Squashed commit

Always execute migration 9999 (can be used to fix things manually)
Optimized meal plan navigation / date range filtering
Prepared next release
Pulled translations from Transifex
Various code optimizations

.devtools/create_release_package.bat

@@ -10,7 +10,9 @@ for /f "tokens=*" %%a in ('jq .Version versiontemp.json --raw-output') do set ve
 del versiontemp.json
 
 del "%releasePath%\grocy_%version%.zip"
-7za a -r "%releasePath%\grocy_%version%.zip" "%projectPath%\*" -xr!.* -xr!build.bat -xr!composer.json -xr!composer.lock -xr!package.json -xr!yarn.lock -xr!publication_assets
+7za a -r "%releasePath%\grocy_%version%.zip" "%projectPath%\*" -xr!.* -xr!build.bat -xr!composer.json -xr!composer.lock -xr!package.json -xr!yarn.lock -xr!docs
 7za a "%releasePath%\grocy_%version%.zip" "%projectPath%\public\.htaccess"
 7za rn "%releasePath%\grocy_%version%.zip" .htaccess public\.htaccess
 7za d "%releasePath%\grocy_%version%.zip" data\*.* data\storage data\viewcache\*
+7za a "%releasePath%\grocy_%version%.zip" "%projectPath%\data\.htaccess"
+7za rn "%releasePath%\grocy_%version%.zip" .htaccess data\.htaccess

.devtools/transifex_download.bat

@@ -1,3 +1,11 @@
 pushd ..
-tx pull --all --minimum-perc=90
+tx pull --all --minimum-perc=70 --force
+tx pull --language en_GB --force
+copy /Y localization\en\userfield_types.po localization\en_GB\userfield_types.po
+copy /Y localization\en\stock_transaction_types.po localization\en_GB\stock_transaction_types.po
+copy /Y localization\en\component_translations.po localization\en_GB\component_translations.po
+copy /Y localization\en\chore_period_types.po localization\en_GB\chore_period_types.po
+copy /Y localization\en\chore_assignment_types.po localization\en_GB\chore_assignment_types.po
+copy /Y localization\en\permissions.po localization\en_GB\permissions.po
+copy /Y localization\en\locales.po localization\en_GB\locales.po
 popd

.devtools/transifex_upload.bat

@@ -1,3 +1,3 @@
 pushd ..
-tx push --source
+tx push --source --force
 popd

.editorconfig

@@ -0,0 +1,8 @@
+root = true
+
+[*]
+indent_style = tab
+indent_size = 4
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true

.gitattributes

@@ -0,0 +1,2 @@
+* text=auto
+*.sh text eol=lf

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,13 @@
+---
+name: Bug report
+about: If you've found something that does not work, please report it to help improve
+  grocy
+title: 'Bug: '
+labels: bug
+assignees: ''
+
+---
+
+Please describe the bug as detailed as possible, provide the steps how to reproduce it and maybe attach screenshots where useful.
+
+Please also check if your bug was maybe already fixed by searching closed issues here or by trying to reproduce your problem on the [pre-release demo](https://demo-prerelease.grocy.info/) (use a *private demo instance* if you want to make your example persistent).

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+    - name: Question / Help
+      url: https://www.reddit.com/r/grocy
+      about: Please use the r/grocy subreddit for general questions / help

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,11 @@
+---
+name: Feature request
+about: Ideas for improvements or new things which you would find useful are always
+  welcome
+title: 'Feature request: '
+labels: enhancement
+assignees: ''
+
+---
+
+Please describe what you would find useful and please also check (by searching open requests here) if that was maybe already requested.

.php-cs-fixer.php

@@ -0,0 +1,95 @@
+<?php
+
+$finder = PhpCsFixer\Finder::create()
+	->exclude(['vendor'])
+	->ignoreVCSIgnored(true)
+	->files()->name('*.php')
+	->in(__DIR__)
+;
+
+$cfg = new PhpCsFixer\Config();
+return $cfg
+	->setRules([
+		'@PSR2' => true,
+		'array_indentation' => true,
+		'array_syntax' => ['syntax' => 'short'],
+		'combine_consecutive_unsets' => true,
+		'class_attributes_separation' => true,
+		'multiline_whitespace_before_semicolons' => false,
+		'single_quote' => true,
+		// 'blank_line_after_opening_tag' => true,
+		// 'blank_line_before_return' => true,
+		'braces' => [
+			'allow_single_line_closure' => true,
+			'position_after_anonymous_constructs' => 'same',
+			'position_after_control_structures' => 'next',
+			'position_after_functions_and_oop_constructs' => 'next',
+		],
+		// 'cast_spaces' => true,
+		// 'class_definition' => array('singleLine' => true),
+		'concat_space' => ['spacing' => 'one'],
+		'declare_equal_normalize' => true,
+		'function_typehint_space' => true,
+		'single_line_comment_style' => ['comment_types' => ['hash']],
+		'include' => true,
+		'lowercase_cast' => true,
+		// 'native_function_casing' => true,
+		// 'new_with_braces' => true,
+		// 'no_blank_lines_after_class_opening' => true,
+		// 'no_blank_lines_after_phpdoc' => true,
+		// 'no_empty_comment' => true,
+		// 'no_empty_phpdoc' => true,
+		// 'no_empty_statement' => true,
+		'no_leading_import_slash' => true,
+		'no_leading_namespace_whitespace' => true,
+		// 'no_mixed_echo_print' => array('use' => 'echo'),
+		'no_multiline_whitespace_around_double_arrow' => true,
+		// 'no_short_bool_cast' => true,
+		// 'no_singleline_whitespace_before_semicolons' => true,
+		'no_spaces_around_offset' => true,
+		// 'no_trailing_comma_in_list_call' => true,
+		// 'no_trailing_comma_in_singleline_array' => true,
+		// 'no_unneeded_control_parentheses' => true,
+		// 'no_unused_imports' => true,
+		'no_whitespace_before_comma_in_array' => true,
+		'no_whitespace_in_blank_line' => true,
+		// 'normalize_index_brace' => true,
+		'object_operator_without_whitespace' => true,
+		// 'php_unit_fqcn_annotation' => true,
+		// 'phpdoc_align' => true,
+		// 'phpdoc_annotation_without_dot' => true,
+		// 'phpdoc_indent' => true,
+		// 'phpdoc_inline_tag' => true,
+		// 'phpdoc_no_access' => true,
+		// 'phpdoc_no_alias_tag' => true,
+		// 'phpdoc_no_empty_return' => true,
+		// 'phpdoc_no_package' => true,
+		// 'phpdoc_no_useless_inheritdoc' => true,
+		// 'phpdoc_return_self_reference' => true,
+		// 'phpdoc_scalar' => true,
+		// 'phpdoc_separation' => true,
+		// 'phpdoc_single_line_var_spacing' => true,
+		// 'phpdoc_summary' => true,
+		// 'phpdoc_to_comment' => true,
+		// 'phpdoc_trim' => true,
+		// 'phpdoc_types' => true,
+		// 'phpdoc_var_without_name' => true,
+		// 'pre_increment' => true,
+		// 'return_type_declaration' => true,
+		// 'self_accessor' => true,
+		// 'short_scalar_cast' => true,
+		'single_blank_line_before_namespace' => true,
+		// 'single_class_element_per_statement' => true,
+		// 'space_after_semicolon' => true,
+		// 'standardize_not_equals' => true,
+		'ternary_operator_spaces' => true,
+		// 'trailing_comma_in_multiline_array' => true,
+		'trim_array_spaces' => true,
+		'unary_operator_spaces' => true,
+		'whitespace_after_comma_in_array' => true,
+	])
+	->setIndent("\t")
+	->setLineEnding("\n")
+	->setUsingCache(false)
+	->setFinder($finder)
+;

