@@ -30,6 +30,8 @@ ArrayUtil::arrayInsert($GLOBALS['BE_MOD'],1,[

     ]

 ]);

+$GLOBALS['TL_PERMISSIONS'][] = 'standorts';

+$GLOBALS['TL_PERMISSIONS'][] = 'reservationp';

 $GLOBALS['TL_MODELS']['tl_vr_wa_slot'] = WeinanlieferungSlotsModel::class;

 $GLOBALS['TL_MODELS']['tl_vr_wa_standort'] = WeinanlieferungStandortModel::class;

new file mode 100644

@@ -0,0 +1,39 @@

+<?php

+

+/**

+ * This file is part of contao-weinanlieferung-bundle.

+ *

+ * (c) vonRotenberg

+ *

+ * @license commercial

+ */

+

+use Contao\CoreBundle\DataContainer\PaletteManipulator;

+

+// Extend the default palette

+PaletteManipulator::create()

+    ->addLegend('luumicore_legend', 'imageSizes_legend', PaletteManipulator::POSITION_AFTER)

+    ->addField(array('standorts','reservationp'), 'luumicore_legend', PaletteManipulator::POSITION_APPEND)

+    ->applyToPalette('default', 'tl_user_group')

+;

+

+$GLOBALS['TL_DCA']['tl_user_group']['fields']['standorts'] = array

+(

+    'exclude'                 => true,

+    'inputType'               => 'checkbox',

+    'foreignKey'              => 'tl_vr_wa_standort.title',

+    'eval'                    => array('multiple'=>true),

+    'sql'                     => "blob NULL"

+);

+

+$GLOBALS['TL_DCA']['tl_user_group']['fields']['reservationp'] = array

+(

+    'exclude'               => true,

+    'filter'                => true,

+    'options'               => array('edit', 'delete'),

+    'eval'                  => array('multiple'=>true),

+    'reference'             => &$GLOBALS['TL_LANG']['MSC'],

+    'inputType'             => 'checkbox',

+    'sql'                   => "blob NULL"

+

+);

new file mode 100644

@@ -0,0 +1,16 @@

+<?php

+

+/**

+ * This file is part of contao-weinanlieferung-bundle.

+ *

+ * (c) vonRotenberg

+ *

+ * @license commercial

+ */

+

+// Legends

+$GLOBALS['TL_LANG']['tl_user_group']['luumicore_legend'] = 'luumiCORE-Berechtigungen';

+

+// Fields

+$GLOBALS['TL_LANG']['tl_user_group']['standorts'] = ['Erlaubte Standorte', 'Hier können Sie den Zugriff auf einen oder mehrere Standorte erlauben.'];

+$GLOBALS['TL_LANG']['tl_user_group']['reservationp'] = ['Buchung-Rechte', 'Hier können Sie die Buchungsrechte festlegen.'];

@@ -187,16 +187,20 @@

                                                             </div>

                                                         </div>

                                                         <div class="col u-text-right action">

-                                                            <a

-                                                                href="/contao?do=weinanlieferung&table=tl_vr_wa_reservation&act=edit&id={{ booking.id }}&rt={{ request_token }}&ref={{ ref }}"

-                                                                {#                        onclick="Backend.openModalIframe({'title':'Quellelement ID {{ booking.id }} bearbeiten','url':this.href});return false" #}

-                                                                title="Element ID {{ booking.id }} bearbeiten"

-                                                            ><img src="/system/themes/flexible/icons/edit.svg" width="16" height="16" alt="Element ID {{ booking.id }} bearbeiten"></a>

-                                                            <a

-                                                                href="/contao?do=weinanlieferung&table=tl_vr_wa_reservation&act=delete&id={{ booking.id }}&rt={{ request_token }}"

-                                                                onclick="if(!confirm('Soll das Element ID {{ booking.id }} wirklich gelöscht werden?'))return false;Backend.getScrollOffset()"

-                                                                title="Element ID {{ booking.id }} löschen"

-                                                            ><img src="/system/themes/flexible/icons/delete.svg" width="16" height="16" alt="Element ID {{ booking.id }} löschen"></a>

