diff --git a/controllers/BatteriesApiController.php b/controllers/BatteriesApiController.php
index 9464a3d7..d98abfcb 100644
--- a/controllers/BatteriesApiController.php
+++ b/controllers/BatteriesApiController.php
@@ -13,7 +13,7 @@ class BatteriesApiController extends BaseApiController
public function TrackChargeCycle(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
- User::checkPermission($request, User::PERMISSION_BATTERY_TRACK_CHARGE_CYCLE);
+ User::checkPermission($request, User::PERMISSION_BATTERIES_TRACK_CHARGE_CYCLE);
$requestBody = $request->getParsedBody();
@@ -53,7 +53,7 @@ class BatteriesApiController extends BaseApiController
public function UndoChargeCycle(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
- User::checkPermission($request, User::PERMISSION_BATTERY_UNDO_TRACK_CHARGE_CYCLE);
+ User::checkPermission($request, User::PERMISSION_BATTERIES_UNDO_CHARGE_CYCLE);
try
{
diff --git a/controllers/ChoresApiController.php b/controllers/ChoresApiController.php
index d276b3e0..236376fb 100644
--- a/controllers/ChoresApiController.php
+++ b/controllers/ChoresApiController.php
@@ -17,7 +17,7 @@ class ChoresApiController extends BaseApiController
try
{
- User::checkPermission($request, User::PERMISSION_CHORE_TRACK);
+ User::checkPermission($request, User::PERMISSION_CHORE_TRACK_EXECUTION);
$trackedTime = date('Y-m-d H:i:s');
if (array_key_exists('tracked_time', $requestBody) && (IsIsoDateTime($requestBody['tracked_time']) || IsIsoDate($requestBody['tracked_time'])))
@@ -31,7 +31,7 @@ class ChoresApiController extends BaseApiController
$doneBy = $requestBody['done_by'];
}
if($doneBy != GROCY_USER_ID)
- User::checkPermission($request, User::PERMISSION_CHORE_TRACK_OTHERS);
+ User::checkPermission($request, User::PERMISSION_CHORE_TRACK_EXECUTION_EXECUTION);
$choreExecutionId = $this->getChoresService()->TrackChore($args['choreId'], $trackedTime, $doneBy);
return $this->ApiResponse($response, $this->getDatabase()->chores_log($choreExecutionId));
@@ -63,7 +63,7 @@ class ChoresApiController extends BaseApiController
{
try
{
- User::checkPermission($request, User::PERMISSION_CHORE_UNDO);
+ User::checkPermission($request, User::PERMISSION_CHORE_UNDO_EXECUTION);
$this->ApiResponse($response, $this->getChoresService()->UndoChoreExecution($args['executionId']));
return $this->EmptyApiResponse($response);
@@ -78,8 +78,6 @@ class ChoresApiController extends BaseApiController
{
try
{
- User::checkPermission($request, User::PERMISSION_CHORE_EDIT);
-
$requestBody = $request->getParsedBody();
$choreId = null;
diff --git a/controllers/FilesApiController.php b/controllers/FilesApiController.php
index 1ae1f8d0..06d06cdc 100644
--- a/controllers/FilesApiController.php
+++ b/controllers/FilesApiController.php
@@ -16,8 +16,6 @@ class FilesApiController extends BaseApiController
{
try
{
- User::checkPermission($request, User::PERMISSION_UPLOAD_FILE);
-
if (IsValidFileName(base64_decode($args['fileName'])))
{
$fileName = base64_decode($args['fileName']);
@@ -100,8 +98,6 @@ class FilesApiController extends BaseApiController
{
try
{
- User::checkPermission($request, User::PERMISSION_DELETE_FILE);
-
if (IsValidFileName(base64_decode($args['fileName'])))
{
$fileName = base64_decode($args['fileName']);
diff --git a/controllers/RecipesApiController.php b/controllers/RecipesApiController.php
index 58eb8902..b44e0de8 100644
--- a/controllers/RecipesApiController.php
+++ b/controllers/RecipesApiController.php
@@ -29,7 +29,7 @@ class RecipesApiController extends BaseApiController