.tx/config

@@ -1,37 +1,56 @@
 [main]
 host = https://www.transifex.com
 
-[grocy.stringsphp]
-file_filter = localization/<lang>/strings.php
-minimum_perc = 0
-source_file = localization/en/strings.php
+[grocy.chore_period_types]
+file_filter = localization/<lang>/chore_period_types.po
+source_file = localization/chore_period_types.pot
 source_lang = en
-type = PHP_ARRAY
+type = PO
 
-[grocy.stock_transaction_typesphp]
-file_filter = localization/<lang>/stock_transaction_types.php
-minimum_perc = 0
-source_file = localization/en/stock_transaction_types.php
+[grocy.chore_assignment_types]
+file_filter = localization/<lang>/chore_assignment_types.po
+source_file = localization/chore_assignment_types.pot
 source_lang = en
-type = PHP_ARRAY
+type = PO
 
-[grocy.chore_typesphp]
-file_filter = localization/<lang>/chore_types.php
-minimum_perc = 0
-source_file = localization/en/chore_types.php
+[grocy.component_translations]
+file_filter = localization/<lang>/component_translations.po
+source_file = localization/component_translations.pot
 source_lang = en
-type = PHP_ARRAY
+type = PO
 
-[grocy.component_translationsphp]
-file_filter = localization/<lang>/component_translations.php
-minimum_perc = 0
-source_file = localization/en/component_translations.php
+[grocy.demo_data]
+file_filter = localization/<lang>/demo_data.po
+source_file = localization/demo_data.pot
 source_lang = en
-type = PHP_ARRAY
+type = PO
 
-[grocy.demo_dataphp]
-file_filter = localization/<lang>/demo_data.php
-minimum_perc = 0
-source_file = localization/en/demo_data.php
+[grocy.stock_transaction_types]
+file_filter = localization/<lang>/stock_transaction_types.po
+source_file = localization/stock_transaction_types.pot
 source_lang = en
-type = PHP_ARRAY
+type = PO
+
+[grocy.strings]
+file_filter = localization/<lang>/strings.po
+source_file = localization/strings.pot
+source_lang = en
+type = PO
+
+[grocy.userfield_types]
+file_filter = localization/<lang>/userfield_types.po
+source_file = localization/userfield_types.pot
+source_lang = en
+type = PO
+
+[grocy.permissions]
+file_filter = localization/<lang>/permissions.po
+source_file = localization/permissions.pot
+source_lang = en
+type = PO
+
+[grocy.locales]
+file_filter = localization/<lang>/locales.po
+source_file = localization/locales.pot
+source_lang = en
+type = PO

.vscode/settings.json

@@ -1,3 +1,17 @@
 {
-	"phpserver.relativePath": "public"
+	"phpserver.relativePath": "public",
+	"editor.formatOnType": true,
+	"editor.formatOnPaste": true,
+	"editor.formatOnSave": true,
+	"editor.insertSpaces": false,
+	"javascript.format.placeOpenBraceOnNewLineForControlBlocks": true,
+	"javascript.format.placeOpenBraceOnNewLineForFunctions": true,
+	"javascript.format.insertSpaceAfterFunctionKeywordForAnonymousFunctions": false,
+	"javascript.preferences.quoteStyle": "double",
+	"blade.format.enable": true,
+	"html.format.wrapAttributes": "force",
+	"html.format.wrapLineLength": 0,
+	"php-cs-fixer.formatHtml": true,
+	"php-cs-fixer.autoFixBySemicolon": true,
+	"php-cs-fixer.onsave": true,
 }

README.md

@@ -1,55 +1,82 @@
-# grocy
-ERP beyond your fridge
+<div align="center">
+<img alt="Logo" height="50" src="https://raw.githubusercontent.com/grocy/grocy/master/public/img/grocy_logo.svg?sanitize=true" />
+<h3>ERP beyond your fridge</h3>
+<h4>grocy is a web-based self-hosted groceries & household management solution for your home<br>Created by <a href="https://github.com/berrnd">@berrnd</a></h4>
+</div>
+
+-----
 
