';
if ($asset->deleted_at=='') {
- if (Gate::allows('assets.create')) {
+ if (Gate::allows('create', $asset)) {
$actions .= '
';
}
- if (Gate::allows('assets.edit')) {
+ if (Gate::allows('update', $asset)) {
$actions .= '
';
}
- if (Gate::allows('assets.delete')) {
+ if (Gate::allows('delete', $asset)) {
$actions .= '
';
}
@@ -1776,13 +1763,13 @@ public function getDatatable(Request $request, $status = null)
if (($asset->availableForCheckout()))
{
- if (Gate::allows('assets.checkout')) {
+ if (Gate::allows('checkout', $asset)) {
$inout = '
' . trans('general.checkout') . '';
}
} else {
- if (Gate::allows('assets.checkin')) {
+ if (Gate::allows('checkin', $asset)) {
$inout = '
' . trans('general.checkin') . '';
}
@@ -1792,18 +1779,30 @@ public function getDatatable(Request $request, $status = null)
$row = array(
'checkbox' =>'
',
- 'id' => $asset->id,
- 'image' => (($asset->image) && ($asset->image!='')) ? '
.'/uploads/assets/'.$asset->image.')
' : ((($asset->model) && ($asset->model->image!='')) ? '
.'/uploads/models/'.$asset->model->image.')
' : ''),
- 'name' => '
'.e($asset->name).'',
- 'asset_tag' => '
'.e($asset->asset_tag).'',
+ 'id' => $asset->id,
+ 'image' => (($asset->image) && ($asset->image!=''))
+ ? '
'
+ : ((($asset->model) && ($asset->model->image!=''))
+ ? '
'
+ : ''
+ ),
+ 'name' => (string) link_to_route('hardware.show', e($asset->name), $asset->id),
+ 'asset_tag' => (string) link_to_route('hardware.show', e($asset->asset_tag), $asset->id),
'serial' => e($asset->serial),
- 'model' => ($asset->model) ? (string)link_to('/hardware/models/'.$asset->model->id.'/view', e($asset->model->name)) : 'No model',
+ 'model' => ($asset->model) ? (string)link_to_route('models.show', e($asset->model->name), ['model' => $asset->model->id]) : 'No model',
'model_number' => ($asset->model && $asset->model->model_number) ? (string)$asset->model->model_number : '',
- 'status_label' => ($asset->assigneduser) ? 'Deployed' : ((e($asset->assetstatus)) ? e($asset->assetstatus->name) : ''),
- 'assigned_to' => ($asset->assigneduser) ? (string)link_to(url('/').'/admin/users/'.$asset->assigned_to.'/view', e($asset->assigneduser->fullName())) : '',
- 'location' => (($asset->assigneduser) && ($asset->assigneduser->userloc!='')) ? (string)link_to('admin/settings/locations/'.$asset->assigneduser->userloc->id.'/view', e($asset->assigneduser->userloc->name)) : (($asset->defaultLoc!='') ? (string)link_to('admin/settings/locations/'.$asset->defaultLoc->id.'/view', e($asset->defaultLoc->name)) : ''),
- 'category' => (($asset->model) && ($asset->model->category)) ?(string)link_to('/admin/settings/categories/'.$asset->model->category->id.'/view', e($asset->model->category->name)) : '',
- 'manufacturer' => (($asset->model) && ($asset->model->manufacturer)) ? (string)link_to('/admin/settings/manufacturers/'.$asset->model->manufacturer->id.'/view', e($asset->model->manufacturer->name)) : '',
+ 'status_label' => ($asset->assigneduser) ? 'Deployed' : ((e($asset->assetstatus)) ? e($asset->assetstatus->name) : ''),
+ 'assigned_to' => ($asset->assigneduser) ? (string)link_to_route('users.show', e($asset->assigneduser->fullName()), ['user' => $asset->assigned_to]) : '',
+ 'location' => (($asset->assigneduser) && ($asset->assigneduser->userloc!=''))
+ ? (string)link_to_route('locations.show', e($asset->assigneduser->userloc->name), ['location' => $asset->assigneduser->userloc->id])
+ : (($asset->defaultLoc!='')
+ ? (string)link_to_route('locations.show', e($asset->defaultLoc->name), ['location' => $asset->defaultLoc->id])
+ : ''
+ ),
+ 'category' => (($asset->model) && ($asset->model->category)) ?(string)link_to_route('categories.show', e($asset->model->category->name), ['category' => $asset->model->category->id]) : '',
+ 'manufacturer' => (($asset->model) && ($asset->model->manufacturer))
+ ? (string)link_to_route('manufacturers.show', e($asset->model->manufacturer->name), ['manufacturer' => $asset->model->manufacturer->id])
+ : '',
'eol' => ($asset->eol_date()) ? $asset->eol_date() : '',
'purchase_cost' => $purchase_cost,
'purchase_date' => ($asset->purchase_date) ? $asset->purchase_date : '',
@@ -1811,7 +1810,7 @@ public function getDatatable(Request $request, $status = null)
'order_number' => ($asset->order_number!='') ? '
'.e($asset->order_number).'' : '',
'last_checkout' => ($asset->last_checkout!='') ? e($asset->last_checkout) : '',
'expected_checkin' => ($asset->expected_checkin!='') ? e($asset->expected_checkin) : '',
- 'created_at' => ($asset->created_at!='') ? e($asset->created_at->format('F j, Y h:iA')) : '',
+ 'created_at' => ($asset->created_at!='') ? e($asset->created_at->format('F j, Y h:iA')) : '',
'change' => ($inout) ? $inout : '',
'actions' => ($actions) ? $actions : '',
'companyName' => is_null($asset->company) ? '' : e($asset->company->name)
@@ -1856,6 +1855,7 @@ public function getDatatable(Request $request, $status = null)
public function getBulkCheckout()
{
+ $this->authorize('checkout', Asset::class);
// Get the dropdown of users and then pass it to the checkout view
$users_list = Helper::usersList();
// Filter out assets that are not deployable.
@@ -1868,7 +1868,6 @@ public function getBulkCheckout()
public function postBulkCheckout(Request $request)
{
-
$this->validate($request, [
"assigned_to" => 'required'
]);
@@ -1897,7 +1896,7 @@ public function postBulkCheckout(Request $request)
foreach($asset_ids as $asset_id)
{
$asset = Asset::find($asset_id);
-
+ $this->authorize('checkout', $asset);
$error = $asset->checkOutToUser($user, $admin, $checkout_at, $expected_checkin, e(Input::get('note')), null);
if($error)
diff --git a/app/Http/Controllers/CategoriesController.php b/app/Http/Controllers/CategoriesController.php
index 897463f52f72..eb1e7085de2e 100755
--- a/app/Http/Controllers/CategoriesController.php
+++ b/app/Http/Controllers/CategoriesController.php
@@ -338,11 +338,11 @@ public function getDataViewAssets(Request $request, $categoryID)
}
if ($asset->availableForCheckout()) {
- if (Gate::allows('assets.checkout')) {
+ if (Gate::allows('checkout', $asset)) {
$inout = '
'.trans('general.checkout').'';
}
} else {
- if (Gate::allows('assets.checkin')) {
+ if (Gate::allows('checkin', $asset)) {
$inout = '
'.trans('general.checkin').'';
}
}
@@ -350,10 +350,10 @@ public function getDataViewAssets(Request $request, $categoryID)
$rows[] = array(
'id' => $asset->id,
'name' => (string)link_to_route('hardware.show', $asset->showAssetName(), ['hardware' => $asset->id]),
- 'model' => ($asset->model) ? (string)link_to('hardware/models/'.$asset->model->id.'/view', $asset->model->name) : '',
+ 'model' => ($asset->model) ? (string)link_to_route('models.show', $asset->model->name, ['model' => $asset->model->id]) : '',
'asset_tag' => $asset->asset_tag,
'serial' => $asset->serial,
- 'assigned_to' => ($asset->assigneduser) ? (string)link_to('/admin/users/'.$asset->assigneduser->id.'/view', $asset->assigneduser->fullName()): '',
+ 'assigned_to' => ($asset->assigneduser) ? (string)link_to_route('users.show', $asset->assigneduser->fullName(), ['user' => $asset->assigneduser->id]): '',
'change' => $inout,
'actions' => $actions,
'companyName' => is_null($asset->company) ? '' : e($asset->company->name)
@@ -420,7 +420,12 @@ public function getDataViewAccessories($categoryID)
}
- public function getDataViewConsumables($categoryID)
+ /**
+ * @param $categoryID
+ * @param Request $request
+ * @return array
+ */
+ public function getDataViewConsumables($categoryID, Request $request)
{
$category = Category::with('accessories.company')->find($categoryID);
@@ -429,18 +434,8 @@ public function getDataViewConsumables($categoryID)
if (Input::has('search')) {
$category_assets = $category_assets->TextSearch(e($request->input('search')));
}
-
- if (Input::has('offset')) {
- $offset = e($request->input('offset'));
- } else {
- $offset = 0;
- }
-
- if (Input::has('limit')) {
- $limit = e($request->input('limit'));
- } else {
- $limit = 50;
- }
+ $offset = request('offset', 0);
+ $limit = request('limit', 50);
$order = $request->input('order') === 'asc' ? 'asc' : 'desc';
@@ -463,7 +458,7 @@ public function getDataViewConsumables($categoryID)
$rows[] = array(
'id' => $asset->id,
- 'name' => (string) link_to_route('view/consumable', $asset->name, [$asset->id]),
+ 'name' => (string) link_to_route('consumables.show', $asset->name, [$asset->id]),
'actions' => $actions,
'companyName' => Company::getName($asset),
);
diff --git a/app/Http/Controllers/ComponentsController.php b/app/Http/Controllers/ComponentsController.php
index 5f7b7d639dd0..38e486fadc34 100644
--- a/app/Http/Controllers/ComponentsController.php
+++ b/app/Http/Controllers/ComponentsController.php
@@ -41,6 +41,7 @@ class ComponentsController extends Controller
*/
public function index()
{
+ $this->authorize('view', Component::class);
return View::make('components/index');
}
@@ -55,6 +56,7 @@ public function index()
*/
public function create()
{
+ $this->authorize('create', Component::class);
// Show the page
$category_list = Helper::categoryList('component');
$company_list = Helper::companyList();
@@ -78,7 +80,7 @@ public function create()
*/
public function store()
{
-
+ $this->authorize('create', Component::class);
// create a new model instance
$component = new Component();
@@ -133,10 +135,10 @@ public function edit($componentId = null)
if (is_null($item = Component::find($componentId))) {
// Redirect to the blogs management page
return redirect()->route('components.index')->with('error', trans('admin/components/message.does_not_exist'));
- } elseif (!Company::isCurrentUserHasAccess($item)) {
- return redirect()->route('components.index')->with('error', trans('general.insufficient_permissions'));
}
+ $this->authorize('update', $item);
+
$category_list = Helper::categoryList('component');
$company_list = Helper::companyList();
$location_list = Helper::locationsList();
@@ -163,10 +165,10 @@ public function update($componentId = null)
if (is_null($component = Component::find($componentId))) {
// Redirect to the blogs management page
return redirect()->route('components.index')->with('error', trans('admin/components/message.does_not_exist'));
- } elseif (!Company::isCurrentUserHasAccess($component)) {
- return redirect()->route('components.index')->with('error', trans('general.insufficient_permissions'));
}
+ $this->authorize('update', $component);
+
// Update the component data
$component->name = e(Input::get('name'));
@@ -211,10 +213,10 @@ public function destroy($componentId)
{
if (is_null($component = Component::find($componentId))) {
return redirect()->route('components.index')->with('error', trans('admin/components/message.not_found'));
- } elseif (!Company::isCurrentUserHasAccess($component)) {
- return redirect()->route('components.index')->with('error', trans('general.insufficient_permissions'));
}
+ $this->authorize('delete', $component);
+
$component->delete();
return redirect()->route('components.index')->with('success', trans('admin/components/message.delete.success'));
@@ -222,11 +224,13 @@ public function destroy($componentId)
public function postBulk($componentId = null)
{
+ //$this->authorize('checkout', $component)
echo 'Stubbed - not yet complete';
}
public function postBulkSave($componentId = null)
{
+ //$this->authorize('edit', Component::class);
echo 'Stubbed - not yet complete';
}
@@ -247,19 +251,15 @@ public function show($componentId = null)
if (isset($component->id)) {
- if (!Company::isCurrentUserHasAccess($component)) {
- return redirect()->route('components.index')->with('error', trans('general.insufficient_permissions'));
- } else {
- return View::make('components/view', compact('component'));
- }
- } else {
- // Prepare the error message
- $error = trans('admin/components/message.does_not_exist', compact('id'));
+ $this->authorize('view', $component);
- // Redirect to the user management page
- return redirect()->route('components')->with('error', $error);
+ return View::make('components/view', compact('component'));
}
+ // Prepare the error message
+ $error = trans('admin/components/message.does_not_exist', compact('id'));
+ // Redirect to the user management page
+ return redirect()->route('components')->with('error', $error);
}
@@ -278,10 +278,10 @@ public function getCheckout($componentId)
if (is_null($component = Component::find($componentId))) {
// Redirect to the component management page with error
return redirect()->route('components.index')->with('error', trans('admin/components/message.not_found'));
- } elseif (!Company::isCurrentUserHasAccess($component)) {
- return redirect()->route('components.index')->with('error', trans('general.insufficient_permissions'));
}
+ $this->authorize('checkout', $component);
+
// Get the dropdown of assets and then pass it to the checkout view
$assets_list = Helper::detailedAssetList();
@@ -300,17 +300,13 @@ public function getCheckout($componentId)
*/
public function postCheckout(Request $request, $componentId)
{
-
-
-
// Check if the component exists
if (is_null($component = Component::find($componentId))) {
// Redirect to the component management page with error
return redirect()->route('components.index')->with('error', trans('admin/components/message.not_found'));
- } elseif (!Company::isCurrentUserHasAccess($component)) {
- return redirect()->route('components.index')->with('error', trans('general.insufficient_permissions'));
}
+ $this->authorize('checkout', $component);
$max_to_checkout = $component->numRemaining();
$validator = Validator::make($request->all(),[
@@ -363,7 +359,10 @@ public function postCheckout(Request $request, $componentId)
'fields' => [
[
'title' => 'Checked Out:',
- 'value' => class_basename(strtoupper($logaction->item_type)).' <'.route('components.show', ['component' => $component->id]).'|'.$component->name.'> checked out to <'.url('/').'/hardware/'.$asset->id.'|'.$asset->showAssetName().'> by <'.url('/').'/admin/users/'.$admin_user->id.'/view'.'|'.$admin_user->fullName().'>.'
