From 3282702c736482eb86f1ff8991a36eef191728da Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Tue, 1 Nov 2022 17:51:53 -0700
Subject: [PATCH 1/7] Added consumables upload routes

Signed-off-by: snipe <snipe@snipe.net>
---
 storage/private_uploads/consumables/.gitignore | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100755 storage/private_uploads/consumables/.gitignore

diff --git a/storage/private_uploads/consumables/.gitignore b/storage/private_uploads/consumables/.gitignore
new file mode 100755
index 000000000000..c96a04f008ee
--- /dev/null
+++ b/storage/private_uploads/consumables/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
\ No newline at end of file

From f6a6478804c055fc3d153d733f4dc89e13551792 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Tue, 1 Nov 2022 17:52:04 -0700
Subject: [PATCH 2/7] Added consumable uploads gitignore

Signed-off-by: snipe <snipe@snipe.net>
---
 routes/web/consumables.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/routes/web/consumables.php b/routes/web/consumables.php
index 9f930a968c59..4e2472d30c25 100644
--- a/routes/web/consumables.php
+++ b/routes/web/consumables.php
@@ -16,6 +16,21 @@
         [Consumables\ConsumableCheckoutController::class, 'store']
     )->name('consumables.checkout.store');
 
+    Route::post(
+        '{consumableId}/upload',
+        [Consumables\ConsumablesFilesController::class, 'store']
+    )->name('upload/consumable');
+
+    Route::delete(
+        '{consumableId}/deletefile/{fileId}',
+        [Consumables\ConsumablesFilesController::class, 'destroy']
+    )->name('delete/consumablefile');
+
+    Route::get(
+        '{consumableId}/showfile/{fileId}/{download?}',
+        [Consumables\ConsumablesFilesController::class, 'show']
+    )->name('show.consumablefile');
+
 
 });
     

From 25f69a7bd299a2d14f6eb420c92c5187be9bf821 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Tue, 1 Nov 2022 17:52:28 -0700
Subject: [PATCH 3/7] Added consumable methods for uploads

Signed-off-by: snipe <snipe@snipe.net>
---
 .../ConsumablesFilesController.php            | 176 ++++++++++++++++++
 app/Models/Consumable.php                     |  18 ++
 2 files changed, 194 insertions(+)
 create mode 100644 app/Http/Controllers/Consumables/ConsumablesFilesController.php