 ## Give it a try
-- Public demo of the latest stable version &rarr; [https://demo.grocy.info](https://demo.grocy.info)
-- Public demo of the latest pre-release version (current master branch) &rarr; [https://demo-prerelease.grocy.info](https://demo-prerelease.grocy.info)
+- Public demo of the latest stable version (`release` branch) &rarr; [https://demo.grocy.info](https://demo.grocy.info)
+- Public demo of the current development version (`master` branch) &rarr; [https://demo-prerelease.grocy.info](https://demo-prerelease.grocy.info)
+
+## Questions / Help / Bug reporting / Feature requests
+There is the [r/grocy subreddit](https://www.reddit.com/r/grocy) to connect with other grocy users and getting help.
+
+If you've found something that does not work or if you have an idea for an improvement or new things which you would find useful, feel free to open a request on the [issue tracker](https://github.com/grocy/grocy/issues) here.
+
+Please don't send me private messages regarding grocy help. I check the issue tracker and the subreddit pretty much daily, but don't provide grocy support beyond that.
+
+## Community contributions
+See the website for a list of community contributed Add-ons / Tools: [https://grocy.info/addons](https://grocy.info/addons)
 
 ## Motivation
-A household needs to be managed. I did this so far (almost 10 years) with my first self written software (a C# windows forms application) and with a bunch of Excel sheets. The software is a pain to use and Excel is Excel. So I searched for and tried different things for a (very) long time, nothing 100 % fitted, so this is my aim for a "complete household management"-thing. ERP your fridge!
+A household needs to be managed. I did this so far (almost 10 years) with my first self written software (a C# Windows forms application) and with a bunch of Excel sheets. The software is a pain to use and Excel is Excel. So I searched for and tried different things for a (very) long time, nothing 100 % fitted, so this is my aim for a "complete household management"-thing. ERP your fridge!
 
 ## How to install
-> **NEW**
+> Checkout [grocy-desktop](https://github.com/grocy/grocy-desktop), if you want to run grocy without having to manage a webserver just like a normal (Windows) desktop application.
 >
-> There is now grocy-desktop if you want to run grocy without a webserver just like a normal (windows) desktop application.
->
-> See https://github.com/grocy/grocy-desktop or directly download the [latest release](https://releases.grocy.info/latest-desktop) - the installation is nothing more than just clicking 2 times "next"...
+> Directly download the [latest release](https://releases.grocy.info/latest-desktop) - the installation is nothing more than just clicking 2 times "next".
 
-Just unpack the [latest release](https://releases.grocy.info/latest) on your PHP (SQLite (3.8.3 or higher) extension required, currently only tested with PHP 7.2) enabled webserver (webservers root should point to the `public` directory), copy `config-dist.php` to `data/config.php`, edit it to your needs, ensure that the `data` directory is writable and you're ready to go, (to make writable `chown -R www-data:www-data data/`). Default login is user `admin` with password `admin`, please change the password immediately (see user menu).
+See [https://grocy.info/links](https://grocy.info/links) for some installation guides and troubleshooting help.
 
-Alternatively clone this repository and install Composer and Yarn dependencies manually.
+grocy is technically a pretty simple PHP application, so the basic notes to get it running are:
+- Unpack the [latest release](https://releases.grocy.info/latest)
+- Copy `config-dist.php` to `data/config.php` + edit to your needs
+- Ensure that the `data` directory is writable
+- The webserver root should point to the `public` directory
+- Include `try_files $uri /index.php$is_args$query_string;` in your location block if you use nginx
+  - Or disable URL rewriting (see the option `DISABLE_URL_REWRITING` in `data/config.php`)
+- Based on user reports, the minmimum required/working runtime is PHP 7.2 with SQLite 3.9.0
+  - However, I don't really care about supporting old runtime stuff, currently everything is only tested against (means 100 % works with) PHP 8.0 with SQLite 3.27.2
+- &rarr; Default login is user `admin` with password `admin`, please change the password immediately (user menu at the top right corner)
 
-If you use nginx as your webserver, please include `try_files $uri /index.php;` in your location block.
-
-If, however, your webserver does not support URL rewriting, set `DISABLE_URL_REWRITING` in `data/config.php` (`Setting('DISABLE_URL_REWRITING', true);`).
+Alternatively clone this repository (the `release` branch always references the latest released version, or checkout the latest tagged revision) and install Composer and Yarn dependencies manually.
 
 ## How to run using Docker
 
-See [grocy/grocy-docker](https://github.com/grocy/grocy-docker) for instructions.
+See [grocy/grocy-docker](https://github.com/grocy/grocy-docker) or [linuxserver/docker-grocy](https://github.com/linuxserver/docker-grocy) for instructions.
 
 ## How to update
-Just overwrite everything with the latest release while keeping the `data` directory, check `config-dist.php` for new configuration options and add them to your `data/config.php` (the default from values `config-dist.php` will be used for not in `data/config.php` defined settings). Just to be sure, please empty `data/viewcache`.
+Just overwrite everything with the latest release while keeping the `data` directory, check `config-dist.php` for new configuration options and add them to your `data/config.php` where appropriate (the default values from `config-dist.php` will be used for not in `data/config.php` defined settings). Just to be sure, please empty `data/viewcache`.
 
-If you run grocy on Linux, there is also `update.sh` (remember to make the script executable, `chmod +x update.sh` and ensure that you have `unzip` installed) which does exactly this and additionally creates a backup (`.tgz` archive) of the current installation in `data/backups` (backups older than 60 days will be deleted during the update).
+If you run grocy on Linux, there is also `update.sh` (remember to make the script executable (`chmod +x update.sh`) and ensure that you have `unzip` installed) which does exactly this and additionally creates a backup (`.tgz` archive) of the current installation in `data/backups` (backups older than 60 days will be deleted during the update).
 
