Fix full company scoping in user selects

[marcusmoore]

Description

This PR fixes a bug in the user select menu that currently returns users from other companies when a search string is provided.

Example:
With Full Companies Support enabled, Marcus is an admin for Company A. Marcus attempts to sign out an asset that belongs to Company A. When selecting the user to check the asset out to, Marcus is presented with a list of users for Company A:

So far so good 👍🏾

But, when Marcus types a query into the user search, he sees users from other companies 👎🏾

With this PR, the users returned are scoped to the user's of the company that the requester belongs to:

Notes

• For super admins, the existing behavior remains and all users are returned.
• For clarity, if an asset is assigned to a company the company name is displayed at the top of the checkout form (as seen in screenshot above).
• I added a change to the SecurityHeaders middleware that skips it when running in testing environments.

On Testing

A few tests have been included in this PR but running the tests requires some changes that are outside of the scope of this PR and will be followed up on in the future:

• The DB_* variables in .env.testing-ci should point to a valid MySQL database
• DB_CONNECTION in phpunit.xml should be mysql
• You'll also need to temporarily bypass the SecurityHeaders middleware

Type of change

• Bug fix (non-breaking change which fixes an issue)

[what-the-diff]

• Added a new test for the users select list API endpoint.
• Fixed an issue where assets with no model would cause errors in asset checkout view and added company name to that page as well.
• Removed unwanted headers from responses when running tests on CI/CD servers (GitLab, Travis).
• Updated factories so they can be used by other classes without having to pass them around everywhere or use global state which is bad practice anyway! Also updated some of the existing factory definitions while I was at it... :)
• Changed language file key 'company' => 'Company'. This will make things easier if we ever want to change this label later on down the line since all references are now using Laravel's translation helper function trans(). It also makes more sense than just hardcoding "Company" into our views like before because then you have two places where you need to update your code instead of one place only - not DRY :( . The same goes for any other labels throughout Snipe-IT too btw ;) !

[marcusmoore]

Reviewers: double-check that this check makes sense please. We don't want accidentally disable this middleware 😅

[snipe]

Why would we want to bypass this in testing? (I'm sure there's a good reason for it, I'm just not coming up with it :) )

[marcusmoore]

Great question that made me dig in a little more.

Calling header_remove in this middleware causes the tests to throw exceptions with the following error:

ErrorException : Cannot modify header information - headers already sent by (output started at /path/to/project/vendor/phpunit/phpunit/src/Util/Printer.php:104)
 /path/to/project/app/Http/Middleware/SecurityHeaders.php:112
 /path/to/project/app/Http/Middleware/SecurityHeaders.php:30
 /path/to/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167
 /path/to/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php:21
 /path/to/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php:31
 /path/to/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167
 /path/to/project/app/Http/Middleware/CheckForDebug.php:25
 /path/to/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167
 /path/to/project/app/Http/Middleware/CheckForSetup.php:25
 /path/to/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167
 /path/to/project/vendor/fideloper/proxy/src/TrustProxies.php:57
 /path/to/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167
 /path/to/project/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php:49
 /path/to/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167
 /path/to/project/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php:121
 /path/to/project/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php:64
 /path/to/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167
 /path/to/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php:86
 /path/to/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167
 /path/to/project/app/Http/Middleware/NoSessionStore.php:28
 /path/to/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:167
 /path/to/project/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php:103
 /path/to/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:142
 /path/to/project/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php:111
 /path/to/project/vendor/laravel/framework/src/Illuminate/Foundation/Testing/Concerns/MakesHttpRequests.php:510
 /path/to/project/vendor/laravel/framework/src/Illuminate/Foundation/Testing/Concerns/MakesHttpRequests.php:476
 /path/to/project/vendor/laravel/framework/src/Illuminate/Foundation/Testing/Concerns/MakesHttpRequests.php:306
 /path/to/project/tests/Feature/Api/Users/UsersForSelectListTest.php:25

That if check in such an important middleware is sketchy though. I'm pulling it out of this and adding a comment about it in the PR description.

[snipe]

This looks great, Marcus - thank you! A few small nits (and a question), but it's great work thank you!

[snipe]

I think we can just use general.company here, no need to duplicate the string.

[snipe]

Why would we want to bypass this in testing? (I'm sure there's a good reason for it, I'm just not coming up with it :) )

[snipe]

Same thing as above general.company should work find here.