ok

Production/SNIPE-IT/app/Http/Controllers/Api/AccessoriesController.php

@@ -0,0 +1,382 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Events\CheckoutableCheckedOut;
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\AccessoriesTransformer;
+use App\Http\Transformers\SelectlistTransformer;
+use App\Models\Accessory;
+use App\Models\Company;
+use App\Models\User;
+use Auth;
+use Carbon\Carbon;
+use DB;
+use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
+
+class AccessoriesController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        if ($request->user()->cannot('reports.view')) {
+            $this->authorize('view', Accessory::class);
+        }
+
+
+        // This array is what determines which fields should be allowed to be sorted on ON the table itself, no relations
+        // Relations will be handled in query scopes a little further down.
+        $allowed_columns = 
+            [
+                'id',
+                'name',
+                'model_number',
+                'eol',
+                'notes',
+                'created_at',
+                'min_amt',
+                'company_id',
+                'notes',
+                'users_count',
+                'qty',
+            ];
+
+
+        $accessories = Accessory::select('accessories.*')->with('category', 'company', 'manufacturer', 'users', 'location', 'supplier')
+                                ->withCount('users as users_count');
+
+        if ($request->filled('search')) {
+            $accessories = $accessories->TextSearch($request->input('search'));
+        }
+
+        if ($request->filled('company_id')) {
+            $accessories->where('company_id', '=', $request->input('company_id'));
+        }
+
+        if ($request->filled('category_id')) {
+            $accessories->where('category_id', '=', $request->input('category_id'));
+        }
+
+        if ($request->filled('manufacturer_id')) {
+            $accessories->where('manufacturer_id', '=', $request->input('manufacturer_id'));
+        }
+
+        if ($request->filled('supplier_id')) {
+            $accessories->where('supplier_id', '=', $request->input('supplier_id'));
+        }
+
+        if ($request->filled('location_id')) {
+            $accessories->where('location_id','=',$request->input('location_id'));
+        }
+
+        if ($request->filled('notes')) {
+            $accessories->where('notes','=',$request->input('notes'));
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $accessories->count()) ? $accessories->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');
+
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+        $sort_override =  $request->input('sort');
+        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'created_at';
+
+        switch ($sort_override) {
+            case 'category':
+                $accessories = $accessories->OrderCategory($order);
+                break;
+            case 'company':
+                $accessories = $accessories->OrderCompany($order);
+                break;
+            case 'location':
+                $accessories = $accessories->OrderLocation($order);
+                break;
+            case 'manufacturer':
+                $accessories = $accessories->OrderManufacturer($order);
+                break;    
+            case 'supplier':
+                $accessories = $accessories->OrderSupplier($order);
+                break;       
+            default:
+                $accessories = $accessories->orderBy($column_sort, $order);
+                break;
+        }
+ 
+        $total = $accessories->count();
+        $accessories = $accessories->skip($offset)->take($limit)->get();
+
+        return (new AccessoriesTransformer)->transformAccessories($accessories, $total);
+    }
+
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(ImageUploadRequest $request)
+    {
+        $this->authorize('create', Accessory::class);
+        $accessory = new Accessory;
+        $accessory->fill($request->all());
+        $accessory = $request->handleImages($accessory);
+
+        if ($accessory->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $accessory, trans('admin/accessories/message.create.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $accessory->getErrors()));
+
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function show($id)
+    {
+        $this->authorize('view', Accessory::class);
+        $accessory = Accessory::withCount('users as users_count')->findOrFail($id);
+
+        return (new AccessoriesTransformer)->transformAccessory($accessory);
+    }
+
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function accessory_detail($id)
+    {
+        $this->authorize('view', Accessory::class);
+        $accessory = Accessory::findOrFail($id);
+
+        return (new AccessoriesTransformer)->transformAccessory($accessory);
+    }
+
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function checkedout($id, Request $request)
+    {
+        $this->authorize('view', Accessory::class);
+
+        $accessory = Accessory::with('lastCheckout')->findOrFail($id);
+        if (! Company::isCurrentUserHasAccess($accessory)) {
+            return ['total' => 0, 'rows' => []];
+        }
+
+        $offset = request('offset', 0);
+        $limit = request('limit', 50);
+
+        $accessory_users = $accessory->users;
+        $total = $accessory_users->count();
+
+        if ($total < $offset) {
+            $offset = 0;
+        }
+
+        $accessory_users = $accessory->users()->skip($offset)->take($limit)->get();
+
+        if ($request->filled('search')) {
+            $accessory_users = $accessory->users()
+                                         ->where(function ($query) use ($request) {
+                                             $search_str = '%' . $request->input('search') . '%';
+                                             $query->where('first_name', 'like', $search_str)
+                                                   ->orWhere('last_name', 'like', $search_str)
+                                                   ->orWhere('note', 'like', $search_str);
+                                         })
+                                         ->get();
+            $total = $accessory_users->count();
+        }
+
+        return (new AccessoriesTransformer)->transformCheckedoutAccessory($accessory, $accessory_users, $total);
+    }
+
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest $request
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(ImageUploadRequest $request, $id)
+    {
+        $this->authorize('update', Accessory::class);
+        $accessory = Accessory::findOrFail($id);
+        $accessory->fill($request->all());
+        $accessory = $request->handleImages($accessory);
+
+        if ($accessory->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $accessory, trans('admin/accessories/message.update.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $accessory->getErrors()));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy($id)
+    {
+        $this->authorize('delete', Accessory::class);
+        $accessory = Accessory::findOrFail($id);
+        $this->authorize($accessory);
+
+        if ($accessory->hasUsers() > 0) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.assoc_users', ['count'=> $accessory->hasUsers()])));
+        }
+
+        $accessory->delete();
+
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/accessories/message.delete.success')));
+    }
+
+
+    /**
+     * Save the Accessory checkout information.
+     *
+     * If Slack is enabled and/or asset acceptance is enabled, it will also
+     * trigger a Slack message and send an email.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param  int  $accessoryId
+     * @return Redirect
+     */
+    public function checkout(Request $request, $accessoryId)
+    {
+        // Check if the accessory exists
+        if (is_null($accessory = Accessory::withCount('users as users_count')->find($accessoryId))) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.does_not_exist')));
+        }
+
+        $this->authorize('checkout', $accessory);
+
+
+        if ($accessory->numRemaining() > 0) {
+
+            if (! $user = User::find($request->input('assigned_to'))) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.checkout.user_does_not_exist')));
+            }
+
+            // Update the accessory data
+            $accessory->assigned_to = $request->input('assigned_to');
+
+            $accessory->users()->attach($accessory->id, [
+                'accessory_id' => $accessory->id,
+                'created_at' => Carbon::now(),
+                'user_id' => Auth::id(),
+                'assigned_to' => $request->get('assigned_to'),
+                'note' => $request->get('note'),
+            ]);
+
+            event(new CheckoutableCheckedOut($accessory, $user, Auth::user(), $request->input('note')));
+
+            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/accessories/message.checkout.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, 'No accessories remaining'));
+
+    }
+
+    /**
+     * Check in the item so that it can be checked out again to someone else
+     *
+     * @uses Accessory::checkin_email() to determine if an email can and should be sent
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param Request $request
+     * @param int $accessoryUserId
+     * @param string $backto
+     * @return Redirect
+     * @internal param int $accessoryId
+     */
+    public function checkin(Request $request, $accessoryUserId = null)
+    {
+        if (is_null($accessory_user = DB::table('accessories_users')->find($accessoryUserId))) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.does_not_exist')));
+        }
+
+        $accessory = Accessory::find($accessory_user->accessory_id);
+        $this->authorize('checkin', $accessory);
+
+        $logaction = $accessory->logCheckin(User::find($accessory_user->assigned_to), $request->input('note'));
+
+        // Was the accessory updated?
+        if (DB::table('accessories_users')->where('id', '=', $accessory_user->id)->delete()) {
+            if (! is_null($accessory_user->assigned_to)) {
+                $user = User::find($accessory_user->assigned_to);
+            }
+
+            $data['log_id'] = $logaction->id;
+            $data['first_name'] = $user->first_name;
+            $data['last_name'] = $user->last_name;
+            $data['item_name'] = $accessory->name;
+            $data['checkin_date'] = $logaction->created_at;
+            $data['item_tag'] = '';
+            $data['note'] = $logaction->note;
+
+            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/accessories/message.checkin.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/accessories/message.checkin.error')));
+
+    }
+
+
+    /**
+    * Gets a paginated collection for the select2 menus
+    *
+    * @see \App\Http\Transformers\SelectlistTransformer
+    *
+    */
+    public function selectlist(Request $request)
+    {
+
+        $accessories = Accessory::select([
+            'accessories.id',
+            'accessories.name',
+        ]);
+
+        if ($request->filled('search')) {
+            $accessories = $accessories->where('accessories.name', 'LIKE', '%'.$request->get('search').'%');
+        }
+
+        $accessories = $accessories->orderBy('name', 'ASC')->paginate(50);
+
+        return (new SelectlistTransformer)->transformSelectlist($accessories);
+    }
+
+}

Production/SNIPE-IT/app/Http/Controllers/Api/AssetMaintenancesController.php

@@ -0,0 +1,228 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\AssetMaintenancesTransformer;
+use App\Models\Asset;
+use App\Models\AssetMaintenance;
+use App\Models\Company;
+use Auth;
+use Carbon\Carbon;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Input;
+
+/**
+ * This controller handles all actions related to Asset Maintenance for
+ * the Snipe-IT Asset Management application.
+ *
+ * @version    v2.0
+ */
+class AssetMaintenancesController extends Controller
+{
+
+
+    /**
+     *  Generates the JSON response for asset maintenances listing view.
+     *
+     * @see AssetMaintenancesController::getIndex() method that generates view
+     * @author  Vincent Sposato <vincent.sposato@gmail.com>
+     * @version v1.0
+     * @since [v1.8]
+     * @return string JSON
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('view', Asset::class);
+
+        $maintenances = AssetMaintenance::select('asset_maintenances.*')
+            ->with('asset', 'asset.model', 'asset.location', 'asset.defaultLoc', 'supplier', 'asset.company',  'asset.assetstatus', 'admin');
+
+        if ($request->filled('search')) {
+            $maintenances = $maintenances->TextSearch($request->input('search'));
+        }
+
+        if ($request->filled('asset_id')) {
+            $maintenances->where('asset_id', '=', $request->input('asset_id'));
+        }
+
+        if ($request->filled('supplier_id')) {
+            $maintenances->where('asset_maintenances.supplier_id', '=', $request->input('supplier_id'));
+        }
+
+        if ($request->filled('asset_maintenance_type')) {
+            $maintenances->where('asset_maintenance_type', '=', $request->input('asset_maintenance_type'));
+        }
+
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $maintenances->count()) ? $maintenances->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');
+
+        $allowed_columns = [
+                                'id',
+                                'title',
+                                'asset_maintenance_time',
+                                'asset_maintenance_type',
+                                'cost',
+                                'start_date',
+                                'completion_date',
+                                'notes',
+                                'asset_tag',
+                                'asset_name',
+                                'serial',
+                                'user_id',
+                                'supplier',
+                                'is_warranty',
+                                'status_label',
+                            ];
+
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+        $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'created_at';
+
+        switch ($sort) {
+            case 'user_id':
+                $maintenances = $maintenances->OrderAdmin($order);
+                break;
+            case 'supplier':
+                $maintenances = $maintenances->OrderBySupplier($order);
+                break;
+            case 'asset_tag':
+                $maintenances = $maintenances->OrderByTag($order);
+                break;
+            case 'asset_name':
+                $maintenances = $maintenances->OrderByAssetName($order);
+                break;
+            case 'serial':
+                $maintenances = $maintenances->OrderByAssetSerial($order);
+                break;
+            case 'status_label':
+                $maintenances = $maintenances->OrderStatusName($order);
+                break;
+            default:
+                $maintenances = $maintenances->orderBy($sort, $order);
+                break;
+        }
+
+        $total = $maintenances->count();
+        $maintenances = $maintenances->skip($offset)->take($limit)->get();
+        return (new AssetMaintenancesTransformer())->transformAssetMaintenances($maintenances, $total);
+
+
+    }
+
+
+    /**
+     *  Validates and stores the new asset maintenance
+     *
+     * @see AssetMaintenancesController::getCreate() method for the form
+     * @author  Vincent Sposato <vincent.sposato@gmail.com>
+     * @version v1.0
+     * @since [v1.8]
+     * @return string JSON
+     */
+    public function store(Request $request)
+    {
+        $this->authorize('update', Asset::class);
+        // create a new model instance
+        $maintenance = new AssetMaintenance();
+        $maintenance->fill($request->all());
+        $maintenance->user_id = Auth::id();
+
+        // Was the asset maintenance created?
+        if ($maintenance->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $maintenance, trans('admin/asset_maintenances/message.create.success')));
+
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $maintenance->getErrors()));
+
+    }
+
+    /**
+     *  Validates and stores an update to an asset maintenance
+     *
+     * @author  A. Gianotto <snipe@snipe.net>
+     * @param int $id
+     * @param int $request
+     * @version v1.0
+     * @since [v4.0]
+     * @return string JSON
+     */
+    public function update(Request $request, $id)
+    {
+        $this->authorize('update', Asset::class);
+
+        if ($maintenance = AssetMaintenance::with('asset')->find($id)) {
+
+            // Can this user manage this asset?
+            if (! Company::isCurrentUserHasAccess($maintenance->asset)) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.action_permission_denied', ['item_type' => trans('admin/asset_maintenances/general.maintenance'), 'id' => $id, 'action' => trans('general.edit')])));
+            }
+
+            // The asset this miantenance is attached to is not valid or has been deleted
+            if (!$maintenance->asset) {
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.item_not_found', ['item_type' => trans('general.asset'), 'id' => $id])));
+            }
+
+            $maintenance->fill($request->all());
+
+            if ($maintenance->save()) {
+                return response()->json(Helper::formatStandardApiResponse('success', $maintenance, trans('admin/asset_maintenances/message.edit.success')));
+            }
+
+            return response()->json(Helper::formatStandardApiResponse('error', null, $maintenance->getErrors()));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.item_not_found', ['item_type' => trans('admin/asset_maintenances/general.maintenance'), 'id' => $id])));
+
+    }
+
+    /**
+     *  Delete an asset maintenance
+     *
+     * @author  A. Gianotto <snipe@snipe.net>
+     * @param int $assetMaintenanceId
+     * @version v1.0
+     * @since [v4.0]
+     * @return string JSON
+     */
+    public function destroy($assetMaintenanceId)
+    {
+        $this->authorize('update', Asset::class);
+        // Check if the asset maintenance exists
+        $assetMaintenance = AssetMaintenance::findOrFail($assetMaintenanceId);
+
+        if (! Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot delete a maintenance for that asset'));
+        }
+
+        $assetMaintenance->delete();
+
+        return response()->json(Helper::formatStandardApiResponse('success', $assetMaintenance, trans('admin/asset_maintenances/message.delete.success')));
+
+
+    }
+
+    /**
+     *  View an asset maintenance
+     *
+     * @author  A. Gianotto <snipe@snipe.net>
+     * @param int $assetMaintenanceId
+     * @version v1.0
+     * @since [v4.0]
+     * @return string JSON
+     */
+    public function show($assetMaintenanceId)
+    {
+        $this->authorize('view', Asset::class);
+        $assetMaintenance = AssetMaintenance::findOrFail($assetMaintenanceId);
+        if (! Company::isCurrentUserHasAccess($assetMaintenance->asset)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot view a maintenance for that asset'));
+        }
+
+        return (new AssetMaintenancesTransformer())->transformAssetMaintenance($assetMaintenance);
+
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/AssetModelsController.php

@@ -0,0 +1,286 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\AssetModelsTransformer;
+use App\Http\Transformers\AssetsTransformer;
+use App\Http\Transformers\SelectlistTransformer;
+use App\Models\Asset;
+use App\Models\AssetModel;
+use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
+use Illuminate\Support\Facades\Storage;
+
+/**
+ * This class controls all actions related to asset models for
+ * the Snipe-IT Asset Management application.
+ *
+ * @version    v4.0
+ * @author [A. Gianotto] [<snipe@snipe.net>]
+ */
+class AssetModelsController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('view', AssetModel::class);
+        $allowed_columns =
+            [
+                'id',
+                'image',
+                'name',
+                'model_number',
+                'min_amt',
+                'eol',
+                'notes',
+                'created_at',
+                'manufacturer',
+                'requestable',
+                'assets_count',
+                'category',
+                'fieldset',
+            ];
+
+        $assetmodels = AssetModel::select([
+            'models.id',
+            'models.image',
+            'models.name',
+            'model_number',
+            'min_amt',
+            'eol',
+            'requestable',
+            'models.notes',
+            'models.created_at',
+            'category_id',
+            'manufacturer_id',
+            'depreciation_id',
+            'fieldset_id',
+            'models.deleted_at',
+            'models.updated_at',
+         ])
+            ->with('category', 'depreciation', 'manufacturer', 'fieldset.fields.defaultValues')
+            ->withCount('assets as assets_count');
+
+        if ($request->input('status')=='deleted') {
+            $assetmodels->onlyTrashed();
+        }
+
+        if ($request->filled('category_id')) {
+            $assetmodels = $assetmodels->where('models.category_id', '=', $request->input('category_id'));
+        }
+
+        if ($request->filled('search')) {
+            $assetmodels->TextSearch($request->input('search'));
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $assetmodels->count()) ? $assetmodels->count() : abs($request->input('offset'));
+        $limit = app('api_limit_value');
+
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'models.created_at';
+
+        switch ($sort) {
+            case 'manufacturer':
+                $assetmodels->OrderManufacturer($order);
+                break;
+            case 'category':
+                $assetmodels->OrderCategory($order);
+                break;
+            case 'fieldset':
+                $assetmodels->OrderFieldset($order);
+                break;
+            default:
+                $assetmodels->orderBy($sort, $order);
+                break;
+        }
+
+        $total = $assetmodels->count();
+        $assetmodels = $assetmodels->skip($offset)->take($limit)->get();
+
+        return (new AssetModelsTransformer)->transformAssetModels($assetmodels, $total);
+    }
+
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(ImageUploadRequest $request)
+    {
+        $this->authorize('create', AssetModel::class);
+        $assetmodel = new AssetModel;
+        $assetmodel->fill($request->all());
+        $assetmodel = $request->handleImages($assetmodel);
+
+        if ($assetmodel->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $assetmodel, trans('admin/models/message.create.success')));
+        }
+        return response()->json(Helper::formatStandardApiResponse('error', null, $assetmodel->getErrors()));
+
+
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function show($id)
+    {
+        $this->authorize('view', AssetModel::class);
+        $assetmodel = AssetModel::withCount('assets as assets_count')->findOrFail($id);
+
+        return (new AssetModelsTransformer)->transformAssetModel($assetmodel);
+    }
+
+    /**
+     * Display the specified resource's assets
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function assets($id)
+    {
+        $this->authorize('view', AssetModel::class);
+        $assets = Asset::where('model_id', '=', $id)->get();
+
+        return (new AssetsTransformer)->transformAssets($assets, $assets->count());
+    }
+
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(ImageUploadRequest $request, $id)
+    {
+        $this->authorize('update', AssetModel::class);
+        $assetmodel = AssetModel::findOrFail($id);
+        $assetmodel->fill($request->all());
+        $assetmodel = $request->handleImages($assetmodel);
+        
+        /**
+         * Allow custom_fieldset_id to override and populate fieldset_id.
+         * This is stupid, but required for legacy API support.
+         *
+         * I have no idea why we manually overrode that field name
+         * in previous versions. I assume there was a good reason for
+         * it, but I'll be damned if I can think of one. - snipe
+         */
+        if ($request->filled('custom_fieldset_id')) {
+            $assetmodel->fieldset_id = $request->get('custom_fieldset_id');
+        }
+
+
+        if ($assetmodel->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $assetmodel, trans('admin/models/message.update.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $assetmodel->getErrors()));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy($id)
+    {
+        $this->authorize('delete', AssetModel::class);
+        $assetmodel = AssetModel::findOrFail($id);
+        $this->authorize('delete', $assetmodel);
+
+        if ($assetmodel->assets()->count() > 0) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/models/message.assoc_users')));
+        }
+
+        if ($assetmodel->image) {
+            try {
+                Storage::disk('public')->delete('assetmodels/'.$assetmodel->image);
+            } catch (\Exception $e) {
+                \Log::info($e);
+            }
+        }
+
+        $assetmodel->delete();
+
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/models/message.delete.success')));
+    }
+
+    /**
+     * Gets a paginated collection for the select2 menus
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0.16]
+     * @see \App\Http\Transformers\SelectlistTransformer
+     */
+    public function selectlist(Request $request)
+    {
+
+        $this->authorize('view.selectlists');
+        $assetmodels = AssetModel::select([
+            'models.id',
+            'models.name',
+            'models.image',
+            'models.model_number',
+            'models.manufacturer_id',
+            'models.category_id',
+        ])->with('manufacturer', 'category');
+
+        $settings = \App\Models\Setting::getSettings();
+
+        if ($request->filled('search')) {
+            $assetmodels = $assetmodels->SearchByManufacturerOrCat($request->input('search'));
+        }
+
+        $assetmodels = $assetmodels->OrderCategory('ASC')->OrderManufacturer('ASC')->orderby('models.name', 'asc')->orderby('models.model_number', 'asc')->paginate(50);
+
+        foreach ($assetmodels as $assetmodel) {
+            $assetmodel->use_text = '';
+
+            if ($settings->modellistCheckedValue('category')) {
+                $assetmodel->use_text .= (($assetmodel->category) ? $assetmodel->category->name.' - ' : '');
+            }
+
+            if ($settings->modellistCheckedValue('manufacturer')) {
+                $assetmodel->use_text .= (($assetmodel->manufacturer) ? $assetmodel->manufacturer->name.' ' : '');
+            }
+
+            $assetmodel->use_text .= $assetmodel->name;
+
+            if (($settings->modellistCheckedValue('model_number')) && ($assetmodel->model_number != '')) {
+                $assetmodel->use_text .= ' (#'.$assetmodel->model_number.')';
+            }
+
+            $assetmodel->use_image = ($settings->modellistCheckedValue('image') && ($assetmodel->image)) ? Storage::disk('public')->url('models/'.e($assetmodel->image)) : null;
+        }
+
+        return (new SelectlistTransformer)->transformSelectlist($assetmodels);
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/CategoriesController.php

