kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-10-09 23:56:03 +00:00
Code Issues Projects Releases Wiki Activity

Refined permissions by existing feature structure (closes #971, references #960)

Browse Source
This commit is contained in:
Bernd Bestel
2020-08-29 18:31:28 +02:00
parent a8395cb748
commit 86300b7025
21 changed files with 322 additions and 223 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
controllers/ChoresApiController.php
View File

@@ -17,7 +17,7 @@ class ChoresApiController extends BaseApiController
try
{
User::checkPermission($request, User::PERMISSION_CHORE_TRACK);
User::checkPermission($request, User::PERMISSION_CHORE_TRACK_EXECUTION);
$trackedTime = date('Y-m-d H:i:s');
if (array_key_exists('tracked_time', $requestBody) && (IsIsoDateTime($requestBody['tracked_time']) || IsIsoDate($requestBody['tracked_time'])))
@@ -31,7 +31,7 @@ class ChoresApiController extends BaseApiController
$doneBy = $requestBody['done_by'];
}
if($doneBy != GROCY_USER_ID)
User::checkPermission($request, User::PERMISSION_CHORE_TRACK_OTHERS);
User::checkPermission($request, User::PERMISSION_CHORE_TRACK_EXECUTION_EXECUTION);
$choreExecutionId = $this->getChoresService()->TrackChore($args['choreId'], $trackedTime, $doneBy);
return $this->ApiResponse($response, $this->getDatabase()->chores_log($choreExecutionId));
@@ -63,7 +63,7 @@ class ChoresApiController extends BaseApiController
{
try
{
User::checkPermission($request, User::PERMISSION_CHORE_UNDO);
User::checkPermission($request, User::PERMISSION_CHORE_UNDO_EXECUTION);
$this->ApiResponse($response, $this->getChoresService()->UndoChoreExecution($args['executionId']));
return $this->EmptyApiResponse($response);
@@ -78,8 +78,6 @@ class ChoresApiController extends BaseApiController
{
try
{
User::checkPermission($request, User::PERMISSION_CHORE_EDIT);
$requestBody = $request->getParsedBody();
$choreId = null;