+ 'value' => class_basename(strtoupper($logaction->item_type))
+ .' <'.route('components.show', ['component' => $component->id]).'|'.$component->name
+ .'> checked out to <'.route('hardware.show', $asset->id).'|'.$asset->showAssetName()
+ .'> by <'.route('users.show', $admin_user->id).'|'.$admin_user->fullName().'>.'
],
[
'title' => 'Note:',
@@ -395,6 +394,7 @@ public function postCheckout(Request $request, $componentId)
**/
public function getDatatable()
{
+ $this->authorize('view', Component::class);
$components = Company::scopeCompanyables(Component::select('components.*')->whereNull('components.deleted_at')
->with('company', 'location', 'category'));
@@ -440,17 +440,17 @@ public function getDatatable()
foreach ($components as $component) {
$actions = '
';
- if (Gate::allows('components.checkout')) {
+ if (Gate::allows('checkout', $component)) {
$actions .= 'numRemaining() > 0) ? '' : ' disabled') . '>' . trans('general.checkout') . '';
}
- if (Gate::allows('components.edit')) {
+ if (Gate::allows('edit', $component)) {
$actions .= '';
}
- if (Gate::allows('components.delete')) {
+ if (Gate::allows('delete', $component)) {
$actions .= '';
}
@@ -493,13 +493,15 @@ public function getDatatable()
*/
public function getDataView($componentId)
{
- //$component = Component::find($componentID);
- $component = Component::with('assets')->find($componentId);
-
+ if (is_null($component = Component::with('assets')->find($componentId))) {
+ // Redirect to the component management page with error
+ return redirect()->route('components.index')->with('error', trans('admin/components/message.not_found'));
+ }
if (!Company::isCurrentUserHasAccess($component)) {
return ['total' => 0, 'rows' => []];
}
+ $this->authorize('view', $component);
$rows = array();
diff --git a/app/Http/Controllers/ConsumablesController.php b/app/Http/Controllers/ConsumablesController.php
index 6c9b8363a0fe..5612fe4788a3 100644
--- a/app/Http/Controllers/ConsumablesController.php
+++ b/app/Http/Controllers/ConsumablesController.php
@@ -38,6 +38,7 @@ class ConsumablesController extends Controller
*/
public function index()
{
+ $this->authorize('index', Consumable::class);
return View::make('consumables/index');
}
@@ -52,6 +53,7 @@ public function index()
*/
public function create()
{
+ $this->authorize('create', Consumable::class);
// Show the page
$category_list = Helper::categoryList('consumable');
$company_list = Helper::companyList();
@@ -77,6 +79,7 @@ public function create()
*/
public function store()
{
+ $this->authorize('create', Consumable::class);
$consumable = new Consumable();
$consumable->name = e(Input::get('name'));
$consumable->category_id = e(Input::get('category_id'));
@@ -130,10 +133,10 @@ public function edit($consumableId = null)
if (is_null($item = Consumable::find($consumableId))) {
// Redirect to the blogs management page
return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.does_not_exist'));
- } elseif (!Company::isCurrentUserHasAccess($item)) {
- return redirect()->route('consumables.index')->with('error', trans('general.insufficient_permissions'));
}
+ $this->authorize($item);
+
$category_list = Helper::categoryList('consumable');
$company_list = Helper::companyList();
$location_list = Helper::locationsList();
@@ -160,10 +163,10 @@ public function update($consumableId = null)
{
if (is_null($consumable = Consumable::find($consumableId))) {
return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.does_not_exist'));
- } elseif (!Company::isCurrentUserHasAccess($consumable)) {
- return redirect()->route('consumables.index')->with('error', trans('general.insufficient_permissions'));
}
+ $this->authorize($consumable);
+
$consumable->name = e(Input::get('name'));
$consumable->category_id = e(Input::get('category_id'));
$consumable->location_id = e(Input::get('location_id'));
@@ -210,14 +213,14 @@ public function destroy($consumableId)
if (is_null($consumable = Consumable::find($consumableId))) {
// Redirect to the blogs management page
return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.not_found'));
- } elseif (!Company::isCurrentUserHasAccess($consumable)) {
- return redirect()->route('consumables.index')->with('error', trans('general.insufficient_permissions'));
}
- $consumable->delete();
+ $this->authorize($consumable);
+
+ $consumable->delete();
- // Redirect to the locations management page
- return redirect()->route('consumables.index')->with('success', trans('admin/consumables/message.delete.success'));
+ // Redirect to the locations management page
+ return redirect()->route('consumables.index')->with('success', trans('admin/consumables/message.delete.success'));
}
@@ -235,24 +238,15 @@ public function destroy($consumableId)
public function show($consumableId = null)
{
$consumable = Consumable::find($consumableId);
-
+ $this->authorize($consumable);
if (isset($consumable->id)) {
-
-
- if (!Company::isCurrentUserHasAccess($consumable)) {
- return redirect()->route('consumables.index')->with('error', trans('general.insufficient_permissions'));
- } else {
- return View::make('consumables/view', compact('consumable'));
- }
- } else {
- // Prepare the error message
- $error = trans('admin/consumables/message.does_not_exist', compact('id'));
-
- // Redirect to the user management page
- return redirect()->route('consumables')->with('error', $error);
+ return View::make('consumables/view', compact('consumable'));
}
+ // Prepare the error message
+ $error = trans('admin/consumables/message.does_not_exist', compact('id'));
-
+ // Redirect to the user management page
+ return redirect()->route('consumables')->with('error', $error);
}
/**
@@ -270,9 +264,8 @@ public function getCheckout($consumableId)
if (is_null($consumable = Consumable::find($consumableId))) {
// Redirect to the consumable management page with error
return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.not_found'));
- } elseif (!Company::isCurrentUserHasAccess($consumable)) {
- return redirect()->route('consumables.index')->with('error', trans('general.insufficient_permissions'));
}
+ $this->authorize('checkout', $consumable);
// Get the dropdown of users and then pass it to the checkout view
$users_list = Helper::usersList();
@@ -296,10 +289,10 @@ public function postCheckout($consumableId)
if (is_null($consumable = Consumable::find($consumableId))) {
// Redirect to the consumable management page with error
return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.not_found'));
- } elseif (!Company::isCurrentUserHasAccess($consumable)) {
- return redirect()->route('consumables.index')->with('error', trans('general.insufficient_permissions'));
}
+ $this->authorize('checkout', $consumable);
+
$admin_user = Auth::user();
$assigned_to = e(Input::get('assigned_to'));
@@ -337,7 +330,9 @@ public function postCheckout($consumableId)
'fields' => [
[
'title' => 'Checked Out:',
- 'value' => 'Consumable <'.url('/').'/admin/consumables/'.$consumable->id.'/view'.'|'.$consumable->name.'> checked out to <'.url('/').'/admin/users/'.$user->id.'/view|'.$user->fullName().'> by <'.url('/').'/admin/users/'.$admin_user->id.'/view'.'|'.$admin_user->fullName().'>.'
+ 'value' => 'Consumable <'.route('consumables.show', $consumable->id).'|'.$consumable->name
+ .'> checked out to <'.route('users.show', $user->id).'|'.$user->fullName()
+ .'> by <'.route('users.show', $admin_user->id).'|'.$admin_user->fullName().'>.'
],
[
'title' => 'Note:',
@@ -390,6 +385,7 @@ public function postCheckout($consumableId)
*/
public function getDatatable()
{
+ $this->authorize('index', Consumable::class);
$consumables = Company::scopeCompanyables(
Consumable::select('consumables.*')
->whereNull('consumables.deleted_at')
@@ -441,16 +437,16 @@ public function getDatatable()
foreach ($consumables as $consumable) {
$actions = '';
- if (Gate::allows('consumables.checkout')) {
+ if (Gate::allows('checkout', $consumable)) {
$actions .= 'numRemaining() > 0) ? '' : ' disabled') . '>' . trans('general.checkout') . '';
}
- if (Gate::allows('consumables.edit')) {
+ if (Gate::allows('update', $consumable)) {
$actions .= '';
}
- if (Gate::allows('consumables.delete')) {
+ if (Gate::allows('delete', $consumable)) {
$actions .= '';
}
@@ -461,14 +457,14 @@ public function getDatatable()
$rows[] = array(
'id' => $consumable->id,
- 'name' => (string)link_to('admin/consumables/'.$consumable->id.'/view', e($consumable->name)),
+ 'name' => (string)link_to_route('consumables.show', e($consumable->name), ['consumable' => $consumable->id]),
'location' => ($consumable->location) ? e($consumable->location->name) : '',
'min_amt' => e($consumable->min_amt),
'qty' => e($consumable->qty),
- 'manufacturer' => ($consumable->manufacturer) ? (string) link_to('/admin/settings/manufacturers/'.$consumable->manufacturer_id.'/view', $consumable->manufacturer->name): '',
+ 'manufacturer' => ($consumable->manufacturer) ? (string) link_to_route('manufacturers.show', $consumable->manufacturer->name, ['manufacturer' => $consumable->manufacturer_id]): '',
'model_number' => e($consumable->model_number),
'item_no' => e($consumable->item_no),
- 'category' => ($consumable->category) ? (string) link_to('/admin/settings/categories/'.$consumable->category_id.'/view', $consumable->category->name) : 'Missing category',
+ 'category' => ($consumable->category) ? (string) link_to_route('categories.show', $consumable->category->name, ['category' => $consumable->category_id]) : 'Missing category',
'order_number' => e($consumable->order_number),
'purchase_date' => e($consumable->purchase_date),
'purchase_cost' => Helper::formatCurrencyOutput($consumable->purchase_cost),
@@ -516,7 +512,7 @@ function ($query) {
foreach ($consumable->consumableAssigments as $consumable_assignment) {
$rows[] = array(
- 'name' => (string)link_to('/admin/users/'.$consumable_assignment->user->id.'/view', e($consumable_assignment->user->fullName())),
+ 'name' => (string)link_to_route('users.show', e($consumable_assignment->user->fullName()), ['user' => $consumable_assignment->user->id]),
'created_at' => ($consumable_assignment->created_at->format('Y-m-d H:i:s')=='-0001-11-30 00:00:00') ? '' : $consumable_assignment->created_at->format('Y-m-d H:i:s'),
'admin' => ($consumable_assignment->admin) ? e($consumable_assignment->admin->fullName()) : '',
);
diff --git a/app/Http/Controllers/DepreciationsController.php b/app/Http/Controllers/DepreciationsController.php
index b1039136cd55..2f5a868c6fa8 100755
--- a/app/Http/Controllers/DepreciationsController.php
+++ b/app/Http/Controllers/DepreciationsController.php
@@ -104,14 +104,15 @@ public function edit($depreciationId = null)
/**
- * Validates and stores the updated depreciation data.
- *
- * @author [A. Gianotto] [save()) {
// Redirect to the depreciation page
- return redirect()->to("admin/settings/depreciations/")->with('success', trans('admin/depreciations/message.update.success'));
+ return redirect()->route("depreciations.index")->with('success', trans('admin/depreciations/message.update.success'));
}
return redirect()->back()->withInput()->withErrors($depreciation->getErrors());
diff --git a/app/Http/Controllers/LicensesController.php b/app/Http/Controllers/LicensesController.php
index cb87f347e637..de910be04a9d 100755
--- a/app/Http/Controllers/LicensesController.php
+++ b/app/Http/Controllers/LicensesController.php
@@ -46,6 +46,7 @@ class LicensesController extends Controller
*/
public function index()
{
+ $this->authorize('view', License::class);
return View::make('licenses/index');
}
@@ -60,7 +61,7 @@ public function index()
*/
public function create()
{
-
+ $this->authorize('create', License::class);
$maintained_list = array('' => 'Maintained', '1' => 'Yes', '0' => 'No');
return View::make('licenses/edit')
@@ -86,7 +87,7 @@ public function create()
*/
public function store(Request $request)
{
-
+ $this->authorize('create', License::class);
// create a new model instance
$license = new License();
@@ -192,10 +193,10 @@ public function edit($licenseId = null)
{
if (is_null($item = License::find($licenseId))) {
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist'));
- } elseif (!Company::isCurrentUserHasAccess($item)) {
- return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
+ $this->authorize('update', $item);
+
if ($item->purchase_date == "0000-00-00") {
$item->purchase_date = null;
}
@@ -231,10 +232,10 @@ public function update(Request $request, $licenseId = null)
if (is_null($license = License::find($licenseId))) {
// Redirect to the blogs management page
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist'));
- } elseif (!Company::isCurrentUserHasAccess($license)) {
- return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
+ $this->authorize('update', $license);
+
// Update the license data
$license->name = e($request->input('name'));
$license->serial = e($request->input('serial'));
@@ -386,10 +387,10 @@ public function destroy($licenseId)
if (is_null($license = License::find($licenseId))) {
// Redirect to the license management page
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.not_found'));
- } elseif (!Company::isCurrentUserHasAccess($license)) {
- return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
+ $this->authorize('delete', $license);
+
if ($license->assigned_seats_count > 0) {
// Redirect to the license management page
@@ -406,9 +407,6 @@ public function destroy($licenseId)
$licenseseats->delete();
$license->delete();
-
-
-
// Redirect to the licenses management page
return redirect()->route('licenses.index')->with('success', trans('admin/licenses/message.delete.success'));
}
@@ -416,7 +414,6 @@ public function destroy($licenseId)
}
-
/**
* Provides the form view for checking out a license to a user.