 ## Localization
 grocy is fully localizable - the default language is English (integrated into code), a German localization is always maintained by me.
 You can easily help translating grocy at https://www.transifex.com/grocy/grocy, if your language is incomplete or not available yet.
-(Language can be changed in `data/config.php`, e. g. `Setting('CULTURE', 'it');`)
+(The default language can be set in `data/config.php`, e. g. `Setting('DEFAULT_LOCALE', 'it');` and there is also a user setting (see the user settings page) to set a different language per user).
 
-### Maintaining your own localization
-As the German translation will always be the most complete one, for maintaining your localization it would be easiest when you compare your localization with the German one with a diff tool of your choice.
+The [pre-release demo](https://demo-prerelease.grocy.info) is available for any translation which is at least 70 % complete and will pull the translations from Transifex 10 minutes past every hour, so you can have a kind of instant preview of your contributed translations. Thank you!
+
+Also any translation which once reached a completion level of 70 % will be included in releases.
+
+_RTL languages are unfortunately not yet supported._
 
 ## Things worth to know
 
-### REST API & data model documentation
-See the integrated Swagger UI instance on [/api](https://demo-en.grocy.info/api).
+### REST API
+See the integrated Swagger UI instance on [/api](https://demo.grocy.info/api).
 
-### Barcode readers
-Some fields also allow to select a value by scanning a barcode. It works best when your barcode reader prefixes every barcode with a letter which is normally not part of a item name (I use a `$`) and sends a `TAB` after a scan.
+### Barcode readers & camera scanning
+Some fields (with a barcode icon above) also allow to select a value by scanning a barcode. It works best when your barcode reader prefixes every barcode with a letter which is normally not part of a item name (I use a `$`) and sends a `TAB` after a scan.
+
+Additionally it's also possible to use your device camera to scan a barcode by using the camera button on the right side of the corresponding field (powered by [Quagga2](https://github.com/ericblade/quagga2), totally offline / client-side camera stream processing, please note due to browser security restrictions, this only works when serving grocy via a secure connection (`https://`)). Quick video demo: https://www.youtube.com/watch?v=Y5YH6IJFnfc
+
+_My personal recommendation: Use a USB barcode laser scanner. They are cheap and work 1000 % better, faster, under any lighting condition and from any angle._
 
 ### Input shorthands for date fields
-For (productivity) reasons all date (and time) input fields use the ISO-8601 format regardless of localization.
+For (productivity) reasons all date (and time) input (and display) fields use the ISO-8601 format regardless of localization.
 The following shorthands are available:
 - `MMDD` gets expanded to the given day on the current year, if > today, or to the given day next year, if < today, in proper notation
   - Example: `0517` will be converted to `2018-05-17`
@@ -57,13 +84,15 @@ The following shorthands are available:
   - Example: `20190417` will be converted to `2019-04-17`
 - `YYYYMMe` or `YYYYMM+` gets expanded to the end of the given month in the given year in proper notation
   - Example: `201807e` will be converted to `2018-07-31`
-- `x` gets expanded to `2999-12-31` (which I use for products which never expire)
-- Down/up arrow keys will increase/decrease the date by one day
+- `x` gets expanded to `2999-12-31` (which I use for products which are never overdue)
+- Down/up arrow keys will increase/decrease the date by 1 day
 - Right/left arrow keys will increase/decrease the date by 1 week
+- Shift + down/up arrow keys will increase/decrease the date by 1 month
+- Shift + right/left arrow keys will increase/decrease the date by 1 year
 
 ### Keyboard shorthands for buttons
 Wherever a button contains a bold highlighted letter, this is a shortcut key.
-Example: Button "Add as new **p**roduct" can be "pressed" by using the `P` key on your keyboard.
+Example: Button "**P** Add as new product" can be "pressed" by using the `P` key on your keyboard.
 
 ### Barcode lookup via external services
 Products can be directly added to the database via looking them up against external services by a barcode.
@@ -73,6 +102,8 @@ There is no plugin included for any service, see the reference implementation in
 ### Database migrations
 Database schema migration is automatically done when visiting the root (`/`) route (click on the logo in the left upper edge).
 
+_Please note: Database migrations are supposed to work between releases, not between every commit. If you want to run the current `master` branch (which is the development version), however, you need to handle that (and maybe more) yourself._
+
 ### Disable certain features
 If you don't use certain feature sets of grocy (for example if you don't need "Chores"), there are feature flags per major feature set to hide/disable the related UI elements (see `config-dist.php`)
 
@@ -81,22 +112,33 @@ If you don't use certain feature sets of grocy (for example if you don't need "C
 - When the file `data/custom_css.html` exists, the contents of the file will be added just before `</head>` (end of head) on every page
 
 ### Demo mode
-When the file `data/demo.txt` exists, the application will work in a demo mode which means authentication is disabled and some demo data will be generated during the database schema migration.
+When the `MODE` setting is set to `dev`, `demo` or `prerelease`, the application will work in a demo mode which means authentication is disabled and some demo data will be generated during the database schema migration.
 
 ### Embedded mode
 When the file `embedded.txt` exists, it must contain a valid and writable path which will be used as the data directory instead of `data` and authentication will be disabled (used in [grocy-desktop](https://github.com/grocy/grocy-desktop)).
 
 In embedded mode, settings can be overridden by text files in `data/settingoverrides`, the file name must be `<SettingName>.txt` (e. g. `BASE_URL.txt`) and the content must be the setting value (normally one single line).
 