@@ -0,0 +1,235 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\CategoriesTransformer;
+use App\Http\Transformers\SelectlistTransformer;
+use App\Models\Category;
+use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
+use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Facades\Validator;
+
+class CategoriesController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('view', Category::class);
+        $allowed_columns = [
+            'id',
+            'name',
+            'category_type',
+            'category_type',
+            'use_default_eula',
+            'eula_text',
+            'require_acceptance',
+            'checkin_email',
+            'assets_count',
+            'accessories_count',
+            'consumables_count',
+            'components_count',
+            'licenses_count',
+            'image',
+        ];
+
+        $categories = Category::select([
+            'id',
+            'created_at',
+            'updated_at',
+            'name', 'category_type',
+            'use_default_eula',
+            'eula_text',
+            'require_acceptance',
+            'checkin_email',
+            'image'
+            ])->withCount('accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'licenses as licenses_count');
+
+
+        /*
+         * This checks to see if we should override the Admin Setting to show archived assets in list.
+         * We don't currently use it within the Snipe-IT GUI, but will be useful for API integrations where they
+         * may actually need to fetch assets that are archived.
+         *
+         * @see \App\Models\Category::showableAssets()
+         */
+        if ($request->input('archived')=='true') {
+            $categories = $categories->withCount('assets as assets_count');
+        } else {
+            $categories = $categories->withCount('showableAssets as assets_count');
+        }
+
+        if ($request->filled('search')) {
+            $categories = $categories->TextSearch($request->input('search'));
+        }
+
+        if ($request->filled('name')) {
+            $categories->where('name', '=', $request->input('name'));
+        }
+
+        if ($request->filled('category_type')) {
+            $categories->where('category_type', '=', $request->input('category_type'));
+        }
+
+        if ($request->filled('use_default_eula')) {
+            $categories->where('use_default_eula', '=', $request->input('use_default_eula'));
+        }
+
+        if ($request->filled('require_acceptance')) {
+            $categories->where('require_acceptance', '=', $request->input('require_acceptance'));
+        }
+
+        if ($request->filled('checkin_email')) {
+            $categories->where('checkin_email', '=', $request->input('checkin_email'));
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $categories->count()) ? $categories->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'assets_count';
+        $categories->orderBy($sort, $order);
+
+        $total = $categories->count();
+        $categories = $categories->skip($offset)->take($limit)->get();
+
+        return (new CategoriesTransformer)->transformCategories($categories, $total);
+
+    }
+
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(ImageUploadRequest $request)
+    {
+        $this->authorize('create', Category::class);
+        $category = new Category;
+        $category->fill($request->all());
+        $category->category_type = strtolower($request->input('category_type'));
+        $category = $request->handleImages($category);
+
+        if ($category->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $category, trans('admin/categories/message.create.success')));
+        }
+        return response()->json(Helper::formatStandardApiResponse('error', null, $category->getErrors()));
+
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function show($id)
+    {
+        $this->authorize('view', Category::class);
+        $category = Category::withCount('assets as assets_count', 'accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'licenses as licenses_count')->findOrFail($id);
+        return (new CategoriesTransformer)->transformCategory($category);
+
+    }
+
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(ImageUploadRequest $request, $id)
+    {
+        $this->authorize('update', Category::class);
+        $category = Category::findOrFail($id);
+
+        // Don't allow the user to change the category_type once it's been created
+        if (($request->filled('category_type')) && ($category->category_type != $request->input('category_type'))) {
+            return response()->json(
+                Helper::formatStandardApiResponse('error', null,  trans('admin/categories/message.update.cannot_change_category_type'))
+            );
+        }
+        $category->fill($request->all());
+        $category = $request->handleImages($category);
+
+        if ($category->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $category, trans('admin/categories/message.update.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $category->getErrors()));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy($id)
+    {
+        $this->authorize('delete', Category::class);
+        $category = Category::withCount('assets as assets_count', 'accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'licenses as licenses_count')->findOrFail($id);
+
+        if (! $category->isDeletable()) {
+            return response()->json(
+                Helper::formatStandardApiResponse('error', null, trans('admin/categories/message.assoc_items', ['asset_type'=>$category->category_type]))
+            );
+        }
+        $category->delete();
+
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/categories/message.delete.success')));
+    }
+
+
+    /**
+     * Gets a paginated collection for the select2 menus
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0.16]
+     * @see \App\Http\Transformers\SelectlistTransformer
+     */
+    public function selectlist(Request $request, $category_type = 'asset')
+    {
+        $this->authorize('view.selectlists');
+        $categories = Category::select([
+            'id',
+            'name',
+            'image',
+        ]);
+
+        if ($request->filled('search')) {
+            $categories = $categories->where('name', 'LIKE', '%'.$request->get('search').'%');
+        }
+
+        $categories = $categories->where('category_type', $category_type)->orderBy('name', 'ASC')->paginate(50);
+
+        // Loop through and set some custom properties for the transformer to use.
+        // This lets us have more flexibility in special cases like assets, where
+        // they may not have a ->name value but we want to display something anyway
+        foreach ($categories as $category) {
+            $category->use_image = ($category->image) ? Storage::disk('public')->url('categories/'.$category->image, $category->image) : null;
+        }
+
+        return (new SelectlistTransformer)->transformSelectlist($categories);
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/CompaniesController.php

@@ -0,0 +1,197 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\CompaniesTransformer;
+use App\Http\Transformers\SelectlistTransformer;
+use App\Models\Company;
+use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
+use Illuminate\Support\Facades\Storage;
+
+class CompaniesController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('view', Company::class);
+
+        $allowed_columns = [
+            'id',
+            'name',
+            'phone',
+            'fax',
+            'email',
+            'created_at',
+            'updated_at',
+            'users_count',
+            'assets_count',
+            'licenses_count',
+            'accessories_count',
+            'consumables_count',
+            'components_count',
+        ];
+
+        $companies = Company::withCount(['assets as assets_count'  => function ($query) {
+            $query->AssetsForShow();
+        }])->withCount('licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count', 'components as components_count', 'users as users_count');
+
+        if ($request->filled('search')) {
+            $companies->TextSearch($request->input('search'));
+        }
+
+        if ($request->filled('name')) {
+            $companies->where('name', '=', $request->input('name'));
+        }
+
+		if ($request->filled('email')) {
+            $companies->where('email', '=', $request->input('email'));
+        }
+
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $companies->count()) ? $companies->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
+
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
+        $companies->orderBy($sort, $order);
+
+        $total = $companies->count();
+        $companies = $companies->skip($offset)->take($limit)->get();
+        return (new CompaniesTransformer)->transformCompanies($companies, $total);
+
+    }
+
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(ImageUploadRequest $request)
+    {
+        $this->authorize('create', Company::class);
+        $company = new Company;
+        $company->fill($request->all());
+        $company = $request->handleImages($company);
+        
+        if ($company->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', (new CompaniesTransformer)->transformCompany($company), trans('admin/companies/message.create.success')));
+        }
+
+        return response()
+            ->json(Helper::formatStandardApiResponse('error', null, $company->getErrors()));
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function show($id)
+    {
+        $this->authorize('view', Company::class);
+        $company = Company::findOrFail($id);
+        return (new CompaniesTransformer)->transformCompany($company);
+
+    }
+
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(ImageUploadRequest $request, $id)
+    {
+        $this->authorize('update', Company::class);
+        $company = Company::findOrFail($id);
+        $company->fill($request->all());
+        $company = $request->handleImages($company);
+
+        if ($company->save()) {
+            return response()
+                ->json(Helper::formatStandardApiResponse('success', (new CompaniesTransformer)->transformCompany($company), trans('admin/companies/message.update.success')));
+        }
+
+        return response()
+            ->json(Helper::formatStandardApiResponse('error', null, $company->getErrors()));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy($id)
+    {
+        $this->authorize('delete', Company::class);
+        $company = Company::findOrFail($id);
+        $this->authorize('delete', $company);
+
+        if (! $company->isDeletable()) {
+            return response()
+                    ->json(Helper::formatStandardApiResponse('error', null, trans('admin/companies/message.assoc_users')));
+        }
+        $company->delete();
+
+        return response()
+            ->json(Helper::formatStandardApiResponse('success', null, trans('admin/companies/message.delete.success')));
+    }
+
+    /**
+     * Gets a paginated collection for the select2 menus
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0.16]
+     * @see \App\Http\Transformers\SelectlistTransformer
+     */
+    public function selectlist(Request $request)
+    {
+        $this->authorize('view.selectlists');
+        $companies = Company::select([
+            'companies.id',
+            'companies.name',
+            'companies.email',
+            'companies.image',
+        ]);
+
+        if ($request->filled('search')) {
+            $companies = $companies->where('companies.name', 'LIKE', '%'.$request->get('search').'%');
+        }
+
+        $companies = $companies->orderBy('name', 'ASC')->paginate(50);
+
+        // Loop through and set some custom properties for the transformer to use.
+        // This lets us have more flexibility in special cases like assets, where
+        // they may not have a ->name value but we want to display something anyway
+        foreach ($companies as $company) {
+            $company->use_image = ($company->image) ? Storage::disk('public')->url('companies/'.$company->image, $company->image) : null;
+        }
+
+        return (new SelectlistTransformer)->transformSelectlist($companies);
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/ComponentsController.php

@@ -0,0 +1,359 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\ComponentsTransformer;
+use App\Models\Company;
+use App\Models\Component;
+use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
+use App\Events\CheckoutableCheckedIn;
+use App\Events\ComponentCheckedIn;
+use App\Models\Asset;
+use Illuminate\Support\Facades\Validator;
+use Illuminate\Database\Query\Builder;
+
+class ComponentsController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('view', Component::class);
+
+        // This array is what determines which fields should be allowed to be sorted on ON the table itself, no relations
+        // Relations will be handled in query scopes a little further down.
+        $allowed_columns = 
+            [
+                'id',
+                'name',
+                'min_amt',
+                'order_number',
+                'serial',
+                'purchase_date',
+                'purchase_cost',
+                'qty',
+                'image',
+                'notes',
+            ];
+
+        $components = Component::select('components.*')
+            ->with('company', 'location', 'category', 'assets', 'supplier');
+
+        if ($request->filled('search')) {
+            $components = $components->TextSearch($request->input('search'));
+        }
+
+        if ($request->filled('name')) {
+            $components->where('name', '=', $request->input('name'));
+        }
+
+        if ($request->filled('company_id')) {
+            $components->where('company_id', '=', $request->input('company_id'));
+        }
+
+        if ($request->filled('category_id')) {
+            $components->where('category_id', '=', $request->input('category_id'));
+        }
+
+        if ($request->filled('supplier_id')) {
+            $components->where('supplier_id', '=', $request->input('supplier_id'));
+        }
+
+        if ($request->filled('location_id')) {
+            $components->where('location_id', '=', $request->input('location_id'));
+        }
+
+        if ($request->filled('notes')) {
+            $components->where('notes','=',$request->input('notes'));
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $components->count()) ? $components->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+        $sort_override =  $request->input('sort');
+        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'created_at';
+
+        switch ($sort_override) {
+            case 'category':
+                $components = $components->OrderCategory($order);
+                break;
+            case 'location':
+                $components = $components->OrderLocation($order);
+                break;
+            case 'company':
+                $components = $components->OrderCompany($order);
+                break;
+            case 'supplier':
+                $components = $components->OrderSupplier($order);
+                break;
+            default:
+                $components = $components->orderBy($column_sort, $order);
+                break;
+        }
+
+        $total = $components->count();
+        $components = $components->skip($offset)->take($limit)->get();
+
+        return (new ComponentsTransformer)->transformComponents($components, $total);
+    }
+
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(ImageUploadRequest $request)
+    {
+        $this->authorize('create', Component::class);
+        $component = new Component;
+        $component->fill($request->all());
+        $component = $request->handleImages($component);
+
+        if ($component->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $component, trans('admin/components/message.create.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $component->getErrors()));
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function show($id)
+    {
+        $this->authorize('view', Component::class);
+        $component = Component::findOrFail($id);
+
+        if ($component) {
+            return (new ComponentsTransformer)->transformComponent($component);
+        }
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param   \App\Http\Requests\ImageUploadRequest  $request
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(ImageUploadRequest $request, $id)
+    {
+        $this->authorize('update', Component::class);
+        $component = Component::findOrFail($id);
+        $component->fill($request->all());
+        $component = $request->handleImages($component);
+        
+
+        if ($component->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $component, trans('admin/components/message.update.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $component->getErrors()));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy($id)
+    {
+        $this->authorize('delete', Component::class);
+        $component = Component::findOrFail($id);
+        $this->authorize('delete', $component);
+        $component->delete();
+
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/components/message.delete.success')));
+    }
+
+    /**
+     * Display all assets attached to a component
+     *
+     * @author [A. Bergamasco] [@vjandrea]
+     * @since [v4.0]
+     * @param Request $request
+     * @param int $id
+     * @return \Illuminate\Http\Response
+    */
+    public function getAssets(Request $request, $id)
+    {
+        $this->authorize('view', \App\Models\Asset::class);
+        
+        $component = Component::findOrFail($id);
+        
+        $offset = request('offset', 0);
+        $limit = $request->input('limit', 50);
+        
+        if ($request->filled('search')) {
+            $assets = $component->assets()
+                                ->where(function ($query) use ($request) {
+                                    $search_str = '%' . $request->input('search') . '%';
+                                    $query->where('name', 'like', $search_str)
+                                            ->orWhereIn('model_id', function (Builder $query) use ($request) {
+                                                $search_str = '%' . $request->input('search') . '%';
+                                                $query->selectRaw('id')->from('models')->where('name', 'like', $search_str);
+                                            })
+                                            ->orWhere('asset_tag', 'like', $search_str);
+                                         })
+                                         ->get();
+            $total = $assets->count();
+        } else {
+            $assets = $component->assets();
+            
+            $total = $assets->count();
+            $assets = $assets->skip($offset)->take($limit)->get();
+        }
+
+        return (new ComponentsTransformer)->transformCheckedoutComponents($assets, $total);
+    }
+
+
+    /**
+     * Validate and checkout the component.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * t
+     * @since [v5.1.8]
+     * @param Request $request
+     * @param int $componentId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function checkout(Request $request, $componentId)
+    {
+        // Check if the component exists
+        if (!$component = Component::find($componentId)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.does_not_exist')));
+        }
+
+        $this->authorize('checkout', $component);
+
+        $validator = Validator::make($request->all(), [
+            'assigned_to'          => 'required|exists:assets,id',
+            'assigned_qty'      => "required|numeric|min:1|digits_between:1,".$component->numRemaining(),
+        ]);
+
+        if ($validator->fails()) {
+            return response()->json(Helper::formatStandardApiResponse('error', $validator->errors()));
+
+        }
+
+        // Make sure there is at least one available to checkout
+        if ($component->numRemaining() < $request->get('assigned_qty')) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.checkout.unavailable', ['remaining' => $component->numRemaining(), 'requested' => $request->get('assigned_qty')])));
+        }
+
+        if ($component->numRemaining() >= $request->get('assigned_qty')) {
+
+            $asset = Asset::find($request->input('assigned_to'));
+            $component->assigned_to = $request->input('assigned_to');
+
+            $component->assets()->attach($component->id, [
+                'component_id' => $component->id,
+                'created_at' => \Carbon::now(),
+                'assigned_qty' => $request->get('assigned_qty', 1),
+                'user_id' => \Auth::id(),
+                'asset_id' => $request->get('assigned_to'),
+                'note' => $request->get('note'),
+            ]);
+
+            $component->logCheckout($request->input('note'), $asset);
+
+            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/components/message.checkout.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.checkout.unavailable', ['remaining' => $component->numRemaining(), 'requested' => $request->get('assigned_qty')])));
+    }
+
+    /**
+     * Validate and store checkin data.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v5.1.8]
+     * @param Request $request
+     * @param $component_asset_id
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function checkin(Request $request, $component_asset_id)
+    {
+        if ($component_assets = \DB::table('components_assets')->find($component_asset_id)) {
+
+            if (is_null($component = Component::find($component_assets->component_id))) {
+
+                return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/components/message.not_found')));
+            }
+
+            $this->authorize('checkin', $component);
+
+            $max_to_checkin = $component_assets->assigned_qty;
+
+            if ($max_to_checkin > 1) {
+                
+                $validator = \Validator::make($request->all(), [
+                    "checkin_qty" => "required|numeric|between:1,$max_to_checkin"
+                ]);
+    
+                if ($validator->fails()) {
+                    return response()->json(Helper::formatStandardApiResponse('error', null, 'Checkin quantity must be between 1 and '.$max_to_checkin));
+                }
+            }
+            
+
+            // Validation passed, so let's figure out what we have to do here.
+            $qty_remaining_in_checkout = ($component_assets->assigned_qty - (int)$request->input('checkin_qty', 1));
+
+            // We have to modify the record to reflect the new qty that's
+            // actually checked out.
+            $component_assets->assigned_qty = $qty_remaining_in_checkout;
+
+            \Log::debug($component_asset_id.' - '.$qty_remaining_in_checkout.' remaining in record '.$component_assets->id);
+            
+            \DB::table('components_assets')->where('id',
+                $component_asset_id)->update(['assigned_qty' => $qty_remaining_in_checkout]);
+
+            // If the checked-in qty is exactly the same as the assigned_qty,
+            // we can simply delete the associated components_assets record
+            if ($qty_remaining_in_checkout == 0) {
+                \DB::table('components_assets')->where('id', '=', $component_asset_id)->delete();
+            }
+            
+
+            $asset = Asset::find($component_assets->asset_id);
+
+            event(new CheckoutableCheckedIn($component, $asset, \Auth::user(), $request->input('note'), \Carbon::now()));
+
+            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/components/message.checkin.success')));
+
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, 'No matching checkouts for that component join record'));
+
+    
+    }
+
+}

