Add a backward compatibility setting for locations with companies

Now that locations have a company_id they get restricted to the users company with FullMultipleCompanySupport. This breaks backward compatibility, because before everyone can handle locations without restrictions. Add a setting right below FullMultipleCompanySupport so that everyone can switch to the desired behaviour. The default is off and the existing behaviour is preserved.
snipe · Mar 1, 2023 · 6b0a82c · 6b0a82c
1 parent 45f31f5
commit 6b0a82c
Show file tree

Hide file tree

Showing 9 changed files with 106 additions and 10 deletions.
diff --git a/app/Http/Controllers/Api/LocationsController.php b/app/Http/Controllers/Api/LocationsController.php
@@ -9,6 +9,7 @@
 use App\Http\Transformers\LocationsTransformer;
 use App\Http\Transformers\SelectlistTransformer;
 use App\Models\Location;
+use App\Models\Setting;
 use Illuminate\Http\Request;
 use Illuminate\Pagination\LengthAwarePaginator;
 use Illuminate\Support\Collection;
@@ -66,7 +67,10 @@ public function index(Request $request)
             ->withCount('rtd_assets as rtd_assets_count')
             ->withCount('users as users_count');
 
-        $locations = Company::scopeCompanyables($locations);
+        // Only scope locations if the setting is enabled
+        if (Setting::getSettings()->scope_locations_fmcs) {
+            $locations = Company::scopeCompanyables($locations);
+        }
 
         if ($request->filled('search')) {
             $locations = $locations->TextSearch($request->input('search'));
@@ -144,9 +148,13 @@ public function store(ImageUploadRequest $request)
         $this->authorize('create', Location::class);
         $location = new Location;
         $location->fill($request->all());
-        $location->company_id = Company::getIdForCurrentUser($request->get('company_id'));
         $location = $request->handleImages($location);
 
+        // Only scope location if the setting is enabled
+        if (Setting::getSettings()->scope_locations_fmcs) {
+            $location->company_id = Company::getIdForCurrentUser($request->get('company_id'));
+        }
+
         if ($location->save()) {
             return response()->json(Helper::formatStandardApiResponse('success', (new LocationsTransformer)->transformLocation($location), trans('admin/locations/message.create.success')));
         }
@@ -210,7 +218,12 @@ public function update(ImageUploadRequest $request, $id)
         $location = $request->handleImages($location);
 
         if ($request->filled('company_id')) {
-            $location->company_id = Company::getIdForCurrentUser($request->get('company_id'));
+            // Only scope location if the setting is enabled
+            if (Setting::getSettings()->scope_locations_fmcs) {
+                $location->company_id = Company::getIdForCurrentUser($request->get('company_id'));
+            } else {
+                $location->company_id = $request->get('company_id');
+            }
         }
 
         if ($location->isValid()) {
@@ -290,7 +303,10 @@ public function selectlist(Request $request)
             'locations.image',
         ]);
 
-        $locations = Company::scopeCompanyables($locations);
+        // Only scope locations if the setting is enabled
+        if (Setting::getSettings()->scope_locations_fmcs) {
+            $locations = Company::scopeCompanyables($locations);
+        }
 
         $page = 1;
         if ($request->filled('page')) {

diff --git a/app/Http/Controllers/LocationsController.php b/app/Http/Controllers/LocationsController.php
@@ -7,6 +7,7 @@
 use App\Models\Company;
 use App\Models\Location;
 use App\Models\User;
+use App\Models\Setting;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Storage;
 
@@ -79,9 +80,15 @@ public function store(ImageUploadRequest $request)
         $location->zip = $request->input('zip');
         $location->ldap_ou = $request->input('ldap_ou');
         $location->manager_id = $request->input('manager_id');
-        $location->company_id = Company::getIdForCurrentUser($request->input('company_id'));
         $location->user_id = Auth::id();
 
+        // Only scope the location if the setting is enabled
+        if (Setting::getSettings()->scope_locations_fmcs) {
+            $location->company_id = Company::getIdForCurrentUser($request->input('company_id'));
+        } else {
+            $location->company_id = $request->input('company_id');
+        }
+
         $location = $request->handleImages($location);
 
         if ($location->save()) {
@@ -143,7 +150,13 @@ public function update(ImageUploadRequest $request, $locationId = null)
         $location->zip = $request->input('zip');
         $location->ldap_ou = $request->input('ldap_ou');
         $location->manager_id = $request->input('manager_id');
-        $location->company_id = Company::getIdForCurrentUser($request->input('company_id'));
+
+        // Only scope the location if the setting is enabled
+        if (Setting::getSettings()->scope_locations_fmcs) {
+            $location->company_id = Company::getIdForCurrentUser($request->input('company_id'));
+        } else {
+            $location->company_id = $request->input('company_id');
+        }
 
         $location = $request->handleImages($location);
 

diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php
@@ -332,6 +332,13 @@ public function postSettings(Request $request)
         }
 