+## Contributing / Say thanks
+Any help is more than appreciated. Feel free to pick any open unassigned issue and submit a pull request, but please leave a short comment or assign the issue yourself, to avoid working on the same thing.
+
+See https://grocy.info/#say-thanks for more ideas if you just want to say thanks.
+
+## Roadmap
+There is none. The progress of a specific bug/enhancement is always tracked in the corresponding issue, at least by commit comment references.
+
 ## Screenshots
-#### Dashboard
-![Dashboard](https://github.com/grocy/grocy/raw/master/publication_assets/dashboard.png "Dashboard")
+#### Stock overview
+![Stock overview](https://github.com/grocy/grocy/raw/master/.github/publication_assets/stock.png "Stock overview")
 
-#### Purchase - with barcode scan
-![Purchase - with barcode scan](https://github.com/grocy/grocy/raw/master/publication_assets/purchase-with-barcode.gif "purchase-with-barcode")
+#### Shopping List
+![Shopping List](https://github.com/grocy/grocy/raw/master/.github/publication_assets/shoppinglist.png "Shopping List")
 
-#### Consume - with manual search
-![Consume - with manual search](https://github.com/grocy/grocy/raw/master/publication_assets/consume.gif "consume")
+#### Meal Plan
+![Meal Plan](https://github.com/grocy/grocy/raw/master/.github/publication_assets/mealplan.png "Meal Plan")
+
+#### Chores overview
+![Chores overview](https://github.com/grocy/grocy/raw/master/.github/publication_assets/chores.png "Chores overview")
 
 ## License
 The MIT License (MIT)

app.php

@@ -1,37 +1,11 @@
 <?php
 
-use \Psr\Http\Message\ServerRequestInterface as Request;
-use \Psr\Http\Message\ResponseInterface as Response;
-
-use \Grocy\Helpers\UrlManager;
-use \Grocy\Controllers\LoginController;
-
-// Definitions for embedded mode
-if (file_exists(__DIR__ . '/embedded.txt'))
-{
-	define('GROCY_IS_EMBEDDED_INSTALL', true);
-	define('GROCY_DATAPATH', file_get_contents(__DIR__ . '/embedded.txt'));
-	define('GROCY_USER_ID', 1);
-}
-else
-{
-	define('GROCY_IS_EMBEDDED_INSTALL', false);
-	define('GROCY_DATAPATH', __DIR__ . '/data');
-}
-
-// Definitions for demo mode
-if (file_exists(GROCY_DATAPATH . '/demo.txt'))
-{
-	define('GROCY_IS_DEMO_INSTALL', true);
-	if (!defined('GROCY_USER_ID'))
-	{
-		define('GROCY_USER_ID', 1);
-	}
-}
-else
-{
-	define('GROCY_IS_DEMO_INSTALL', false);
-}
+use Grocy\Controllers\LoginController;
+use Grocy\Helpers\UrlManager;
+use Grocy\Middleware\CorsMiddleware;
+use Psr\Container\ContainerInterface as Container;
+use Slim\Factory\AppFactory;
+use Slim\Views\Blade;
 
 // Load composer dependencies
 require_once __DIR__ . '/vendor/autoload.php';
@@ -39,33 +13,94 @@ require_once __DIR__ . '/vendor/autoload.php';
 // Load config files
 require_once GROCY_DATAPATH . '/config.php';
 require_once __DIR__ . '/config-dist.php'; // For not in own config defined values we use the default ones
+require_once __DIR__ . '/helpers/ConfigurationValidator.php';
+
+// Error reporting definitions
+if (GROCY_MODE === 'dev')
+{
+	error_reporting(E_ALL);
+}
+else
+{
+	error_reporting(E_ALL ^ (E_NOTICE | E_WARNING | E_DEPRECATED));
+}
+
+// Definitions for dev/demo/prerelease mode
+if ((GROCY_MODE === 'dev' || GROCY_MODE === 'demo' || GROCY_MODE === 'prerelease') && !defined('GROCY_USER_ID'))
+{
+	define('GROCY_USER_ID', 1);
+}
+
+// Definitions for disabled authentication mode
+if (GROCY_DISABLE_AUTH === true)
+{
+	if (!defined('GROCY_USER_ID'))
+	{
+		define('GROCY_USER_ID', 1);
+	}
+}
+
+// Check if any invalid entries in config.php have been made
+try
+{
+	(new ConfigurationValidator())->validateConfig();
+}
+catch (EInvalidConfig $ex)
+{
+	exit('Invalid setting in config.php: ' . $ex->getMessage());
+}
+
+// Create data/viewcache folder if it doesn't exist
+if (!file_exists(GROCY_DATAPATH . '/viewcache'))
+{
+	mkdir(GROCY_DATAPATH . '/viewcache');
+}
 
 // Setup base application
-$appContainer = new \Slim\Container([
-	'settings' => [
-		'displayErrorDetails' => true,
-		'determineRouteBeforeAppMiddleware' => true
-	],
-	'view' => function($container)
-	{
-		return new \Slim\Views\Blade(__DIR__ . '/views', GROCY_DATAPATH . '/viewcache');
-	},
-	'LoginControllerInstance' => function($container)
-	{
-		return new LoginController($container, 'grocy_session');
-	},
-	'UrlManager' => function($container)
-	{
+AppFactory::setContainer(new DI\Container());
+$app = AppFactory::create();
+
+$container = $app->getContainer();
+$container->set('view', function (Container $container) {
+	return new Blade(__DIR__ . '/views', GROCY_DATAPATH . '/viewcache');
+});
+
+$container->set('UrlManager', function (Container $container) {
 	return new UrlManager(GROCY_BASE_URL);
-	},
-	'ApiKeyHeaderName' => function($container)
-	{
+});
+
+$container->set('ApiKeyHeaderName', function (Container $container) {
 	return 'GROCY-API-KEY';
-	}
-]);
-$app = new \Slim\App($appContainer);
+});
 
 // Load routes from separate file
 require_once __DIR__ . '/routes.php';
 