* Here we pass the license seat ID instead of the license ID,
@@ -434,10 +431,10 @@ public function getCheckout($seatId)
if (is_null($licenseseat = LicenseSeat::find($seatId))) {
// Redirect to the asset management page with error
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.not_found'));
- } elseif (!Company::isCurrentUserHasAccess($licenseseat->license)) {
- return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
+ $this->authorize('checkout', $licenseseat);
+
// Get the dropdown of users and then pass it to the checkout view
$users_list = Helper::usersList();
@@ -467,9 +464,7 @@ public function postCheckout(Request $request, $seatId)
$asset_id = e($request->input('asset_id'));
$user = Auth::user();
- if (!Company::isCurrentUserHasAccess($licenseseat->license)) {
- return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
- }
+ $this->authorize('checkout', $licenseseat);
// Declare the rules for the form validation
$rules = array(
@@ -611,9 +606,8 @@ public function getCheckin($seatId = null, $backto = null)
if (is_null($licenseseat = LicenseSeat::find($seatId))) {
// Redirect to the asset management page with error
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.not_found'));
- } elseif (!Company::isCurrentUserHasAccess($licenseseat->license)) {
- return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
+ $this->authorize('checkin', $licenseseat);
return View::make('licenses/checkin', compact('licenseseat'))->with('backto', $backto);
}
@@ -640,9 +634,7 @@ public function postCheckin($seatId = null, $backto = null)
$license = License::find($licenseseat->license_id);
- if (!Company::isCurrentUserHasAccess($license)) {
- return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
- }
+ $this->authorize('checkin', $licenseseat);
if (!$license->reassignable) {
// Not allowed to checkin
@@ -697,7 +689,8 @@ public function postCheckin($seatId = null, $backto = null)
'fields' => [
[
'title' => 'Checked In:',
- 'value' => 'License: <'.url('/').'/admin/licenses/'.$license->id.'/view'.'|'.$license->name.'> checked in by <'.url('/').'/admin/users/'.$user->id.'/view'.'|'.$user->fullName().'>.'
+ 'value' => 'License: <'.route('licenses.show', $license->id).'|'.$license->name
+ .'> checked in by <'.route('users.show', $user->id).'|'.$user->fullName().'>.'
],
[
'title' => 'Note:',
@@ -739,29 +732,23 @@ public function show($licenseId = null)
{
$license = License::find($licenseId);
- $license = $license->load('assignedusers', 'licenseSeats.user', 'licenseSeats.asset');
-
if (isset($license->id)) {
-
- if (!Company::isCurrentUserHasAccess($license)) {
- return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
- }
+ $license = $license->load('assignedusers', 'licenseSeats.user', 'licenseSeats.asset');
+ $this->authorize('view', $license);
return View::make('licenses/view', compact('license'));
-
- } else {
- $error = trans('admin/licenses/message.does_not_exist', compact('id'));
- return redirect()->route('licenses.index')->with('error', $error);
}
+ $error = trans('admin/licenses/message.does_not_exist', compact('id'));
+ return redirect()->route('licenses.index')->with('error', $error);
}
public function getClone($licenseId = null)
{
if (is_null($license_to_clone = License::find($licenseId))) {
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.does_not_exist'));
- } elseif (!Company::isCurrentUserHasAccess($license_to_clone)) {
- return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
}
+ $this->authorize('create', License::class);
+
$maintained_list = array('' => 'Maintained', '1' => 'Yes', '0' => 'No');
$company_list = Helper::companyList();
//clone the orig
@@ -795,16 +782,11 @@ public function getClone($licenseId = null)
public function postUpload($licenseId = null)
{
$license = License::find($licenseId);
-
// the license is valid
$destinationPath = config('app.private_uploads').'/licenses';
if (isset($license->id)) {
-
-
- if (!Company::isCurrentUserHasAccess($license)) {
- return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
- }
+ $this->authorize('update', $license);
if (Input::hasFile('licensefile')) {
@@ -815,40 +797,31 @@ public function postUpload($licenseId = null)
);
$validator = Validator::make(array('licensefile'=> $file), $rules);
- if ($validator->passes()) {
-
- $extension = $file->getClientOriginalExtension();
- $filename = 'license-'.$license->id.'-'.str_random(8);
- $filename .= '-'.str_slug($file->getClientOriginalName()).'.'.$extension;
- $upload_success = $file->move($destinationPath, $filename);
-
- //Log the upload to the log
- $license->logUpload($filename, e($request->input('notes')));
- } else {
+ if ($validator->fails()) {
return redirect()->back()->with('error', trans('admin/licenses/message.upload.invalidfiles'));
}
+ $extension = $file->getClientOriginalExtension();
+ $filename = 'license-'.$license->id.'-'.str_random(8);
+ $filename .= '-'.str_slug($file->getClientOriginalName()).'.'.$extension;
+ $upload_success = $file->move($destinationPath, $filename);
-
+ //Log the upload to the log
+ $license->logUpload($filename, e($request->input('notes')));
}
if ($upload_success) {
return redirect()->back()->with('success', trans('admin/licenses/message.upload.success'));
- } else {
- return redirect()->back()->with('success', trans('admin/licenses/message.upload.error'));
}
+ return redirect()->back()->with('error', trans('admin/licenses/message.upload.error'));
- } else {
- return redirect()->back()->with('error', trans('admin/licenses/message.upload.nofiles'));
}
-
-
- } else {
- // Prepare the error message
- $error = trans('admin/licenses/message.does_not_exist', compact('id'));
-
- // Redirect to the licence management page
- return redirect()->route('licenses.index')->with('error', $error);
+ return redirect()->back()->with('error', trans('admin/licenses/message.upload.nofiles'));
}
+ // Prepare the error message
+ $error = trans('admin/licenses/message.does_not_exist', compact('id'));
+
+ // Redirect to the licence management page
+ return redirect()->route('licenses.index')->with('error', $error);
}
@@ -869,10 +842,7 @@ public function getDeleteFile($licenseId = null, $fileId = null)
// the license is valid
if (isset($license->id)) {
-
- if (!Company::isCurrentUserHasAccess($license)) {
- return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
- }
+ $this->authorize('edit', $license);
$log = Actionlog::find($fileId);
$full_filename = $destinationPath.'/'.$log->filename;
@@ -882,13 +852,12 @@ public function getDeleteFile($licenseId = null, $fileId = null)
$log->delete();
return redirect()->back()->with('success', trans('admin/licenses/message.deletefile.success'));
- } else {
- // Prepare the error message
- $error = trans('admin/licenses/message.does_not_exist', compact('id'));
-
- // Redirect to the licence management page
- return redirect()->route('licenses.index')->with('error', $error);
}
+ // Prepare the error message
+ $error = trans('admin/licenses/message.does_not_exist', compact('id'));
+
+ // Redirect to the licence management page
+ return redirect()->route('licenses.index')->with('error', $error);
}
@@ -910,20 +879,16 @@ public function displayFile($licenseId = null, $fileId = null)
// the license is valid
if (isset($license->id)) {
- if (!Company::isCurrentUserHasAccess($license)) {
- return redirect()->route('licenses.index')->with('error', trans('general.insufficient_permissions'));
- }
+ $this->authorize('view', $license);
- $log = Actionlog::find($fileId);
- $file = $log->get_src('licenses');
- return Response::download($file);
- } else {
- // Prepare the error message
- $error = trans('admin/licenses/message.does_not_exist', compact('id'));
-
- // Redirect to the licence management page
- return redirect()->route('licenses.index')->with('error', $error);
+ $log = Actionlog::find($fileId);
+ $file = $log->get_src('licenses');
+ return Response::download($file);
}
+ // Prepare the error message
+ $error = trans('admin/licenses/message.does_not_exist', compact('id'));
+ // Redirect to the licence management page
+ return redirect()->route('licenses.index')->with('error', $error);
}
@@ -937,6 +902,7 @@ public function displayFile($licenseId = null, $fileId = null)
*/
public function getDatatable(Request $request)
{
+ $this->authorize('view', License::class);
$licenses = Company::scopeCompanyables(License::with('company', 'licenseSeatsRelation', 'manufacturer'));
if (Input::has('search')) {
@@ -973,20 +939,20 @@ public function getDatatable(Request $request)
foreach ($licenses as $license) {
$actions = '';
- if (Gate::allows('licenses.checkout')) {
+ if (Gate::allows('checkout', License::class)) {
$actions .= '' . trans('general.checkout') . ' ';
}
- if (Gate::allows('licenses.create')) {
+ if (Gate::allows('create', $license)) {
$actions .= '';
}
- if (Gate::allows('licenses.edit')) {
+ if (Gate::allows('update', $license)) {
$actions .= '';
}
- if (Gate::allows('licenses.delete')) {
+ if (Gate::allows('delete', $license)) {
$actions .= '';
@@ -1033,6 +999,7 @@ public function getDatatable(Request $request)
*/
public function getFreeLicense($licenseId)
{
+ $this->authorize('checkout', License::class);
if (is_null($license = License::find($licenseId))) {
return redirect()->route('licenses.index')->with('error', trans('admin/licenses/message.not_found'));
}
diff --git a/app/Http/Controllers/LocationsController.php b/app/Http/Controllers/LocationsController.php
index 6345c67efdc9..357ceab07438 100755
--- a/app/Http/Controllers/LocationsController.php
+++ b/app/Http/Controllers/LocationsController.php
@@ -4,6 +4,7 @@
use Input;
use Lang;
use App\Models\Location;
+use phpDocumentor\Reflection\Types\Array_;
use Redirect;
use App\Models\Setting;
use App\Models\User;
@@ -354,15 +355,16 @@ public function getDatatable()
/**
- * Returns a JSON response that contains the users association with the
- * selected location, to be used by the location detail view.
- *
- * @author [A. Gianotto] []
- * @see LocationsController::getView() method that creates the display view
- * @param int $locationId
- * @since [v1.8]
- * @return View
- */
+ * Returns a JSON response that contains the users association with the
+ * selected location, to be used by the location detail view.
+ *
+ * @author [A. Gianotto] []
+ * @see LocationsController::getView() method that creates the display view
+ * @param $locationID
+ * @return array
+ * @internal param int $locationId
+ * @since [v1.8]
+ */
public function getDataViewUsers($locationID)
{
$location = Location::find($locationID);
@@ -377,7 +379,7 @@ public function getDataViewUsers($locationID)
foreach ($users as $user) {
$rows[] = array(
- 'name' => (string)link_to('/admin/users/'.$user->id.'/view', e($user->fullName()))
+ 'name' => (string)link_to_route('users.show', e($user->fullName()), ['user'=>$user->id])
);
}
diff --git a/app/Http/Controllers/ManufacturersController.php b/app/Http/Controllers/ManufacturersController.php
index 08c9454dbfb9..ff3f61905bbe 100755
--- a/app/Http/Controllers/ManufacturersController.php
+++ b/app/Http/Controllers/ManufacturersController.php
@@ -1,9 +1,7 @@
with('assets')
+ $manufacturers = Manufacturer::select(array('id','name'))->with('assets', 'licenses', 'accessories', 'consumables')
->whereNull('deleted_at');
if ($request->has('search')) {
@@ -231,9 +229,12 @@ public function getDatatable(Request $request)
$actions = '';
$rows[] = array(
- 'id' => $manufacturer->id,
+ 'id' => $manufacturer->id,
'name' => (string)link_to_route('manufacturers.show', e($manufacturer->name),['manufacturer' => $manufacturer->id]),
- 'assets' => $manufacturer->assets->count(),
+ 'assets' => $manufacturer->assets->count(),
+ 'licenses' => $manufacturer->licenses->count(),
+ 'accessories' => $manufacturer->accessories->count(),
+ 'consumables' => $manufacturer->consumables->count(),
'actions' => $actions
);
}
@@ -246,36 +247,37 @@ public function getDatatable(Request $request)
/**
- * Generates the JSON used to display the manufacturer detail.
- * This JSON returns data on all of the assets with the specified
- * manufacturer ID number.
- *
- * @author [A. Gianotto] []
- * @see ManufacturersController::getView()
- * @param int $manufacturerId
- * @since [v1.0]
- * @return String JSON
- */
- public function getDataView($manufacturerId, $itemtype = null)
+ * Generates the JSON used to display the manufacturer detail.
+ * This JSON returns data on all of the assets with the specified
+ * manufacturer ID number.
