 @@ COPY docker/column-statistics.cnf /etc/mysql/conf.d/column-statistics.cnf
 # Where apache's PID lives
 RUN mkdir -p /run/apache2 && chown apache:apache /run/apache2

-RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php7/php.ini
+RUN sed -i 's/variables_order = .*/variables_order = "EGPCS"/' /etc/php81/php.ini
 COPY  docker/000-default-2.4.conf /etc/apache2/conf.d/default.conf

 # Enable mod_rewrite
@@ -1,8 +1,8 @@
 ARG ENVIRONMENT=production
-ARG SNIPEIT_RELEASE=5.1.3
-ARG PHP_VERSION=7.4.16
-ARG PHP_ALPINE_VERSION=3.13
-ARG COMPOSER_VERSION=2.0.11
+ARG SNIPEIT_RELEASE=6.1.0
+ARG PHP_VERSION=8.2
+ARG PHP_ALPINE_VERSION=3.17
+ARG COMPOSER_VERSION=2

 # Cannot use arguments with 'COPY --from' workaround
 # https://github.com/moby/moby/issues/34482#issuecomment-454716952
@@ -52,7 +52,7 @@ RUN { \

 # Install php extensions inside docker containers easily
 # https://github.com/mlocati/docker-php-extension-installer
-COPY --from=mlocati/php-extension-installer:1.2.19 /usr/bin/install-php-extensions /usr/local/bin/
+COPY --from=mlocati/php-extension-installer:2.1.15 /usr/bin/install-php-extensions /usr/local/bin/
 RUN set -eux; \
    install-php-extensions \
        bcmath \
@@ -1,5 +1,5 @@
 ![Build Status](https://app.chipperci.com/projects/0e5f8979-31eb-4ee6-9abf-050b76ab0383/status/master) [![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeitapp.svg?style=social)](https://twitter.com/snipeitapp)  [![Codacy Badge](https://api.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://www.codacy.com/app/snipe/snipe-it?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=snipe/snipe-it&amp;utm_campaign=Badge_Grade)
-[![All Contributors](https://img.shields.io/badge/all_contributors-317-orange.svg?style=flat-square)](#contributors) [![Discord](https://badgen.net/badge/icon/discord?icon=discord&label)](https://discord.gg/yZFtShAcKk) [![huntr](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev)
+[![All Contributors](https://img.shields.io/badge/all_contributors-326-orange.svg?style=flat-square)](#contributors) [![Discord](https://badgen.net/badge/icon/discord?icon=discord&label)](https://discord.gg/yZFtShAcKk) [![huntr](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev)

 ## Snipe-IT - Open Source Asset Management System

@@ -66,8 +66,11 @@ Since the release of the JSON REST API, several third-party developers have been
 - [Python 3 CSV importer](https://github.com/gastamper/snipeit-csvimporter) - allows importing assets into Snipe-IT based on Item Name rather than Asset Tag.
 - [Snipe-IT Kubernetes Helm Chart](https://github.com/t3n/helm-charts/tree/master/snipeit) - For more information, [click here](https://hub.helm.sh/charts/t3n/snipeit).
 - [Snipe-IT Bulk Edit](https://github.com/bricelabelle/snipe-it-bulkedit) - Google Script files to use Google Sheets as a bulk checkout/checkin/edit tool for Snipe-it.
- [MosyleSnipeSync](https://github.com/RodneyLeeBrands/MosyleSnipeSync) by [@RodneyLeeBrands](https://github.com/RodneyLeeBrands) - Python script to synchronize information between Mosyle and Snipe-IT
+- [MosyleSnipeSync](https://github.com/RodneyLeeBrands/MosyleSnipeSync) by [@Karpadiem](https://github.com/Karpadiem) - Python script to synchronize information between Mosyle and Snipe-IT
 - [WWW::SnipeIT](https://github.com/SEDC/perl-www-snipeit) by [@SEDC](https://github.com/SEDC) - perl module for accessing the API
+- [UniFi to Snipe-IT](https://github.com/RodneyLeeBrands/UnifiSnipeSync) by [@karpadiem](https://github.com/karpadiem) - Python script that synchronizes UniFi devices with Snipe-IT.
+- [Kandji2Snipe](https://github.com/grokability/kandji2snipe) by [@briangoldstein](https://github.com/briangoldstein) - Python script that synchronizes Kandji with Snipe-IT.
+- [SnipeAgent](https://github.com/ReticentRobot/SnipeAgent) by @ReticentRobot - Windows agent for Snipe-IT
                                                     
 As these were created by third-parties, Snipe-IT cannot provide support for these project, and you should contact the developers directly if you need assistance. Additionally, Snipe-IT makes no guarantees as to the reliability, accuracy or maintainability of these libraries. Use at your own risk. :)

@@ -141,7 +144,8 @@ Thanks goes to all of these wonderful people ([emoji key](https://github.com/ken
 | [<img src="https://avatars.githubusercontent.com/u/32363424?v=4" width="110px;"/><br /><sub>Peace</sub>](https://github.com/julian-piehl)<br />[💻](https://github.com/snipe/snipe-it/commits?author=julian-piehl "Code") | [<img src="https://avatars.githubusercontent.com/u/231528?v=4" width="110px;"/><br /><sub>Kyle Gordon</sub>](https://github.com/kylegordon)<br />[💻](https://github.com/snipe/snipe-it/commits?author=kylegordon "Code") | [<img src="https://avatars.githubusercontent.com/u/53009155?v=4" width="110px;"/><br /><sub>Katharina Drexel</sub>](http://www.bfh.ch)<br />[💻](https://github.com/snipe/snipe-it/commits?author=sunflowerbofh "Code") | [<img src="https://avatars.githubusercontent.com/u/1931963?v=4" width="110px;"/><br /><sub>David Sferruzza</sub>](https://david.sferruzza.fr/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=dsferruzza "Code") | [<img src="https://avatars.githubusercontent.com/u/19511639?v=4" width="110px;"/><br /><sub>Rick Nelson</sub>](https://github.com/rnelsonee)<br />[💻](https://github.com/snipe/snipe-it/commits?author=rnelsonee "Code") | [<img src="https://avatars.githubusercontent.com/u/94169344?v=4" width="110px;"/><br /><sub>BasO12</sub>](https://github.com/BasO12)<br />[💻](https://github.com/snipe/snipe-it/commits?author=BasO12 "Code") | [<img src="https://avatars.githubusercontent.com/u/111710123?v=4" width="110px;"/><br /><sub>Vautia</sub>](https://github.com/Vautia)<br />[💻](https://github.com/snipe/snipe-it/commits?author=Vautia "Code") |
 | [<img src="https://avatars.githubusercontent.com/u/28321?v=4" width="110px;"/><br /><sub>Chris Hartjes</sub>](http://www.littlehart.net/atthekeyboard)<br />[💻](https://github.com/snipe/snipe-it/commits?author=chartjes "Code") | [<img src="https://avatars.githubusercontent.com/u/2404584?v=4" width="110px;"/><br /><sub>geo-chen</sub>](https://github.com/geo-chen)<br />[💻](https://github.com/snipe/snipe-it/commits?author=geo-chen "Code") | [<img src="https://avatars.githubusercontent.com/u/6006620?v=4" width="110px;"/><br /><sub>Phan Nguyen</sub>](https://github.com/nh314)<br />[💻](https://github.com/snipe/snipe-it/commits?author=nh314 "Code") | [<img src="https://avatars.githubusercontent.com/u/115993812?v=4" width="110px;"/><br /><sub>Iisakki Jaakkola</sub>](https://github.com/StarlessNights)<br />[💻](https://github.com/snipe/snipe-it/commits?author=StarlessNights "Code") | [<img src="https://avatars.githubusercontent.com/u/22633385?v=4" width="110px;"/><br /><sub>Ikko Ashimine</sub>](https://bandism.net/)<br />[💻](https://github.com/snipe/snipe-it/commits?author=eltociear "Code") | [<img src="https://avatars.githubusercontent.com/u/56871540?v=4" width="110px;"/><br /><sub>Lukas Fehling</sub>](https://github.com/lukasfehling)<br />[💻](https://github.com/snipe/snipe-it/commits?author=lukasfehling "Code") | [<img src="https://avatars.githubusercontent.com/u/1975990?v=4" width="110px;"/><br /><sub>Fernando Almeida</sub>](https://github.com/fernando-almeida)<br />[💻](https://github.com/snipe/snipe-it/commits?author=fernando-almeida "Code") |
 | [<img src="https://avatars.githubusercontent.com/u/116301219?v=4" width="110px;"/><br /><sub>akemidx</sub>](https://github.com/akemidx)<br />[💻](https://github.com/snipe/snipe-it/commits?author=akemidx "Code") | [<img src="https://avatars.githubusercontent.com/u/144778?v=4" width="110px;"/><br /><sub>Oguz Bilgic</sub>](http://oguz.site)<br />[💻](https://github.com/snipe/snipe-it/commits?author=oguzbilgic "Code") | [<img src="https://avatars.githubusercontent.com/u/9262438?v=4" width="110px;"/><br /><sub>Scooter Crawford</sub>](https://github.com/scoo73r)<br />[💻](https://github.com/snipe/snipe-it/commits?author=scoo73r "Code") | [<img src="https://avatars.githubusercontent.com/u/5957345?v=4" width="110px;"/><br /><sub>subdriven</sub>](https://github.com/subdriven)<br />[💻](https://github.com/snipe/snipe-it/commits?author=subdriven "Code") | [<img src="https://avatars.githubusercontent.com/u/658865?v=4" width="110px;"/><br /><sub>Andrew Savinykh</sub>](https://github.com/AndrewSav)<br />[💻](https://github.com/snipe/snipe-it/commits?author=AndrewSav "Code") | [<img src="https://avatars.githubusercontent.com/u/1155067?v=4" width="110px;"/><br /><sub>Tadayuki Onishi</sub>](https://kenchan0130.github.io)<br />[💻](https://github.com/snipe/snipe-it/commits?author=kenchan0130 "Code") | [<img src="https://avatars.githubusercontent.com/u/112496896?v=4" width="110px;"/><br /><sub>Florian</sub>](https://github.com/floschoepfer)<br />[💻](https://github.com/snipe/snipe-it/commits?author=floschoepfer "Code") |
-| [<img src="https://avatars.githubusercontent.com/u/7305753?v=4" width="110px;"/><br /><sub>Spencer Long</sub>](http://spencerlong.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=spencerrlongg "Code") | [<img src="https://avatars.githubusercontent.com/u/1141514?v=4" width="110px;"/><br /><sub>Marcus Moore</sub>](https://github.com/marcusmoore)<br />[💻](https://github.com/snipe/snipe-it/commits?author=marcusmoore "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/7305753?v=4" width="110px;"/><br /><sub>Spencer Long</sub>](http://spencerlong.com)<br />[💻](https://github.com/snipe/snipe-it/commits?author=spencerrlongg "Code") | [<img src="https://avatars.githubusercontent.com/u/1141514?v=4" width="110px;"/><br /><sub>Marcus Moore</sub>](https://github.com/marcusmoore)<br />[💻](https://github.com/snipe/snipe-it/commits?author=marcusmoore "Code") | [<img src="https://avatars.githubusercontent.com/u/570639?v=4" width="110px;"/><br /><sub>Martin Meredith</sub>](https://github.com/Mezzle)<br /> | [<img src="https://avatars.githubusercontent.com/u/5731963?v=4" width="110px;"/><br /><sub>dboth</sub>](http://dboth.de)<br />[💻](https://github.com/snipe/snipe-it/commits?author=dboth "Code") | [<img src="https://avatars.githubusercontent.com/u/87536651?v=4" width="110px;"/><br /><sub>Zachary Fleck</sub>](https://github.com/zacharyfleck)<br />[💻](https://github.com/snipe/snipe-it/commits?author=zacharyfleck "Code") | [<img src="https://avatars.githubusercontent.com/u/74609912?v=4" width="110px;"/><br /><sub>VIKAAS-A</sub>](https://github.com/vikaas-cyper)<br />[💻](https://github.com/snipe/snipe-it/commits?author=vikaas-cyper "Code") | [<img src="https://avatars.githubusercontent.com/u/88882041?v=4" width="110px;"/><br /><sub>Abdul Kareem</sub>](https://github.com/ak-piracha)<br />[💻](https://github.com/snipe/snipe-it/commits?author=ak-piracha "Code") |
+| [<img src="https://avatars.githubusercontent.com/u/111287779?v=4" width="110px;"/><br /><sub>NojoudAlshehri</sub>](https://github.com/NojoudAlshehri)<br />[💻](https://github.com/snipe/snipe-it/commits?author=NojoudAlshehri "Code") | [<img src="https://avatars.githubusercontent.com/u/54367449?v=4" width="110px;"/><br /><sub>Stefan Stidl</sub>](https://github.com/stefanstidlffg)<br />[💻](https://github.com/snipe/snipe-it/commits?author=stefanstidlffg "Code") | [<img src="https://avatars.githubusercontent.com/u/87803479?v=4" width="110px;"/><br /><sub>Quentin Aymard</sub>](https://github.com/qay21)<br />[💻](https://github.com/snipe/snipe-it/commits?author=qay21 "Code") | [<img src="https://avatars.githubusercontent.com/u/5396871?v=4" width="110px;"/><br /><sub>Grant Le Roux</sub>](https://github.com/cram42)<br />[💻](https://github.com/snipe/snipe-it/commits?author=cram42 "Code") |
 <!-- ALL-CONTRIBUTORS-LIST:END -->

 This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind welcome!
@@ -9,7 +9,39 @@ Before starting, follow the [instructions](README.md#installation) for installin
 Before attempting to run the test suite copy the example environment file for tests and update the values to match your environment:

 `cp .env.testing.example .env.testing`
-> Since the data in the database is flushed after each test it is recommended you create a separate mysql database for specifically for tests
+
+The following should work for running tests in memory with sqlite:
+```
+# --------------------------------------------
+# REQUIRED: BASIC APP SETTINGS
+# --------------------------------------------
+APP_ENV=testing
+APP_DEBUG=true
+APP_KEY=base64:glJpcM7BYwWiBggp3SQ/+NlRkqsBQMaGEOjemXqJzOU=
+APP_URL=http://localhost:8000
+APP_TIMEZONE='UTC'
+APP_LOCALE=en
+
+# --------------------------------------------
+# REQUIRED: DATABASE SETTINGS
+# --------------------------------------------
+DB_CONNECTION=sqlite_testing
+#DB_HOST=127.0.0.1
+#DB_PORT=3306
+#DB_DATABASE=null
+#DB_USERNAME=null
+#DB_PASSWORD=null
+```
+
+To use MySQL you should update the `DB_` variables to match your local test database:
+```
+DB_CONNECTION=mysql
+DB_HOST=127.0.0.1
+DB_PORT=3306
+DB_DATABASE={}
+DB_USERNAME={}
+DB_PASSWORD={}
+```

 Now you are ready to run the entire test suite from your terminal:

@@ -18,34 +50,3 @@ Now you are ready to run the entire test suite from your terminal:
 To run individual test files, you can pass the path to the test that you want to run:

 `php artisan test tests/Unit/AccessoryTest.php`
-
-## Browser Tests 
-
-Browser tests are run via [Laravel Dusk](https://laravel.com/docs/8.x/dusk) and require Google Chrome to be installed.
-
-Before attempting to run Dusk tests copy the example environment file for Dusk and update the values to match your environment:
-
-`cp .env.dusk.example .env.dusk.local`
-> `local` refers to the value of `APP_ENV` in your `.env` so if you have it set to `dev` then the file should be named `.env.dusk.dev`.
-
-**Important**: Dusk tests cannot be run using an in-memory SQLite database. Additionally, the Dusk test suite uses the `DatabaseMigrations` trait which will leave the database in a fresh state after running. Therefore, it is recommended that you create a test database and point `DB_DATABASE` in `.env.dusk.local` to it.  
-
-### Running Browser Tests
-
-Your application needs to be configured and up and running in order for the browser tests to actually run. When running the tests locally, you can start the application using the following command:
-
-`php artisan serve`
-
-Now you are ready to run the test suite. Use the following command from another terminal tab or window:
-
-`php artisan dusk`
-
-To run individual test files, you can pass the path to the test that you want to run:
-
-`php artisan dusk tests/Browser/LoginTest.php`
-
-If you get an error when attempting to run Dusk tests that says `Couldn't connect to server` run:
-
-`php artisan dusk:chrome-driver --detect`
-
-This command will install the specific ChromeDriver Dusk needs for your operating system and Chrome version.
@@ -56,7 +56,7 @@ class CheckoutLicenseToAllUsers extends Command
            return false;
        }

-        $users = User::whereNull('deleted_at')->where('autoassign_licenses', '==', 1)->with('licenses')->get();
+        $users = User::whereNull('deleted_at')->where('autoassign_licenses', '=', 1)->with('licenses')->get();

        if ($users->count() > $license->getAvailSeatsCountAttribute()) {
            $this->info('You do not have enough free seats to complete this task, so we will check out as many as we can. ');
@@ -20,13 +20,14 @@ class CreateAdmin extends Command
     * @property string $password
     * @property boolean $activated
     * @property boolean $show_in_list
+     * @property boolean $autoassign_licenses
     * @property \Illuminate\Support\Carbon|null $created_at
     * @property mixed $created_by
     */



-    protected $signature = 'snipeit:create-admin {--first_name=} {--last_name=}  {--email=}  {--username=}  {--password=}   {show_in_list?}';
+    protected $signature = 'snipeit:create-admin {--first_name=} {--last_name=}  {--email=}  {--username=}  {--password=} {show_in_list?} {autoassign_licenses?}';

    /**
     * The console command description.
@@ -54,6 +55,9 @@ class CreateAdmin extends Command
        $email = $this->option('email');
        $password = $this->option('password');
        $show_in_list = $this->argument('show_in_list');
+        $autoassign_licenses = $this->argument('autoassign_licenses');
+
+

        if (($first_name == '') || ($last_name == '') || ($username == '') || ($email == '') || ($password == '')) {
            $this->info('ERROR: All fields are required.');
@@ -70,6 +74,11 @@ class CreateAdmin extends Command
            if ($show_in_list == 'false') {
                $user->show_in_list = 0;
            }
+
+            if ($autoassign_licenses == 'false') {
+                $user->autoassign_licenses = 0;
+            }
+
            if ($user->save()) {
                $this->info('New user created');
                $user->groups()->attach(1);
@@ -62,6 +62,7 @@ class LdapSync extends Command
        $ldap_result_phone = Setting::getSettings()->ldap_phone_field;
        $ldap_result_jobtitle = Setting::getSettings()->ldap_jobtitle;
        $ldap_result_country = Setting::getSettings()->ldap_country;
+        $ldap_result_location = Setting::getSettings()->ldap_location;
        $ldap_result_dept = Setting::getSettings()->ldap_dept;
        $ldap_result_manager = Setting::getSettings()->ldap_manager;
        $ldap_default_group = Setting::getSettings()->ldap_default_group;
@@ -209,8 +210,14 @@ class LdapSync extends Command
                $item['country'] = $results[$i][$ldap_result_country][0] ?? '';
                $item['department'] = $results[$i][$ldap_result_dept][0] ?? '';
                $item['manager'] = $results[$i][$ldap_result_manager][0] ?? '';
+                $item['location'] = $results[$i][$ldap_result_location][0] ?? '';

-
+                // ONLY if you are using the "ldap_location" option *AND* you have an actual result
+                if ($ldap_result_location && $item['location']) {
+                        $location = Location::firstOrCreate([
+                                'name' => $item['location'],
+                        ]);
+                }
                $department = Department::firstOrCreate([
                    'name' => $item['department'],
                ]);
@@ -227,16 +234,39 @@ class LdapSync extends Command
                    $item['createorupdate'] = 'created';
                }

-                $user->first_name = $item['firstname'];
-                $user->last_name = $item['lastname'];
+            //If a sync option is not filled in on the LDAP settings don't populate the user field
+            if($ldap_result_username  != null){
                $user->username = $item['username'];
-                $user->email = $item['email'];
+            }
+            if($ldap_result_last_name != null){
+                $user->last_name = $item['lastname'];
+            }
+            if($ldap_result_first_name != null){
+                $user->first_name = $item['firstname'];
+            }
+            if($ldap_result_emp_num  != null){
                $user->employee_num = e($item['employee_number']);
+            }
+            if($ldap_result_email != null){
+                $user->email = $item['email'];
+            }
+            if($ldap_result_phone != null){
                $user->phone = $item['telephone'];
+            }
+            if($ldap_result_jobtitle != null){
                $user->jobtitle = $item['jobtitle'];
+            }
+            if($ldap_result_country != null){
                $user->country = $item['country'];
+            }
+            if($ldap_result_dept  != null){
                $user->department_id = $department->id;
+            }
+            if($ldap_result_location != null){
+                $user->location_id = $location ? $location->id : null;
+            }

+            if($ldap_result_manager != null){
                if($item['manager'] != null) {
                    // Check Cache first
                    if (isset($manager_cache[$item['manager']])) {
@@ -276,6 +306,7 @@ class LdapSync extends Command

                    }
                }
+            }

                // Sync activated state for Active Directory.
                if ( !empty($ldap_result_active_flag)) { // IF we have an 'active' flag set....
@@ -11,7 +11,7 @@ class SystemBackup extends Command
     *
     * @var string
     */
-    protected $name = 'snipeit:backup';
+    protected $signature = 'snipeit:backup {--filename=}';

    /**
     * The console command description.
@@ -37,7 +37,18 @@ class SystemBackup extends Command
     */
    public function handle()
    {
-        //
-        $this->call('backup:run');
+        if ($this->option('filename')) {
+            $filename = $this->option('filename');
+
+            // Make sure the filename ends in .zip
+            if (!ends_with($filename, '.zip')) {
+                $filename = $filename.'.zip';
+            }
+
+            $this->call('backup:run', ['--filename' => $filename]);
+        } else {
+            $this->call('backup:run');
+        }
+
    }
 }
@@ -15,18 +15,20 @@ class CheckoutableCheckedIn
    public $checkedInBy;
    public $note;
    public $action_date; // Date setted in the hardware.checkin view at the checkin_at input, for the action log
+    public $originalValues;

    /**
     * Create a new event instance.
     *
     * @return void
     */
-    public function __construct($checkoutable, $checkedOutTo, User $checkedInBy, $note, $action_date = null)
+    public function __construct($checkoutable, $checkedOutTo, User $checkedInBy, $note, $action_date = null, $originalValues = [])
    {
        $this->checkoutable = $checkoutable;
        $this->checkedOutTo = $checkedOutTo;
        $this->checkedInBy = $checkedInBy;
        $this->note = $note;
        $this->action_date = $action_date ?? date('Y-m-d');
+        $this->originalValues = $originalValues;
    }
 }
@@ -14,17 +14,19 @@ class CheckoutableCheckedOut
    public $checkedOutTo;
    public $checkedOutBy;
    public $note;
+    public $originalValues;

    /**
     * Create a new event instance.
     *
     * @return void
     */
-    public function __construct($checkoutable, $checkedOutTo, User $checkedOutBy, $note)
+    public function __construct($checkoutable, $checkedOutTo, User $checkedOutBy, $note, $originalValues = [])
    {
        $this->checkoutable = $checkoutable;
        $this->checkedOutTo = $checkedOutTo;
        $this->checkedOutBy = $checkedOutBy;
        $this->note = $note;
+        $this->originalValues = $originalValues;
    }
 }
@@ -10,7 +10,7 @@ use ArieTimmerman\Laravel\SCIMServer\Exceptions\SCIMException;
 use Log;
 use Throwable;
 use JsonException;
-
+use Carbon\Exceptions\InvalidFormatException;

 class Handler extends ExceptionHandler
 {
@@ -30,6 +30,7 @@ class Handler extends ExceptionHandler
        \League\OAuth2\Server\Exception\OAuthServerException::class,
        JsonException::class,
        SCIMException::class, //these generally don't need to be reported
+        InvalidFormatException::class,
    ];

    /**
@@ -69,21 +70,39 @@ class Handler extends ExceptionHandler
        // Invalid JSON exception
        // TODO: don't understand why we have to do this when we have the invalidJson() method, below, but, well, whatever
        if ($e instanceof JsonException) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, 'invalid JSON'), 422);
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Invalid JSON'), 422);
        }

+        // Handle SCIM exceptions
        if ($e instanceof SCIMException) {
-            return response()->json(Helper::formatStandardApiResponse('error', null, 'invalid SCIM Request'), 400);
+            try {
+                $e->report(); // logs as 'debug', so shouldn't get too noisy
+            } catch(\Exception $reportException) {
+                //do nothing
+            }
+            return $e->render($request); // ALL SCIMExceptions have the 'render()' method
        }

-        // Handle Ajax requests that fail because the model doesn't exist
+        // Handle standard requests that fail because Carbon cannot parse the date on validation (when a submitted date value is definitely not a date)
+        if ($e instanceof InvalidFormatException) {
+            return redirect()->back()->withInput()->with('error', trans('validation.date', ['attribute' => 'date']));
+        }
+
+        // Handle API requests that fail
        if ($request->ajax() || $request->wantsJson()) {

+            // Handle API requests that fail because Carbon cannot parse the date on validation (when a submitted date value is definitely not a date)
+            if ($e instanceof InvalidFormatException) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('validation.date', ['attribute' => 'date'])), 200);
+            }
+
+            // Handle API requests that fail because the model doesn't exist
            if ($e instanceof \Illuminate\Database\Eloquent\ModelNotFoundException) {
                $className = last(explode('\\', $e->getModel()));
                return response()->json(Helper::formatStandardApiResponse('error', null, $className . ' not found'), 200);
            }

+            // Handle API requests that fail because of an HTTP status code and return a useful error message
            if ($this->isHttpException($e)) {

                $statusCode = $e->getStatusCode();
@@ -103,6 +122,8 @@ class Handler extends ExceptionHandler
        }