+// Set base path if defined
+if (!empty(GROCY_BASE_PATH))
+{
+	$app->setBasePath(GROCY_BASE_PATH);
+}
+
+if (GROCY_MODE === 'production' || GROCY_MODE === 'dev')
+{
+	$app->add(new \Grocy\Middleware\LocaleMiddleware($container));
+}
+else
+{
+	define('GROCY_LOCALE', GROCY_DEFAULT_LOCALE);
+}
+
+$authMiddlewareClass = GROCY_AUTH_CLASS;
+$app->add(new $authMiddlewareClass($container, $app->getResponseFactory()));
+// Add default middleware
+$app->addRoutingMiddleware();
+$errorMiddleware = $app->addErrorMiddleware(true, false, false);
+$errorMiddleware->setDefaultErrorHandler(
+	new \Grocy\Controllers\ExceptionController($app, $container)
+);
+
+$app->add(new CorsMiddleware($app->getResponseFactory()));
+
+ob_clean(); // No response output before here
 $app->run();

changelog/18_1.9.0_2018-04-21.md

@@ -1 +1 @@
-- Documented the REST API and data model, see the integrated instance of Swagger UI at [/api](https://demo-en.grocy.info/api)
+- Documented the REST API and data model, see the integrated instance of Swagger UI at [/api](https://demo.grocy.info/api)

changelog/25_1.13.0_2018-07-12.md

@@ -1,3 +1,3 @@
 - Upgraded Bootstrap and some other dependencies (grocy now looks even better!)
 - Added Italian translation (thanks @davidoskky)
-  - => Demo for this language available at: https://demo-it.grocy.info
+  - => Demo for this language available at: https://it.demo.grocy.info

changelog/26_1.13.1_2018-07-12.md

@@ -2,4 +2,4 @@ This was released shortly after the last release to fix a small regression bug,
 
 - Upgraded Bootstrap and some other dependencies (grocy now looks even better!)
 - Added Italian translation (thanks @davidoskky)
-  - => Demo for this language available at: https://demo-it.grocy.info
+  - => Demo for this language available at: https://it.demo.grocy.info

changelog/27_1.14.0_2018-07-15.md

@@ -1,8 +1,8 @@
 - New feature: **Recipes**
   - Organize a list of products, amounts and a description into recipes and see at a glance if everything needed is in stock or put the missing things with one click on the shopping list
-  - Try it live on the demo page: => https://demo-en.grocy.info/recipes
+  - Try it live on the demo page: => https://demo.grocy.info/recipes
 - Added norwegian translation (thanks @BlizzWave)
-  - Demo available at: => https://demo-no.grocy.info
+  - Demo available at: => https://no.demo.grocy.info
 - A lot of small UI improvements
   - Columns in tables can now be reordered
   - Show a calendar on the shopping list page (useful, at least for me)

changelog/39_1.23.0_2018-11-24.md

@@ -9,7 +9,7 @@
 - New feature: Calendar
   - Shows all upcoming product expirations, due chores, due tasks and due battery charge cycles
 - New translation: French (thanks all the translators)
-  - As for all languages, a demo is available at: https://demo-fr.grocy.info
+  - As for all languages, a demo is available at: https://fr.demo.grocy.info
 - Small other improvements
   - Allow fraction numbers for recipe ingredients when not checked against stock and add an option to not check stock for a recipe position
   - The current time can now be shown in the header (see the settings menu next to the user icon)

changelog/43_2.0.0_2019-03-06.md

@@ -1,4 +1,4 @@
-- Breaking change: The API has been completely reworked, please review [the documentation](https://demo-en.grocy.info/api) before updating when you are using the API
+- Breaking change: The API has been completely reworked, please review [the documentation](https://demo.grocy.info/api) before updating when you are using the API
 - New feature: Tare weight handling
   - An option per product
   - Imagine this: You have flour in jars, the jar weighs 500 grams, currently there are 1000 grams in stock, the new weight including the jar is 1100 grams - grocy can now calculate the used amount on consume/purchase/inventory automatically, you only have to enter the weighed amount including the jar (demo product to showcase this "Flour")
@@ -9,13 +9,13 @@
   - A new option per recipe to not check against the amount already on the shopping list when putting all missing ingredients on it (by default, only the amount not already on the shopping list is added, when this is enabled, always the whole missing amount will be put on the shopping list)
   - On consume, there can now be tracked for which recipe it was, this is also tracked automatically when using the "Consume all ingredients needed by this recipe" button (for future statistical purposes)
   - Recipes can now have pictures
-  - New "gallery view" for recipes (demo available at https://demo-en.grocy.info/recipes?tab=gallery)
+  - New "gallery view" for recipes (demo available at https://demo.grocy.info/recipes?tab=gallery)
 - Stock improvements
   - It is now optionally possible to have partial units in stock (option per product)
   - On purchase, a different location can now be assigned (imagine you have two freezers, by default you store your pizza there, but sometimes there)
 - New translations: (thanks all the translators)
-  - Spanish (demo available at https://demo-es.grocy.info)
-  - Turkish (demo available at https://demo-tr.grocy.info)
+  - Spanish (demo available at https://es.demo.grocy.info)
+  - Turkish (demo available at https://tr.demo.grocy.info)
 - Other improvements
   - The calendar can now be shared/integrated in iCal format (button in the header on the calendar page)
   - Added feature flags to hide/disable certain parts of grocy when you don't use them (for example hide "Chores" and all related UI elements, when you don't use it, see `config-dist.php`)

changelog/44_2.1.0_2019-03-09.md

@@ -7,4 +7,4 @@
   - The changelog is now included as markdown files (in `/changelog` directory, one file per release with a filename in format `<ReleaseNumber>_<Version>_<ReleaseDateIso>.md`) and shown in the about dialog
   - Please review your `CURRENCY` setting in `data/config.php`, see also `config-dist.php` - this should be the ISO 4217 code of the currency to properly work with the JS `toLocaleString` function
 - New translation: (thanks all the translators)
-  - Russian (demo available at https://demo-ru.grocy.info)
+  - Russian (demo available at https://ru.demo.grocy.info)