+ *
+ * @author [A. Gianotto] []
+ * @see ManufacturersController::getView()
+ * @param int $manufacturerId
+ * @param string $itemtype
+ * @param Request $request
+ * @return String JSON* @since [v1.0]
+ */
+ public function getDataView($manufacturerId, $itemtype = null, Request $request)
{
$manufacturer = Manufacturer::find($manufacturerId);
switch ($itemtype) {
case "assets":
- return $this->getDataAssetsView($manufacturer);
+ return $this->getDataAssetsView($manufacturer, $request);
case "licenses":
- return $this->getDataLicensesView($manufacturer);
+ return $this->getDataLicensesView($manufacturer, $request);
case "accessories":
- return $this->getDataAccessoriesView($manufacturer);
+ return $this->getDataAccessoriesView($manufacturer, $request);
case "consumables":
- return $this->getDataConsumablesView($manufacturer);
+ return $this->getDataConsumablesView($manufacturer, $request);
}
throw new Exception("We shouldn't be here");
}
- protected function getDataAssetsView(Manufacturer $manufacturer)
+ protected function getDataAssetsView(Manufacturer $manufacturer, Request $request)
{
$manufacturer = $manufacturer->load('assets.model', 'assets.assigneduser', 'assets.assetstatus', 'assets.company');
$manufacturer_assets = $manufacturer->assets;
@@ -308,30 +310,29 @@ protected function getDataAssetsView(Manufacturer $manufacturer)
$actions = '';
if ($asset->deleted_at=='') {
- $actions = '';
+ $actions = '';
} elseif ($asset->deleted_at!='') {
$actions = '';
}
if ($asset->availableForCheckout()) {
- if (Gate::allows('assets.checkout')) {
+ if (Gate::allows('checkout', $asset)) {
$inout = ''.trans('general.checkout').'';
}
} else {
- if (Gate::allows('assets.checkin')) {
+ if (Gate::allows('checkin', $asset)) {
$inout = ''.trans('general.checkin').'';
}
}
$rows[] = array(
'id' => $asset->id,
- 'name' => (string)link_to('/hardware/'.$asset->id.'/view', e($asset->showAssetName())),
+ 'name' => (string)link_to_route('hardware.show', e($asset->showAssetName()), [$asset->id]),
'model' => e($asset->model->name),
'asset_tag' => e($asset->asset_tag),
'serial' => e($asset->serial),
- 'assigned_to' => ($asset->assigneduser) ? (string)link_to('/admin/users/'.$asset->assigneduser->id.'/view', e($asset->assigneduser->fullName())): '',
+ 'assigned_to' => ($asset->assigneduser) ? (string)link_to_route('users.show', e($asset->assigneduser->fullName()), [$asset->assigneduser->id]): '',
'actions' => $actions,
- // 'companyName' => e(Company::getName($asset)),
'companyName' => is_null($asset->company) ? '' : $asset->company->name
);
@@ -344,7 +345,7 @@ protected function getDataAssetsView(Manufacturer $manufacturer)
return $data;
}
- protected function getDataLicensesView(Manufacturer $manufacturer)
+ protected function getDataLicensesView(Manufacturer $manufacturer, Request $request)
{
$manufacturer = $manufacturer->load('licenses.company', 'licenses.manufacturer', 'licenses.licenseSeatsRelation');
$licenses = $manufacturer->licenses;
@@ -360,30 +361,30 @@ protected function getDataLicensesView(Manufacturer $manufacturer)
foreach ($licenses as $license) {
$actions = '';
- if (Gate::allows('licenses.checkout')) {
+ if (Gate::allows('checkout', \App\Models\License::class)) {
$actions .= '' . trans('general.checkout') . ' ';
}
- if (Gate::allows('licenses.create')) {
+ if (Gate::allows('create', $license)) {
$actions .= '';
}
- if (Gate::allows('licenses.edit')) {
+ if (Gate::allows('edit', $license)) {
$actions .= '';
}
- if (Gate::allows('licenses.delete')) {
+ if (Gate::allows('delete', $license)) {
$actions .= '';
}
$actions .='';
$rows[] = array(
'id' => $license->id,
- 'name' => (string) link_to('/admin/licenses/'.$license->id.'/view', $license->name),
- 'serial' => (string) link_to('/admin/licenses/'.$license->id.'/view', mb_strimwidth($license->serial, 0, 50, "...")),
+ 'name' => (string) link_to_route('licenses.show', $license->name, [$license->id]),
+ 'serial' => (string) link_to_route('licenses.show', mb_strimwidth($license->serial, 0, 50, "..."), [$license->id]),
'totalSeats' => $license->licenseSeatCount,
'remaining' => $license->remaincount(),
'license_name' => e($license->license_name),
@@ -396,7 +397,7 @@ protected function getDataLicensesView(Manufacturer $manufacturer)
'notes' => ($license->notes) ? e($license->notes) : '',
'actions' => $actions,
'companyName' => is_null($license->company) ? '' : e($license->company->name),
- 'manufacturer' => $license->manufacturer ? (string) link_to('/admin/settings/manufacturers/'.$license->manufacturer_id.'/view', $license->manufacturer->name) : ''
+ 'manufacturer' => $license->manufacturer ? (string) link_to_route('manufacturers.show', $license->manufacturer->name, [$license->manufacturer_id]) : ''
);
}
@@ -405,7 +406,7 @@ protected function getDataLicensesView(Manufacturer $manufacturer)
return $data;
}
- public function getDataAccessoriesView(Manufacturer $manufacturer)
+ public function getDataAccessoriesView(Manufacturer $manufacturer, Request $request)
{
$manufacturer = $manufacturer->load(
'accessories.location',
@@ -433,15 +434,15 @@ public function getDataAccessoriesView(Manufacturer $manufacturer)
foreach ($accessories as $accessory) {
$actions = '';
- if (Gate::allows('accessories.checkout')) {
+ if (Gate::allows('checkout', $accessory)) {
$actions .= 'numRemaining() > 0) ? '' : ' disabled') . '>' . trans('general.checkout') . '';
}
- if (Gate::allows('accessories.edit')) {
+ if (Gate::allows('update', $accessory)) {
$actions .= '';
}
- if (Gate::allows('accessories.delete')) {
+ if (Gate::allows('delete', $accessory)) {
$actions .= '';
}
@@ -449,8 +450,8 @@ public function getDataAccessoriesView(Manufacturer $manufacturer)
$company = $accessory->company;
$rows[] = array(
- 'name' => ''. $accessory->name.'',
- 'category' => ($accessory->category) ? (string)link_to('admin/settings/categories/'.$accessory->category->id.'/view', $accessory->category->name) : '',
+ 'name' => (string)link_to_route('accessories.show', $accessory->name, [$accessory->id]),
+ 'category' => ($accessory->category) ? (string)link_to_route('categories.show', $accessory->category->name, [$accessory->category->id]) : '',
'qty' => e($accessory->qty),
'order_number' => e($accessory->order_number),
'min_amt' => e($accessory->min_amt),
@@ -460,7 +461,7 @@ public function getDataAccessoriesView(Manufacturer $manufacturer)
'numRemaining' => $accessory->numRemaining(),
'actions' => $actions,
'companyName' => is_null($company) ? '' : e($company->name),
- 'manufacturer' => $accessory->manufacturer ? (string) link_to('/admin/settings/manufacturers/'.$accessory->manufacturer_id.'/view', $accessory->manufacturer->name) : ''
+ 'manufacturer' => $accessory->manufacturer ? (string) link_to_route('manufacturers.show', $accessory->manufacturer->name, [$accessory->manufacturer_id]) : ''
);
}
@@ -470,7 +471,7 @@ public function getDataAccessoriesView(Manufacturer $manufacturer)
return $data;
}
- public function getDataConsumablesView($manufacturer)
+ public function getDataConsumablesView($manufacturer, Request $request)
{
$manufacturer = $manufacturer->load(
'consumables.location',
@@ -497,16 +498,16 @@ public function getDataConsumablesView($manufacturer)
foreach ($consumables as $consumable) {
$actions = '';
- if (Gate::allows('consumables.checkout')) {
+ if (Gate::allows('checkout', $consumable)) {
$actions .= 'numRemaining() > 0) ? '' : ' disabled') . '>' . trans('general.checkout') . '';
}
- if (Gate::allows('consumables.edit')) {
+ if (Gate::allows('update', $consumable)) {
$actions .= '';
}
- if (Gate::allows('consumables.delete')) {
+ if (Gate::allows('delete', $consumable)) {
$actions .= '';
}
@@ -517,14 +518,14 @@ public function getDataConsumablesView($manufacturer)
$rows[] = array(
'id' => $consumable->id,
- 'name' => (string)link_to('admin/consumables/'.$consumable->id.'/view', e($consumable->name)),
+ 'name' => (string)link_to_route('consumables.show', e($consumable->name), [$consumable->id]),
'location' => ($consumable->location) ? e($consumable->location->name) : '',
'min_amt' => e($consumable->min_amt),
'qty' => e($consumable->qty),
- 'manufacturer' => ($consumable->manufacturer) ? (string) link_to('/admin/settings/manufacturers/'.$consumable->manufacturer_id.'/view', $consumable->manufacturer->name): '',
+ 'manufacturer' => ($consumable->manufacturer) ? (string) link_to_route('manufacturers.show', $consumable->manufacturer->name, [$consumable->manufacturer_id]): '',
'model_number' => e($consumable->model_number),
'item_no' => e($consumable->item_no),
- 'category' => ($consumable->category) ? (string) link_to('/admin/settings/categories/'.$consumable->category_id.'/view', $consumable->category->name) : 'Missing category',
+ 'category' => ($consumable->category) ? (string) link_to_route('categories.show', $consumable->category->name, [$consumable->category_id]) : 'Missing category',
'order_number' => e($consumable->order_number),
'purchase_date' => e($consumable->purchase_date),
'purchase_cost' => ($consumable->purchase_cost!='') ? number_format($consumable->purchase_cost, 2): '' ,
diff --git a/app/Http/Controllers/ReportsController.php b/app/Http/Controllers/ReportsController.php
index 36065cda5d55..572cb5a853f4 100644
--- a/app/Http/Controllers/ReportsController.php
+++ b/app/Http/Controllers/ReportsController.php
@@ -386,7 +386,7 @@ public function getActivityReportDataTable()
'icon' => '',
'created_at' => date("M d, Y g:iA", strtotime($activity->created_at)),
'action_type' => strtolower(trans('general.'.str_replace(' ','_',$activity->action_type))),
- 'admin' => $activity->user ? (string) link_to('/admin/users/'.$activity->user_id.'/view', $activity->user->fullName()) : '',
+ 'admin' => $activity->user ? (string) link_to_route('users.show', $activity->user->fullName(), [$activity->user_id]) : '',
'target' => $activity_target,
'item' => $activity_item,
'item_type' => $item_type,
diff --git a/app/Http/Controllers/UsersController.php b/app/Http/Controllers/UsersController.php
index d3cf45d5b92b..378f4b2aee2d 100755
--- a/app/Http/Controllers/UsersController.php
+++ b/app/Http/Controllers/UsersController.php
@@ -59,6 +59,7 @@ class UsersController extends Controller
*/
public function index()
{
+ $this->authorize('index', User::class);
return View::make('users/index');
}
@@ -71,7 +72,7 @@ public function index()
*/
public function create()
{
-
+ $this->authorize('create', User::class);
$groups = Group::pluck('name', 'id');
if (Input::old('groups')) {
@@ -104,7 +105,7 @@ public function create()
*/
public function store(SaveUserRequest $request)
{
-
+ $this->authorize('create', User::class);
$user = new User;
//Username, email, and password need to be handled specially because the need to respect config values on an edit.
$user->email = $data['email'] = e($request->input('email'));
@@ -191,6 +192,7 @@ public function store(SaveUserRequest $request)
*/
public function apiStore()
{
+ $this->authorize('create', User::class);
$user = new User;
$inputs = Input::except('csrf_token', 'password_confirm', 'groups', 'email_user');
@@ -260,12 +262,9 @@ public function edit($id = null)
try {
// Get the user information
$user = User::find($id);
+ $this->authorize('update', $user);
$permissions = config('permissions');
- if (!Company::isCurrentUserHasAccess($user)) {
- return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
- }
-
$groups = Group::pluck('name', 'id');
$userGroups = $user->groups()->pluck('name', 'id');
@@ -312,7 +311,7 @@ public function update(UpdateUserRequest $request, $id = null)
try {
$user = User::find($id);
-
+ $this->authorize('update', $user);
// Figure out of this user was an admin before this edit
$orig_permissions_array = $user->decodePermissions();
@@ -326,11 +325,6 @@ public function update(UpdateUserRequest $request, $id = null)
$orig_superuser = '0';
}
-
- if (!Company::isCurrentUserHasAccess($user)) {
- return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
- }
-
} catch (UserNotFoundException $e) {
$error = trans('admin/users/message.user_not_found', compact('id'));
return redirect()->route('users.index')->with('error', $error);
@@ -422,22 +416,8 @@ public function destroy($id = null)
try {
// Get user information
$user = User::find($id);
-
- // Check if we are not trying to delete ourselves
- if ($user->id === Auth::user()->id) {
- // Prepare the error message
- $error = trans('admin/users/message.error.delete');
-
- // Redirect to the user management page
- return redirect()->route('users.index')->with('error', $error);
- }
-
-
- // Do we have permission to delete this user?
- if ((!Auth::user()->isSuperUser()) || (config('app.lock_passwords'))) {
- // Redirect to the user management page
- return redirect()->route('users.index')->with('error', 'Insufficient permissions!');
- }
+ // Authorize takes care of many of our logic checks now.
+ $this->authorize('delete', User::class);
if (count($user->assets) > 0) {
@@ -483,7 +463,7 @@ public function destroy($id = null)
*/
public function postBulkEdit()
{
-
+ $this->authorize('update', User::class);
if ((!Input::has('edit_user')) || (count(Input::has('edit_user')) == 0)) {
return redirect()->back()->with('error', 'No users selected');
} else {
@@ -509,6 +489,7 @@ public function postBulkEdit()
*/
public function postBulkSave()
{
+ $this->authorize('update', User::class);
if ((!Input::has('edit_user')) || (count(Input::has('edit_user')) == 0)) {
return redirect()->back()->with('error', 'No users selected');
@@ -613,24 +594,18 @@ public function postBulkSave()
*/
public function getRestore($id = null)
{
-
+ $this->authorize('edit', User::class);
// Get user information
if (!$user = User::onlyTrashed()->find($id)) {
return redirect()->route('users.index')->with('error', trans('admin/users/messages.user_not_found'));
}
- if (!Company::isCurrentUserHasAccess($user)) {
- return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
- } else {
-
- // Restore the user
- if (User::withTrashed()->where('id', $id)->restore()) {
- return redirect()->route('users.index')->with('success', trans('admin/users/message.success.restored'));
- } else {
- return redirect()->route('users.index')->with('error', 'User could not be restored.');
- }
-
+ // Restore the user
+ if (User::withTrashed()->where('id', $id)->restore()) {
+ return redirect()->route('users.index')->with('success', trans('admin/users/message.success.restored'));
}
+ return redirect()->route('users.index')->with('error', 'User could not be restored.');
+
}
@@ -644,25 +619,20 @@ public function getRestore($id = null)
*/
public function show($userId = null)
{
+ if(!$user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed()->find($userId)) {
+ $error = trans('admin/users/message.user_not_found', compact('id'));
- $user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed()->find($userId);
+ // Redirect to the user management page
+ return redirect()->route('users.index')->with('error', $error);
+ }
$userlog = $user->userlog->load('item');
if (isset($user->id)) {
-
- if (!Company::isCurrentUserHasAccess($user)) {
- return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
- } else {
- return View::make('users/view', compact('user', 'userlog'));
- }
- } else {
- // Prepare the error message
- $error = trans('admin/users/message.user_not_found', compact('id'));
-
- // Redirect to the user management page
- return redirect()->route('users.index')->with('error', $error);
+ $this->authorize('view', $user);
+ return View::make('users/view', compact('user', 'userlog'));
}
+
}
/**
@@ -677,7 +647,8 @@ public function getUnsuspend($id = null)
{
try {
// Get user information
- //$user = User::find($id);
+ $user = User::find($id);
+ $this->authorize('edit', $user);
// Check if we are not trying to unsuspend ourselves
if ($user->id === Auth::user()->id) {
@@ -720,6 +691,7 @@ public function getUnsuspend($id = null)
*/
public function getClone($id = null)
{
+ $this->authorize('create', User::class);
// We need to reverse the UI specific logic for our
// permissions here before we update the user.