+
+
        if ($this->isHttpException($e) && (isset($statusCode)) && ($statusCode == '404' )) {
            return response()->view('layouts/basic', [
                'content' => view('errors/404')
@@ -0,0 +1,77 @@
+<?php
+
+namespace App\Helpers;
+
+use Illuminate\Support\Facades\Gate;
+
+/*********************
+ * These two helper methods are more designed for being re-used with the new HasCustomFields Trait
+ *
+ * The 'transform' method is designed for BlahTransformer things that need to return custom field values.
+ *
+ * The 'present' method is designed for when you're trying to generate fieldlists for use in Bootstrap tables
+ *  - typically the 'dataTableLayout' method
+ *
+ *********************/
+class CustomFieldHelper {
+
+    static function transform($fieldset, $item) {
+        if ($fieldset && ($fieldset->fields->count() > 0)) {
+            $fields_array = [];
+
+            foreach ($fieldset->fields as $field) {
+                if ($field->isFieldDecryptable($item->{$field->db_column})) {
+                    $decrypted = Helper::gracefulDecrypt($field, $item->{$field->db_column});
+                    $value = (Gate::allows('assets.view.encrypted_custom_fields')) ? $decrypted : strtoupper(trans('admin/custom_fields/general.encrypted'));
+
+                    if ($field->format == 'DATE'){
+                        if (Gate::allows('assets.view.encrypted_custom_fields')){
+                            $value = Helper::getFormattedDateObject($value, 'date', false);
+                        } else {
+                            $value = strtoupper(trans('admin/custom_fields/general.encrypted'));
+                        }
+                    }
+
+                    $fields_array[$field->name] = [
+                        'field' => e($field->db_column),
+                        'value' => e($value),
+                        'field_format' => $field->format,
+                        'element' => $field->element,
+                    ];
+
+                } else {
+                    $value = $item->{$field->db_column};
+
+                    if (($field->format == 'DATE') && (!is_null($value)) && ($value!='')){
+                        $value = Helper::getFormattedDateObject($value, 'date', false);
+                    }
+
+                    $fields_array[$field->name] = [
+                        'field' => e($field->db_column),
+                        'value' => e($value),
+                        'field_format' => $field->format,
+                        'element' => $field->element,
+                    ];
+                }
+
+                return $fields_array;
+            }
+        } else {
+            return new \stdClass; // HACK to force generation of empty object instead of empty list
+        }
+    }
+
+    static function present($field) {
+        return [
+            'field' => 'custom_fields.'.$field->db_column,
+            'searchable' => true,
+            'sortable' => true,
+            'switchable' => true,
+            'title' => $field->name,
+            'formatter'=> 'customFieldsFormatter',
+            'escape' => true,
+            'class' => ($field->field_encrypted == '1') ? 'css-padlock' : '',
+            'visible' => ($field->show_in_listview == '1') ? true : false,
+        ];
+    }
+}
@@ -2,6 +2,8 @@

 namespace App\Helpers;
 use App\Models\Accessory;
+use App\Models\Asset;
+use App\Models\AssetModel;
 use App\Models\Component;
 use App\Models\Consumable;
 use App\Models\CustomField;
@@ -33,6 +35,16 @@ class Helper
        }
    }

+    public static function parseEscapedMarkedownInline($str = null)
+    {
+        $Parsedown = new \Parsedown();
+        $Parsedown->setSafeMode(true);
+
+        if ($str) {
+            return $Parsedown->line($str);
+        }
+    }
+
    /**
     * The importer has formatted number strings since v3,
     * so the value might be a string, or an integer.
@@ -543,8 +555,8 @@ class Helper
            'license' => trans('general.license'),
        ];

-        if($selection != null){
-            return $category_types[$selection];
+        if ($selection != null){
+            return $category_types[strtolower($selection)];
        }
        else
        return $category_types;
@@ -563,6 +575,17 @@ class Helper
        return  $customfields;
    }

+    /**
+     * Get all of the different types of custom fields there are
+     * TODO - how to make this more general? Or more useful? or more dynamic?
+     * idea - key of classname, *value* of trans? (thus having to make this a method, which is fine)
+     */
+    static $itemtypes_having_custom_fields = [
+        0 => \App\Models\Asset::class,
+        1 => \App\Models\User::class,
+        // 2 => \App\Models\Accessory::class
+    ];
+
    /**
     * Get the list of custom field formats in an array to make a dropdown menu
     *
@@ -633,6 +656,7 @@ class Helper
        $consumables = Consumable::withCount('consumableAssignments as consumable_assignments_count')->whereNotNull('min_amt')->get();
        $accessories = Accessory::withCount('users as users_count')->whereNotNull('min_amt')->get();
        $components = Component::whereNotNull('min_amt')->get();
+        $asset_models = AssetModel::where('min_amt', '>', 0)->get();

        $avail_consumables = 0;
        $items_array = [];
@@ -695,6 +719,28 @@ class Helper
            }
        }

+        foreach ($asset_models as $asset_model){
+
+            $asset = new Asset();
+            $total_owned = $asset->where('model_id', '=', $asset_model->id)->count();
+            $avail = $asset->where('model_id', '=', $asset_model->id)->whereNull('assigned_to')->count();
+
+            if ($avail < ($asset_model->min_amt)+ \App\Models\Setting::getSettings()->alert_threshold) {
+                if ($avail > 0) {
+                    $percent = number_format((($avail / $total_owned) * 100), 0);
+                } else {
+                    $percent = 100;
+                }
+                $items_array[$all_count]['id'] = $asset_model->id;
+                $items_array[$all_count]['name'] = $asset_model->name;
+                $items_array[$all_count]['type'] = 'models';
+                $items_array[$all_count]['percent'] = $percent;
+                $items_array[$all_count]['remaining'] = $avail;
+                $items_array[$all_count]['min_amt'] = $asset_model->min_amt;
+                $all_count++;
+            }
+        }
+
        return $items_array;
    }

@@ -1210,10 +1256,60 @@ class Helper
            return true;
            \Log::debug('app locked!');
        }
-
+        
        return false;
    }

+  
+    /**
+     * Conversion between units of measurement
+     *
+     * @author Grant Le Roux <grant.leroux+snipe-it@gmail.com>
+     * @since 5.0
+     * @param float  $value    Measurement value to convert
+     * @param string $srcUnit  Source unit of measurement
+     * @param string $dstUnit  Destination unit of measurement
+     * @param int    $round    Round the result to decimals (Default false - No rounding)
+     * @return float
+     */
+    public static function convertUnit($value, $srcUnit, $dstUnit, $round=false) {
+        $srcFactor = static::getUnitConversionFactor($srcUnit);
+        $dstFactor = static::getUnitConversionFactor($dstUnit);
+        $output = $value * $srcFactor / $dstFactor;
+        return ($round !== false) ? round($output, $round) : $output;
+    }
+  
+    /**
+     * Get conversion factor from unit of measurement to mm
+     *
+     * @author Grant Le Roux <grant.leroux+snipe-it@gmail.com>
+     * @since 5.0
+     * @param string $unit  Unit of measurement
+     * @return float
+     */
+    public static function getUnitConversionFactor($unit) {
+        switch (strtolower($unit)) {
+            case 'mm':
+                return 1.0;
+            case 'cm':
+                return 10.0;
+            case 'm':
+                return 1000.0;
+            case 'in':
+                return 25.4;
+            case 'ft':
+                return 12 * static::getUnitConversionFactor('in');
+            case 'yd':
+                return 3 * static::getUnitConversionFactor('ft');
+            case 'pt':
+                return (1 / 72) * static::getUnitConversionFactor('in');
+            default:
+                throw new \InvalidArgumentException('Unit: \'' . $unit . '\' is not supported');
+
+                return false;
+        }
+    }
+

    /*
     * I know it's gauche  to return a shitty HTML string, but this is just a helper and since it will be the same every single time,
@@ -77,7 +77,7 @@ class AccessoriesController extends Controller
        $accessory->manufacturer_id         = request('manufacturer_id');
        $accessory->model_number            = request('model_number');
        $accessory->purchase_date           = request('purchase_date');
-        $accessory->purchase_cost           = Helper::ParseCurrency(request('purchase_cost'));
+        $accessory->purchase_cost           = request('purchase_cost');
        $accessory->qty                     = request('qty');
        $accessory->user_id                 = Auth::user()->id;
        $accessory->supplier_id             = request('supplier_id');
@@ -126,12 +126,13 @@ class AccessoriesController extends Controller
    public function getClone($accessoryId = null)
    {

-        $this->authorize('create', Accesory::class);
+        $this->authorize('create', Accessory::class);

        // Check if the asset exists
        if (is_null($accessory_to_clone = Accessory::find($accessoryId))) {
            // Redirect to the asset management page
-            return redirect()->route('accessory.index')->with('error', trans('admin/accessories/message.does_not_exist'));
+            return redirect()->route('accessories.index')
+                ->with('error', trans('admin/accessories/message.does_not_exist', ['id' => $accessoryId]));
        }

        $accessory = clone $accessory_to_clone;
@@ -180,7 +181,7 @@ class AccessoriesController extends Controller
            $accessory->order_number = request('order_number');
            $accessory->model_number = request('model_number');
            $accessory->purchase_date = request('purchase_date');
-            $accessory->purchase_cost = Helper::ParseCurrency(request('purchase_cost'));
+            $accessory->purchase_cost = request('purchase_cost');
            $accessory->qty = request('qty');
            $accessory->supplier_id = request('supplier_id');
            $accessory->notes = request('notes');
@@ -161,22 +161,19 @@ class AccessoriesFilesController extends Controller
                    ->header('Content-Type', 'text/plain');
            } else {

+                // Display the file inline
+                if (request('inline') == 'true') {
+                    $headers = [
+                        'Content-Disposition' => 'inline',
+                    ];
+                    return Storage::download($file, $log->filename, $headers);
+                }
+
+
                // We have to override the URL stuff here, since local defaults in Laravel's Flysystem
                // won't work, as they're not accessible via the web
                if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
                    return StorageHelper::downloader($file);
-                } else {
-                    if ($download != 'true') {
-                        \Log::debug('display the file');
-                        if ($contents = file_get_contents(Storage::url($file))) { // TODO - this will fail on private S3 files or large public ones
-                            return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
-                        }
-
-                        return JsonResponse::create(['error' => 'Failed validation: '], 500);
-                    }
-
-                    return StorageHelper::downloader($file);
-
                }
            }
        }
@@ -25,11 +25,16 @@ class AccessoryCheckoutController extends Controller
    public function create($accessoryId)
    {
        // Check if the accessory exists
-        if (is_null($accessory = Accessory::find($accessoryId))) {
+        if (is_null($accessory = Accessory::withCount('users as users_count')->find($accessoryId))) {
            // Redirect to the accessory management page with error
            return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.not_found'));
        }

+        // Make sure there is at least one available to checkout
+        if ($accessory->numRemaining() <= 0){
+            return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.checkout.unavailable'));
+        }
+        
        if ($accessory->category) {
            $this->authorize('checkout', $accessory);

@@ -55,17 +60,23 @@ class AccessoryCheckoutController extends Controller
    public function store(Request $request, $accessoryId)
    {
        // Check if the accessory exists
-        if (is_null($accessory = Accessory::find($accessoryId))) {
+        if (is_null($accessory = Accessory::withCount('users as users_count')->find($accessoryId))) {
            // Redirect to the accessory management page with error
            return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.user_not_found'));
        }

        $this->authorize('checkout', $accessory);

-        if (! $user = User::find($request->input('assigned_to'))) {
+        if (!$user = User::find($request->input('assigned_to'))) {
            return redirect()->route('accessories.checkout.show', $accessory->id)->with('error', trans('admin/accessories/message.checkout.user_does_not_exist'));
        }

+        // Make sure there is at least one available to checkout
+        if ($accessory->numRemaining() <= 0){
+            return redirect()->route('accessories.index')->with('error', trans('admin/accessories/message.checkout.unavailable'));
+        }
+
+
        // Update the accessory data
        $accessory->assigned_to = e($request->input('assigned_to'));

@@ -69,7 +69,7 @@ class AcceptanceController extends Controller
        }

        if (! Company::isCurrentUserHasAccess($acceptance->checkoutable)) {
-            return redirect()->route('account.accept')->with('error', trans('general.insufficient_permissions'));
+            return redirect()->route('account.accept')->with('error', trans('general.error_user_company'));
        }

        return view('account/accept.create', compact('acceptance'));
@@ -121,7 +121,6 @@ class AcceptanceController extends Controller
        $pdf_filename = 'accepted-eula-'.date('Y-m-d-h-i-s').'.pdf';
        $sig_filename='';

-
        if ($request->input('asset_acceptance') == 'accepted') {

            /**
@@ -153,12 +152,14 @@ class AcceptanceController extends Controller
                }
            }

-
            // this is horrible
            switch($acceptance->checkoutable_type){
                case 'App\Models\Asset':
                        $pdf_view_route ='account.accept.accept-asset-eula';
                        $asset_model = AssetModel::find($item->model_id);
+                        if (!$asset_model) {
+                            return redirect()->back()->with('error', trans('admin/models/message.does_not_exist'));
+                        }
                        $display_model = $asset_model->name;
                        $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
                break;
@@ -167,7 +168,7 @@ class AcceptanceController extends Controller
                        $pdf_view_route ='account.accept.accept-accessory-eula';
                        $accessory = Accessory::find($item->id);
                        $display_model = $accessory->name;
-                        $assigned_to = User::find($item->assignedTo);
+                        $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
                break;

                case 'App\Models\LicenseSeat':
@@ -244,17 +245,51 @@ class AcceptanceController extends Controller
            $return_msg = trans('admin/users/message.accepted');

        } else {
+
+            /**
+             * Check for the eula-pdfs directory
+             */
+            if (! Storage::exists('private_uploads/eula-pdfs')) {
+                Storage::makeDirectory('private_uploads/eula-pdfs', 775);
+            }
+
+            if (Setting::getSettings()->require_accept_signature == '1') {
+                
+                // Check if the signature directory exists, if not create it
+                if (!Storage::exists('private_uploads/signatures')) {
+                    Storage::makeDirectory('private_uploads/signatures', 775);
+                }
+
+                // The item was accepted, check for a signature
+                if ($request->filled('signature_output')) {
+                    $sig_filename = 'siglog-' . Str::uuid() . '-' . date('Y-m-d-his') . '.png';
+                    $data_uri = $request->input('signature_output');
+                    $encoded_image = explode(',', $data_uri);
+                    $decoded_image = base64_decode($encoded_image[1]);
+                    Storage::put('private_uploads/signatures/' . $sig_filename, (string)$decoded_image);
+
+                    // No image data is present, kick them back.
+                    // This mostly only applies to users on super-duper crapola browsers *cough* IE *cough*
+                } else {
+                    return redirect()->back()->with('error', trans('general.shitty_browser'));
+                }
+            }
+            
            // Format the data to send the declined notification
            $branding_settings = SettingsController::getPDFBranding();

            // This is the most horriblest
            switch($acceptance->checkoutable_type){
                case 'App\Models\Asset':
+                    $asset_model = AssetModel::find($item->model_id);
+                    $display_model = $asset_model->name;
                    $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
                    break;

                case 'App\Models\Accessory':
-                    $assigned_to = User::find($item->assignedTo);
+                    $accessory = Accessory::find($item->id);
+                    $display_model = $accessory->name;
+                    $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
                    break;

                case 'App\Models\LicenseSeat':
@@ -266,6 +301,8 @@ class AcceptanceController extends Controller
                    break;

                case 'App\Models\Consumable':
+                    $consumable = Consumable::find($item->id);
+                    $display_model = $consumable->name;
                    $assigned_to = User::find($acceptance->assigned_to_id)->present()->fullName;
                    break;
            }
@@ -274,11 +311,18 @@ class AcceptanceController extends Controller
                'item_model' => $display_model,
                'item_serial' => $item->serial,
                'declined_date' => Carbon::parse($acceptance->declined_at)->format('Y-m-d'),
+                'signature' => ($sig_filename) ? storage_path() . '/private_uploads/signatures/' . $sig_filename : null,
                'assigned_to' => $assigned_to,
                'company_name' => $branding_settings->site_name,
                'date_settings' => $branding_settings->date_display_format,
            ];

+            if ($pdf_view_route!='') {
+                \Log::debug($pdf_filename.' is the filename, and the route was specified.');
+                $pdf = Pdf::loadView($pdf_view_route, $data);
+                Storage::put('private_uploads/eula-pdfs/' .$pdf_filename, $pdf->output());
+            }
+
            $acceptance->decline($sig_filename);
            $acceptance->notify(new AcceptanceAssetDeclinedNotification($data));
            event(new CheckoutDeclined($acceptance));
@@ -289,4 +333,4 @@ class AcceptanceController extends Controller
        return redirect()->to('account/accept')->with('success', $return_msg);

    }
-}
+}
@@ -80,12 +80,9 @@ class AccessoriesController extends Controller
            $accessories->where('notes','=',$request->input('notes'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($accessories) && ($request->get('offset') > $accessories->count())) ? $accessories->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $accessories->count()) ? $accessories->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort_override =  $request->input('sort');
@@ -153,7 +150,7 @@ class AccessoriesController extends Controller
    public function show($id)
    {
        $this->authorize('view', Accessory::class);
-        $accessory = Accessory::findOrFail($id);
+        $accessory = Accessory::withCount('users as users_count')->findOrFail($id);

        return (new AccessoriesTransformer)->transformAccessory($accessory);
    }
@@ -334,7 +331,7 @@ class AccessoriesController extends Controller
        $accessory = Accessory::find($accessory_user->accessory_id);
        $this->authorize('checkin', $accessory);

-        $logaction = $accessory->logCheckin(User::find($accessory_user->user_id), $request->input('note'));
+        $logaction = $accessory->logCheckin(User::find($accessory_user->assigned_to), $request->input('note'));

        // Was the accessory updated?
        if (DB::table('accessories_users')->where('id', '=', $accessory_user->id)->delete()) {
@@ -36,7 +36,7 @@ class AssetMaintenancesController extends Controller
    {
        $this->authorize('view', Asset::class);

-        $maintenances = AssetMaintenance::select('asset_maintenances.*')->with('asset', 'asset.model', 'asset.location', 'supplier', 'asset.company', 'admin');
+        $maintenances = AssetMaintenance::select('asset_maintenances.*')->with('asset', 'asset.model', 'asset.location', 'asset.defaultLoc', 'supplier', 'asset.company', 'admin');

        if ($request->filled('search')) {
            $maintenances = $maintenances->TextSearch($request->input('search'));
@@ -55,12 +55,9 @@ class AssetMaintenancesController extends Controller
        }


-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($maintenances) && ($request->get('offset') > $maintenances->count())) ? $maintenances->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $maintenances->count()) ? $maintenances->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $allowed_columns = [
                                'id',
@@ -74,7 +71,8 @@ class AssetMaintenancesController extends Controller
                                'asset_tag',
                                'asset_name',
                                'user_id',
-                                'supplier'
+                                'supplier',
+                                'is_warranty',
                            ];
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'created_at';
@@ -121,7 +119,7 @@ class AssetMaintenancesController extends Controller
        $assetMaintenance = new AssetMaintenance();
        $assetMaintenance->supplier_id = $request->input('supplier_id');
        $assetMaintenance->is_warranty = $request->input('is_warranty');
-        $assetMaintenance->cost =  Helper::ParseCurrency($request->input('cost'));
+        $assetMaintenance->cost =  $request->input('cost');
        $assetMaintenance->notes = e($request->input('notes'));
        $asset = Asset::find(e($request->input('asset_id')));

@@ -178,7 +176,7 @@ class AssetMaintenancesController extends Controller

        $assetMaintenance->supplier_id = e($request->input('supplier_id'));
        $assetMaintenance->is_warranty = e($request->input('is_warranty'));
-        $assetMaintenance->cost =  Helper::ParseCurrency($request->input('cost'));
+        $assetMaintenance->cost =  $request->input('cost');
        $assetMaintenance->notes = e($request->input('notes'));

        $asset = Asset::find(request('asset_id'));
@@ -38,6 +38,7 @@ class AssetModelsController extends Controller
                'image',
                'name',
                'model_number',
+                'min_amt',
                'eol',
                'notes',
                'created_at',
@@ -52,6 +53,7 @@ class AssetModelsController extends Controller
            'models.image',
            'models.name',
            'model_number',
+            'min_amt',
            'eol',
            'requestable',
            'models.notes',
@@ -63,7 +65,7 @@ class AssetModelsController extends Controller
            'models.deleted_at',
            'models.updated_at',
         ])
-            ->with('category', 'depreciation', 'manufacturer', 'fieldset')
+            ->with('category', 'depreciation', 'manufacturer')
            ->withCount('assets as assets_count');

        if ($request->input('status')=='deleted') {
@@ -78,12 +80,9 @@ class AssetModelsController extends Controller
            $assetmodels->TextSearch($request->input('search'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($assetmodels) && ($request->get('offset') > $assetmodels->count())) ? $assetmodels->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $assetmodels->count()) ? $assetmodels->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'models.created_at';
@@ -110,12 +110,12 @@ class AssetsController extends Controller
            $filter = json_decode($request->input('filter'), true);
        }

-        $all_custom_fields = CustomField::all(); //used as a 'cache' of custom fields throughout this page load
+        $all_custom_fields = CustomField::where('type', Asset::class); //used as a 'cache' of custom fields throughout this page load
        foreach ($all_custom_fields as $field) {
            $allowed_columns[] = $field->db_column_name();
        }

-        $assets = Company::scopeCompanyables(Asset::select('assets.*'), 'company_id', 'assets')
+        $assets = Asset::select('assets.*')
            ->with('location', 'assetstatus', 'company', 'defaultLoc','assignedTo',
                'model.category', 'model.manufacturer', 'model.fieldset','supplier'); //it might be tempting to add 'assetlog' here, but don't. It blows up update-heavy users.

@@ -125,6 +125,8 @@ class AssetsController extends Controller
            $assets->InModelList($non_deprecable_models->toArray());
        }

+
+
        // These are used by the API to query against specific ID numbers.
        // They are also used by the individual searches on detail pages like
        // locations, etc.
@@ -136,6 +138,101 @@ class AssetsController extends Controller
            }
        }

+        if ((! is_null($filter)) && (count($filter)) > 0) {
+            $assets->ByFilter($filter);
+        } elseif ($request->filled('search')) {
+            $assets->TextSearch($request->input('search'));
+        }
+
+        // This is used by the audit reporting routes
+        if (Gate::allows('audit', Asset::class)) {
+            switch ($audit) {
+                case 'due':
+                    $assets->DueOrOverdueForAudit($settings);
+                    break;
+                case 'overdue':
+                    $assets->overdueForAudit($settings);
+                    break;
+            }
+        }
+
+
+        // This is used by the sidenav, mostly
+
+        // We switched from using query scopes here because of a Laravel bug
+        // related to fulltext searches on complex queries.
+        // I am sad. :(
+        switch ($request->input('status')) {
+            case 'Deleted':
+                $assets->onlyTrashed();
+                break;
+            case 'Pending':
+                $assets->join('status_labels AS status_alias', function ($join) {
+                    $join->on('status_alias.id', '=', 'assets.status_id')
+                        ->where('status_alias.deployable', '=', 0)
+                        ->where('status_alias.pending', '=', 1)
+                        ->where('status_alias.archived', '=', 0);
+                });
+                break;
+            case 'RTD':
+                $assets->whereNull('assets.assigned_to')
+                    ->join('status_labels AS status_alias', function ($join) {
+                        $join->on('status_alias.id', '=', 'assets.status_id')
+                            ->where('status_alias.deployable', '=', 1)
+                            ->where('status_alias.pending', '=', 0)
+                            ->where('status_alias.archived', '=', 0);
+                    });
+                break;
+            case 'Undeployable':
+                $assets->Undeployable();
+                break;
+            case 'Archived':
+                $assets->join('status_labels AS status_alias', function ($join) {
+                    $join->on('status_alias.id', '=', 'assets.status_id')
+                        ->where('status_alias.deployable', '=', 0)
+                        ->where('status_alias.pending', '=', 0)
+                        ->where('status_alias.archived', '=', 1);
+                });
+                break;
+            case 'Requestable':
+                $assets->where('assets.requestable', '=', 1)
+                    ->join('status_labels AS status_alias', function ($join) {
+                        $join->on('status_alias.id', '=', 'assets.status_id')
+                            ->where('status_alias.deployable', '=', 1)
+                            ->where('status_alias.pending', '=', 0)
+                            ->where('status_alias.archived', '=', 0);
+                    });
+
+                break;
+            case 'Deployed':
+                // more sad, horrible workarounds for laravel bugs when doing full text searches
+                $assets->whereNotNull('assets.assigned_to');
+                break;
+            case 'byod':
+                // This is kind of redundant, since we already check for byod=1 above, but this keeps the
+                // sidebar nav links a little less chaotic
+                $assets->where('assets.byod', '=', '1');
+                break;
+            default:
+
+                if ((! $request->filled('status_id')) && ($settings->show_archived_in_list != '1')) {
+                    // terrible workaround for complex-query Laravel bug in fulltext
+                    $assets->join('status_labels AS status_alias', function ($join) {
+                        $join->on('status_alias.id', '=', 'assets.status_id')
+                            ->where('status_alias.archived', '=', 0);
+                    });
+
+                    // If there is a status ID, don't take show_archived_in_list into consideration
+                } else {
+                    $assets->join('status_labels AS status_alias', function ($join) {
+                        $join->on('status_alias.id', '=', 'assets.status_id');
+                    });
+                }
+
+        }
+
+
+        // Leave these under the TextSearch scope, else the fuzziness will override the specific ID (status ID, etc) requested
        if ($request->filled('status_id')) {
            $assets->where('assets.status_id', '=', $request->input('status_id'));
        }
@@ -197,114 +294,10 @@ class AssetsController extends Controller
            $assets->where('assets.byod', '=', $request->input('byod'));
        }

-        $request->filled('order_number') ? $assets = $assets->where('assets.order_number', '=', e($request->get('order_number'))) : '';
-
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($assets) && ($request->get('offset') > $assets->count())) ? $assets->count() : $request->get('offset', 0);
-
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
-
-        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
-
-        // This is used by the audit reporting routes
-        if (Gate::allows('audit', Asset::class)) {
-            switch ($audit) {
-                case 'due':
-                    $assets->DueOrOverdueForAudit($settings);
-                    break;
-                case 'overdue':
-                    $assets->overdueForAudit($settings);
-                    break;
-            }
+        if ($request->filled('order_number')) {
+            $assets->where('assets.order_number', '=', $request->get('order_number'));
        }