diff --git a/app/Http/Controllers/Consumables/ConsumablesFilesController.php b/app/Http/Controllers/Consumables/ConsumablesFilesController.php
new file mode 100644
index 000000000000..4dbed60491b3
--- /dev/null
+++ b/app/Http/Controllers/Consumables/ConsumablesFilesController.php
@@ -0,0 +1,176 @@
+<?php
+
+namespace App\Http\Controllers\Consumables;
+
+use App\Helpers\StorageHelper;
+use App\Http\Controllers\Controller;
+use App\Http\Requests\AssetFileRequest;
+use App\Models\Actionlog;
+use App\Models\Consumable;
+use Illuminate\Support\Facades\Response;
+use Illuminate\Support\Facades\Storage;
+use Symfony\Consumable\HttpFoundation\JsonResponse;
+use enshrined\svgSanitize\Sanitizer;
+
+class ConsumablesFilesController extends Controller
+{
+    /**
+     * Validates and stores files associated with a consumable.
+     *
+     * @todo Switch to using the AssetFileRequest form request validator.
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.0]
+     * @param AssetFileRequest $request
+     * @param int $consumableId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function store(AssetFileRequest $request, $consumableId = null)
+    {
+        $consumable = Consumable::find($consumableId);
+
+        if (isset($consumable->id)) {
+            $this->authorize('update', $consumable);
+
+            if ($request->hasFile('file')) {
+                if (! Storage::exists('private_uploads/consumables')) {
+                    Storage::makeDirectory('private_uploads/consumables', 775);
+                }
+
+                foreach ($request->file('file') as $file) {
+
+                    $extension = $file->getClientOriginalExtension();
+                    $file_name = 'consumable-'.$consumable->id.'-'.str_random(8).'-'.str_slug(basename($file->getClientOriginalName(), '.'.$extension)).'.'.$extension;
+
+
+                    // Check for SVG and sanitize it
+                    if ($extension == 'svg') {
+                        \Log::debug('This is an SVG');
+                        \Log::debug($file_name);
+
+                        $sanitizer = new Sanitizer();
+                        $dirtySVG = file_get_contents($file->getRealPath());
+                        $cleanSVG = $sanitizer->sanitize($dirtySVG);
+
+                        try {
+                            Storage::put('private_uploads/consumables/'.$file_name, $cleanSVG);
+                        } catch (\Exception $e) {
+                            \Log::debug('Upload no workie :( ');
+                            \Log::debug($e);
+                        }
+
+                    } else {
+                        Storage::put('private_uploads/consumables/'.$file_name, file_get_contents($file));
+                    }
+
+                    //Log the upload to the log
+                    $consumable->logUpload($file_name, e($request->input('notes')));
+                }
+
+
+                return redirect()->route('consumables.show', $consumable->id)->with('success', trans('admin/consumables/message.upload.success'));
+
+            }
+
+            return redirect()->route('consumables.show', $consumable->id)->with('error', trans('admin/consumables/message.upload.nofiles'));
+        }
+        // Prepare the error message
+        return redirect()->route('consumables.index')
+            ->with('error', trans('admin/consumables/message.does_not_exist'));
+    }
+
+    /**
+     * Deletes the selected consumable file.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.0]
+     * @param int $consumableId
+     * @param int $fileId
+     * @return \Illuminate\Http\RedirectResponse
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function destroy($consumableId = null, $fileId = null)
+    {
+        $consumable = Consumable::find($consumableId);
+
+        // the asset is valid
+        if (isset($consumable->id)) {
+            $this->authorize('update', $consumable);
+            $log = Actionlog::find($fileId);
+
+            // Remove the file if one exists
+            if (Storage::exists('consumables/'.$log->filename)) {
+                try {
+                    Storage::delete('consumables/'.$log->filename);
+                } catch (\Exception $e) {
+                    \Log::debug($e);
+                }
+            }
+
+            $log->delete();
+
+            return redirect()->back()
+                ->with('success', trans('admin/hardware/message.deletefile.success'));
+        }
+
+        // Redirect to the licence management page
+        return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.does_not_exist'));
+    }
+
+    /**
+     * Allows the selected file to be viewed.
+     *
+     * @author [A. Gianotto] [<snipe@snipe.net>]
+     * @since [v1.4]
+     * @param int $consumableId
+     * @param int $fileId
+     * @return \Symfony\Consumable\HttpFoundation\Response
+     * @throws \Illuminate\Auth\Access\AuthorizationException
+     */
+    public function show($consumableId = null, $fileId = null, $download = true)
+    {
+        $consumable = Consumable::find($consumableId);
+
+        // the consumable is valid
+        if (isset($consumable->id)) {
+            $this->authorize('view', $consumable);
+            $this->authorize('consumables.files', $consumable);
+
+            if (! $log = Actionlog::find($fileId)) {
+                return response('No matching record for that asset/file', 500)
+                    ->header('Content-Type', 'text/plain');
+            }
+
+            $file = 'private_uploads/consumables/'.$log->filename;
+
+            if (Storage::missing($file)) {
+                \Log::debug('FILE DOES NOT EXISTS for '.$file);
+                \Log::debug('URL should be '.Storage::url($file));
+
+                return response('File '.$file.' ('.Storage::url($file).') not found on server', 404)
+                    ->header('Content-Type', 'text/plain');
+            } else {
+
+                // We have to override the URL stuff here, since local defaults in Laravel's Flysystem
+                // won't work, as they're not accessible via the web
+                if (config('filesystems.default') == 'local') { // TODO - is there any way to fix this at the StorageHelper layer?
+                    return StorageHelper::downloader($file);
+                } else {
+                    if ($download != 'true') {
+                        \Log::debug('display the file');
+                        if ($contents = file_get_contents(Storage::url($file))) { // TODO - this will fail on private S3 files or large public ones
+                            return Response::make(Storage::url($file)->header('Content-Type', mime_content_type($file)));
+                        }
+
+                        return JsonResponse::create(['error' => 'Failed validation: '], 500);
+                    }
+
+                    return StorageHelper::downloader($file);
+
+                }
+            }
+        }
+
+        return redirect()->route('consumables.index')->with('error', trans('admin/consumables/message.does_not_exist', ['id' => $fileId]));
+    }
+}
diff --git a/app/Models/Consumable.php b/app/Models/Consumable.php
index ac4b8fd9d4ed..c04c9b53d5f0 100644
--- a/app/Models/Consumable.php
+++ b/app/Models/Consumable.php
@@ -96,6 +96,24 @@ class Consumable extends SnipeModel
         'manufacturer' => ['name'],
     ];
 