Production/SNIPE-IT/app/Http/Controllers/Api/ConsumablesController.php

@@ -0,0 +1,321 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Events\CheckoutableCheckedOut;
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\ConsumablesTransformer;
+use App\Http\Transformers\SelectlistTransformer;
+use App\Models\Company;
+use App\Models\Consumable;
+use App\Models\User;
+use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
+use Illuminate\Support\Facades\Auth;
+
+class ConsumablesController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('index', Consumable::class);
+
+        // This array is what determines which fields should be allowed to be sorted on ON the table itself, no relations
+        // Relations will be handled in query scopes a little further down.
+        $allowed_columns = 
+            [
+                'id',
+                'name',
+                'order_number',
+                'min_amt',
+                'purchase_date',
+                'purchase_cost',
+                'company',
+                'category',
+                'model_number', 
+                'item_no', 
+                'qty',
+                'image',
+                'notes',
+                ];
+
+        $consumables = Consumable::select('consumables.*')
+            ->with('company', 'location', 'category', 'users', 'manufacturer');
+
+        if ($request->filled('search')) {
+            $consumables = $consumables->TextSearch(e($request->input('search')));
+        }
+
+        if ($request->filled('name')) {
+            $consumables->where('name', '=', $request->input('name'));
+        }
+
+        if ($request->filled('company_id')) {
+            $consumables->where('company_id', '=', $request->input('company_id'));
+        }
+
+        if ($request->filled('category_id')) {
+            $consumables->where('category_id', '=', $request->input('category_id'));
+        }
+
+        if ($request->filled('model_number')) {
+            $consumables->where('model_number','=',$request->input('model_number'));
+        }
+
+        if ($request->filled('manufacturer_id')) {
+            $consumables->where('manufacturer_id', '=', $request->input('manufacturer_id'));
+        }
+
+        if ($request->filled('supplier_id')) {
+            $consumables->where('supplier_id', '=', $request->input('supplier_id'));
+        }
+
+        if ($request->filled('location_id')) {
+            $consumables->where('location_id','=',$request->input('location_id'));
+        }
+
+        if ($request->filled('notes')) {
+            $consumables->where('notes','=',$request->input('notes'));
+        }
+
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $consumables->count()) ? $consumables->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
+        $allowed_columns = ['id', 'name', 'order_number', 'min_amt', 'purchase_date', 'purchase_cost', 'company', 'category', 'model_number', 'item_no', 'manufacturer', 'location', 'qty', 'image'];
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+
+        $sort_override =  $request->input('sort');
+        $column_sort = in_array($sort_override, $allowed_columns) ? $sort_override : 'created_at';
+
+
+        switch ($sort_override) {
+            case 'category':
+                $consumables = $consumables->OrderCategory($order);
+                break;
+            case 'location':
+                $consumables = $consumables->OrderLocation($order);
+                break;
+            case 'manufacturer':
+                $consumables = $consumables->OrderManufacturer($order);
+                break;
+            case 'company':
+                $consumables = $consumables->OrderCompany($order);
+                break;
+            case 'supplier':
+                $components = $consumables->OrderSupplier($order);
+                break;
+            default:
+                $consumables = $consumables->orderBy($column_sort, $order);
+                break;
+        }
+
+        $total = $consumables->count();
+        $consumables = $consumables->skip($offset)->take($limit)->get();
+
+        return (new ConsumablesTransformer)->transformConsumables($consumables, $total);
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(ImageUploadRequest $request)
+    {
+        $this->authorize('create', Consumable::class);
+        $consumable = new Consumable;
+        $consumable->fill($request->all());
+        $consumable = $request->handleImages($consumable);
+
+        if ($consumable->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $consumable, trans('admin/consumables/message.create.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $consumable->getErrors()));
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param  int $id
+     * @return \Illuminate\Http\Response
+     */
+    public function show($id)
+    {
+        $this->authorize('view', Consumable::class);
+        $consumable = Consumable::with('users')->findOrFail($id);
+
+        return (new ConsumablesTransformer)->transformConsumable($consumable);
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest $request
+     * @param  int $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(ImageUploadRequest $request, $id)
+    {
+        $this->authorize('update', Consumable::class);
+        $consumable = Consumable::findOrFail($id);
+        $consumable->fill($request->all());
+        $consumable = $request->handleImages($consumable);
+        
+        if ($consumable->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $consumable, trans('admin/consumables/message.update.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $consumable->getErrors()));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int $id
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy($id)
+    {
+        $this->authorize('delete', Consumable::class);
+        $consumable = Consumable::findOrFail($id);
+        $this->authorize('delete', $consumable);
+        $consumable->delete();
+
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/consumables/message.delete.success')));
+    }
+
+    /**
+    * Returns a JSON response containing details on the users associated with this consumable.
+    *
+    * @author [A. Gianotto] [<snipe@snipe.net>]
+    * @see \App\Http\Controllers\Consumables\ConsumablesController::getView() method that returns the form.
+    * @since [v1.0]
+    * @param int $consumableId
+    * @return array
+     */
+    public function getDataView($consumableId)
+    {
+        $consumable = Consumable::with(['consumableAssignments'=> function ($query) {
+            $query->orderBy($query->getModel()->getTable().'.created_at', 'DESC');
+        },
+        'consumableAssignments.admin'=> function ($query) {
+        },
+        'consumableAssignments.user'=> function ($query) {
+        },
+        ])->find($consumableId);
+
+        if (! Company::isCurrentUserHasAccess($consumable)) {
+            return ['total' => 0, 'rows' => []];
+        }
+        $this->authorize('view', Consumable::class);
+        $rows = [];
+
+        foreach ($consumable->consumableAssignments as $consumable_assignment) {
+            $rows[] = [
+                'avatar' => ($consumable_assignment->user) ? e($consumable_assignment->user->present()->gravatar) : '',
+                'name' => ($consumable_assignment->user) ? $consumable_assignment->user->present()->nameUrl() : 'Deleted User',
+                'created_at' => Helper::getFormattedDateObject($consumable_assignment->created_at, 'datetime'),
+                'note' => ($consumable_assignment->note) ? e($consumable_assignment->note) : null,
+                'admin' => ($consumable_assignment->admin) ? $consumable_assignment->admin->present()->nameUrl() : null,
+            ];
+        }
+
+        $consumableCount = $consumable->users->count();
+        $data = ['total' => $consumableCount, 'rows' => $rows];
+
+        return $data;
+    }
+
+    /**
+     * Checkout a consumable
+     *
+     * @author [A. Gutierrez] [<andres@baller.tv>]
+     * @param int $id
+     * @since [v4.9.5]
+     * @return JsonResponse
+     */
+    public function checkout(Request $request, $id)
+    {
+        // Check if the consumable exists
+        if (!$consumable = Consumable::with('users')->find($id)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/consumables/message.does_not_exist')));
+        }
+
+        $this->authorize('checkout', $consumable);
+
+        // Make sure there is at least one available to checkout
+        if ($consumable->numRemaining() <= 0) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/consumables/message.checkout.unavailable')));
+        }
+
+        // Make sure there is a valid category
+        if (!$consumable->category){
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.invalid_item_category_single', ['type' => trans('general.consumable')])));
+        }
+
+
+        // Check if the user exists - @TODO:  this should probably be handled via validation, not here??
+        if (!$user = User::find($request->input('assigned_to'))) {
+            // Return error message
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'No user found'));
+            \Log::debug('No valid user');
+        }
+
+        // Update the consumable data
+        $consumable->assigned_to = $request->input('assigned_to');
+
+        $consumable->users()->attach($consumable->id,
+                [
+                    'consumable_id' => $consumable->id,
+                    'user_id' => $user->id,
+                    'assigned_to' => $request->input('assigned_to'),
+                    'note' => $request->input('note'),
+                ]
+            );
+
+        event(new CheckoutableCheckedOut($consumable, $user, Auth::user(), $request->input('note')));
+
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/consumables/message.checkout.success')));
+
+    }
+
+    /**
+    * Gets a paginated collection for the select2 menus
+    *
+    * @see \App\Http\Transformers\SelectlistTransformer
+    */
+    public function selectlist(Request $request)
+    {
+        $consumables = Consumable::select([
+            'consumables.id',
+            'consumables.name',
+        ]);
+
+        if ($request->filled('search')) {
+            $consumables = $consumables->where('consumables.name', 'LIKE', '%'.$request->get('search').'%');
+        }
+
+        $consumables = $consumables->orderBy('name', 'ASC')->paginate(50);
+
+        return (new SelectlistTransformer)->transformSelectlist($consumables);
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/CustomFieldsController.php

@@ -0,0 +1,198 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\CustomFieldsTransformer;
+use App\Models\CustomField;
+use App\Models\CustomFieldset;
+use Illuminate\Http\Request;
+use Validator;
+
+class CustomFieldsController extends Controller
+{
+    /**
+     * Reorder the custom fields within a fieldset
+     *
+     * @author [Brady Wetherington] [<uberbrady@gmail.com>]
+     * @param  int  $id
+     * @since [v3.0]
+     * @return array
+     */
+    public function index()
+    {
+        $this->authorize('index', CustomField::class);
+        $fields = CustomField::get();
+
+        return (new CustomFieldsTransformer)->transformCustomFields($fields, $fields->count());
+    }
+
+    /**
+     * Shows the given field
+     * @author [V. Cordes] [<volker@fdatek.de>]
+     * @param int $id
+     * @since [v4.1.10]
+     * @return View
+     */
+    public function show($id)
+    {
+        $this->authorize('view', CustomField::class);
+        if ($field = CustomField::find($id)) {
+            return (new CustomFieldsTransformer)->transformCustomField($field);
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/custom_fields/message.field.invalid')), 200);
+    }
+
+    /**
+     * Update the specified field
+     *
+     * @author [V. Cordes] [<volker@fdatek.de>]
+     * @since [v4.1.10]
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(Request $request, $id)
+    {
+        $this->authorize('update', CustomField::class);
+        $field = CustomField::findOrFail($id);
+
+        /**
+         * Updated values for the field,
+         * without the "field_encrypted" flag, preventing the change of encryption status
+         * @var array
+         */
+        $data = $request->except(['field_encrypted']);
+
+        $validator = Validator::make($data, $field->validationRules());
+        if ($validator->fails()) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, $validator->errors()));
+        }
+
+        $field->fill($data);
+
+        if ($field->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $field, trans('admin/custom_fields/message.field.update.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $field->getErrors()));
+    }
+
+    /**
+     * Store a newly created field.
+     *
+     * @author [V. Cordes] [<volker@fdatek.de>]
+     * @since [v4.1.10]
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(Request $request)
+    {
+        $this->authorize('create', CustomField::class);
+        $field = new CustomField;
+
+        $data = $request->all();
+        $regex_format = null;
+
+        if ((array_key_exists('format', $data)) && (str_contains($data['format'], 'regex:'))) {
+            $regex_format = $data['format'];
+        }
+
+        $validator = Validator::make($data, $field->validationRules($regex_format));
+
+        if ($validator->fails()) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, $validator->errors()));
+        }
+        $field->fill($data);
+
+        if ($field->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $field, trans('admin/custom_fields/message.field.create.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $field->getErrors()));
+    }
+
+    public function postReorder(Request $request, $id)
+    {
+        $fieldset = CustomFieldset::find($id);
+
+        $this->authorize('update', $fieldset);
+
+        $fields = [];
+        $order_array = [];
+
+        $items = $request->input('item');
+
+        foreach ($items as $order => $field_id) {
+            $order_array[$field_id] = $order;
+        }
+
+        foreach ($fieldset->fields as $field) {
+            $fields[$field->id] = ['required' => $field->pivot->required, 'order' => $order_array[$field->id]];
+        }
+
+        return $fieldset->fields()->sync($fields);
+    }
+
+    public function associate(Request $request, $field_id)
+    {
+        $this->authorize('update', CustomFieldset::class);
+
+        $field = CustomField::findOrFail($field_id);
+
+        $fieldset_id = $request->input('fieldset_id');
+        foreach ($field->fieldset as $fieldset) {
+            if ($fieldset->id == $fieldset_id) {
+                return response()->json(Helper::formatStandardApiResponse('success', $fieldset, trans('admin/custom_fields/message.fieldset.update.success')));
+            }
+        }
+
+        $fieldset = CustomFieldset::findOrFail($fieldset_id);
+        $fieldset->fields()->attach($field->id, ['required' => ($request->input('required') == 'on'), 'order' => $request->input('order', $fieldset->fields->count())]);
+
+        return response()->json(Helper::formatStandardApiResponse('success', $fieldset, trans('admin/custom_fields/message.fieldset.update.success')));
+    }
+
+    public function disassociate(Request $request, $field_id)
+    {
+        $this->authorize('update', CustomFieldset::class);
+
+        $field = CustomField::findOrFail($field_id);
+
+        $fieldset_id = $request->input('fieldset_id');
+        foreach ($field->fieldset as $fieldset) {
+            if ($fieldset->id == $fieldset_id) {
+                $fieldset->fields()->detach($field->id);
+
+                return response()->json(Helper::formatStandardApiResponse('success', $fieldset, trans('admin/custom_fields/message.fieldset.update.success')));
+            }
+        }
+        $fieldset = CustomFieldset::findOrFail($fieldset_id);
+
+        return response()->json(Helper::formatStandardApiResponse('success', $fieldset, trans('admin/custom_fields/message.fieldset.update.success')));
+    }
+
+    /**
+     * Delete a custom field.
+     *
+     * @author [Brady Wetherington] [<uberbrady@gmail.com>]
+     * @since [v1.8]
+     * @return Redirect
+     */
+    public function destroy($field_id)
+    {
+        $field = CustomField::findOrFail($field_id);
+
+        $this->authorize('delete', $field);
+
+        if ($field->fieldset->count() > 0) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Field is in use.'));
+        }
+
+        $field->delete();
+
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/custom_fields/message.field.delete.success')));
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/CustomFieldsetsController.php

@@ -0,0 +1,177 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\CustomFieldsetsTransformer;
+use App\Http\Transformers\CustomFieldsTransformer;
+use App\Models\CustomFieldset;
+use App\Models\CustomField;
+use Illuminate\Http\Request;
+use Redirect;
+use View;
+
+/**
+ * This controller handles all actions related to Custom Asset Fieldsets for
+ * the Snipe-IT Asset Management application.
+ *
+ * @todo Improve documentation here.
+ * @todo Check for raw DB queries and try to convert them to query builder statements
+ * @version    v2.0
+ * @author [Brady Wetherington] [<uberbrady@gmail.com>]
+ * @author [Josh Gibson]
+ */
+class CustomFieldsetsController extends Controller
+{
+    /**
+     * Shows the given fieldset and its fields
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @author [Josh Gibson]
+     * @param int $id
+     * @since [v1.8]
+     * @return View
+     */
+    public function index()
+    {
+        $this->authorize('index', CustomField::class);
+        $fieldsets = CustomFieldset::withCount('fields as fields_count', 'models as models_count')->get();
+
+        return (new CustomFieldsetsTransformer)->transformCustomFieldsets($fieldsets, $fieldsets->count());
+    }
+
+    /**
+     * Shows the given fieldset and its fields
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @author [Josh Gibson]
+     * @param int $id
+     * @since [v1.8]
+     * @return View
+     */
+    public function show($id)
+    {
+        $this->authorize('view', CustomField::class);
+        if ($fieldset = CustomFieldset::find($id)) {
+            return (new CustomFieldsetsTransformer)->transformCustomFieldset($fieldset);
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/custom_fields/message.fieldset.does_not_exist')), 200);
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(Request $request, $id)
+    {
+        $this->authorize('update', CustomField::class);
+        $fieldset = CustomFieldset::findOrFail($id);
+        $fieldset->fill($request->all());
+
+        if ($fieldset->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $fieldset, trans('admin/custom_fields/message.fieldset.update.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $fieldset->getErrors()));
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(Request $request)
+    {
+        $this->authorize('create', CustomField::class);
+        $fieldset = new CustomFieldset;
+        $fieldset->fill($request->all());
+
+        if ($fieldset->save()) {
+            // Sync fieldset with auto_add_to_fieldsets
+            $fields = CustomField::select('id')->where('auto_add_to_fieldsets', '=', '1')->get();
+
+            if ($fields->count() > 0) {
+
+                foreach ($fields as $field) {
+                    $field_ids[] = $field->id;
+                }
+
+                $fieldset->fields()->sync($field_ids);
+            }
+
+            return response()->json(Helper::formatStandardApiResponse('success', $fieldset, trans('admin/custom_fields/message.fieldset.create.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $fieldset->getErrors()));
+    }
+
+    /**
+     * Delete a custom fieldset.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @return Redirect
+     */
+    public function destroy($id)
+    {
+        $this->authorize('delete', CustomField::class);
+        $fieldset = CustomFieldset::findOrFail($id);
+
+        $modelsCount = $fieldset->models->count();
+        $fieldsCount = $fieldset->fields->count();
+
+        if (($modelsCount > 0) || ($fieldsCount > 0)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Fieldset is in use.'));
+        }
+
+        if ($fieldset->delete()) {
+            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/custom_fields/message.fieldset.delete.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, 'Unspecified error'));
+    }
+
+    /**
+     * Return JSON containing a list of fields belonging to a fieldset.
+     *
+     * @author [V. Cordes] [<volker@fdatek.de>]
+     * @since [v4.1.10]
+     * @param $fieldsetId
+     * @return string JSON
+     */
+    public function fields($id)
+    {
+        $this->authorize('view', CustomField::class);
+        $set = CustomFieldset::findOrFail($id);
+        $fields = $set->fields;
+
+        return (new CustomFieldsTransformer)->transformCustomFields($fields, $fields->count());
+    }
+
+    /**
+     * Return JSON containing a list of fields belonging to a fieldset with the
+     * default values for a given model
+     *
+     * @param $modelId
+     * @param $fieldsetId
+     * @return string JSON
+     */
+    public function fieldsWithDefaultValues($fieldsetId, $modelId)
+    {
+        $this->authorize('view', CustomField::class);
+
+        $set = CustomFieldset::findOrFail($fieldsetId);
+
+        $fields = $set->fields;
+
+        return (new CustomFieldsTransformer)->transformCustomFieldsWithDefaultValues($fields, $modelId, $fields->count());
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/DepartmentsController.php

@@ -0,0 +1,208 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\DepartmentsTransformer;
+use App\Http\Transformers\SelectlistTransformer;
+use App\Models\Company;
+use App\Models\Department;
+use Auth;
+use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
+use Illuminate\Support\Facades\Storage;
+
+class DepartmentsController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @author [Godfrey Martinez] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('view', Department::class);
+        $allowed_columns = ['id', 'name', 'image', 'users_count'];
+
+        $departments = Department::select(
+            'departments.id',
+            'departments.name',
+            'departments.phone',
+            'departments.fax',
+            'departments.location_id',
+            'departments.company_id',
+            'departments.manager_id',
+            'departments.created_at',
+            'departments.updated_at',
+            'departments.image'
+        )->with('users')->with('location')->with('manager')->with('company')->withCount('users as users_count');
+
+        if ($request->filled('search')) {
+            $departments = $departments->TextSearch($request->input('search'));
+        }
+
+        if ($request->filled('name')) {
+            $departments->where('name', '=', $request->input('name'));
+        }
+
+        if ($request->filled('company_id')) {
+            $departments->where('company_id', '=', $request->input('company_id'));
+        }
+
+        if ($request->filled('manager_id')) {
+            $departments->where('manager_id', '=', $request->input('manager_id'));
+        }
+
+        if ($request->filled('location_id')) {
+            $departments->where('location_id', '=', $request->input('location_id'));
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $departments->count()) ? $departments->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
+
+        switch ($request->input('sort')) {
+            case 'location':
+                $departments->OrderLocation($order);
+                break;
+            case 'manager':
+                $departments->OrderManager($order);
+                break;
+            default:
+                $departments->orderBy($sort, $order);
+                break;
+        }
+
+        $total = $departments->count();
+        $departments = $departments->skip($offset)->take($limit)->get();
+        return (new DepartmentsTransformer)->transformDepartments($departments, $total);
+
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(ImageUploadRequest $request)
+    {
+        $this->authorize('create', Department::class);
+        $department = new Department;
+        $department->fill($request->all());
+        $department = $request->handleImages($department);
+
+        $department->user_id = Auth::user()->id;
+        $department->manager_id = ($request->filled('manager_id') ? $request->input('manager_id') : null);
+
+        if ($department->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $department, trans('admin/departments/message.create.success')));
+        }
+        return response()->json(Helper::formatStandardApiResponse('error', null, $department->getErrors()));
+
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function show($id)
+    {
+        $this->authorize('view', Department::class);
+        $department = Department::findOrFail($id);
+
+        return (new DepartmentsTransformer)->transformDepartment($department);
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v5.0]
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(ImageUploadRequest $request, $id)
+    {
+        $this->authorize('update', Department::class);
+        $department = Department::findOrFail($id);
+        $department->fill($request->all());
+        $department = $request->handleImages($department);
+
+        if ($department->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $department, trans('admin/departments/message.update.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $department->getErrors()));
+    }
+
+
+    /**
+     * Validates and deletes selected department.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param int $locationId
+     * @since [v4.0]
+     * @return \Illuminate\Http\RedirectResponse
+     */
+    public function destroy($id)
+    {
+        $department = Department::findOrFail($id);
+
+        $this->authorize('delete', $department);
+
+        if ($department->users->count() > 0) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/departments/message.assoc_users')));
+        }
+
+        $department->delete();
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/departments/message.delete.success')));
+
+    }
+
+    /**
+     * Gets a paginated collection for the select2 menus
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0.16]
+     * @see \App\Http\Transformers\SelectlistTransformer
+     */
+    public function selectlist(Request $request)
+    {
+
+        $this->authorize('view.selectlists');
+        $departments = Department::select([
+            'id',
+            'name',
+            'image',
+        ]);
+
+        if ($request->filled('search')) {
+            $departments = $departments->where('name', 'LIKE', '%'.$request->get('search').'%');
+        }
+
+        $departments = $departments->orderBy('name', 'ASC')->paginate(50);
+
+        // Loop through and set some custom properties for the transformer to use.
+        // This lets us have more flexibility in special cases like assets, where
+        // they may not have a ->name value but we want to display something anyway
+        foreach ($departments as $department) {
+            $department->use_image = ($department->image) ? Storage::disk('public')->url('departments/'.$department->image, $department->image) : null;
+        }
+
+        return (new SelectlistTransformer)->transformSelectlist($departments);
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/DepreciationsController.php