-
-
-        // This is used by the sidenav, mostly
-
-        // We switched from using query scopes here because of a Laravel bug
-        // related to fulltext searches on complex queries.
-        // I am sad. :(
-        switch ($request->input('status')) {
-            case 'Deleted':
-                $assets->onlyTrashed();
-                break;
-            case 'Pending':
-                $assets->join('status_labels AS status_alias', function ($join) {
-                    $join->on('status_alias.id', '=', 'assets.status_id')
-                        ->where('status_alias.deployable', '=', 0)
-                        ->where('status_alias.pending', '=', 1)
-                        ->where('status_alias.archived', '=', 0);
-                });
-                break;
-            case 'RTD':
-                $assets->whereNull('assets.assigned_to')
-                    ->join('status_labels AS status_alias', function ($join) {
-                        $join->on('status_alias.id', '=', 'assets.status_id')
-                            ->where('status_alias.deployable', '=', 1)
-                            ->where('status_alias.pending', '=', 0)
-                            ->where('status_alias.archived', '=', 0);
-                    });
-                break;
-            case 'Undeployable':
-                $assets->Undeployable();
-                break;
-            case 'Archived':
-                $assets->join('status_labels AS status_alias', function ($join) {
-                    $join->on('status_alias.id', '=', 'assets.status_id')
-                        ->where('status_alias.deployable', '=', 0)
-                        ->where('status_alias.pending', '=', 0)
-                        ->where('status_alias.archived', '=', 1);
-                });
-                break;
-            case 'Requestable':
-                $assets->where('assets.requestable', '=', 1)
-                    ->join('status_labels AS status_alias', function ($join) {
-                        $join->on('status_alias.id', '=', 'assets.status_id')
-                            ->where('status_alias.deployable', '=', 1)
-                            ->where('status_alias.pending', '=', 0)
-                            ->where('status_alias.archived', '=', 0);
-                    });
-
-                break;
-            case 'Deployed':
-                // more sad, horrible workarounds for laravel bugs when doing full text searches
-                $assets->where('assets.assigned_to', '>', '0');
-                break;
-            case 'byod':
-                // This is kind of redundant, since we already check for byod=1 above, but this keeps the
-                // sidebar nav links a little less chaotic
-                $assets->where('assets.byod', '=', '1');
-                break;
-            default:
-
-                if ((! $request->filled('status_id')) && ($settings->show_archived_in_list != '1')) {
-                    // terrible workaround for complex-query Laravel bug in fulltext
-                    $assets->join('status_labels AS status_alias', function ($join) {
-                        $join->on('status_alias.id', '=', 'assets.status_id')
-                            ->where('status_alias.archived', '=', 0);
-                    });
-
-                    // If there is a status ID, don't take show_archived_in_list into consideration
-                } else {
-                    $assets->join('status_labels AS status_alias', function ($join) {
-                        $join->on('status_alias.id', '=', 'assets.status_id');
-                    });
-                }
-
-        }
-
-
-        if ((! is_null($filter)) && (count($filter)) > 0) {
-            $assets->ByFilter($filter);
-        } elseif ($request->filled('search')) {
-            $assets->TextSearch($request->input('search'));
-        }
-
-
        // This is kinda gross, but we need to do this because the Bootstrap Tables
        // API passes custom field ordering as custom_fields.fieldname, and we have to strip
        // that out to let the default sorter below order them correctly on the assets table.
@@ -314,7 +307,8 @@ class AssetsController extends Controller
        // in the allowed_columns array)
        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'assets.created_at';

-
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+        
        switch ($sort_override) {
            case 'model':
                $assets->OrderModels($order);
@@ -351,6 +345,10 @@ class AssetsController extends Controller
        }


+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $assets->count()) ? $assets->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');
+
        $total = $assets->count();
        $assets = $assets->skip($offset)->take($limit)->get();
        
@@ -463,7 +461,7 @@ class AssetsController extends Controller
    {
        $this->authorize('view', Asset::class);
        $this->authorize('view', License::class);
-        $asset = Asset::where('id', $id)->withTrashed()->first();
+        $asset = Asset::where('id', $id)->withTrashed()->firstorfail();
        $licenses = $asset->licenses()->get();

        return (new LicensesTransformer())->transformLicenses($licenses, $licenses->count());
@@ -481,7 +479,7 @@ class AssetsController extends Controller
    public function selectlist(Request $request)
    {

-        $assets = Company::scopeCompanyables(Asset::select([
+        $assets = Asset::select([
            'assets.id',
            'assets.name',
            'assets.asset_tag',
@@ -489,7 +487,7 @@ class AssetsController extends Controller
            'assets.assigned_to',
            'assets.assigned_type',
            'assets.status_id',
-            ])->with('model', 'assetstatus', 'assignedTo')->NotArchived(), 'company_id', 'assets');
+            ])->with('model', 'assetstatus', 'assignedTo')->NotArchived();

        if ($request->filled('assetStatusType') && $request->input('assetStatusType') === 'RTD') {
            $assets = $assets->RTD();
@@ -547,14 +545,16 @@ class AssetsController extends Controller
        $asset->model_id                = $request->get('model_id');
        $asset->order_number            = $request->get('order_number');
        $asset->notes                   = $request->get('notes');
-        $asset->asset_tag               = $request->get('asset_tag', Asset::autoincrement_asset());
+        $asset->asset_tag               = $request->get('asset_tag', Asset::autoincrement_asset()); //yup, problem :/
+        // NO IT IS NOT!!! This is never firing; we SHOW the asset_tag you're going to get, so it *will* be filled in!
        $asset->user_id                 = Auth::id();
        $asset->archived                = '0';
        $asset->physical                = '1';
        $asset->depreciate              = '0';
        $asset->status_id               = $request->get('status_id', 0);
        $asset->warranty_months         = $request->get('warranty_months', null);
-        $asset->purchase_cost           = Helper::ParseCurrency($request->get('purchase_cost')); // this is the API's store method, so I don't know that I want to do this? Confusing. FIXME (or not?!)
+        $asset->purchase_cost           = $request->get('purchase_cost');
+        $asset->asset_eol_date          = $request->get('asset_eol_date', $asset->present()->eol_date());
        $asset->purchase_date           = $request->get('purchase_date', null);
        $asset->assigned_to             = $request->get('assigned_to', null);
        $asset->supplier_id             = $request->get('supplier_id');
@@ -562,6 +562,7 @@ class AssetsController extends Controller
        $asset->rtd_location_id         = $request->get('rtd_location_id', null);
        $asset->location_id             = $request->get('rtd_location_id', null);

+
        /**
        * this is here just legacy reasons. Api\AssetController
        * used image_source  once to allow encoded image uploads.
@@ -572,41 +573,8 @@ class AssetsController extends Controller

        $asset = $request->handleImages($asset);

-        // Update custom fields in the database.
-        // Validation for these fields is handled through the AssetRequest form request
-        $model = AssetModel::find($request->get('model_id'));
-        if (($model) && ($model->fieldset)) {
-            foreach ($model->fieldset->fields as $field) {
+        $asset->customFill($request, Auth::user(), true);

-                // Set the field value based on what was sent in the request
-                $field_val = $request->input($field->db_column, null);
-
-                // If input value is null, use custom field's default value
-                if ($field_val == null) {
-                    \Log::debug('Field value for '.$field->db_column.' is null');
-                    $field_val = $field->defaultValue($request->get('model_id'));
-                    \Log::debug('Use the default fieldset value of '.$field->defaultValue($request->get('model_id')));
-                }
-
-                // if the field is set to encrypted, make sure we encrypt the value
-                if ($field->field_encrypted == '1') {
-                    \Log::debug('This model field is encrypted in this fieldset.');
-
-                    if (Gate::allows('admin')) {
-
-                        // If input value is null, use custom field's default value
-                        if (($field_val == null) && ($request->has('model_id') != '')) {
-                            $field_val = \Crypt::encrypt($field->defaultValue($request->get('model_id')));
-                        } else {
-                            $field_val = \Crypt::encrypt($request->input($field->db_column));
-                        }
-                    }
-                }
-
-
-                $asset->{$field->db_column} = $field_val;
-            }
-        }

        if ($asset->save()) {
            if ($request->get('assigned_user')) {
@@ -666,21 +634,7 @@ class AssetsController extends Controller

            $asset = $request->handleImages($asset); 
            
-            // Update custom fields
-            if (($model = AssetModel::find($asset->model_id)) && (isset($model->fieldset))) {
-                foreach ($model->fieldset->fields as $field) {
-                    if ($request->has($field->db_column)) {
-                        if ($field->field_encrypted == '1') {
-                            if (Gate::allows('admin')) {
-                                $asset->{$field->db_column} = \Crypt::encrypt($request->input($field->db_column));
-                            }
-                        } else {
-                            $asset->{$field->db_column} = $request->input($field->db_column);
-                        }
-                    }
-                }
-            }
-
+            $asset->customFill($request,Auth::user());

            if ($asset->save()) {
                if (($request->filled('assigned_user')) && ($target = User::find($request->get('assigned_user')))) {
@@ -832,7 +786,6 @@ class AssetsController extends Controller

        } elseif (request('checkout_to_type') == 'asset') {
            $target = Asset::where('id', '!=', $asset_id)->find(request('assigned_asset'));
-            $asset->location_id = $target->rtd_location_id;
            // Override with the asset's location_id if it has one
            $asset->location_id = (($target) && (isset($target->location_id))) ? $target->location_id : '';
            $error_payload['target_id'] = $request->input('assigned_asset');
@@ -904,6 +857,7 @@ class AssetsController extends Controller

        $asset->expected_checkin = null;
        $asset->last_checkout = null;
+        $asset->last_checkin = now();
        $asset->assigned_to = null;
        $asset->assignedTo()->disassociate($asset);
        $asset->accepted = null;
@@ -923,10 +877,14 @@ class AssetsController extends Controller
        }
        
        $checkin_at = $request->filled('checkin_at') ? $request->input('checkin_at').' '. date('H:i:s') : date('Y-m-d H:i:s');
+        $originalValues = $asset->getRawOriginal();

+        if (($request->filled('checkin_at')) && ($request->get('checkin_at') != date('Y-m-d'))) {
+            $originalValues['action_date'] = $checkin_at;
+        }

        if ($asset->save()) {
-            event(new CheckoutableCheckedIn($asset, $target, Auth::user(), $request->input('note'), $checkin_at));
+            event(new CheckoutableCheckedIn($asset, $target, Auth::user(), $request->input('note'), $checkin_at, $originalValues));

            return response()->json(Helper::formatStandardApiResponse('success', ['asset'=> e($asset->asset_tag)], trans('admin/hardware/message.checkin.success')));
        }
@@ -1032,9 +990,10 @@ class AssetsController extends Controller
    {
        $this->authorize('viewRequestable', Asset::class);

-        $assets = Company::scopeCompanyables(Asset::select('assets.*'), 'company_id', 'assets')
+        $assets = Asset::select('assets.*')
            ->with('location', 'assetstatus', 'assetlog', 'company', 'defaultLoc','assignedTo',
-                'model.category', 'model.manufacturer', 'model.fieldset', 'supplier')->requestableAssets();
+                'model.category', 'model.manufacturer', 'model.fieldset', 'supplier')
+            ->requestableAssets();

        $offset = request('offset', 0);
        $limit = $request->input('limit', 50);
@@ -67,8 +67,6 @@ class CategoriesController extends Controller
            $categories = $categories->withCount('showableAssets as assets_count');
        }

-
-
        if ($request->filled('search')) {
            $categories = $categories->TextSearch($request->input('search'));
        }
@@ -93,14 +91,9 @@ class CategoriesController extends Controller
            $categories->where('checkin_email', '=', $request->input('checkin_email'));
        }

-
-
-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($categories) && ($request->get('offset') > $categories->count())) ? $categories->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $categories->count()) ? $categories->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'assets_count';
@@ -27,6 +27,9 @@ class CompaniesController extends Controller
        $allowed_columns = [
            'id',
            'name',
+            'phone',
+            'fax',
+            'email',
            'created_at',
            'updated_at',
            'users_count',
@@ -47,13 +50,15 @@ class CompaniesController extends Controller
            $companies->where('name', '=', $request->input('name'));
        }

+		if ($request->filled('email')) {
+            $companies->where('email', '=', $request->input('email'));
+        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($companies) && ($request->get('offset') > $companies->count())) ? $companies->count() : $request->get('offset', 0);

-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $companies->count()) ? $companies->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');
+

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -168,6 +173,7 @@ class CompaniesController extends Controller
        $companies = Company::select([
            'companies.id',
            'companies.name',
+            'companies.email',
            'companies.image',
        ]);

@@ -12,6 +12,8 @@ use App\Http\Requests\ImageUploadRequest;
 use App\Events\CheckoutableCheckedIn;
 use App\Events\ComponentCheckedIn;
 use App\Models\Asset;
+use Illuminate\Support\Facades\Validator;
+use Illuminate\Database\Query\Builder;

 class ComponentsController extends Controller
 {
@@ -43,9 +45,8 @@ class ComponentsController extends Controller
                'notes',
            ];

-
-        $components = Company::scopeCompanyables(Component::select('components.*')
-            ->with('company', 'location', 'category', 'assets'));
+        $components = Component::select('components.*')
+            ->with('company', 'location', 'category', 'assets', 'supplier');

        if ($request->filled('search')) {
            $components = $components->TextSearch($request->input('search'));
@@ -63,6 +64,10 @@ class ComponentsController extends Controller
            $components->where('category_id', '=', $request->input('category_id'));
        }

+        if ($request->filled('supplier_id')) {
+            $components->where('supplier_id', '=', $request->input('supplier_id'));
+        }
+
        if ($request->filled('location_id')) {
            $components->where('location_id', '=', $request->input('location_id'));
        }
@@ -71,14 +76,10 @@ class ComponentsController extends Controller
            $components->where('notes','=',$request->input('notes'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($components) && ($request->get('offset') > $components->count())) ? $components->count() : $request->get('offset', 0);
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $components->count()) ? $components->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
-
-        
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort_override =  $request->input('sort');
        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'created_at';
@@ -93,6 +94,9 @@ class ComponentsController extends Controller
            case 'company':
                $components = $components->OrderCompany($order);
                break;
+            case 'supplier':
+                $components = $components->OrderSupplier($order);
+                break;
            default:
                $components = $components->orderBy($column_sort, $order);
                break;
@@ -200,12 +204,29 @@ class ComponentsController extends Controller
        $this->authorize('view', \App\Models\Asset::class);
        
        $component = Component::findOrFail($id);
-        $assets = $component->assets();
-
+        
        $offset = request('offset', 0);
        $limit = $request->input('limit', 50);
-        $total = $assets->count();
-        $assets = $assets->skip($offset)->take($limit)->get();
+        
+        if ($request->filled('search')) {
+            $assets = $component->assets()
+                                ->where(function ($query) use ($request) {
+                                    $search_str = '%' . $request->input('search') . '%';
+                                    $query->where('name', 'like', $search_str)
+                                            ->orWhereIn('model_id', function (Builder $query) use ($request) {
+                                                $search_str = '%' . $request->input('search') . '%';
+                                                $query->selectRaw('id')->from('models')->where('name', 'like', $search_str);
+                                            })
+                                            ->orWhere('asset_tag', 'like', $search_str);
+                                         })
+                                         ->get();
+            $total = $assets->count();
+        } else {
+            $assets = $component->assets();
+            
+            $total = $assets->count();
+            $assets = $assets->skip($offset)->take($limit)->get();
+        }

        return (new ComponentsTransformer)->transformCheckedoutComponents($assets, $total);
    }
@@ -225,20 +246,30 @@ class ComponentsController extends Controller
    public function checkout(Request $request, $componentId)
    {
        // Check if the component exists
-        if (is_null($component = Component::find($componentId))) {
+        if (!$component = Component::find($componentId)) {
            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.does_not_exist')));
        }

        $this->authorize('checkout', $component);

+        $validator = Validator::make($request->all(), [
+            'assigned_to'          => 'required|exists:assets,id',
+            'assigned_qty'      => "required|numeric|min:1|digits_between:1,".$component->numRemaining(),
+        ]);
+
+        if ($validator->fails()) {
+            return response()->json(Helper::formatStandardApiResponse('error', $validator->errors()));
+
+        }
+
+        // Make sure there is at least one available to checkout
+        if ($component->numRemaining() <= $request->get('assigned_qty')) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.checkout.unavailable', ['remaining' => $component->numRemaining(), 'requested' => $request->get('assigned_qty')])));
+        }

        if ($component->numRemaining() >= $request->get('assigned_qty')) {

-            if (!$asset = Asset::find($request->input('assigned_to'))) {
-                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')));
-            }
-
-            // Update the accessory data
+            $asset = Asset::find($request->input('assigned_to'));
            $component->assigned_to = $request->input('assigned_to');

            $component->assets()->attach($component->id, [
@@ -255,7 +286,7 @@ class ComponentsController extends Controller
            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/components/message.checkout.success')));
        }

-        return response()->json(Helper::formatStandardApiResponse('error', null, 'Not enough components remaining: '.$component->numRemaining().' remaining, '.$request->get('assigned_qty').' requested.'));
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.checkout.unavailable', ['remaining' => $component->numRemaining(), 'requested' => $request->get('assigned_qty')])));
    }

    /**
@@ -45,11 +45,8 @@ class ConsumablesController extends Controller
                'notes',
                ];

-
-        $consumables = Company::scopeCompanyables(
-            Consumable::select('consumables.*')
-                ->with('company', 'location', 'category', 'users', 'manufacturer')
-        );
+        $consumables = Consumable::select('consumables.*')
+            ->with('company', 'location', 'category', 'users', 'manufacturer');

        if ($request->filled('search')) {
            $consumables = $consumables->TextSearch(e($request->input('search')));
@@ -75,6 +72,10 @@ class ConsumablesController extends Controller
            $consumables->where('manufacturer_id', '=', $request->input('manufacturer_id'));
        }

+        if ($request->filled('supplier_id')) {
+            $consumables->where('supplier_id', '=', $request->input('supplier_id'));
+        }
+
        if ($request->filled('location_id')) {
            $consumables->where('location_id','=',$request->input('location_id'));
        }
@@ -84,12 +85,9 @@ class ConsumablesController extends Controller
        }


-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($consumables) && ($request->get('offset') > $consumables->count())) ? $consumables->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $consumables->count()) ? $consumables->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $allowed_columns = ['id', 'name', 'order_number', 'min_amt', 'purchase_date', 'purchase_cost', 'company', 'category', 'model_number', 'item_no', 'manufacturer', 'location', 'qty', 'image'];
        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
@@ -111,6 +109,9 @@ class ConsumablesController extends Controller
            case 'company':
                $consumables = $consumables->OrderCompany($order);
                break;
+            case 'supplier':
+                $components = $consumables->OrderSupplier($order);
+                break;
            default:
                $consumables = $consumables->orderBy($column_sort, $order);
                break;
@@ -154,7 +155,7 @@ class ConsumablesController extends Controller
    public function show($id)
    {
        $this->authorize('view', Consumable::class);
-        $consumable = Consumable::findOrFail($id);
+        $consumable = Consumable::with('users')->findOrFail($id);

        return (new ConsumablesTransformer)->transformConsumable($consumable);
    }
@@ -253,33 +254,39 @@ class ConsumablesController extends Controller
    public function checkout(Request $request, $id)
    {
        // Check if the consumable exists
-        if (is_null($consumable = Consumable::find($id))) {
+        if (!$consumable = Consumable::with('users')->find($id)) {
            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/consumables/message.does_not_exist')));
        }

        $this->authorize('checkout', $consumable);

-        if ($consumable->qty > 0) {
+        // Make sure there is at least one available to checkout
+        if ($consumable->numRemaining() <= 0) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/consumables/message.checkout.unavailable')));
+            \Log::debug('No enough remaining');
+        }

-            // Check if the user exists
-            $assigned_to = $request->input('assigned_to');
-            if (is_null($user = User::find($assigned_to))) {
-                // Return error message
-                return response()->json(Helper::formatStandardApiResponse('error', null, 'No user found'));
-            }
+        // Check if the user exists - @TODO:  this should probably be handled via validation, not here??
+        if (!$user = User::find($request->input('assigned_to'))) {
+            // Return error message
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'No user found'));
+            \Log::debug('No valid user');
+        }

-            // Update the consumable data
-            $consumable->assigned_to = e($assigned_to);
+        // Update the consumable data
+        $consumable->assigned_to = $request->input('assigned_to');

-            $consumable->users()->attach($consumable->id, [
-                'consumable_id' => $consumable->id,
-                'user_id' => $user->id,
-                'assigned_to' => $assigned_to,
-                'note' => $request->input('note'),
-            ]);
+        $consumable->users()->attach($consumable->id,
+                [
+                    'consumable_id' => $consumable->id,
+                    'user_id' => $user->id,
+                    'assigned_to' => $request->input('assigned_to'),
+                    'note' => $request->input('note'),
+                ]
+            );

            // Log checkout event
-            $logaction = $consumable->logCheckout(e($request->input('note')), $user);
+            $logaction = $consumable->logCheckout($request->input('note'), $user);
            $data['log_id'] = $logaction->id;
            $data['eula'] = $consumable->getEula();
            $data['first_name'] = $user->first_name;
@@ -289,9 +296,7 @@ class ConsumablesController extends Controller
            $data['require_acceptance'] = $consumable->requireAcceptance();

            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/consumables/message.checkout.success')));
-        }

-        return response()->json(Helper::formatStandardApiResponse('error', null, 'No consumables remaining'));
    }

    /**
@@ -7,6 +7,7 @@ use App\Http\Controllers\Controller;
 use App\Http\Transformers\CustomFieldsetsTransformer;
 use App\Http\Transformers\CustomFieldsTransformer;
 use App\Models\CustomFieldset;
+use App\Models\CustomField;
 use Illuminate\Http\Request;
 use Redirect;
 use View;
@@ -34,7 +35,7 @@ class CustomFieldsetsController extends Controller
    public function index()
    {
        $this->authorize('index', CustomField::class);
-        $fieldsets = CustomFieldset::withCount('fields as fields_count', 'models as models_count')->get();
+        $fieldsets = CustomFieldset::withCount('fields as fields_count')->get();

        return (new CustomFieldsetsTransformer)->transformCustomFieldsets($fieldsets, $fieldsets->count());
    }
@@ -94,6 +95,18 @@ class CustomFieldsetsController extends Controller
        $fieldset->fill($request->all());

        if ($fieldset->save()) {
+            // Sync fieldset with auto_add_to_fieldsets
+            $fields = CustomField::select('id')->where('auto_add_to_fieldsets', '=', '1')->get();
+
+            if ($fields->count() > 0) {
+
+                foreach ($fields as $field) {
+                    $field_ids[] = $field->id;
+                }
+
+                $fieldset->fields()->sync($field_ids);
+            }
+
            return response()->json(Helper::formatStandardApiResponse('success', $fieldset, trans('admin/custom_fields/message.fieldset.create.success')));
        }

@@ -112,7 +125,7 @@ class CustomFieldsetsController extends Controller
        $this->authorize('delete', CustomField::class);
        $fieldset = CustomFieldset::findOrFail($id);

-        $modelsCount = $fieldset->models->count();
+        $modelsCount = $fieldset->customizables()->count();
        $fieldsCount = $fieldset->fields->count();

        if (($modelsCount > 0) || ($fieldsCount > 0)) {
@@ -30,6 +30,8 @@ class DepartmentsController extends Controller
        $departments = Company::scopeCompanyables(Department::select(
            'departments.id',
            'departments.name',
+            'departments.phone',
+            'departments.fax',
            'departments.location_id',
            'departments.company_id',
            'departments.manager_id',
@@ -58,12 +60,9 @@ class DepartmentsController extends Controller
            $departments->where('location_id', '=', $request->input('location_id'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($departments) && ($request->get('offset') > $departments->count())) ? $departments->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $departments->count()) ? $departments->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -28,12 +28,9 @@ class DepreciationsController extends Controller
            $depreciations = $depreciations->TextSearch($request->input('search'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($depreciations) && ($request->get('offset') > $depreciations->count())) ? $depreciations->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $depreciations->count()) ? $depreciations->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -35,12 +35,9 @@ class GroupsController extends Controller
            $groups->where('name', '=', $request->input('name'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($groups) && ($request->get('offset') > $groups->count())) ? $groups->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $groups->count()) ? $groups->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -160,7 +160,7 @@ class ImportController extends Controller
        // Run a backup immediately before processing
        if ($request->get('run-backup')) {
            \Log::debug('Backup manually requested via importer');
-            Artisan::call('backup:run');
+            Artisan::call('snipeit:backup', ['--filename' => 'pre-import-backup-'.date('Y-m-d-H:i:s')]);
        } else {
            \Log::debug('NO BACKUP requested via importer');
        }
@@ -193,6 +193,9 @@ class ImportController extends Controller
            case 'user':
                $redirectTo = 'users.index';
                break;
+            case 'location':
+                $redirectTo = 'locations.index';
+                break;
        }

        if ($errors) { //Failure
@@ -0,0 +1,71 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\LabelsTransformer;
+use App\Models\Labels\Label;
+use Illuminate\Http\Request;
+use Illuminate\Support\ItemNotFoundException;
+use Auth;
+
+class LabelsController extends Controller
+{
+    /**
+     * Returns JSON listing of all labels.
+     *
+     * @author Grant Le Roux <grant.leroux+snipe-it@gmail.com>
+     * @return JsonResponse
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('view', Label::class);
+
+        $labels = Label::find();
+
+        if ($request->filled('search')) {
+            $search = $request->get('search');
+            $labels = $labels->filter(function ($label, $index) use ($search) {
+                return stripos($label->getName(), $search) !== false;
+            });
+        }
+
+        $total = $labels->count();
+
+        $offset = $request->get('offset', 0);
+        $offset = ($offset > $total) ? $total : $offset;
+
+        $maxLimit = config('app.max_results');
+        $limit = $request->get('limit', $maxLimit);
+        $limit = ($limit > $maxLimit) ? $maxLimit : $limit;
+        
+        $labels = $labels->skip($offset)->take($limit);
+
+        return (new LabelsTransformer)->transformLabels($labels, $total, $request);
+    }
+
+    /**
+     * Returns JSON with information about a label for detail view.
+     *
+     * @author Grant Le Roux <grant.leroux+snipe-it@gmail.com>
+     * @param  string  $labelName
+     * @return JsonResponse
+     */
+    public function show(string $labelName)
+    {
+        $labelName = str_replace('/', '\\', $labelName);
+        try {
+            $label = Label::find($labelName);
+        } catch(ItemNotFoundException $e) {
+            return response()
+                ->json(
+                    Helper::formatStandardApiResponse('error', null, trans('admin/labels/message.does_not_exist')), 
+                    404
+                );
+        }
+        $this->authorize('view', $label);
+        return (new LabelsTransformer)->transformLabel($label);
+    }
+
+}
@@ -39,8 +39,15 @@ class LicenseSeatsController extends Controller
            }

