Fixed permission check when deleting API keys (fixes #2204)

changelog/70_UNRELEASED_xxxx.xx.xx.md

@@ -88,6 +88,7 @@
 ### General
 
 - Added a new `config.php` setting `ENERGY_UNIT` to customize the label to display energy values (was fixed `kcal` before and defaults to that, so no changed behavior when not configured)
+- Fixed that users were unable to delete their own API keys (when not having the `All permissions` permission)
 - New translations: (thanks all the translators)
   - Romanian (demo available at <https://ro.demo.grocy.info>)
 

controllers/GenericEntityApiController.php

@@ -89,6 +89,10 @@ class GenericEntityApiController extends BaseApiController
 		{
 			User::checkPermission($request, User::PERMISSION_EQUIPMENT);
 		}
+		elseif ($args['entity'] == 'api_keys')
+		{
+			// Always allowed
+		}
 		else
 		{
 			User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);

grocy.openapi.json

@@ -5821,9 +5821,7 @@
 			},
 			"ExposedEntityEditRequiresAdmin": {
 				"type": "string",
-				"enum": [
+				"enum": []
-					"api_keys"
-				]
 			},
 			"StockTransactionType": {
 				"type": "string",