lunax/snipe_it
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity Actions
4411 commits 1 branch 0 tags 220 MiB
Commit graph

1345 commits

Author SHA1 Message Date
snipe
7ccb41371e
Removed unoptimized images directive 
securityheaders.com is claiming it’s onrecognized, even though I got that directive from their site, so… whatever. ¯\_(ツ)_/¯
 2020-06-23 01:09:39 -07:00
snipe
2e60a457bf
Dumb fix for feature-policy being dumb. 2020-06-23 01:07:00 -07:00
snipe
00b051b8c7
Added a few more comments 2020-06-23 00:26:09 -07:00
snipe
05b3a9ad7e
Config variable for HSTS 2020-06-22 23:17:27 -07:00
snipe
4fb880384f
Changed comment 2020-06-22 22:37:14 -07:00
snipe
43042ad841
Consolidated ReferrerPolicy into new SecurityHeaders file 2020-06-22 22:35:59 -07:00
snipe
a716382ac4
Removed CSP middleware (it’s added in the general header) 2020-06-22 22:33:37 -07:00
snipe
36c8f7f4f1
Additional security headers 2020-06-22 22:31:01 -07:00
snipe
2ac1c1636c
Better handle the logic to determine if we should display the license checkout blade 2020-06-16 16:12:57 -07:00
snipe
f88683766b
Roll back previous change 
Signed-off-by: snipe <snipe@snipe.net>
 2020-05-14 00:55:47 -07:00
snipe
e4385c0f8c
Fixes #8051 regression 
Signed-off-by: snipe <snipe@snipe.net>
 2020-05-14 00:48:30 -07:00
snipe
0550fe0ffa
Fix for session fixation vulnerability 
Signed-off-by: snipe <snipe@snipe.net>
 2020-05-12 10:31:54 -07:00
snipe
95cc48e422
Added option to disable backup in import 
Signed-off-by: snipe <snipe@snipe.net>
 2020-05-11 20:41:10 -07:00
snipe
bb42109c0c
Added a clarifying comment 
Signed-off-by: snipe <snipe@snipe.net>
 2020-05-11 18:10:45 -07:00
snipe
b9e821c0e6
Small fix for Group Functional Tests 
Signed-off-by: snipe <snipe@snipe.net>
 2020-05-11 18:07:14 -07:00
snipe
5bb4f271aa
Fixed #7987 - allow toggle of required/optional in custom fields/fieldsets 
Signed-off-by: snipe <snipe@snipe.net>
 2020-04-24 00:47:19 -07:00
snipe
197a84be94
Commented out rtd_location_id override - why did we do that? 2020-04-09 14:17:39 -07:00
snipe
b4fa4c77d7
Check for rtd_location_id before trying to assign 2020-04-09 14:14:30 -07:00
snipe
cfec142c3b
Better handle models without a fieldset in the asset request [RB 9935] 2020-04-09 11:18:54 -07:00
snipe
f8a72db696
Changed LDAP 600 to 500, clearer error messages on LDAP test 2020-04-09 09:55:44 -07:00
snipe
206bd675f2
Pulled slack validation out of setting model validation so it doesn’t fail mysteriously on other pages 2020-04-08 15:07:02 -07:00
snipe
a0f7fdc57a
Merge branch 'fixes/accessibility_fixes' 
# Conflicts:
#	public/css/build/all.css
#	public/css/dist/all.css
#	public/js/build/all.js
#	public/js/build/vue.js
#	public/js/build/vue.js.map
#	public/js/dist/all.js
#	public/mix-manifest.json
#	resources/assets/js/components/importer/importer-file.vue
 2020-04-08 11:19:42 -07:00
snipe
79232fc434
Fixed #7947 - Added rtd_location_id to API search 2020-04-08 11:00:04 -07:00
snipe
0b3f511534
Fixed compact() errors 2020-04-07 17:26:56 -07:00
snipe
893944403e
Check for location_id being set before trying to set it on checkout via API 2020-04-06 15:54:40 -07:00
snipe
d7873f257d Fixed CSP for importer 2020-04-06 14:18:45 -07:00
snipe
e7c1418314 Fixed possible typo in CSP 2020-04-01 19:47:42 -07:00
snipe
4dcc1ffdbc More form labels 2020-04-01 02:22:24 -07:00
snipe
7d466f3584 Update user uploads for more data to work with recport 2020-04-01 02:22:16 -07:00
snipe
6174f9b93f Check that there is actually a filed ID submitted 2020-04-01 01:25:31 -07:00
snipe
a467a6999e Use upload modal 2020-03-31 22:50:07 -07:00
snipe
6066c249d5 Moved gate to the top of the method 2020-03-06 16:01:13 -08:00
Ivan Nieto
025ea93f05
Fix for when a user with the correct permissions couldn't update Manufacturers. (#7882) 
* Changed the ability name from 'edit' to 'update'. Changed the order of execution: first checks if the manufacturer exists, then checks permissions

