kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-04-29 09:39:57 +00:00
Code Issues Projects Releases Wiki Activity
grocy/controllers/UsersController.php
fipwmaqzufheoxq92ebc b7d1b21f1d
[WIP] Implemented basic permissions (#960) 
* Add permissions to Database & add "User"-classes

* Add UI & API for Permissions, protect "User"-(Api)-Controller with new permissions.

* Add some permissions.

* Add permission localization

* Add error handling.

* Error pages: only redirect on 404

* ExceptionController: return JSON-Response on api-routes

* Rename PRODUCT_ADD to PRODUCT_PURCHASE

* Move translation to new file

* Fix checkboxes stay selected on reload.

* Remove configurable User-implementation

* Remove MASTER_DATA_READ

* Disable buttons the user isn't allowed to use.

* Add default permissions for new users

* When migration to permissions, everyone starts as ADMIN

* Permission-Localization: add to transifex & LocalizationService

* Review

Co-authored-by: Bernd Bestel <bernd@berrnd.de>
2020-08-29 12:05:32 +02:00

48 lines
1.7 KiB
PHP
Raw Blame History

<?php
namespace Grocy\Controllers;
use Grocy\Controllers\Users\User;
class UsersController extends BaseController
{
public function UsersList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
User::checkPermission($request, User::PERMISSION_READ_USER);
return $this->renderPage($response, 'users', [
'users' => $this->getDatabase()->users()->orderBy('username')
]);
}
public function UserEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
if ($args['userId'] == 'new')
{
User::checkPermission($request, User::PERMISSION_CREATE_USER);
return $this->renderPage($response, 'userform', [
'mode' => 'create'
]);
}
else
{
if($args['userId'] == GROCY_USER_ID)
User::checkPermission($request, User::PERMISSION_EDIT_SELF);
else User::checkPermission($request, User::PERMISSION_EDIT_USER);
return $this->renderPage($response, 'userform', [
'user' => $this->getDatabase()->users($args['userId']),
'mode' => 'edit'
]);
}
}
public function PermissionList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
{
User::checkPermission($request, User::PERMISSION_READ_USER);
return $this->renderPage($response, 'userpermissions', [
'user' => $this->getDatabase()->users($args['userId']),
'permissions' => $this->getDatabase()->uihelper_user_permissions()
->where('parent IS NULL')->where('user_id', $args['userId']),
]);
}
}
Reference in New Issue View Git Blame Copy Permalink