            $total = $seats->count();
-            $offset = (($seats) && (request('offset') >= $total)) ? 0 : request('offset', 0);
-            $limit = request('limit', 50);
+
+            // Make sure the offset and limit are actually integers and do not exceed system limits
+            $offset = ($request->input('offset') > $seats->count()) ? $seats->count() : abs($request->input('offset'));
+
+            if ($offset >= $total ){
+                $offset = 0;
+            }
+
+            $limit = app('api_limit_value');

            $seats = $seats->skip($offset)->take($limit)->get();

@@ -26,8 +26,8 @@ class LicensesController extends Controller
    public function index(Request $request)
    {
        $this->authorize('view', License::class);
-        $licenses = Company::scopeCompanyables(License::with('company', 'manufacturer', 'supplier','category')->withCount('freeSeats as free_seats_count'));

+        $licenses = License::with('company', 'manufacturer', 'supplier','category')->withCount('freeSeats as free_seats_count');

        if ($request->filled('company_id')) {
            $licenses->where('company_id', '=', $request->input('company_id'));
@@ -94,12 +94,9 @@ class LicensesController extends Controller
            $licenses->onlyTrashed();
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($licenses) && ($request->get('offset') > $licenses->count())) ? $licenses->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $licenses->count()) ? $licenses->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';

@@ -37,6 +37,8 @@ class LocationsController extends Controller
            'locations.city',
            'locations.state',
            'locations.zip',
+            'locations.phone',
+            'locations.fax',
            'locations.country',
            'locations.parent_id',
            'locations.manager_id',
@@ -78,14 +80,15 @@ class LocationsController extends Controller
            $locations->where('locations.country', '=', $request->input('country'));
        }

-        $offset = (($locations) && (request('offset') > $locations->count())) ? $locations->count() : request('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $locations->count()) ? $locations->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';

+
+
        switch ($request->input('sort')) {
            case 'parent':
                $locations->OrderParent($order);
@@ -250,8 +253,12 @@ class LocationsController extends Controller
     */
    public function selectlist(Request $request)
    {
-
-        $this->authorize('view.selectlists');
+        // If a user is in the process of editing their profile, as determined by the referrer,
+        // then we check that they have permission to edit their own location.
+        // Otherwise, we do our normal check that they can view select lists.
+        $request->headers->get('referer') === route('profile')
+            ? $this->authorize('self.edit_location')
+            : $this->authorize('view.selectlists');

        $locations = Location::select([
            'locations.id',
@@ -23,10 +23,10 @@ class ManufacturersController extends Controller
    public function index(Request $request)
    {
        $this->authorize('view', Manufacturer::class);
-        $allowed_columns = ['id', 'name', 'url', 'support_url', 'support_email', 'support_phone', 'created_at', 'updated_at', 'image', 'assets_count', 'consumables_count', 'components_count', 'licenses_count'];
+        $allowed_columns = ['id', 'name', 'url', 'support_url', 'support_email', 'warranty_lookup_url', 'support_phone', 'created_at', 'updated_at', 'image', 'assets_count', 'consumables_count', 'components_count', 'licenses_count'];

        $manufacturers = Manufacturer::select(
-            ['id', 'name', 'url', 'support_url', 'support_email', 'support_phone', 'created_at', 'updated_at', 'image', 'deleted_at']
+            ['id', 'name', 'url', 'support_url', 'warranty_lookup_url', 'support_email', 'support_phone', 'created_at', 'updated_at', 'image', 'deleted_at']
        )->withCount('assets as assets_count')->withCount('licenses as licenses_count')->withCount('consumables as consumables_count')->withCount('accessories as accessories_count');

        if ($request->input('deleted') == 'true') {
@@ -49,6 +49,10 @@ class ManufacturersController extends Controller
            $manufacturers->where('support_url', '=', $request->input('support_url'));
        }

+        if ($request->filled('warranty_lookup_url')) {
+            $manufacturers->where('warranty_lookup_url', '=', $request->input('warranty_lookup_url'));
+        }
+
        if ($request->filled('support_phone')) {
            $manufacturers->where('support_phone', '=', $request->input('support_phone'));
        }
@@ -57,12 +61,9 @@ class ManufacturersController extends Controller
            $manufacturers->where('support_email', '=', $request->input('support_email'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($manufacturers) && ($request->get('offset') > $manufacturers->count())) ? $manufacturers->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $manufacturers->count()) ? $manufacturers->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -29,8 +29,10 @@ class PredefinedKitsController extends Controller
            $kits = $kits->TextSearch($request->input('search'));
        }

-        $offset = $request->input('offset', 0);
-        $limit = $request->input('limit', 50);
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $kits->count()) ? $kits->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');
+
        $order = $request->input('order') === 'desc' ? 'desc' : 'asc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'name';
        $kits->orderBy($sort, $order);
@@ -54,15 +54,15 @@ class ReportsController extends Controller
            'note',
        ];

+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $actionlogs->count()) ? $actionlogs->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');
+
        $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'created_at';
        $order = ($request->input('order') == 'asc') ? 'asc' : 'desc';
-        $offset = request('offset', 0);
        $total = $actionlogs->count();

-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
-
-
        $actionlogs = $actionlogs->orderBy($sort, $order)->skip($offset)->take($limit)->get();

        return response()->json((new ActionlogsTransformer)->transformActionlogs($actionlogs, $total), 200, ['Content-Type' => 'application/json;charset=utf8'], JSON_UNESCAPED_UNICODE);
@@ -5,6 +5,7 @@ namespace App\Http\Controllers\Api;
 use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Http\Transformers\AssetsTransformer;
+use App\Http\Transformers\SelectlistTransformer;
 use App\Http\Transformers\StatuslabelsTransformer;
 use App\Models\Asset;
 use App\Models\Statuslabel;
@@ -50,12 +51,9 @@ class StatuslabelsController extends Controller
            }
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($statuslabels) && ($request->get('offset') > $statuslabels->count())) ? $statuslabels->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $statuslabels->count()) ? $statuslabels->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -294,4 +292,45 @@ class StatuslabelsController extends Controller

        return '0';
    }
+
+    /**
+     * Gets a paginated collection for the select2 menus
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.1.1]
+     * @see \App\Http\Transformers\SelectlistTransformer
+     */
+    public function selectlist(Request $request)
+    {
+
+        $this->authorize('view.selectlists');
+        $statuslabels = Statuslabel::orderBy('default_label', 'desc')->orderBy('name', 'asc')->orderBy('deployable', 'desc');
+
+        if ($request->filled('search')) {
+            $statuslabels = $statuslabels->where('name', 'LIKE', '%'.$request->get('search').'%');
+        }
+
+        if ($request->filled('deployable')) {
+            $statuslabels = $statuslabels->where('deployable', '=', '1');
+        }
+
+        if ($request->filled('pending')) {
+            $statuslabels = $statuslabels->where('pending', '=', '1');
+        }
+
+        if ($request->filled('archived')) {
+            $statuslabels = $statuslabels->where('archived', '=', '1');
+        }
+
+        $statuslabels = $statuslabels->orderBy('name', 'ASC')->paginate(50);
+
+        // Loop through and set some custom properties for the transformer to use.
+        // This lets us have more flexibility in special cases like assets, where
+        // they may not have a ->name value but we want to display something anyway
+        foreach ($statuslabels as $statuslabel) {
+            $statuslabels->use_text = $statuslabel->name;
+        }
+
+        return (new SelectlistTransformer)->transformSelectlist($statuslabels);
+    }
 }
@@ -23,11 +23,30 @@ class SuppliersController extends Controller
    public function index(Request $request)
    {
        $this->authorize('view', Supplier::class);
-        $allowed_columns = ['id', 'name', 'address', 'phone', 'contact', 'fax', 'email', 'image', 'assets_count', 'licenses_count', 'accessories_count', 'url'];
+        $allowed_columns = ['
+            id',
+            'name',
+            'address',
+            'phone',
+            'contact',
+            'fax',
+            'email',
+            'image',
+            'assets_count',
+            'licenses_count',
+            'accessories_count',
+            'components_count',
+            'consumables_count',
+            'url',
+        ];
        
        $suppliers = Supplier::select(
-                ['id', 'name', 'address', 'address2', 'city', 'state', 'country', 'fax', 'phone', 'email', 'contact', 'created_at', 'updated_at', 'deleted_at', 'image', 'notes']
-            )->withCount('assets as assets_count')->withCount('licenses as licenses_count')->withCount('accessories as accessories_count');
+                ['id', 'name', 'address', 'address2', 'city', 'state', 'country', 'fax', 'phone', 'email', 'contact', 'created_at', 'updated_at', 'deleted_at', 'image', 'notes', 'url'])
+                    ->withCount('assets as assets_count')
+                    ->withCount('licenses as licenses_count')
+                    ->withCount('accessories as accessories_count')
+                    ->withCount('components as components_count')
+                    ->withCount('consumables as consumables_count');


        if ($request->filled('search')) {
@@ -74,12 +93,9 @@ class SuppliersController extends Controller
            $suppliers->where('notes', '=', $request->input('notes'));
        }

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($suppliers) && ($request->get('offset') > $suppliers->count())) ? $suppliers->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $suppliers->count()) ? $suppliers->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
@@ -13,6 +13,7 @@ use App\Http\Transformers\SelectlistTransformer;
 use App\Http\Transformers\UsersTransformer;
 use App\Models\Asset;
 use App\Models\Company;
+use App\Models\CustomField;
 use App\Models\License;
 use App\Models\User;
 use App\Notifications\CurrentInventory;
@@ -36,7 +37,7 @@ class UsersController extends Controller
    {
        $this->authorize('view', User::class);

-        $users = User::select([
+        $allowed_columns = [
            'users.activated',
            'users.created_by',
            'users.address',
@@ -71,17 +72,16 @@ class UsersController extends Controller
            'users.start_date',
            'users.end_date',
            'users.vip',
+            'users.autoassign_licenses',

-        ])->with('manager', 'groups', 'userloc', 'company', 'department', 'assets', 'licenses', 'accessories', 'consumables', 'createdBy',)
-            ->withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count');
-        $users = Company::scopeCompanyables($users);
+        ];

-
-        if (($request->filled('deleted')) && ($request->input('deleted') == 'true')) {
-            $users = $users->onlyTrashed();
-        } elseif (($request->filled('all')) && ($request->input('all') == 'true')) {
-            $users = $users->withTrashed();
+        foreach(CustomField::where('type', User::class)->get() as $field) {
+            $allowed_columns[] = $field->db_column_name();
        }
+        $users = User::select()->with('manager', 'groups', 'userloc', 'company', 'department', 'assets', 'licenses', 'accessories', 'consumables', 'createdBy',)
+            ->withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count');
+

        if ($request->filled('activated')) {
            $users = $users->where('users.activated', '=', $request->input('activated'));
@@ -187,18 +187,19 @@ class UsersController extends Controller
            $users->has('accessories', '=', $request->input('accessories_count'));
        }

+        if ($request->filled('autoassign_licenses')) {
+            $users->where('autoassign_licenses', '=', $request->input('autoassign_licenses'));
+        }
+
        if ($request->filled('search')) {
            $users = $users->TextSearch($request->input('search'));
        }

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';

-        // Set the offset to the API call's offset, unless the offset is higher than the actual count of items in which
-        // case we override with the actual count, so we should return 0 items.
-        $offset = (($users) && ($request->get('offset') > $users->count())) ? $users->count() : $request->get('offset', 0);
-
-        // Check to make sure the limit is not higher than the max allowed
-        ((config('app.max_results') >= $request->input('limit')) && ($request->filled('limit'))) ? $limit = $request->input('limit') : $limit = config('app.max_results');
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $users->count()) ? $users->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');


        switch ($request->input('sort')) {
@@ -262,6 +263,7 @@ class UsersController extends Controller
                        'vip',
                        'start_date',
                        'end_date',
+                        'autoassign_licenses',
                    ];

                $sort = in_array($request->get('sort'), $allowed_columns) ? $request->get('sort') : 'first_name';
@@ -269,6 +271,14 @@ class UsersController extends Controller
                break;
        }

+        if (($request->filled('deleted')) && ($request->input('deleted') == 'true')) {
+            $users = $users->onlyTrashed();
+        } elseif (($request->filled('all')) && ($request->input('all') == 'true')) {
+            $users = $users->withTrashed();
+        }
+
+        $users = Company::scopeCompanyables($users);
+        
        $total = $users->count();
        $users = $users->skip($offset)->take($limit)->get();

@@ -359,11 +369,13 @@ class UsersController extends Controller
            $user->permissions = $permissions_array;
        }

-        $tmp_pass = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, 20);
+        $tmp_pass = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, 40);
        $user->password = bcrypt($request->get('password', $tmp_pass));

        app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'image', 'avatars', 'avatar');
-        
+
+        $user->customFill($request,Auth::user());
+
        if ($user->save()) {
            if ($request->filled('groups')) {
                $user->groups()->sync($request->input('groups'));
@@ -454,7 +466,9 @@ class UsersController extends Controller

        
        app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'image', 'avatars', 'avatar');
-          
+
+        $user->customFill($request,Auth::user());
+
        if ($user->save()) {

            // Sync group memberships:
@@ -101,7 +101,7 @@ class AssetMaintenancesController extends Controller
        $assetMaintenance = new AssetMaintenance();
        $assetMaintenance->supplier_id = $request->input('supplier_id');
        $assetMaintenance->is_warranty = $request->input('is_warranty');
-        $assetMaintenance->cost = Helper::ParseCurrency($request->input('cost'));
+        $assetMaintenance->cost = $request->input('cost');
        $assetMaintenance->notes = $request->input('notes');
        $asset = Asset::find($request->input('asset_id'));

@@ -211,7 +211,7 @@ class AssetMaintenancesController extends Controller

        $assetMaintenance->supplier_id = $request->input('supplier_id');
        $assetMaintenance->is_warranty = $request->input('is_warranty');
-        $assetMaintenance->cost =  Helper::ParseCurrency($request->input('cost'));
+        $assetMaintenance->cost =  $request->input('cost');
        $assetMaintenance->notes = $request->input('notes');

        $asset = Asset::find(request('asset_id'));
@@ -5,6 +5,7 @@ namespace App\Http\Controllers;
 use App\Helpers\Helper;
 use App\Http\Requests\ImageUploadRequest;
 use App\Models\AssetModel;
+use App\Models\DefaultValuesForCustomFields;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Input;
 use Illuminate\Support\Facades\View;
@@ -76,6 +77,7 @@ class AssetModelsController extends Controller
        $model->depreciation_id = $request->input('depreciation_id');
        $model->name = $request->input('name');
        $model->model_number = $request->input('model_number');
+        $model->min_amt = $request->input('min_amt');
        $model->manufacturer_id = $request->input('manufacturer_id');
        $model->category_id = $request->input('category_id');
        $model->notes = $request->input('notes');
@@ -153,12 +155,13 @@ class AssetModelsController extends Controller
        $model->eol = $request->input('eol');
        $model->name = $request->input('name');
        $model->model_number = $request->input('model_number');
+        $model->min_amt = $request->input('min_amt');
        $model->manufacturer_id = $request->input('manufacturer_id');
        $model->category_id = $request->input('category_id');
        $model->notes = $request->input('notes');
        $model->requestable = $request->input('requestable', '0');

-        $this->removeCustomFieldsDefaultValues($model);
+        DefaultValuesForCustomFields::forPivot($model, Asset::class)->delete();

        if ($request->input('fieldset_id') == '') {
            $model->fieldset_id = null;
@@ -286,6 +289,7 @@ class AssetModelsController extends Controller
        return view('models/edit')
            ->with('depreciation_list', Helper::depreciationList())
            ->with('item', $model)
+            ->with('model_id', $model_to_clone->id)
            ->with('clone_model', $model_to_clone);
    }

@@ -448,7 +452,7 @@ class AssetModelsController extends Controller
    }

    /**
-     * Adds default values to a model (as long as they are truthy)
+     * Adds default values to a model (as long as they are truthy) (does this mean I cannot set a default value of 0?)
     *
     * @param  AssetModel $model
     * @param  array      $defaultValues
@@ -483,22 +487,12 @@ class AssetModelsController extends Controller
        }

        foreach ($defaultValues as $customFieldId => $defaultValue) {
-            if(is_array($defaultValue)){
-                $model->defaultValues()->attach($customFieldId, ['default_value' => implode(', ', $defaultValue)]);
-            }elseif ($defaultValue) {
-                $model->defaultValues()->attach($customFieldId, ['default_value' => $defaultValue]);
+            if(is_array($defaultValue)) {
+                $defaultValue = implode(', ', $defaultValue);
            }
+            DefaultValuesForCustomFields::updateOrCreate(['custom_field_id' => $customFieldId,'item_pivot_id' => $model->id], ['default_value' => $defaultValue]);
        }
        return true;
    }

-    /**
-     * Removes all default values
-     *
-     * @return void
-     */
-    private function removeCustomFieldsDefaultValues(AssetModel $model)
-    {
-        $model->defaultValues()->detach();
-    }
 }
@@ -78,7 +78,7 @@ class AssetModelsFilesController extends Controller
     * @return View
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
-    public function show($modelId = null, $fileId = null, $download = true)
+    public function show($modelId = null, $fileId = null)
    {
        $model = AssetModel::find($modelId);
        // the asset is valid
@@ -99,12 +99,13 @@ class AssetModelsFilesController extends Controller
                    ->header('Content-Type', 'text/plain');
            }

-            if ($download != 'true') {
-                if ($contents = file_get_contents(Storage::url($file))) {
-                    return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
-                }
+            if (request('inline') == 'true') {

-                return JsonResponse::create(['error' => 'Failed validation: '], 500);
+                $headers = [
+                    'Content-Disposition' => 'inline',
+                ];
+
+                return Storage::download($file, $log->filename, $headers);
            }

            return StorageHelper::downloader($file);
@@ -68,6 +68,7 @@ class AssetCheckinController extends Controller

        $asset->expected_checkin = null;
        $asset->last_checkout = null;
+        $asset->last_checkin = now();
        $asset->assigned_to = null;
        $asset->assignedTo()->disassociate($asset);
        $asset->assigned_type = null;
@@ -94,18 +95,25 @@ class AssetCheckinController extends Controller
            \Log::debug('Manually override the location IDs');
            \Log::debug('Original Location ID: '.$asset->location_id);
            $asset->location_id = '';
-            \Log::debug('New RTD Location ID: '.$asset->location_id);
+            \Log::debug('New Location ID: '.$asset->location_id);
        }

        $asset->location_id = $asset->rtd_location_id;

        if ($request->filled('location_id')) {
            \Log::debug('NEW Location ID: '.$request->get('location_id'));
-            $asset->location_id = e($request->get('location_id'));
+            $asset->location_id = $request->get('location_id');
+
+            if ($request->get('update_default_location') == 0){
+                $asset->rtd_location_id = $request->get('location_id');
+            }
        }

+        $originalValues = $asset->getRawOriginal();
+
        $checkin_at = date('Y-m-d H:i:s');
        if (($request->filled('checkin_at')) && ($request->get('checkin_at') != date('Y-m-d'))) {
+            $originalValues['action_date'] = $checkin_at;
            $checkin_at = $request->get('checkin_at');
        }

@@ -128,7 +136,7 @@ class AssetCheckinController extends Controller

        // Was the asset updated?
        if ($asset->save()) {
-            event(new CheckoutableCheckedIn($asset, $target, Auth::user(), $request->input('note'), $checkin_at));
+            event(new CheckoutableCheckedIn($asset, $target, Auth::user(), $request->input('note'), $checkin_at, $originalValues));

            if ((isset($user)) && ($backto == 'user')) {
                return redirect()->route('users.show', $user->id)->with('success', trans('admin/hardware/message.checkin.success'));
@@ -89,6 +89,14 @@ class AssetCheckoutController extends Controller
                }
            }

+            $settings = \App\Models\Setting::getSettings();
+
+            if ($settings->full_multiple_companies_support){
+                if ($target->company_id != $asset->company_id){
+                    return redirect()->to("hardware/$assetId/checkout")->with('error', trans('general.error_user_company'));
+                }
+            }
+            
            if ($asset->checkOut($target, $admin, $checkout_at, $expected_checkin, e($request->get('note')), $request->get('name'))) {
                return redirect()->route('hardware.index')->with('success', trans('admin/hardware/message.checkout.success'));
            }
@@ -79,7 +79,7 @@ class AssetFilesController extends Controller
     * @return View
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
-    public function show($assetId = null, $fileId = null, $download = true)
+    public function show($assetId = null, $fileId = null)
    {
        $asset = Asset::find($assetId);
        // the asset is valid
@@ -103,12 +103,13 @@ class AssetFilesController extends Controller
                    ->header('Content-Type', 'text/plain');
            }

-            if ($download != 'true') {
-                if ($contents = file_get_contents(Storage::url($file))) {
-                    return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
-                }
+            if (request('inline') == 'true') {

-                return JsonResponse::create(['error' => 'Failed validation: '], 500);
+                $headers = [
+                    'Content-Disposition' => 'inline',
+                ];
+
+                return Storage::download($file, $log->filename, $headers);
            }

            return StorageHelper::downloader($file);
@@ -12,7 +12,9 @@ use App\Models\CheckoutRequest;
 use App\Models\Company;
 use App\Models\Location;
 use App\Models\Setting;
+use App\Models\Statuslabel;
 use App\Models\User;
+use App\View\Label;
 use Auth;
 use Carbon\Carbon;
 use DB;
@@ -140,9 +142,9 @@ class AssetsController extends Controller
            $asset->depreciate              = '0';
            $asset->status_id               = request('status_id');
            $asset->warranty_months         = request('warranty_months', null);
-            $asset->purchase_cost           = Helper::ParseCurrency($request->get('purchase_cost'));
+            $asset->purchase_cost           = request('purchase_cost');
            $asset->purchase_date           = request('purchase_date', null);
-            $asset->asset_eol_date          = request('asset_eol_date', null);
+            $asset->asset_eol_date          = request('asset_eol_date', $asset->present()->eol_date());
            $asset->assigned_to             = request('assigned_to', null);
            $asset->supplier_id             = request('supplier_id', null);
            $asset->requestable             = request('requestable', 0);
@@ -162,29 +164,7 @@ class AssetsController extends Controller
                $asset = $request->handleImages($asset);
            }

-            // Update custom fields in the database.
-            // Validation for these fields is handled through the AssetRequest form request
-            $model = AssetModel::find($request->get('model_id'));
-
-            if (($model) && ($model->fieldset)) {
-                foreach ($model->fieldset->fields as $field) {
-                    if ($field->field_encrypted == '1') {
-                        if (Gate::allows('admin')) {
-                            if (is_array($request->input($field->db_column))) {
-                                $asset->{$field->db_column} = \Crypt::encrypt(implode(', ', $request->input($field->db_column)));
-                            } else {
-                                $asset->{$field->db_column} = \Crypt::encrypt($request->input($field->db_column));
-                            }
-                        }
-                    } else {
-                        if (is_array($request->input($field->db_column))) {
-                            $asset->{$field->db_column} = implode(', ', $request->input($field->db_column));
-                        } else {
-                            $asset->{$field->db_column} = $request->input($field->db_column);
-                        }
-                    }
-                }
-            }
+            $asset->customFill($request, Auth::user()); // Update custom fields in the database.

