kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-08-17 19:16:37 +00:00
Code Issues Projects Releases Wiki Activity

Refined permissions by existing feature structure (closes #971, references #960)

Browse Source
This commit is contained in:
Bernd Bestel
2020-08-29 18:31:28 +02:00
parent a8395cb748
commit 86300b7025
21 changed files with 322 additions and 223 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
controllers/StockApiController.php
View File

@@ -63,7 +63,7 @@ class StockApiController extends BaseApiController
public function AddProduct(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
User::checkPermission($request, User::PERMISSION_PRODUCT_PURCHASE);
User::checkPermission($request, User::PERMISSION_STOCK_PURCHASE);
$requestBody = $request->getParsedBody();
@@ -246,7 +246,7 @@ class StockApiController extends BaseApiController
public function ConsumeProduct(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
User::checkPermission($request, User::PERMISSION_PRODUCT_CONSUME);
User::checkPermission($request, User::PERMISSION_STOCK_CONSUME);
$requestBody = $request->getParsedBody();
@@ -319,7 +319,7 @@ class StockApiController extends BaseApiController
public function InventoryProduct(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
User::checkPermission($request, User::PERMISSION_STOCK_CORRECTION);
User::checkPermission($request, User::PERMISSION_STOCK_INVENTORY);
$requestBody = $request->getParsedBody();
@@ -383,7 +383,7 @@ class StockApiController extends BaseApiController
public function OpenProduct(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
User::checkPermission($request, User::PERMISSION_PRODUCT_OPEN);
User::checkPermission($request, User::PERMISSION_STOCK_OPEN);
$requestBody = $request->getParsedBody();
@@ -600,7 +600,7 @@ class StockApiController extends BaseApiController
public function UndoBooking(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
User::checkPermission($request, User::PERMISSION_STOCK_CORRECTION);
User::checkPermission($request, User::PERMISSION_STOCK_EDIT);
try
{
@@ -615,7 +615,7 @@ class StockApiController extends BaseApiController
public function UndoTransaction(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
User::checkPermission($request, User::PERMISSION_STOCK_CORRECTION);
User::checkPermission($request, User::PERMISSION_STOCK_EDIT);
try
{