@@ -0,0 +1,126 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\DepreciationsTransformer;
+use App\Models\Depreciation;
+use Illuminate\Http\Request;
+
+class DepreciationsController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('view', Depreciation::class);
+        $allowed_columns = ['id','name','months','depreciation_min','created_at'];
+
+        $depreciations = Depreciation::select('id','name','months','depreciation_min','user_id','created_at','updated_at');
+
+        if ($request->filled('search')) {
+            $depreciations = $depreciations->TextSearch($request->input('search'));
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $depreciations->count()) ? $depreciations->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
+        $depreciations->orderBy($sort, $order);
+
+        $total = $depreciations->count();
+        $depreciations = $depreciations->skip($offset)->take($limit)->get();
+
+        return (new DepreciationsTransformer)->transformDepreciations($depreciations, $total);
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(Request $request)
+    {
+        $this->authorize('create', Depreciation::class);
+        $depreciation = new Depreciation;
+        $depreciation->fill($request->all());
+
+        if ($depreciation->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $depreciation, trans('admin/depreciations/message.create.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $depreciation->getErrors()));
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function show($id)
+    {
+        $this->authorize('view', Depreciation::class);
+        $depreciation = Depreciation::findOrFail($id);
+
+        return (new DepreciationsTransformer)->transformDepreciation($depreciation);
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(Request $request, $id)
+    {
+        $this->authorize('update', Depreciation::class);
+        $depreciation = Depreciation::findOrFail($id);
+        $depreciation->fill($request->all());
+
+        if ($depreciation->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $depreciation, trans('admin/depreciations/message.update.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $depreciation->getErrors()));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy($id)
+    {
+        $this->authorize('delete', Depreciation::class);
+        $depreciation = Depreciation::withCount('models as models_count')->findOrFail($id);
+        $this->authorize('delete', $depreciation);
+
+        if ($depreciation->models_count > 0) {
+            return response()->json(Helper::formatStandardApiResponse('error', trans('admin/depreciations/message.assoc_users')));
+        }
+
+        $depreciation->delete();
+
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/depreciations/message.delete.success')));
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/GroupsController.php

@@ -0,0 +1,133 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\GroupsTransformer;
+use App\Models\Group;
+use Illuminate\Http\Request;
+use Auth;
+
+
+class GroupsController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('superadmin');
+
+        $this->authorize('view', Group::class);
+        $allowed_columns = ['id', 'name', 'created_at', 'users_count'];
+
+        $groups = Group::select('id', 'name', 'permissions', 'created_at', 'updated_at', 'created_by')->with('admin')->withCount('users as users_count');
+
+        if ($request->filled('search')) {
+            $groups = $groups->TextSearch($request->input('search'));
+        }
+
+        if ($request->filled('name')) {
+            $groups->where('name', '=', $request->input('name'));
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $groups->count()) ? $groups->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
+        $groups->orderBy($sort, $order);
+
+        $total = $groups->count();
+        $groups = $groups->skip($offset)->take($limit)->get();
+
+        return (new GroupsTransformer)->transformGroups($groups, $total);
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(Request $request)
+    {
+        $this->authorize('superadmin');
+        $group = new Group;
+
+        $group->name = $request->input('name');
+        $group->created_by = Auth::user()->id;
+        $group->permissions = json_encode($request->input('permissions')); // Todo - some JSON validation stuff here
+
+        if ($group->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.create.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $group->getErrors()));
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function show($id)
+    {
+        $this->authorize('superadmin');
+        $group = Group::findOrFail($id);
+
+        return (new GroupsTransformer)->transformGroup($group);
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(Request $request, $id)
+    {
+        $this->authorize('superadmin');
+        $group = Group::findOrFail($id);
+
+        $group->name = $request->input('name');
+        $group->permissions = $request->input('permissions'); // Todo - some JSON validation stuff here
+
+        if ($group->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $group, trans('admin/groups/message.update.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $group->getErrors()));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy($id)
+    {
+        $this->authorize('superadmin');
+        $group = Group::findOrFail($id);
+        $group->delete();
+
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/groups/message.delete.success')));
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/ImportController.php

@@ -0,0 +1,235 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Requests\ItemImportRequest;
+use App\Http\Transformers\ImportsTransformer;
+use App\Models\Asset;
+use App\Models\Company;
+use App\Models\Import;
+use Artisan;
+use Illuminate\Database\Eloquent\JsonEncodingException;
+use Illuminate\Support\Facades\Request;
+use Illuminate\Support\Facades\Session;
+use Illuminate\Support\Facades\Storage;
+use League\Csv\Reader;
+use Symfony\Component\HttpFoundation\File\Exception\FileException;
+
+class ImportController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function index()
+    {
+        $this->authorize('import');
+        $imports = Import::latest()->get();
+
+        return (new ImportsTransformer)->transformImports($imports);
+    }
+
+    /**
+     * Process and store a CSV upload file.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function store()
+    {
+        $this->authorize('import');
+        if (! config('app.lock_passwords')) {
+            $files = Request::file('files');
+            $path = config('app.private_uploads').'/imports';
+            $results = [];
+            $import = new Import;
+            foreach ($files as $file) {
+                if (! in_array($file->getMimeType(), [
+                    'application/vnd.ms-excel',
+                    'text/csv',
+                    'application/csv',
+                    'text/x-Algol68', // because wtf CSV files?
+                    'text/plain',
+                    'text/comma-separated-values',
+                    'text/tsv', ])) {
+                    $results['error'] = 'File type must be CSV. Uploaded file is '.$file->getMimeType();
+
+                    return response()->json(Helper::formatStandardApiResponse('error', null, $results['error']), 422);
+                }
+
+                //TODO: is there a lighter way to do this?
+                if (! ini_get('auto_detect_line_endings')) {
+                    ini_set('auto_detect_line_endings', '1');
+                }
+                $reader = Reader::createFromFileObject($file->openFile('r')); //file pointer leak?
+
+                try {
+                    $import->header_row = $reader->fetchOne(0);
+                } catch (JsonEncodingException $e) {
+                    return response()->json(
+                        Helper::formatStandardApiResponse(
+                            'error',
+                            null,
+                            trans('admin/hardware/message.import.header_row_has_malformed_characters')
+                        ),
+                        422
+                    );
+                }
+
+                //duplicate headers check
+                $duplicate_headers = [];
+
+                for ($i = 0; $i < count($import->header_row); $i++) {
+                    $header = $import->header_row[$i];
+                    if (in_array($header, $import->header_row)) {
+                        $found_at = array_search($header, $import->header_row);
+                        if ($i > $found_at) {
+                            //avoid reporting duplicates twice, e.g. "1 is same as 17! 17 is same as 1!!!"
+                            //as well as "1 is same as 1!!!" (which is always true)
+                            //has to be > because otherwise the first result of array_search will always be $i itself(!)
+                            array_push($duplicate_headers, "Duplicate header '$header' detected, first at column: ".($found_at + 1).', repeats at column: '.($i + 1));
+                        }
+                    }
+                }
+                if (count($duplicate_headers) > 0) {
+                    return response()->json(Helper::formatStandardApiResponse('error', null, implode('; ', $duplicate_headers)),422);
+                }
+
+                try {
+                    // Grab the first row to display via ajax as the user picks fields
+                    $import->first_row = $reader->fetchOne(1);
+                } catch (JsonEncodingException $e) {
+                    return response()->json(
+                        Helper::formatStandardApiResponse(
+                            'error',
+                            null,
+                            trans('admin/hardware/message.import.content_row_has_malformed_characters')
+                        ),
+                        422
+                    );
+                }
+
+                $date = date('Y-m-d-his');
+                $fixed_filename = str_slug($file->getClientOriginalName());
+                try {
+                    $file->move($path, $date.'-'.$fixed_filename);
+                } catch (FileException $exception) {
+                    $results['error'] = trans('admin/hardware/message.upload.error');
+                    if (config('app.debug')) {
+                        $results['error'] .= ' '.$exception->getMessage();
+                    }
+
+                    return response()->json(Helper::formatStandardApiResponse('error', null, $results['error']), 500);
+                }
+                $file_name = date('Y-m-d-his').'-'.$fixed_filename;
+                $import->file_path = $file_name;
+                $import->filesize = null;
+
+                if (!file_exists($path.'/'.$file_name)) {
+                    return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.file_not_found')), 500);
+                }
+
+                $import->filesize = filesize($path.'/'.$file_name);
+                
+                $import->save();
+                $results[] = $import;
+            }
+            $results = (new ImportsTransformer)->transformImports($results);
+
+            return response()->json([
+                'files' => $results,
+            ]);
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('general.feature_disabled')), 422);
+    }
+
+    /**
+     * Processes the specified Import.
+     *
+     * @param  int  $import_id
+     * @return \Illuminate\Http\Response
+     */
+    public function process(ItemImportRequest $request, $import_id)
+    {
+        $this->authorize('import');
+
+        // Run a backup immediately before processing
+        if ($request->get('run-backup')) {
+            \Log::debug('Backup manually requested via importer');
+            Artisan::call('snipeit:backup', ['--filename' => 'pre-import-backup-'.date('Y-m-d-H:i:s')]);
+        } else {
+            \Log::debug('NO BACKUP requested via importer');
+        }
+
+        $import = Import::find($import_id);
+
+        if(is_null($import)){
+            $error[0][0] = trans("validation.exists", ["attribute" => "file"]);
+            return response()->json(Helper::formatStandardApiResponse('import-errors', null, $error), 500);
+        }
+
+        $errors = $request->import($import);
+        $redirectTo = 'hardware.index';
+        switch ($request->get('import-type')) {
+            case 'asset':
+                $redirectTo = 'hardware.index';
+                break;
+            case 'accessory':
+                $redirectTo = 'accessories.index';
+                break;
+            case 'consumable':
+                $redirectTo = 'consumables.index';
+                break;
+            case 'component':
+                $redirectTo = 'components.index';
+                break;
+            case 'license':
+                $redirectTo = 'licenses.index';
+                break;
+            case 'user':
+                $redirectTo = 'users.index';
+                break;
+            case 'location':
+                $redirectTo = 'locations.index';
+                break;
+        }
+
+        if ($errors) { //Failure
+            return response()->json(Helper::formatStandardApiResponse('import-errors', null, $errors), 500);
+        }
+        //Flash message before the redirect
+        Session::flash('success', trans('admin/hardware/message.import.success'));
+
+        return response()->json(Helper::formatStandardApiResponse('success', null, ['redirect_url' => route($redirectTo)]));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @param  int  $import_id
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy($import_id)
+    {
+        $this->authorize('create', Asset::class);
+
+        if ($import = Import::find($import_id)) {
+            try {
+                // Try to delete the file
+                Storage::delete('imports/'.$import->file_path);
+                $import->delete();
+
+                return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/hardware/message.import.file_delete_success')));
+            } catch (\Exception $e) {
+                // If the file delete didn't work, remove it from the database anyway and return a warning
+                $import->delete();
+
+                return response()->json(Helper::formatStandardApiResponse('warning', null, trans('admin/hardware/message.import.file_not_deleted_warning')));
+            }
+        }
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/LabelsController.php

@@ -0,0 +1,71 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\LabelsTransformer;
+use App\Models\Labels\Label;
+use Illuminate\Http\Request;
+use Illuminate\Support\ItemNotFoundException;
+use Auth;
+
+class LabelsController extends Controller
+{
+    /**
+     * Returns JSON listing of all labels.
+     *
+     * @author Grant Le Roux <grant.leroux+snipe-it@gmail.com>
+     * @return JsonResponse
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('view', Label::class);
+
+        $labels = Label::find();
+
+        if ($request->filled('search')) {
+            $search = $request->get('search');
+            $labels = $labels->filter(function ($label, $index) use ($search) {
+                return stripos($label->getName(), $search) !== false;
+            });
+        }
+
+        $total = $labels->count();
+
+        $offset = $request->get('offset', 0);
+        $offset = ($offset > $total) ? $total : $offset;
+
+        $maxLimit = config('app.max_results');
+        $limit = $request->get('limit', $maxLimit);
+        $limit = ($limit > $maxLimit) ? $maxLimit : $limit;
+        
+        $labels = $labels->skip($offset)->take($limit);
+
+        return (new LabelsTransformer)->transformLabels($labels, $total, $request);
+    }
+
+    /**
+     * Returns JSON with information about a label for detail view.
+     *
+     * @author Grant Le Roux <grant.leroux+snipe-it@gmail.com>
+     * @param  string  $labelName
+     * @return JsonResponse
+     */
+    public function show(string $labelName)
+    {
+        $labelName = str_replace('/', '\\', $labelName);
+        try {
+            $label = Label::find($labelName);
+        } catch(ItemNotFoundException $e) {
+            return response()
+                ->json(
+                    Helper::formatStandardApiResponse('error', null, trans('admin/labels/message.does_not_exist')), 
+                    404
+                );
+        }
+        $this->authorize('view', $label);
+        return (new LabelsTransformer)->transformLabel($label);
+    }
+
+}

Production/SNIPE-IT/app/Http/Controllers/Api/LicenseSeatsController.php

@@ -0,0 +1,155 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\LicenseSeatsTransformer;
+use App\Models\Asset;
+use App\Models\License;
+use App\Models\LicenseSeat;
+use App\Models\User;
+use Auth;
+use Illuminate\Http\Request;
+
+class LicenseSeatsController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $licenseId
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request, $licenseId)
+    {
+        //
+        if ($license = License::find($licenseId)) {
+            $this->authorize('view', $license);
+
+            $seats = LicenseSeat::with('license', 'user', 'asset', 'user.department')
+                ->where('license_seats.license_id', $licenseId);
+
+            $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+
+            if ($request->input('sort') == 'department') {
+                $seats->OrderDepartments($order);
+            } else {
+                $seats->orderBy('id', $order);
+            }
+
+            $total = $seats->count();
+
+            // Make sure the offset and limit are actually integers and do not exceed system limits
+            $offset = ($request->input('offset') > $seats->count()) ? $seats->count() : app('api_offset_value');
+
+            if ($offset >= $total ){
+                $offset = 0;
+            }
+
+            $limit = app('api_limit_value');
+
+            $seats = $seats->skip($offset)->take($limit)->get();
+
+            if ($seats) {
+                return (new LicenseSeatsTransformer)->transformLicenseSeats($seats, $total);
+            }
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/licenses/message.does_not_exist')), 200);
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @param  int  $licenseId
+     * @param  int  $seatId
+     * @return \Illuminate\Http\Response
+     */
+    public function show($licenseId, $seatId)
+    {
+        //
+        $this->authorize('view', License::class);
+        // sanity checks:
+        // 1. does the license seat exist?
+        if (! $licenseSeat = LicenseSeat::find($seatId)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Seat not found'));
+        }
+        // 2. does the seat belong to the specified license?
+        if (! $license = $licenseSeat->license()->first() || $license->id != intval($licenseId)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Seat does not belong to the specified license'));
+        }
+
+        return (new LicenseSeatsTransformer)->transformLicenseSeat($licenseSeat);
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $licenseId
+     * @param  int  $seatId
+     * @return \Illuminate\Http\Response
+     */
+    public function update(Request $request, $licenseId, $seatId)
+    {
+        $this->authorize('checkout', License::class);
+
+        // sanity checks:
+        // 1. does the license seat exist?
+        if (! $licenseSeat = LicenseSeat::find($seatId)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Seat not found'));
+        }
+        // 2. does the seat belong to the specified license?
+        if (! $license = $licenseSeat->license()->first() || $license->id != intval($licenseId)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Seat does not belong to the specified license'));
+        }
+
+        $oldUser = $licenseSeat->user()->first();
+        $oldAsset = $licenseSeat->asset()->first();
+
+        // attempt to update the license seat
+        $licenseSeat->fill($request->all());
+        $licenseSeat->user_id = Auth::user()->id;
+
+        // check if this update is a checkin operation
+        // 1. are relevant fields touched at all?
+        $touched = $licenseSeat->isDirty('assigned_to') || $licenseSeat->isDirty('asset_id');
+        // 2. are they cleared? if yes then this is a checkin operation
+        $is_checkin = ($touched && $licenseSeat->assigned_to === null && $licenseSeat->asset_id === null);
+
+        if (! $touched) {
+            // nothing to update
+            return response()->json(Helper::formatStandardApiResponse('success', $licenseSeat, trans('admin/licenses/message.update.success')));
+        }
+
+        // the logging functions expect only one "target". if both asset and user are present in the request,
+        // we simply let assets take precedence over users...
+        if ($licenseSeat->isDirty('assigned_to')) {
+            $target = $is_checkin ? $oldUser : User::find($licenseSeat->assigned_to);
+        }
+        if ($licenseSeat->isDirty('asset_id')) {
+            $target = $is_checkin ? $oldAsset : Asset::find($licenseSeat->asset_id);
+        }
+
+        if (is_null($target)){
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Target not found'));
+        }
+
+        if ($licenseSeat->save()) {
+
+            if ($is_checkin) {
+                $licenseSeat->logCheckin($target, $request->input('note'));
+
+                return response()->json(Helper::formatStandardApiResponse('success', $licenseSeat, trans('admin/licenses/message.update.success')));
+            }
+
+            // in this case, relevant fields are touched but it's not a checkin operation. so it must be a checkout operation.
+            $licenseSeat->logCheckout($request->input('note'), $target);
+
+            return response()->json(Helper::formatStandardApiResponse('success', $licenseSeat, trans('admin/licenses/message.update.success')));
+        }
+
+        return Helper::formatStandardApiResponse('error', null, $licenseSeat->getErrors());
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/LicensesController.php