            // Validate the asset before saving
            if ($asset->isValid() && $asset->save()) {
@@ -312,7 +292,7 @@ class AssetsController extends Controller

        $asset->status_id = $request->input('status_id', null);
        $asset->warranty_months = $request->input('warranty_months', null);
-        $asset->purchase_cost = Helper::ParseCurrency($request->input('purchase_cost', null));
+        $asset->purchase_cost = $request->input('purchase_cost', null);
        $asset->asset_eol_date  = request('asset_eol_date', null);

        $asset->purchase_date = $request->input('purchase_date', null);
@@ -324,6 +304,12 @@ class AssetsController extends Controller
        $asset->rtd_location_id = $request->input('rtd_location_id', null);
        $asset->byod = $request->input('byod', 0);

+        $status = Statuslabel::find($asset->status_id);
+
+        if($status->archived){
+            $asset->assigned_to = null;
+        }
+
        if ($asset->assigned_to == '') {
            $asset->location_id = $request->input('rtd_location_id', null);
        }
@@ -446,11 +432,12 @@ class AssetsController extends Controller
     * @since [v3.0]
     * @return Redirect
     */
-    public function getAssetByTag(Request $request)
+    public function getAssetByTag(Request $request, $tag=null)
    {
+        $tag = $tag ? $tag : $request->get('assetTag');
        $topsearch = ($request->get('topsearch') == 'true');

-        if (! $asset = Asset::where('asset_tag', '=', $request->get('assetTag'))->first()) {
+        if (! $asset = Asset::where('asset_tag', '=', $tag)->first()) {
            return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.does_not_exist'));
        }
        $this->authorize('view', $asset);
@@ -547,9 +534,11 @@ class AssetsController extends Controller
            $asset = Asset::find($assetId);
            $this->authorize('view', $asset);

-            return view('hardware/labels')
-                ->with('assets', Asset::find($asset))
+            return (new Label())
+                ->with('assets', collect([ $asset ]))
                ->with('settings', Setting::getSettings())
+                ->with('template', request()->get('template'))
+                ->with('offset', request()->get('offset'))
                ->with('bulkedit', false)
                ->with('count', 0);
        }
@@ -767,7 +756,7 @@ class AssetsController extends Controller
    }

    /**
-     * Retore a deleted asset.
+     * Restore a deleted asset.
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @param int $assetId
@@ -8,11 +8,13 @@ use App\Http\Controllers\CheckInOutRequest;
 use App\Http\Controllers\Controller;
 use App\Models\Asset;
 use App\Models\Setting;
+use App\View\Label;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Session;
 use App\Http\Requests\AssetCheckoutRequest;
+use App\Models\CustomField;

 class BulkAssetsController extends Controller
 {
@@ -29,8 +31,8 @@ class BulkAssetsController extends Controller
     */
    public function edit(Request $request)
    {
-        $this->authorize('update', Asset::class);
-
+        $this->authorize('view', Asset::class);
+      
        if (! $request->filled('ids')) {
            return redirect()->back()->with('error', trans('admin/hardware/message.update.no_assets_selected'));
        }
@@ -40,26 +42,59 @@ class BulkAssetsController extends Controller
        session(['bulk_back_url' => $bulk_back_url]);

        $asset_ids = array_values(array_unique($request->input('ids')));
+       
+        //custom fields logic
+        $asset_custom_field = Asset::with(['model.fieldset.fields', 'model'])->whereIn('id', $asset_ids)->whereHas('model', function ($query) {
+            return $query->where('fieldset_id', '!=', null);
+        })->get();
+
+        $models = $asset_custom_field->unique('model_id');  
+        $modelNames = [];
+        foreach($models as $model) {
+            $modelNames[] = $model->model->name;
+        } 

        if ($request->filled('bulk_actions')) {
            switch ($request->input('bulk_actions')) {
                case 'labels':
-                    return view('hardware/labels')
-                        ->with('assets', Asset::find($asset_ids))
+                    $this->authorize('view', Asset::class);
+                    $assets_found = Asset::find($asset_ids);
+                    
+                    if ($assets_found->isEmpty()){
+                        return redirect()->back();
+                    }
+
+                    return (new Label)
+                        ->with('assets', $assets_found)
                        ->with('settings', Setting::getSettings())
                        ->with('bulkedit', true)
                        ->with('count', 0);
+
                case 'delete':
+                    $this->authorize('delete', Asset::class);
                    $assets = Asset::with('assignedTo', 'location')->find($asset_ids);
                    $assets->each(function ($asset) {
                        $this->authorize('delete', $asset);
                    });

                    return view('hardware/bulk-delete')->with('assets', $assets);
+                   
+                case 'restore':
+                    $this->authorize('update', Asset::class);
+                    $assets = Asset::withTrashed()->find($asset_ids); 
+                    $assets->each(function ($asset) {
+                        $this->authorize('delete', $asset);
+                    });
+
+                    return view('hardware/bulk-restore')->with('assets', $assets);
+
                case 'edit':
+                    $this->authorize('update', Asset::class);
                    return view('hardware/bulk')
                        ->with('assets', $asset_ids)
-                        ->with('statuslabel_list', Helper::statusLabelList());
+                        ->with('statuslabel_list', Helper::statusLabelList())
+                        ->with('models', $models->pluck(['model'])) 
+                        ->with('modelNames', $modelNames);
            }
        }

@@ -77,6 +112,7 @@ class BulkAssetsController extends Controller
    public function update(Request $request)
    {
        $this->authorize('update', Asset::class);
+        $error_bag = [];

        // Get the back url from the session and then destroy the session
        $bulk_back_url = route('hardware.index');
@@ -85,12 +121,21 @@ class BulkAssetsController extends Controller
        }


-        if (! $request->filled('ids') || count($request->input('ids')) <= 0) {
+      $custom_field_columns = CustomField::all()->pluck('db_column')->toArray(); 
+     
+        if(Session::exists('ids')) {
+            $assets = Session::get('ids'); 
+        } elseif (! $request->filled('ids') || count($request->input('ids')) <= 0) {
            return redirect($bulk_back_url)->with('error', trans('admin/hardware/message.update.no_assets_selected'));
        }
-
+         
        $assets = array_keys($request->input('ids'));
-
+        
+       if ($request->anyFilled($custom_field_columns)) {
+           $custom_fields_present = true;
+         } else {
+           $custom_fields_present = false;
+         }
        if (($request->filled('purchase_date'))
            || ($request->filled('expected_checkin'))
            || ($request->filled('purchase_cost'))
@@ -106,6 +151,7 @@ class BulkAssetsController extends Controller
            || ($request->filled('null_purchase_date'))
            || ($request->filled('null_expected_checkin_date'))
            || ($request->filled('null_next_audit_date'))
+            || ($request->anyFilled($custom_field_columns))

        ) {
            foreach ($assets as $assetId) {
@@ -121,6 +167,9 @@ class BulkAssetsController extends Controller
                    ->conditionallyAddItem('supplier_id')
                    ->conditionallyAddItem('warranty_months')
                    ->conditionallyAddItem('next_audit_date');
+                    foreach ($custom_field_columns as $key => $custom_field_column) {
+                        $this->conditionallyAddItem($custom_field_column); 
+                   } 

                if ($request->input('null_purchase_date')=='1') {
                    $this->update_array['purchase_date'] = null;
@@ -135,7 +184,7 @@ class BulkAssetsController extends Controller
                }

                if ($request->filled('purchase_cost')) {
-                    $this->update_array['purchase_cost'] =  Helper::ParseCurrency($request->input('purchase_cost'));
+                    $this->update_array['purchase_cost'] =  $request->input('purchase_cost');
                }

                if ($request->filled('company_id')) {
@@ -153,11 +202,11 @@ class BulkAssetsController extends Controller
                }

                $changed = [];
-                $asset = Asset::where('id' ,$assetId)->get();
+                $assetCollection = Asset::where('id' ,$assetId)->get();

                foreach ($this->update_array as $key => $value) {
-                    if ($this->update_array[$key] != $asset->toArray()[0][$key]) {
-                        $changed[$key]['old'] = $asset->toArray()[0][$key];
+                    if ($this->update_array[$key] != $assetCollection->toArray()[0][$key]) {
+                        $changed[$key]['old'] = $assetCollection->toArray()[0][$key];
                        $changed[$key]['new'] = $this->update_array[$key];
                    }
                }
@@ -169,17 +218,47 @@ class BulkAssetsController extends Controller
                $logAction->user_id = Auth::id();
                $logAction->log_meta = json_encode($changed);
                $logAction->logaction('update');
-
-                DB::table('assets')
-                    ->where('id', $assetId)
-                    ->update($this->update_array);
-            } // endforeach
-
+ 
+                if($custom_fields_present) { 
+                    $asset = Asset::find($assetId); 
+                    $assetCustomFields = $asset->model()->first()->fieldset; 
+                    if($assetCustomFields && $assetCustomFields->fields) {
+                            foreach ($assetCustomFields->fields as $field) { 
+                                if (array_key_exists($field->db_column, $this->update_array)) {
+                                        $asset->{$field->db_column} = $this->update_array[$field->db_column]; 
+                                        $saved = $asset->save();    
+                                        if(!$saved) {
+                                            $error_bag[] = $asset->getErrors();
+                                        }
+                                        continue; 
+                                } else { 
+                                        $array = $this->update_array; 
+                                        array_except($array, $field->db_column); 
+                                        $asset->save($array); 
+                                    }     
+                                    if (!$asset->save()) {
+                                        $error_bag[] = $asset->getErrors();
+                                } 
+                    } 
+                }
+                } else {
+                    Asset::find($assetId)->update($this->update_array);
+                } 
+            } 
+            if(!empty($error_bag)) {
+                $errors = [];
+               //find the customfield name from the name of the messagebag items 
+                foreach ($error_bag as $key => $bag) {
+                  foreach($bag->keys() as $key => $value) {
+                        CustomField::where('db_column', $value)->get()->map(function($item) use (&$errors) {
+                            $errors[] = $item->name; 
+                        });
+                    }
+                }
+                return redirect($bulk_back_url)->with('bulk_errors', array_unique($errors));
+              }
            return redirect($bulk_back_url)->with('success', trans('admin/hardware/message.update.success'));
-
-
        }
-
        // no values given, nothing to update
        return redirect($bulk_back_url)->with('warning', trans('admin/hardware/message.update.nothing_updated'));
    }
@@ -320,5 +399,19 @@ class BulkAssetsController extends Controller
        } catch (ModelNotFoundException $e) {
            return redirect()->route('hardware.bulkcheckout.show')->with('error', $e->getErrors());
        }
+        
+    }
+    public function restore(Request $request) {
+        $this->authorize('update', Asset::class);
+       $assetIds = $request->get('ids');
+      if (empty($assetIds)) {
+          return redirect()->route('hardware.index')->with('error', trans('admin/hardware/message.restore.nothing_updated'));
+        } else {
+            foreach ($assetIds as $key => $assetId) {
+                    $asset = Asset::withTrashed()->find($assetId);
+                    $asset->restore(); 
+            } 
+        return redirect()->route('hardware.index')->with('success', trans('admin/hardware/message.restore.success'));
+        }
    }
 }
@@ -92,7 +92,7 @@ class BulkAssetModelsController extends Controller
            AssetModel::whereIn('id', $models_raw_array)->update($update_array);

            return redirect()->route('models.index')
-                ->with('success', trans('admin/models/message.bulkedit.success'));
+                ->with('success', trans_choice('admin/models/message.bulkedit.success', count($models_raw_array), ['model_count' => count($models_raw_array)]));
        }

        return redirect()->route('models.index')
@@ -60,6 +60,9 @@ final class CompaniesController extends Controller

        $company = new Company;
        $company->name = $request->input('name');
+        $company->phone = $request->input('phone');
+        $company->fax = $request->input('fax');
+        $company->email = $request->input('email');

        $company = $request->handleImages($company);

@@ -111,6 +114,9 @@ final class CompaniesController extends Controller
        $this->authorize('update', $company);

        $company->name = $request->input('name');
+        $company->phone = $request->input('phone');
+        $company->fax = $request->input('fax');
+        $company->email = $request->input('email');

        $company = $request->handleImages($company);

@@ -119,8 +125,7 @@ final class CompaniesController extends Controller
                ->with('success', trans('admin/companies/message.update.success'));
        }

-        return redirect()->route('companies.edit', ['company' => $companyId])
-            ->with('error', trans('admin/companies/message.update.error'));
+        return redirect()->back()->withInput()->withErrors($company->getErrors());
    }

    /**
@@ -33,6 +33,11 @@ class ComponentCheckoutController extends Controller
        }
        $this->authorize('checkout', $component);

+        // Make sure there is at least one available to checkout
+        if ($component->numRemaining() <= 0){
+            return redirect()->route('components.index')->with('error', trans('admin/components/message.checkout.unavailable'));
+        }
+
        return view('components/checkout', compact('component'));
    }

@@ -50,7 +55,7 @@ class ComponentCheckoutController extends Controller
    public function store(Request $request, $componentId)
    {
        // Check if the component exists
-        if (is_null($component = Component::find($componentId))) {
+        if (!$component = Component::find($componentId)) {
            // Redirect to the component management page with error
            return redirect()->route('components.index')->with('error', trans('admin/components/message.not_found'));
        }
@@ -58,9 +63,15 @@ class ComponentCheckoutController extends Controller
        $this->authorize('checkout', $component);

        $max_to_checkout = $component->numRemaining();
+
+        // Make sure there are at least the requested number of components available to checkout
+        if ($max_to_checkout < $request->get('assigned_qty')) {
+            return redirect()->back()->withInput()->with('error', trans('admin/components/message.checkout.unavailable', ['remaining' => $max_to_checkout, 'requested' => $request->get('assigned_qty')]));
+        }
+
        $validator = Validator::make($request->all(), [
-            'asset_id'          => 'required',
-            'assigned_qty'      => "required|numeric|between:1,$max_to_checkout",
+            'asset_id'          => 'required|exists:assets,id',
+            'assigned_qty'      => "required|numeric|min:1|digits_between:1,$max_to_checkout",
        ]);

        if ($validator->fails()) {
@@ -69,24 +80,17 @@ class ComponentCheckoutController extends Controller
                ->withInput();
        }

-        $admin_user = Auth::user();
-        $asset_id = e($request->input('asset_id'));
-
        // Check if the user exists
-        if (is_null($asset = Asset::find($asset_id))) {
-            // Redirect to the component management page with error
-            return redirect()->route('components.index')->with('error', trans('admin/components/message.asset_does_not_exist'));
-        }
+        $asset = Asset::find($request->input('asset_id'));

        // Update the component data
-        $component->asset_id = $asset_id;
-
+        $component->asset_id = $request->input('asset_id');
        $component->assets()->attach($component->id, [
            'component_id' => $component->id,
-            'user_id' => $admin_user->id,
+            'user_id' => Auth::user(),
            'created_at' => date('Y-m-d H:i:s'),
            'assigned_qty' => $request->input('assigned_qty'),
-            'asset_id' => $asset_id,
+            'asset_id' => $request->input('asset_id'),
            'note' => $request->input('note'),
        ]);

@@ -71,13 +71,14 @@ class ComponentsController extends Controller
        $component = new Component();
        $component->name                   = $request->input('name');
        $component->category_id            = $request->input('category_id');
+        $component->supplier_id            = $request->input('supplier_id');
        $component->location_id            = $request->input('location_id');
        $component->company_id             = Company::getIdForCurrentUser($request->input('company_id'));
        $component->order_number           = $request->input('order_number', null);
        $component->min_amt                = $request->input('min_amt', null);
        $component->serial                 = $request->input('serial', null);
        $component->purchase_date          = $request->input('purchase_date', null);
-        $component->purchase_cost          = Helper::ParseCurrency($request->input('purchase_cost', null));
+        $component->purchase_cost          = $request->input('purchase_cost', null);
        $component->qty                    = $request->input('qty');
        $component->user_id                = Auth::id();
        $component->notes                  = $request->input('notes');
@@ -145,13 +146,14 @@ class ComponentsController extends Controller
        // Update the component data
        $component->name                   = $request->input('name');
        $component->category_id            = $request->input('category_id');
+        $component->supplier_id            = $request->input('supplier_id');
        $component->location_id            = $request->input('location_id');
        $component->company_id             = Company::getIdForCurrentUser($request->input('company_id'));
        $component->order_number           = $request->input('order_number');
        $component->min_amt                = $request->input('min_amt');
        $component->serial                 = $request->input('serial');
        $component->purchase_date          = $request->input('purchase_date');
-        $component->purchase_cost          = Helper::ParseCurrency(request('purchase_cost'));
+        $component->purchase_cost          = request('purchase_cost');
        $component->qty                    = $request->input('qty');
        $component->notes                  = $request->input('notes');

@@ -132,7 +132,7 @@ class ComponentsFilesController extends Controller
     * @return \Symfony\Component\HttpFoundation\Response
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
-    public function show($componentId = null, $fileId = null, $download = true)
+    public function show($componentId = null, $fileId = null)
    {
        \Log::debug('Private filesystem is: '.config('filesystems.default'));
        $component = Component::find($componentId);
@@ -157,21 +157,17 @@ class ComponentsFilesController extends Controller
                    ->header('Content-Type', 'text/plain');
            } else {

+                // Display the file inline
+                if (request('inline') == 'true') {
+                    $headers = [
+                        'Content-Disposition' => 'inline',
+                    ];
+                    return Storage::download($file, $log->filename, $headers);
+                }
+
                if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
                    return StorageHelper::downloader($file);
-                } else {
-                    if ($download != 'true') {
-                        \Log::debug('display the file');
-                        if ($contents = file_get_contents(Storage::url($file))) { // TODO - this will fail on private S3 files or large public ones
-                            return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
-                        }
-
-                        return JsonResponse::create(['error' => 'Failed validation: '], 500);
-                    }
-
-                    return StorageHelper::downloader($file);
-
-                }
+                } 
            }
        }

@@ -24,9 +24,16 @@ class ConsumableCheckoutController extends Controller
     */
    public function create($consumableId)
    {
-        if (is_null($consumable = Consumable::find($consumableId))) {
+
+        if (is_null($consumable = Consumable::with('users')->find($consumableId))) {
            return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.does_not_exist'));
        }
+
+        // Make sure there is at least one available to checkout
+        if ($consumable->numRemaining() <= 0){
+            return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.checkout.unavailable'));
+        }
+
        $this->authorize('checkout', $consumable);

        return view('consumables/checkout', compact('consumable'));
@@ -44,12 +51,18 @@ class ConsumableCheckoutController extends Controller
     */
    public function store(Request $request, $consumableId)
    {
-        if (is_null($consumable = Consumable::find($consumableId))) {
+        if (is_null($consumable = Consumable::with('users')->find($consumableId))) {
            return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.not_found'));
        }

        $this->authorize('checkout', $consumable);

+        // Make sure there is at least one available to checkout
+        if ($consumable->numRemaining() <= 0) {
+            return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.checkout.unavailable'));
+        }
+
+
        $admin_user = Auth::user();
        $assigned_to = e($request->input('assigned_to'));

@@ -68,6 +68,7 @@ class ConsumablesController extends Controller
        $consumable = new Consumable();
        $consumable->name                   = $request->input('name');
        $consumable->category_id            = $request->input('category_id');
+        $consumable->supplier_id            = $request->input('supplier_id');
        $consumable->location_id            = $request->input('location_id');
        $consumable->company_id             = Company::getIdForCurrentUser($request->input('company_id'));
        $consumable->order_number           = $request->input('order_number');
@@ -76,7 +77,7 @@ class ConsumablesController extends Controller
        $consumable->model_number           = $request->input('model_number');
        $consumable->item_no                = $request->input('item_no');
        $consumable->purchase_date          = $request->input('purchase_date');
-        $consumable->purchase_cost          = Helper::ParseCurrency($request->input('purchase_cost'));
+        $consumable->purchase_cost          = $request->input('purchase_cost');
        $consumable->qty                    = $request->input('qty');
        $consumable->user_id                = Auth::id();
        $consumable->notes                  = $request->input('notes');
@@ -144,6 +145,7 @@ class ConsumablesController extends Controller

        $consumable->name                   = $request->input('name');
        $consumable->category_id            = $request->input('category_id');
+        $consumable->supplier_id            = $request->input('supplier_id');
        $consumable->location_id            = $request->input('location_id');
        $consumable->company_id             = Company::getIdForCurrentUser($request->input('company_id'));
        $consumable->order_number           = $request->input('order_number');
@@ -152,7 +154,7 @@ class ConsumablesController extends Controller
        $consumable->model_number           = $request->input('model_number');
        $consumable->item_no                = $request->input('item_no');
        $consumable->purchase_date          = $request->input('purchase_date');
-        $consumable->purchase_cost          = Helper::ParseCurrency($request->input('purchase_cost'));
+        $consumable->purchase_cost          = $request->input('purchase_cost');
        $consumable->qty                    = Helper::ParseFloat($request->input('qty'));
        $consumable->notes                  = $request->input('notes');

@@ -131,7 +131,7 @@ class ConsumablesFilesController extends Controller
     * @return \Symfony\Consumable\HttpFoundation\Response
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
-    public function show($consumableId = null, $fileId = null, $download = true)
+    public function show($consumableId = null, $fileId = null)
    {
        $consumable = Consumable::find($consumableId);

@@ -155,22 +155,19 @@ class ConsumablesFilesController extends Controller
                    ->header('Content-Type', 'text/plain');
            } else {

+                // Display the file inline
+                if (request('inline') == 'true') {
+                    $headers = [
+                        'Content-Disposition' => 'inline',
+                    ];
+                    return Storage::download($file, $log->filename, $headers);
+                }
+
+
                // We have to override the URL stuff here, since local defaults in Laravel's Flysystem
                // won't work, as they're not accessible via the web
                if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
                    return StorageHelper::downloader($file);
-                } else {
-                    if ($download != 'true') {
-                        \Log::debug('display the file');
-                        if ($contents = file_get_contents(Storage::url($file))) { // TODO - this will fail on private S3 files or large public ones
-                            return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
-                        }
-
-                        return JsonResponse::create(['error' => 'Failed validation: '], 500);
-                    }
-
-                    return StorageHelper::downloader($file);
-
                }
            }
        }
@@ -9,11 +9,11 @@
 *
 * **THIS DOCUMENTATION DOES NOT COVER INSTALLATION.** If you're here and you're not a
 * developer, you're probably in the wrong place. Please see the
- * [Installation documentation](http://docs.snipeitapp.com) for
+ * [Installation documentation](https://snipe-it.readme.io) for
 * information on how to install Snipe-IT.
 *
 * To learn how to set up a development environment and get started developing for Snipe-IT,
- * please see the [contributing documentation](http://docs.snipeitapp.com/contributing.html).
+ * please see the [contributing documentation](https://snipe-it.readme.io/docs/contributing-overview).
 *
 * Only the Snipe-IT specific controllers, models, helpers, service providers,
 * etc have been included in this documentation (excluding vendors, Laravel core, etc)
@@ -6,9 +6,12 @@ use App\Helpers\Helper;
 use App\Http\Requests\CustomFieldRequest;
 use App\Models\CustomField;
 use App\Models\CustomFieldset;
+use App\Models\User;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Http\Request;
 use Redirect;

+
 /**
 * This controller handles all actions related to Custom Asset Fields for
 * the Snipe-IT Asset Management application.
@@ -20,6 +23,7 @@ use Redirect;
 */
 class CustomFieldsController extends Controller
 {
+
    /**
     * Returns a view with a listing of custom fields.
     *
@@ -28,12 +32,16 @@ class CustomFieldsController extends Controller
     * @return \Illuminate\Support\Facades\View
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
-    public function index()
+    public function index(Request $request)
    {
        $this->authorize('view', CustomField::class);
+        if ( $request->input('tab') == 1 ) {
+            // Users section, make sure to auto-create the first fieldset if so
+            CustomFieldset::firstOrCreate(['type' => Helper::$itemtypes_having_custom_fields[1]], ['name' => 'default']);
+        }

-        $fieldsets = CustomFieldset::with('fields', 'models')->get();
-        $fields = CustomField::with('fieldset')->get();
+        $fieldsets = CustomFieldset::with('fields')->where("type", Helper::$itemtypes_having_custom_fields[$request->get('tab',0)])->get(); //cannot eager-load 'customizable' because it's not a relation
+        $fields = CustomField::with('fieldset')->where("type", Helper::$itemtypes_having_custom_fields[$request->get('tab',0)])->get();

        return view('custom_fields.index')->with('custom_fieldsets', $fieldsets)->with('custom_fields', $fields);
    }
@@ -45,7 +53,7 @@ class CustomFieldsController extends Controller
     * @see CustomFieldsController::storeField()
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v5.1.5]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
    public function show()
@@ -63,14 +71,17 @@ class CustomFieldsController extends Controller
     * @return \Illuminate\Support\Facades\View
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
-    public function create()
+    public function create(Request $request)
    {
        $this->authorize('create', CustomField::class);
+        $fieldsets = CustomFieldset::where('type', Helper::$itemtypes_having_custom_fields[$request->get('tab')])->get();

        return view('custom_fields.fields.edit', [
            'predefinedFormats' => Helper::predefined_formats(),
-        'customFormat' => '',
-        ])->with('field', new CustomField());
+            'customFormat' => '',
+            'fieldsets' => $fieldsets,
+            'field' => new CustomField(),
+        ]);
    }

    /**
@@ -79,7 +90,7 @@ class CustomFieldsController extends Controller
     * @see CustomFieldsController::createField()
     * @author [Brady Wetherington] [<uberbrady@gmail.com>]
     * @since [v1.8]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
    public function store(CustomFieldRequest $request)
@@ -104,8 +115,12 @@ class CustomFieldsController extends Controller
            "show_in_email" => $show_in_email,
            "is_unique" => $request->get("is_unique", 0),
            "display_in_user_view" => $display_in_user_view,
-            "user_id" => Auth::id()
+            "auto_add_to_fieldsets" => $request->get("auto_add_to_fieldsets", 0),
+            "show_in_listview" => $request->get("show_in_listview", 0),
+            "user_id" => Auth::id(),
        ]);
+        // not mass-assignable; must be manual
+        $field->type = Helper::$itemtypes_having_custom_fields[$request->get('tab')];


        if ($request->filled('custom_format')) {
@@ -115,10 +130,23 @@ class CustomFieldsController extends Controller
        }

        if ($field->save()) {
-            return redirect()->route('fields.index')->with('success', trans('admin/custom_fields/message.field.create.success'));
+
+            // Sync fields with fieldsets
+            $fieldset_array = $request->input('associate_fieldsets');
+            if ($request->get('tab') == 1 ) {
+                $fieldset_array = [CustomFieldset::firstOrCreate(['type' => User::class],['name' => 'default'])->id => true];
+            }
+            if (($request->has('associate_fieldsets') || $request->get('tab') == 1) && (is_array($fieldset_array))) {
+                $field->fieldset()->sync(array_keys($fieldset_array));
+            } else {
+                $field->fieldset()->sync([]);
+            }
+
+
+            return redirect()->route('fields.index',['tab' => $request->get('tab',0)])->with('success', trans('admin/custom_fields/message.field.create.success'));
        }

-        return redirect()->back()->withInput()
+        return redirect()->back()->with('selected_fieldsets', $request->input('associate_fieldsets'))->withInput()
            ->with('error', trans('admin/custom_fields/message.field.create.error'));
    }

@@ -128,7 +156,7 @@ class CustomFieldsController extends Controller
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v3.0]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
    public function deleteFieldFromFieldset($field_id, $fieldset_id)
@@ -147,8 +175,7 @@ class CustomFieldsController extends Controller
                ->with('success', trans('admin/custom_fields/message.field.delete.success'));
            } else {
                return redirect()->back()->withErrors(['message' => "Field is in use and cannot be deleted."]);
-            }  
-
+            }
        }

        return redirect()->back()->withErrors(['message' => "Error deleting field from fieldset"]);
@@ -161,7 +188,7 @@ class CustomFieldsController extends Controller
     *
     * @author [Brady Wetherington] [<uberbrady@gmail.com>]
     * @since [v1.8]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
    public function destroy($field_id)
@@ -169,12 +196,17 @@ class CustomFieldsController extends Controller
        if ($field = CustomField::find($field_id)) {
            $this->authorize('delete', $field);

+            if ($field->type == User::class) {
+                $field->fieldset()->detach(); // remove from 'default' group (and others, if they exist in the future!)
+            }
            if (($field->fieldset) && ($field->fieldset->count() > 0)) {
                return redirect()->back()->withErrors(['message' => 'Field is in-use']);
            }
+            $type = $field->type;
            $field->delete();
-            return redirect()->route("fields.index")
-                ->with("success", trans('admin/custom_fields/message.field.delete.success'));
+            return redirect()->route('fields.index',['tab' => array_search($type, Helper::$itemtypes_having_custom_fields)])
+
+                ->with('success', trans('admin/custom_fields/message.field.delete.success'));
        }

        return redirect()->back()->withErrors(['message' => 'Field does not exist']);
@@ -190,12 +222,12 @@ class CustomFieldsController extends Controller
     * @return \Illuminate\Support\Facades\View
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
-    public function edit($id)
+    public function edit(Request $request, $id)
    {
        if ($field = CustomField::find($id)) {