public function ConsumeRecipe(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
- User::checkPermission($request, User::PERMISSION_PRODUCT_CONSUME);
+ User::checkPermission($request, User::PERMISSION_STOCK_CONSUME);
try
{
diff --git a/controllers/StockApiController.php b/controllers/StockApiController.php
index 2c3a4174..92e34929 100644
--- a/controllers/StockApiController.php
+++ b/controllers/StockApiController.php
@@ -63,7 +63,7 @@ class StockApiController extends BaseApiController
public function AddProduct(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
- User::checkPermission($request, User::PERMISSION_PRODUCT_PURCHASE);
+ User::checkPermission($request, User::PERMISSION_STOCK_PURCHASE);
$requestBody = $request->getParsedBody();
@@ -246,7 +246,7 @@ class StockApiController extends BaseApiController
public function ConsumeProduct(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
- User::checkPermission($request, User::PERMISSION_PRODUCT_CONSUME);
+ User::checkPermission($request, User::PERMISSION_STOCK_CONSUME);
$requestBody = $request->getParsedBody();
@@ -319,7 +319,7 @@ class StockApiController extends BaseApiController
public function InventoryProduct(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
- User::checkPermission($request, User::PERMISSION_STOCK_CORRECTION);
+ User::checkPermission($request, User::PERMISSION_STOCK_INVENTORY);
$requestBody = $request->getParsedBody();
@@ -383,7 +383,7 @@ class StockApiController extends BaseApiController
public function OpenProduct(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
- User::checkPermission($request, User::PERMISSION_PRODUCT_OPEN);
+ User::checkPermission($request, User::PERMISSION_STOCK_OPEN);
$requestBody = $request->getParsedBody();
@@ -600,7 +600,7 @@ class StockApiController extends BaseApiController
public function UndoBooking(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
- User::checkPermission($request, User::PERMISSION_STOCK_CORRECTION);
+ User::checkPermission($request, User::PERMISSION_STOCK_EDIT);
try
{
@@ -615,7 +615,7 @@ class StockApiController extends BaseApiController
public function UndoTransaction(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
- User::checkPermission($request, User::PERMISSION_STOCK_CORRECTION);
+ User::checkPermission($request, User::PERMISSION_STOCK_EDIT);
try
{
diff --git a/controllers/TasksApiController.php b/controllers/TasksApiController.php
index 5fab39f1..b1c0f4b8 100644
--- a/controllers/TasksApiController.php
+++ b/controllers/TasksApiController.php
@@ -41,7 +41,7 @@ class TasksApiController extends BaseApiController
public function UndoTask(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
- User::checkPermission($request, User::PERMISSION_TASKS_UNDO);
+ User::checkPermission($request, User::PERMISSION_TASKS_UNDO_EXECUTION);
try
{
diff --git a/controllers/Users/User.php b/controllers/Users/User.php
index 92b5e6bc..a3ea8488 100644
--- a/controllers/Users/User.php
+++ b/controllers/Users/User.php
@@ -8,29 +8,45 @@ use LessQL\Result;
class User
{
const PERMISSION_ADMIN = 'ADMIN';
- const PERMISSION_CREATE_USER = 'CREATE_USER';
- const PERMISSION_EDIT_USER = 'EDIT_USER';
- const PERMISSION_READ_USER = 'READ_USER';
- const PERMISSION_EDIT_SELF = 'EDIT_SELF';
- const PERMISSION_BATTERY_UNDO_TRACK_CHARGE_CYCLE = 'BATTERY_UNDO_TRACK_CHARGE_CYCLE';
- const PERMISSION_BATTERY_TRACK_CHARGE_CYCLE = 'BATTERY_TRACK_CHARGE_CYCLE';
- const PERMISSION_CHORE_TRACK = 'CHORE_TRACK';
