Merge remote-tracking branch 'origin/develop'

Signed-off-by: snipe <snipe@snipe.net>

app/Http/Controllers/ActionlogController.php

@@ -17,22 +17,24 @@ class ActionlogController extends Controller
 
         $disk = config('filesystems.default');
         switch (config("filesystems.disks.$disk.driver")) {
-        case 's3':
-            $file = 'private_uploads/signatures/'.$filename;
-            return redirect()->away(Storage::disk($disk)->temporaryUrl($file, now()->addMinutes(5)));
-        default:
-          $this->authorize('view', \App\Models\Asset::class);
-          $file = config('app.private_uploads').'/signatures/'.$filename;
-          $filetype = Helper::checkUploadIsImage($file);
+            case 's3':
+                $file = 'private_uploads/signatures/'.$filename;
+                return redirect()->away(Storage::disk($disk)->temporaryUrl($file, now()->addMinutes(5)));
+            default:
+                $this->authorize('view', \App\Models\Asset::class);
+                $file = config('app.private_uploads').'/signatures/'.$filename;
+                $filetype = Helper::checkUploadIsImage($file);
 
-          $contents = file_get_contents($file, false, stream_context_create(['http' => ['ignore_errors' => true]]));
-          if ($contents === false) {
-              Log::warning('File '.$file.' not found');
-              return false;
-          } else {
-              return Response::make($contents)->header('Content-Type', $filetype);
-          }
+                $contents = file_get_contents($file, false, stream_context_create(['http' => ['ignore_errors' => true]]));
+                if ($contents === false) {
+                    Log::warning('File '.$file.' not found');
+                    return false;
+                } else {
+                    return Response::make($contents)->header('Content-Type', $filetype);
+                }
+        }
     }
+
     public function getStoredEula($filename){
         $this->authorize('view', \App\Models\Asset::class);
         $file = config('app.private_uploads').'/eula-pdfs/'.$filename;

app/Http/Controllers/Api/UsersController.php

@@ -203,9 +203,6 @@ class UsersController extends Controller
             $users->where('autoassign_licenses', '=', $request->input('autoassign_licenses'));
         }
 
-        if ($request->filled('location_id') != '') {
-            $users = $users->UserLocation($request->input('location_id'), $request->input('search'));
-         }
 
         if (($request->filled('deleted')) && ($request->input('deleted') == 'true')) {
             $users = $users->onlyTrashed();

app/Http/Controllers/AssetModelsController.php

@@ -288,7 +288,7 @@ class AssetModelsController extends Controller
     public function show($modelId = null)
     {
         $this->authorize('view', AssetModel::class);
-        $model = AssetModel::withTrashed()->withCount('assets')->find($modelId);
+        $model = AssetModel::withTrashed()->find($modelId);
 
         if (isset($model->id)) {
             return view('models/view', compact('model'));

app/Models/User.php

@@ -827,16 +827,16 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo
 
 
         return $query->where('location_id','=', $location)
-            ->where('first_name', 'LIKE', '%' . $search . '%')
-            ->orWhere('email', 'LIKE', '%' . $search . '%')
-            ->orWhere('last_name', 'LIKE', '%' . $search . '%')
-            ->orWhere('permissions', 'LIKE', '%' . $search . '%')
-            ->orWhere('country', 'LIKE', '%' . $search . '%')
-            ->orWhere('phone', 'LIKE', '%' . $search . '%')
-            ->orWhere('jobtitle', 'LIKE', '%' . $search . '%')
-            ->orWhere('employee_num', 'LIKE', '%' . $search . '%')
-            ->orWhere('username', 'LIKE', '%' . $search . '%')
-            ->orwhereRaw('CONCAT(first_name," ",last_name) LIKE \''.$search.'%\'');
+            ->where('users.first_name', 'LIKE', '%' . $search . '%')
+            ->orWhere('users.email', 'LIKE', '%' . $search . '%')
+            ->orWhere('users.last_name', 'LIKE', '%' . $search . '%')
+            ->orWhere('users.permissions', 'LIKE', '%' . $search . '%')
+            ->orWhere('users.country', 'LIKE', '%' . $search . '%')
+            ->orWhere('users.phone', 'LIKE', '%' . $search . '%')
+            ->orWhere('users.jobtitle', 'LIKE', '%' . $search . '%')
+            ->orWhere('users.employee_num', 'LIKE', '%' . $search . '%')
+            ->orWhere('users.username', 'LIKE', '%' . $search . '%')
+            ->orwhereRaw('CONCAT(users.first_name," ",users.last_name) LIKE \''.$search.'%\'');
 
