From cd7b6b686dbcba6938c8af69d92750c7f69be2eb Mon Sep 17 00:00:00 2001
From: Bernd Bestel <bernd@berrnd.de>
Date: Fri, 26 Oct 2018 20:12:48 +0200
Subject: [PATCH] Fix API keys cannot be deleted (fixes #99)

---
 controllers/GenericEntityApiController.php | 9 +++++++--
 grocy.openapi.json                         | 9 ++++++++-
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/controllers/GenericEntityApiController.php b/controllers/GenericEntityApiController.php
index b740b303..3382ca35 100644
--- a/controllers/GenericEntityApiController.php
+++ b/controllers/GenericEntityApiController.php
@@ -6,7 +6,7 @@ class GenericEntityApiController extends BaseApiController
 {
 	public function GetObjects(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
 	{
-		if ($this->IsValidEntity($args['entity']))
+		if ($this->IsValidEntity($args['entity']) && !$this->IsEntityWithPreventedListing($args['entity']))
 		{
 			return $this->ApiResponse($this->Database->{$args['entity']}());
 		}
@@ -18,7 +18,7 @@ class GenericEntityApiController extends BaseApiController
 
 	public function GetObject(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
 	{
-		if ($this->IsValidEntity($args['entity']))
+		if ($this->IsValidEntity($args['entity']) && !$this->IsEntityWithPreventedListing($args['entity']))
 		{
 			return $this->ApiResponse($this->Database->{$args['entity']}($args['objectId']));
 		}
@@ -77,4 +77,9 @@ class GenericEntityApiController extends BaseApiController
 	{
 		return in_array($entity, $this->OpenApiSpec->components->internalSchemas->ExposedEntity->enum);
 	}
+
+	private function IsEntityWithPreventedListing($entity)
+	{
+		return in_array($entity, $this->OpenApiSpec->components->internalSchemas->ExposedEntitiesPreventListing->enum);
+	}
 }
diff --git a/grocy.openapi.json b/grocy.openapi.json
index 1c116414..133fa726 100644
--- a/grocy.openapi.json
+++ b/grocy.openapi.json
@@ -1679,7 +1679,14 @@
 					"tasks",
 					"task_categories",
 					"product_groups",
-					"equipment"
+					"equipment",
+					"api_keys"
+				]
+			},
+			"ExposedEntitiesPreventListing": {
+				"type": "string",
+				"enum": [
+					"api_keys"
 				]
 			},
 			"StockTransactionType": {