changelog/46_2.3.0_2019-04-06.md

@@ -0,0 +1,17 @@
+- Stock improvements
+  - A different location can now also be set during inventory (as for purchases)
+  - A partial minimum stock amount can now be set when "Allow partial units in stock" is enabled (product option)
+- Recipe improvements
+  - There is now a default per product for "Disable stock fulfillment checking for this ingredient" (ingredient option, default can be defined as a product option)
+- Some small UI fixes & improvements
+  - THe "Mark as open" button on the stock overview page was disabled when the current stock amount was exactly 1
+  - The number in the "x products expiring within the next 5 days" badge was incorrect for products expiring exactly in 5 days
+  - On the product groups page there is now a new column which displays the product count per group (+ a link to the products page filtered by that product group)
+  - Added a message to clarify that in product dropdowns also something unknown can be entered to start a workflow
+  - Some other small CSS fixes (context menus were not fully displayed when the parent container was to small, improved padding for text inputs)
+- As always: Updated translations (thanks all the translators)
+
+### Self promotion
+[grocy-desktop](https://github.com/grocy/grocy-desktop) is now also available through the Microsoft Store 
+
+<a href="//www.microsoft.com/store/apps/9nwb1trnnksf?cid=storebadge&ocid=badge"><img src="https://assets.windowsphone.com/85864462-9c82-451e-9355-a3d5f874397a/English_get-it-from-MS_InvariantCulture_Default.png" alt="Get it from Microsoft" width="150px" /></a>

changelog/47_2.4.0_2019-05-10.md

@@ -0,0 +1,34 @@
+- New feature: Userfields
+  - Attach any custom field to any entity (Products, Locations, Euqipment, etc.)
+  - Userfields can have types (Text, Number, Date, etc.)
+  - Will be shown / can be filled on the edit page of the corresponding entity and will also optionally show in the corresponding tables (inclcudes overview pages)
+  - => Can be configured under Master data / Userfields
+- New feature: Meal planning
+  - Simple approach for the beginning (more to come): A week view where you can add recipes for each day (new menu entry in the sidebar, below calendar)
+  - Of course it's also possible to put missing things directly on the shopping list from there, also for a complete week at once
+- General improvements
+  - The "expires soon" or "due soon" days (yelllow bar at the top of each overview page) can now be configured
+    - => New settings page for each area under the settings icon at the top right
+- Stock improvements
+  - It's now possible to have multiple / named shopping lists
+    - Automations still use the default shopping list and also the default shopping list cannot be deleted
+  - More information on the product card like "Spoil rate" or "Average shelf life"
+  - It's now possible to set a price for added products during inventory
+  - It's now possible to customize the default amount for purchase/consume (see stock settings under the settings icon on the top right)
+- Chores improvements
+  - New recurrence patterns - chores can now also be "scheduled" to repat daily/weekly/monthly
+  - It's now possible to track the day of a chore execution only (without the time, option per chore)
+- Recipe improvements
+  - It's now possible to enter a "variable amount" (e. g. if a recipe needs "1 - 2 cups"), the original amount is still used for stock fulfillment checking (if enabled for that recipe ingredient)
+- New translations: (thanks all the translators)
+  - Swedish (demo available at https://sv.demo.grocy.info)
+  - Polish (demo available at https://pl.demo.grocy.info)
+- Internal improvement: Localizations are now handled via gettext, both on server and client side
+  - Mainly to properly handle languages with more than 2 plural forms
+  - This involved some string changes which results in a needed (re)translation of about 20 strings (excluding demo data)
+  - Also applies to quantity units, n-plural forms can be entered on the quantity unit edit page
+  - It's not required to install the PHP gettext extension, on both, server and client, managed implementations of gettext are used ([oscarotero/Gettext](https://github.com/oscarotero/Gettext) & [oscarotero/gettext-translator](https://github.com/oscarotero/gettext-translator))
+- Some other small fixes and improvements
+  - The "Add as barcode to existing product" productpicker workflow failed to add the barcode to the given product
+  - Recipes can now be filter by stock availability
+  - Added a feature flag (`config.php` setting) to also be able to hide all stock related UI elements and routes

changelog/48_2.4.1_2019-05-16.md

@@ -0,0 +1,2 @@
+- Fixed a performance problem for loading data tables related to the new Userfields feature
+- Fixed that when using single quotes in a product name did not trigger the workflow popup

changelog/49_2.4.2_2019-06-09.md

@@ -0,0 +1,11 @@
+- Fixed that deleting meal plan entries did not work
+- Fixed a problem that the user settings were not properly initialized for the frontend JS part when not logged only (so potentially affected only the login page)
+- Fixed an issue that the shopping list did not load when a plural translation for a quantity unit was missing
+- Fixed that tooltips were visible forever when consuming all products on the stock overview page
+- Fixed that login did not work when "Stay logged in permanently" was set and grocy runs on a 32-bit system (thanks @matejdro)
+- Fixed page reloads when "Auto reload on external changes" is enabled and there is unsaved form data (the detection did not work for forms in modal dialogs, e. g. when adding a entry to the meal plan)
+- Fixed (again) that the product picker did not work properly when the product name contains single quotes
+- Fixed that a entered barcode on the product edit page was only saved when "adding" it to the barcodes list by pressing `TAB` (is now automatically added to the list also when just leaving the field)
+- Improved that errors/messages from the API are shown properly when undoing a stock booking is not possible (stock journal page)
+- Improved night mode CSS (done by @BlizzWave, thanks!)
+- A new localization for `en_GB` is now always included - nothing is really translated there, it's only about component "translations" that e. g. the first day of the week is correct for calendars