- const PERMISSION_CHORE_TRACK_OTHERS = 'CHORE_TRACK_OTHERS';
- const PERMISSION_CHORE_EDIT = 'CHORE_EDIT';
- const PERMISSION_CHORE_UNDO = 'CHORE_UNDO';
- const PERMISSION_UPLOAD_FILE = 'UPLOAD_FILE';
- const PERMISSION_DELETE_FILE = 'DELETE_FILE';
- const PERMISSION_MASTER_DATA_EDIT = 'MASTER_DATA_EDIT';
- const PERMISSION_TASKS_UNDO = 'TASKS_UNDO';
- const PERMISSION_TASKS_MARK_COMPLETED = 'TASKS_MARK_COMPLETED';
+
+ const PERMISSION_USERS = 'USERS';
+ const PERMISSION_USERS_CREATE = 'USERS_CREATE';
+ const PERMISSION_USERS_EDIT = 'USERS_EDIT';
+ const PERMISSION_USERS_READ = 'USERS_READ';
+ const PERMISSION_USERS_EDIT_SELF = 'USERS_EDIT_SELF';
+
+ const PERMISSION_STOCK = 'STOCK';
+ const PERMISSION_STOCK_PURCHASE = 'STOCK_PURCHASE';
+ const PERMISSION_STOCK_CONSUME = 'STOCK_CONSUME';
+ const PERMISSION_STOCK_INVENTORY = 'STOCK_INVENTORY';
const PERMISSION_STOCK_TRANSFER = 'STOCK_TRANSFER';
+ const PERMISSION_STOCK_OPEN = 'STOCK_OPEN';
const PERMISSION_STOCK_EDIT = 'STOCK_EDIT';
- const PERMISSION_PRODUCT_CONSUME = 'PRODUCT_CONSUME';
- const PERMISSION_STOCK_CORRECTION = 'STOCK_CORRECTION';
- const PERMISSION_PRODUCT_OPEN = 'PRODUCT_OPEN';
+
+ const PERMISSION_RECIPES = 'RECIPES';
+ const PERMISSION_RECIPES_MEALPLAN = 'RECIPES_MEALPLAN';
+
+ const PERMISSION_SHOPPINGLIST = 'SHOPPINGLIST';
const PERMISSION_SHOPPINGLIST_ITEMS_ADD = 'SHOPPINGLIST_ITEMS_ADD';
const PERMISSION_SHOPPINGLIST_ITEMS_DELETE = 'SHOPPINGLIST_ITEMS_DELETE';
- const PERMISSION_PRODUCT_PURCHASE = 'PRODUCT_PURCHASE';
+
+ const PERMISSION_CHORES = 'CHORES';
+ const PERMISSION_CHORE_TRACK_EXECUTION = 'CHORE_TRACK_EXECUTION';
+ const PERMISSION_CHORE_UNDO_EXECUTION = 'CHORE_UNDO_EXECUTION';
+
+ const PERMISSION_BATTERIES = 'BATTERIES';
+ const PERMISSION_BATTERIES_TRACK_CHARGE_CYCLE = 'BATTERIES_TRACK_CHARGE_CYCLE';
+ const PERMISSION_BATTERIES_UNDO_CHARGE_CYCLE = 'BATTERIES_UNDO_CHARGE_CYCLE';
+
+ const PERMISSION_TASKS = 'TASKS';
+ const PERMISSION_TASKS_UNDO_EXECUTION = 'TASKS_UNDO_EXECUTION';
+ const PERMISSION_TASKS_MARK_COMPLETED = 'TASKS_MARK_COMPLETED';
+
+ const PERMISSION_EQUIPMENT = 'EQUIPMENT';
+
+ const PERMISSION_CALENDAR = 'CALENDAR';
+
+ const PERMISSION_MASTER_DATA_EDIT = 'MASTER_DATA_EDIT';
/**
* @var \LessQL\Database|null
diff --git a/controllers/UsersApiController.php b/controllers/UsersApiController.php
index f19d5776..fb284a33 100644
--- a/controllers/UsersApiController.php
+++ b/controllers/UsersApiController.php
@@ -13,7 +13,7 @@ class UsersApiController extends BaseApiController
public function GetUsers(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
- User::checkPermission($request, User::PERMISSION_READ_USER);
+ User::checkPermission($request, User::PERMISSION_USERS_READ);
try
{
return $this->ApiResponse($response, $this->getUsersService()->GetUsersAsDto());
@@ -26,7 +26,7 @@ class UsersApiController extends BaseApiController
public function CreateUser(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
- User::checkPermission($request, User::PERMISSION_CREATE_USER);
+ User::checkPermission($request, User::PERMISSION_USERS_CREATE);
$requestBody = $request->getParsedBody();
try
@@ -47,7 +47,7 @@ class UsersApiController extends BaseApiController
public function DeleteUser(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
- User::checkPermission($request, User::PERMISSION_EDIT_USER);
+ User::checkPermission($request, User::PERMISSION_USERS_EDIT);
try
{
$this->getUsersService()->DeleteUser($args['userId']);