         $setting->full_multiple_companies_support = $request->input('full_multiple_companies_support', '0');
+        $setting->scope_locations_fmcs = $request->input('scope_locations_fmcs', '0');
+
+        // Backward compatibility for locations makes no sense without FullMultipleCompanySupport
+        if (!$setting->full_multiple_companies_support) {
+            $setting->scope_locations_fmcs = '0';
+        }
+
         $setting->unique_serial = $request->input('unique_serial', '0');
         $setting->show_images_in_email = $request->input('show_images_in_email', '0');
         $setting->show_archived_in_list = $request->input('show_archived_in_list', '0');

diff --git a/app/Models/Location.php b/app/Models/Location.php
@@ -4,6 +4,7 @@
 
 use App\Http\Traits\UniqueUndeletedTrait;
 use App\Models\Asset;
+use App\Models\Setting;
 use App\Models\SnipeModel;
 use App\Models\Traits\Searchable;
 use App\Models\User;
@@ -17,12 +18,21 @@
 
 class Location extends SnipeModel
 {
+    function __construct() {
+        parent::__construct();
+        // This is a workaround for backward compatibility with older versions where locations doesn't get scoped.
+        // Normaly we would only add 'use CompanyableTrait;', but this has to be conditional on the setting.
+        // So instead of using the trait, add the scope directly if no backward compatibility is used
+        if (Setting::getSettings()->scope_locations_fmcs) {
+            static::addGlobalScope(new CompanyableScope);
+        }
+    }
+
     use HasFactory;
 
     protected $presenter = \App\Presenters\LocationPresenter::class;
     use Presentable;
     use SoftDeletes;
-    use CompanyableTrait;
 
     protected $table = 'locations';
     protected $rules = [

diff --git a/database/migrations/2023_02_27_092130_add_scope_locations_setting.php b/database/migrations/2023_02_27_092130_add_scope_locations_setting.php
@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddScopeLocationsSetting extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('settings', function (Blueprint $table) {
+            $table->boolean('scope_locations_fmcs')->default('0');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('locations', function (Blueprint $table) {
+            $table->dropColumn('scope_locations_fmcs');
+        });
+    }
+}
diff --git a/resources/lang/de/admin/settings/general.php b/resources/lang/de/admin/settings/general.php
@@ -142,6 +142,8 @@
     'logo_print_assets_help'    => 'Firmenlogo anzeigen beim Drucken der Asset-Liste ',
     'full_multiple_companies_support_help_text' => 'Beschränkung von Benutzern (inklusive Administratoren) die einer Firma zugewiesen sind zu den Assets der Firma.',
     'full_multiple_companies_support_text' => 'Volle Mehrmandanten-Unterstützung für Firmen',
+    'scope_locations_fmcs_support_text'  => 'Beschränke Standorte mit voller Mehrmandanten-Unterstützung für Firmen',
+    'scope_locations_fmcs_support_help_text'  => 'Bis zu Version 6.x waren Standorte nicht auf die Firma des Benutzers beschränkt. Wenn diese Einstellung deaktiviert ist, wird die Kompatibilität zu älteren Versionen gewahrt und die Standorte nicht beschränkt. Wenn diese Einstellung aktiviert ist, werden Standorte ebenfalls auf die Firma des Benutzers beschränkt.',
     'show_in_model_list'   => 'In Modell-Dropdown-Liste anzeigen',
     'optional'					=> 'optional',
     'per_page'                  => 'Ergebnisse pro Seite',

diff --git a/resources/lang/en/admin/settings/general.php b/resources/lang/en/admin/settings/general.php
@@ -142,6 +142,8 @@
     'logo_print_assets_help'    => 'Use branding on printable asset lists ',
     'full_multiple_companies_support_help_text' => 'Restricting users (including admins) assigned to companies to their company\'s assets.',
     'full_multiple_companies_support_text' => 'Full Multiple Companies Support',
+    'scope_locations_fmcs_support_text'  => 'Scope Locations with Full Multiple Companies Support',
+    'scope_locations_fmcs_support_help_text'  => 'Up until Version 6.x locations were not restricted to the users company. If this setting is disabled, this preserves backward compatibility with older versions and locations are not restricted. If this setting is enabled, locations are also restricted to the users company',
     'show_in_model_list'   => 'Show in Model Dropdowns',
     'optional'					=> 'optional',
     'per_page'                  => 'Results Per Page',

diff --git a/resources/views/modals/location.blade.php b/resources/views/modals/location.blade.php
@@ -10,8 +10,8 @@
                     <div class="alert alert-danger" id="modal_error_msg" style="display:none">
                 </div>
 
-                <!-- Setup of default company, taken from asset creator -->
-				@if ($user->company)
+                <!-- Setup of default company, taken from asset creator if scoped locations are activated in the settings -->
+				@if (($snipeSettings->scope_locations_fmcs == '1') && ($user->company))
 					<input type="hidden" name="company_id" id='modal-company' value='{{ $user->company->id }}' class="form-control">
 				@endif
 

diff --git a/resources/views/settings/general.blade.php b/resources/views/settings/general.blade.php
@@ -56,7 +56,22 @@
                             </p>
                         </div>
                     </div>
+                    <!-- /.form-group -->
 
+                    <!-- Scope Locations with Full Multiple Companies Support -->
+                    <div class="form-group {{ $errors->has('scope_locations_fmcs') ? 'error' : '' }}">
+                        <div class="col-md-3">
+                            {{ Form::label('scope_locations_fmcs', trans('admin/settings/general.scope_locations_fmcs_support_text')) }}
+                        </div>
+                        <div class="col-md-9">
+                            {{ Form::checkbox('scope_locations_fmcs', '1', old('scope_locations_fmcs', $setting->scope_locations_fmcs),array('class' => 'minimal', 'aria-label'=>'scope_locations_fmcs')) }}
+                            {{ trans('admin/settings/general.scope_locations_fmcs_support_text') }}
+                            {!! $errors->first('scope_locations_fmcs', '<span class="alert-msg" aria-hidden="true">:message</span>') !!}
+                            <p class="help-block">
+                                {{ trans('admin/settings/general.scope_locations_fmcs_support_help_text') }}
+                            </p>
+                        </div>
+                    </div>
                     <!-- /.form-group -->
 
                     <!-- Require signature for acceptance -->
@@ -433,6 +448,5 @@
             });
         });
 
-
     </script>
 @stop