[WIP] Implemented basic permissions (#960)

* Add permissions to Database & add "User"-classes

* Add UI & API for Permissions, protect "User"-(Api)-Controller with new permissions.

* Add some permissions.

* Add permission localization

* Add error handling.

* Error pages: only redirect on 404

* ExceptionController: return JSON-Response on api-routes

* Rename PRODUCT_ADD to PRODUCT_PURCHASE

* Move translation to new file

* Fix checkboxes stay selected on reload.

* Remove configurable User-implementation

* Remove MASTER_DATA_READ

* Disable buttons the user isn't allowed to use.

* Add default permissions for new users

* When migration to permissions, everyone starts as ADMIN

* Permission-Localization: add to transifex & LocalizationService

* Review

Co-authored-by: Bernd Bestel <bernd@berrnd.de>

controllers/TasksApiController.php

@@ -2,6 +2,8 @@
 
 namespace Grocy\Controllers;
 
+use Grocy\Controllers\Users\User;
+
 class TasksApiController extends BaseApiController
 {
 	public function __construct(\DI\Container $container)
@@ -16,7 +18,9 @@ class TasksApiController extends BaseApiController
 
 	public function MarkTaskAsCompleted(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$requestBody = $request->getParsedBody();
+        User::checkPermission($request, User::PERMISSION_TASKS_MARK_COMPLETED);
+
+        $requestBody = $request->getParsedBody();
 
 		try
 		{
@@ -37,7 +41,9 @@ class TasksApiController extends BaseApiController
 
 	public function UndoTask(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		try
+        User::checkPermission($request, User::PERMISSION_TASKS_UNDO);
+
+        try
 		{
 			$this->getTasksService()->UndoTask($args['taskId']);
 			return $this->EmptyApiResponse($response);