@@ -62,9 +62,9 @@ class UsersApiController extends BaseApiController
public function EditUser(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
if ($args['userId'] == GROCY_USER_ID) {
- User::checkPermission($request, User::PERMISSION_EDIT_SELF);
+ User::checkPermission($request, User::PERMISSION_USERS_EDIT_SELF);
} else {
- User::checkPermission($request, User::PERMISSION_EDIT_USER);
+ User::checkPermission($request, User::PERMISSION_USERS_EDIT);
}
$requestBody = $request->getParsedBody();
diff --git a/controllers/UsersController.php b/controllers/UsersController.php
index f911aec1..30d3a860 100644
--- a/controllers/UsersController.php
+++ b/controllers/UsersController.php
@@ -8,7 +8,7 @@ class UsersController extends BaseController
{
public function UsersList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
- User::checkPermission($request, User::PERMISSION_READ_USER);
+ User::checkPermission($request, User::PERMISSION_USERS_READ);
return $this->renderPage($response, 'users', [
'users' => $this->getDatabase()->users()->orderBy('username')
]);
@@ -18,7 +18,7 @@ class UsersController extends BaseController
{
if ($args['userId'] == 'new')
{
- User::checkPermission($request, User::PERMISSION_CREATE_USER);
+ User::checkPermission($request, User::PERMISSION_USERS_CREATE);
return $this->renderPage($response, 'userform', [
'mode' => 'create'
]);
@@ -26,8 +26,8 @@ class UsersController extends BaseController
else
{
if($args['userId'] == GROCY_USER_ID)
- User::checkPermission($request, User::PERMISSION_EDIT_SELF);
- else User::checkPermission($request, User::PERMISSION_EDIT_USER);
+ User::checkPermission($request, User::PERMISSION_USERS_EDIT_SELF);
+ else User::checkPermission($request, User::PERMISSION_USERS_EDIT);
return $this->renderPage($response, 'userform', [
'user' => $this->getDatabase()->users($args['userId']),
'mode' => 'edit'
@@ -37,7 +37,7 @@ class UsersController extends BaseController
public function PermissionList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
- User::checkPermission($request, User::PERMISSION_READ_USER);
+ User::checkPermission($request, User::PERMISSION_USERS_READ);
return $this->renderPage($response, 'userpermissions', [
'user' => $this->getDatabase()->users($args['userId']),
'permissions' => $this->getDatabase()->uihelper_user_permissions()
diff --git a/localization/en/permissions.po b/localization/en/permissions.po
index 2de19502..3d007a90 100644
--- a/localization/en/permissions.po
+++ b/localization/en/permissions.po
@@ -13,73 +13,91 @@ msgstr ""
"X-Domain: grocy/permissions\n"
msgid "ADMIN"
-msgstr ""
+msgstr "All permissions"
-msgid "CREATE_USER"
-msgstr "Create new users"
+msgid "USERS_CREATE"
+msgstr "Create users"
-msgid "EDIT_USER"
-msgstr "Edit existing users (including passwords)"
+msgid "USERS_EDIT"
+msgstr "Edit users (including passwords)"
-msgid "READ_USER"
-msgstr "View user data"
+msgid "USERS_READ"
+msgstr "Show users"
-msgid "EDIT_SELF"
-msgstr "Edit own user data, e.g. password and name"
+msgid "USERS_EDIT_SELF"
+msgstr "Edit own user data / change own password"
-msgid "BATTERY_UNDO_TRACK_CHARGE_CYCLE"
-msgstr "Batteries: undo tracking of charge cycles"
+msgid "BATTERIES_UNDO_CHARGE_CYCLE"
+msgstr "Undo charge cycle"
-msgid "BATTERY_TRACK_CHARGE_CYCLE"
-msgstr "Batteries: track charge cycle"
+msgid "BATTERIES_TRACK_CHARGE_CYCLE"
+msgstr "Track charge cycle"
-msgid "CHORE_TRACK"
-msgstr "Chores: track execution"
+msgid "CHORE_TRACK_EXECUTION"
+msgstr "Track execution"
-msgid "CHORE_TRACK_OTHERS"