$permissions = Input::get('permissions', array());
@@ -781,6 +753,7 @@ public function getClone($id = null)
*/
public function getImport()
{
+ $this->authorize('update', User::class);
// Get all the available groups
//$groups = Sentry::getGroupProvider()->findAll();
// Selected groups
@@ -804,7 +777,7 @@ public function getImport()
*/
public function postImport()
{
-
+ $this->authorize('update', User::class);
if (!ini_get("auto_detect_line_endings")) {
ini_set("auto_detect_line_endings", '1');
}
@@ -906,7 +879,7 @@ public function postImport()
*/
public function getDatatable(Request $request, $status = null)
{
-
+ $this->authorize('view', User::class);
if (Input::has('offset')) {
$offset = e(Input::get('offset'));
} else {
@@ -971,31 +944,31 @@ public function getDatatable(Request $request, $status = null)
$actions = '';
foreach ($user->groups as $group) {
- $group_names .= '' . $group->name . ' ';
+ $group_names .= '' . $group->name . ' ';
}
if (!is_null($user->deleted_at)) {
- if (Gate::allows('users.delete')) {
+ if (Gate::allows('delete', $user)) {
$actions .= ' ';
}
} else {
- if (Gate::allows('users.delete')) {
+ if (Gate::allows('delete', $user)) {
if ($user->accountStatus() == 'suspended') {
$actions .= ' ';
}
}
- if (Gate::allows('users.edit')) {
+ if (Gate::allows('update', $user)) {
$actions .= ' ';
$actions .= '';
}
- if (Gate::allows('users.delete')) {
+ if (Gate::allows('delete', $user)) {
if ((Auth::user()->id !== $user->id) && (!config('app.lock_passwords'))) {
$actions .= ' ';
@@ -1052,15 +1025,11 @@ public function getDatatable(Request $request, $status = null)
public function postUpload(AssetFileRequest $request, $userId = null)
{
-
$user = User::find($userId);
$destinationPath = config('app.private_uploads') . '/users';
if (isset($user->id)) {
-
- if (!Company::isCurrentUserHasAccess($user)) {
- return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
- }
+ $this->authorize('update', $user);
foreach (Input::file('file') as $file) {
@@ -1069,7 +1038,7 @@ public function postUpload(AssetFileRequest $request, $userId = null)
$filename .= '-' . str_slug($file->getClientOriginalName()) . '.' . $extension;
$upload_success = $file->move($destinationPath, $filename);
- //Log the deletion of seats to the log
+ //Log the uploaded file to the log
$logaction = new Actionlog();
$logaction->item_id = $user->id;
$logaction->item_type = User::class;
@@ -1084,9 +1053,8 @@ public function postUpload(AssetFileRequest $request, $userId = null)
}
return JsonResponse::create($logaction);
- } else {
- return JsonResponse::create(["error" => "Failed validation: ".print_r($logaction->getErrors(), true)], 500);
}
+ return JsonResponse::create(["error" => "Failed validation: ".print_r($logaction->getErrors(), true)], 500);
}
@@ -1106,25 +1074,21 @@ public function getDeleteFile($userId = null, $fileId = null)
// the license is valid
if (isset($user->id)) {
-
- if (!Company::isCurrentUserHasAccess($user)) {
- return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
- } else {
- $log = Actionlog::find($fileId);
- $full_filename = $destinationPath . '/' . $log->filename;
- if (file_exists($full_filename)) {
- unlink($destinationPath . '/' . $log->filename);
- }
- $log->delete();
- return redirect()->back()->with('success', trans('admin/users/message.deletefile.success'));
+ $this->authorize('update', $user);
+ $log = Actionlog::find($fileId);
+ $full_filename = $destinationPath . '/' . $log->filename;
+ if (file_exists($full_filename)) {
+ unlink($destinationPath . '/' . $log->filename);
}
- } else {
- // Prepare the error message
- $error = trans('admin/users/message.does_not_exist', compact('id'));
-
- // Redirect to the licence management page
- return redirect()->route('users.index')->with('error', $error);
+ $log->delete();
+ return redirect()->back()->with('success', trans('admin/users/message.deletefile.success'));
}
+ // Prepare the error message
+ $error = trans('admin/users/message.does_not_exist', compact('id'));
+
+ // Redirect to the licence management page
+ return redirect()->route('users.index')->with('error', $error);
+
}
/**
@@ -1138,25 +1102,21 @@ public function getDeleteFile($userId = null, $fileId = null)
*/
public function displayFile($userId = null, $fileId = null)
{
-
$user = User::find($userId);
// the license is valid
if (isset($user->id)) {
- if (!Company::isCurrentUserHasAccess($user)) {
- return redirect()->route('users.index')->with('error', trans('general.insufficient_permissions'));
- } else {
- $log = Actionlog::find($fileId);
- $file = $log->get_src('users');
- return Response::download($file);
- }
- } else {
- // Prepare the error message
- $error = trans('admin/users/message.does_not_exist', compact('id'));
+ $this->authorize('view', $user);
- // Redirect to the licence management page
- return redirect()->route('users.index')->with('error', $error);
+ $log = Actionlog::find($fileId);
+ $file = $log->get_src('users');
+ return Response::download($file);
}
+ // Prepare the error message
+ $error = trans('admin/users/message.does_not_exist', compact('id'));
+
+ // Redirect to the licence management page
+ return redirect()->route('users.index')->with('error', $error);
}
/**
@@ -1168,20 +1128,20 @@ public function displayFile($userId = null, $fileId = null)
*/
public function getLDAP()
{
-
+ $this->authorize('update', User::class);
$location_list = Helper::locationsList();
try {
$ldapconn = Ldap::connectToLdap();
} catch (\Exception $e) {
- return redirect()->route('users.index')->with('error',$e->getMessage());
+ return redirect()->route('users.index')->with('error', $e->getMessage());
}
try {
Ldap::bindAdminToLdap($ldapconn);
} catch (\Exception $e) {
- return redirect()->route('users.index')->with('error',$e->getMessage());
+ return redirect()->route('users.index')->with('error', $e->getMessage());
}
return View::make('users/ldap')
@@ -1217,6 +1177,7 @@ public function getLDAP()
*/
public function postLDAP(Request $request)
{
+ $this->authorize('update', User::class);
ini_set('max_execution_time', 600); //600 seconds = 10 minutes
ini_set('memory_limit', '500M');
@@ -1313,6 +1274,7 @@ public function postLDAP(Request $request)
*/
public function getAssetList($userId)
{
+ $this->authorize('view', User::class);
$assets = Asset::where('assigned_to', '=', $userId)->with('model')->get();
return response()->json($assets);
}
@@ -1326,7 +1288,7 @@ public function getAssetList($userId)
*/
public function getExportUserCsv()
{
-
+ $this->authorize('view', User::class);
\Debugbar::disable();
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 40fa9c9190db..e0f032912ba8 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -56,6 +56,8 @@ class Kernel extends HttpKernel
'auth' => \App\Http\Middleware\Authenticate::class,
'authorize' => \App\Http\Middleware\CheckPermissions::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
+ 'bindings' => \Illuminate\Routing\Middleware\SubstitutionBindings::class,
+ 'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
];
diff --git a/app/Models/Asset.php b/app/Models/Asset.php
index 826aea705719..9669e2ce9ba9 100644
--- a/app/Models/Asset.php
+++ b/app/Models/Asset.php
@@ -178,7 +178,9 @@ public function checkOutNotifySlack($settings, $admin, $note = null)
'fields' => [
[
'title' => 'Checked Out:',
- 'value' => 'HARDWARE asset <'.config('app.url').'/hardware/'.$this->id.'/view'.'|'.$this->showAssetName().'> checked out to <'.config('app.url').'/admin/users/'.$this->assigned_to.'/view|'.$this->assigneduser->fullName().'> by <'.config('app.url').'/admin/users/'.Auth::user()->id.'/view'.'|'.$admin->fullName().'>.'
+ 'value' => 'HARDWARE asset <'.route('hardware.show', $this->id).'|'.$this->showAssetName()
+ .'> checked out to <'.route('users.show', $this->assigned_to).'|'.$this->assigneduser->fullName()
+ .'> by <'.route('users.show', Auth::user()->id).'|'.$admin->fullName().'>.'
],
[
'title' => 'Note:',
diff --git a/app/Models/AssetMaintenance.php b/app/Models/AssetMaintenance.php
index 2cc945c41dd8..3b977ccb7831 100644
--- a/app/Models/AssetMaintenance.php
+++ b/app/Models/AssetMaintenance.php
@@ -28,9 +28,9 @@ class AssetMaintenance extends Model implements ICompanyableChild
'asset_maintenance_type' => 'required',
'title' => 'required|max:100',
'is_warranty' => 'boolean',
- 'start_date' => 'required|date_format:Y-m-d',
- 'completion_date' => 'date_format:Y-m-d',
- 'notes' => 'string',
+ 'start_date' => 'required|date_format:"Y-m-d"',
+ 'completion_date' => 'date_format:"Y-m-d',
+ 'notes' => 'string|nullable',
'cost' => 'numeric|nullable'
];
diff --git a/app/Models/Setting.php b/app/Models/Setting.php
index b57e62a15c1a..aefa88286544 100755
--- a/app/Models/Setting.php
+++ b/app/Models/Setting.php
@@ -61,23 +61,15 @@ public static function getSettings()
public static function setupCompleted()
{
-
+
$users_table_exists = Schema::hasTable('users');
$settings_table_exists = Schema::hasTable('settings');
-
+
if ($users_table_exists && $settings_table_exists) {
$usercount = User::withTrashed()->count();
-
- if ($usercount > 0) {
- return true;
- }
- return false;
- } else {
- return false;
+ $settingsCount = Setting::count();
+ return ($usercount > 0 && $settingsCount > 0);
}
- return false;
-
-
}
diff --git a/app/Models/User.php b/app/Models/User.php
index 0786d5381476..efe3f2ba32a4 100755
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -29,6 +29,10 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
protected $injectUniqueIdentifier = true;
protected $fillable = ['first_name', 'last_name', 'email','password','username'];
+ protected $casts = [
+ 'activated' => 'boolean',
+ 'employee_num' => 'integer'
+ ];
/**
* Model validation rules
@@ -41,16 +45,15 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
'username' => 'required|string|min:2|unique_undeleted',
'email' => 'email',
'password' => 'required|min:6',
+ 'locale' => 'max:10'
];
public function hasAccess($section)
{
-
if ($this->isSuperUser()) {
return true;
}
-
$user_groups = $this->groups;
@@ -64,7 +67,6 @@ public function hasAccess($section)
if (($user_permissions!='') && ((array_key_exists($section, $user_permissions)) && ($user_permissions[$section]=='1'))) {
return true;
}
-
// If the user is explicitly denied, return false
if (($user_permissions=='') || array_key_exists($section, $user_permissions) && ($user_permissions[$section]=='-1')) {
return false;
diff --git a/app/Policies/AccessoryPolicy.php b/app/Policies/AccessoryPolicy.php
new file mode 100644
index 000000000000..8405f146861b
--- /dev/null
+++ b/app/Policies/AccessoryPolicy.php
@@ -0,0 +1,119 @@
+hasAccess('admin')) {
+ return true;
+ }
+ }
+
+ public function index(User $user)
+ {
+ // dd('here');
+ return $user->hasAccess('accessories.view');
+ }
+ /**
+ * Determine whether the user can view the accessory.
+ *
+ * @param \App\User $user
+ * @param \App\Accessory $accessory
+ * @return mixed
+ */
+ public function view(User $user, Accessory $accessory = null)
+ {
+ //
+ return $user->hasAccess('accessories.view');
+ }
+
+ /**
+ * Determine whether the user can create accessories.
+ *
+ * @param \App\User $user
+ * @return mixed
+ */
+ public function create(User $user)
+ {
+ //
+ return $user->hasAccess('accessories.create');
+ }
+
+ /**
+ * Determine whether the user can update the accessory.
+ *
+ * @param \App\User $user
+ * @param \App\Accessory $accessory
+ * @return mixed
+ */
+ public function update(User $user, Accessory $accessory = null)
+ {
+ //
+ return $user->hasAccess('accessories.edit');
+ }
+
+ /**
+ * Determine whether the user can delete the accessory.
+ *
+ * @param \App\User $user
+ * @param \App\Accessory $accessory
+ * @return mixed
+ */
+ public function delete(User $user, Accessory $accessory = null)
+ {
+ //
+ return $user->hasAccess('accessories.delete');
+ }
+
+ /**
+ * Determine whether the user can checkout the accessory.
+ *
+ * @param \App\User $user
+ * @param \App\Accessory $accessory
+ * @return mixed
+ */
+ public function checkout(User $user, Accessory $accessory = null)
+ {
+ return $user->hasAccess('accessories.checkout');
+ }
+
+ /**
+ * Determine whether the user can checkin the accessory.
+ *
+ * @param \App\User $user
+ * @param \App\Accessory $accessory
+ * @return mixed
+ */
+ public function checkin(User $user, Accessory $accessory = null)
+ {
+ return $user->hasAccess('accessories.checkin');
+ }
+
+ /**
+ * Determine whether the user can manage the accessory.
+ *
+ * @param \App\User $user
+ * @param \App\Accessory $accessory
+ * @return mixed
+ */
+ public function manage(User $user, Accessory $accessory = null)
+ {
+ return $user->hasAccess('accessories.checkin')
+ || $user->hasAccess('accessories.edit')
+ || $user->hasAccess('accessories.checkout');
+ }
+}
diff --git a/app/Policies/AssetPolicy.php b/app/Policies/AssetPolicy.php
new file mode 100644
index 000000000000..c4a72e178fa4
--- /dev/null
+++ b/app/Policies/AssetPolicy.php
@@ -0,0 +1,81 @@
+hasAccess('admin')) {
+ return true;
+ }
+ }
+ public function index(User $user)
+ {
+ return $user->hasAccess('assets.view');
+ }
+ public function view(User $user, Asset $asset)
+ {
+ return $user->hasAccess('assets.view');
+ }
+
+ public function viewRequestable(User $user, Asset $asset=null)
+ {
+ return $user->hasAccess('assets.view.requestable');
+ }
+
+ public function create(User $user)
+ {
+ return $user->hasAccess('assets.create');
+ }
+
+ public function checkout(User $user, Asset $asset = null)
+ {
+ return $user->hasAccess('assets.checkout');
+ }
+
+ public function checkin(User $user, Asset $asset = null)
+ {
+ return $user->hasAccess('assets.checkin');
+ }
+
+ public function delete(User $user, Asset $asset = null)
+ {
+ return $user->hasAccess('assets.delete');
+ }
+ public function manage(User $user, Asset $asset = null)
+ {
+ return $user->hasAccess('assets.checkin')
+ || $user->hasAccess('assets.edit')
+ || $user->hasAccess('assets.delete')
+ || $user->hasAccess('assets.checkout');
+ }
+
+ public function update(User $user, Asset $asset = null)
+ {
+ return $user->hasAccess('assets.edit');
+ }
+
+}
diff --git a/app/Policies/ComponentPolicy.php b/app/Policies/ComponentPolicy.php
new file mode 100644
index 000000000000..5b138d0a5cf5
--- /dev/null
+++ b/app/Policies/ComponentPolicy.php
@@ -0,0 +1,114 @@
+hasAccess('admin')) {
+ return true;
+ }
+ }
+ /**
+ * Determine whether the user can view the component.
