From 6d55d782806c9660e9e65dc5250faacb5d0033ed Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 9 Oct 2023 16:13:41 +0100 Subject: [PATCH 1/5] Set resend acceptance to POST Signed-off-by: snipe --- app/Http/Controllers/ReportsController.php | 16 +++++++++++++--- .../views/reports/unaccepted_assets.blade.php | 16 ++++++++++++++-- routes/web.php | 4 ++-- 3 files changed, 29 insertions(+), 7 deletions(-) diff --git a/app/Http/Controllers/ReportsController.php b/app/Http/Controllers/ReportsController.php index bacc27f42..4873c7f2a 100644 --- a/app/Http/Controllers/ReportsController.php +++ b/app/Http/Controllers/ReportsController.php @@ -1043,27 +1043,37 @@ class ReportsController extends Controller * @throws \Illuminate\Auth\Access\AuthorizationException * @version v1.0 */ - public function sentAssetAcceptanceReminder($acceptanceId = null) + public function sentAssetAcceptanceReminder(Request $request) { $this->authorize('reports.view'); - if (!$acceptance = CheckoutAcceptance::pending()->find($acceptanceId)) { + if (!$acceptance = CheckoutAcceptance::pending()->find($request->input('acceptance_id'))) { + \Log::debug('No pending acceptances'); // Redirect to the unaccepted assets report page with error return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data')); } + $assetItem = $acceptance->checkoutable; + \Log::debug(print_r($assetItem, true)); + if (is_null($acceptance->created_at)){ + \Log::debug('No acceptance created_at'); return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data')); } else { $logItem_res = $assetItem->checkouts()->where('created_at', '=', $acceptance->created_at)->get(); + + \Log::debug('Acceptance created at: '.$acceptance->created_at); + \Log::debug(print_r($logItem_res, true)); + if ($logItem_res->isEmpty()){ + \Log::debug('Acceptance date mismatch'); return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data')); } $logItem = $logItem_res[0]; } - if(!$assetItem->assignedTo->locale){ + if (!$assetItem->assignedTo->locale){ Notification::locale(Setting::getSettings()->locale)->send( $assetItem->assignedTo, new CheckoutAssetNotification($assetItem, $assetItem->assignedTo, $logItem->user, $acceptance, $logItem->note) diff --git a/resources/views/reports/unaccepted_assets.blade.php b/resources/views/reports/unaccepted_assets.blade.php index 37ae66ce3..80d151fd4 100644 --- a/resources/views/reports/unaccepted_assets.blade.php +++ b/resources/views/reports/unaccepted_assets.blade.php @@ -77,11 +77,23 @@ {!! $item['assetItem']->present()->nameUrl() !!} {{ $item['assetItem']->asset_tag }} assignedTo === null || $item['acceptance']->assignedTo->trashed()) style="text-decoration: line-through" @endif>{!! ($item['acceptance']->assignedTo) ? $item['acceptance']->assignedTo->present()->nameUrl() : trans('admin/reports/general.deleted_user') !!} - + + @if(!$item['acceptance']->trashed()) - @if ($item['acceptance']->assignedTo){{ trans('admin/reports/general.send_reminder') }}@endif +
+ @if ($item['acceptance']->assignedTo) + @csrf + + + + @endif +
@endif + + @endif diff --git a/routes/web.php b/routes/web.php index 4bc8b3bb5..0aacf8513 100644 --- a/routes/web.php +++ b/routes/web.php @@ -368,8 +368,8 @@ Route::group(['middleware' => ['auth']], function () { 'reports/unaccepted_assets/{deleted?}', [ReportsController::class, 'getAssetAcceptanceReport'] )->name('reports/unaccepted_assets'); - Route::get( - 'reports/unaccepted_assets/{acceptanceId}/sent_reminder', + Route::post( + 'reports/unaccepted_assets/sent_reminder', [ReportsController::class, 'sentAssetAcceptanceReminder'] )->name('reports/unaccepted_assets_sent_reminder'); Route::delete( From 866bbe5e1149223baa265f8d04a2854dfb9bfa99 Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 9 Oct 2023 16:15:14 +0100 Subject: [PATCH 2/5] Removed extra debugging Signed-off-by: snipe --- app/Http/Controllers/ReportsController.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/app/Http/Controllers/ReportsController.php b/app/Http/Controllers/ReportsController.php index 4873c7f2a..279162421 100644 --- a/app/Http/Controllers/ReportsController.php +++ b/app/Http/Controllers/ReportsController.php @@ -1063,9 +1063,6 @@ class ReportsController extends Controller } else { $logItem_res = $assetItem->checkouts()->where('created_at', '=', $acceptance->created_at)->get(); - \Log::debug('Acceptance created at: '.