-msgstr "Chores: Track execution for others"
-
-msgid "CHORE_EDIT"
-msgstr "Chores: Edit chore data"
-
-msgid "CHORE_UNDO"
-msgstr "Chores: undo tracked execution"
-
-msgid "UPLOAD_FILE"
-msgstr "Upload files, e.g. product images"
-
-msgid "DELETE_FILE"
-msgstr "Delete (uploaded) files"
+msgid "CHORE_UNDO_EXECUTION"
+msgstr "Undo execution"
msgid "MASTER_DATA_EDIT"
-msgstr "Edit Master data (e.g. products)"
+msgstr "Edit master data"
-msgid "TASKS_UNDO"
-msgstr "Tasks: undo tracked execution"
+msgid "TASKS_UNDO_EXECUTION"
+msgstr "Undo execution"
msgid "TASKS_MARK_COMPLETED"
-msgstr "Tasks: mark as completed"
+msgstr "Mark completed"
msgid "STOCK_EDIT"
-msgstr "Stock: edit entries"
+msgstr "Edit stock entries"
msgid "STOCK_TRANSFER"
-msgstr "Stock: transfer products between locations"
+msgstr "Transfer"
-msgid "STOCK_CORRECTION"
-msgstr "Stock: correct wrong entries"
+msgid "STOCK_INVENTORY"
+msgstr "Inventory"
-msgid "PRODUCT_CONSUME"
-msgstr "Consume Products"
+msgid "STOCK_CONSUME"
+msgstr "Consume"
-msgid "PRODUCT_OPEN"
+msgid "STOCK_OPEN"
msgstr "Open products"
-msgid "PRODUCT_PURCHASE"
-msgstr "Purchase new products and add them to stock"
+msgid "STOCK_PURCHASE"
+msgstr "Purchase"
msgid "SHOPPINGLIST_ITEMS_ADD"
-msgstr "Add items to shopping list"
+msgstr "Add items"
msgid "SHOPPINGLIST_ITEMS_DELETE"
-msgstr "Remove items from shopping list"
\ No newline at end of file
+msgstr "Remove items"
+
+msgid "USERS"
+msgstr "User management"
+
+msgid "STOCK"
+msgstr "Stock"
+
+msgid "SHOPPINGLIST"
+msgstr "Shopping list"
+
+msgid "CHORES"
+msgstr "Chores"
+
+msgid "BATTERIES"
+msgstr "Batteries"
+
+msgid "TASKS"
+msgstr "Tasks"
+
+msgid "RECIPES"
+msgstr "Recipes"
+
+msgid "EQUIPMENT"
+msgstr "Equipment"
+
+msgid "CALENDAR"
+msgstr "Calendar"
+
+msgid "RECIPES_MEALPLAN"
+msgstr "Meal plan"
diff --git a/localization/permissions.pot b/localization/permissions.pot
index c5dba3f4..caa0913a 100644
--- a/localization/permissions.pot
+++ b/localization/permissions.pot
@@ -12,74 +12,122 @@ msgstr ""
"Language: en\n"
"X-Domain: grocy/permissions\n"
+# All permissions
msgid "ADMIN"
msgstr ""
-msgid "CREATE_USER"
+# Create users
+msgid "USERS_CREATE"
msgstr ""
-msgid "EDIT_USER"
+#Edit users (including passwords)
+msgid "USERS_EDIT"
msgstr ""
-msgid "READ_USER"
+# Show users
+msgid "USERS_READ"
msgstr ""
-msgid "EDIT_SELF"
+# Edit own user data / change own password
+msgid "USERS_EDIT_SELF"
msgstr ""
-msgid "BATTERY_UNDO_TRACK_CHARGE_CYCLE"
+# Undo charge cycle
+msgid "BATTERIES_UNDO_CHARGE_CYCLE"
msgstr ""
-msgid "BATTERY_TRACK_CHARGE_CYCLE"
+# Track charge cycle
+msgid "BATTERIES_TRACK_CHARGE_CYCLE"
msgstr ""
-msgid "CHORE_TRACK"
+# Track execution
+msgid "CHORE_TRACK_EXECUTION"
msgstr ""
-msgid "CHORE_TRACK_OTHERS"
-msgstr ""
-
-msgid "CHORE_EDIT"
-msgstr ""
-
-msgid "CHORE_UNDO"
-msgstr ""
-
-msgid "UPLOAD_FILE"
-msgstr ""
-
-msgid "DELETE_FILE"
+# Undo execution
+msgid "CHORE_UNDO_EXECUTION"
msgstr ""
+# Edit master data
msgid "MASTER_DATA_EDIT"
msgstr ""
-msgid "TASKS_UNDO"
+# Undo execution
+msgid "TASKS_UNDO_EXECUTION"
msgstr ""
+# Mark completed
msgid "TASKS_MARK_COMPLETED"
msgstr ""
+# Edit stock entries
msgid "STOCK_EDIT"
msgstr ""
+# Transfer
msgid "STOCK_TRANSFER"
msgstr ""
-msgid "STOCK_CORRECTION"
+# Inventory
+msgid "STOCK_INVENTORY"
msgstr ""
-msgid "PRODUCT_CONSUME"
+# Consume
+msgid "STOCK_CONSUME"
msgstr ""
-msgid "PRODUCT_OPEN"
+# Open products
+msgid "STOCK_OPEN"
msgstr ""
-msgid "PRODUCT_PURCHASE"
+# Purchase
+msgid "STOCK_PURCHASE"
msgstr ""