 
 

app/Providers/AppServiceProvider.php

@@ -21,6 +21,7 @@ use Illuminate\Routing\UrlGenerator;
 use Illuminate\Support\Facades\Schema;
 use Illuminate\Support\ServiceProvider;
 use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\URL;
 
 /**
  * This service provider handles setting the observers on models
@@ -31,7 +32,7 @@ use Illuminate\Support\Facades\Log;
 class AppServiceProvider extends ServiceProvider
 {
     /**
-     * Custom email array validation
+     * Bootstrap application services.
      *
      * @author [A. Gianotto] [<snipe@snipe.net>]
      * @since [v3.0]
@@ -39,19 +40,24 @@ class AppServiceProvider extends ServiceProvider
      */
     public function boot(UrlGenerator $url)
     {
-        if (env('APP_FORCE_TLS')) {
-            if (strpos(env('APP_URL'), 'https') === 0) {
-                $url->forceScheme('https');
-            } else {
-                Log::debug("'APP_FORCE_TLS' is set to true, but 'APP_URL' does not start with 'https://'. Will not force TLS on connections.");
-            }
+        /**
+         * This is a workaround for proxies/reverse proxies that don't always pass the proper headers.
+         *
+         * Here, we check if the APP_URL starts with https://, which we should always honor,
+         * regardless of how well the proxy or network is configured.
+         *
+         * We'll force the https scheme if the APP_URL starts with https://, or if APP_FORCE_TLS is set to true.
+         *
+         */
+        if ((strpos(env('APP_URL'), 'https://') === 0) || (env('APP_FORCE_TLS'))) {
+            $url->forceScheme('https');
         }
 
         // TODO - isn't it somehow 'gauche' to check the environment directly; shouldn't we be using config() somehow?
         if ( ! env('APP_ALLOW_INSECURE_HOSTS')) {  // unless you set APP_ALLOW_INSECURE_HOSTS, you should PROHIBIT forging domain parts of URL via Host: headers
             $url_parts = parse_url(config('app.url'));
             if ($url_parts && array_key_exists('scheme', $url_parts) && array_key_exists('host', $url_parts)) { // check for the *required* parts of a bare-minimum URL
-                \URL::forceRootUrl(config('app.url'));
+                URL::forceRootUrl(config('app.url'));
             } else {
                 Log::error("Your APP_URL in your .env is misconfigured - it is: ".config('app.url').". Many things will work strangely unless you fix it.");
             }

composer.json

@@ -26,7 +26,7 @@
     "alek13/slack": "^2.0",
     "arietimmerman/laravel-scim-server": "dev-master",
     "bacon/bacon-qr-code": "^2.0",
-    "barryvdh/laravel-debugbar": "^3.6",
+    "barryvdh/laravel-debugbar": "^3.13",
     "barryvdh/laravel-dompdf": "^2.0",
     "doctrine/cache": "^1.10",
     "doctrine/dbal": "^3.1",

