Skip to content

Commit a05c33f

Browse files
snipesnipe
committed
Squashed commit of the following:
commit 147fcfb Merge: 58a3d09 fdcc17c Author: snipe <[email protected]> Date: Tue Oct 22 15:12:55 2024 +0100 Merge pull request #15676 from Toreg87/fixes/api_create_user_fmcs Fix user creation with FullMultipleCompanySupport enabled over API commit 58a3d09 Merge: 30a06a5 867fa2f Author: snipe <[email protected]> Date: Tue Oct 22 14:55:42 2024 +0100 Merge pull request #15703 from marcusmoore/bug/sc-27188 Linked accessory files in activity report commit 30a06a5 Merge: 6c6af78 ce30863 Author: snipe <[email protected]> Date: Tue Oct 22 11:47:06 2024 +0100 Merge pull request #15693 from marcusmoore/chore/remove-parallel-testing Removed brianium/paratest commit 6c6af78 Merge: 9b06bbb 3f79fd7 Author: snipe <[email protected]> Date: Tue Oct 22 11:46:04 2024 +0100 Merge pull request #15705 from marcusmoore/tests/icon-component-test Added test to ensure icon component does not end in newline commit 3f79fd7 Author: Marcus Moore <[email protected]> Date: Mon Oct 21 17:07:40 2024 -0700 Add test to ensure icon component does not end in newline commit 9b06bbb Merge: 46ad1d0 d7f7014 Author: snipe <[email protected]> Date: Mon Oct 21 22:38:26 2024 +0100 Merge pull request #15704 from marcusmoore/bug/remove-extra-icon Removed second icon in accessory file list commit ce30863 Author: Marcus Moore <[email protected]> Date: Mon Oct 21 13:57:04 2024 -0700 Remove brianium/paratest dependency commit d7f7014 Author: Marcus Moore <[email protected]> Date: Mon Oct 21 13:48:25 2024 -0700 Remove extra icon in accessory file upload list commit 867fa2f Author: Marcus Moore <[email protected]> Date: Mon Oct 21 12:40:24 2024 -0700 Display file in activity report for accessories commit 0933a2d Author: Marcus Moore <[email protected]> Date: Thu Oct 17 18:01:48 2024 -0700 Remove --parallel flag commit 46ad1d0 Merge: bcb4bd9 3cf746d Author: snipe <[email protected]> Date: Thu Oct 17 15:29:47 2024 +0100 Merge pull request #15680 from uberbrady/bulk_checkout_to_bulk_actions Bulk checkout to bulk actions commit bcb4bd9 Merge: 2500375 f50ccbc Author: snipe <[email protected]> Date: Thu Oct 17 10:20:13 2024 +0100 Merge pull request #15683 from Toreg87/fixes/outdated_comment Fix outdated comment in CompanyableTrait commit f50ccbc Author: Tobias Regnery <[email protected]> Date: Thu Oct 17 11:07:28 2024 +0200 Fix outdated comment in CompanyableTrait As of commit 5800e8d the user model uses CompanyableTrait so remove this clearly outdated comment commit 3cf746d Author: Brady Wetherington <[email protected]> Date: Wed Oct 16 23:13:32 2024 +0100 Rework the bulk checkout to not change how all checkouts work commit 6b7af80 Author: Brady Wetherington <[email protected]> Date: Thu Oct 10 13:28:23 2024 +0100 Add 'bulk checkout' as one of the bulk actions in the bulk actions toolbar commit fdcc17c Author: Tobias Regnery <[email protected]> Date: Wed Oct 16 11:18:24 2024 +0200 Fix user creation with FullMultipleCompanySupport enabled over API It is currently possible as a non-superuser to create a new user or patch an existing user with arbitrary company over the API if FullMultipleCompanySupport is enabled. Altough a highly unlikely scenario as the user needs permission to create API keys and new users, it is a bug that should get fixed. Add a call to getIdForCurrentUser() to normalize the company_id if FullMultipleCompanySupport is enabled. Signed-off-by: snipe <[email protected]>
1 parent 787e651 commit a05c33f