        $this->authorize('update', $field);
-
+        $fieldsets = CustomFieldset::get();
        $customFormat = '';
        if ((stripos($field->format, 'regex') === 0) && ($field->format !== CustomField::PREDEFINED_FORMATS['MAC'])) {
            $customFormat = $field->format;
@@ -204,6 +236,7 @@ class CustomFieldsController extends Controller
        return view('custom_fields.fields.edit', [
            'field'             => $field,
            'customFormat'      => $customFormat,
+            'fieldsets'         => $fieldsets,
            'predefinedFormats' => Helper::predefined_formats(),
        ]);
        } 
@@ -222,7 +255,7 @@ class CustomFieldsController extends Controller
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @param  int $id
     * @since [v4.0]
-     * @return Redirect
+     * @return \Illuminate\Http\RedirectResponse
     * @throws \Illuminate\Auth\Access\AuthorizationException
     */
    public function update(CustomFieldRequest $request, $id)
@@ -249,6 +282,8 @@ class CustomFieldsController extends Controller
        $field->show_in_email = $show_in_email;
        $field->is_unique     = $request->get("is_unique", 0);
        $field->display_in_user_view = $display_in_user_view;
+        $field->auto_add_to_fieldsets = $request->get("auto_add_to_fieldsets", 0);
+        $field->show_in_listview = $request->get("show_in_listview", 0);

        if ($request->get('format') == 'CUSTOM REGEX') {
            $field->format = e($request->get('custom_format'));
@@ -256,12 +291,22 @@ class CustomFieldsController extends Controller
            $field->format = e($request->get('format'));
        }

-        if($field->element == 'checkbox' || $field->element == 'radio'){
+        if ($field->element == 'checkbox' || $field->element == 'radio'){
            $field->format = 'ANY';
        }

        if ($field->save()) {
-            return redirect()->route('fields.index')->with('success', trans('admin/custom_fields/message.field.update.success'));
+
+
+            // Sync fields with fieldsets
+            $fieldset_array = $request->input('associate_fieldsets');
+            if ($request->has('associate_fieldsets') && (is_array($fieldset_array))) {
+                $field->fieldset()->sync(array_keys($fieldset_array));
+            } else {
+                $field->fieldset()->sync([]);
+            }
+
+            return redirect()->route('fields.index',['tab' => $request->get('tab',0)])->with('success', trans('admin/custom_fields/message.field.update.success'));
        }

        return redirect()->back()->withInput()->with('error', trans('admin/custom_fields/message.field.update.error'));
@@ -2,6 +2,7 @@

 namespace App\Http\Controllers;

+use App\Helpers\Helper;
 use App\Models\AssetModel;
 use App\Models\CustomField;
 use App\Models\CustomFieldset;
@@ -38,7 +39,7 @@ class CustomFieldsetsController extends Controller
     * @throws \Illuminate\Auth\Access\AuthorizationException
     * @since [v1.8]
     */
-    public function show($id)
+    public function show( $id)
    {
        $cfset = CustomFieldset::with('fields')
            ->where('id', '=', $id)->orderBy('id', 'ASC')->first();
@@ -46,7 +47,7 @@ class CustomFieldsetsController extends Controller
        $this->authorize('view', $cfset);

        if ($cfset) {
-            $custom_fields_list = ['' => 'Add New Field to Fieldset'] + CustomField::pluck('name', 'id')->toArray();
+            $custom_fields_list = ['' => 'Add New Field to Fieldset'] + CustomField::where('type', $cfset->type)->pluck('name', 'id')->toArray();

            $maxid = 0;
            foreach ($cfset->fields as $field) {
@@ -93,16 +94,29 @@ class CustomFieldsetsController extends Controller
    {
        $this->authorize('create', CustomField::class);

-        $cfset = new CustomFieldset([
-                'name' => e($request->get('name')),
+        $fieldset = new CustomFieldset([
+                'name' => $request->get('name'),
                'user_id' => Auth::user()->id,
+                'type' => Helper::$itemtypes_having_custom_fields[$request->get('tab')]
+//                'sub' =>
        ]);

-        $validator = Validator::make($request->all(), $cfset->rules);
-        if ($validator->passes()) {
-            $cfset->save();
+        $validator = Validator::make($request->all(), $fieldset->rules);

-            return redirect()->route('fieldsets.show', [$cfset->id])
+        if ($validator->passes()) {
+            $fieldset->save();
+
+            // Sync fieldset with auto_add_to_fieldsets
+            $fields = CustomField::select('id')->where('auto_add_to_fieldsets', '=', '1')->get();
+            if ($fields->count() > 0) {
+                foreach ($fields as $field) {
+                    $field_ids[] = $field->id;
+                }
+
+                $fieldset->fields()->sync($field_ids);
+            }
+
+            return redirect()->route('fieldsets.show', [$fieldset->id])
                ->with('success', trans('admin/custom_fields/message.fieldset.create.success'));
        }

@@ -170,6 +170,8 @@ class DepartmentsController extends Controller
        $department->manager_id = ($request->filled('manager_id') ? $request->input('manager_id') : null);
        $department->location_id = ($request->filled('location_id') ? $request->input('location_id') : null);
        $department->company_id = ($request->filled('company_id') ? $request->input('company_id') : null);
+        $department->phone = $request->input('phone');
+        $department->fax = $request->input('fax');

        $department = $request->handleImages($department);

@@ -0,0 +1,74 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\Request;
+use App\Models\User;
+use Illuminate\Support\Facades\Auth;
+use Laravel\Socialite\Facades\Socialite;
+use Laravel\Socialite\Two\InvalidStateException;
+use App\Models\Setting;
+
+
+class GoogleAuthController extends Controller
+{
+    /**
+     * We need this constructor so that we override the socialite expected config variables,
+     * since we want to allow this to be changed via database fields
+     */
+    public function __construct()
+    {
+        parent::__construct();
+        $setting = Setting::getSettings();
+        config(['services.google.redirect' => config('app.url').'/google/callback']);
+        config(['services.google.client_id' => $setting->google_client_id]);
+        config(['services.google.client_secret' => $setting->google_client_secret]);
+    }
+
+    public function redirectToGoogle()
+    {
+        return Socialite::driver('google')->redirect();
+    }
+
+    public function handleGoogleCallback()
+    {
+        try {
+            $socialUser = Socialite::driver('google')->user();
+            \Log::debug('Google user found in Google Workspace');
+        } catch (InvalidStateException $exception) {
+            \Log::debug('Google user NOT found in Google Workspace');
+            return redirect()->route('login')
+                ->withErrors(
+                    [
+                        'username' => [
+                           trans('auth/general.google_login_failed')
+                        ],
+                    ]
+                );
+        }
+
+
+        $user = User::where('username', $socialUser->getEmail())->first();
+
+
+        if ($user) {
+            \Log::debug('Google user '.$socialUser->getEmail().' found in Snipe-IT');
+            $user->update([
+                'avatar'   => $socialUser->avatar,
+            ]);
+
+            Auth::login($user, true);
+            return redirect()->route('home');
+        }
+
+        \Log::debug('Google user '.$socialUser->getEmail().' NOT found in Snipe-IT');
+        return redirect()->route('login')
+            ->withErrors(
+                [
+                    'username' => [
+                        trans('auth/general.google_login_failed'),
+                    ],
+                ]
+            );
+    }
+}
@@ -92,7 +92,7 @@ class GroupsController extends Controller
            return view('groups.edit', compact('group', 'permissions', 'selected_array', 'groupPermissions'));
        }

-        return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found'));
+        return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', ['id' => $id]));
    }

    /**
@@ -107,7 +107,7 @@ class GroupsController extends Controller
    public function update(Request $request, $id = null)
    {
        if (! $group = Group::find($id)) {
-            return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', compact('id')));
+            return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', ['id' => $id]));
        }
        $group->name = $request->input('name');
        $group->permissions = json_encode($request->input('permission'));
@@ -133,14 +133,13 @@ class GroupsController extends Controller
     * @return \Illuminate\Http\RedirectResponse
     * @throws \Exception
     */
-    public function destroy($id = null)
+    public function destroy($id)
    {
        if (! config('app.lock_passwords')) {
            if (! $group = Group::find($id)) {
-                return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', compact('id')));
+                return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', ['id' => $id]));
            }
            $group->delete();
-            // Redirect to the group management page
            return redirect()->route('groups.index')->with('success', trans('admin/groups/message.success.delete'));
        }

@@ -164,6 +163,6 @@ class GroupsController extends Controller
            return view('groups/view', compact('group'));
        }

-        return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', compact('id')));
+        return redirect()->route('groups.index')->with('error', trans('admin/groups/message.group_not_found', ['id' => $id]));
    }
 }
@@ -0,0 +1,77 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Models\Asset;
+use App\Models\AssetModel;
+use App\Models\Category;
+use App\Models\Company;
+use App\Models\Labels\Label;
+use App\Models\Manufacturer;
+use App\Models\Setting;
+use App\Models\User;
+use App\View\Label as LabelView;
+use Illuminate\Support\Facades\Storage;
+
+class LabelsController extends Controller
+{
+    /**
+     * Returns the Label view with test data
+     *
+     * @author Grant Le Roux <grant.leroux+snipe-it@gmail.com>
+     * @param  string  $labelName
+     * @return \Illuminate\Contracts\View\View
+     */
+    public function show(string $labelName)
+    {
+        $labelName = str_replace('/', '\\', $labelName);
+        $template = Label::find($labelName);
+
+        $exampleAsset = new Asset();
+
+        $exampleAsset->id = 999999;
+        $exampleAsset->name = 'JEN-867-5309';
+        $exampleAsset->asset_tag = 'TCA-00001';
+        $exampleAsset->serial = 'SN9876543210';
+
+        $exampleAsset->company = new Company();
+        $exampleAsset->company->id = 999999;
+        $exampleAsset->company->name = 'Test Company Limited';
+        $exampleAsset->company->image = 'company-image-test.png';
+
+        $exampleAsset->assignedto = new User();
+        $exampleAsset->assignedto->id = 999999;
+        $exampleAsset->assignedto->first_name = 'Test';
+        $exampleAsset->assignedto->last_name = 'Person';
+        $exampleAsset->assignedto->username = 'Test.Person';
+        $exampleAsset->assignedto->employee_num = '0123456789';
+
+        $exampleAsset->model = new AssetModel();
+        $exampleAsset->model->id = 999999;
+        $exampleAsset->model->name = 'Test Model';
+        $exampleAsset->model->model_number = 'MDL5678';
+        $exampleAsset->model->manufacturer = new Manufacturer();
+        $exampleAsset->model->manufacturer->id = 999999;
+        $exampleAsset->model->manufacturer->name = 'Test Manufacturing Inc.';
+        $exampleAsset->model->category = new Category();
+        $exampleAsset->model->category->id = 999999;
+        $exampleAsset->model->category->name = 'Test Category';
+
+        $settings = Setting::getSettings();
+        if (request()->has('settings')) {
+            $overrides = request()->get('settings');
+            foreach ($overrides as $key => $value) {
+                $settings->$key = $value;
+            }
+        }
+
+        return (new LabelView())
+            ->with('assets', collect([$exampleAsset]))
+            ->with('settings', $settings)
+            ->with('template', $template)
+            ->with('bulkedit', false)
+            ->with('count', 0);
+
+        return redirect()->route('home')->with('error', trans('admin/labels/message.does_not_exist'));
+    }
+}
@@ -112,4 +112,54 @@ class LicenseCheckinController extends Controller
        // Redirect to the license page with error
        return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.checkin.error'));
    }
+
+    /**
+     * Bulk checkin all license seats
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @see LicenseCheckinController::create() method that provides the form view
+     * @since [v6.1.1]
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+
+    public function bulkCheckin(Request $request, $licenseId) {
+
+        $license = License::findOrFail($licenseId);
+        $this->authorize('checkin', $license);
+
+        $licenseSeatsByUser = LicenseSeat::where('license_id', '=', $licenseId)
+            ->whereNotNull('assigned_to')
+            ->with('user')
+            ->get();
+
+        foreach ($licenseSeatsByUser as $user_seat) {
+            $user_seat->assigned_to = null;
+
+            if ($user_seat->save()) {
+                \Log::debug('Checking in '.$license->name.' from user '.$user_seat->username);
+                $user_seat->logCheckin($user_seat->user, trans('admin/licenses/general.bulk.checkin_all.log_msg'));
+            }
+        }
+
+        $licenseSeatsByAsset = LicenseSeat::where('license_id', '=', $licenseId)
+            ->whereNotNull('asset_id')
+            ->with('asset')
+            ->get();
+
+        $count = 0;
+        foreach ($licenseSeatsByAsset as $asset_seat) {
+            $asset_seat->asset_id = null;
+
+            if ($asset_seat->save()) {
+                \Log::debug('Checking in '.$license->name.' from asset '.$asset_seat->asset_tag);
+                $asset_seat->logCheckin($asset_seat->asset, trans('admin/licenses/general.bulk.checkin_all.log_msg'));
+                $count++;
+            }
+        }
+
+        return redirect()->back()->with('success', trans_choice('admin/licenses/general.bulk.checkin_all.success', 2, ['count' => $count] ));
+
+    }
+
 }
@@ -30,15 +30,17 @@ class LicenseCheckoutController extends Controller
        // Check that the license is valid
        if ($license = License::find($licenseId)) {

+            $this->authorize('checkout', $license);
            // If the license is valid, check that there is an available seat
            if ($license->avail_seats_count < 1) {
                return redirect()->route('licenses.index')->with('error', 'There are no available seats for this license');
            }
+            return view('licenses/checkout', compact('license'));
        }

-        $this->authorize('checkout', $license);
+        return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.not_found'));
+

-        return view('licenses/checkout', compact('license'));
    }

    /**
@@ -126,4 +128,70 @@ class LicenseCheckoutController extends Controller

        return false;
    }
+
+    /**
+     * Bulk checkin all license seats
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @see LicenseCheckinController::create() method that provides the form view
+     * @since [v6.1.1]
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+
+    public function bulkCheckout($licenseId) {
+
+        \Log::debug('Checking out '.$licenseId.' via bulk');
+        $license = License::findOrFail($licenseId);
+        $this->authorize('checkin', $license);
+        $avail_count = $license->getAvailSeatsCountAttribute();
+
+        $users = User::whereNull('deleted_at')->where('autoassign_licenses', '=', 1)->with('licenses')->get();
+        \Log::debug($avail_count.' will be assigned');
+
+        if ($users->count() > $avail_count) {
+            \Log::debug('You do not have enough free seats to complete this task, so we will check out as many as we can. ');
+        }
+
+        // If the license is valid, check that there is an available seat
+        if ($license->availCount()->count() < 1) {
+            return redirect()->back()->with('error', trans('admin/licenses/general.bulk.checkout_all.error_no_seats'));
+        }
+
+
+        $assigned_count = 0;
+
+        foreach ($users as $user) {
+
+            // Check to make sure this user doesn't already have this license checked out to them
+            if ($user->licenses->where('id', '=', $licenseId)->count()) {
+                \Log::debug($user->username.' already has this license checked out to them. Skipping... ');
+                continue;
+            }
+
+            $licenseSeat = $license->freeSeat();
+
+            // Update the seat with checkout info
+            $licenseSeat->assigned_to = $user->id;
+
+            if ($licenseSeat->save()) {
+                $avail_count--;
+                $assigned_count++;
+                $licenseSeat->logCheckout(trans('admin/licenses/general.bulk.checkout_all.log_msg'), $user);
+                \Log::debug('License '.$license->name.' seat '.$licenseSeat->id.' checked out to '.$user->username);
+            }
+
+            if ($avail_count ==  0) {
+                return redirect()->back()->with('warning', trans('admin/licenses/general.bulk.checkout_all.warn_not_enough_seats', ['count' => $assigned_count]));
+            }
+        }
+
+        if ($assigned_count ==  0) {
+            return redirect()->back()->with('warning', trans('admin/licenses/general.bulk.checkout_all.warn_no_avail_users', ['count' => $assigned_count]));
+        }
+
+        return redirect()->back()->with('success', trans_choice('admin/licenses/general.bulk.checkout_all.success', 2, ['count' => $assigned_count] ));
+
+
+    }
 }
@@ -152,21 +152,19 @@ class LicenseFilesController extends Controller
                    ->header('Content-Type', 'text/plain');
            } else {

+                if (request('inline') == 'true') {
+
+                    $headers = [
+                        'Content-Disposition' => 'inline',
+                    ];
+
+                    return Storage::download($file, $log->filename, $headers);
+                }
+
                // We have to override the URL stuff here, since local defaults in Laravel's Flysystem
                // won't work, as they're not accessible via the web
                if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
                    return StorageHelper::downloader($file);
-                } else {
-                    if ($download != 'true') {
-                        \Log::debug('display the file');
-                        if ($contents = file_get_contents(Storage::url($file))) { // TODO - this will fail on private S3 files or large public ones
-                            return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
-                        }
-
-                        return JsonResponse::create(['error' => 'Failed validation: '], 500);
-                    }
-
-                    return StorageHelper::downloader($file);

                }
            }
@@ -6,6 +6,8 @@ use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Models\Company;
 use App\Models\License;
+use App\Models\LicenseSeat;
+use App\Models\User;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
@@ -86,7 +88,7 @@ class LicensesController extends Controller
        $license->name              = $request->input('name');
        $license->notes             = $request->input('notes');
        $license->order_number      = $request->input('order_number');
-        $license->purchase_cost     = Helper::ParseCurrency($request->input('purchase_cost'));
+        $license->purchase_cost     = $request->input('purchase_cost');
        $license->purchase_date     = $request->input('purchase_date');
        $license->purchase_order    = $request->input('purchase_order');
        $license->purchase_order    = $request->input('purchase_order');
@@ -164,7 +166,7 @@ class LicensesController extends Controller
        $license->name              = $request->input('name');
        $license->notes             = $request->input('notes');
        $license->order_number      = $request->input('order_number');
-        $license->purchase_cost     = Helper::ParseCurrency($request->input('purchase_cost'));
+        $license->purchase_cost     = $request->input('purchase_cost');
        $license->purchase_date     = $request->input('purchase_date');
        $license->purchase_order    = $request->input('purchase_order');
        $license->reassignable      = $request->input('reassignable', 0);
@@ -205,7 +207,7 @@ class LicensesController extends Controller
        if ($license->assigned_seats_count == 0) {
            // Delete the license and the associated license seats
            DB::table('license_seats')
-                ->where('id', $license->id)
+                ->where('license_id', $license->id)
                ->update(['assigned_to' => null, 'asset_id' => null]);

            $licenseSeats = $license->licenseseats();
@@ -233,16 +235,40 @@ class LicensesController extends Controller
    {
        $license = License::with('assignedusers')->find($licenseId);

-        if ($license) {
-            $this->authorize('view', $license);
-
-            return view('licenses/view', compact('license'));
+        if (!$license) {
+            return redirect()->route('licenses.index')
+            ->with('error', trans('admin/licenses/message.does_not_exist'));
        }

-        return redirect()->route('licenses.index')
-            ->with('error', trans('admin/licenses/message.does_not_exist'));
+        $users_count = User::where('autoassign_licenses', '1')->count();
+        $total_seats_count = $license->totalSeatsByLicenseID();
+        $available_seats_count = $license->availCount()->count();
+        $checkedout_seats_count = ($total_seats_count - $available_seats_count);
+
+        \Log::debug('Total: '.$total_seats_count);
+        \Log::debug('Users: '.$users_count);
+        \Log::debug('Available: '.$available_seats_count);
+        \Log::debug('Checkedout: '.$checkedout_seats_count);
+
+
+        $this->authorize('view', $license);
+        return view('licenses.view', compact('license'))
+            ->with('users_count', $users_count)
+            ->with('total_seats_count', $total_seats_count)
+            ->with('available_seats_count', $available_seats_count)
+            ->with('checkedout_seats_count', $checkedout_seats_count);
+
    }

+
+    /**
+     * Returns a view with prepopulated data for clone
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param int $licenseId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
    public function getClone($licenseId = null)
    {
        if (is_null($license_to_clone = License::find($licenseId))) {
@@ -79,6 +79,8 @@ class LocationsController extends Controller
        $location->ldap_ou = $request->input('ldap_ou');
        $location->manager_id = $request->input('manager_id');
        $location->user_id = Auth::id();
+        $location->phone = request('phone');
+        $location->fax = request('fax');

        $location = $request->handleImages($location);

@@ -139,6 +141,8 @@ class LocationsController extends Controller
        $location->state = $request->input('state');
        $location->country = $request->input('country');
        $location->zip = $request->input('zip');
+        $location->phone = request('phone');
+        $location->fax = request('fax');
        $location->ldap_ou = $request->input('ldap_ou');
        $location->manager_id = $request->input('manager_id');

@@ -68,6 +68,7 @@ class ManufacturersController extends Controller
        $manufacturer->user_id = Auth::id();
        $manufacturer->url = $request->input('url');
        $manufacturer->support_url = $request->input('support_url');
+        $manufacturer->warranty_lookup_url = $request->input('warranty_lookup_url');
        $manufacturer->support_phone = $request->input('support_phone');
        $manufacturer->support_email = $request->input('support_email');
        $manufacturer = $request->handleImages($manufacturer);
@@ -123,10 +124,11 @@ class ManufacturersController extends Controller
            return redirect()->route('manufacturers.index')->with('error', trans('admin/manufacturers/message.does_not_exist'));
        }

-        // Save the  data
+        // Save the data
        $manufacturer->name = $request->input('name');
        $manufacturer->url = $request->input('url');
        $manufacturer->support_url = $request->input('support_url');
+        $manufacturer->warranty_lookup_url = $request->input('warranty_lookup_url');
        $manufacturer->support_phone = $request->input('support_phone');
        $manufacturer->support_email = $request->input('support_email');

@@ -501,7 +501,6 @@ class ReportsController extends Controller
                $header[] = trans('general.zip');
            }

-
            if ($request->filled('assigned_to')) {
                $header[] = trans('admin/hardware/table.checkoutto');
                $header[] = trans('general.type');
@@ -532,19 +531,24 @@ class ReportsController extends Controller
            }

            if ($request->filled('warranty')) {
-                $header[] = 'Warranty';
-                $header[] = 'Warranty Expires';
+                $header[] = trans('admin/hardware/form.warranty');
+                $header[] = trans('admin/hardware/form.warranty_expires');
            }
+
            if ($request->filled('depreciation')) {
-                $header[] = 'Value';
-                $header[] = 'Diff';
-                $header[] = 'Fully Depreciated';
+                $header[] = trans('admin/hardware/table.book_value');
+                $header[] = trans('admin/hardware/table.diff');
+                $header[] = trans('admin/hardware/form.fully_depreciated');
            }

            if ($request->filled('checkout_date')) {
                $header[] = trans('admin/hardware/table.checkout_date');
            }

+            if ($request->filled('checkin_date')) {
+                $header[] = trans('admin/hardware/table.last_checkin_date');
+            }
+
            if ($request->filled('expected_checkin')) {
                $header[] = trans('admin/hardware/form.expected_checkin');
            }
@@ -590,28 +594,28 @@ class ReportsController extends Controller
            $executionTime = microtime(true) - $_SERVER['REQUEST_TIME_FLOAT'];
            \Log::debug('Added headers: '.$executionTime);

-            $assets = \App\Models\Company::scopeCompanyables(Asset::select('assets.*'))->with(
+            $assets = Asset::select('assets.*')->with(
                'location', 'assetstatus', 'company', 'defaultLoc', 'assignedTo',
                'model.category', 'model.manufacturer', 'supplier');
            
            if ($request->filled('by_location_id')) {
-                $assets->where('assets.location_id', $request->input('by_location_id'));
+                $assets->whereIn('assets.location_id', $request->input('by_location_id'));
            }

            if ($request->filled('by_rtd_location_id')) {
-                $assets->where('assets.rtd_location_id', $request->input('by_rtd_location_id'));
+                $assets->whereIn('assets.rtd_location_id', $request->input('by_rtd_location_id'));
            }

            if ($request->filled('by_supplier_id')) {
-                $assets->where('assets.supplier_id', $request->input('by_supplier_id'));
+                $assets->whereIn('assets.supplier_id', $request->input('by_supplier_id'));
            }

            if ($request->filled('by_company_id')) {
-                $assets->where('assets.company_id', $request->input('by_company_id'));
+                $assets->whereIn('assets.company_id', $request->input('by_company_id'));
            }

            if ($request->filled('by_model_id')) {
-                $assets->where('assets.model_id', $request->input('by_model_id'));
+                $assets->whereIn('assets.model_id', $request->input('by_model_id'));
            }

            if ($request->filled('by_category_id')) {
@@ -631,7 +635,7 @@ class ReportsController extends Controller
            }

            if ($request->filled('by_status_id')) {
-                $assets->where('assets.status_id', $request->input('by_status_id'));
+                $assets->whereIn('assets.status_id', $request->input('by_status_id'));
            }

            if (($request->filled('purchase_start')) && ($request->filled('purchase_end'))) {
@@ -639,7 +643,24 @@ class ReportsController extends Controller
            }

            if (($request->filled('created_start')) && ($request->filled('created_end'))) {
-                $assets->whereBetween('assets.created_at', [$request->input('created_start'), $request->input('created_end')]);
+                $created_start = \Carbon::parse($request->input('created_start'))->startOfDay();
+                $created_end = \Carbon::parse($request->input('created_end'))->endOfDay();
+                
+                $assets->whereBetween('assets.created_at', [$created_start, $created_end]);
+            }
+            if (($request->filled('checkout_date_start')) && ($request->filled('checkout_date_end'))) {
+                $checkout_start = \Carbon::parse($request->input('checkout_date_start'))->startOfDay();
+                $checkout_end = \Carbon::parse($request->input('checkout_date_end'))->endOfDay();
+
+                $assets->whereBetween('assets.last_checkout', [$checkout_start, $checkout_end]);
+            }
+
+            if (($request->filled('checkin_date_start'))) {
+                $assets->whereBetween('last_checkin', [
+                    Carbon::parse($request->input('checkin_date_start'))->startOfDay(),
+                    // use today's date is `checkin_date_end` is not provided
+                    Carbon::parse($request->input('checkin_date_end', now()))->endOfDay(),
+                ]);
            }

            if (($request->filled('expected_checkin_start')) && ($request->filled('expected_checkin_end'))) {
@@ -647,7 +668,10 @@ class ReportsController extends Controller
            }

            if (($request->filled('last_audit_start')) && ($request->filled('last_audit_end'))) {
-                $assets->whereBetween('assets.last_audit_date', [$request->input('last_audit_start'), $request->input('last_audit_end')]);
+                $last_audit_start = \Carbon::parse($request->input('last_audit_start'))->startOfDay();
+                $last_audit_end = \Carbon::parse($request->input('last_audit_end'))->endOfDay();
+
+                $assets->whereBetween('assets.last_audit_date', [$last_audit_start, $last_audit_end]);
            }

            if (($request->filled('next_audit_start')) && ($request->filled('next_audit_end'))) {
@@ -663,6 +687,7 @@ class ReportsController extends Controller
                $assets->onlyTrashed();
            }