+
+    /**
+     * Establishes the components -> action logs -> uploads relationship
+     *
+     * @author A. Gianotto <snipe@snipe.net>
+     * @since [v6.1.13]
+     * @return \Illuminate\Database\Eloquent\Relations\Relation
+     */
+    public function uploads()
+    {
+        return $this->hasMany(\App\Models\Actionlog::class, 'item_id')
+            ->where('item_type', '=', self::class)
+            ->where('action_type', '=', 'uploaded')
+            ->whereNotNull('filename')
+            ->orderBy('created_at', 'desc');
+    }
+
+
     /**
      * Sets the attribute of whether or not the consumable is requestable
      *

From b362951c95f00c946b565cb4f1ea43ac3d134986 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Tue, 1 Nov 2022 17:52:45 -0700
Subject: [PATCH 4/7] Added consumables permissions

Signed-off-by: snipe <snipe@snipe.net>
---
 config/permissions.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/config/permissions.php b/config/permissions.php
index 2af54d615a54..64310ac0509b 100644
--- a/config/permissions.php
+++ b/config/permissions.php
@@ -178,6 +178,12 @@
             'note'       => '',
             'display'    => true,
         ],
+        [
+            'permission' => 'consumables.files',
+            'label'      => 'View and Modify Consumable Files',
+            'note'       => '',
+            'display'    => true,
+        ],
     ],
 
 

From 761da534f36ca1d5b0bd72233947d6e73d45bd1c Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Tue, 1 Nov 2022 17:53:08 -0700
Subject: [PATCH 5/7] Updated consumables UI to allow uploads and display files

Signed-off-by: snipe <snipe@snipe.net>
---
 resources/views/consumables/view.blade.php | 188 +++++++++++++++++----
 1 file changed, 159 insertions(+), 29 deletions(-)

diff --git a/resources/views/consumables/view.blade.php b/resources/views/consumables/view.blade.php
index c406264a77a2..2cd3ac5beeb7 100644
--- a/resources/views/consumables/view.blade.php
+++ b/resources/views/consumables/view.blade.php
@@ -18,55 +18,180 @@
 