* Handles the update method, that also has the ability parameter as edit instead of update"
q

* Revert "Handles the update method, that also has the ability parameter as edit instead of update""

This reverts commit d7dc0e451e69935325987a6ec6f8644854ab0e16.

* Handles the update method, that also has the ability parameter as 'edit' instead of 'update'
 2020-03-06 15:59:51 -08:00
snipe
54fd8f81ff
Added permissions on user api (#7883) 
* Add permissions to user edit API

* Add user permissions on user create/update API endpoint
 2020-03-06 15:28:46 -08:00
snipe
ca43554327
Fixes search by serial or tag even if they have slashes in them (#7879) 
* Fixes search by serial or tag even if they have slashes in them

* Added support for url param byTag and bySerial

* Fixed typo comments

* Sojme additional comments to clarify use-cases

* Updated comments for clarity
 2020-03-06 14:55:20 -08:00
snipe
8b2f8ef3cb Spelling is hard :( 2020-03-04 22:19:59 -08:00
snipe
15518852aa Added validation to reject email addresses over 250 characters 2020-03-04 22:08:07 -08:00
Godfrey Martinez
0e0fe967e4
BadMethodCallException Method update does [ch10544] (#7804) 2020-02-10 19:27:23 -08:00
snipe
2f0ed129f0 Use “invalid barcode” image and suppress errors when barcode format is wrong 2020-02-04 18:15:01 -08:00
snipe
3361b859c0
Changes offset to use the actual item count as override instead of 0 (#7788) 2020-02-04 12:32:24 -08:00
snipe
89e2a3ae3c Fixed #7752 - reformat /api/v1/users/me to use transformer 2020-01-30 13:12:43 -08:00
snipe
5f85d8132b
Fix for weird JSON parsing in actionlogs (#7753) 
* Fix for weird JSON parsing in actionlogs

* Removed debugging code

* Check for the meta array

(If no fields, no array)
 2020-01-24 17:31:43 -08:00
Ivan Nieto
75bf8f3d58 Remove not existent variable 'id' in the redirect causing [ch10602] (#7732) 2020-01-17 16:12:24 -08:00
snipe
324da7c0c8 Include correct license, asset, etc count on user show API call 2019-12-19 18:09:53 -08:00
snipe
779fc6d195 Added license endpoint for users 2019-12-19 18:00:36 -08:00
snipe
ff57f10e9f
Fix for searching on child location names (#7646) 
* Fix for child locations

* Reverts temp changes to indenter
 2019-12-06 13:14:10 -08:00
snipe
e71e57f16a
Fixed XSS vulnerability in SVG image uploads [ch10476] (#7639) 
* Added enshrined/svg-sanitize

* Added modular image resizing/SVG cleaning method

(This already exists in v5, so I mostly ported it forward and added the SVG sanitizer.)

* Use improved handleImages method to upload/resize/clean images

* Removed $old_image

This is handled in the ImageUpload request now
 2019-12-05 22:23:05 -08:00
snipe
ff8d98c97c
Update child assets to reflect asset parent location (#7458) 2019-12-04 16:19:25 -08:00
snipe
88cf456386
Adding Dept to license seats (#7609) 
* Adding Dept to license seats

* Added query scope to order by department

* Make license seat department sortable

* Disable license seat internal search - this never actually worked
 2019-11-21 22:03:56 -08:00
snipe
a73fd24695 Fix maintenances permissions check to allow users who can edit assets to edit maintenances 2019-11-08 17:02:17 -08:00