@@ -0,0 +1,266 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\LicenseSeatsTransformer;
+use App\Http\Transformers\LicensesTransformer;
+use App\Http\Transformers\SelectlistTransformer;
+use App\Models\Company;
+use App\Models\License;
+use App\Models\LicenseSeat;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\DB;
+
+class LicensesController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('view', License::class);
+
+        $licenses = License::with('company', 'manufacturer', 'supplier','category')->withCount('freeSeats as free_seats_count');
+
+        if ($request->filled('company_id')) {
+            $licenses->where('company_id', '=', $request->input('company_id'));
+        }
+
+        if ($request->filled('name')) {
+            $licenses->where('licenses.name', '=', $request->input('name'));
+        }
+
+        if ($request->filled('product_key')) {
+            $licenses->where('licenses.serial', '=', $request->input('product_key'));
+        }
+
+        if ($request->filled('order_number')) {
+            $licenses->where('order_number', '=', $request->input('order_number'));
+        }
+
+        if ($request->filled('purchase_order')) {
+            $licenses->where('purchase_order', '=', $request->input('purchase_order'));
+        }
+
+        if ($request->filled('license_name')) {
+            $licenses->where('license_name', '=', $request->input('license_name'));
+        }
+
+        if ($request->filled('license_email')) {
+            $licenses->where('license_email', '=', $request->input('license_email'));
+        }
+
+        if ($request->filled('manufacturer_id')) {
+            $licenses->where('manufacturer_id', '=', $request->input('manufacturer_id'));
+        }
+
+        if ($request->filled('supplier_id')) {
+            $licenses->where('supplier_id', '=', $request->input('supplier_id'));
+        }
+
+        if ($request->filled('category_id')) {
+            $licenses->where('category_id', '=', $request->input('category_id'));
+        }
+
+        if ($request->filled('depreciation_id')) {
+            $licenses->where('depreciation_id', '=', $request->input('depreciation_id'));
+        }
+
+
+        if (($request->filled('maintained')) && ($request->input('maintained')=='true')) {
+            $licenses->where('maintained','=',1);
+        } elseif (($request->filled('maintained')) && ($request->input('maintained')=='false')) {
+            $licenses->where('maintained','=',0);
+        }
+
+        if (($request->filled('expires')) && ($request->input('expires')=='true')) {
+            $licenses->whereNotNull('expiration_date');
+        } elseif (($request->filled('expires')) && ($request->input('expires')=='false')) {
+            $licenses->whereNull('expiration_date');
+        }
+
+        if ($request->filled('search')) {
+            $licenses = $licenses->TextSearch($request->input('search'));
+        }
+
+        if ($request->input('deleted')=='true') {
+            $licenses->onlyTrashed();
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $licenses->count()) ? $licenses->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+
+        switch ($request->input('sort')) {
+                case 'manufacturer':
+                    $licenses = $licenses->leftJoin('manufacturers', 'licenses.manufacturer_id', '=', 'manufacturers.id')->orderBy('manufacturers.name', $order);
+                break;
+            case 'supplier':
+                $licenses = $licenses->leftJoin('suppliers', 'licenses.supplier_id', '=', 'suppliers.id')->orderBy('suppliers.name', $order);
+                break;
+            case 'category':
+                $licenses = $licenses->leftJoin('categories', 'licenses.category_id', '=', 'categories.id')->orderBy('categories.name', $order);
+                break;
+            case 'depreciation':
+                $licenses = $licenses->leftJoin('depreciations', 'licenses.depreciation_id', '=', 'depreciations.id')->orderBy('depreciations.name', $order);
+                break;
+            case 'company':
+                $licenses = $licenses->leftJoin('companies', 'licenses.company_id', '=', 'companies.id')->orderBy('companies.name', $order);
+                break;
+            default:
+                $allowed_columns =
+                    [
+                        'id',
+                        'name',
+                        'purchase_cost',
+                        'expiration_date',
+                        'purchase_order',
+                        'order_number',
+                        'notes',
+                        'purchase_date',
+                        'serial',
+                        'company',
+                        'category',
+                        'license_name',
+                        'license_email',
+                        'free_seats_count',
+                        'seats',
+                        'termination_date',
+                        'depreciation_id',
+                        'min_amt',
+                    ];
+                $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'created_at';
+                $licenses = $licenses->orderBy($sort, $order);
+                break;
+        }
+
+        $total = $licenses->count();
+
+        $licenses = $licenses->skip($offset)->take($limit)->get();
+        return (new LicensesTransformer)->transformLicenses($licenses, $total);
+
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(Request $request)
+    {
+        //
+        $this->authorize('create', License::class);
+        $license = new License;
+        $license->fill($request->all());
+
+        if ($license->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $license, trans('admin/licenses/message.create.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $license->getErrors()));
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function show($id)
+    {
+        $this->authorize('view', License::class);
+        $license = License::withCount('freeSeats')->findOrFail($id);
+        $license = $license->load('assignedusers', 'licenseSeats.user', 'licenseSeats.asset');
+
+        return (new LicensesTransformer)->transformLicense($license);
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(Request $request, $id)
+    {
+        //
+        $this->authorize('update', License::class);
+
+        $license = License::findOrFail($id);
+        $license->fill($request->all());
+
+        if ($license->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $license, trans('admin/licenses/message.update.success')));
+        }
+
+        return Helper::formatStandardApiResponse('error', null, $license->getErrors());
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy($id)
+    {
+        //
+        $license = License::findOrFail($id);
+        $this->authorize('delete', $license);
+
+        if ($license->assigned_seats_count == 0) {
+            // Delete the license and the associated license seats
+            DB::table('license_seats')
+                ->where('id', $license->id)
+                ->update(['assigned_to' => null, 'asset_id' => null]);
+
+            $licenseSeats = $license->licenseseats();
+            $licenseSeats->delete();
+            $license->delete();
+
+            // Redirect to the licenses management page
+            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/licenses/message.delete.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/licenses/message.assoc_users')));
+    }
+
+    /**
+     * Gets a paginated collection for the select2 menus
+     *
+     * @see \App\Http\Transformers\SelectlistTransformer
+     */
+    public function selectlist(Request $request)
+    {
+        $licenses = License::select([
+            'licenses.id',
+            'licenses.name',
+        ]);
+
+        if ($request->filled('search')) {
+            $licenses = $licenses->where('licenses.name', 'LIKE', '%'.$request->get('search').'%');
+        }
+
+        $licenses = $licenses->orderBy('name', 'ASC')->paginate(50);
+
+        return (new SelectlistTransformer)->transformSelectlist($licenses);
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/LocationsController.php

@@ -0,0 +1,331 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Requests\ImageUploadRequest;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\LocationsTransformer;
+use App\Http\Transformers\SelectlistTransformer;
+use App\Models\Location;
+use Illuminate\Http\Request;
+use Illuminate\Pagination\LengthAwarePaginator;
+use Illuminate\Support\Collection;
+
+class LocationsController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('view', Location::class);
+        $allowed_columns = [
+            'id',
+            'name',
+            'address',
+            'address2',
+            'city',
+            'state',
+            'country',
+            'zip',
+            'created_at',
+            'updated_at',
+            'manager_id',
+            'image',
+            'assigned_assets_count',
+            'users_count',
+            'assets_count',
+            'assigned_assets_count',
+            'assets_count',
+            'rtd_assets_count',
+            'currency',
+            'ldap_ou',
+            ];
+
+        $locations = Location::with('parent', 'manager', 'children')->select([
+            'locations.id',
+            'locations.name',
+            'locations.address',
+            'locations.address2',
+            'locations.city',
+            'locations.state',
+            'locations.zip',
+            'locations.phone',
+            'locations.fax',
+            'locations.country',
+            'locations.parent_id',
+            'locations.manager_id',
+            'locations.created_at',
+            'locations.updated_at',
+            'locations.image',
+            'locations.ldap_ou',
+            'locations.currency',
+        ])->withCount('assignedAssets as assigned_assets_count')
+            ->withCount('assets as assets_count')
+            ->withCount('rtd_assets as rtd_assets_count')
+            ->withCount('children as children_count')
+            ->withCount('users as users_count');
+
+        if ($request->filled('search')) {
+            $locations = $locations->TextSearch($request->input('search'));
+        }
+
+        if ($request->filled('name')) {
+            $locations->where('locations.name', '=', $request->input('name'));
+        }
+
+        if ($request->filled('address')) {
+            $locations->where('locations.address', '=', $request->input('address'));
+        }
+
+        if ($request->filled('address2')) {
+            $locations->where('locations.address2', '=', $request->input('address2'));
+        }
+
+        if ($request->filled('city')) {
+            $locations->where('locations.city', '=', $request->input('city'));
+        }
+
+        if ($request->filled('zip')) {
+            $locations->where('locations.zip', '=', $request->input('zip'));
+        }
+
+        if ($request->filled('country')) {
+            $locations->where('locations.country', '=', $request->input('country'));
+        }
+
+        if ($request->filled('manager_id')) {
+            $locations->where('locations.manager_id', '=', $request->input('manager_id'));
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $locations->count()) ? $locations->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
+
+
+
+        switch ($request->input('sort')) {
+            case 'parent':
+                $locations->OrderParent($order);
+                break;
+            case 'manager':
+                $locations->OrderManager($order);
+                break;
+            default:
+                $locations->orderBy($sort, $order);
+                break;
+        }
+
+
+        $total = $locations->count();
+        $locations = $locations->skip($offset)->take($limit)->get();
+
+        return (new LocationsTransformer)->transformLocations($locations, $total);
+    }
+
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(ImageUploadRequest $request)
+    {
+        $this->authorize('create', Location::class);
+        $location = new Location;
+        $location->fill($request->all());
+        $location = $request->handleImages($location);
+
+        if ($location->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', (new LocationsTransformer)->transformLocation($location), trans('admin/locations/message.create.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $location->getErrors()));
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function show($id)
+    {
+        $this->authorize('view', Location::class);
+        $location = Location::with('parent', 'manager', 'children')
+            ->select([
+                'locations.id',
+                'locations.name',
+                'locations.address',
+                'locations.address2',
+                'locations.city',
+                'locations.state',
+                'locations.zip',
+                'locations.country',
+                'locations.parent_id',
+                'locations.manager_id',
+                'locations.created_at',
+                'locations.updated_at',
+                'locations.image',
+                'locations.currency',
+            ])
+            ->withCount('assignedAssets as assigned_assets_count')
+            ->withCount('assets as assets_count')
+            ->withCount('rtd_assets as rtd_assets_count')
+            ->withCount('users as users_count')
+            ->findOrFail($id);
+
+        return (new LocationsTransformer)->transformLocation($location);
+    }
+
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
+     * @param  int  $id
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function update(ImageUploadRequest $request, $id)
+    {
+        $this->authorize('update', Location::class);
+        $location = Location::findOrFail($id);
+
+        $location->fill($request->all());
+        $location = $request->handleImages($location);
+
+        if ($location->isValid()) {
+
+            $location->save();
+            return response()->json(
+                Helper::formatStandardApiResponse(
+                    'success',
+                    (new LocationsTransformer)->transformLocation($location),
+                    trans('admin/locations/message.update.success')
+                )
+            );
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $location->getErrors()));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy($id)
+    {
+        $this->authorize('delete', Location::class);
+        $location = Location::withCount('assignedAssets as assigned_assets_count')
+            ->withCount('assets as assets_count')
+            ->withCount('rtd_assets as rtd_assets_count')
+            ->withCount('children as children_count')
+            ->withCount('users as users_count')
+            ->findOrFail($id);
+
+        if (! $location->isDeletable()) {
+            return response()
+                    ->json(Helper::formatStandardApiResponse('error', null, trans('admin/companies/message.assoc_users')));
+        }
+        $this->authorize('delete', $location);
+        $location->delete();
+
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/locations/message.delete.success')));
+    }
+
+    /**
+     * Gets a paginated collection for the select2 menus
+     *
+     * This is handled slightly differently as of ~4.7.8-pre, as
+     * we have to do some recursive magic to get the hierarchy to display
+     * properly when looking at the parent/child relationship in the
+     * rich menus.
+     *
+     * This means we can't use the normal pagination that we use elsewhere
+     * in our selectlists, since we have to get the full set before we can
+     * determine which location is parent/child/grandchild, etc.
+     *
+     * This also means that hierarchy display gets a little funky when people
+     * use the Select2 search functionality, but there's not much we can do about
+     * that right now.
+     *
+     * As a result, instead of paginating as part of the query, we have to grab
+     * the entire data set, and then invoke a paginator manually and pass that
+     * through to the SelectListTransformer.
+     *
+     * Many thanks to @uberbrady for the help getting this working better.
+     * Recursion still sucks, but I guess he doesn't have to get in the
+     * sea... this time.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0.16]
+     * @see \App\Http\Transformers\SelectlistTransformer
+     */
+    public function selectlist(Request $request)
+    {
+        // If a user is in the process of editing their profile, as determined by the referrer,
+        // then we check that they have permission to edit their own location.
+        // Otherwise, we do our normal check that they can view select lists.
+        $request->headers->get('referer') === route('profile')
+            ? $this->authorize('self.edit_location')
+            : $this->authorize('view.selectlists');
+
+        $locations = Location::select([
+            'locations.id',
+            'locations.name',
+            'locations.parent_id',
+            'locations.image',
+        ]);
+
+        $page = 1;
+        if ($request->filled('page')) {
+            $page = $request->input('page');
+        }
+
+        if ($request->filled('search')) {
+            $locations = $locations->where('locations.name', 'LIKE', '%'.$request->input('search').'%');
+        }
+
+        $locations = $locations->orderBy('name', 'ASC')->get();
+
+        $locations_with_children = [];
+
+        foreach ($locations as $location) {
+            if (! array_key_exists($location->parent_id, $locations_with_children)) {
+                $locations_with_children[$location->parent_id] = [];
+            }
+            $locations_with_children[$location->parent_id][] = $location;
+        }
+
+        if ($request->filled('search')) {
+            $locations_formatted = $locations;
+        } else {
+            $location_options = Location::indenter($locations_with_children);
+            $locations_formatted = new Collection($location_options);
+        }
+
+        $paginated_results = new LengthAwarePaginator($locations_formatted->forPage($page, 500), $locations_formatted->count(), 500, $page, []);
+
+        //return [];
+        return (new SelectlistTransformer)->transformSelectlist($paginated_results);
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/ManufacturersController.php

@@ -0,0 +1,235 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\ManufacturersTransformer;
+use App\Http\Transformers\SelectlistTransformer;
+use App\Models\Actionlog;
+use App\Models\Manufacturer;
+use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Storage;
+
+class ManufacturersController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('view', Manufacturer::class);
+        $allowed_columns = ['id', 'name', 'url', 'support_url', 'support_email', 'warranty_lookup_url', 'support_phone', 'created_at', 'updated_at', 'image', 'assets_count', 'consumables_count', 'components_count', 'licenses_count'];
+
+        $manufacturers = Manufacturer::select(
+            ['id', 'name', 'url', 'support_url', 'warranty_lookup_url', 'support_email', 'support_phone', 'created_at', 'updated_at', 'image', 'deleted_at']
+        )->withCount('assets as assets_count')->withCount('licenses as licenses_count')->withCount('consumables as consumables_count')->withCount('accessories as accessories_count');
+
+        if ($request->input('deleted') == 'true') {
+            $manufacturers->onlyTrashed();
+        }
+
+        if ($request->filled('search')) {
+            $manufacturers = $manufacturers->TextSearch($request->input('search'));
+        }
+
+        if ($request->filled('name')) {
+            $manufacturers->where('name', '=', $request->input('name'));
+        }
+
+        if ($request->filled('url')) {
+            $manufacturers->where('url', '=', $request->input('url'));
+        }
+
+        if ($request->filled('support_url')) {
+            $manufacturers->where('support_url', '=', $request->input('support_url'));
+        }
+
+        if ($request->filled('warranty_lookup_url')) {
+            $manufacturers->where('warranty_lookup_url', '=', $request->input('warranty_lookup_url'));
+        }
+
+        if ($request->filled('support_phone')) {
+            $manufacturers->where('support_phone', '=', $request->input('support_phone'));
+        }
+
+        if ($request->filled('support_email')) {
+            $manufacturers->where('support_email', '=', $request->input('support_email'));
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $manufacturers->count()) ? $manufacturers->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
+        $manufacturers->orderBy($sort, $order);
+
+        $total = $manufacturers->count();
+        $manufacturers = $manufacturers->skip($offset)->take($limit)->get();
+
+        return (new ManufacturersTransformer)->transformManufacturers($manufacturers, $total);
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(ImageUploadRequest $request)
+    {
+        $this->authorize('create', Manufacturer::class);
+        $manufacturer = new Manufacturer;
+        $manufacturer->fill($request->all());
+        $manufacturer = $request->handleImages($manufacturer);
+
+        if ($manufacturer->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $manufacturer, trans('admin/manufacturers/message.create.success')));
+        }
+        return response()->json(Helper::formatStandardApiResponse('error', null, $manufacturer->getErrors()));
+
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function show($id)
+    {
+        $this->authorize('view', Manufacturer::class);
+        $manufacturer = Manufacturer::withCount('assets as assets_count')->withCount('licenses as licenses_count')->withCount('consumables as consumables_count')->withCount('accessories as accessories_count')->findOrFail($id);
+
+        return (new ManufacturersTransformer)->transformManufacturer($manufacturer);
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(ImageUploadRequest $request, $id)
+    {
+        $this->authorize('update', Manufacturer::class);
+        $manufacturer = Manufacturer::findOrFail($id);
+        $manufacturer->fill($request->all());
+        $manufacturer = $request->handleImages($manufacturer);
+
+        if ($manufacturer->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $manufacturer, trans('admin/manufacturers/message.update.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $manufacturer->getErrors()));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy($id)
+    {
+        $this->authorize('delete', Manufacturer::class);
+        $manufacturer = Manufacturer::findOrFail($id);
+        $this->authorize('delete', $manufacturer);
+
+        if ($manufacturer->isDeletable()) {
+            $manufacturer->delete();
+            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/manufacturers/message.delete.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/manufacturers/message.assoc_users')));
+
+    }
+
+    /**
+     * Restore a given Manufacturer (mark as un-deleted)
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.3.4]
+     * @param int $id
+     * @return \Illuminate\Http\JsonResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function restore($id)
+    {
+        $this->authorize('delete', Manufacturer::class);
+
+        if ($manufacturer = Manufacturer::withTrashed()->find($id)) {
+
+            if ($manufacturer->deleted_at == '') {
+                return response()->json(Helper::formatStandardApiResponse('error', trans('general.not_deleted', ['item_type' => trans('general.manufacturer')])), 200);
+            }
+
+            if ($manufacturer->restore()) {
+
+                $logaction = new Actionlog();
+                $logaction->item_type = Manufacturer::class;
+                $logaction->item_id = $manufacturer->id;
+                $logaction->created_at = date('Y-m-d H:i:s');
+                $logaction->user_id = Auth::user()->id;
+                $logaction->logaction('restore');
+
+                return response()->json(Helper::formatStandardApiResponse('success', trans('admin/manufacturers/message.restore.success')), 200);
+            }
+
+            // Check validation to make sure we're not restoring an item with the same unique attributes as a non-deleted one
+            return response()->json(Helper::formatStandardApiResponse('error', trans('general.could_not_restore', ['item_type' => trans('general.manufacturer'), 'error' => $manufacturer->getErrors()->first()])), 200);
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/manufacturers/message.does_not_exist')));
+    }
+
+    /**
+     * Gets a paginated collection for the select2 menus
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0.16]
+     * @see \App\Http\Transformers\SelectlistTransformer
+     */
+    public function selectlist(Request $request)
+    {
+
+        $this->authorize('view.selectlists');
+        $manufacturers = Manufacturer::select([
+            'id',
+            'name',
+            'image',
+        ]);
+
+        if ($request->filled('search')) {
+            $manufacturers = $manufacturers->where('name', 'LIKE', '%'.$request->get('search').'%');
+        }
+
+        $manufacturers = $manufacturers->orderBy('name', 'ASC')->paginate(50);
+
+        // Loop through and set some custom properties for the transformer to use.
+        // This lets us have more flexibility in special cases like assets, where
+        // they may not have a ->name value but we want to display something anyway
+        foreach ($manufacturers as $manufacturer) {
+            $manufacturer->use_text = $manufacturer->name;
+            $manufacturer->use_image = ($manufacturer->image) ? Storage::disk('public')->url('manufacturers/'.$manufacturer->image, $manufacturer->image) : null;
+        }
+
+        return (new SelectlistTransformer)->transformSelectlist($manufacturers);
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/PredefinedKitsController.php