 <div class="row">
   <div class="col-md-9">
-    <div class="box box-default">
-      @if ($consumable->id)
-      <div class="box-header with-border">
-        <div class="box-heading">
-          <h2 class="box-title"> {{ $consumable->name }}</h2>
+
+    <!-- Custom Tabs -->
+    <div class="nav-tabs-custom">
+
+      <ul class="nav nav-tabs hidden-print">
+
+
+        <li class="active">
+          <a href="#details" data-toggle="tab">
+            <span class="hidden-lg hidden-md">
+            <i class="fas fa-info-circle fa-2x" aria-hidden="true"></i>
+            </span>
+            <span class="hidden-xs hidden-sm">{{ trans('admin/users/general.info') }}</span>
+          </a>
+        </li>
+
+
+        @can('consumables.files', $consumable)
+          <li>
+            <a href="#files" data-toggle="tab">
+            <span class="hidden-lg hidden-md">
+            <i class="far fa-file fa-2x" aria-hidden="true"></i></span>
+              <span class="hidden-xs hidden-sm">{{ trans('general.file_uploads') }}
+                {!! ($consumable->uploads->count() > 0 ) ? '<badge class="badge badge-secondary">'.number_format($consumable->uploads->count()).'</badge>' : '' !!}
+            </span>
+            </a>
+          </li>
+        @endcan
+
+        @can('update', \App\Models\Consumble::class)
+          <li class="pull-right"><a href="#" data-toggle="modal" data-target="#uploadFileModal">
+              <i class="fas fa-paperclip" aria-hidden="true"></i> {{ trans('button.upload') }}</a>
+          </li>
+        @endcan
+
+      </ul>
+
+      <div class="tab-content">
+
+        <div class="tab-pane active" id="details">
+
+
+              <div class="table-responsive">
+
+                <table
+                        data-cookie-id-table="consumablesCheckedoutTable"
+                        data-pagination="true"
+                        data-id-table="consumablesCheckedoutTable"
+                        data-search="false"
+                        data-side-pagination="server"
+                        data-show-columns="true"
+                        data-show-export="true"
+                        data-show-footer="true"
+                        data-show-refresh="true"
+                        data-sort-order="asc"
+                        data-sort-name="name"
+                        id="consumablesCheckedoutTable"
+                        class="table table-striped snipe-table"
+                        data-url="{{route('api.consumables.showUsers', $consumable->id)}}"
+                        data-export-options='{
+                "fileName": "export-consumables-{{ str_slug($consumable->name) }}-checkedout-{{ date('Y-m-d') }}",
+                "ignoreColumn": ["actions","image","change","checkbox","checkincheckout","icon"]
+                }'>
+                  <thead>
+                  <tr>
+                    <th data-searchable="false" data-sortable="false" data-field="name">{{ trans('general.user') }}</th>
+                    <th data-searchable="false" data-sortable="false" data-field="created_at" data-formatter="dateDisplayFormatter">{{ trans('general.date') }}</th>
+                    <th data-searchable="false" data-sortable="false" data-field="note">{{ trans('general.notes') }}</th>
+                    <th data-searchable="false" data-sortable="false" data-field="admin">{{ trans('general.admin') }}</th>
+                  </tr>
+                  </thead>
+                </table>
+              </div>
+
         </div>
-      </div><!-- /.box-header -->
-      @endif
 
-      <div class="box-body">
-        <div class="row">
-          <div class="col-md-12">
-            <div class="table table-responsive">
 