+ *
+ * @param \App\User $user
+ * @param \App\Component $component
+ * @return mixed
+ */
+ public function view(User $user, Component $component = null)
+ {
+ //
+ return $user->hasAccess('components.view');
+ }
+
+ /**
+ * Determine whether the user can create components.
+ *
+ * @param \App\User $user
+ * @return mixed
+ */
+ public function create(User $user)
+ {
+ //
+ return $user->hasAccess('components.create');
+ }
+
+ /**
+ * Determine whether the user can update the component.
+ *
+ * @param \App\User $user
+ * @param \App\Component $component
+ * @return mixed
+ */
+ public function update(User $user, Component $component = null)
+ {
+ //
+ return $user->hasAccess('components.edit');
+ }
+
+ /**
+ * Determine whether the user can delete the component.
+ *
+ * @param \App\User $user
+ * @param \App\Component $component
+ * @return mixed
+ */
+ public function delete(User $user, Component $component = null)
+ {
+ //
+ return $user->hasAccess('components.delete');
+ }
+
+ /**
+ * Determine whether the user can checkout the component.
+ *
+ * @param \App\User $user
+ * @param \App\Accessory $component
+ * @return mixed
+ */
+ public function checkout(User $user, Component $component = null)
+ {
+ return $user->hasAccess('components.checkout');
+ }
+
+ /**
+ * Determine whether the user can checkin the component.
+ *
+ * @param \App\User $user
+ * @param \App\Component $component
+ * @return mixed
+ */
+ public function checkin(User $user, Component $component = null)
+ {
+ return $user->hasAccess('components.checkin');
+ }
+
+ /**
+ * Determine whether the user can manage the component.
+ *
+ * @param \App\User $user
+ * @param \App\Component $component
+ * @return mixed
+ */
+ public function manage(User $user, Component $component = null)
+ {
+ return $user->hasAccess('components.checkin')
+ || $user->hasAccess('components.edit')
+ || $user->hasAccess('components.checkout');
+ }
+}
diff --git a/app/Policies/ConsumablePolicy.php b/app/Policies/ConsumablePolicy.php
new file mode 100644
index 000000000000..d6f640845228
--- /dev/null
+++ b/app/Policies/ConsumablePolicy.php
@@ -0,0 +1,119 @@
+hasAccess('admin')) {
+ return true;
+ }
+ }
+ /**
+ * Determine whether the user can view the consumable.
+ *
+ * @param \App\User $user
+ * @param \App\Consumable $consumable
+ * @return mixed
+ */
+ public function view(User $user, Consumable $consumable = null)
+ {
+ //
+ return $user->hasAccess('consumables.view');
+ }
+
+ /**
+ * Determine whether the user can create consumables.
+ *
+ * @param \App\User $user
+ * @return mixed
+ */
+ public function create(User $user)
+ {
+ //
+ return $user->hasAccess('consumables.create');
+ }
+
+ /**
+ * Determine whether the user can update the consumable.
+ *
+ * @param \App\User $user
+ * @param \App\Consumable $consumable
+ * @return mixed
+ */
+ public function update(User $user, Consumable $consumable = null)
+ {
+ //
+ return $user->hasAccess('consumables.edit');
+ }
+
+ /**
+ * Determine whether the user can delete the consumable.
+ *
+ * @param \App\User $user
+ * @param \App\Consumable $consumable
+ * @return mixed
+ */
+ public function delete(User $user, Consumable $consumable = null)
+ {
+ //
+ return $user->hasAccess('consumables.delete');
+ }
+
+ /**
+ * Determine whether the user can checkout the consumable.
+ *
+ * @param \App\User $user
+ * @param \App\Accessory $consumable
+ * @return mixed
+ */
+ public function checkout(User $user, Consumable $consumable = null)
+ {
+ return $user->hasAccess('consumables.checkout');
+ }
+
+ /**
+ * Determine whether the user can checkin the consumable.
+ *
+ * @param \App\User $user
+ * @param \App\Consumable $consumable
+ * @return mixed
+ */
+ public function checkin(User $user, Consumable $consumable = null)
+ {
+ return $user->hasAccess('consumables.checkin');
+ }
+
+ public function index(User $user)
+ {
+ return $user->hasAccess('consumables.view');
+ }
+
+ /**
+ * Determine whether the user can manage the consumable.
+ *
+ * @param \App\User $user
+ * @param \App\Consumable $consumable
+ * @return mixed
+ */
+ public function manage(User $user, Consumable $consumable = null)
+ {
+ return $user->hasAccess('consumables.checkin')
+ || $user->hasAccess('consumables.edit')
+ || $user->hasAccess('consumables.checkout');
+ }
+}
diff --git a/app/Policies/LicensePolicy.php b/app/Policies/LicensePolicy.php
new file mode 100644
index 000000000000..b6c7d9576079
--- /dev/null
+++ b/app/Policies/LicensePolicy.php
@@ -0,0 +1,127 @@
+hasAccess('admin')) {
+ return true;
+ }
+ }
+ /**
+ * Determine whether the user can view the license.
+ *
+ * @param \App\User $user
+ * @param \App\License $license
+ * @return mixed
+ */
+ public function view(User $user, License $license = null)
+ {
+ //
+ return $user->hasAccess('licenses.view');
+ }
+
+ /**
+ * Determine whether the user can create licenses.
+ *
+ * @param \App\User $user
+ * @return mixed
+ */
+ public function create(User $user)
+ {
+ //
+ return $user->hasAccess('licenses.create');
+ }
+
+ /**
+ * Determine whether the user can update the license.
+ *
+ * @param \App\User $user
+ * @param \App\License $license
+ * @return mixed
+ */
+ public function update(User $user, License $license = null)
+ {
+ //
+ return $user->hasAccess('licenses.edit');
+ }
+
+ /**
+ * Determine whether the user can delete the license.
+ *
+ * @param \App\User $user
+ * @param \App\License $license
+ * @return mixed
+ */
+ public function delete(User $user, License $license = null)
+ {
+ //
+ return $user->hasAccess('licenses.delete');
+ }
+
+ /**
+ * Determine whether the user can checkout the license.
+ *
+ * @param \App\User $user
+ * @param \App\Accessory $license
+ * @return mixed
+ */
+ public function checkout(User $user, LicenseSeat $license = null)
+ {
+ return $user->hasAccess('licenses.checkout');
+ }
+
+ /**
+ * Determine whether the user can checkin the license.
+ *
+ * @param \App\User $user
+ * @param \App\License $license
+ * @return mixed
+ */
+ public function checkin(User $user, LicenseSeat $license = null)
+ {
+ return $user->hasAccess('licenses.checkin');
+ }
+ /**
+ * Determine whether the user can view license keys
+ *
+ * @param \App\User $user
+ * @param \App\License $license
+ * @return mixed
+ */
+ public function viewKeys(User $user, License $license = null)
+ {
+ return $user->hasAccess('licenses.keys');
+ }
+
+ /**
+ * Determine whether the user can manage the license.
+ *
+ * @param \App\User $user
+ * @param \App\License $license
+ * @return mixed
+ */
+ public function manage(User $user, License $license = null)
+ {
+ return $user->hasAccess('licenses.checkin')
+ || $user->hasAccess('licenses.edit')
+ || $user->hasAccess('licenses.delete')
+ || $user->hasAccess('licenses.checkout');
+ }
+}
diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php
new file mode 100644
index 000000000000..77c1049288fc
--- /dev/null
+++ b/app/Policies/UserPolicy.php
@@ -0,0 +1,90 @@
+hasAccess('admin')) {
+ return true;
+ }
+ }
+ /**
+ * Determine whether the user can view the targetUser.
+ *
+ * @param \App\User $user
+ * @param \App\Consumable $targetUser
+ * @return mixed
+ */
+ public function view(User $user, User $targetUser = null)
+ {
+ //
+ return $user->hasAccess('users.view');
+ }
+
+ /**
+ * Determine whether the user can create users.
+ *
+ * @param \App\User $user
+ * @return mixed
+ */
+ public function create(User $user)
+ {
+ //
+ return $user->hasAccess('users.create');
+ }
+
+ /**
+ * Determine whether the user can update the targetUser.
+ *
+ * @param \App\User $user
+ * @param \App\User $targetUser
+ * @return mixed
+ */
+ public function update(User $user, User $targetUser = null)
+ {
+ //
+ return $user->hasAccess('users.edit');
+ }
+
+ /**
+ * Determine whether the user can delete the targetUser.
+ *
+ * @param \App\User $user
+ * @param \App\User $targetUser
+ * @return mixed
+ */
+ public function delete(User $user, User $targetUser = null)
+ {
+ if($targetUser) {
+ //We can't delete ourselves.
+ if ($user->id == $targetUser->id) {
+ return false;
+ }
+
+ if ((!Auth::user()->isSuperUser()) || (config('app.lock_passwords'))) {
+ return false;
+ }
+ }
+ return $user->hasAccess('users.delete');
+ }
+
+ public function index(User $user)
+ {
+ return $user->hasAccess('users.view');
+ }
+}
diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php
index 9c01223f200d..d76ffa486d46 100644
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
@@ -2,9 +2,21 @@
namespace App\Providers;
-use Laravel\Passport\Passport;
-use Illuminate\Support\Facades\Gate;
+use App\Models\Accessory;
+use App\Models\Asset;
+use App\Models\Component;
+use App\Models\Consumable;
+use App\Models\License;
+use App\Models\User;
+use App\Policies\AccessoryPolicy;
+use App\Policies\AssetPolicy;
+use App\Policies\ComponentPolicy;
+use App\Policies\ConsumablePolicy;
+use App\Policies\LicensePolicy;
+use App\Policies\UserPolicy;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
+use Illuminate\Support\Facades\Gate;
+use Laravel\Passport\Passport;
class AuthServiceProvider extends ServiceProvider
{
@@ -14,9 +26,12 @@ class AuthServiceProvider extends ServiceProvider
* @var array
*/
protected $policies = [
- //'App\Model' => 'App\Policies\ModelPolicy',
- // We should switch to the below
- // App\Post::class => PostPolicy::class
+ Asset::class => AssetPolicy::class,
+ Accessory::class => AccessoryPolicy::class,
+ Component::class => ComponentPolicy::class,
+ Consumable::class => ConsumablePolicy::class,
+ License::class => LicensePolicy::class,
+ User::class => UserPolicy::class,
];
/**
@@ -28,7 +43,6 @@ public function boot()
{
$this->registerPolicies();
Passport::routes();
-
// --------------------------------
// BEFORE ANYTHING ELSE
// --------------------------------
@@ -60,271 +74,6 @@ public function boot()
}
});
-
- # -----------------------------------------
- # Assets
- # -----------------------------------------
- Gate::define('assets.view', function ($user) {
- if (($user->hasAccess('assets.view')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('assets.view.requestable', function ($user) {
- if (($user->hasAccess('assets.view.requestable')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('assets.create', function ($user) {
- if (($user->hasAccess('assets.create')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('assets.checkout', function ($user) {
- if (($user->hasAccess('assets.checkout')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('assets.checkin', function ($user) {
- if (($user->hasAccess('assets.checkin')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('assets.edit', function ($user) {
- if (($user->hasAccess('assets.edit')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- // Checks for some level of management
- Gate::define('assets.manage', function ($user) {
- if (($user->hasAccess('assets.checkin')) || ($user->hasAccess('assets.edit')) || ($user->hasAccess('assets.delete')) || ($user->hasAccess('assets.checkout')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
-
- # -----------------------------------------
- # Accessories
- # -----------------------------------------
- Gate::define('accessories.view', function ($user) {
- if (($user->hasAccess('accessories.view')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('accessories.create', function ($user) {
- if (($user->hasAccess('accessories.create')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('accessories.edit', function ($user) {
- if (($user->hasAccess('accessories.edit')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('accessories.delete', function ($user) {
- if (($user->hasAccess('accessories.delete')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('accessories.checkout', function ($user) {
- if (($user->hasAccess('accessories.checkout')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('accessories.checkin', function ($user) {
- if (($user->hasAccess('accessories.checkin')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- // Checks for some level of management
- Gate::define('accessories.manage', function ($user) {
- if (($user->hasAccess('accessories.checkin')) || ($user->hasAccess('accessories.edit')) || ($user->hasAccess('accessories.checkout')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- # -----------------------------------------
- # Consumables
- # -----------------------------------------
- Gate::define('consumables.view', function ($user) {
- if (($user->hasAccess('consumables.view')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('consumables.create', function ($user) {
- if (($user->hasAccess('consumables.create')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('consumables.edit', function ($user) {
- if (($user->hasAccess('consumables.edit')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('consumables.delete', function ($user) {
- if (($user->hasAccess('consumables.delete')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('consumables.checkout', function ($user) {
- if (($user->hasAccess('consumables.checkout')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('consumables.checkin', function ($user) {
- if (($user->hasAccess('consumables.checkin')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- // Checks for some level of management
- Gate::define('consumables.manage', function ($user) {
- if (($user->hasAccess('consumables.checkin')) || ($user->hasAccess('consumables.edit')) || ($user->hasAccess('consumables.delete')) || ($user->hasAccess('consumables.checkout')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
-
-
- # -----------------------------------------
- # Users
- # -----------------------------------------
-
- Gate::define('users.view', function ($user) {
- if (($user->hasAccess('users.view')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('users.create', function ($user) {
- if (($user->hasAccess('users.create')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('users.edit', function ($user) {
- if (($user->hasAccess('users.edit')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('users.delete', function ($user) {