+                                                            {% if permissions.edit %}

+                                                                <a

+                                                                    href="/contao?do=weinanlieferung&table=tl_vr_wa_reservation&act=edit&id={{ booking.id }}&rt={{ request_token }}&ref={{ ref }}"

+                                                                    {#                        onclick="Backend.openModalIframe({'title':'Quellelement ID {{ booking.id }} bearbeiten','url':this.href});return false" #}

+                                                                    title="Element ID {{ booking.id }} bearbeiten"

+                                                                ><img src="/system/themes/flexible/icons/edit.svg" width="16" height="16" alt="Element ID {{ booking.id }} bearbeiten"></a>

+                                                            {% endif %}

+                                                            {% if permissions.delete %}

+                                                                <a

+                                                                    href="/contao?do=weinanlieferung&table=tl_vr_wa_reservation&act=delete&id={{ booking.id }}&rt={{ request_token }}"

+                                                                    onclick="if(!confirm('Soll das Element ID {{ booking.id }} wirklich gelöscht werden?'))return false;Backend.getScrollOffset()"

+                                                                    title="Element ID {{ booking.id }} löschen"

+                                                                ><img src="/system/themes/flexible/icons/delete.svg" width="16" height="16" alt="Element ID {{ booking.id }} löschen"></a>

+                                                            {% endif %}

                                                         </div>

                                                     </div>

                                                     {#<div class="row u-items-flex-start my-1 status status--{{ status }}">

@@ -13,8 +13,10 @@ declare(strict_types=1);

 namespace vonRotenberg\WeinanlieferungBundle\Controller\Backend;

 use Contao\Backend;

+use Contao\BackendUser;

 use Contao\CoreBundle\Controller\AbstractController;

 use Contao\CoreBundle\Csrf\ContaoCsrfTokenManager;

+use Contao\Database;

 use Contao\Date;

 use Contao\Environment;

 use Contao\FrontendUser;

@@ -33,7 +35,9 @@ use vonRotenberg\WeinanlieferungBundle\Model\WeinanlieferungLeseartModel;

 use vonRotenberg\WeinanlieferungBundle\Model\WeinanlieferungRebsorteModel;

 use vonRotenberg\WeinanlieferungBundle\Model\WeinanlieferungReservationModel;

 use vonRotenberg\WeinanlieferungBundle\Model\WeinanlieferungSlotsModel;

+use vonRotenberg\WeinanlieferungBundle\Model\WeinanlieferungStandortModel;

 use vonRotenberg\WeinanlieferungBundle\Model\WeinanlieferungUnitModel;

+use vonRotenberg\WeinanlieferungBundle\Security\WeinanlieferungPermissions;

 /**

  * @Route("contao/weinanlieferung/buchungsliste", name=WeinanlieferungBookingsController::class, defaults={"_scope" = "backend"})

@@ -102,6 +106,10 @@ class WeinanlieferungBookingsController extends AbstractController

             ->select('id')

             ->from(WeinanlieferungSlotsModel::getTable());

+        // Allowed standorts

+        $allowedStandortIds = $this->getAllowedStandortIds();

+        $queryBuilder->andWhere('pid IN ('.implode(',',$allowedStandortIds).')');

+

         if (!empty($session['tl_vr_wa_reservation']['tl_day']) && is_numeric($session['tl_vr_wa_reservation']['tl_day']))

         {

             $Day = new Date($session['tl_vr_wa_reservation']['tl_day']);

@@ -136,7 +144,7 @@ class WeinanlieferungBookingsController extends AbstractController

                 ->setParameter('pid', (int) $session['tl_vr_wa_reservation']['tl_standort']);

         }

-        $arrSlots = $queryBuilder->fetchFirstColumn();

+        $arrSlots = array_merge([0],$queryBuilder->fetchFirstColumn());

         $arrDayOptions = [];

@@ -156,7 +164,7 @@ class WeinanlieferungBookingsController extends AbstractController

         }*/

         $arrStandortOptions = [];

