mirror of
https://github.com/grocy/grocy.git
synced 2025-10-09 23:56:03 +00:00
[WIP] Implemented basic permissions (#960)
* Add permissions to Database & add "User"-classes * Add UI & API for Permissions, protect "User"-(Api)-Controller with new permissions. * Add some permissions. * Add permission localization * Add error handling. * Error pages: only redirect on 404 * ExceptionController: return JSON-Response on api-routes * Rename PRODUCT_ADD to PRODUCT_PURCHASE * Move translation to new file * Fix checkboxes stay selected on reload. * Remove configurable User-implementation * Remove MASTER_DATA_READ * Disable buttons the user isn't allowed to use. * Add default permissions for new users * When migration to permissions, everyone starts as ADMIN * Permission-Localization: add to transifex & LocalizationService * Review Co-authored-by: Bernd Bestel <bernd@berrnd.de>
This commit is contained in:
fipwmaqzufheoxq92ebc
committed by
GitHub
GitHub
parent
f28697e5b4
commit
b7d1b21f1d
@@ -2,6 +2,8 @@
|
||||
|
||||
namespace Grocy\Controllers;
|
||||
|
||||
use Grocy\Controllers\Users\User;
|
||||
|
||||
class ChoresApiController extends BaseApiController
|
||||
{
|
||||
public function __construct(\DI\Container $container)
|
||||
@@ -15,7 +17,9 @@ class ChoresApiController extends BaseApiController
|
||||
|
||||
try
|
||||
{
|
||||
$trackedTime = date('Y-m-d H:i:s');
|
||||
User::checkPermission($request, User::PERMISSION_CHORE_TRACK);
|
||||
|
||||
$trackedTime = date('Y-m-d H:i:s');
|
||||
if (array_key_exists('tracked_time', $requestBody) && (IsIsoDateTime($requestBody['tracked_time']) || IsIsoDate($requestBody['tracked_time'])))
|
||||
{
|
||||
$trackedTime = $requestBody['tracked_time'];
|
||||
@@ -26,6 +30,8 @@ class ChoresApiController extends BaseApiController
|
||||
{
|
||||
$doneBy = $requestBody['done_by'];
|
||||
}
|
||||
if($doneBy != GROCY_USER_ID)
|
||||
User::checkPermission($request, User::PERMISSION_CHORE_TRACK_OTHERS);
|
||||
|
||||
$choreExecutionId = $this->getChoresService()->TrackChore($args['choreId'], $trackedTime, $doneBy);
|
||||
return $this->ApiResponse($response, $this->getDatabase()->chores_log($choreExecutionId));
|
||||
@@ -57,7 +63,9 @@ class ChoresApiController extends BaseApiController
|
||||
{
|
||||
try
|
||||
{
|
||||
$this->ApiResponse($response, $this->getChoresService()->UndoChoreExecution($args['executionId']));
|
||||
User::checkPermission($request, User::PERMISSION_CHORE_UNDO);
|
||||
|
||||
$this->ApiResponse($response, $this->getChoresService()->UndoChoreExecution($args['executionId']));
|
||||
return $this->EmptyApiResponse($response);
|
||||
}
|
||||
catch (\Exception $ex)
|
||||
@@ -70,7 +78,9 @@ class ChoresApiController extends BaseApiController
|
||||
{
|
||||
try
|
||||
{
|
||||
$requestBody = $request->getParsedBody();
|
||||
User::checkPermission($request, User::PERMISSION_CHORE_EDIT);
|
||||
|
||||
$requestBody = $request->getParsedBody();
|
||||
|
||||
$choreId = null;
|
||||
if (array_key_exists('chore_id', $requestBody) && !empty($requestBody['chore_id']) && is_numeric($requestBody['chore_id']))
|
||||
|
||||
Reference in New Issue
Block a user