+            \Log::debug($assets->toSql());
            $assets->orderBy('assets.id', 'ASC')->chunk(20, function ($assets) use ($handle, $customfields, $request) {
            
                $executionTime = microtime(true) - $_SERVER['REQUEST_TIME_FLOAT'];
@@ -822,6 +847,12 @@ class ReportsController extends Controller
                        $row[] = ($asset->last_checkout) ? $asset->last_checkout : '';
                    }

+                    if ($request->filled('checkin_date')) {
+                        $row[] = ($asset->last_checkin)
+                            ? Carbon::parse($asset->last_checkin)->format('Y-m-d')
+                            : '';
+                    }
+
                    if ($request->filled('expected_checkin')) {
                        $row[] = ($asset->expected_checkin) ? $asset->expected_checkin : '';
                    }
@@ -898,12 +929,8 @@ class ReportsController extends Controller
    public function getAssetMaintenancesReport()
    {
        $this->authorize('reports.view');
-        // Grab all the improvements
-        $assetMaintenances = AssetMaintenance::with('asset', 'supplier', 'asset.company')
-                                              ->orderBy('created_at', 'DESC')
-                                              ->get();

-        return view('reports/asset_maintenances', compact('assetMaintenances'));
+        return view('reports.asset_maintenances');
    }

    /**
@@ -994,7 +1021,12 @@ class ReportsController extends Controller

        $assetsForReport = $acceptances
            ->filter(function ($acceptance) {
-                return $acceptance->checkoutable_type == 'App\Models\Asset';
+                $acceptance_checkoutable_flag = false;
+                if ($acceptance->checkoutable){
+                    $acceptance_checkoutable_flag = $acceptance->checkoutable->checkedOutToUser();
+                }
+                
+                return $acceptance->checkoutable_type == 'App\Models\Asset' && $acceptance_checkoutable_flag;
            })
            ->map(function($acceptance) {
                return ['assetItem' => $acceptance->checkoutable, 'acceptance' => $acceptance];
@@ -84,7 +84,7 @@ class SettingsController extends Controller
        }
        $pageURL = $protocol.$host.$_SERVER['REQUEST_URI'];

-        $start_settings['url_config'] = url('/').'/setup';
+        $start_settings['url_config'] = config('app.url').'/setup';
        $start_settings['url_valid'] = ($start_settings['url_config'] === $pageURL);
        $start_settings['real_url'] = $pageURL;
        $start_settings['php_version_min'] = true;
@@ -590,6 +590,7 @@ class SettingsController extends Controller
        $setting->date_display_format = $request->input('date_display_format');
        $setting->time_display_format = $request->input('time_display_format');
        $setting->digit_separator = $request->input('digit_separator');
+        $setting->name_display_format = $request->input('name_display_format');

        if ($setting->save()) {
            return redirect()->route('settings.index')
@@ -827,6 +828,14 @@ class SettingsController extends Controller
        if (is_null($setting = Setting::getSettings())) {
            return redirect()->to('admin')->with('error', trans('admin/settings/message.update.error'));
        }
+        $setting->label2_enable = $request->input('label2_enable');
+        $setting->label2_template = $request->input('label2_template');
+        $setting->label2_title = $request->input('label2_title');
+        $setting->label2_asset_logo = $request->input('label2_asset_logo');
+        $setting->label2_1d_type = $request->input('label2_1d_type');
+        $setting->label2_2d_type = $request->input('label2_2d_type');
+        $setting->label2_2d_target = $request->input('label2_2d_target');
+        $setting->label2_fields = $request->input('label2_fields');
        $setting->labels_per_page = $request->input('labels_per_page');
        $setting->labels_width = $request->input('labels_width');
        $setting->labels_height = $request->input('labels_height');
@@ -875,7 +884,7 @@ class SettingsController extends Controller
        }

        if ($setting->save()) {
-            return redirect()->route('settings.index')
+            return redirect()->route('settings.labels.index')
                ->with('success', trans('admin/settings/message.update.success'));
        }

@@ -961,6 +970,7 @@ class SettingsController extends Controller
            $setting->ldap_phone_field = $request->input('ldap_phone');
            $setting->ldap_jobtitle = $request->input('ldap_jobtitle');
            $setting->ldap_country = $request->input('ldap_country');
+            $setting->ldap_location = $request->input('ldap_location');
            $setting->ldap_dept = $request->input('ldap_dept');
            $setting->ldap_client_tls_cert   = $request->input('ldap_client_tls_cert');
            $setting->ldap_client_tls_key    = $request->input('ldap_client_tls_key');
@@ -1038,6 +1048,48 @@ class SettingsController extends Controller
        return $pdf_branding;
    }

+
+    /**
+     * Show Google login settings form
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.1.1]
+     * @return View
+     */
+    public function getGoogleLoginSettings()
+    {
+        $setting = Setting::getSettings();
+        return view('settings.google', compact('setting'));
+    }
+
+    /**
+     * ShSaveow Google login settings form
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.1.1]
+     * @return View
+     */
+    public function postGoogleLoginSettings(Request $request)
+    {
+        if (!config('app.lock_passwords')) {
+            $setting = Setting::getSettings();
+
+            $setting->google_login = $request->input('google_login', 0);
+            $setting->google_client_id = $request->input('google_client_id');
+            $setting->google_client_secret = $request->input('google_client_secret');
+
+            if ($setting->save()) {
+                return redirect()->route('settings.index')
+                    ->with('success', trans('admin/settings/message.update.success'));
+            }
+
+            return redirect()->back()->withInput()->withErrors($setting->getErrors());
+        }
+
+        return redirect()->back()->with('error', trans('general.feature_disabled'));
+    }
+
+
    /**
     * Show the listing of backups.
     *
@@ -1093,7 +1145,7 @@ class SettingsController extends Controller
    public function postBackups()
    {
        if (! config('app.lock_passwords')) {
-            Artisan::call('backup:run');
+            Artisan::call('snipeit:backup', ['--filename' => 'manual-backup-'.date('Y-m-d-H-i-s')]);
            $output = Artisan::output();

            // Backup completed
@@ -113,7 +113,8 @@ class BulkUsersController extends Controller
            ->conditionallyAddItem('locale')
            ->conditionallyAddItem('remote')
            ->conditionallyAddItem('ldap_import')
-            ->conditionallyAddItem('activated');
+            ->conditionallyAddItem('activated')
+            ->conditionallyAddItem('autoassign_licenses');


        // If the manager_id is one of the users being updated, generate a warning.
@@ -2,6 +2,7 @@

 namespace App\Http\Controllers\Users;

+use App\Helpers\StorageHelper;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\AssetFileRequest;
 use App\Models\Actionlog;
@@ -139,18 +140,25 @@ class UserFilesController extends Controller

        // the license is valid
        if (isset($user->id)) {
+
            $this->authorize('view', $user);

            $log = Actionlog::find($fileId);
-            $file = $log->get_src('users');

-            return Response::download($file); //FIXME this doesn't use the new StorageHelper yet, but it's complicated...
+            // Display the file inline
+            if (request('inline') == 'true') {
+                $headers = [
+                    'Content-Disposition' => 'inline',
+                ];
+                return Storage::download('private_uploads/users/'.$log->filename, $log->filename, $headers);
+            }
+
+            return Storage::download('private_uploads/users/'.$log->filename);
+
        }
-        // Prepare the error message
-        $error = trans('admin/users/message.user_not_found', ['id' => $userId]);

-        // Redirect to the licence management page
-        return redirect()->route('users.index')->with('error', $error);
+        // Redirect to the user management page if the user doesn't exist
+        return redirect()->route('users.index')->with('error',  trans('admin/users/message.user_not_found', ['id' => $userId]));
    }

 }
@@ -74,7 +74,6 @@ class UsersController extends Controller
        $permissions = $this->filterDisplayable($permissions);

        $user = new User;
-        $user->activated = 1;

        return view('users/edit', compact('groups', 'userGroups', 'permissions', 'userPermissions'))
            ->with('user', $user);
@@ -121,7 +120,7 @@ class UsersController extends Controller
        $user->created_by = Auth::user()->id;
        $user->start_date = $request->input('start_date', null);
        $user->end_date = $request->input('end_date', null);
-        $user->autoassign_licenses= $request->input('autoassign_licenses', 1);
+        $user->autoassign_licenses = $request->input('autoassign_licenses', 0);

        // Strip out the superuser permission if the user isn't a superadmin
        $permissions_array = $request->input('permission');
@@ -134,6 +133,9 @@ class UsersController extends Controller
        // we have to invoke the
        app(ImageUploadRequest::class)->handleImages($user, 600, 'avatar', 'avatars', 'avatar');

+        \Log::info("About to call customFill, in the 'store' controller!!!");
+        $user->customFill($request, Auth::user());
+
        if ($user->save()) {
            if ($request->filled('groups')) {
                $user->groups()->sync($request->input('groups'));
@@ -211,7 +213,6 @@ class UsersController extends Controller
     */
    public function update(SaveUserRequest $request, $id = null)
    {
-
        // We need to reverse the UI specific logic for our
        // permissions here before we update the user.
        $permissions = $request->input('permissions', []);
@@ -269,14 +270,15 @@ class UsersController extends Controller
        $user->city = $request->input('city', null);
        $user->state = $request->input('state', null);
        $user->country = $request->input('country', null);
-        $user->activated = $request->input('activated', 0);
+        // if a user is editing themselves we should always keep activated true
+        $user->activated = $request->input('activated', $request->user()->is($user) ? 1 : 0);
        $user->zip = $request->input('zip', null);
        $user->remote = $request->input('remote', 0);
        $user->vip = $request->input('vip', 0);
        $user->website = $request->input('website', null);
        $user->start_date = $request->input('start_date', null);
        $user->end_date = $request->input('end_date', null);
-        $user->autoassign_licenses = $request->input('autoassign_licenses', 1);
+        $user->autoassign_licenses = $request->input('autoassign_licenses', 0);

        // Update the location of any assets checked out to this user
        Asset::where('assigned_type', User::class)
@@ -301,6 +303,8 @@ class UsersController extends Controller
        // Handle uploaded avatar
        app(ImageUploadRequest::class)->handleImages($user, 600, 'avatar', 'avatars', 'avatar');

+        \Log::debug("calling custom fill from the UPDATE method!");
+        $user->customFill($request, Auth::user());
        //\Log::debug(print_r($user, true));

        // Was the user updated?
@@ -671,4 +675,4 @@ class UsersController extends Controller

        return redirect()->back()->with('error', 'User is not activated, is LDAP synced, or does not have an email address ');
    }
-}
+}
@@ -82,7 +82,7 @@ class ViewAssetsController extends Controller
        return view('account/requestable-assets', compact('assets', 'models'));
    }

-    public function getRequestItem(Request $request, $itemType, $itemId = null)
+    public function getRequestItem(Request $request, $itemType, $itemId = null, $cancel_by_admin = false, $requestingUser = null)
    {
        $item = null;
        $fullItemType = 'App\\Models\\'.studly_case($itemType);
@@ -119,16 +119,16 @@ class ViewAssetsController extends Controller

        $settings = Setting::getSettings();

-        if ($item_request = $item->isRequestedBy($user)) {
-            $item->cancelRequest();
-            $data['item_quantity'] = $item_request->qty;
+        if (($item_request = $item->isRequestedBy($user)) || $cancel_by_admin) {
+            $item->cancelRequest($requestingUser);
+            $data['item_quantity'] = ($item_request) ? $item_request->qty : 1;
            $logaction->logaction('request_canceled');

            if (($settings->alert_email != '') && ($settings->alerts_enabled == '1') && (! config('app.lock_passwords'))) {
                $settings->notify(new RequestAssetCancelation($data));
            }

-            return redirect()->route('requestable-assets')->with('success')->with('success', trans('admin/hardware/message.requests.canceled'));
+            return redirect()->back()->with('success')->with('success', trans('admin/hardware/message.requests.canceled'));
        } else {
            $item->request();
            if (($settings->alert_email != '') && ($settings->alerts_enabled == '1') && (! config('app.lock_passwords'))) {
@@ -18,13 +18,12 @@ class Kernel extends HttpKernel
        \Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-        \Fideloper\Proxy\TrustProxies::class,
        \App\Http\Middleware\CheckForSetup::class,
        \App\Http\Middleware\CheckForDebug::class,
        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
        \App\Http\Middleware\SecurityHeaders::class,
        \App\Http\Middleware\PreventBackHistory::class,
-        \Fruitcake\Cors\HandleCors::class,
+        \Illuminate\Http\Middleware\HandleCors::class,

    ];

@@ -0,0 +1,67 @@
+<?php
+
+namespace App\Http\Livewire;
+
+use Livewire\Component;
+
+class CategoryEditForm extends Component
+{
+    public $defaultEulaText;
+
+    public $eulaText;
+
+    public $originalSendCheckInEmailValue;
+
+    public $requireAcceptance;
+
+    public $sendCheckInEmail;
+
+    public $useDefaultEula;
+
+    public function mount()
+    {
+        $this->originalSendCheckInEmailValue = $this->sendCheckInEmail;
+
+        if ($this->eulaText || $this->useDefaultEula) {
+            $this->sendCheckInEmail = 1;
+        }
+    }
+
+    public function render()
+    {
+        return view('livewire.category-edit-form');
+    }
+
+    public function updated($property, $value)
+    {
+        if (! in_array($property, ['eulaText', 'useDefaultEula'])) {
+            return;
+        }
+
+        $this->sendCheckInEmail = $this->eulaText || $this->useDefaultEula ? 1 : $this->originalSendCheckInEmailValue;
+    }
+
+    public function getShouldDisplayEmailMessageProperty(): bool
+    {
+        return $this->eulaText || $this->useDefaultEula;
+    }
+
+    public function getEmailMessageProperty(): string
+    {
+        if ($this->useDefaultEula) {
+            return trans('admin/categories/general.email_will_be_sent_due_to_global_eula');
+        }
+
+        return trans('admin/categories/general.email_will_be_sent_due_to_category_eula');
+    }
+
+    public function getEulaTextDisabledProperty()
+    {
+        return (bool)$this->useDefaultEula;
+    }
+
+    public function getSendCheckInEmailDisabledProperty()
+    {
+        return $this->eulaText || $this->useDefaultEula;
+    }
+}
@@ -2,6 +2,8 @@

 namespace App\Http\Livewire;

+use App\Models\Asset;
+use App\Models\DefaultValuesForCustomFields;
 use Livewire\Component;

 use App\Models\CustomFieldset;
@@ -30,7 +32,7 @@ class CustomFieldSetDefaultValuesForModel extends Component
            $this->fields = CustomFieldset::find($this->fieldset_id)->fields;
        } 

-        $this->add_default_values = ($this->model->defaultValues->count() > 0);
+        $this->add_default_values = (DefaultValuesForCustomFields::forPivot($this->model, Asset::class)->count() > 0);
    }

    public function updatedFieldsetId()
@@ -38,6 +38,16 @@ class Importer extends Component
    public $field_map; // we need a separate variable for the field-mapping, because the keys in the normal array are too complicated for Livewire to understand
    public $file_id; // TODO: I can't figure out *why* we need this, but it really seems like we do. I can't seem to pull the id from the activeFile for some reason?

+    // Make these variables public - we set the properties in the constructor so we can localize them (versus the old static arrays)
+    public $accessories_fields;
+    public $assets_fields;
+    public $users_fields;
+    public $licenses_fields;
+    public $locations_fields;
+    public $consumables_fields;
+    public $components_fields;
+    public $aliases_fields;
+
    protected $rules = [
        'files.*.file_path' => 'required|string',
        'files.*.created_at' => 'required|string',
@@ -57,138 +67,40 @@ class Importer extends Component
        return json_encode(array_filter($tmp));
    }

-    // all of these 'statics', alas, may have to change to something else to handle translations?
-    // I'm not sure. Maybe I use them to 'populate' the translations? TBH, I don't know yet.
-    static $general = [
-        'category' => 'Category',
-        'company' => 'Company',
-        'email' => 'Email',
-        'item_name' => 'Item Name',
-        'location' => 'Location',
-        'maintained' => 'Maintained',
-        'manufacturer' => 'Manufacturer',
-        'notes' => 'Notes',
-        'order_number' => 'Order Number',
-        'purchase_cost' => 'Purchase Cost',
-        'purchase_date' => 'Purchase Date',
-        'quantity' => 'Quantity',
-        'requestable' => 'Requestable',
-        'serial' => 'Serial Number',
-        'supplier' => 'Supplier',
-        'username' => 'Username',
-        'department' => 'Department',
-    ];

-    static $accessories = [
-        'model_number' => 'Model Number',
-    ];
-
-    static $assets = [
-        'asset_tag' => 'Asset Tag',
-        'asset_model' => 'Model Name',
-        'byod' => 'BYOD',
-        'checkout_class' => 'Checkout Type',
-        'checkout_location' => 'Checkout Location',
-        'image' => 'Image Filename',
-        'model_number' => 'Model Number',
-        'full_name' => 'Full Name',
-        'status' => 'Status',
-        'warranty_months' => 'Warranty Months',
-    ];
-
-    static $consumables = [
-        'item_no' => "Item Number",
-        'model_number' => "Model Number",
-        'min_amt' => "Minimum Quantity",
-    ];
-
-    static $licenses = [
-        'asset_tag' => 'Assigned To Asset',
-        'expiration_date' => 'Expiration Date',
-        'full_name' => 'Full Name',
-        'license_email' => 'Licensed To Email',
-        'license_name' => 'Licensed To Name',
-        'purchase_order' => 'Purchase Order',
-        'reassignable' => 'Reassignable',
-        'seats' => 'Seats',
-    ];
-
-    static $users = [
-        'employee_num' => 'Employee Number',
-        'first_name' => 'First Name',
-        'jobtitle' => 'Job Title',
-        'last_name' => 'Last Name',
-        'phone_number' => 'Phone Number',
-        'manager_first_name' => 'Manager First Name',
-        'manager_last_name' => 'Manager Last Name',
-        'activated' => 'Activated',
-        'address' => 'Address',
-        'city' => 'City',
-        'state' => 'State',
-        'country' => 'Country',
-        'vip' => 'VIP'
-    ];
-
-    //array of "real fieldnames" to a list of aliases for that field
-    static $aliases = [
-        'model_number' =>
-            [
-                'model',
-                'model no',
-                'model no.',
-                'model number',
-                'model num',
-                'model num.'
-            ],
-        'warranty_months' =>
-            [
-                'Warranty',
-                'Warranty Months'
-            ],
-        'qty' =>
-            [
-                'QTY',
-                'Quantity'
-            ],
-        'min_amt' =>
-            [
-                'Min Amount',
-                'Min QTY'
-            ],
-        'next_audit_date' =>
-            [
-                'Next Audit',
-            ],
-
-
-    ];