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "09b576ccf0db4a09af74bc9f95593c20",
+    "content-hash": "bc24b4f3399cb2119c0587e2e542d5ad",
     "packages": [
         {
             "name": "alek13/slack",
@@ -340,16 +340,16 @@
         },
         {
             "name": "barryvdh/laravel-debugbar",
-            "version": "v3.13.0",
+            "version": "v3.13.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/barryvdh/laravel-debugbar.git",
-                "reference": "354a42f3e0b083cdd6f9da5a9d1c0c63b074547a"
+                "reference": "92d86be45ee54edff735e46856f64f14b6a8bb07"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/barryvdh/laravel-debugbar/zipball/354a42f3e0b083cdd6f9da5a9d1c0c63b074547a",
-                "reference": "354a42f3e0b083cdd6f9da5a9d1c0c63b074547a",
+                "url": "https://api.github.com/repos/barryvdh/laravel-debugbar/zipball/92d86be45ee54edff735e46856f64f14b6a8bb07",
+                "reference": "92d86be45ee54edff735e46856f64f14b6a8bb07",
                 "shasum": ""
             },
             "require": {
@@ -408,7 +408,7 @@
             ],
             "support": {
                 "issues": "https://github.com/barryvdh/laravel-debugbar/issues",
-                "source": "https://github.com/barryvdh/laravel-debugbar/tree/v3.13.0"
+                "source": "https://github.com/barryvdh/laravel-debugbar/tree/v3.13.5"
             },
             "funding": [
                 {
@@ -420,7 +420,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-04-01T16:39:30+00:00"
+            "time": "2024-04-12T11:20:37+00:00"
         },
         {
             "name": "barryvdh/laravel-dompdf",

config/version.php

@@ -1,10 +1,10 @@
 <?php
 return array (
-  'app_version' => 'v7.0.2',
-  'full_app_version' => 'v7.0.2 - build 13978-g430808e18',
-  'build_version' => '13978',
+  'app_version' => 'v7.0.4',
+  'full_app_version' => 'v7.0.4 - build 14011-g20d558785',
+  'build_version' => '14011',
   'prerelease_version' => '',
-  'hash_version' => 'g430808e18',
-  'full_hash' => 'v7.0.2-12-g430808e18',
+  'hash_version' => 'g20d558785',
+  'full_hash' => 'v7.0.4-18-g20d558785',
   'branch' => 'master',
 );

package-lock.json

@@ -31,7 +31,7 @@
                 "less-loader": "^6.0",
                 "list.js": "^1.5.0",
                 "morris.js": "github:morrisjs/morris.js",
-                "papaparse": "5.2.0",
+                "papaparse": "5.4.1",
                 "select2": "4.0.13",
                 "sheetjs": "^2.0.0",
                 "signature_pad": "^4.2.0",
@@ -8347,9 +8347,9 @@
             "license": "(MIT AND Zlib)"
         },
         "node_modules/papaparse": {
-            "version": "5.2.0",
-            "resolved": "https://registry.npmjs.org/papaparse/-/papaparse-5.2.0.tgz",
-            "integrity": "sha512-ylq1wgUSnagU+MKQtNeVqrPhZuMYBvOSL00DHycFTCxownF95gpLAk1HiHdUW77N8yxRq1qHXLdlIPyBSG9NSA=="
+            "version": "5.4.1",
+            "resolved": "https://registry.npmjs.org/papaparse/-/papaparse-5.4.1.tgz",
+            "integrity": "sha512-HipMsgJkZu8br23pW15uvo6sib6wne/4woLZPlFf3rpDyMe9ywEXUsuD7+6K9PRkJlVT51j/sCOYDKGGS3ZJrw=="
         },
         "node_modules/param-case": {
             "version": "3.0.4",

package.json

@@ -51,7 +51,7 @@
         "less-loader": "^6.0",
         "list.js": "^1.5.0",
         "morris.js": "github:morrisjs/morris.js",
-        "papaparse": "5.2.0",
+        "papaparse": "5.4.1",
         "select2": "4.0.13",
         "sheetjs": "^2.0.0",
         "signature_pad": "^4.2.0",

