From bddb7fca238798a153f3ffad1ec00b97f68a1ca7 Mon Sep 17 00:00:00 2001 From: snipe Date: Fri, 25 Mar 2016 15:50:08 -0700 Subject: [PATCH] Additional doc blocks, added private_uploads path --- .../Controllers/AccessoriesController.php | 2 +- .../AssetMaintenancesController.php | 62 +++++++++++-------- app/Http/Controllers/AssetsController.php | 12 ++-- app/Http/Controllers/CategoriesController.php | 11 +++- .../Controllers/ChangeEmailController.php | 8 +++ .../Controllers/ChangePasswordController.php | 8 +++ app/Http/Controllers/CompaniesController.php | 11 +++- app/Http/Controllers/ComponentsController.php | 11 +++- .../Controllers/ConsumablesController.php | 11 +++- .../Controllers/CustomFieldsController.php | 8 +++ app/Http/Controllers/DashboardController.php | 8 +++ .../Controllers/DepreciationsController.php | 8 +++ app/Http/Controllers/GroupsController.php | 8 +++ app/Http/Controllers/LicensesController.php | 13 +++- app/Http/Controllers/LocationsController.php | 9 +++ .../Controllers/ManufacturersController.php | 8 +++ app/Http/Controllers/ProfileController.php | 9 +++ app/Http/Controllers/ReportsController.php | 9 +++ app/Http/Controllers/SettingsController.php | 6 +- .../Controllers/StatuslabelsController.php | 9 +++ app/Http/Controllers/SuppliersController.php | 9 +++ app/Http/Controllers/UsersController.php | 4 +- app/Http/Controllers/ViewAssetsController.php | 10 +++ config/app.php | 18 +++++- storage/private_uploads/backups/.gitignore | 2 + 25 files changed, 229 insertions(+), 45 deletions(-) create mode 100644 storage/private_uploads/backups/.gitignore diff --git a/app/Http/Controllers/AccessoriesController.php b/app/Http/Controllers/AccessoriesController.php index ed25e7a88..74e4318ed 100755 --- a/app/Http/Controllers/AccessoriesController.php +++ b/app/Http/Controllers/AccessoriesController.php @@ -5,7 +5,7 @@ * * PHP version 5.5.9 * @package Snipe-IT - * @version v3.0 + * @version v1.0 */ namespace App\Http\Controllers; diff --git a/app/Http/Controllers/AssetMaintenancesController.php b/app/Http/Controllers/AssetMaintenancesController.php index 2ebe3c500..98de1d52b 100644 --- a/app/Http/Controllers/AssetMaintenancesController.php +++ b/app/Http/Controllers/AssetMaintenancesController.php @@ -1,26 +1,34 @@ with('error', Lang::get('general.insufficient_permissions')); } - /** - * getIndex - * - * @return mixed - * @author Vincent Sposato - * @version v1.0 - */ + /** + * getIndex + * + * @return mixed + * @author Vincent Sposato + * @version v1.0 + */ public function getIndex() { diff --git a/app/Http/Controllers/AssetsController.php b/app/Http/Controllers/AssetsController.php index 424676507..acef53905 100755 --- a/app/Http/Controllers/AssetsController.php +++ b/app/Http/Controllers/AssetsController.php @@ -734,7 +734,7 @@ class AssetsController extends Controller public function getImportUpload() { - $path = storage_path().'/app/private_uploads/imports/assets'; + $path = config('app.private_uploads').'/imports/assets'; $files = array(); if (!Company::isCurrentUserAuthorized()) { @@ -780,7 +780,7 @@ class AssetsController extends Controller } elseif (!config('app.lock_passwords')) { $files = Input::file('files'); - $path = storage_path().'/app/private_uploads/imports/assets'; + $path = config('app.private_uploads').'/imports/assets'; $results = array(); foreach ($files as $file) { @@ -838,9 +838,9 @@ class AssetsController extends Controller } $output = new BufferedOutput; - Artisan::call('asset-import:csv', ['filename'=> storage_path().'/app/private_uploads/imports/assets/'.$filename, '--email_format'=>'firstname.lastname', '--username_format'=>'firstname.lastname'], $output); + Artisan::call('asset-import:csv', ['filename'=> config('app.private_uploads').'/imports/assets/'.