+        @can('consumables.files', $consumable)
+          <div class="tab-pane" id="files">
+
+            <div class="table-responsive">
               <table
-                      data-cookie-id-table="consumablesCheckedoutTable"
+                      data-cookie-id-table="consumableUploadsTable"
+                      data-id-table="consumableUploadsTable"
+                      id="consumableUploadsTable"
+                      data-search="true"
                       data-pagination="true"
-                      data-id-table="consumablesCheckedoutTable"
-                      data-search="false"
-                      data-side-pagination="server"
+                      data-side-pagination="client"
                       data-show-columns="true"
                       data-show-export="true"
                       data-show-footer="true"
+                      data-toolbar="#upload-toolbar"
                       data-show-refresh="true"
                       data-sort-order="asc"
                       data-sort-name="name"
-                      id="consumablesCheckedoutTable"
                       class="table table-striped snipe-table"
-                      data-url="{{route('api.consumables.showUsers', $consumable->id)}}"
                       data-export-options='{
-                "fileName": "export-consumables-{{ str_slug($consumable->name) }}-checkedout-{{ date('Y-m-d') }}",
-                "ignoreColumn": ["actions","image","change","checkbox","checkincheckout","icon"]
-                }'>
+                    "fileName": "export-consumables-uploads-{{ str_slug($consumable->name) }}-{{ date('Y-m-d') }}",
+                    "ignoreColumn": ["actions","image","change","checkbox","checkincheckout","delete","download","icon"]
+                    }'>
                 <thead>
+                <tr>
+                  <th data-visible="true" data-field="icon" data-sortable="true">{{trans('general.file_type')}}</th>
+                  <th class="col-md-2" data-searchable="true" data-visible="true" data-field="image">{{ trans('general.image') }}</th>
+                  <th class="col-md-2" data-searchable="true" data-visible="true" data-field="filename" data-sortable="true">{{ trans('general.file_name') }}</th>
+                  <th class="col-md-1" data-searchable="true" data-visible="true" data-field="filesize">{{ trans('general.filesize') }}</th>
+                  <th class="col-md-2" data-searchable="true" data-visible="true" data-field="notes" data-sortable="true">{{ trans('general.notes') }}</th>
+                  <th class="col-md-1" data-searchable="true" data-visible="true" data-field="download">{{ trans('general.download') }}</th>
+                  <th class="col-md-2" data-searchable="true" data-visible="true" data-field="created_at" data-sortable="true">{{ trans('general.created_at') }}</th>
+                  <th class="col-md-1" data-searchable="true" data-visible="true" data-field="actions">{{ trans('table.actions') }}</th>
+                </tr>
+                </thead>
+                <tbody>
+                @if ($consumable->uploads->count() > 0)
+                  @foreach ($consumable->uploads as $file)
+                    <tr>
+                      <td>
+                        <i class="{{ Helper::filetype_icon($file->filename) }} icon-med" aria-hidden="true"></i>
+                        <span class="sr-only">{{ Helper::filetype_icon($file->filename) }}</span>
+
+                      </td>
+                      <td>
+                        @if ($file->filename)
+                          @if ( Helper::checkUploadIsImage($file->get_src('consumables')))
+                            <a href="{{ route('show.consumablefile', ['consumableId' => $consumable->id, 'fileId' => $file->id, 'download' => 'false']) }}" data-toggle="lightbox" data-type="image"><img src="{{ route('show.consumablefile', ['consumableId' => $consumable->id, 'fileId' => $file->id]) }}" class="img-thumbnail" style="max-width: 50px;"></a>
+                          @endif
+                        @endif
+                      </td>
+                      <td>
+                        {{ $file->filename }}
+                      </td>
+                      <td data-value="{{ Storage::size('private_uploads/consumables/'.$file->filename) }}">
+                        {{ Helper::formatFilesizeUnits(Storage::size('private_uploads/consumables/'.$file->filename)) }}
+                      </td>
+
+                      <td>
+                        @if ($file->note)
+                          {{ $file->note }}
+                        @endif
+                      </td>
+                      <td>
+                        @if ($file->filename)
+                          <a href="{{ route('show.consumablefile', [$consumable->id, $file->id, 'download' => 'true']) }}" class="btn btn-default">
+                            <i class="fas fa-download" aria-hidden="true"></i>
+                            <span class="sr-only">{{ trans('general.download') }}</span>
+                          </a>
+                        @endif
+                      </td>
+                      <td>{{ $file->created_at }}</td>
+                      <td>
+                        <a class="btn delete-asset btn-danger btn-sm" href="{{ route('delete/consumablefile', [$consumable->id, $file->id]) }}" data-content="{{ trans('general.delete_confirm', ['item' => $file->filename]) }}" data-title="{{ trans('general.delete') }}">
+                          <i class="fas fa-trash icon-white" aria-hidden="true"></i>
+                          <span class="sr-only">{{ trans('general.delete') }}</span>
+                        </a>
+                      </td>
+                    </tr>
+                  @endforeach
+                @else
                   <tr>
-                    <th data-searchable="false" data-sortable="false" data-field="name">{{ trans('general.user') }}</th>
-                    <th data-searchable="false" data-sortable="false" data-field="created_at" data-formatter="dateDisplayFormatter">{{ trans('general.date') }}</th>
-                    <th data-searchable="false" data-sortable="false" data-field="note">{{ trans('general.notes') }}</th>
-                    <th data-searchable="false" data-sortable="false" data-field="admin">{{ trans('general.admin') }}</th>
+                    <td colspan="8">{{ trans('general.no_results') }}</td>
                   </tr>
-                </thead>
+                @endif
+                </tbody>
               </table>
             </div>
-          </div> <!-- /.col-md-12-->
+          </div> <!-- /.tab-pane -->
+        @endcan
 