public/evil.php

@@ -1,3 +0,0 @@
-GIF89a
-<?php echo "Hello, the date is: " . date('c');
-

resources/views/models/view.blade.php

@@ -42,8 +42,8 @@
                           <i class="fas fa-barcode fa-2x"></i>
                         </span>
                                     <span class="hidden-xs hidden-sm">
-                            {{ trans('general.assets') }}
-                                        {!! ($model->assets_count > 0 ) ? '<badge class="badge badge-secondary">'.number_format($model->assets_count).'</badge>' : '' !!}
+                                        {{ trans('general.assets') }}
+                                        {!! ($model->assets()->AssetsForShow()->count() > 0 ) ? '<badge class="badge badge-secondary">'.number_format($model->assets()->AssetsForShow()->count()).'</badge>' : '' !!}
                         </span>
                     </a>
                 </li>

tests/Feature/AssetModels/Ui/AssetModelIndexTest.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace Tests\Feature\AssetModels\Ui;
+
+use App\Models\User;
+use Tests\TestCase;
+
+class AssetModelIndexTest extends TestCase
+{
+    public function testPermissionRequiredToViewAssetModelList()
+    {
+        $this->actingAs(User::factory()->create())
+            ->get(route('models.index'))
+            ->assertForbidden();
+    }
+
+    public function testUserCanListAssetModels()
+    {
+        $this->actingAs(User::factory()->superuser()->create())
+            ->get(route('models.index'))
+            ->assertOk();
+    }
+}

tests/Feature/AssetModels/Ui/AssetModelStoreTest.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace Tests\Feature\AssetModels\Ui;
+
+use App\Models\AssetModel;
+use App\Models\Category;
+use App\Models\User;
+use Tests\TestCase;
+
+class AssetModelStoreTest extends TestCase
+{
+    public function testPermissionRequiredToStoreAssetModel()
+    {
+        $this->actingAs(User::factory()->create())
+            ->post(route('models.store'), [
+                'name' => 'Test Model',
+                'category_id' => Category::factory()->create()->id
+            ])
+            ->assertForbidden();
+    }
+
+    public function testUserCanCreateAssetModels()
+    {
+        $this->assertFalse(AssetModel::where('name', 'Test Model')->exists());
+
+        $this->actingAs(User::factory()->superuser()->create())
+            ->post(route('models.store'), [
+                'name' => 'Test Model',
+                'category_id' => Category::factory()->create()->id
+            ])
+            ->assertRedirect(route('models.index'));
+
+        $this->assertTrue(AssetModel::where('name', 'Test Model')->exists());
+    }
+}

tests/Feature/AssetModels/Ui/AssetModelsTest.php

@@ -1,38 +0,0 @@
-<?php
-
-namespace Tests\Feature\AssetModels\Ui;
-
-use App\Models\Category;
-use App\Models\AssetModel;
-use App\Models\Company;
-use App\Models\CustomField;
-use App\Models\Statuslabel;
-use App\Models\Supplier;
-use App\Models\User;
-use Illuminate\Support\Facades\Crypt;
-use Tests\TestCase;
-
-class AssetModelsTest extends TestCase
-{
-    public function testUserCanListAssetModels()
-    {
-
-        $this->actingAs(User::factory()->superuser()->create())
-            ->get(route('models.index'))
-            ->assertStatus(200);
-
-    }
-
-    public function testUserCanCreateAssetModels()
-    {
-        $this->actingAs(User::factory()->superuser()->create())
-            ->post(route('models.index'), [
-                'name' => 'Test Model',
-                'category_id' => Category::factory()->create()->id
-            ])
-            ->assertStatus(302)
-            ->assertRedirect(route('models.index'));
-    }
-
-
-}

tests/Feature/Users/Ui/ViewUserTest.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace Feature\Users\Ui;
+namespace Tests\Feature\Users\Ui;
 
 use App\Models\Company;
 use App\Models\User;
@@ -80,5 +80,4 @@ class ViewUserTest extends TestCase
             [$user], CurrentInventory::class
         );
     }
-
 }