File tree

14 files changed

+73
-182
lines changed

14 files changed

+73
-182
lines changed

.github/workflows/tests-mysql.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,4 +76,4 @@ jobs:
7676
DB_DATABASE: snipeit
7777
DB_PORT: ${{ job.services.mysql.ports[3306] }}
7878
DB_USERNAME: root
79-
run: php artisan test --parallel
79+
run: php artisan test

.github/workflows/tests-postgres.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,4 +74,4 @@ jobs:
7474
DB_PORT: ${{ job.services.postgresql.ports[5432] }}
7575
DB_USERNAME: snipeit
7676
DB_PASSWORD: password
77-
run: php artisan test --parallel
77+
run: php artisan test

.github/workflows/tests-sqlite.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,4 +58,4 @@ jobs:
5858
- name: Execute tests (Unit and Feature tests) via PHPUnit
5959
env:
6060
DB_CONNECTION: sqlite_testing
61-
run: php artisan test --parallel
61+
run: php artisan test

app/Http/Controllers/Api/UsersController.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
use App\Models\Actionlog;
1515
use App\Models\Asset;
1616
use App\Models\Accessory;
17+
use App\Models\Company;
1718
use App\Models\Consumable;
1819
use App\Models\License;
1920
use App\Models\User;
@@ -371,6 +372,7 @@ public function store(SaveUserRequest $request) : JsonResponse
371372

372373
$user = new User;
373374
$user->fill($request->all());
375+
$user->company_id = Company::getIdForCurrentUser($request->input('company_id'));
374376
$user->created_by = auth()->id();
375377

376378
if ($request->has('permissions')) {
@@ -452,6 +454,10 @@ public function update(SaveUserRequest $request, User $user): JsonResponse
452454

453455
$user->fill($request->all());
454456

457+
if ($request->filled('company_id')) {
458+
$user->company_id = Company::getIdForCurrentUser($request->input('company_id'));
459+
}
460+
455461
if ($user->id == $request->input('manager_id')) {
456462
return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot be your own manager'));
457463
}

app/Http/Controllers/Assets/BulkAssetsController.php

Lines changed: 15 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,10 @@ public function edit(Request $request) : View | RedirectResponse
5252
}
5353

5454
$asset_ids = $request->input('ids');
55+
if ($request->input('bulk_actions') === 'checkout') {
56+
$request->session()->flashInput(['selected_assets' => $asset_ids]);
57+
return redirect()->route('hardware.bulkcheckout.show');
58+
}
5559

5660
// Figure out where we need to send the user after the update is complete, and store that in the session
5761
$bulk_back_url = request()->headers->get('referer');
@@ -571,31 +575,34 @@ public function storeCheckout(AssetCheckoutRequest $request) : RedirectResponse
571575
}
572576

573577
$errors = [];
574-
DB::transaction(function () use ($target, $admin, $checkout_at, $expected_checkin, $errors, $asset_ids, $request) {
578+
DB::transaction(function () use ($target, $admin, $checkout_at, $expected_checkin, &$errors, $asset_ids, $request) { //NOTE: $errors is passsed by reference!
575579
foreach ($asset_ids as $asset_id) {
576580
$asset = Asset::findOrFail($asset_id);
577581
$this->authorize('checkout', $asset);
578582

579-
$error = $asset->checkOut($target, $admin, $checkout_at, $expected_checkin, e($request->get('note')), $asset->name, null);
583+
$checkout_success = $asset->checkOut($target, $admin, $checkout_at, $expected_checkin, e($request->get('note')), $asset->name, null);
580584

