[WIP] Implemented basic permissions (#960)

* Add permissions to Database & add "User"-classes * Add UI & API for Permissions, protect "User"-(Api)-Controller with new permissions. * Add some permissions. * Add permission localization * Add error handling. * Error pages: only redirect on 404 * ExceptionController: return JSON-Response on api-routes * Rename PRODUCT_ADD to PRODUCT_PURCHASE * Move translation to new file * Fix checkboxes stay selected on reload. * Remove configurable User-implementation * Remove MASTER_DATA_READ * Disable buttons the user isn't allowed to use. * Add default permissions for new users * When migration to permissions, everyone starts as ADMIN * Permission-Localization: add to transifex & LocalizationService * Review Co-authored-by: Bernd Bestel <bernd@berrnd.de>
2025-08-18 11:27:03 +00:00 · 2020-08-29 12:05:32 +02:00
parent f28697e5b4
commit b7d1b21f1d
41 changed files with 930 additions and 67 deletions
--- a/controllers/UsersController.php
+++ b/controllers/UsersController.php
@@ -2,11 +2,14 @@

 namespace Grocy\Controllers;

+use Grocy\Controllers\Users\User;
+
 class UsersController extends BaseController
 {
 	public function UsersList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->renderPage($response, 'users', [
+        User::checkPermission($request, User::PERMISSION_READ_USER);
+        return $this->renderPage($response, 'users', [
 			'users' => $this->getDatabase()->users()->orderBy('username')
 		]);
 	}
@@ -15,16 +18,30 @@ class UsersController extends BaseController
 	{
 		if ($args['userId'] == 'new')
 		{
-			return $this->renderPage($response, 'userform', [
+            User::checkPermission($request, User::PERMISSION_CREATE_USER);
+            return $this->renderPage($response, 'userform', [
 				'mode' => 'create'
 			]);
 		}
 		else
 		{
-			return $this->renderPage($response, 'userform', [
+		    if($args['userId'] == GROCY_USER_ID)
+                User::checkPermission($request, User::PERMISSION_EDIT_SELF);
+		    else User::checkPermission($request, User::PERMISSION_EDIT_USER);
+            return $this->renderPage($response, 'userform', [
 				'user' =>  $this->getDatabase()->users($args['userId']),
 				'mode' => 'edit'
 			]);
 		}
 	}
+
+    public function PermissionList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+    {
+        User::checkPermission($request, User::PERMISSION_READ_USER);
+        return $this->renderPage($response, 'userpermissions', [
+            'user' => $this->getDatabase()->users($args['userId']),
+            'permissions' => $this->getDatabase()->uihelper_user_permissions()
+                ->where('parent IS NULL')->where('user_id', $args['userId']),
+        ]);
+    }
 }