@@ -0,0 +1,453 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\PredefinedKitsTransformer;
+use App\Models\PredefinedKit;
+use Illuminate\Http\Request;
+
+/**
+ *  @author [D. Minaev.] [<dmitriy.minaev.v@gmail.com>]
+ */
+class PredefinedKitsController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('view', PredefinedKit::class);
+        $allowed_columns = ['id', 'name'];
+
+        $kits = PredefinedKit::query();
+
+        if ($request->filled('search')) {
+            $kits = $kits->TextSearch($request->input('search'));
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $kits->count()) ? $kits->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
+        $order = $request->input('order') === 'desc' ? 'desc' : 'asc';
+        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'name';
+        $kits->orderBy($sort, $order);
+
+        $total = $kits->count();
+        $kits = $kits->skip($offset)->take($limit)->get();
+
+        return (new PredefinedKitsTransformer)->transformPredefinedKits($kits, $total);
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(Request $request)
+    {
+        $this->authorize('create', PredefinedKit::class);
+        $kit = new PredefinedKit;
+        $kit->fill($request->all());
+
+        if ($kit->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.create_success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $kit->getErrors()));
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function show($id)
+    {
+        $this->authorize('view', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($id);
+
+        return (new PredefinedKitsTransformer)->transformPredefinedKit($kit);
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $id kit id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(Request $request, $id)
+    {
+        $this->authorize('update', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($id);
+        $kit->fill($request->all());
+
+        if ($kit->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.update_success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $kit->getErrors()));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy($id)
+    {
+        $this->authorize('delete', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($id);
+
+        // Delete childs
+        $kit->models()->detach();
+        $kit->licenses()->detach();
+        $kit->consumables()->detach();
+        $kit->accessories()->detach();
+
+        $kit->delete();
+
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/kits/general.delete_success')));
+    }
+
+    /**
+     * Gets a paginated collection for the select2 menus
+     *
+     * @see \App\Http\Transformers\SelectlistTransformer
+     */
+    public function selectlist(Request $request)
+    {
+        $kits = PredefinedKit::select([
+            'id',
+            'name',
+        ]);
+
+        if ($request->filled('search')) {
+            $kits = $kits->where('name', 'LIKE', '%'.$request->get('search').'%');
+        }
+
+        $kits = $kits->orderBy('name', 'ASC')->paginate(50);
+
+        return (new SelectlistTransformer)->transformSelectlist($kits);
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function indexLicenses($kit_id)
+    {
+        $this->authorize('view', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $licenses = $kit->licenses;
+
+        return (new PredefinedKitsTransformer)->transformElements($licenses, $licenses->count());
+    }
+
+    /**
+     * Store the specified resource.
+     *
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function storeLicense(Request $request, $kit_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
+
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $quantity = $request->input('quantity', 1);
+        if ($quantity < 1) {
+            $quantity = 1;
+        }
+
+        $license_id = $request->get('license');
+        $relation = $kit->licenses();
+        if ($relation->find($license_id)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, ['license' => trans('admin/kits/general.license_error')]));
+        }
+
+        $relation->attach($license_id, ['quantity' => $quantity]);
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.license_added_success')));
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $kit_id
+     * @return \Illuminate\Http\Response
+     */
+    public function updateLicense(Request $request, $kit_id, $license_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $quantity = $request->input('quantity', 1);
+        if ($quantity < 1) {
+            $quantity = 1;
+        }
+        $kit->licenses()->syncWithoutDetaching([$license_id => ['quantity' =>  $quantity]]);
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.license_updated')));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @param  int  $kit_id
+     * @return \Illuminate\Http\Response
+     */
+    public function detachLicense($kit_id, $license_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($kit_id);
+
+        $kit->licenses()->detach($license_id);
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.delete_success')));
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @param  int  $kit_id
+     * @return \Illuminate\Http\Response
+     */
+    public function indexModels($kit_id)
+    {
+        $this->authorize('view', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $models = $kit->models;
+
+        return (new PredefinedKitsTransformer)->transformElements($models, $models->count());
+    }
+
+    /**
+     * Store the specified resource.
+     *
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function storeModel(Request $request, $kit_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
+
+        $kit = PredefinedKit::findOrFail($kit_id);
+
+        $model_id = $request->get('model');
+        $quantity = $request->input('quantity', 1);
+        if ($quantity < 1) {
+            $quantity = 1;
+        }
+
+        $relation = $kit->models();
+        if ($relation->find($model_id)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, ['model' => 'Model already attached to kit']));
+        }
+        $relation->attach($model_id, ['quantity' => $quantity]);
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, 'Model added successfull'));
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $kit_id
+     * @return \Illuminate\Http\Response
+     */
+    public function updateModel(Request $request, $kit_id, $model_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $quantity = $request->input('quantity', 1);
+        if ($quantity < 1) {
+            $quantity = 1;
+        }
+        $kit->models()->syncWithoutDetaching([$model_id => ['quantity' =>  $quantity]]);
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.license_updated')));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @param  int  $kit_id
+     * @return \Illuminate\Http\Response
+     */
+    public function detachModel($kit_id, $model_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($kit_id);
+
+        $kit->models()->detach($model_id);
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.model_removed_success')));
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @param  int  $kit_id
+     * @return \Illuminate\Http\Response
+     */
+    public function indexConsumables($kit_id)
+    {
+        $this->authorize('view', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $consumables = $kit->consumables;
+
+        return (new PredefinedKitsTransformer)->transformElements($consumables, $consumables->count());
+    }
+
+    /**
+     * Store the specified resource.
+     *
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function storeConsumable(Request $request, $kit_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
+
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $quantity = $request->input('quantity', 1);
+        if ($quantity < 1) {
+            $quantity = 1;
+        }
+
+        $consumable_id = $request->get('consumable');
+        $relation = $kit->consumables();
+        if ($relation->find($consumable_id)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, ['consumable' => trans('admin/kits/general.consumable_error')]));
+        }
+
+        $relation->attach($consumable_id, ['quantity' => $quantity]);
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.consumable_added_success')));
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $kit_id
+     * @return \Illuminate\Http\Response
+     */
+    public function updateConsumable(Request $request, $kit_id, $consumable_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $quantity = $request->input('quantity', 1);
+        if ($quantity < 1) {
+            $quantity = 1;
+        }
+        $kit->consumables()->syncWithoutDetaching([$consumable_id => ['quantity' =>  $quantity]]);
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.consumable_updated')));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @param  int  $kit_id
+     * @return \Illuminate\Http\Response
+     */
+    public function detachConsumable($kit_id, $consumable_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($kit_id);
+
+        $kit->consumables()->detach($consumable_id);
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.consumable_deleted')));
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @param  int  $kit_id
+     * @return \Illuminate\Http\Response
+     */
+    public function indexAccessories($kit_id)
+    {
+        $this->authorize('view', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $accessories = $kit->accessories;
+
+        return (new PredefinedKitsTransformer)->transformElements($accessories, $accessories->count());
+    }
+
+    /**
+     * Store the specified resource.
+     *
+     * @param  int  $kit_id
+     * @return \Illuminate\Http\Response
+     */
+    public function storeAccessory(Request $request, $kit_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
+
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $quantity = $request->input('quantity', 1);
+        if ($quantity < 1) {
+            $quantity = 1;
+        }
+
+        $accessory_id = $request->get('accessory');
+        $relation = $kit->accessories();
+        if ($relation->find($accessory_id)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, ['accessory' => trans('admin/kits/general.accessory_error')]));
+        }
+
+        $relation->attach($accessory_id, ['quantity' => $quantity]);
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.accessory_added_success')));
+    }
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $kit_id
+     * @return \Illuminate\Http\Response
+     */
+    public function updateAccessory(Request $request, $kit_id, $accessory_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($kit_id);
+        $quantity = $request->input('quantity', 1);
+        if ($quantity < 1) {
+            $quantity = 1;
+        }
+        $kit->accessories()->syncWithoutDetaching([$accessory_id => ['quantity' =>  $quantity]]);
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.accessory_updated')));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @param  int  $kit_id
+     * @return \Illuminate\Http\Response
+     */
+    public function detachAccessory($kit_id, $accessory_id)
+    {
+        $this->authorize('update', PredefinedKit::class);
+        $kit = PredefinedKit::findOrFail($kit_id);
+
+        $kit->accessories()->detach($accessory_id);
+
+        return response()->json(Helper::formatStandardApiResponse('success', $kit, trans('admin/kits/general.accessory_deleted')));
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/ProfileController.php

@@ -0,0 +1,177 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Models\CheckoutRequest;
+use Illuminate\Http\Response;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Http\Request;
+use Laravel\Passport\TokenRepository;
+use Illuminate\Contracts\Validation\Factory as ValidationFactory;
+use Illuminate\Support\Facades\Gate;
+use App\Models\CustomField;
+use DB;
+
+class ProfileController extends Controller
+{
+
+    /**
+     * The token repository implementation.
+     *
+     * @var \Laravel\Passport\TokenRepository
+     */
+    protected $tokenRepository;
+
+    /**
+     * Create a controller instance.
+     *
+     * @param  \Laravel\Passport\TokenRepository  $tokenRepository
+     * @param  \Illuminate\Contracts\Validation\Factory  $validation
+     * @return void
+     */
+    public function __construct(TokenRepository $tokenRepository, ValidationFactory $validation)
+    {
+        $this->validation = $validation;
+        $this->tokenRepository = $tokenRepository;
+    }
+
+    /**
+     * Display a listing of requested assets.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.3.0]
+     *
+     * @return array
+     */
+    public function requestedAssets()
+    {
+        $checkoutRequests = CheckoutRequest::where('user_id', '=', Auth::user()->id)->get();
+
+        $results = array();
+        $show_field = array();
+        $showable_fields = array();
+        $results['total'] = $checkoutRequests->count();
+
+        $all_custom_fields = CustomField::all(); //used as a 'cache' of custom fields throughout this page load
+        foreach ($all_custom_fields as $field) {
+            if (($field->field_encrypted=='0') && ($field->show_in_requestable_list=='1')) {
+                $showable_fields[] = $field->db_column_name();
+            }
+        }
+
+        foreach ($checkoutRequests as $checkoutRequest) {
+
+            // Make sure the asset and request still exist
+            if ($checkoutRequest && $checkoutRequest->itemRequested()) {
+                $assets = [
+                    'image' => e($checkoutRequest->itemRequested()->present()->getImageUrl()),
+                    'name' => e($checkoutRequest->itemRequested()->present()->name()),
+                    'type' => e($checkoutRequest->itemType()),
+                    'qty' => (int) $checkoutRequest->quantity,
+                    'location' => ($checkoutRequest->location()) ? e($checkoutRequest->location()->name) : null,
+                    'expected_checkin' => Helper::getFormattedDateObject($checkoutRequest->itemRequested()->expected_checkin, 'datetime'),
+                    'request_date' => Helper::getFormattedDateObject($checkoutRequest->created_at, 'datetime'),
+                ];
+
+                foreach ($showable_fields as $showable_field_name) {
+                    $show_field['custom_fields.'.$showable_field_name] =  $checkoutRequest->itemRequested()->{$showable_field_name};
+                }
+
+                // Merge the plain asset data and the custom fields data
+                $results['rows'][] = array_merge($assets, $show_field);
+            }
+
+
+        }
+
+        return $results;
+    }
+
+
+    /**
+     * Delete an API token
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.0.5]
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function createApiToken(Request $request) {
+
+        if (!Gate::allows('self.api')) {
+            abort(403);
+        }
+
+        $accessTokenName = $request->input('name', 'Auth Token');
+
+        if ($accessToken = Auth::user()->createToken($accessTokenName)->accessToken) {
+
+            // Get the ID so we can return that with the payload
+            $token = DB::table('oauth_access_tokens')->where('user_id', '=', Auth::user()->id)->where('name','=',$accessTokenName)->orderBy('created_at', 'desc')->first();
+            $accessTokenData['id'] = $token->id;
+            $accessTokenData['token'] = $accessToken;
+            $accessTokenData['name'] = $accessTokenName;
+            return response()->json(Helper::formatStandardApiResponse('success', $accessTokenData, 'Personal access token '.$accessTokenName.' created successfully'));
+        }
+        return response()->json(Helper::formatStandardApiResponse('error', null, 'Token could not be created.'));
+
+    }
+
+
+    /**
+     * Delete an API token
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.0.5]
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function deleteApiToken($tokenId) {
+
+        if (!Gate::allows('self.api')) {
+            abort(403);
+        }
+
+        $token = $this->tokenRepository->findForUser(
+            $tokenId, Auth::user()->getAuthIdentifier()
+        );
+
+        if (is_null($token)) {
+            return new Response('', 404);
+        }
+
+        $token->revoke();
+
+        return new Response('', Response::HTTP_NO_CONTENT);
+
+    }
+
+
+    /**
+     * Show user's API tokens
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.0.5]
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function showApiTokens(Request $request) {
+
+        if (!Gate::allows('self.api')) {
+            abort(403);
+        }
+        
+        $tokens = $this->tokenRepository->forUser(Auth::user()->getAuthIdentifier());
+        $token_values = $tokens->load('client')->filter(function ($token) {
+            return $token->client->personal_access_client && ! $token->revoked;
+        })->values();
+
+        return response()->json(Helper::formatStandardApiResponse('success', $token_values, null));
+
+    }
+
+
+
+}

Production/SNIPE-IT/app/Http/Controllers/Api/ReportsController.php

@@ -0,0 +1,93 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\ActionlogsTransformer;
+use App\Models\Actionlog;
+use Illuminate\Http\Request;
+
+class ReportsController extends Controller
+{
+    /**
+     * Returns Activity Report JSON.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @return View
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('reports.view');
+
+        $actionlogs = Actionlog::with('item', 'user', 'admin', 'target', 'location');
+
+        if ($request->filled('search')) {
+            $actionlogs = $actionlogs->TextSearch(e($request->input('search')));
+        }
+
+        if (($request->filled('target_type')) && ($request->filled('target_id'))) {
+            $actionlogs = $actionlogs->where('target_id', '=', $request->input('target_id'))
+                ->where('target_type', '=', 'App\\Models\\'.ucwords($request->input('target_type')));
+        }
+
+        if (($request->filled('item_type')) && ($request->filled('item_id'))) {
+            $actionlogs = $actionlogs->where(function($query) use ($request)
+            {
+                $query->where('item_id', '=', $request->input('item_id'))
+                ->where('item_type', '=', 'App\\Models\\'.ucwords($request->input('item_type')))
+                ->orWhere(function($query) use ($request)
+                {
+                    $query->where('target_id', '=', $request->input('item_id'))
+                    ->where('target_type', '=', 'App\\Models\\'.ucwords($request->input('item_type')));
+                });
+            });
+        }
+
+        if ($request->filled('action_type')) {
+            $actionlogs = $actionlogs->where('action_type', '=', $request->input('action_type'))->orderBy('created_at', 'desc');
+        }
+
+        if ($request->filled('user_id')) {
+            $actionlogs = $actionlogs->where('user_id', '=', $request->input('user_id'));
+        }
+
+        if ($request->filled('action_source')) {
+            $actionlogs = $actionlogs->where('action_source', '=', $request->input('action_source'))->orderBy('created_at', 'desc');
+        }
+
+        if ($request->filled('remote_ip')) {
+            $actionlogs = $actionlogs->where('remote_ip', '=', $request->input('remote_ip'))->orderBy('created_at', 'desc');
+        }
+
+        if ($request->filled('uploads')) {
+            $actionlogs = $actionlogs->whereNotNull('filename')->orderBy('created_at', 'desc');
+        }
+
+        $allowed_columns = [
+            'id',
+            'created_at',
+            'target_id',
+            'user_id',
+            'accept_signature',
+            'action_type',
+            'note',
+            'remote_ip',
+            'user_agent',
+            'action_source',
+        ];
+
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $actionlogs->count()) ? $actionlogs->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
+        $sort = in_array($request->input('sort'), $allowed_columns) ? e($request->input('sort')) : 'created_at';
+        $order = ($request->input('order') == 'asc') ? 'asc' : 'desc';
+        $total = $actionlogs->count();
+
+        $actionlogs = $actionlogs->orderBy($sort, $order)->skip($offset)->take($limit)->get();
+
+        return response()->json((new ActionlogsTransformer)->transformActionlogs($actionlogs, $total), 200, ['Content-Type' => 'application/json;charset=utf8'], JSON_UNESCAPED_UNICODE);
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/SettingsController.php