+# Add items
msgid "SHOPPINGLIST_ITEMS_ADD"
msgstr ""
+# Remove items
msgid "SHOPPINGLIST_ITEMS_DELETE"
msgstr ""
+
+# User management
+msgid "USERS"
+msgstr ""
+
+# Stock
+msgid "STOCK"
+msgstr ""
+
+# Shopping list
+msgid "SHOPPINGLIST"
+msgstr ""
+
+# Chores
+msgid "CHORES"
+msgstr ""
+
+# Batteries
+msgid "BATTERIES"
+msgstr ""
+
+# Tasks
+msgid "TASKS"
+msgstr ""
+
+# Recipes
+msgid "RECIPES"
+msgstr ""
+
+# Equipment
+msgid "EQUIPMENT"
+msgstr ""
+
+# Calendar
+msgid "CALENDAR"
+msgstr ""
+
+# Meal plan
+msgid "RECIPES_MEALPLAN"
+msgstr ""
diff --git a/localization/strings.pot b/localization/strings.pot
index 8ea7eb50..6cea03cf 100644
--- a/localization/strings.pot
+++ b/localization/strings.pot
@@ -1853,7 +1853,7 @@ msgstr ""
msgid "Permissions for user %s"
msgstr ""
-msgid "Are you sure you want to stop being an ADMIN?"
+msgid "Are you sure you want to remove full permissions for yourself?"
msgstr ""
msgid "Permissions saved"
diff --git a/migrations/0111.sql b/migrations/0111.sql
index 9b78a2fa..239dbfb6 100644
--- a/migrations/0111.sql
+++ b/migrations/0111.sql
@@ -1,38 +1,107 @@
CREATE TABLE user_permissions
(
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE,
- permission_id INTEGER NOT NULL,
- user_id INTEGER NOT NULL,
-
- UNIQUE (user_id, permission_id)
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE,
+ permission_id INTEGER NOT NULL,
+ user_id INTEGER NOT NULL,
+
+ UNIQUE (user_id, permission_id)
);
CREATE TABLE permission_hierarchy
(
- id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE,
- name TEXT NOT NULL UNIQUE,
- parent INTEGER NULL -- If the user has the parent permission, the user also has the child permission
+ id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT UNIQUE,
+ name TEXT NOT NULL UNIQUE,
+ parent INTEGER NULL -- If the user has the parent permission, the user also has the child permission
);
+-- The root/ADMIN permission
INSERT INTO permission_hierarchy
- (name, parent)
+ (name, parent)
VALUES
- ('ADMIN', NULL);
+ ('ADMIN', NULL);
+-- User add/edit/read permissions
+INSERT INTO permission_hierarchy
+ (name, parent)
+VALUES
+ ('USERS', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN'));
+
+INSERT INTO permission_hierarchy
+ (name, parent)
+VALUES
+ ('USERS_CREATE', (SELECT id FROM permission_hierarchy WHERE name = 'USERS'));
+
+INSERT INTO permission_hierarchy
+ (name, parent)
+VALUES
+ ('USERS_EDIT', last_insert_rowid());
+
+INSERT INTO permission_hierarchy
+ (name, parent)
+VALUES
+ ('USERS_READ', last_insert_rowid()),
+ ('USERS_EDIT_SELF', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN'));
+
+-- Base permissions per major feature
+INSERT INTO permission_hierarchy
+ (name, parent)
+VALUES
+ ('STOCK', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
+ ('SHOPPINGLIST', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
+ ('RECIPES', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
+ ('CHORES', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
+ ('BATTERIES', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
+ ('TASKS', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN'));
+
+-- Sub feature permissions
+INSERT INTO permission_hierarchy
+ (name, parent)
+VALUES
+ -- Stock
+ ('STOCK_PURCHASE', (SELECT id FROM permission_hierarchy WHERE name = 'STOCK')),
+ ('STOCK_CONSUME', (SELECT id FROM permission_hierarchy WHERE name = 'STOCK')),
+ ('STOCK_INVENTORY', (SELECT id FROM permission_hierarchy WHERE name = 'STOCK')),
+ ('STOCK_TRANSFER', (SELECT id FROM permission_hierarchy WHERE name = 'STOCK')),
