diff --git a/controllers/GenericEntityApiController.php b/controllers/GenericEntityApiController.php index 8db371ed..fd1347e1 100644 --- a/controllers/GenericEntityApiController.php +++ b/controllers/GenericEntityApiController.php @@ -13,8 +13,10 @@ class GenericEntityApiController extends BaseApiController if ($this->IsValidEntity($args['entity'])) { - if($this->IsEntityWithEditRequiresAdmin($args['entity'])) + if ($this->IsEntityWithEditRequiresAdmin($args['entity'])) + { User::checkPermission($request, User::PERMISSION_ADMIN); + } $requestBody = $request->getParsedBody(); @@ -50,8 +52,10 @@ class GenericEntityApiController extends BaseApiController if ($this->IsValidEntity($args['entity'])) { - if($this->IsEntityWithEditRequiresAdmin($args['entity'])) + if ($this->IsEntityWithEditRequiresAdmin($args['entity'])) + { User::checkPermission($request, User::PERMISSION_ADMIN); + } $row = $this->getDatabase()->{$args['entity']} ($args['objectId']); $row->delete(); @@ -70,8 +74,10 @@ class GenericEntityApiController extends BaseApiController if ($this->IsValidEntity($args['entity'])) { - if($this->IsEntityWithEditRequiresAdmin($args['entity'])) + if ($this->IsEntityWithEditRequiresAdmin($args['entity'])) + { User::checkPermission($request, User::PERMISSION_ADMIN); + } $requestBody = $request->getParsedBody(); try @@ -218,6 +224,7 @@ class GenericEntityApiController extends BaseApiController { parent::__construct($container); } + private function IsEntityWithEditRequiresAdmin($entity) { return !in_array($entity, $this->getOpenApiSpec()->components->internalSchemas->EntityEditRequiresAdmin->enum); diff --git a/controllers/OpenApiController.php b/controllers/OpenApiController.php index 813af27f..71fba589 100644 --- a/controllers/OpenApiController.php +++ b/controllers/OpenApiController.php @@ -9,10 +9,12 @@ class OpenApiController extends BaseApiController public function ApiKeysList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args) { $apiKeys = $this->getDatabase()->api_keys(); - if(!User::hasPermissions(User::PERMISSION_ADMIN)) + if (!User::hasPermissions(User::PERMISSION_ADMIN)) + { $apiKeys = $apiKeys->where('user_id', GROCY_USER_ID); + } return $this->renderPage($response, 'manageapikeys', [ - 'apiKeys' =>$apiKeys, + 'apiKeys' => $apiKeys, 'users' => $this->getDatabase()->users() ]); } diff --git a/public/js/extensions.js b/public/js/extensions.js index 4c42d4fd..e24b5f67 100644 --- a/public/js/extensions.js +++ b/public/js/extensions.js @@ -172,7 +172,8 @@ function animateCSS(selector, animationName, callback, speed = "faster") nodes.on('animationend', handleAnimationEnd); } -function RandomString() { +function RandomString() +{ return Math.random().toString(36).substring(2, 100) + Math.random().toString(36).substring(2, 100); } function getQRCodeForContent(url) @@ -185,7 +186,7 @@ function getQRCodeForContent(url) function getQRCodeForAPIKey(apikey_type, apikey_key) { var content = U('/api') + '|' + apikey_key; - if(apikey_type === 'special-purpose-calendar-ical') + if (apikey_type === 'special-purpose-calendar-ical') { content = U('/api/calendar/ical?secret=' + apikey_key); }