-        </div>
       </div>
-    </div> <!-- /.box.box-default-->
-  </div> <!-- /.col-md-9-->
+    </div>
+
+  </div>
+
+
   <div class="col-md-3">
 
 
@@ -163,6 +288,11 @@ class="table table-striped snipe-table"
 
 @stop
 
+@can('update', \App\Models\Consumable::class)
+  @include ('modals.upload-file', ['item_type' => 'consumable', 'item_id' => $consumable->id])
+@endcan
+
+
 @section('moar_scripts')
 @include ('partials.bootstrap-table', ['exportFile' => 'consumable' . $consumable->name . '-export', 'search' => false])
 @stop

From fa79a6c15f4172597b2eb74254c87ebc88b01933 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Tue, 1 Nov 2022 18:19:13 -0700
Subject: [PATCH 6/7] Skip storage:: facade on missing images

Signed-off-by: snipe <snipe@snipe.net>
---
 resources/views/consumables/view.blade.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/resources/views/consumables/view.blade.php b/resources/views/consumables/view.blade.php
index 2cd3ac5beeb7..70b30d89d9cc 100644
--- a/resources/views/consumables/view.blade.php
+++ b/resources/views/consumables/view.blade.php
@@ -149,8 +149,8 @@ class="table table-striped snipe-table"
                       <td>
                         {{ $file->filename }}
                       </td>
-                      <td data-value="{{ Storage::size('private_uploads/consumables/'.$file->filename) }}">
-                        {{ Helper::formatFilesizeUnits(Storage::size('private_uploads/consumables/'.$file->filename)) }}
+                      <td data-value="{{ (Storage::exists('private_uploads/consumables/'.$file->filename) ? Storage::size('private_uploads/consumables/'.$file->filename) : '') }}">
+                        {{ @Helper::formatFilesizeUnits(Storage::exists('private_uploads/consumables/'.$file->filename) ? Storage::size('private_uploads/consumables/'.$file->filename) : '') }}
                       </td>
 
                       <td>

From 2106b64da6a134e7397862864f5896e7b0719fcf Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Tue, 1 Nov 2022 19:06:49 -0700
Subject: [PATCH 7/7] Fixed some layout issues

Signed-off-by: snipe <snipe@snipe.net>
---
 .../Controllers/Api/ConsumablesController.php |  1 +
 resources/views/consumables/view.blade.php    | 34 +++++++++----------
 .../views/partials/bootstrap-table.blade.php  |  8 +++--
 3 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/app/Http/Controllers/Api/ConsumablesController.php b/app/Http/Controllers/Api/ConsumablesController.php
index ebc27c608f17..fc6620df48cc 100644
--- a/app/Http/Controllers/Api/ConsumablesController.php
+++ b/app/Http/Controllers/Api/ConsumablesController.php
@@ -228,6 +228,7 @@ public function getDataView($consumableId)
 
         foreach ($consumable->consumableAssignments as $consumable_assignment) {
             $rows[] = [
+                'avatar' => ($consumable_assignment->user) ? e($consumable_assignment->user->present()->gravatar) : '',
                 'name' => ($consumable_assignment->user) ? $consumable_assignment->user->present()->nameUrl() : 'Deleted User',
                 'created_at' => Helper::getFormattedDateObject($consumable_assignment->created_at, 'datetime'),
                 'note' => ($consumable_assignment->note) ? e($consumable_assignment->note) : null,
diff --git a/resources/views/consumables/view.blade.php b/resources/views/consumables/view.blade.php
index 70b30d89d9cc..406d3b4bd145 100644
--- a/resources/views/consumables/view.blade.php
+++ b/resources/views/consumables/view.blade.php
@@ -21,12 +21,10 @@
 
     <!-- Custom Tabs -->
     <div class="nav-tabs-custom">
-
       <ul class="nav nav-tabs hidden-print">
 
