[WIP] Implemented basic permissions (#960)

* Add permissions to Database & add "User"-classes * Add UI & API for Permissions, protect "User"-(Api)-Controller with new permissions. * Add some permissions. * Add permission localization * Add error handling. * Error pages: only redirect on 404 * ExceptionController: return JSON-Response on api-routes * Rename PRODUCT_ADD to PRODUCT_PURCHASE * Move translation to new file * Fix checkboxes stay selected on reload. * Remove configurable User-implementation * Remove MASTER_DATA_READ * Disable buttons the user isn't allowed to use. * Add default permissions for new users * When migration to permissions, everyone starts as ADMIN * Permission-Localization: add to transifex & LocalizationService * Review Co-authored-by: Bernd Bestel <bernd@berrnd.de>
2025-08-18 03:25:50 +00:00 · 2020-08-29 12:05:32 +02:00
parent f28697e5b4
commit b7d1b21f1d
41 changed files with 930 additions and 67 deletions
--- a/controllers/ExceptionController.php
+++ b/controllers/ExceptionController.php
@@ -0,0 +1,69 @@
+<?php
+
+
+namespace Grocy\Controllers;
+
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Log\LoggerInterface;
+use Slim\Exception\HttpException;
+use Slim\Exception\HttpForbiddenException;
+use Slim\Exception\HttpNotFoundException;
+use Throwable;
+
+class ExceptionController extends BaseApiController
+{
+    /**
+     * @var \Slim\App
+     */
+    private $app;
+
+    public function __construct(\Slim\App $app, \DI\Container $container)
+    {
+        parent::__construct($container);
+        $this->app = $app;
+    }
+
+    public function __invoke(ServerRequestInterface $request,
+                             Throwable $exception,
+                             bool $displayErrorDetails,
+                             bool $logErrors,
+                             bool $logErrorDetails,
+                             ?LoggerInterface $logger = null)
+    {
+        $response = $this->app->getResponseFactory()->createResponse();
+
+        $isApiRoute = string_starts_with($request->getUri()->getPath(), '/api/');
+        if ($isApiRoute) {
+            $status = 500;
+            if ($exception instanceof HttpException) {
+                $status = $exception->getCode();
+            }
+            $data = [
+                'error_message' => $exception->getMessage(),
+            ];
+            if ($displayErrorDetails) {
+                $data['error_details'] = [
+                    'stack_trace' => $exception->getTraceAsString(),
+                    'file' => $exception->getFile(),
+                    'line' => $exception->getLine(),
+                ];
+            }
+            return $this->ApiResponse($response->withStatus($status), $data);
+        }
+        if ($exception instanceof HttpNotFoundException) {
+            return $this->renderPage($response->withStatus(404), 'errors/404', [
+                'exception' => $exception
+            ]);
+        }
+        if ($exception instanceof HttpForbiddenException) {
+            return $this->renderPage($response->withStatus(403), 'errors/403', [
+                'exception' => $exception
+            ]);
+        }
+
+        return $this->renderPage($response->withStatus(500), 'errors/500', [
+            'exception' => $exception
+        ]);
+
+    }
+}