+ ('STOCK_OPEN', (SELECT id FROM permission_hierarchy WHERE name = 'STOCK')),
+ ('STOCK_EDIT', (SELECT id FROM permission_hierarchy WHERE name = 'STOCK')),
+
+ -- Shopping list
+ ('SHOPPINGLIST_ITEMS_ADD', (SELECT id FROM permission_hierarchy WHERE name = 'SHOPPINGLIST')),
+ ('SHOPPINGLIST_ITEMS_DELETE', (SELECT id FROM permission_hierarchy WHERE name = 'SHOPPINGLIST')),
+
+ -- Recipes
+ ('RECIPES_MEALPLAN', (SELECT id FROM permission_hierarchy WHERE name = 'RECIPES')),
+
+ -- Batteries
+ ('BATTERIES_TRACK_CHARGE_CYCLE', (SELECT id FROM permission_hierarchy WHERE name = 'BATTERIES')),
+ ('BATTERIES_UNDO_CHARGE_CYCLE', (SELECT id FROM permission_hierarchy WHERE name = 'BATTERIES')),
+
+ -- Chores
+ ('CHORE_TRACK_EXECUTION', (SELECT id FROM permission_hierarchy WHERE name = 'CHORES')),
+ ('CHORE_UNDO_EXECUTION', (SELECT id FROM permission_hierarchy WHERE name = 'CHORES')),
+
+ -- Tasks
+ ('TASKS_UNDO_EXECUTION', (SELECT id FROM permission_hierarchy WHERE name = 'TASKS')),
+ ('TASKS_MARK_COMPLETED', (SELECT id FROM permission_hierarchy WHERE name = 'TASKS')),
+
+ -- Others
+ ('MASTER_DATA_EDIT', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN'));
+
+-- All existing users get the ADMIN permission
INSERT INTO user_permissions
- (permission_id, user_id)
+ (permission_id, user_id)
SELECT (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN'), id
FROM users;
CREATE VIEW permission_tree
AS
WITH RECURSIVE perm AS (
- SELECT id AS root, id AS child, name, parent
- FROM permission_hierarchy
- UNION
- SELECT perm.root, ph.id, ph.name, ph.id
- FROM permission_hierarchy ph, perm
- WHERE ph.parent = perm.child
+ SELECT id AS root, id AS child, name, parent
+ FROM permission_hierarchy
+ UNION
+ SELECT perm.root, ph.id, ph.name, ph.id
+ FROM permission_hierarchy ph, perm
+ WHERE ph.parent = perm.child
)
SELECT root AS id, name AS name
FROM perm;
@@ -40,70 +109,24 @@ FROM perm;
CREATE VIEW user_permissions_resolved
AS
SELECT
- u.id AS id, -- Dummy for LessQL
- u.id AS user_id,
- pt.name AS permission_name
+ u.id AS id, -- Dummy for LessQL
+ u.id AS user_id,
+ pt.name AS permission_name
FROM permission_tree pt, users u
WHERE pt.id IN (SELECT permission_id FROM user_permissions sub_up WHERE sub_up.user_id = u.id);
CREATE VIEW uihelper_user_permissions
AS
-SELECT
- ph.id AS id,
- u.id AS user_id,
- ph.name AS permission_name,
- ph.id AS permission_id,
- (ph.name IN (
- SELECT pc.permission_name
- FROM user_permissions_resolved pc
- WHERE pc.user_id = u.id
- )
- ) AS has_permission,
- ph.parent AS parent
+SELECT
+ ph.id AS id,
+ u.id AS user_id,
+ ph.name AS permission_name,
+ ph.id AS permission_id,
+ (ph.name IN (
+ SELECT pc.permission_name
+ FROM user_permissions_resolved pc
+ WHERE pc.user_id = u.id
+ )
+ ) AS has_permission,
+ ph.parent AS parent
FROM users u, permission_hierarchy ph;
-
-INSERT INTO permission_hierarchy
- (name, parent)
-VALUES
- ('CREATE_USER', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN'));
-
-INSERT INTO permission_hierarchy
- (name, parent)
-VALUES
- ('EDIT_USER', last_insert_rowid());
-
-INSERT INTO permission_hierarchy
- (name, parent)
-VALUES
- ('READ_USER', last_insert_rowid()),
- ('EDIT_SELF', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN'));
-
-INSERT INTO permission_hierarchy
- (name, parent)
-VALUES
- -- Batteries
- ('BATTERY_UNDO_TRACK_CHARGE_CYCLE', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- ('BATTERY_TRACK_CHARGE_CYCLE', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- -- Chores