$acceptance->created_at); - \Log::debug(print_r($logItem_res, true)); - if ($logItem_res->isEmpty()){ \Log::debug('Acceptance date mismatch'); return redirect()->route('reports/unaccepted_assets')->with('error', trans('general.bad_data')); From b9dc7f88d00a22cd477a3a2f2a6fc8e48a3553ac Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 9 Oct 2023 16:32:30 +0100 Subject: [PATCH 3/5] Fix qty requirements for Components API checkout Signed-off-by: snipe --- app/Http/Controllers/Api/ComponentsController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Http/Controllers/Api/ComponentsController.php b/app/Http/Controllers/Api/ComponentsController.php index a6e3e379e..9525bdbaf 100644 --- a/app/Http/Controllers/Api/ComponentsController.php +++ b/app/Http/Controllers/Api/ComponentsController.php @@ -263,7 +263,7 @@ class ComponentsController extends Controller } // Make sure there is at least one available to checkout - if ($component->numRemaining() <= $request->get('assigned_qty')) { + if ($component->numRemaining() < $request->get('assigned_qty')) { return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.checkout.unavailable', ['remaining' => $component->numRemaining(), 'requested' => $request->get('assigned_qty')]))); } From 0fbe63d0cf6b6c3e21ae113f3eec70d0c2dc56e9 Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 9 Oct 2023 16:33:00 +0100 Subject: [PATCH 4/5] Add @Singrity as a contributor --- .all-contributorsrc | 9 +++++++++ README.md | 4 ++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/.all-contributorsrc b/.all-contributorsrc index 41e7063e3..c10b08018 100644 --- a/.all-contributorsrc +++ b/.all-contributorsrc @@ -2961,6 +2961,15 @@ "contributions": [ "code" ] + }, + { + "login": "Singrity", + "name": "Bogdan", + "avatar_url": "https://avatars.githubusercontent.com/u/58479551?v=4", + "profile": "http://@singrity", + "contributions": [ + "code" + ] } ] } diff --git a/README.md b/README.md index c29cccb67..3a74120b3 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ [![Crowdin](https://d322cqt584bo4o.cloudfront.net/snipe-it/localized.svg)](https://crowdin.com/project/snipe-it) [![Docker Pulls](https://img.shields.io/docker/pulls/snipe/snipe-it.svg)](https://hub.docker.com/r/snipe/snipe-it/) [![Twitter Follow](https://img.shields.io/twitter/follow/snipeitapp.svg?style=social)](https://twitter.com/snipeitapp) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/553ce52037fc43ea99149785afcfe641)](https://www.codacy.com/app/snipe/snipe-it?utm_source=github.com&utm_medium=referral&utm_content=snipe/snipe-it&utm_campaign=Badge_Grade) -[![All Contributors](https://img.shields.io/badge/all_contributors-326-orange.svg?style=flat-square)](#contributors) [![Discord](https://badgen.net/badge/icon/discord?icon=discord&label)](https://discord.gg/yZFtShAcKk) [![huntr](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev) +[![All Contributors](https://img.shields.io/badge/all_contributors-327-orange.svg?style=flat-square)](#contributors) [![Discord](https://badgen.net/badge/icon/discord?icon=discord&label)](https://discord.gg/yZFtShAcKk) [![huntr](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev) ## Snipe-IT - Open Source Asset Management System @@ -145,7 +145,7 @@ Thanks goes to all of these wonderful people ([emoji key](https://github.com/ken | [
Chris Hartjes](http://www.littlehart.net/atthekeyboard)
[💻](https://github.com/snipe/snipe-it/commits?author=chartjes "Code") | [
geo-chen](https://github.com/geo-chen)
[💻](https://github.com/snipe/snipe-it/commits?author=geo-chen "Code") | [
Phan Nguyen](https://github.com/nh314)
[💻](https://github.com/snipe/snipe-it/commits?author=nh314 "Code") | [
Iisakki Jaakkola](https://github.com/StarlessNights)
[💻](https://github.com/snipe/snipe-it/commits?author=StarlessNights "Code") | [
Ikko Ashimine](https://bandism.net/)