- if (($user->hasAccess('users.delete')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
-
- # -----------------------------------------
- # Components
- # -----------------------------------------
- Gate::define('components.view', function ($user) {
- if (($user->hasAccess('components.view')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('components.create', function ($user) {
- if (($user->hasAccess('components.create')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('components.edit', function ($user) {
- if (($user->hasAccess('components.edit')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('components.delete', function ($user) {
- if (($user->hasAccess('components.delete')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('components.checkout', function ($user) {
- if (($user->hasAccess('components.checkout')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- // Checks for some level of management
- Gate::define('components.manage', function ($user) {
- if (($user->hasAccess('components.edit')) || ($user->hasAccess('components.delete')) || ($user->hasAccess('components.checkout')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
-
- # -----------------------------------------
- # Licenses
- # -----------------------------------------
- Gate::define('licenses.view', function ($user) {
- if (($user->hasAccess('licenses.view')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('licenses.create', function ($user) {
- if (($user->hasAccess('licenses.create')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('licenses.edit', function ($user) {
- if (($user->hasAccess('licenses.edit')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('licenses.delete', function ($user) {
- if (($user->hasAccess('licenses.delete')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('licenses.checkout', function ($user) {
- if (($user->hasAccess('licenses.checkout')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('licenses.checkin', function ($user) {
- if (($user->hasAccess('licenses.checkin')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- Gate::define('licenses.keys', function ($user) {
- if (($user->hasAccess('licenses.keys')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
- // Checks for some level of management
- Gate::define('licenses.manage', function ($user) {
- if (($user->hasAccess('licenses.checkin')) || ($user->hasAccess('licenses.edit')) || ($user->hasAccess('licenses.delete')) || ($user->hasAccess('licenses.checkout')) || ($user->hasAccess('admin'))) {
- return true;
- }
- });
-
-
# -----------------------------------------
# Self
# -----------------------------------------
@@ -333,8 +82,5 @@ public function boot()
return true;
}
});
-
-
-
}
}
diff --git a/database/factories/ModelFactory.php b/database/factories/ModelFactory.php
index 2f621abc07e3..aa929d56b3e9 100644
--- a/database/factories/ModelFactory.php
+++ b/database/factories/ModelFactory.php
@@ -17,393 +17,379 @@
use App\Models\Supplier;
$factory->defineAs(App\Models\Asset::class, 'asset', function (Faker\Generator $faker) {
- return [
+ return [
'name' => $faker->catchPhrase,
- 'model_id' => $faker->numberBetween(1,5),
- 'rtd_location_id' => $faker->numberBetween(1,5),
+ 'model_id' => $faker->numberBetween(1, 5),
+ 'rtd_location_id' => $faker->numberBetween(1, 5),
'serial' => $faker->uuid,
'status_id' => 1,
'user_id' => 1,
'asset_tag' => $faker->unixTime('now'),
'notes' => $faker->sentence,
- 'purchase_date' => $faker->dateTime(),
- 'purchase_cost' => $faker->randomFloat(2),
- 'order_number' => $faker->numberBetween(1000000,50000000),
- 'supplier_id' => $faker->numberBetween(1,5),
- 'requestable' => $faker->numberBetween(0,1),
+ 'purchase_date' => $faker->dateTime(),
+ 'purchase_cost' => $faker->randomFloat(2),
+ 'order_number' => $faker->numberBetween(1000000, 50000000),
+ 'supplier_id' => $faker->numberBetween(1, 5),
+ 'requestable' => $faker->numberBetween(0, 1),
'company_id' => Company::inRandomOrder()->first()->id,
'requestable' => $faker->boolean()
- ];
+ ];
});
$factory->defineAs(App\Models\AssetModel::class, 'assetmodel', function (Faker\Generator $faker) {
- return [
+ return [
'name' => $faker->catchPhrase,
- 'manufacturer_id' => $faker->numberBetween(1,10),
- 'category_id' => $faker->numberBetween(1,9),
- 'model_number' => $faker->numberBetween(1000000,50000000),
+ 'manufacturer_id' => $faker->numberBetween(1, 10),
+ 'category_id' => $faker->numberBetween(1, 9),
+ 'model_number' => $faker->numberBetween(1000000, 50000000),
'eol' => 1,
'notes' => $faker->paragraph(),
'requestable' => $faker->boolean(),
- ];
+ ];
});
$factory->defineAs(App\Models\Location::class, 'location', function (Faker\Generator $faker) {
return [
- 'name' => $faker->catchPhrase,
- 'address' => $faker->streetAddress,
- 'address2' => $faker->secondaryAddress,
- 'city' => $faker->city,
- 'state' => $faker->stateAbbr,
- 'country' => $faker->countryCode,
- 'currency' => $faker->currencyCode,
- 'zip' => $faker->postcode
+ 'name' => $faker->catchPhrase,
+ 'address' => $faker->streetAddress,
+ 'address2' => $faker->secondaryAddress,
+ 'city' => $faker->city,
+ 'state' => $faker->stateAbbr,
+ 'country' => $faker->countryCode,
+ 'currency' => $faker->currencyCode,
+ 'zip' => $faker->postcode
];
});
$factory->defineAs(App\Models\Category::class, 'asset-category', function (Faker\Generator $faker) {
- return [
+ return [
'name' => $faker->text(20),
'category_type' => $faker->randomElement($array = array ('asset')),
'eula_text' => $faker->paragraph(),
'require_acceptance' => $faker->boolean(),
'checkin_email' => $faker->boolean()
- ];
+ ];
});
$factory->defineAs(App\Models\Category::class, 'accessory-category', function (Faker\Generator $faker) {
- return [
+ return [
'name' => $faker->text(20),
'category_type' => $faker->randomElement($array = array ('accessory')),
- ];
+ ];
});
$factory->defineAs(App\Models\Category::class, 'component-category', function (Faker\Generator $faker) {
- return [
+ return [
'name' => $faker->text(20),
'category_type' => $faker->randomElement($array = array ('component')),
- ];
+ ];
});
$factory->defineAs(App\Models\Category::class, 'consumable-category', function (Faker\Generator $faker) {
- return [
+ return [
'name' => $faker->text(20),
'category_type' => $faker->randomElement($array = array ('consumable')),
- ];
+ ];
});
$factory->defineAs(App\Models\Company::class, 'company', function (Faker\Generator $faker) {
- return [
+ return [
'name' => $faker->company,
- ];
+ ];
});
$factory->defineAs(App\Models\Manufacturer::class, 'manufacturer', function (Faker\Generator $faker) {
- return [
+ return [
'name' => $faker->company,
- ];
+ ];
});
$factory->defineAs(App\Models\Component::class, 'component', function (Faker\Generator $faker) {
- return [
+ return [
'name' => $faker->text(20),
- 'category_id' => $faker->numberBetween(21,25),
+ 'category_id' => $faker->numberBetween(21, 25),
'location_id' => Location::inRandomOrder()->first()->id,
'serial' => $faker->uuid,
'qty' => $faker->numberBetween(3, 10),
- 'order_number' => $faker->numberBetween(1000000,50000000),
- 'purchase_date' => $faker->dateTime(),
- 'purchase_cost' => $faker->randomFloat(2),
+ 'order_number' => $faker->numberBetween(1000000, 50000000),
+ 'purchase_date' => $faker->dateTime(),
+ 'purchase_cost' => $faker->randomFloat(2),
'min_amt' => $faker->numberBetween($min = 1, $max = 2),
'company_id' => Company::inRandomOrder()->first()->id
- ];
+ ];
});
$factory->defineAs(App\Models\Depreciation::class, 'depreciation', function (Faker\Generator $faker) {
- return [
+ return [
'name' => $faker->text(20),
'months' => $faker->numberBetween(1, 10),
- ];
+ ];
});
$factory->defineAs(App\Models\Accessory::class, 'accessory', function (Faker\Generator $faker) {
- return [
+ return [
'company_id' => Company::inRandomOrder()->first()->id,
'name' => $faker->text(20),
- 'category_id' => $faker->numberBetween(11,15),
+ 'category_id' => $faker->numberBetween(11, 15),
'manufacturer_id' => Manufacturer::inRandomOrder()->first()->id,
- 'location_id' => $faker->numberBetween(1,5),
- 'order_number' => $faker->numberBetween(1000000,50000000),
- 'purchase_date' => $faker->dateTime(),
- 'purchase_cost' => $faker->randomFloat(2),
+ 'location_id' => $faker->numberBetween(1, 5),
+ 'order_number' => $faker->numberBetween(1000000, 50000000),
+ 'purchase_date' => $faker->dateTime(),
+ 'purchase_cost' => $faker->randomFloat(2),
'qty' => $faker->numberBetween(5, 10),
'min_amt' => $faker->numberBetween($min = 1, $max = 2),
- ];
+ ];
});
$factory->defineAs(App\Models\Supplier::class, 'supplier', function (Faker\Generator $faker) {
return [
- 'name' => $faker->company,
- 'address' => $faker->streetAddress,
- 'address2' => $faker->secondaryAddress,
- 'city' => $faker->city,
- 'state' => $faker->stateAbbr,
- 'zip' => $faker->postCode,
- 'country' => $faker->countryCode,
- 'contact' => $faker->name,
- 'phone' => $faker->phoneNumber,
- 'fax' => $faker->phoneNumber,
- 'email' => $faker->safeEmail,
- 'url' => $faker->url,
- 'notes' => $faker->paragraph
+ 'name' => $faker->company,
+ 'address' => $faker->streetAddress,
+ 'address2' => $faker->secondaryAddress,
+ 'city' => $faker->city,
+ 'state' => $faker->stateAbbr,
+ 'zip' => $faker->postCode,
+ 'country' => $faker->countryCode,
+ 'contact' => $faker->name,
+ 'phone' => $faker->phoneNumber,
+ 'fax' => $faker->phoneNumber,
+ 'email' => $faker->safeEmail,
+ 'url' => $faker->url,
+ 'notes' => $faker->text(255) // Supplier notes can be a max of 255 characters.
];
});
$factory->defineAs(App\Models\Consumable::class, 'consumable', function (Faker\Generator $faker) {
- return [
+ return [
'name' => $faker->text(20),
'company_id' => Company::inRandomOrder()->first()->id,
'category_id' => $faker->numberBetween(16, 20),
- 'model_number' => $faker->numberBetween(1000000,50000000),
- 'item_no' => $faker->numberBetween(1000000,50000000),
- 'order_number' => $faker->numberBetween(1000000,50000000),
- 'purchase_date' => $faker->dateTime(),
- 'purchase_cost' => $faker->randomFloat(2),
+ 'model_number' => $faker->numberBetween(1000000, 50000000),
+ 'item_no' => $faker->numberBetween(1000000, 50000000),
+ 'order_number' => $faker->numberBetween(1000000, 50000000),
+ 'purchase_date' => $faker->dateTime(),
+ 'purchase_cost' => $faker->randomFloat(2),
'qty' => $faker->numberBetween(5, 10),
'min_amt' => $faker->numberBetween($min = 1, $max = 2),
- ];
+ ];
});
$factory->defineAs(App\Models\Statuslabel::class, 'rtd', function (Faker\Generator $faker) {
- return [
+ return [
'name' => 'Ready to Deploy',
'created_at' => $faker->dateTime(),
'updated_at' => $faker->dateTime(),
'user_id' => 1,
- 'deleted_at' => NULL,
- 'deployable' => 1,
- 'pending' => 0,
+ 'deleted_at' => null,
+ 'deployable' => 1,
+ 'pending' => 0,
'archived' => 0,
'notes' => ''
- ];
+ ];
});
$factory->defineAs(App\Models\Statuslabel::class, 'pending', function (Faker\Generator $faker) {
- return [
+ return [
'name' => 'Pending',
'created_at' => $faker->dateTime(),
'updated_at' => $faker->dateTime(),
'user_id' => 1,
- 'deleted_at' => NULL,
- 'deployable' => 0,
- 'pending' => 1,
+ 'deleted_at' => null,
+ 'deployable' => 0,
+ 'pending' => 1,
'archived' => 0,
'notes' => $faker->sentence
- ];
+ ];
});
$factory->defineAs(App\Models\Statuslabel::class, 'archived', function (Faker\Generator $faker) {
- return [
+ return [
'name' => 'Archived',
'created_at' => $faker->dateTime(),
'updated_at' => $faker->dateTime(),
'user_id' => 1,
- 'deleted_at' => NULL,
- 'deployable' => 0,
- 'pending' => 0,
+ 'deleted_at' => null,
+ 'deployable' => 0,
+ 'pending' => 0,
'archived' => 1,
'notes' => 'These assets are permanently undeployable'
- ];
+ ];
});
$factory->defineAs(App\Models\Statuslabel::class, 'out_for_diagnostics', function (Faker\Generator $faker) {
- return [
+ return [
'name' => 'Out for Diagnostics',
'created_at' => $faker->dateTime(),
'updated_at' => $faker->dateTime(),
'user_id' => 1,
- 'deleted_at' => NULL,
- 'deployable' => 0,
- 'pending' => 0,
+ 'deleted_at' => null,
+ 'deployable' => 0,
+ 'pending' => 0,
'archived' => 0,
'notes' => ''
- ];
+ ];
});
$factory->defineAs(App\Models\Statuslabel::class, 'out_for_repair', function (Faker\Generator $faker) {
- return [
+ return [
'name' => 'Out for Repair',
'created_at' => $faker->dateTime(),
'updated_at' => $faker->dateTime(),
'user_id' => 1,
- 'deleted_at' => NULL,
- 'deployable' => 0,
- 'pending' => 0,
+ 'deleted_at' => null,
+ 'deployable' => 0,
+ 'pending' => 0,
'archived' => 0,
'notes' => ''
- ];
+ ];
});
$factory->defineAs(App\Models\Statuslabel::class, 'broken', function (Faker\Generator $faker) {
- return [
+ return [
'name' => 'Broken - Not Fixable',
'created_at' => $faker->dateTime(),
'updated_at' => $faker->dateTime(),
'user_id' => 1,
- 'deleted_at' => NULL,
- 'deployable' => 0,
- 'pending' => 0,
+ 'deleted_at' => null,
+ 'deployable' => 0,
+ 'pending' => 0,
'archived' => 1,
- 'notes' => ''
- ];
+ 'notes' => ''
+ ];
});
$factory->defineAs(App\Models\Statuslabel::class, 'lost', function (Faker\Generator $faker) {
- return [
+ return [
'name' => 'Lost/Stolen',
'created_at' => $faker->dateTime(),
'updated_at' => $faker->dateTime(),
'user_id' => 1,
- 'deleted_at' => NULL,
- 'deployable' => 0,
- 'pending' => 0,
+ 'deleted_at' => null,
+ 'deployable' => 0,
+ 'pending' => 0,
'archived' => 1,
'notes' => '',
- ];
+ ];
});
$factory->defineAs(App\Models\License::class, 'license', function (Faker\Generator $faker) {
return [
- 'name' => $faker->catchPhrase,
- 'serial' => $faker->uuid,
- 'seats' => $faker->numberBetween(1, 10),
- 'license_email' => $faker->safeEmail,
- 'license_name' => $faker->name,
- 'order_number' => $faker->numberBetween(1500, 13250),
- 'purchase_order' => $faker->numberBetween(1500, 13250),
- 'purchase_date' => $faker->dateTime(),
- 'purchase_cost' => $faker->randomFloat(2),
- 'notes' => $faker->sentence,
- 'supplier_id' => Supplier::inRandomOrder()->first()->id,
- 'company_id' => Company::inRandomOrder()->first()->id
+ 'name' => $faker->catchPhrase,
+ 'serial' => $faker->uuid,
+ 'seats' => $faker->numberBetween(1, 10),