- ('CHORE_TRACK', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- ('CHORE_TRACK_OTHERS', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- ('CHORE_EDIT', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- ('CHORE_UNDO', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- -- Files
- ('UPLOAD_FILE', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- ('DELETE_FILE', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- -- master data
- ('MASTER_DATA_EDIT', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- -- Tasks
- ('TASKS_UNDO', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- ('TASKS_MARK_COMPLETED', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- -- Stock / Products
- ('STOCK_EDIT', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- ('STOCK_TRANSFER', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- ('STOCK_CORRECTION', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- ('PRODUCT_PURCHASE', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- ('PRODUCT_CONSUME', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- ('PRODUCT_OPEN', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- -- shopping list
- ('SHOPPINGLIST_ITEMS_ADD', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN')),
- ('SHOPPINGLIST_ITEMS_DELETE', (SELECT id FROM permission_hierarchy WHERE name = 'ADMIN'));
diff --git a/public/viewjs/userpermissions.js b/public/viewjs/userpermissions.js
index 8cbd3d3a..d5196dea 100644
--- a/public/viewjs/userpermissions.js
+++ b/public/viewjs/userpermissions.js
@@ -33,7 +33,7 @@ $('#permission-save').click(
if (Grocy.EditObjectId == Grocy.UserId) {
$('input.permission-cb[name=ADMIN]').click(function () {
if (!this.checked) {
- if (!confirm(__t('Are you sure you want to stop being an ADMIN?'))) {
+ if (!confirm(__t('Are you sure you want to remove full permissions for yourself?'))) {
this.checked = true;
check_hierachy(this.checked, this.name);
}
diff --git a/views/batteriesjournal.blade.php b/views/batteriesjournal.blade.php
index bce9d714..2caa0b9c 100644
--- a/views/batteriesjournal.blade.php
+++ b/views/batteriesjournal.blade.php
@@ -50,7 +50,7 @@
@foreach($chargeCycles as $chargeCycleEntry)
|
-
+
|
diff --git a/views/batteriesoverview.blade.php b/views/batteriesoverview.blade.php
index e23acd28..b9cd43af 100644
--- a/views/batteriesoverview.blade.php
+++ b/views/batteriesoverview.blade.php
@@ -69,7 +69,7 @@
@foreach($current as $currentBatteryEntry)
-
diff --git a/views/choresjournal.blade.php b/views/choresjournal.blade.php
index 8c10f939..6410e076 100644
--- a/views/choresjournal.blade.php
+++ b/views/choresjournal.blade.php
@@ -53,7 +53,7 @@
@foreach($choresLog as $choreLogEntry)
|
-
+
|
diff --git a/views/choresoverview.blade.php b/views/choresoverview.blade.php
index 77e7ba1b..81f1e1e9 100644
--- a/views/choresoverview.blade.php
+++ b/views/choresoverview.blade.php
@@ -95,7 +95,7 @@
@foreach($currentChores as $curentChoreEntry)
|
-
diff --git a/views/consume.blade.php b/views/consume.blade.php
index a0471b05..cd252643 100644
--- a/views/consume.blade.php
+++ b/views/consume.blade.php
@@ -92,7 +92,7 @@
@if(GROCY_FEATURE_FLAG_STOCK_PRODUCT_OPENED_TRACKING)
-
+
@endif
diff --git a/views/layout/default.blade.php b/views/layout/default.blade.php
index ae5f0dc5..0796eaae 100644
--- a/views/layout/default.blade.php
+++ b/views/layout/default.blade.php
@@ -106,13 +106,13 @@
@endif
@if(GROCY_FEATURE_FLAG_RECIPES)
-
-
@endif
@if(GROCY_FEATURE_FLAG_EQUIPMENT)
- | |