Apikeys (#986)

* Add QR-Code for API-Url/Key

* Show only API-Keys for current user

* Allow only admin users to create custom API-Keys

* Use a managed package of qrcode-generator instead of a copy of the JS file

* Reuse existing localization string (API key)

* Center QR-Code in popups

Co-authored-by: Bernd Bestel <bernd@berrnd.de>

controllers/GenericEntityApiController.php

@@ -13,6 +13,9 @@ class GenericEntityApiController extends BaseApiController
 
 		if ($this->IsValidEntity($args['entity']))
 		{
+			if($this->IsEntityWithEditRequiresAdmin($args['entity']))
+				User::checkPermission($request, User::PERMISSION_ADMIN);
+
 			$requestBody = $request->getParsedBody();
 
 			try
@@ -47,6 +50,8 @@ class GenericEntityApiController extends BaseApiController
 
 		if ($this->IsValidEntity($args['entity']))
 		{
+			if($this->IsEntityWithEditRequiresAdmin($args['entity']))
+				User::checkPermission($request, User::PERMISSION_ADMIN);
 			$row = $this->getDatabase()->{$args['entity']}
 			($args['objectId']);
 			$row->delete();
@@ -65,6 +70,8 @@ class GenericEntityApiController extends BaseApiController
 
 		if ($this->IsValidEntity($args['entity']))
 		{
+			if($this->IsEntityWithEditRequiresAdmin($args['entity']))
+				User::checkPermission($request, User::PERMISSION_ADMIN);
 			$requestBody = $request->getParsedBody();
 
 			try
@@ -211,6 +218,10 @@ class GenericEntityApiController extends BaseApiController
 	{
 		parent::__construct($container);
 	}
+	private function IsEntityWithEditRequiresAdmin($entity)
+	{
+		return !in_array($entity, $this->getOpenApiSpec()->components->internalSchemas->EntityEditRequiresAdmin->enum);
+	}
 
 	private function IsEntityWithPreventedListing($entity)
 	{