+ 'license_email' => $faker->safeEmail,
+ 'license_name' => $faker->name,
+ 'order_number' => $faker->numberBetween(1500, 13250),
+ 'purchase_order' => $faker->numberBetween(1500, 13250),
+ 'purchase_date' => $faker->dateTime(),
+ 'purchase_cost' => $faker->randomFloat(2),
+ 'notes' => $faker->sentence,
+ 'supplier_id' => Supplier::inRandomOrder()->first()->id,
+ 'company_id' => Company::inRandomOrder()->first()->id
];
});
$factory->defineAs(App\Models\LicenseSeat::class, 'license-seat', function (Faker\Generator $faker) {
- return [
- 'license_id' => $faker->numberBetween(1, 10),
- 'created_at' => $faker->dateTime(),
- 'updated_at' => $faker->dateTime(),
- 'notes' => $faker->sentence,
- 'user_id' => '1',
- ];
+ return [
+ 'license_id' => $faker->numberBetween(1, 10),
+ 'created_at' => $faker->dateTime(),
+ 'updated_at' => $faker->dateTime(),
+ 'notes' => $faker->sentence,
+ 'user_id' => '1',
+ ];
});
$factory->defineAs(App\Models\Actionlog::class, 'asset-checkout', function (Faker\Generator $faker) {
- $company = Company::has('users')->has('assets')->inRandomOrder()->first();
- return [
- 'user_id' => $company->users()->inRandomOrder()->first()->id,
- 'action_type' => 'checkout',
- 'item_id' => $company->assets()->inRandomOrder()->first()->id,
+ $company = Company::has('users')->has('assets')->inRandomOrder()->first();
+ return [
+ 'user_id' => $company->users()->inRandomOrder()->first()->id,
+ 'action_type' => 'checkout',
+ 'item_id' => $company->assets()->inRandomOrder()->first()->id,
'target_id' => $company->users()->inRandomOrder()->first()->id,
'target_type' => 'App\\Models\\User',
'created_at' => $faker->dateTime(),
'item_type' => 'App\\Models\\Asset',
- 'note' => $faker->sentence,
+ 'note' => $faker->sentence,
'company_id' => $company->id
- ];
+ ];
});
$factory->defineAs(App\Models\Actionlog::class, 'license-checkout-asset', function (Faker\Generator $faker) {
- $company = Company::has('users')->has('licenses')->inRandomOrder()->first();
+ $company = Company::has('users')->has('licenses')->inRandomOrder()->first();
- return [
- 'user_id' => $company->users()->inRandomOrder()->first()->id,
- 'action_type' => 'checkout',
- 'item_id' => $company->licenses()->whereNotNull('company_id')->inRandomOrder()->first()->id,
+ return [
+ 'user_id' => $company->users()->inRandomOrder()->first()->id,
+ 'action_type' => 'checkout',
+ 'item_id' => $company->licenses()->whereNotNull('company_id')->inRandomOrder()->first()->id,
'target_id' => $company->assets()->inRandomOrder()->first()->id,
'target_type' => 'App\\Models\\Asset',
'created_at' => $faker->dateTime(),
'item_type' => 'App\\Models\\License',
- 'note' => $faker->sentence,
+ 'note' => $faker->sentence,
'company_id' => $company->id
- ];
+ ];
});
$factory->defineAs(App\Models\Actionlog::class, 'accessory-checkout', function (Faker\Generator $faker) {
$company = Company::has('users')->has('accessories')->inRandomOrder()->first();
- return [
- 'user_id' => $company->users()->inRandomOrder()->first()->id,
- 'action_type' => 'checkout',
- 'item_id' => $company->accessories()->whereNotNull('company_id')->inRandomOrder()->first()->id,
+ return [
+ 'user_id' => $company->users()->inRandomOrder()->first()->id,
+ 'action_type' => 'checkout',
+ 'item_id' => $company->accessories()->whereNotNull('company_id')->inRandomOrder()->first()->id,
'target_id' => $company->users()->inRandomOrder()->first()->id,
'target_type' => 'App\\Models\\User',
'created_at' => $faker->dateTime(),
'item_type' => 'App\\Models\\Accessory',
- 'note' => $faker->sentence,
+ 'note' => $faker->sentence,
'company_id' => $company->id
- ];
+ ];
});
$factory->defineAs(App\Models\Actionlog::class, 'consumable-checkout', function (Faker\Generator $faker) {
$company = Company::has('users')->has('consumables')->inRandomOrder()->first();
- return [
- 'user_id' => $company->users()->inRandomOrder()->first()->id,
- 'action_type' => 'checkout',
- 'item_id' => $company->consumables()->whereNotNull('company_id')->inRandomOrder()->first()->id,
+ return [
+ 'user_id' => $company->users()->inRandomOrder()->first()->id,
+ 'action_type' => 'checkout',
+ 'item_id' => $company->consumables()->whereNotNull('company_id')->inRandomOrder()->first()->id,
'target_id' => $company->users()->inRandomOrder()->first()->id,
'target_type' => 'App\\Models\\User',
'created_at' => $faker->dateTime(),
'item_type' => 'App\\Models\\Consumable',
- 'note' => $faker->sentence,
+ 'note' => $faker->sentence,
'company_id' => $company->id
- ];
+ ];
});
$factory->defineAs(App\Models\Actionlog::class, 'component-checkout', function (Faker\Generator $faker) {
- $company = Company::has('users')->has('components')->inRandomOrder()->first();
+ $company = Company::has('users')->has('components')->inRandomOrder()->first();
- return [
- 'user_id' => $company->users()->inRandomOrder()->first()->id,
- 'action_type' => 'checkout',
- 'item_id' => $company->components()->whereNotNull('company_id')->inRandomOrder()->first()->id,
+ return [
+ 'user_id' => $company->users()->inRandomOrder()->first()->id,
+ 'action_type' => 'checkout',
+ 'item_id' => $company->components()->whereNotNull('company_id')->inRandomOrder()->first()->id,
'target_id' => $company->users()->inRandomOrder()->first()->id,
'target_type' => 'App\\Models\\User',
'created_at' => $faker->dateTime(),
'item_type' => 'App\\Models\\Component',
- 'note' => $faker->sentence,
+ 'note' => $faker->sentence,
'company_id' => $company->id
- ];
+ ];
});
$factory->defineAs(App\Models\CustomField::class, 'customfield-ip', function (Faker\Generator $faker) {
- return [
+ return [
'name' => $faker->catchPhrase,
'format' => 'IP',
'element' => 'text',
- ];
+ ];
});
-$factory->defineAs(App\Models\User::class, 'valid-user', function (Faker\Generator $faker) {
- return [
- 'first_name' => $faker->firstName,
- 'last_name' => $faker->lastName,
- 'username' => $faker->username,
- 'password' => $faker->password,
- 'email' => $faker->safeEmail,
- 'company_id' => Company::inRandomOrder()->first()->id,
- 'locale' => $faker->locale,
- 'employee_num' => $faker->numberBetween(3500, 35050),
- 'jobtitle' => $faker->word,
- 'phone' => $faker->phoneNumber,
- 'notes' => $faker->sentence
- ];
-});
+
diff --git a/database/factories/UserFactory.php b/database/factories/UserFactory.php
new file mode 100644
index 000000000000..c0b628e80cc0
--- /dev/null
+++ b/database/factories/UserFactory.php
@@ -0,0 +1,249 @@
+defineAs(App\Models\User::class, 'valid-user', function (Faker\Generator $faker) {
+ return [
+ 'first_name' => $faker->firstName,
+ 'last_name' => $faker->lastName,
+ 'username' => $faker->username,
+ 'password' => $faker->password,
+ 'permissions' => '{"user":"0"}',
+ 'email' => $faker->safeEmail,
+ 'company_id' => function () {
+ return factory(App\Models\Company::class, 'company')->create()->id;
+ },
+ 'locale' => $faker->locale,
+ 'employee_num' => $faker->numberBetween(3500, 35050),
+ 'jobtitle' => $faker->word,
+ 'phone' => $faker->phoneNumber,
+ 'notes' => $faker->sentence
+ ];
+});
+// USER GLOBAL PERMISSION STATES
+$factory->state(App\Models\User::class, 'superuser', function ($faker) {
+ return [
+ 'permissions' => '{"superuser":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'admin', function ($faker) {
+ return [
+ 'permissions' => '{"admin":"1"}',
+ ];
+});
+// USER ASSET PERMISSION STATES
+$factory->state(App\Models\User::class, 'view-assets', function ($faker) {
+ return [
+ 'permissions' => '{"assets.view":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'create-assets', function ($faker) {
+ return [
+ 'permissions' => '{"assets.create":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'edit-assets', function ($faker) {
+ return [
+ 'permissions' => '{"assets.edit":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'delete-assets', function ($faker) {
+ return [
+ 'permissions' => '{"assets.delete":"1",}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'checkin-assets', function ($faker) {
+ return [
+ 'permissions' => '{"assets.checkin":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'checkout-assets', function ($faker) {
+ return [
+ 'permissions' => '{"assets.checkout":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'view-requestable-assets', function ($faker) {
+ return [
+ 'permissions' => '{"assets.view.requestable":"1"}',
+ ];
+});
+
+// USER ACCESSORY PERMISSION STATES
+$factory->state(App\Models\User::class, 'view-accessories', function ($faker) {
+ return [
+ 'permissions' => '{"accessories.view":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'create-accessories', function ($faker) {
+ return [
+ 'permissions' => '{"accessories.create":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'edit-accessories', function ($faker) {
+ return [
+ 'permissions' => '{"accessories.edit":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'delete-accessories', function ($faker) {
+ return [
+ 'permissions' => '{"accessories.delete":"1",}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'checkin-accessories', function ($faker) {
+ return [
+ 'permissions' => '{"accessories.checkin":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'checkout-accessories', function ($faker) {
+ return [
+ 'permissions' => '{"accessories.checkout":"1"}',
+ ];
+});
+
+// USER CONSUMABLE PERMISSION STATES
+$factory->state(App\Models\User::class, 'view-consumables', function ($faker) {
+ return [
+ 'permissions' => '{"consumables.view":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'create-consumables', function ($faker) {
+ return [
+ 'permissions' => '{"consumables.create":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'edit-consumables', function ($faker) {
+ return [
+ 'permissions' => '{"consumables.edit":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'delete-consumables', function ($faker) {
+ return [
+ 'permissions' => '{"consumables.delete":"1",}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'checkin-consumables', function ($faker) {
+ return [
+ 'permissions' => '{"consumables.checkin":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'checkout-consumables', function ($faker) {
+ return [
+ 'permissions' => '{"consumables.checkout":"1"}',
+ ];
+});
+
+// USER LICENSE PERMISSION STATES
+$factory->state(App\Models\User::class, 'view-licenses', function ($faker) {
+ return [
+ 'permissions' => '{"licenses.view":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'create-licenses', function ($faker) {
+ return [
+ 'permissions' => '{"licenses.create":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'edit-licenses', function ($faker) {
+ return [
+ 'permissions' => '{"licenses.edit":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'delete-licenses', function ($faker) {
+ return [
+ 'permissions' => '{"licenses.delete":"1",}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'checkout-licenses', function ($faker) {
+ return [
+ 'permissions' => '{"licenses.checkout":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'view-keys-licenses', function ($faker) {
+ return [
+ 'permissions' => '{"licenses.keys":"1"}',
+ ];
+});
+
+// USER COMPONENTS PERMISSION STATES
+$factory->state(App\Models\User::class, 'view-components', function ($faker) {
+ return [
+ 'permissions' => '{"components.view":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'create-components', function ($faker) {
+ return [
+ 'permissions' => '{"components.create":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'edit-components', function ($faker) {
+ return [
+ 'permissions' => '{"components.edit":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'delete-components', function ($faker) {
+ return [
+ 'permissions' => '{"components.delete":"1",}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'checkin-components', function ($faker) {
+ return [
+ 'permissions' => '{"components.checkin":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'checkout-components', function ($faker) {
+ return [
+ 'permissions' => '{"components.checkout":"1"}',
+ ];
+});
+
+// USER USER PERMISSION STATES
+$factory->state(App\Models\User::class, 'view-users', function ($faker) {
+ return [
+ 'permissions' => '{"users.view":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'create-users', function ($faker) {
+ return [
+ 'permissions' => '{"users.create":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'edit-users', function ($faker) {
+ return [
+ 'permissions' => '{"users.edit":"1"}',
+ ];
+});
+
+$factory->state(App\Models\User::class, 'delete-users', function ($faker) {
+ return [
+ 'permissions' => '{"users.delete":"1",}',
+ ];
+});
diff --git a/database/migrations/2016_12_19_004212_adjust_locale_length_to_10.php b/database/migrations/2016_12_19_004212_adjust_locale_length_to_10.php
new file mode 100644
index 000000000000..ef31f4080e9c
--- /dev/null
+++ b/database/migrations/2016_12_19_004212_adjust_locale_length_to_10.php
@@ -0,0 +1,34 @@
+string('locale', 10)->nullable()->default(config('app.locale'))->change();
+ });
+ }
+
+ /**
+ * Reverse the migrations.
+ *
+ * @return void
+ */
+ public function down()
+ {
+ Schema::table('users', function (Blueprint $table) {
+ //
+ $table->string('locale', 5)->nullable()->default(config('app.locale'))->change();
+ });
+ }
+}
diff --git a/resources/views/accessories/index.blade.php b/resources/views/accessories/index.blade.php
index c8059ba03137..592b0b8dc5c1 100755
--- a/resources/views/accessories/index.blade.php
+++ b/resources/views/accessories/index.blade.php
@@ -7,7 +7,7 @@
@stop
@section('header_right')
- @can('accessories.create')
+ @can('create', \App\Models\Accessory::class)
{{ trans('general.create') }}
@endcan
@stop
diff --git a/resources/views/accessories/view.blade.php b/resources/views/accessories/view.blade.php
index 3518f7ff6274..947047c539e1 100644
--- a/resources/views/accessories/view.blade.php
+++ b/resources/views/accessories/view.blade.php
@@ -14,22 +14,22 @@
{{-- Right header --}}
@section('header_right')
- @can('accessories.manage')
+ @can('manage', \App\Models\Accessory::class)
.'/uploads/models/'.$model->image.')
' : '',
+ 'image' => ($model->image!='') ? '