-        $StandortRequest = $this->db->executeQuery("SELECT l.id, l.title FROM tl_vr_wa_reservation r INNER JOIN tl_vr_wa_slot s ON s.id = r.pid INNER JOIN tl_vr_wa_standort l ON l.id = s.pid GROUP BY l.id ORDER BY l.title ASC");

+        $StandortRequest = $this->db->executeQuery("SELECT l.id, l.title FROM tl_vr_wa_reservation r INNER JOIN tl_vr_wa_slot s ON s.id = r.pid INNER JOIN tl_vr_wa_standort l ON l.id = s.pid WHERE s.pid IN (".implode(',',$allowedStandortIds).") GROUP BY l.id ORDER BY l.title ASC");

         foreach ($StandortRequest->iterateAssociative() as $standort)

         {

             $arrStandortOptions[$standort['id']] = $standort['title'];

@@ -165,7 +173,7 @@ class WeinanlieferungBookingsController extends AbstractController

         $arrData['filter']['day']['options'] = $arrDayOptions;

 //        $arrData['filter']['month']['options'] = $arrMonthOptions;

         $arrData['filter']['standort']['options'] = $arrStandortOptions;

-

+dump($arrSlots);

         // Get bookings

         if (isset($queryBuilder))

@@ -342,6 +350,13 @@ class WeinanlieferungBookingsController extends AbstractController

             }

         }

+        // Security

+        $security = System::getContainer()->get('security.helper');

+        $arrData['permissions'] = [

+            'edit' => $security->isGranted(WeinanlieferungPermissions::USER_CAN_EDIT_RESERVATIONS),

+            'delete' => $security->isGranted(WeinanlieferungPermissions::USER_CAN_DELETE_RESERVATIONS),

+        ];

+

         return new Response(

             $this->twig->render(

                 '@Contao_VonrotenbergWeinanlieferungBundle/be_wa_buchungsliste.html.twig',

@@ -349,4 +364,39 @@ class WeinanlieferungBookingsController extends AbstractController

             )

         );

     }

+

+    protected function getAllowedStandortIds(): array

+    {

+        // If no frontend user is logged in, return empty array

+        if (!BackendUser::getInstance()->id) {

+            return [0];

+        }

+

+        if (BackendUser::getInstance()->isAdmin)

+        {

+            return WeinanlieferungStandortModel::findAll()->fetchEach('id');

+        }

+

+        // Get member groups

+        $userGroups = StringUtil::deserialize(BackendUser::getInstance()->groups, true);

+        if (empty($userGroups)) {

+            return [0];

+        }

+

+        // Get allowed standorts from member groups

+        $db = Database::getInstance();

+        $allowedStandorts = [0];

+

+        foreach ($userGroups as $groupId) {

+            $group = $db->prepare("SELECT standorts FROM tl_user_group WHERE id=?")

+                ->execute($groupId);

+

+            if ($group->standorts) {

+                $groupStandorts = StringUtil::deserialize($group->standorts, true);

+                $allowedStandorts = array_merge($allowedStandorts, $groupStandorts);

+            }

+        }

+

+        return array_unique($allowedStandorts);

+    }

 }

@@ -46,7 +46,8 @@ use vonRotenberg\WeinanlieferungBundle\Controller\Backend\WeinanlieferungBooking

          if (($contentNode = $tree->getChild('weinanlieferung')) === null)

          {

-             $contentNode = $tree->addChild('weinanlieferung');

+             $contentNode = $tree->addChild('weinanlieferung')

+                 ->setLabel('Weinanlieferung');

          }

          $node = $factory

new file mode 100644

@@ -0,0 +1,20 @@

+<?php

+

+declare(strict_types=1);

+

+/*

+ * This file is part of Contao.

+ *

+ * (c) Leo Feyer

+ *

+ * @license LGPL-3.0-or-later

+ */

+

+namespace vonRotenberg\WeinanlieferungBundle\Security;

+

+final class WeinanlieferungPermissions

+{

+    public const USER_CAN_EDIT_STANDORTE = 'contao_user.standorts';

+    public const USER_CAN_EDIT_RESERVATIONS = 'contao_user.reservationp.edit';

+    public const USER_CAN_DELETE_RESERVATIONS = 'contao_user.reservationp.delete';

+}