[💻](https://github.com/snipe/snipe-it/commits?author=eltociear "Code") | [
Lukas Fehling](https://github.com/lukasfehling)
[💻](https://github.com/snipe/snipe-it/commits?author=lukasfehling "Code") | [
Fernando Almeida](https://github.com/fernando-almeida)
[💻](https://github.com/snipe/snipe-it/commits?author=fernando-almeida "Code") | | [
akemidx](https://github.com/akemidx)
[💻](https://github.com/snipe/snipe-it/commits?author=akemidx "Code") | [
Oguz Bilgic](http://oguz.site)
[💻](https://github.com/snipe/snipe-it/commits?author=oguzbilgic "Code") | [
Scooter Crawford](https://github.com/scoo73r)
[💻](https://github.com/snipe/snipe-it/commits?author=scoo73r "Code") | [
subdriven](https://github.com/subdriven)
[💻](https://github.com/snipe/snipe-it/commits?author=subdriven "Code") | [
Andrew Savinykh](https://github.com/AndrewSav)
[💻](https://github.com/snipe/snipe-it/commits?author=AndrewSav "Code") | [
Tadayuki Onishi](https://kenchan0130.github.io)
[💻](https://github.com/snipe/snipe-it/commits?author=kenchan0130 "Code") | [
Florian](https://github.com/floschoepfer)
[💻](https://github.com/snipe/snipe-it/commits?author=floschoepfer "Code") | | [
Spencer Long](http://spencerlong.com)
[💻](https://github.com/snipe/snipe-it/commits?author=spencerrlongg "Code") | [
Marcus Moore](https://github.com/marcusmoore)
[💻](https://github.com/snipe/snipe-it/commits?author=marcusmoore "Code") | [
Martin Meredith](https://github.com/Mezzle)
| [
dboth](http://dboth.de)
[💻](https://github.com/snipe/snipe-it/commits?author=dboth "Code") | [
Zachary Fleck](https://github.com/zacharyfleck)
[💻](https://github.com/snipe/snipe-it/commits?author=zacharyfleck "Code") | [
VIKAAS-A](https://github.com/vikaas-cyper)
[💻](https://github.com/snipe/snipe-it/commits?author=vikaas-cyper "Code") | [
Abdul Kareem](https://github.com/ak-piracha)
[💻](https://github.com/snipe/snipe-it/commits?author=ak-piracha "Code") | -| [
NojoudAlshehri](https://github.com/NojoudAlshehri)
[💻](https://github.com/snipe/snipe-it/commits?author=NojoudAlshehri "Code") | [
Stefan Stidl](https://github.com/stefanstidlffg)
[💻](https://github.com/snipe/snipe-it/commits?author=stefanstidlffg "Code") | [
Quentin Aymard](https://github.com/qay21)
[💻](https://github.com/snipe/snipe-it/commits?author=qay21 "Code") | [
Grant Le Roux](https://github.com/cram42)
[💻](https://github.com/snipe/snipe-it/commits?author=cram42 "Code") | +| [
NojoudAlshehri](https://github.com/NojoudAlshehri)
[💻](https://github.com/snipe/snipe-it/commits?author=NojoudAlshehri "Code") | [
Stefan Stidl](https://github.com/stefanstidlffg)
[💻](https://github.com/snipe/snipe-it/commits?author=stefanstidlffg "Code") | [
Quentin Aymard](https://github.com/qay21)
[💻](https://github.com/snipe/snipe-it/commits?author=qay21 "Code") | [
Grant Le Roux](https://github.com/cram42)
[💻](https://github.com/snipe/snipe-it/commits?author=cram42 "Code") | [
Bogdan](http://@singrity)
[💻](https://github.com/snipe/snipe-it/commits?author=Singrity "Code") | This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind welcome! From f685ba01b61319a6ced0d1d976a323173454199f Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 9 Oct 2023 16:43:14 +0100 Subject: [PATCH 5/5] Reversed order of find Signed-off-by: snipe --- .../Controllers/Accessories/AccessoriesFilesController.php | 2 +- app/Http/Controllers/Assets/AssetFilesController.php | 2 +- .../Controllers/Components/ComponentsFilesController.php | 2 +- .../Controllers/Consumables/ConsumablesFilesController.php | 2 +- app/Http/Controllers/Licenses/LicenseFilesController.php | 2 +- app/Http/Controllers/Users/UserFilesController.php | 7 ++++++- 6 files changed, 11 insertions(+), 6 deletions(-) diff --git a/app/Http/Controllers/Accessories/AccessoriesFilesController.php b/app/Http/Controllers/Accessories/AccessoriesFilesController.php index 939ab8126..6a94a897a 100644 --- a/app/Http/Controllers/Accessories/AccessoriesFilesController.php +++ b/app/Http/Controllers/Accessories/AccessoriesFilesController.php @@ -146,7 +146,7 @@ class AccessoriesFilesController extends Controller $this->authorize('view', $accessory); $this->authorize('accessories.files', $accessory); - if (! $log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $accessory->id)->first()) { + if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $accessory->id)->find($fileId)) { return redirect()->route('accessories.index')->with('error', trans('admin/users/message.log_record_not_found')); } diff --git a/app/Http/Controllers/Assets/AssetFilesController.php b/app/Http/Controllers/Assets/AssetFilesController.php index cfe8055bd..610705c60 100644 --- a/app/Http/Controllers/Assets/AssetFilesController.php +++ b/app/Http/Controllers/Assets/AssetFilesController.php @@ -86,7 +86,7 @@ class AssetFilesController extends Controller if (isset($asset->id)) { $this->authorize('view', $asset); - if (! $log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $asset->id)->first()) { + if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $asset->id)->find($fileId)) { return response('No matching record for that asset/file', 500) ->header('Content-Type', 'text/plain'); } diff --git a/app/Http/Controllers/Components/ComponentsFilesController.php b/app/Http/Controllers/Components/ComponentsFilesController.php index d46dc05f9..0f4e782aa 100644 --- a/app/Http/Controllers/Components/ComponentsFilesController.php +++ b/app/Http/Controllers/Components/ComponentsFilesController.php @@ -142,7 +142,7 @@ class ComponentsFilesController extends Controller $this->authorize('view', $component); $this->authorize('components.files', $component); - if (! $log = Actionlog::find($fileId)) { + if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $component->id)->find($fileId)) { return response('No matching record for that asset/file', 500) ->header('Content-Type', 'text/plain'); } diff --git a/app/Http/Controllers/Consumables/ConsumablesFilesController.php b/app/Http/Controllers/Consumables/ConsumablesFilesController.php index 4d9d1d5f7..6053e82cc 100644 --- a/app/Http/Controllers/Consumables/ConsumablesFilesController.php +++ b/app/Http/Controllers/Consumables/ConsumablesFilesController.php @@ -140,7 +140,7 @@ class ConsumablesFilesController extends Controller $this->authorize('view', $consumable); $this->authorize('consumables.files', $consumable); - if (! $log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $consumable->id)->first()) { + if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $consumable->id)->find($fileId)) { return response('No matching record for that asset/file', 500) ->header('Content-Type', 'text/plain'); } diff --git a/app/Http/Controllers/Licenses/LicenseFilesController.php b/app/Http/Controllers/Licenses/LicenseFilesController.php index 83fbc0490..f6f7c1ad0 100644 --- a/app/Http/Controllers/Licenses/LicenseFilesController.php +++ b/app/Http/Controllers/Licenses/LicenseFilesController.php @@ -137,7 +137,7 @@ class LicenseFilesController extends Controller $this->authorize('view', $license); $this->authorize('licenses.files', $license); - if (! $log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $license->id)->first()) { + if (! $log = Actionlog::whereNotNull('filename')->where('item_id', $license->id)->find($fileId)) { return response('No matching record for that asset/file', 500) ->header('Content-Type', 'text/plain'); } diff --git a/app/Http/Controllers/Users/UserFilesController.php b/app/Http/Controllers/Users/UserFilesController.php index d0778dd57..0b787306f 100644 --- a/app/Http/Controllers/Users/UserFilesController.php +++ b/app/Http/Controllers/Users/UserFilesController.php @@ -136,6 +136,11 @@ class UserFilesController extends Controller */ public function show($userId = null, $fileId = null) { + + if (empty($fileId)) { + return redirect()->route('users.show')->with('error', 'Invalid file request'); + } + $user = User::find($userId); // the license is valid @@ -143,7 +148,7 @@ class UserFilesController extends Controller $this->authorize('view', $user); - if ($log = Actionlog::find($fileId)->whereNotNull('filename')->where('item_id', $user->id)->first()) { + if ($log = Actionlog::whereNotNull('filename')->where('item_id', $user->id)->find($fileId)) { // Display the file inline if (request('inline') == 'true') {