@@ -0,0 +1,325 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Helpers\StorageHelper;
+use App\Http\Transformers\DatatablesTransformer;
+use Illuminate\Http\Request;
+use App\Http\Controllers\Controller;
+use App\Models\Ldap;
+use App\Models\Setting;
+use Mail;
+use App\Notifications\SlackTest;
+use App\Notifications\MailTest;
+use GuzzleHttp\Client;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Response;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\Notification;
+use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Facades\Validator; 
+use App\Http\Requests\SlackSettingsRequest;
+use App\Http\Transformers\LoginAttemptsTransformer;
+
+
+class SettingsController extends Controller
+{
+
+
+    public function ldaptest()
+    {
+        $settings = Setting::getSettings();
+
+        if ($settings->ldap_enabled!='1') {
+            \Log::debug('LDAP is not enabled cannot test.');
+            return response()->json(['message' => 'LDAP is not enabled, cannot test.'], 400);
+        }
+
+        \Log::debug('Preparing to test LDAP connection');
+
+        $message = []; //where we collect together test messages
+        try {
+            $connection = Ldap::connectToLdap();
+            try {
+                $message['bind'] = ['message' => 'Successfully bound to LDAP server.'];
+                \Log::debug('attempting to bind to LDAP for LDAP test');
+                Ldap::bindAdminToLdap($connection);
+                $message['login'] = [
+                    'message' => 'Successfully connected to LDAP server.',
+                ];
+
+                $users = collect(Ldap::findLdapUsers(null,10))->filter(function ($value, $key) {
+                    return is_int($key);
+                })->slice(0, 10)->map(function ($item) use ($settings) {
+                    return (object) [
+                        'username'        => $item[$settings['ldap_username_field']][0] ?? null,
+                        'employee_number' => $item[$settings['ldap_emp_num']][0] ?? null,
+                        'lastname'        => $item[$settings['ldap_lname_field']][0] ?? null,
+                        'firstname'       => $item[$settings['ldap_fname_field']][0] ?? null,
+                        'email'           => $item[$settings['ldap_email']][0] ?? null,
+                    ];
+                });
+                if ($users->count() > 0) {
+                    $message['user_sync'] = [
+                        'users' => $users,
+                    ];
+                } else {
+                    $message['user_sync'] = [
+                        'message' => 'Connection to LDAP was successful, however there were no users returned from your query. You should confirm the Base Bind DN above.',
+                    ];
+    
+                    return response()->json($message, 400);
+                }
+
+                return response()->json($message, 200);
+            } catch (\Exception $e) {
+                \Log::debug('Bind failed');
+                \Log::debug("Exception was: ".$e->getMessage());
+                return response()->json(['message' => $e->getMessage()], 400);
+                //return response()->json(['message' => $e->getMessage()], 500);
+            }
+        } catch (\Exception $e) {
+            \Log::debug('Connection failed but we cannot debug it any further on our end.');
+            return response()->json(['message' => $e->getMessage()], 500);
+        }
+
+
+    }
+
+    public function ldaptestlogin(Request $request)
+    {
+
+        if (Setting::getSettings()->ldap_enabled != '1') {
+            \Log::debug('LDAP is not enabled. Cannot test.');
+            return response()->json(['message' => 'LDAP is not enabled, cannot test.'], 400);
+        }
+
+
+        $rules = array(
+            'ldaptest_user' => 'required',
+            'ldaptest_password' => 'required'
+        );
+
+        $validator = Validator::make($request->all(), $rules);
+        if ($validator->fails()) {
+            \Log::debug('LDAP Validation test failed.');
+            $validation_errors = implode(' ',$validator->errors()->all());
+            return response()->json(['message' => $validator->errors()->all()], 400);
+        }
+        
+
+
+        \Log::debug('Preparing to test LDAP login');
+        try {
+            $connection = Ldap::connectToLdap();
+            try {
+                Ldap::bindAdminToLdap($connection);
+                \Log::debug('Attempting to bind to LDAP for LDAP test');
+                try {
+                    $ldap_user = Ldap::findAndBindUserLdap($request->input('ldaptest_user'), $request->input('ldaptest_password'));
+                    if ($ldap_user) {
+                        \Log::debug('It worked! '. $request->input('ldaptest_user').' successfully binded to LDAP.');
+                        return response()->json(['message' => 'It worked! '. $request->input('ldaptest_user').' successfully binded to LDAP.'], 200);
+                    }
+                    return response()->json(['message' => 'Login Failed. '. $request->input('ldaptest_user').' did not successfully bind to LDAP.'], 400);
+
+                } catch (\Exception $e) {
+                    \Log::debug('LDAP login failed');
+                    return response()->json(['message' => $e->getMessage()], 400);
+                }
+
+            } catch (\Exception $e) {
+                \Log::debug('Bind failed');
+                return response()->json(['message' => $e->getMessage()], 400);
+                //return response()->json(['message' => $e->getMessage()], 500);
+            }
+        } catch (\Exception $e) {
+            \Log::debug('Connection failed');
+            return response()->json(['message' => $e->getMessage()], 500);
+        }
+
+
+    }
+
+    /**
+     * Test the email configuration
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v3.0]
+     * @return JsonResponse
+     */
+    public function ajaxTestEmail()
+    {
+        if (!config('app.lock_passwords')) {
+            try {
+                Notification::send(Setting::first(), new MailTest());
+                return response()->json(['message' => 'Mail sent to '.config('mail.reply_to.address')], 200);
+            } catch (\Exception $e) {
+                return response()->json(['message' => $e->getMessage()], 500);
+            }
+        }
+        return response()->json(['message' => 'Mail would have been sent, but this application is in demo mode! '], 200);
+
+    }
+
+
+    /**
+     * Delete server-cached barcodes
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v5.0.0]
+     * @return JsonResponse
+     */
+    public function purgeBarcodes()
+    {
+        $file_count = 0;
+        $files = Storage::disk('public')->files('barcodes');
+
+        foreach ($files as $file) { // iterate files
+
+            $file_parts = explode('.', $file);
+            $extension = end($file_parts);
+            \Log::debug($extension);
+
+            // Only generated barcodes would have a .png file extension
+            if ($extension == 'png') {
+                \Log::debug('Deleting: '.$file);
+
+
+                try {
+                    Storage::disk('public')->delete($file);
+                    \Log::debug('Deleting: '.$file);
+                    $file_count++;
+                } catch (\Exception $e) {
+                    \Log::debug($e);
+                }
+            }
+        }
+
+        return response()->json(['message' => 'Deleted '.$file_count.' barcodes'], 200);
+    }
+
+
+
+
+
+    /**
+     * Get a list of login attempts
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v5.0.0]
+     * @param  \Illuminate\Http\Request  $request
+     * @return array | JsonResponse
+     */
+    public function showLoginAttempts(Request $request)
+    {
+        $allowed_columns = ['id', 'username', 'remote_ip', 'user_agent', 'successful', 'created_at'];
+
+        $login_attempts = DB::table('login_attempts');
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+        $sort = in_array($request->get('sort'), $allowed_columns) ? $request->get('sort') : 'created_at';
+
+        $total = $login_attempts->count();
+        $login_attempts->orderBy($sort, $order);
+        $login_attempt_results = $login_attempts->skip(request('offset', 0))->take(request('limit', 20))->get();
+
+        return (new LoginAttemptsTransformer)->transformLoginAttempts($login_attempt_results, $total);
+    }
+
+
+    /**
+     * Lists backup files
+     *
+     * @author [A. Gianotto]
+     * @return array | JsonResponse
+     */
+    public function listBackups() {
+        $settings = Setting::getSettings();
+        $path = 'app/backups';
+        $backup_files = Storage::files($path);
+        $files_raw = [];
+        $count = 0;
+
+        if (count($backup_files) > 0) {
+
+            for ($f = 0; $f < count($backup_files); $f++) {
+
+                // Skip dotfiles like .gitignore and .DS_STORE
+                if ((substr(basename($backup_files[$f]), 0, 1) != '.')) {
+                    $file_timestamp = Storage::lastModified($backup_files[$f]);
+
+                    $files_raw[] = [
+                        'filename' => basename($backup_files[$f]),
+                        'filesize' => Setting::fileSizeConvert(Storage::size($backup_files[$f])),
+                        'modified_value' => $file_timestamp,
+                        'modified_display' => date($settings->date_display_format.' '.$settings->time_display_format, $file_timestamp),
+                        'backup_url' => config('app.url').'/settings/backups/download/'.basename($backup_files[$f]),
+
+                    ];
+                    $count++;
+                }
+
+            }
+        }
+
+        $files = array_reverse($files_raw);
+        return (new DatatablesTransformer)->transformDatatables($files, $count);
+
+    }
+
+
+    /**
+     * Downloads a backup file.
+     * We use response()->download() here instead of Storage::download() because Storage::download()
+     * exhausts memory on larger files.
+     *
+     * @author [A. Gianotto]
+     * @return JsonResponse|\Symfony\Component\HttpFoundation\BinaryFileResponse
+     */
+    public function downloadBackup($file) {
+
+        $path = storage_path('app/backups');
+        
+        if (Storage::exists('app/backups/'.$file)) {
+            $headers = ['ContentType' => 'application/zip'];
+            return response()->download($path.'/'.$file, $file, $headers);
+        } else {
+            return response()->json(Helper::formatStandardApiResponse('error', null,  trans('general.file_not_found')), 404);
+        }
+
+    }
+
+    /**
+     * Determines and downloads the latest backup
+     *
+     * @author [A. Gianotto]
+     * @since [v6.3.1]
+     * @return JsonResponse|\Symfony\Component\HttpFoundation\BinaryFileResponse
+     */
+    public function downloadLatestBackup() {
+
+        $fileData = collect();
+        foreach (Storage::files('app/backups') as $file) {
+            if (pathinfo($file, PATHINFO_EXTENSION) == 'zip') {
+                $fileData->push([
+                    'file' => $file,
+                    'date' => Storage::lastModified($file)
+                ]);
+            }
+        }
+
+        $newest = $fileData->sortByDesc('date')->first();
+        if (Storage::exists($newest['file'])) {
+            $headers = ['ContentType' => 'application/zip'];
+            return response()->download(storage_path($newest['file']), basename($newest['file']), $headers);
+        } else {
+            return response()->json(Helper::formatStandardApiResponse('error', null,  trans('general.file_not_found')), 404);
+        }
+
+
+    }
+
+
+}

Production/SNIPE-IT/app/Http/Controllers/Api/StatuslabelsController.php

@@ -0,0 +1,336 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\AssetsTransformer;
+use App\Http\Transformers\SelectlistTransformer;
+use App\Http\Transformers\StatuslabelsTransformer;
+use App\Models\Asset;
+use App\Models\Statuslabel;
+use Illuminate\Http\Request;
+use App\Http\Transformers\PieChartTransformer;
+use Illuminate\Support\Arr;
+
+class StatuslabelsController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('view', Statuslabel::class);
+        $allowed_columns = ['id', 'name', 'created_at', 'assets_count', 'color', 'notes', 'default_label'];
+
+        $statuslabels = Statuslabel::withCount('assets as assets_count');
+
+        if ($request->filled('search')) {
+            $statuslabels = $statuslabels->TextSearch($request->input('search'));
+        }
+
+        if ($request->filled('name')) {
+            $statuslabels->where('name', '=', $request->input('name'));
+        }
+
+
+        // if a status_type is passed, filter by that
+        if ($request->filled('status_type')) {
+            if (strtolower($request->input('status_type')) == 'pending') {
+                $statuslabels = $statuslabels->Pending();
+            } elseif (strtolower($request->input('status_type')) == 'archived') {
+                $statuslabels = $statuslabels->Archived();
+            } elseif (strtolower($request->input('status_type')) == 'deployable') {
+                $statuslabels = $statuslabels->Deployable();
+            } elseif (strtolower($request->input('status_type')) == 'undeployable') {
+                $statuslabels = $statuslabels->Undeployable();
+            }
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $statuslabels->count()) ? $statuslabels->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
+        $statuslabels->orderBy($sort, $order);
+
+        $total = $statuslabels->count();
+        $statuslabels = $statuslabels->skip($offset)->take($limit)->get();
+
+        return (new StatuslabelsTransformer)->transformStatuslabels($statuslabels, $total);
+    }
+
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(Request $request)
+    {
+        $this->authorize('create', Statuslabel::class);
+        $request->except('deployable', 'pending', 'archived');
+
+        if (! $request->filled('type')) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, ['type' => ['Status label type is required.']]), 500);
+        }
+
+        $statuslabel = new Statuslabel;
+        $statuslabel->fill($request->all());
+
+        $statusType = Statuslabel::getStatuslabelTypesForDB($request->input('type'));
+        $statuslabel->deployable = $statusType['deployable'];
+        $statuslabel->pending = $statusType['pending'];
+        $statuslabel->archived = $statusType['archived'];
+        $statuslabel->color             =  $request->input('color');
+        $statuslabel->show_in_nav       =  $request->input('show_in_nav', 0);
+        $statuslabel->default_label     =  $request->input('default_label', 0);
+
+
+        if ($statuslabel->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $statuslabel, trans('admin/statuslabels/message.create.success')));
+        }
+        return response()->json(Helper::formatStandardApiResponse('error', null, $statuslabel->getErrors()));
+
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function show($id)
+    {
+        $this->authorize('view', Statuslabel::class);
+        $statuslabel = Statuslabel::findOrFail($id);
+
+        return (new StatuslabelsTransformer)->transformStatuslabel($statuslabel);
+    }
+
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(Request $request, $id)
+    {
+        $this->authorize('update', Statuslabel::class);
+        $statuslabel = Statuslabel::findOrFail($id);
+        
+        $request->except('deployable', 'pending', 'archived');
+
+
+        if (! $request->filled('type')) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Status label type is required.'));
+        }
+
+        $statuslabel->fill($request->all());
+
+        $statusType = Statuslabel::getStatuslabelTypesForDB($request->input('type'));
+        $statuslabel->deployable = $statusType['deployable'];
+        $statuslabel->pending = $statusType['pending'];
+        $statuslabel->archived = $statusType['archived'];
+        $statuslabel->color             =  $request->input('color');
+        $statuslabel->show_in_nav       =  $request->input('show_in_nav', 0);
+        $statuslabel->default_label     =  $request->input('default_label', 0);
+
+        if ($statuslabel->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $statuslabel, trans('admin/statuslabels/message.update.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $statuslabel->getErrors()));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy($id)
+    {
+        $this->authorize('delete', Statuslabel::class);
+        $statuslabel = Statuslabel::findOrFail($id);
+        $this->authorize('delete', $statuslabel);
+
+        // Check that there are no assets associated
+        if ($statuslabel->assets()->count() == 0) {
+            $statuslabel->delete();
+
+            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/statuslabels/message.delete.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/statuslabels/message.assoc_assets')));
+    }
+
+
+
+     /**
+     * Show a count of assets by status label for pie chart
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v3.0]
+     * @return array
+     */
+    public function getAssetCountByStatuslabel()
+    {
+        $this->authorize('view', Statuslabel::class);
+        $statuslabels = Statuslabel::withCount('assets')->get();
+        $total = Array();
+
+        foreach ($statuslabels as $statuslabel) {
+
+            $total[$statuslabel->name]['label'] = $statuslabel->name;
+            $total[$statuslabel->name]['count'] = $statuslabel->assets_count;
+
+            if ($statuslabel->color != '') {
+                $total[$statuslabel->name]['color'] = $statuslabel->color;
+            }
+        }
+
+        return (new PieChartTransformer())->transformPieChartDate($total);
+
+    }
+
+    /**
+     * Show a count of assets by meta status type for pie chart
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.0.11]
+     * @return array
+     */
+    public function getAssetCountByMetaStatus()
+    {
+        $this->authorize('view', Statuslabel::class);
+
+        $total['rtd']['label'] = trans('general.ready_to_deploy');
+        $total['rtd']['count'] = Asset::RTD()->count();
+
+        $total['deployed']['label'] = trans('general.deployed');
+        $total['deployed']['count'] = Asset::Deployed()->count();
+
+        $total['archived']['label'] = trans('general.archived');
+        $total['archived']['count'] = Asset::Archived()->count();
+
+        $total['pending']['label'] = trans('general.pending');
+        $total['pending']['count'] = Asset::Pending()->count();
+
+        $total['undeployable']['label'] = trans('general.undeployable');
+        $total['undeployable']['count'] = Asset::Undeployable()->count();
+
+        return (new PieChartTransformer())->transformPieChartDate($total);
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function assets(Request $request, $id)
+    {
+        $this->authorize('view', Statuslabel::class);
+        $this->authorize('index', Asset::class);
+        $assets = Asset::where('status_id', '=', $id)->with('assignedTo');
+
+        $allowed_columns = [
+            'id',
+            'name',
+        ];
+
+        $offset = request('offset', 0);
+        $limit = $request->input('limit', 50);
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
+        $assets->orderBy($sort, $order);
+
+        $total = $assets->count();
+        $assets = $assets->skip($offset)->take($limit)->get();
+
+
+        return (new AssetsTransformer)->transformAssets($assets, $total);
+    }
+
+
+    /**
+     * Returns a boolean response based on whether the status label
+     * is one that is deployable.
+     *
+     * This is used by the hardware create/edit view to determine whether
+     * we should provide a dropdown of users for them to check the asset out to.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @return bool
+     */
+    public function checkIfDeployable($id)
+    {
+        $statuslabel = Statuslabel::findOrFail($id);
+        if ($statuslabel->getStatuslabelType() == 'deployable') {
+            return '1';
+        }
+
+        return '0';
+    }
+
+    /**
+     * Gets a paginated collection for the select2 menus
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v6.1.1]
+     * @see \App\Http\Transformers\SelectlistTransformer
+     */
+    public function selectlist(Request $request)
+    {
+
+        $this->authorize('view.selectlists');
+        $statuslabels = Statuslabel::orderBy('default_label', 'desc')->orderBy('name', 'asc')->orderBy('deployable', 'desc');
+
+        if ($request->filled('search')) {
+            $statuslabels = $statuslabels->where('name', 'LIKE', '%'.$request->get('search').'%');
+        }
+
+        if ($request->filled('deployable')) {
+            $statuslabels = $statuslabels->where('deployable', '=', '1');
+        }
+
+        if ($request->filled('pending')) {
+            $statuslabels = $statuslabels->where('pending', '=', '1');
+        }
+
+        if ($request->filled('archived')) {
+            $statuslabels = $statuslabels->where('archived', '=', '1');
+        }
+
+        $statuslabels = $statuslabels->orderBy('name', 'ASC')->paginate(50);
+
+        // Loop through and set some custom properties for the transformer to use.
+        // This lets us have more flexibility in special cases like assets, where
+        // they may not have a ->name value but we want to display something anyway
+        foreach ($statuslabels as $statuslabel) {
+            $statuslabels->use_text = $statuslabel->name;
+        }
+
+        return (new SelectlistTransformer)->transformSelectlist($statuslabels);
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/SuppliersController.php

@@ -0,0 +1,239 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Transformers\SelectlistTransformer;
+use App\Http\Transformers\SuppliersTransformer;
+use App\Models\Supplier;
+use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
+use Illuminate\Support\Facades\Storage;
+
+class SuppliersController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('view', Supplier::class);
+        $allowed_columns = ['
+            id',
+            'name',
+            'address',
+            'phone',
+            'contact',
+            'fax',
+            'email',
+            'image',
+            'assets_count',
+            'licenses_count',
+            'accessories_count',
+            'components_count',
+            'consumables_count',
+            'url',
+        ];
+        
+        $suppliers = Supplier::select(
+                ['id', 'name', 'address', 'address2', 'city', 'state', 'country', 'fax', 'phone', 'email', 'contact', 'created_at', 'updated_at', 'deleted_at', 'image', 'notes', 'url'])
+                    ->withCount('assets as assets_count')
+                    ->withCount('licenses as licenses_count')
+                    ->withCount('accessories as accessories_count')
+                    ->withCount('components as components_count')
+                    ->withCount('consumables as consumables_count');
+
+
+        if ($request->filled('search')) {
+            $suppliers = $suppliers->TextSearch($request->input('search'));
+        }
+
+        if ($request->filled('name')) {
+            $suppliers->where('name', '=', $request->input('name'));
+        }
+
+        if ($request->filled('address')) {
+            $suppliers->where('address', '=', $request->input('address'));
+        }
+
+        if ($request->filled('address2')) {
+            $suppliers->where('address2', '=', $request->input('address2'));
+        }
+
+        if ($request->filled('city')) {
+            $suppliers->where('city', '=', $request->input('city'));
+        }
+
+        if ($request->filled('zip')) {
+            $suppliers->where('zip', '=', $request->input('zip'));
+        }
+
+        if ($request->filled('country')) {
+            $suppliers->where('country', '=', $request->input('country'));
+        }
+
+        if ($request->filled('fax')) {
+            $suppliers->where('fax', '=', $request->input('fax'));
+        }
+
+        if ($request->filled('email')) {
+            $suppliers->where('email', '=', $request->input('email'));
+        }
+
+        if ($request->filled('url')) {
+            $suppliers->where('url', '=', $request->input('url'));
+        }
+
+        if ($request->filled('notes')) {
+            $suppliers->where('notes', '=', $request->input('notes'));
+        }
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $suppliers->count()) ? $suppliers->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+        $sort = in_array($request->input('sort'), $allowed_columns) ? $request->input('sort') : 'created_at';
+        $suppliers->orderBy($sort, $order);
+
+        $total = $suppliers->count();
+        $suppliers = $suppliers->skip($offset)->take($limit)->get();
+
+        return (new SuppliersTransformer)->transformSuppliers($suppliers, $total);
+    }
+
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(ImageUploadRequest $request)
+    {
+        $this->authorize('create', Supplier::class);
+        $supplier = new Supplier;
+        $supplier->fill($request->all());
+        $supplier = $request->handleImages($supplier);
+
+        if ($supplier->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $supplier, trans('admin/suppliers/message.create.success')));
+        }
+        return response()->json(Helper::formatStandardApiResponse('error', null, $supplier->getErrors()));
+
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function show($id)
+    {
+        $this->authorize('view', Supplier::class);
+        $supplier = Supplier::findOrFail($id);
+
+        return (new SuppliersTransformer)->transformSupplier($supplier);
+    }
+
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \App\Http\Requests\ImageUploadRequest  $request
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(ImageUploadRequest $request, $id)
+    {
+        $this->authorize('update', Supplier::class);
+        $supplier = Supplier::findOrFail($id);
+        $supplier->fill($request->all());
+        $supplier = $request->handleImages($supplier);
+
+        if ($supplier->save()) {
+            return response()->json(Helper::formatStandardApiResponse('success', $supplier, trans('admin/suppliers/message.update.success')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $supplier->getErrors()));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy($id)
+    {
+        $this->authorize('delete', Supplier::class);
+        $supplier = Supplier::with('asset_maintenances', 'assets', 'licenses')->withCount('asset_maintenances as asset_maintenances_count', 'assets as assets_count', 'licenses as licenses_count')->findOrFail($id);
+        $this->authorize('delete', $supplier);
+
+
+        if ($supplier->assets_count > 0) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/suppliers/message.delete.assoc_assets', ['asset_count' => (int) $supplier->assets_count])));
+        }
+
+        if ($supplier->asset_maintenances_count > 0) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/suppliers/message.delete.assoc_maintenances', ['asset_maintenances_count' => $supplier->asset_maintenances_count])));
+        }
+
+        if ($supplier->licenses_count > 0) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/suppliers/message.delete.assoc_licenses', ['licenses_count' => (int) $supplier->licenses_count])));
+        }
+
+        $supplier->delete();
+
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/suppliers/message.delete.success')));
+    }
+
+    /**
+     * Gets a paginated collection for the select2 menus
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0.16]
+     * @see \App\Http\Transformers\SelectlistTransformer
+     */
+    public function selectlist(Request $request)
+    {
+
+        $this->authorize('view.selectlists');
+
+        $suppliers = Supplier::select([
+            'id',
+            'name',
+            'image',
+        ]);
+
+        if ($request->filled('search')) {
+            $suppliers = $suppliers->where('suppliers.name', 'LIKE', '%'.$request->get('search').'%');
+        }
+
+        $suppliers = $suppliers->orderBy('name', 'ASC')->paginate(50);
+
+        // Loop through and set some custom properties for the transformer to use.
+        // This lets us have more flexibility in special cases like assets, where
+        // they may not have a ->name value but we want to display something anyway
+        foreach ($suppliers as $supplier) {
+            $supplier->use_text = $supplier->name;
+            $supplier->use_image = ($supplier->image) ? Storage::disk('public')->url('suppliers/'.$supplier->image, $supplier->image) : null;
+        }
+
+        return (new SelectlistTransformer)->transformSelectlist($suppliers);
+    }
+}