585+
//TODO - I think this logic is duplicated in the checkOut method?
581586
if ($target->location_id != '') {
582587
$asset->location_id = $target->location_id;
583-
$asset->unsetEventDispatcher();
584-
$asset->save();
588+
// TODO - I don't know why this is being saved without events
589+
$asset::withoutEvents(function () use ($asset) {
590+
$asset->save();
591+
});
585592
}
586593

587-
if ($error) {
588-
array_merge_recursive($errors, $asset->getErrors()->toArray());
594+
if (!$checkout_success) {
595+
$errors = array_merge_recursive($errors, $asset->getErrors()->toArray());
589596
}
590597
}
591598
});
592599

593600
if (! $errors) {
594601
// Redirect to the new asset page
595-
return redirect()->to('hardware')->with('success', trans('admin/hardware/message.checkout.success'));
602+
return redirect()->to('hardware')->with('success', trans_choice('admin/hardware/message.multi-checkout.success', $asset_ids));
596603
}
597604
// Redirect to the asset management page with error
598-
return redirect()->route('hardware.bulkcheckout.show')->with('error', trans('admin/hardware/message.checkout.error'))->withErrors($errors);
605+
return redirect()->route('hardware.bulkcheckout.show')->withInput()->with('error', trans_choice('admin/hardware/message.multi-checkout.error', $asset_ids))->withErrors($errors);
599606
} catch (ModelNotFoundException $e) {
600607
return redirect()->route('hardware.bulkcheckout.show')->with('error', $e->getErrors());
601608
}

app/Http/Transformers/ActionlogsTransformer.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -141,6 +141,8 @@ public function transformActionlog (Actionlog $actionlog, $settings = null)
141141
if ($actionlog->item) {
142142
if ($actionlog->itemType() == 'asset') {
143143
$file_url = route('show/assetfile', ['assetId' => $actionlog->item->id, 'fileId' => $actionlog->id]);
144+
} elseif ($actionlog->itemType() == 'accessory') {
145+
$file_url = route('show.accessoryfile', ['accessoryId' => $actionlog->item->id, 'fileId' => $actionlog->id]);
144146
} elseif ($actionlog->itemType() == 'license') {
145147
$file_url = route('show.licensefile', ['licenseId' => $actionlog->item->id, 'fileId' => $actionlog->id]);
146148
} elseif ($actionlog->itemType() == 'user') {
@@ -345,4 +347,4 @@ public function changedInfo(array $clean_meta)
345347

346348

347349

348-
}
350+
}

app/Models/CompanyableTrait.php

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,9 +8,6 @@ trait CompanyableTrait
88
* This trait is used to scope models to the current company. To use this scope on companyable models,
99
* we use the "use Companyable;" statement at the top of the mode.
1010
*
11-
* We CANNOT USE THIS ON USERS, as it causes an infinite loop and prevents users from logging in, since this scope will be
12-
* applied to the currently logged in (or logging in) user in addition to the user model for viewing lists of users.
13-
*
1411
* @see \App\Models\Company\Company::scopeCompanyables()
1512
* @return void
1613
*/

composer.json

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,6 @@
7474
"ext-exif": "*"
7575
},
7676
"require-dev": {
77-
"brianium/paratest": "^7.0",
7877
"fakerphp/faker": "^1.16",
7978
"larastan/larastan": "^2.9",
8079
"mockery/mockery": "^1.4",

composer.lock

Lines changed: 1 addition & 155 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

resources/lang/en-US/admin/hardware/message.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,11 @@
7979
'no_assets_selected' => 'You must select at least one asset from the list',
8080
],
8181

82+
'multi-checkout' => [
83+
'error' => 'Asset was not checked out, please try again|Assets were not checked out, please try again',
84+
'success' => 'Asset checked out successfully.|Assets checked out successfully.',
85+
],
86+
8287
'checkin' => [
8388
'error' => 'Asset was not checked in, please try again',
8489
'success' => 'Asset checked in successfully.',

0 commit comments

Comments
 (0)