    private function getColumns($type)
    {
        switch ($type) {
            case 'asset':
-                $results = self::$general + self::$assets;
+                $results = $this->assets_fields;
                break;
            case 'accessory':
-                $results = self::$general + self::$accessories;
+                $results = $this->accessories_fields;
                break;
            case 'consumable':
-                $results = self::$general + self::$consumables;
+                $results = $this->consumables_fields;
+                break;
+            case 'component':
+                $results = $this->components_fields;
                break;
            case 'license':
-                $results = self::$general + self::$licenses;
+                $results = $this->licenses_fields;
                break;
            case 'user':
-                $results = self::$general + self::$users;
+                $results = $this->users_fields;
+                break;
+            case 'location':
+                $results = $this->locations_fields;
                break;
            default:
-                $results = self::$general;
+                $results = [];
        }
        asort($results, SORT_FLAG_CASE | SORT_STRING);
        if ($type == "asset") {
            // add Custom Fields after a horizontal line
            $results['-'] = "———" . trans('admin/custom_fields/general.custom_fields') . "———’";
-            foreach (CustomField::orderBy('name')->get() as $field) {
+            foreach (CustomField::where('type', \App\Models\Asset::class)->orderBy('name')->get() as $field) { // TODO - generalize?
                $results[$field->db_column_name()] = $field->name;
            }
        }
@@ -198,8 +110,8 @@ class Importer extends Component
    public function updating($name, $new_import_type)
    {
        if ($name == "activeFile.import_type") {
-            \Log::info("WE ARE CHANGING THE import_type!!!!! TO: " . $new_import_type);
-            \Log::info("so, what's \$this->>field_map at?: " . print_r($this->field_map, true));
+            \Log::debug("WE ARE CHANGING THE import_type!!!!! TO: " . $new_import_type);
+            \Log::debug("so, what's \$this->>field_map at?: " . print_r($this->field_map, true));
            // go through each header, find a matching field to try and map it to.
            foreach ($this->activeFile->header_row as $i => $header) {
                // do we have something mapped already?
@@ -211,7 +123,7 @@ class Importer extends Component
                        continue;
                    } else {
                        //no, this key is *INVALID* for this import type. Better set it to null
-                        // and we'll hope that the aliases or something else picks it up.
+                        // and we'll hope that the $aliases_fields or something else picks it up.
                        $this->field_map[$i] = null; // fingers crossed! But it's not likely, tbh.
                    } // TODO - strictly speaking, this isn't necessary here I don't think.
                }
@@ -222,8 +134,8 @@ class Importer extends Component
                        continue 2; //don't bother with the alias check, go to the next header
                    }
                }
-                // if you got here, we didn't find a match. Try the aliases
-                foreach (self::$aliases as $key => $alias_values) {
+                // if you got here, we didn't find a match. Try the $aliases_fields
+                foreach ($this->aliases_fields as $key => $alias_values) {
                    foreach ($alias_values as $alias_value) {
                        if (strcasecmp($alias_value, $header) === 0) { // aLsO CaSe-INSENSitiVE!
                            // Make *absolutely* sure that this key actually _exists_ in this import type -
@@ -252,7 +164,6 @@ class Importer extends Component
        $this->authorize('import');
        $this->progress = -1; // '-1' means 'don't show the progressbar'
        $this->progress_bar_class = 'progress-bar-warning';
-        \Log::info("Hey, we are calling MOUNT (in the importer-file) !!!!!!!!"); //fcuk
        $this->importTypes = [
            'asset' =>      trans('general.assets'),
            'accessory' =>  trans('general.accessories'),
@@ -260,6 +171,306 @@ class Importer extends Component
            'component' =>  trans('general.components'),
            'license' =>    trans('general.licenses'),
            'user' =>       trans('general.users'),
+            'location' =>    trans('general.locations'),
+        ];
+
+        /**
+         * These are the item-type specific columns
+         */
+        $this->accessories_fields  = [
+            'company' => trans('general.company'),
+            'location' => trans('general.location'),
+            'quantity' => trans('general.qty'),
+            'item_name' => trans('general.item_name_var', ['item' => trans('general.accessory')]),
+            'model_number' => trans('general.model_no'),
+            'notes' => trans('general.notes'),
+            'category' => trans('general.category'),
+            'supplier' => trans('general.supplier'),
+            'min_amt' => trans('mail.min_QTY'),
+            'purchase_cost' => trans('general.purchase_cost'),
+            'purchase_date' => trans('general.purchase_date'),
+            'manufacturer' => trans('general.manufacturer'),
+            'order_number' => trans('general.order_number'),
+        ];
+
+        $this->assets_fields = [
+            'company' => trans('general.company'),
+            'location' => trans('general.location'),
+            'item_name' => trans('general.item_name_var', ['item' => trans('general.asset')]),
+            'asset_tag' => trans('general.asset_tag'),
+            'asset_model' => trans('general.model_name'),
+            'byod' => trans('general.byod'),
+            'model_number' => trans('general.model_no'),
+            'status' => trans('general.status'),
+            'warranty_months' => trans('admin/hardware/form.warranty'),
+            'category' => trans('general.category'),
+            'requestable' => trans('admin/hardware/general.requestable'),
+            'serial' => trans('general.serial_number'),
+            'supplier' => trans('general.supplier'),
+            'purchase_cost' => trans('general.purchase_cost'),
+            'purchase_date' => trans('general.purchase_date'),
+            'purchase_order' => trans('admin/licenses/form.purchase_order'),
+            'asset_notes' => trans('general.item_notes', ['item' => trans('admin/hardware/general.asset')]),
+            'model_notes' => trans('general.item_notes', ['item' => trans('admin/hardware/form.model')]),
+            'manufacturer' => trans('general.manufacturer'),
+            'order_number' => trans('general.order_number'),
+            'image' => trans('general.importer.image_filename'),
+            'asset_eol_date' => trans('admin/hardware/form.eol_date'),
+            /**
+             * Checkout fields:
+             * Assets can be checked out to other assets, people, or locations, but we currently
+             * only support checkout to people and locations in the importer
+             **/
+            'checkout_class' => trans('general.importer.checkout_type'),
+            'first_name' => trans('general.importer.checked_out_to_first_name'),
+            'last_name' => trans('general.importer.checked_out_to_last_name'),
+            'full_name' => trans('general.importer.checked_out_to_fullname'),
+            'email' => trans('general.importer.checked_out_to_email'),
+            'username' => trans('general.importer.checked_out_to_username'),
+            'checkout_location' => trans('general.importer.checkout_location'),
+        ];
+
+        $this->consumables_fields = [
+            'company' => trans('general.company'),
+            'location' => trans('general.location'),
+            'quantity' => trans('general.qty'),
+            'item_name' => trans('general.item_name_var', ['item' => trans('general.consumable')]),
+            'model_number' => trans('general.model_no'),
+            'notes' => trans('general.notes'),
+            'min_amt' => trans('mail.min_QTY'),
+            'category' => trans('general.category'),
+            'purchase_cost' => trans('general.purchase_cost'),
+            'purchase_date' => trans('general.purchase_date'),
+            'checkout_class' => trans('general.importer.checkout_type'),
+            'supplier' => trans('general.supplier'),
+            'manufacturer' => trans('general.manufacturer'),
+            'order_number' => trans('general.order_number'),
+            'item_no' => trans('admin/consumables/general.item_no'),
+        ];
+
+        $this->components_fields = [
+            'company' => trans('general.company'),
+            'location' => trans('general.location'),
+            'quantity' => trans('general.qty'),
+            'item_name' => trans('general.item_name_var', ['item' => trans('general.component')]),
+            'model_number' => trans('general.model_no'),
+            'notes' => trans('general.notes'),
+            'category' => trans('general.category'),
+            'supplier' => trans('general.supplier'),
+            'min_amt' => trans('mail.min_QTY'),
+            'purchase_cost' => trans('general.purchase_cost'),
+            'purchase_date' => trans('general.purchase_date'),
+            'manufacturer' => trans('general.manufacturer'),
+            'order_number' => trans('general.order_number'),
+            'serial' => trans('general.serial_number'),
+        ];
+
+        $this->licenses_fields = [
+            'company' => trans('general.company'),
+            'location' => trans('general.location'),
+            'item_name' => trans('general.item_name_var', ['item' => trans('general.license')]),
+            'asset_tag' => trans('general.importer.checked_out_to_tag'),
+            'expiration_date' => trans('admin/licenses/form.expiration'),
+            'full_name' => trans('general.importer.checked_out_to_fullname'),
+            'license_email' => trans('admin/licenses/form.to_email'),
+            'license_name' => trans('admin/licenses/form.to_name'),
+            'purchase_order' => trans('admin/licenses/form.purchase_order'),
+            'reassignable' => trans('admin/licenses/form.reassignable'),
+            'seats' => trans('admin/licenses/form.seats'),
+            'notes' => trans('general.notes'),
+            'category' => trans('general.category'),
+            'supplier' => trans('general.supplier'),
+            'purchase_cost' => trans('general.purchase_cost'),
+            'purchase_date' => trans('general.purchase_date'),
+            'maintained' => trans('admin/licenses/form.maintained'),
+            'checkout_class' => trans('general.importer.checkout_type'),
+            'serial' => trans('general.license_serial'),
+            'email' => trans('general.importer.checked_out_to_email'),
+            'username' => trans('general.importer.checked_out_to_username'),
+            'manufacturer' => trans('general.manufacturer'),
+        ];
+
+        $this->users_fields  = [
+            'id' => trans('general.id'),
+            'company' => trans('general.company'),
+            'location' => trans('general.location'),
+            'department' => trans('general.department'),
+            'first_name' => trans('general.first_name'),
+            'last_name' => trans('general.last_name'),
+            'notes' => trans('general.notes'),
+            'username' => trans('admin/users/table.username'),
+            'jobtitle' => trans('admin/users/table.title'),
+            'phone_number' => trans('admin/users/table.phone'),
+            'manager_first_name' => trans('general.importer.manager_first_name'),
+            'manager_last_name' => trans('general.importer.manager_last_name'),
+            'activated' => trans('general.activated'),
+            'address' => trans('general.address'),
+            'city' => trans('general.city'),
+            'state' => trans('general.state'),
+            'country' => trans('general.country'),
+            'zip' => trans('general.zip'),
+            'vip' => trans('general.importer.vip'),
+            'remote' => trans('admin/users/general.remote'),
+            'email' => trans('admin/users/table.email'),
+            'website' => trans('general.website'),
+            'avatar' => trans('general.image'),
+            'gravatar' => trans('general.importer.gravatar'),
+            'start_date'    => trans('general.start_date'),
+            'end_date'   => trans('general.end_date'),
+            'employee_num'   => trans('general.employee_number'),
+        ];
+
+        $this->locations_fields  = [
+            'name' => trans('general.item_name_var', ['item' => trans('general.location')]),
+            'address' => trans('general.address'),
+            'address2' => trans('general.importer.address2'),
+            'city' => trans('general.city'),
+            'state' => trans('general.state'),
+            'country' => trans('general.country'),
+            'zip' => trans('general.zip'),
+            'currency' => trans('general.importer.currency'),
+            'ldap_ou' => trans('admin/locations/table.ldap_ou'),
+            'manager_username' => trans('general.importer.manager_username'),
+            'manager' => trans('general.importer.manager_full_name'),
+            'parent_location' => trans('admin/locations/table.parent'),
+        ];
+
+        // "real fieldnames" to a list of aliases for that field
+        $this->aliases_fields = [
+            'item_name' =>
+                [
+                    'item name',
+                    'asset name',
+                    'accessory name',
+                    'user name',
+                    'consumable name',
+                    'component name',
+                    'name',
+                ],
+            'item_no' => [
+                'item number',
+                'item no.',
+                'item #',
+            ],
+            'asset_model' =>
+                [
+                    'model name',
+                    'model',
+                ],
+            'gravatar' =>
+                [
+                    'gravatar',
+                ],
+            'currency' =>
+                [
+                    '$',
+                ],
+            'jobtitle' =>
+                [
+                    'job title for user',
+                    'job title',
+                ],
+            'username' =>
+                [
+                    'user name',
+                    'username',
+                    trans('general.importer.checked_out_to_username'),
+                ],
+            'first_name' =>
+                [
+                    'first name',
+                    trans('general.importer.checked_out_to_first_name'),
+                ],
+            'last_name' =>
+                [
+                    'last name',
+                    'lastname',
+                    trans('general.importer.checked_out_to_last_name'),
+                ],
+            'email' =>
+                [
+                    'email',
+                    'e-mail',
+                    trans('general.importer.checked_out_to_email'),
+                ],
+            'phone_number' =>
+                [
+                    'phone',
+                    'phone number',
+                    'phone num',
+                    'telephone number',
+                    'telephone',
+                    'tel.',
+                ],
+            'serial' =>
+                [
+                    'serial number',
+                    'serial no.',
+                    'serial no',
+                    'product key',
+                    'key',
+                ],
+            'model_number' =>
+                [
+                    'model',
+                    'model no',
+                    'model no.',
+                    'model number',
+                    'model num',
+                    'model num.'
+                ],
+            'warranty_months' =>
+                [
+                    'Warranty',
+                    'Warranty Months'
+                ],
+            'qty' =>
+                [
+                    'QTY',
+                    'Quantity'
+                ],
+            'zip' =>
+                [
+                    'Postal Code',
+                    'Post Code',
+                    'Zip Code'
+                ],
+            'min_amt' =>
+                [
+                    'Min Amount',
+                    'Minimum Amount',
+                    'Min Quantity',
+                    'Minimum Quantity',
+                ],
+            'next_audit_date' =>
+                [
+                    'Next Audit',
+                ],
+            'address2' =>
+                [
+                    'Address 2',
+                    'Address2',
+                ],
+            'ldap_ou' =>
+                [
+                    'LDAP OU',
+                    'OU',
+                ],
+            'parent_location' =>
+                [
+                    'Parent',
+                    'Parent Location',
+                ],
+            'manager' =>
+                [
+                    'Managed By',
+                    'Manager Name',
+                    'Manager Full Name',
+                ],
+            'manager_username' =>
+                [
+                    'Manager Username',
+                ],
        ];

        $this->columnOptions[''] = $this->getColumns(''); //blank mode? I don't know what this is supposed to mean
@@ -273,8 +484,7 @@ class Importer extends Component

    public function selectFile($id)
    {
-        \Log::info("TOGGLE EVENT FIRED!");
-        \Log::error("The ID we are trying to find is AS FOLLOWS: ".$id);
+
        $this->activeFile = Import::find($id);
        $this->field_map = null;
        foreach($this->activeFile->header_row as $element) {
@@ -284,11 +494,9 @@ class Importer extends Component
                $this->field_map[] = null; // re-inject the 'nulls' if a file was imported with some 'Do Not Import' settings
            }
        }
-        //$this->field_map = $this->activeFile->field_map ? array_values($this->activeFile->field_map) : []; // this is wrong
        $this->file_id = $id;
        $this->import_errors = null;
        $this->statusText = null;
-        \Log::error("The import type we are about to try and load up is gonna be this: ".$this->activeFile->import_type);

    }

@@ -20,13 +20,13 @@ class CheckForSetup

        if (Setting::setupCompleted()) {
            if ($request->is('setup*')) {
-                return redirect(url('/'));
+                return redirect(config('app.url'));
            } else {
                return $next($request);
            }
        } else {
            if (! ($request->is('setup*')) && ! ($request->is('.env')) && ! ($request->is('health'))) {
-                return redirect(url('/').'/setup');
+                return redirect(config('app.url').'/setup');
            }

            return $next($request);
@@ -2,7 +2,7 @@

 namespace App\Http\Middleware;

-use Fideloper\Proxy\TrustProxies as Middleware;
+use Illuminate\Http\Middleware\TrustProxies as Middleware;
 use Illuminate\Http\Request;

 class TrustProxies extends Middleware
@@ -10,7 +10,7 @@ class TrustProxies extends Middleware
    /**
     * The trusted proxies for this application.
     *
-     * @var array|string|null
+     * @var array<int, string>|string|null
     */
    protected $proxies;

@@ -19,5 +19,10 @@ class TrustProxies extends Middleware
     *
     * @var int
     */
-    protected $headers = Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO | Request::HEADER_X_FORWARDED_AWS_ELB;
+    protected $headers =
+        Request::HEADER_X_FORWARDED_FOR |
+        Request::HEADER_X_FORWARDED_HOST |
+        Request::HEADER_X_FORWARDED_PORT |
+        Request::HEADER_X_FORWARDED_PROTO |
+        Request::HEADER_X_FORWARDED_AWS_ELB;
 }
@@ -26,18 +26,22 @@ class CustomFieldRequest extends FormRequest
    {
        $rules = [];

+        $rules['associate_fieldsets.*'] = 'nullable|integer|exists:custom_fieldsets,id';
+
        switch ($this->method()) {

            // Brand new
            case 'POST':
            {
                $rules['name'] = 'required|unique:custom_fields';
+                $rules['tab'] = 'required';
                break;
            }

            // Save all fields
            case 'PUT':
                $rules['name'] = 'required';
+                $rules['tab'] = 'required';
                break;

            // Save only what's passed
@@ -54,4 +58,11 @@ class CustomFieldRequest extends FormRequest

        return  $rules;
    }
+
+    public function messages()
+    {
+        return [
+            'associate_fieldsets.*.exists' => trans('admin/custom_fields/message/does_not_exist'),
+        ];
+    }
 }
@@ -32,6 +32,7 @@ class SaveUserRequest extends FormRequest
    public function rules()
    {
        $rules = [
+            'department_id' => 'nullable|exists:departments,id',
            'manager_id' => 'nullable|exists:users,id',
        ];

@@ -32,7 +32,7 @@ class AccessoriesTransformer
            'model_number' => ($accessory->model_number) ? e($accessory->model_number) : null,
            'category' => ($accessory->category) ? ['id' => $accessory->category->id, 'name'=> e($accessory->category->name)] : null,
            'location' => ($accessory->location) ? ['id' => $accessory->location->id, 'name'=> e($accessory->location->name)] : null,
-            'notes' => ($accessory->notes) ? e($accessory->notes) : null,
+            'notes' => ($accessory->notes) ? Helper::parseEscapedMarkedownInline($accessory->notes) : null,
            'qty' => ($accessory->qty) ? (int) $accessory->qty : null,
            'purchase_date' => ($accessory->purchase_date) ? Helper::getFormattedDateObject($accessory->purchase_date, 'date') : null,
            'purchase_cost' => Helper::formatCurrencyOutput($accessory->purchase_cost),
@@ -3,7 +3,12 @@ namespace App\Http\Transformers;

 use App\Helpers\Helper;
 use App\Models\Actionlog;
+use App\Models\CustomField;
 use App\Models\Setting;
+use App\Models\Company;
+use App\Models\Supplier;
+use App\Models\Location;
+use App\Models\AssetModel;
 use Illuminate\Database\Eloquent\Collection;

 class ActionlogsTransformer
@@ -38,6 +43,7 @@ class ActionlogsTransformer
    public function transformActionlog (Actionlog $actionlog, $settings = null)
    {
        $icon = $actionlog->present()->icon();
+        $custom_field = CustomField::all();
        if ($actionlog->filename!='') {
            $icon =  e(\App\Helpers\Helper::filetype_icon($actionlog->filename));
        }
@@ -46,13 +52,24 @@ class ActionlogsTransformer
        if (($actionlog->log_meta) && ($actionlog->log_meta!='')) {
            $meta_array = json_decode($actionlog->log_meta);

+            $clean_meta = [];
+
            if ($meta_array) {
                foreach ($meta_array as $fieldname => $fieldata) {
-                    $clean_meta[$fieldname]['old'] = $this->clean_field($fieldata->old);
-                    $clean_meta[$fieldname]['new'] = $this->clean_field($fieldata->new);
+                    if( str_starts_with($fieldname, '_snipeit_')){
+                        if( $custom_field->where('db_column', '=', $fieldname)->where('field_encrypted', true)){
+                            $clean_meta[$fieldname]['old'] = "encrypted";
+                            $clean_meta[$fieldname]['new'] = "encrypted";
+                        }
+                    }
+                     else {
+                        $clean_meta[$fieldname]['old'] = $this->clean_field($fieldata->old);
+                        $clean_meta[$fieldname]['new'] = $this->clean_field($fieldata->new);
+                    }
                }

            }
+            $clean_meta= $this->changedInfo($clean_meta);
        }

        $file_url = '';
@@ -110,14 +127,15 @@ class ActionlogsTransformer
                'type' => e($actionlog->targetType()),
            ] : null,

-            'note'          => ($actionlog->note) ? e($actionlog->note): null,
+            'note'          => ($actionlog->note) ? Helper::parseEscapedMarkedownInline($actionlog->note): null,
            'signature_file'   => ($actionlog->accept_signature) ? route('log.signature.view', ['filename' => $actionlog->accept_signature ]) : null,
            'log_meta'          => ((isset($clean_meta)) && (is_array($clean_meta))) ? $clean_meta: null,
            'action_date'   => ($actionlog->action_date) ? Helper::getFormattedDateObject($actionlog->action_date, 'datetime'): Helper::getFormattedDateObject($actionlog->created_at, 'datetime'),
        ];
-        //\Log::info("Clean Meta is: ".print_r($clean_meta,true));

+//        \Log::info("Clean Meta is: ".print_r($clean_meta,true));
        //dd($array);
+
        return $array;
    }

@@ -132,6 +150,80 @@ class ActionlogsTransformer
        }
        return (new DatatablesTransformer)->transformDatatables($array, $total);
    }
+    /**
+     * This takes the ids of the changed attributes and returns the names instead for the history view of an Asset
+     *
+     * @param  array $clean_meta
+     * @return array
+     */
+
+    public function changedInfo(array $clean_meta)
+    {   $location = Location::withTrashed()->get();
+        $supplier = Supplier::withTrashed()->get();
+        $model = AssetModel::withTrashed()->get();
+        $company = Company::get();
+
+
+        if(array_key_exists('rtd_location_id',$clean_meta)) {
+            $clean_meta['rtd_location_id']['old'] = $clean_meta['rtd_location_id']['old'] ? "[id: ".$clean_meta['rtd_location_id']['old']."] ". $location->find($clean_meta['rtd_location_id']['old'])->name : trans('general.unassigned');
+            $clean_meta['rtd_location_id']['new'] = $clean_meta['rtd_location_id']['new'] ? "[id: ".$clean_meta['rtd_location_id']['new']."] ". $location->find($clean_meta['rtd_location_id']['new'])->name : trans('general.unassigned');
+            $clean_meta['Default Location'] = $clean_meta['rtd_location_id'];
+            unset($clean_meta['rtd_location_id']);
+        }
+        if(array_key_exists('location_id', $clean_meta)) {
+            $clean_meta['location_id']['old'] = $clean_meta['location_id']['old'] ? "[id: ".$clean_meta['location_id']['old']."] ".$location->find($clean_meta['location_id']['old'])->name : trans('general.unassigned');
+            $clean_meta['location_id']['new'] = $clean_meta['location_id']['new'] ? "[id: ".$clean_meta['location_id']['new']."] ".$location->find($clean_meta['location_id']['new'])->name : trans('general.unassigned');
+            $clean_meta['Current Location'] = $clean_meta['location_id'];
+            unset($clean_meta['location_id']);
+        }
+        if(array_key_exists('model_id', $clean_meta)) {
+
+            $oldModel = $model->find($clean_meta['model_id']['old']);
+            $oldModelName = $oldModel->name ?? trans('admin/models/message.deleted');
+
+            $newModel = $model->find($clean_meta['model_id']['new']);
+            $newModelName = $newModel->name ?? trans('admin/models/message.deleted');
+
+            $clean_meta['model_id']['old'] = "[id: ".$clean_meta['model_id']['old']."] ".$oldModelName;
+            $clean_meta['model_id']['new'] = "[id: ".$clean_meta['model_id']['new']."] ".$newModelName; /** model is required at asset creation */
+
+            $clean_meta['Model'] = $clean_meta['model_id'];
+            unset($clean_meta['model_id']);
+        }
+        if(array_key_exists('company_id', $clean_meta)) {
+
+            $oldCompany = $company->find($clean_meta['company_id']['old']);
+            $oldCompanyName = $oldCompany->name ?? trans('admin/companies/message.deleted');
+
+            $newCompany = $company->find($clean_meta['company_id']['new']);
+            $newCompanyName = $newCompany->name ?? trans('admin/companies/message.deleted');
+
+            $clean_meta['company_id']['old'] = $clean_meta['company_id']['old'] ? "[id: ".$clean_meta['company_id']['old']."] ". $oldCompanyName : trans('general.unassigned');
+            $clean_meta['company_id']['new'] = $clean_meta['company_id']['new'] ? "[id: ".$clean_meta['company_id']['new']."] ". $newCompanyName : trans('general.unassigned');
+            $clean_meta['Company'] = $clean_meta['company_id'];
+            unset($clean_meta['company_id']);
+        }
+        if(array_key_exists('supplier_id', $clean_meta)) {
+
+            $oldSupplier = $supplier->find($clean_meta['supplier_id']['old']);
+            $oldSupplierName = $oldSupplier->name ?? trans('admin/suppliers/message.deleted');
+
+            $newSupplier = $supplier->find($clean_meta['supplier_id']['new']);
+            $newSupplierName = $newSupplier->name ?? trans('admin/suppliers/message.deleted');
+
+            $clean_meta['supplier_id']['old'] = $clean_meta['supplier_id']['old'] ? "[id: ".$clean_meta['supplier_id']['old']."] ". $oldSupplierName : trans('general.unassigned');
+            $clean_meta['supplier_id']['new'] = $clean_meta['supplier_id']['new'] ? "[id: ".$clean_meta['supplier_id']['new']."] ". $newSupplierName : trans('general.unassigned');
+            $clean_meta['Supplier'] = $clean_meta['supplier_id'];
+            unset($clean_meta['supplier_id']);
+        }
+        if(array_key_exists('asset_eol_date', $clean_meta)) {
+            $clean_meta['EOL date'] = $clean_meta['asset_eol_date'];
+            unset($clean_meta['asset_eol_date']);
+        }
+
+        return $clean_meta;
+
+    }



@@ -49,7 +49,7 @@ class AssetMaintenancesTransformer
                'id' => (int) $assetmaintenance->asset->defaultLoc->id,
                'name'=> e($assetmaintenance->asset->defaultLoc->name),
            ] : null,
-            'notes'         => ($assetmaintenance->notes) ? e($assetmaintenance->notes) : null,
+            'notes'         => ($assetmaintenance->notes) ? Helper::parseEscapedMarkedownInline($assetmaintenance->notes) : null,
            'supplier'      => ($assetmaintenance->supplier) ? ['id' => $assetmaintenance->supplier->id, 'name'=> e($assetmaintenance->supplier->name)] : null,
            'cost'          => Helper::formatCurrencyOutput($assetmaintenance->cost),
            'asset_maintenance_type'          => e($assetmaintenance->asset_maintenance_type),
@@ -59,6 +59,7 @@ class AssetMaintenancesTransformer
            'user_id'    => ($assetmaintenance->admin) ? ['id' => $assetmaintenance->admin->id, 'name'=> e($assetmaintenance->admin->getFullNameAttribute())] : null,
            'created_at' => Helper::getFormattedDateObject($assetmaintenance->created_at, 'datetime'),
            'updated_at' => Helper::getFormattedDateObject($assetmaintenance->updated_at, 'datetime'),
+            'is_warranty'=> $assetmaintenance->is_warranty,

        ];

@@ -47,6 +47,7 @@ class AssetModelsTransformer
            ] : null,
            'image' => ($assetmodel->image != '') ? Storage::disk('public')->url('models/'.e($assetmodel->image)) : null,
            'model_number' => e($assetmodel->model_number),
+            'min_amt'   => ($assetmodel->min_amt) ? (int) $assetmodel->min_amt : null,
            'depreciation' => ($assetmodel->depreciation) ? [
                'id' => (int) $assetmodel->depreciation->id,
                'name'=> e($assetmodel->depreciation->name),
@@ -63,7 +64,7 @@ class AssetModelsTransformer
            'default_fieldset_values' => $default_field_values,
            'eol' => ($assetmodel->eol > 0) ? $assetmodel->eol.' months' : 'None',
            'requestable' => ($assetmodel->requestable == '1') ? true : false,
-            'notes' => e($assetmodel->notes),
+            'notes' => Helper::parseEscapedMarkedownInline($assetmodel->notes),
            'created_at' => Helper::getFormattedDateObject($assetmodel->created_at, 'datetime'),
            'updated_at' => Helper::getFormattedDateObject($assetmodel->updated_at, 'datetime'),
            'deleted_at' => Helper::getFormattedDateObject($assetmodel->deleted_at, 'datetime'),
@@ -2,6 +2,7 @@

 namespace App\Http\Transformers;

+use App\Helpers\CustomFieldHelper;
 use App\Helpers\Helper;
 use App\Models\Asset;
 use App\Models\Setting;
@@ -38,7 +39,7 @@ class AssetsTransformer
            'byod' => ($asset->byod ? true : false),

            'model_number' => (($asset->model) && ($asset->model->model_number)) ? e($asset->model->model_number) : null,
-            'eol' => ($asset->model->eol != '') ? $asset->model->eol : null,
+            'eol' => (($asset->model) && ($asset->model->eol != '')) ? $asset->model->eol : null,
            'asset_eol_date' => ($asset->asset_eol_date != '') ? Helper::getFormattedDateObject($asset->asset_eol_date, 'date') : null,
            'status_label' => ($asset->assetstatus) ? [
                'id' => (int) $asset->assetstatus->id,
@@ -58,7 +59,7 @@ class AssetsTransformer
                'id' => (int) $asset->supplier->id,
                'name'=> e($asset->supplier->name),
            ] : null,
-            'notes' => ($asset->notes) ? e($asset->notes) : null,
+            'notes' => ($asset->notes) ? Helper::parseEscapedMarkedownInline($asset->notes) : null,
            'order_number' => ($asset->order_number) ? e($asset->order_number) : null,
            'company' => ($asset->company) ? [
                'id' => (int) $asset->company->id,
@@ -92,52 +93,11 @@ class AssetsTransformer
            'checkout_counter' => (int) $asset->checkout_counter,
            'requests_counter' => (int) $asset->requests_counter,
            'user_can_checkout' => (bool) $asset->availableForCheckout(),
+            'book_value' => Helper::formatCurrencyOutput($asset->getLinearDepreciatedValue()),
        ];


-        if (($asset->model) && ($asset->model->fieldset) && ($asset->model->fieldset->fields->count() > 0)) {
-            $fields_array = [];
-
-            foreach ($asset->model->fieldset->fields as $field) {
-                if ($field->isFieldDecryptable($asset->{$field->db_column})) {
-                    $decrypted = Helper::gracefulDecrypt($field, $asset->{$field->db_column});
-                    $value = (Gate::allows('superadmin')) ? $decrypted : strtoupper(trans('admin/custom_fields/general.encrypted'));
-
-                    if ($field->format == 'DATE'){
-                        if (Gate::allows('superadmin')){
-                            $value = Helper::getFormattedDateObject($value, 'date', false);
-                        } else {
-                           $value = strtoupper(trans('admin/custom_fields/general.encrypted'));
-                        }
-                    }
-
-                    $fields_array[$field->name] = [
-                            'field' => e($field->db_column),
-                            'value' => e($value),
-                            'field_format' => $field->format,
-                            'element' => $field->element,
-                        ];
-
-                } else {
-                    $value = $asset->{$field->db_column};
-
-                    if (($field->format == 'DATE') && (!is_null($value)) && ($value!='')){
-                        $value = Helper::getFormattedDateObject($value, 'date', false);
-                    }
-                    
-                    $fields_array[$field->name] = [
-                        'field' => e($field->db_column),
-                        'value' => e($value),
-                        'field_format' => $field->format,
-                        'element' => $field->element,
-                    ];
-                }
-
-                $array['custom_fields'] = $fields_array;
-            }
-        } else {
-            $array['custom_fields'] = new \stdClass; // HACK to force generation of empty object instead of empty list
-        }
+        $array['custom_fields'] = CustomFieldHelper::transform($asset->model->fieldset,$asset);

        $permissions_array['available_actions'] = [
            'checkout'      => ($asset->deleted_at=='' && Gate::allows('checkout', Asset::class)) ? true : false,
@@ -38,6 +38,9 @@ class CategoriesTransformer
            case 'component':
                $category->item_count = $category->components_count;
                break;
+            case 'license':
+                $category->item_count = $category->licenses_count;
+                break;
            default:
                $category->item_count = 0;
        }
@@ -26,6 +26,9 @@ class CompaniesTransformer
            $array = [
                'id' => (int) $company->id,
                'name' => e($company->name),
+                'phone' => ($company->phone!='') ? e($company->phone): null,
+                'fax' => ($company->fax!='') ? e($company->fax): null,
+                'email' => ($company->email!='') ? e($company->email): null,
                'image' =>   ($company->image) ? Storage::disk('public')->url('companies/'.e($company->image)) : null,
                'created_at' => Helper::getFormattedDateObject($company->created_at, 'datetime'),
                'updated_at' => Helper::getFormattedDateObject($company->updated_at, 'datetime'),
--- a/Show More
+++ b/Show More