Production/SNIPE-IT/app/Http/Controllers/Api/UsersController.php

@@ -0,0 +1,755 @@
+<?php
+
+namespace App\Http\Controllers\Api;
+
+use App\Helpers\Helper;
+use App\Http\Controllers\Controller;
+use App\Http\Requests\SaveUserRequest;
+use App\Http\Transformers\AccessoriesTransformer;
+use App\Http\Transformers\AssetsTransformer;
+use App\Http\Transformers\ConsumablesTransformer;
+use App\Http\Transformers\LicensesTransformer;
+use App\Http\Transformers\SelectlistTransformer;
+use App\Http\Transformers\UsersTransformer;
+use App\Models\Actionlog;
+use App\Models\Asset;
+use App\Models\Company;
+use App\Models\License;
+use App\Models\User;
+use App\Notifications\CurrentInventory;
+use Auth;
+use Illuminate\Http\Request;
+use App\Http\Requests\ImageUploadRequest;
+use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Facades\Validator;
+
+class UsersController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function index(Request $request)
+    {
+        $this->authorize('view', User::class);
+
+        $users = User::select([
+            'users.activated',
+            'users.created_by',
+            'users.address',
+            'users.avatar',
+            'users.city',
+            'users.company_id',
+            'users.country',
+            'users.created_at',
+            'users.deleted_at',
+            'users.department_id',
+            'users.email',
+            'users.employee_num',
+            'users.first_name',
+            'users.id',
+            'users.jobtitle',
+            'users.last_login',
+            'users.last_name',
+            'users.locale',
+            'users.location_id',
+            'users.manager_id',
+            'users.notes',
+            'users.permissions',
+            'users.phone',
+            'users.state',
+            'users.two_factor_enrolled',
+            'users.two_factor_optin',
+            'users.updated_at',
+            'users.username',
+            'users.zip',
+            'users.remote',
+            'users.ldap_import',
+            'users.start_date',
+            'users.end_date',
+            'users.vip',
+            'users.autoassign_licenses',
+            'users.website',
+
+        ])->with('manager', 'groups', 'userloc', 'company', 'department', 'assets', 'licenses', 'accessories', 'consumables', 'createdBy',)
+            ->withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count');
+
+
+        if ($request->filled('activated')) {
+            $users = $users->where('users.activated', '=', $request->input('activated'));
+        }
+
+        if ($request->filled('company_id')) {
+            $users = $users->where('users.company_id', '=', $request->input('company_id'));
+        }
+
+        if ($request->filled('location_id')) {
+            $users = $users->where('users.location_id', '=', $request->input('location_id'));
+        }
+
+        if ($request->filled('created_by')) {
+            $users = $users->where('users.created_by', '=', $request->input('created_by'));
+        }
+
+        if ($request->filled('email')) {
+            $users = $users->where('users.email', '=', $request->input('email'));
+        }
+
+        if ($request->filled('username')) {
+            $users = $users->where('users.username', '=', $request->input('username'));
+        }
+
+        if ($request->filled('first_name')) {
+            $users = $users->where('users.first_name', '=', $request->input('first_name'));
+        }
+
+        if ($request->filled('last_name')) {
+            $users = $users->where('users.last_name', '=', $request->input('last_name'));
+        }
+
+        if ($request->filled('employee_num')) {
+            $users = $users->where('users.employee_num', '=', $request->input('employee_num'));
+        }
+
+        if ($request->filled('state')) {
+            $users = $users->where('users.state', '=', $request->input('state'));
+        }
+
+        if ($request->filled('country')) {
+            $users = $users->where('users.country', '=', $request->input('country'));
+        }
+
+        if ($request->filled('website')) {
+            $users = $users->where('users.website', '=', $request->input('website'));
+        }
+
+        if ($request->filled('zip')) {
+            $users = $users->where('users.zip', '=', $request->input('zip'));
+        }
+
+        if ($request->filled('group_id')) {
+            $users = $users->ByGroup($request->get('group_id'));
+        }
+
+        if ($request->filled('department_id')) {
+            $users = $users->where('users.department_id', '=', $request->input('department_id'));
+        }
+
+        if ($request->filled('manager_id')) {
+            $users = $users->where('users.manager_id','=',$request->input('manager_id'));
+        }
+
+        if ($request->filled('ldap_import')) {
+            $users = $users->where('ldap_import', '=', $request->input('ldap_import'));
+        }
+
+        if ($request->filled('remote')) {
+            $users = $users->where('remote', '=', $request->input('remote'));
+        }
+
+        if ($request->filled('vip')) {
+            $users = $users->where('vip', '=', $request->input('vip'));
+        }
+
+        if ($request->filled('two_factor_enrolled')) {
+            $users = $users->where('two_factor_enrolled', '=', $request->input('two_factor_enrolled'));
+        }
+
+        if ($request->filled('two_factor_optin')) {
+            $users = $users->where('two_factor_optin', '=', $request->input('two_factor_optin'));
+        }
+
+        if ($request->filled('start_date')) {
+            $users = $users->where('users.start_date', '=', $request->input('start_date'));
+        }
+
+        if ($request->filled('end_date')) {
+            $users = $users->where('users.end_date', '=', $request->input('end_date'));
+        }
+
+        if ($request->filled('assets_count')) {
+           $users->has('assets', '=', $request->input('assets_count'));
+        }
+
+        if ($request->filled('consumables_count')) {
+            $users->has('consumables', '=', $request->input('consumables_count'));
+        }
+
+        if ($request->filled('licenses_count')) {
+            $users->has('licenses', '=', $request->input('licenses_count'));
+        }
+
+        if ($request->filled('accessories_count')) {
+            $users->has('accessories', '=', $request->input('accessories_count'));
+        }
+
+        if ($request->filled('autoassign_licenses')) {
+            $users->where('autoassign_licenses', '=', $request->input('autoassign_licenses'));
+        }
+
+        if ($request->filled('search')) {
+            $users = $users->TextSearch($request->input('search'));
+        }
+
+        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
+
+        switch ($request->input('sort')) {
+            case 'manager':
+                $users = $users->OrderManager($order);
+                break;
+            case 'location':
+                $users = $users->OrderLocation($order);
+                break;
+            case 'department':
+                $users = $users->OrderDepartment($order);
+                break;
+            case 'created_by':
+                $users = $users->OrderByCreatedBy($order);
+                break;
+            case 'company':
+                $users = $users->OrderCompany($order);
+                break;
+            case 'first_name':
+                $users->orderBy('first_name', $order);
+                $users->orderBy('last_name', $order);
+                break;
+            case 'last_name':
+                $users->orderBy('last_name', $order);
+                $users->orderBy('first_name', $order);
+                break;
+            default:
+                $allowed_columns =
+                    [
+                        'last_name',
+                        'first_name',
+                        'email',
+                        'jobtitle',
+                        'username',
+                        'employee_num',
+                        'assets',
+                        'accessories',
+                        'consumables',
+                        'licenses',
+                        'groups',
+                        'activated',
+                        'created_at',
+                        'two_factor_enrolled',
+                        'two_factor_optin',
+                        'last_login',
+                        'assets_count',
+                        'licenses_count',
+                        'consumables_count',
+                        'accessories_count',
+                        'phone',
+                        'address',
+                        'city',
+                        'state',
+                        'country',
+                        'zip',
+                        'id',
+                        'ldap_import',
+                        'two_factor_optin',
+                        'two_factor_enrolled',
+                        'remote',
+                        'vip',
+                        'start_date',
+                        'end_date',
+                        'autoassign_licenses',
+                        'website',
+                    ];
+
+                $sort = in_array($request->get('sort'), $allowed_columns) ? $request->get('sort') : 'first_name';
+                $users = $users->orderBy($sort, $order);
+                break;
+        }
+
+        if (($request->filled('deleted')) && ($request->input('deleted') == 'true')) {
+            $users = $users->onlyTrashed();
+        } elseif (($request->filled('all')) && ($request->input('all') == 'true')) {
+            $users = $users->withTrashed();
+        }
+
+        $users = Company::scopeCompanyables($users);
+
+
+        // Make sure the offset and limit are actually integers and do not exceed system limits
+        $offset = ($request->input('offset') > $users->count()) ? $users->count() : app('api_offset_value');
+        $limit = app('api_limit_value');
+
+        $total = $users->count();
+        $users = $users->skip($offset)->take($limit)->get();
+
+        return (new UsersTransformer)->transformUsers($users, $total);
+    }
+
+    /**
+     * Gets a paginated collection for the select2 menus
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0.16]
+     * @see \App\Http\Transformers\SelectlistTransformer
+     */
+    public function selectlist(Request $request)
+    {
+        $users = User::select(
+            [
+                'users.id',
+                'users.username',
+                'users.employee_num',
+                'users.first_name',
+                'users.last_name',
+                'users.gravatar',
+                'users.avatar',
+                'users.email',
+            ]
+            )->where('show_in_list', '=', '1');
+
+        $users = Company::scopeCompanyables($users);
+
+        if ($request->filled('search')) {
+            $users = $users->where(function ($query) use ($request) {
+                $query->SimpleNameSearch($request->get('search'))
+                    ->orWhere('username', 'LIKE', '%'.$request->get('search').'%')
+                    ->orWhere('employee_num', 'LIKE', '%'.$request->get('search').'%');
+            });
+        }
+
+        $users = $users->orderBy('last_name', 'asc')->orderBy('first_name', 'asc');
+        $users = $users->paginate(50);
+
+        foreach ($users as $user) {
+            $name_str = '';
+            if ($user->last_name != '') {
+                $name_str .= $user->last_name.', ';
+            }
+            $name_str .= $user->first_name;
+
+            if ($user->username != '') {
+                $name_str .= ' ('.$user->username.')';
+            }
+
+            if ($user->employee_num != '') {
+                $name_str .= ' - #'.$user->employee_num;
+            }
+
+            $user->use_text = $name_str;
+            $user->use_image = ($user->present()->gravatar) ? $user->present()->gravatar : null;
+        }
+
+        return (new SelectlistTransformer)->transformSelectlist($users);
+    }
+
+
+
+    /**
+     * Store a newly created resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function store(SaveUserRequest $request)
+    {
+        $this->authorize('create', User::class);
+
+        $user = new User;
+        $user->fill($request->all());
+        $user->created_by = Auth::user()->id;
+
+        if ($request->has('permissions')) {
+            $permissions_array = $request->input('permissions');
+
+            // Strip out the superuser permission if the API user isn't a superadmin
+            if (! Auth::user()->isSuperUser()) {
+                unset($permissions_array['superuser']);
+            }
+            $user->permissions = $permissions_array;
+        }
+
+        // 
+        if ($request->filled('password')) {
+            $user->password = bcrypt($request->get('password'));
+        } else {
+            $user->password = $user->noPassword();
+        }
+
+        app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'image', 'avatars', 'avatar');
+        
+        if ($user->save()) {
+            if ($request->filled('groups')) {
+                $user->groups()->sync($request->input('groups'));
+            } else {
+                $user->groups()->sync([]);
+            }
+
+            return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.create')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
+    }
+
+    /**
+     * Display the specified resource.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function show($id)
+    {
+        $this->authorize('view', User::class);
+        $user = User::withCount('assets as assets_count', 'licenses as licenses_count', 'accessories as accessories_count', 'consumables as consumables_count')->findOrFail($id);
+
+        return (new UsersTransformer)->transformUser($user);
+    }
+
+
+    /**
+     * Update the specified resource in storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  \Illuminate\Http\Request  $request
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function update(SaveUserRequest $request, $id)
+    {
+        $this->authorize('update', User::class);
+
+        $user = User::findOrFail($id);
+
+        /**
+         * This is a janky hack to prevent people from changing admin demo user data on the public demo.
+         * 
+         * The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
+         * 
+         *  Thanks, jerks. You are why we can't have nice things. - snipe
+         * 
+         */ 
+
+
+        if ((($id == 1) || ($id == 2)) && (config('app.lock_passwords'))) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'Permission denied. You cannot update user information via API on the demo.'));
+        }
+
+
+        $user->fill($request->all());
+        
+        if ($user->id == $request->input('manager_id')) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'You cannot be your own manager'));
+        }
+
+        if ($request->filled('password')) {
+            $user->password = bcrypt($request->input('password'));
+        }
+
+        // We need to use has()  instead of filled()
+        // here because we need to overwrite permissions
+        // if someone needs to null them out
+        if ($request->has('permissions')) {
+            $permissions_array = $request->input('permissions');
+
+            // Strip out the superuser permission if the API user isn't a superadmin
+            if (! Auth::user()->isSuperUser()) {
+                unset($permissions_array['superuser']);
+            }
+            $user->permissions = $permissions_array;
+        }
+
+
+
+        // Update the location of any assets checked out to this user
+        Asset::where('assigned_type', User::class)
+            ->where('assigned_to', $user->id)->update(['location_id' => $request->input('location_id', null)]);
+
+        
+        app('App\Http\Requests\ImageUploadRequest')->handleImages($user, 600, 'image', 'avatars', 'avatar');
+          
+        if ($user->save()) {
+
+            // Sync group memberships:
+            // This was changed in Snipe-IT v4.6.x to 4.7, since we upgraded to Laravel 5.5
+            // which changes the behavior of has vs filled.
+            // The $request->has method will now return true even if the input value is an empty string or null.
+            // A new $request->filled method has was added that provides the previous behavior of the has method.
+
+            // Check if the request has groups passed and has a value
+            if ($request->filled('groups')) {
+                $validator = Validator::make($request->all(), [
+                    'groups.*' => 'integer|exists:permission_groups,id',
+                ]);
+                
+                if ($validator->fails()){
+                    return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
+                }
+                $user->groups()->sync($request->input('groups'));
+            // The groups field has been passed but it is null, so we should blank it out
+            } elseif ($request->has('groups')) {
+                $user->groups()->sync([]);
+            }
+
+
+            return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.update')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.0]
+     * @param  int  $id
+     * @return \Illuminate\Http\Response
+     */
+    public function destroy($id)
+    {
+        $this->authorize('delete', User::class);
+        $user = User::findOrFail($id);
+        $this->authorize('delete', $user);
+
+        if (($user->assets) && ($user->assets->count() > 0)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.error.delete_has_assets')));
+        }
+
+        if (($user->licenses) && ($user->licenses->count() > 0)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has '.$user->licenses->count().' license(s) associated with them and cannot be deleted.'));
+        }
+
+        if (($user->accessories) && ($user->accessories->count() > 0)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has '.$user->accessories->count().' accessories associated with them.'));
+        }
+
+        if (($user->managedLocations()) && ($user->managedLocations()->count() > 0)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'This user still has '.$user->managedLocations()->count().' locations that they manage.'));
+        }
+
+        if ($user->delete()) {
+
+            // Remove the user's avatar if they have one
+            if (Storage::disk('public')->exists('avatars/'.$user->avatar)) {
+                try {
+                    Storage::disk('public')->delete('avatars/'.$user->avatar);
+                } catch (\Exception $e) {
+                    \Log::debug($e);
+                }
+            }
+
+            return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.success.delete')));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.error.delete')));
+    }
+
+    /**
+     * Return JSON containing a list of assets assigned to a user.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v3.0]
+     * @param $userId
+     * @return string JSON
+     */
+    public function assets(Request $request, $id)
+    {
+        $this->authorize('view', User::class);
+        $this->authorize('view', Asset::class);
+        $assets = Asset::where('assigned_to', '=', $id)->where('assigned_type', '=', User::class)->with('model');
+
+
+        // Filter on category ID
+        if ($request->filled('category_id')) {
+            $assets = $assets->InCategory($request->input('category_id'));
+        }
+
+
+        // Filter on model ID
+        if ($request->filled('model_id')) {
+
+            $model_ids = $request->input('model_id');
+            if (!is_array($model_ids)) {
+                $model_ids = array($model_ids);
+            }
+            $assets = $assets->InModelList($model_ids);
+        }
+
+        $assets = $assets->get();
+
+        return (new AssetsTransformer)->transformAssets($assets, $assets->count(), $request);
+    }
+
+    /**
+     * Notify a specific user via email with all of their assigned assets.
+     *
+     * @author [Lukas Fehling] [<lukas.fehling@adabay.rocks>]
+     * @since [v6.0.13]
+     * @param Request $request
+     * @param $id
+     * @return string JSON
+     */
+    public function emailAssetList(Request $request, $id)
+    {
+        $user = User::findOrFail($id);
+
+        if (empty($user->email)) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.inventorynotification.error')));
+        }
+
+        $user->notify((new CurrentInventory($user)));
+ 
+        return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.inventorynotification.success')));
+    }
+
+    /**
+     * Return JSON containing a list of consumables assigned to a user.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v3.0]
+     * @param $userId
+     * @return string JSON
+     */
+    public function consumables(Request $request, $id)
+    {
+        $this->authorize('view', User::class);
+        $this->authorize('view', Consumable::class);
+        $user = User::findOrFail($id);
+        $consumables = $user->consumables;
+        return (new ConsumablesTransformer)->transformConsumables($consumables, $consumables->count(), $request);
+    }
+
+    /**
+     * Return JSON containing a list of accessories assigned to a user.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v4.6.14]
+     * @param $userId
+     * @return string JSON
+     */
+    public function accessories($id)
+    {
+        $this->authorize('view', User::class);
+        $user = User::findOrFail($id);
+        $this->authorize('view', Accessory::class);
+        $accessories = $user->accessories;
+
+        return (new AccessoriesTransformer)->transformAccessories($accessories, $accessories->count());
+    }
+
+    /**
+     * Return JSON containing a list of licenses assigned to a user.
+     *
+     * @author [N. Mathar] [<snipe@snipe.net>]
+     * @since [v5.0]
+     * @param $userId
+     * @return string JSON
+     */
+    public function licenses($id)
+    {
+        $this->authorize('view', User::class);
+        $this->authorize('view', License::class);
+        
+        if ($user = User::where('id', $id)->withTrashed()->first()) {
+            $licenses = $user->licenses()->get();
+            return (new LicensesTransformer())->transformLicenses($licenses, $licenses->count());
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.user_not_found', compact('id'))));
+
+    }
+
+    /**
+     * Reset the user's two-factor status
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v3.0]
+     * @param $userId
+     * @return string JSON
+     */
+    public function postTwoFactorReset(Request $request)
+    {
+        $this->authorize('update', User::class);
+
+        if ($request->filled('id')) {
+            try {
+                $user = User::find($request->get('id'));
+                $user->two_factor_secret = null;
+                $user->two_factor_enrolled = 0;
+                $user->saveQuietly();
+
+                // Log the reset
+                $logaction = new Actionlog();
+                $logaction->target_type = User::class;
+                $logaction->target_id = $user->id;
+                $logaction->item_type = User::class;
+                $logaction->item_id = $user->id;
+                $logaction->created_at = date('Y-m-d H:i:s');
+                $logaction->user_id = Auth::user()->id;
+                $logaction->logaction('2FA reset');
+
+                return response()->json(['message' => trans('admin/settings/general.two_factor_reset_success')], 200);
+            } catch (\Exception $e) {
+                return response()->json(['message' => trans('admin/settings/general.two_factor_reset_error')], 500);
+            }
+        }
+        return response()->json(['message' => 'No ID provided'], 500);
+
+
+    }
+
+    /**
+     * Get info on the current user.
+     *
+     * @author [Juan Font] [<juanfontalonso@gmail.com>]
+     * @since [v4.4.2]
+     * @param  \Illuminate\Http\Request  $request
+     * @return \Illuminate\Http\Response
+     */
+    public function getCurrentUserInfo(Request $request)
+    {
+        return (new UsersTransformer)->transformUser($request->user());
+    }
+
+    /**
+     * Restore a soft-deleted user.
+     *
+     * @author [E. Taylor] [<dev@evantaylor.name>]
+     * @param int $userId
+     * @since [v6.0.0]
+     * @return JsonResponse
+     */
+    public function restore($userId = null)
+    {
+
+        if ($user = User::withTrashed()->find($userId)) {
+            $this->authorize('delete', $user);
+
+            if ($user->deleted_at == '') {
+                return response()->json(Helper::formatStandardApiResponse('error', trans('general.not_deleted', ['item_type' => trans('general.user')])), 200);
+            }
+
+            if ($user->restore()) {
+
+                $logaction = new Actionlog();
+                $logaction->item_type = User::class;
+                $logaction->item_id = $user->id;
+                $logaction->created_at = date('Y-m-d H:i:s');
+                $logaction->user_id = Auth::user()->id;
+                $logaction->logaction('restore');
+
+                return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.success.restored')), 200);
+            }
+
+            // Check validation to make sure we're not restoring a user with the same username as an existing user
+            return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
+        }
+
+        return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.user_not_found')), 200);
+
+    }
+}