commit 147fcfb8eb
Merge: 58a3d09b5fdcc17ca2
Author: snipe <snipe@snipe.net>
Date: Tue Oct 22 15:12:55 2024 +0100
Merge pull request #15676 from Toreg87/fixes/api_create_user_fmcs
Fix user creation with FullMultipleCompanySupport enabled over API
commit 58a3d09b5f
Merge: 30a06a594867fa2f36
Author: snipe <snipe@snipe.net>
Date: Tue Oct 22 14:55:42 2024 +0100
Merge pull request #15703 from marcusmoore/bug/sc-27188
Linked accessory files in activity report
commit 30a06a5942
Merge: 6c6af78e0ce3086317
Author: snipe <snipe@snipe.net>
Date: Tue Oct 22 11:47:06 2024 +0100
Merge pull request #15693 from marcusmoore/chore/remove-parallel-testing
Removed brianium/paratest
commit 6c6af78e08
Merge: 9b06bbb6c3f79fd7ea
Author: snipe <snipe@snipe.net>
Date: Tue Oct 22 11:46:04 2024 +0100
Merge pull request #15705 from marcusmoore/tests/icon-component-test
Added test to ensure icon component does not end in newline
commit 3f79fd7ea7
Author: Marcus Moore <contact@marcusmoore.io>
Date: Mon Oct 21 17:07:40 2024 -0700
Add test to ensure icon component does not end in newline
commit 9b06bbb6c3
Merge: 46ad1d072d7f70146f
Author: snipe <snipe@snipe.net>
Date: Mon Oct 21 22:38:26 2024 +0100
Merge pull request #15704 from marcusmoore/bug/remove-extra-icon
Removed second icon in accessory file list
commit ce30863177
Author: Marcus Moore <contact@marcusmoore.io>
Date: Mon Oct 21 13:57:04 2024 -0700
Remove brianium/paratest dependency
commit d7f70146f4
Author: Marcus Moore <contact@marcusmoore.io>
Date: Mon Oct 21 13:48:25 2024 -0700
Remove extra icon in accessory file upload list
commit 867fa2f36e
Author: Marcus Moore <contact@marcusmoore.io>
Date: Mon Oct 21 12:40:24 2024 -0700
Display file in activity report for accessories
commit 0933a2d4ea
Author: Marcus Moore <contact@marcusmoore.io>
Date: Thu Oct 17 18:01:48 2024 -0700
Remove --parallel flag
commit 46ad1d072f
Merge: bcb4bd9eb3cf746d7d
Author: snipe <snipe@snipe.net>
Date: Thu Oct 17 15:29:47 2024 +0100
Merge pull request #15680 from uberbrady/bulk_checkout_to_bulk_actions
Bulk checkout to bulk actions
commit bcb4bd9eb4
Merge: 250037540f50ccbcc4
Author: snipe <snipe@snipe.net>
Date: Thu Oct 17 10:20:13 2024 +0100
Merge pull request #15683 from Toreg87/fixes/outdated_comment
Fix outdated comment in CompanyableTrait
commit f50ccbcc49
Author: Tobias Regnery <tobias.regnery@gmail.com>
Date: Thu Oct 17 11:07:28 2024 +0200
Fix outdated comment in CompanyableTrait
As of commit 5800e8d the user model uses CompanyableTrait so remove this clearly outdated comment
commit 3cf746d7df
Author: Brady Wetherington <bwetherington@grokability.com>
Date: Wed Oct 16 23:13:32 2024 +0100
Rework the bulk checkout to not change how all checkouts work
commit 6b7af802af
Author: Brady Wetherington <bwetherington@grokability.com>
Date: Thu Oct 10 13:28:23 2024 +0100
Add 'bulk checkout' as one of the bulk actions in the bulk actions toolbar
commit fdcc17ca2c
Author: Tobias Regnery <tobias.regnery@gmail.com>
Date: Wed Oct 16 11:18:24 2024 +0200
Fix user creation with FullMultipleCompanySupport enabled over API
It is currently possible as a non-superuser to create a new user or patch an existing user with arbitrary company over the API if FullMultipleCompanySupport is enabled.
Altough a highly unlikely scenario as the user needs permission to create API keys and new users, it is a bug that should get fixed.
Add a call to getIdForCurrentUser() to normalize the company_id if FullMultipleCompanySupport is enabled.
Signed-off-by: snipe <snipe@snipe.net>
Commit fb4fe3004 restored the previous behaviour to check the company_id in case of FullMultipleCompanySupport.
But after rereading the code and the laravel documentation, the check is already there where it belongs in AssetStoreRequest::prepareForValidation()
The bug is the is_int-check of the request input in prepareForValidation(). Is is of type string even if it is a numeric value, so the call to getIdForCurrentUser() never happend.
Fix this by removing the check and the now redundant call to getIdForCurrentUser().
Wrong values will get caught by the model-level validation rules.
It is currently possible to create an asset with arbitrary company without being superuser and FullMultipleCompanySupport enabled.
This bug goes back to 75ac7f80b9 which is part of version 6.3.0.
Fix this by restoring the previous behaviour to check the company_id with getIdForCurrentUser().