-
         <li class="active">
-          <a href="#details" data-toggle="tab">
+          <a href="#checkedout" data-toggle="tab">
             <span class="hidden-lg hidden-md">
             <i class="fas fa-info-circle fa-2x" aria-hidden="true"></i>
             </span>
@@ -47,9 +45,12 @@
           </li>
         @endcan
 
-        @can('update', \App\Models\Consumble::class)
-          <li class="pull-right"><a href="#" data-toggle="modal" data-target="#uploadFileModal">
-              <i class="fas fa-paperclip" aria-hidden="true"></i> {{ trans('button.upload') }}</a>
+        @can('update', Consumable::class)
+
+          <li class="pull-right">
+            <a href="#" data-toggle="modal" data-target="#uploadFileModal">
+              <i class="fas fa-paperclip" aria-hidden="true"></i> {{ trans('button.upload') }}
+            </a>
           </li>
         @endcan
 
@@ -57,9 +58,7 @@
 
       <div class="tab-content">
 
-        <div class="tab-pane active" id="details">
-
-
+        <div class="tab-pane active" id="checkedout">
               <div class="table-responsive">
 
                 <table
@@ -83,16 +82,18 @@ class="table table-striped snipe-table"
                 }'>
                   <thead>
                   <tr>
-                    <th data-searchable="false" data-sortable="false" data-field="name">{{ trans('general.user') }}</th>
-                    <th data-searchable="false" data-sortable="false" data-field="created_at" data-formatter="dateDisplayFormatter">{{ trans('general.date') }}</th>
+                    <th data-searchable="false" data-sortable="false" data-field="avatar" data-formatter="imageFormatter">{{ trans('general.image') }}</th>
+                    <th data-searchable="false" data-sortable="false" data-field="name" formatter="usersLinkFormatter">{{ trans('general.user') }}</th>
+                    <th data-searchable="false" data-sortable="false" data-field="created_at" data-formatter="dateDisplayFormatter">
+                      {{ trans('general.date') }}
+                    </th>
                     <th data-searchable="false" data-sortable="false" data-field="note">{{ trans('general.notes') }}</th>
                     <th data-searchable="false" data-sortable="false" data-field="admin">{{ trans('general.admin') }}</th>
                   </tr>
                   </thead>
                 </table>
-              </div>
-
-        </div>
+          </div>
+        </div> <!-- close tab-pane div -->
 
 
         @can('consumables.files', $consumable)
@@ -194,7 +195,6 @@ class="table table-striped snipe-table"
 
   <div class="col-md-3">
 
-
         <div class="box box-default">
           <div class="box-body">
             <div class="row">
@@ -286,12 +286,12 @@ class="table table-striped snipe-table"
   </div> <!-- /.col-md-3-->
 </div> <!-- /.row-->
 
-@stop
+
 
 @can('update', \App\Models\Consumable::class)
   @include ('modals.upload-file', ['item_type' => 'consumable', 'item_id' => $consumable->id])
 @endcan
-
+@stop
 
 @section('moar_scripts')
 @include ('partials.bootstrap-table', ['exportFile' => 'consumable' . $consumable->name . '-export', 'search' => false])
diff --git a/resources/views/partials/bootstrap-table.blade.php b/resources/views/partials/bootstrap-table.blade.php
index 57ac6a4d7ec1..ef29f8370d42 100644
--- a/resources/views/partials/bootstrap-table.blade.php
+++ b/resources/views/partials/bootstrap-table.blade.php
@@ -632,10 +632,14 @@ function imageFormatter(value, row) {
 
         if (value) {
 
-            if (row.name) {
+            // This is a clunky override to handle unusual API responses where we're presenting a link instead of an array
+            if (row.avatar) {
+                var altName = '';
+            }
+            else if (row.name) {
                 var altName = row.name;
             }
-                else if ((row) && (row.model)) {
+            else if ((row) && (row.model)) {
                 var altName = row.model.name;
            }
             return '<a href="' + value + '" data-toggle="lightbox" data-type="image"><img src="' + value + '" style="max-height: {{ $snipeSettings->thumbnail_max_h }}px; width: auto;" class="img-responsive" alt="' + altName + '"></a>';