$filename, '--email_format'=>'firstname.lastname', '--username_format'=>'firstname.lastname'], $output); $display_output = $output->fetch(); - $file = storage_path().'/app/private_uploads/imports/assets/'.str_replace('.csv', '', $filename).'-output-'.date("Y-m-d-his").'.txt'; + $file = config('app.private_uploads').'/imports/assets/'.str_replace('.csv', '', $filename).'-output-'.date("Y-m-d-his").'.txt'; file_put_contents($file, $display_output); @@ -948,7 +948,7 @@ class AssetsController extends Controller } // the asset is valid - $destinationPath = storage_path().'/private_uploads/app/imports/assets'; + $destinationPath = config('app.private_uploads').'/imports/assets'; @@ -1001,7 +1001,7 @@ class AssetsController extends Controller public function getDeleteFile($assetId = null, $fileId = null) { $asset = Asset::find($assetId); - $destinationPath = storage_path().'private_uploads/app/imports/assets'; + $destinationPath = config('app.private_uploads').'/imports/assets'; // the asset is valid if (isset($asset->id)) { diff --git a/app/Http/Controllers/CategoriesController.php b/app/Http/Controllers/CategoriesController.php index 5b3c385d7..e2609ef6a 100755 --- a/app/Http/Controllers/CategoriesController.php +++ b/app/Http/Controllers/CategoriesController.php @@ -1,4 +1,13 @@ -id)) { @@ -866,7 +875,7 @@ class LicensesController extends Controller public function getDeleteFile($licenseId = null, $fileId = null) { $license = License::find($licenseId); - $destinationPath = storage_path().'/app/private_uploads'; + $destinationPath = config('app.private_uploads').'/licenses'; // the license is valid if (isset($license->id)) { diff --git a/app/Http/Controllers/LocationsController.php b/app/Http/Controllers/LocationsController.php index e9841bf86..494ccc769 100755 --- a/app/Http/Controllers/LocationsController.php +++ b/app/Http/Controllers/LocationsController.php @@ -1,4 +1,13 @@ id)) { @@ -986,7 +986,7 @@ class UsersController extends Controller public function getDeleteFile($userId = null, $fileId = null) { $user = User::find($userId); - $destinationPath = app_path() . '/private_uploads'; + $destinationPath = config('app.private_uploads').'/users'; // the license is valid if (isset($user->id)) { diff --git a/app/Http/Controllers/ViewAssetsController.php b/app/Http/Controllers/ViewAssetsController.php index 68776609a..8f046652a 100755 --- a/app/Http/Controllers/ViewAssetsController.php +++ b/app/Http/Controllers/ViewAssetsController.php @@ -1,4 +1,14 @@ env('APP_LOG', 'single'), + /* + |-------------------------------------------------------------------------- + | Default Storage path for private uploads + |-------------------------------------------------------------------------- + | This is the path for any uploaded files that have to be run through the + | auth system to ensure they are not visible to the public. These should be + | stored somewhere outside of the web root so that an unautenticated user + | cannot access them. + | + | For example: license keys, contracts, etc. + | + */ + + 'private_uploads' => storage_path().'/private_uploads', + + /* |-------------------------------------------------------------------------- | Demo Mode Lockdown |-------------------------------------------------------------------------- | | Normal users will never need to edit this. This option lets you run a - | version of Snipe-IT with limited functionality to prevent demo abuse. + | version of Snipe-IT with limited functionality to prevent demo abuse. | */ diff --git a/storage/private_uploads/backups/.gitignore b/storage/private_uploads/backups/.gitignore new file mode 100644 index 000000000..c96a04f00 --- /dev/null +++ b/storage/private_uploads/backups/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore \ No newline at end of file