changelog/50_2.4.3_2019-07-06.md

@@ -0,0 +1,16 @@
+- Fixed the messed up message/toast after consuming a product from the stock overview page
+- Fixed that "Track date only" chores were always tracked today, regardless of the given date
+- Fixed that the "week costs" were wrong after removing a meal plan entry
+- Fixed wrong recipes costs calculation with nested recipes when the base recipe servings are > 1 (also affected the meal plan when adding such a recipe there)
+- Fixed consuming recipes did not consume ingredients of the nested recipes
+- Improved recipes API - added new endpoints to get stock fulfillment information (thanks @Aerex)
+- Improved date display for products that never expires (instead of "2999-12-31" now just "Never" will be shown)
+- Improved date display for dates of today and no time (instead of the hours since midnight now just "Today" will be shown)
+- Improved shopping list handling
+  - Items can now be switched between lists (there is a shopping list dropdown on the item edit page)
+  - Items can now be marked as "done" (new check mark button per item, when clicked, the item will be displayed greyed out, when clicked again the item will be displayed normally again)
+- Improved that products can now also be consumed as spoiled from the stock overview page (option in the more/context menu per line)
+- Added a "consume this recipe"-button to the meal plan (and also a button to consume all recipes for a whole week)
+- Added the possibility to undo a task (new button per task, only visible when task is already completed) and also a corresponding API endpoint
+- Added a new `config.php` setting `DISABLE_AUTH` to be able to disable authentication / the login screen, defaults to `false`
+- Added a new `config.php` setting `CALENDAR_FIRST_DAY_OF_WEEK` to be able to change the first day of a week used for calendar views (meal plan for example) in the frontend, defaults to locale default

changelog/51_2.4.4_2019-07-07.md

@@ -0,0 +1,6 @@
+- Fixed that price data (last price & chart) was not taken from inventory correction bookings, only purchases
+- Fixed weekly chores were scheduled on the same day after execution
+- Fixed that undone chores were also included in "Last tracked"
+- Fixed the date-time-picker width was too narrow sometimes
+- Improved that execution dates of "Track date only" chores will never display the time part
+- Improved date display for products that never expire (again, there was a display problem after consuming an item on the stock overview page)

changelog/52_2.5.0_2019-09-22.md

@@ -0,0 +1,107 @@
+### New feature: Custom entities / objects / lists
+- Custom entities are based on Userfields and can be used to add any custom lists you want to have in grocy
+- They can have an own menu entry in the sidebar
+- => See "Manage master data" -> "Userentities" or try it on the demo: https://demo.grocy.info/userobjects/exampleuserentity
+
+### New feature: Use the device camera for barcode scanning
+- Available on any barcode-enabled field (so currently only for picking products) - a new camera button at the right of side the text field
+- Implemented using [QuaggaJS](https://github.com/serratus/quaggaJS) - camera stream processing happens totally offline / client-side
+- Please note due to browser security restrictions, this only works when serving grocy via a secure connection (`https://`)
+- There is also a `config.php` setting `DISABLE_BROWSER_BARCODE_CAMERA_SCANNING` to disable this, if you don't need it at all (defaults to `false`)
+- I you have problems that barcodes are not recognized properly, there is a little "barcode scanner testing page" at [/barcodescannertesting](https://demo.grocy.info/barcodescannertesting)
+- => Quick video demo: https://www.youtube.com/watch?v=Y5YH6IJFnfc
+
+### Stock improvements/fixes
+- Products can now have variations (nested products)
+  - Define the parent product for a product on the product edit page (only one level is possible, means a product which is used as a parent product in another product, cannot have a parent product itself)
+  - Parent and sub products can have stock (both are regular products, no difference from that side)
+  - On the stock overview page, the aggregated amount is displayed next to the amount (sigma sign)
+  - When a recipe needs a parent product, the need is also fulfilled when enough sub product(s) are in stock
+- Quantity units can now be linked (related measurements / unit conversion)
+  - On the quantity unit edit page default conversion can be defined for each unit
+  - Products "inherit" the default conversion and additionally can have their own / override the default ones
+- It's now possible to print a "Location Content Sheet" with the current stock per location - new button at the top of the stock overview page (thought to hang it at the location, note used amounts on paper and track it in grocy later)
+- Stock overview page improvements
+  - Options in the more/context-menu to directly open the purchase/consume/inventory pages prefilled with the current product in a popup/dialog
+  - Option in the more/context-menu to add the current product directly to a shopping list
+  - Option in the more/context-menu to search for recipes containing the current product
+  - It's now possible to undo stock bookings ("Undo"-button in the success message, like it was already possible on the purchase/consume/inventory pages)
+  - Improved that on any stock changes the corresponding product table row is properly refreshed
+- New `config.php` setting `FEATURE_SETTING_STOCK_COUNT_OPENED_PRODUCTS_AGAINST_MINIMUM_STOCK_AMOUNT` to configure if opened products should be considered for minimum stock amounts (defaults to `true`, so opened products will now be considered missing by default - please change this setting if you want the old behavior)
+- The product description now can have formattings (HTML/WYSIWYG editor like for recipes)
+- Products now have a new field for calories (kcal, per stock quantity unit)
+- "Factor purchase to stock quantity unit" (product option) can now also be a decimal number when "Allow partial units in stock" is enabled
+- New "Sub feature flags" in `config.php` to disable some sub-features (hide the corresponding UI elements) if you don't need them (all new feature flags default to `true`, so no changed behavior when not configured)
+  - `FEATURE_FLAG_STOCK_PRICE_TRACKING` to disable product price tracking
+  - `FEATURE_FLAG_STOCK_LOCATION_TRACKING` to disable product location tracking
+  - `FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_TRACKING` to disable product best before date tracking
+  - `FEATURE_FLAG_STOCK_PRODUCT_OPENED_TRACKING` to disable product opened tracking
+- Fixed/refined some things regarding purchase/consume/inventory of products with enabled tare weight handling (nothing was broken, but the success popups may not displayed the correct amount that was posted)
+- Fixed that "Spoil rate" and "Average shelf life" on the product card was wrong in most cases
+- When going to the product edit page, after saving the product, it will now always return to the previous page
+
+### Shopping list improvements
+- Shopping lists now have a notes field (HTML/WYSIWYG editor, just to save some notes per shopping list)
+- Shopping lists can now be printed (new button next to the add/delete shopping list button)
+
+### Recipe improvements
+- Based on the new linked quantity units, recipe ingredients can now use any product related unit, the amount is calculated according to the conversion factor of the unit relation
+- Based on the new calories field per product, the calories per recipe are now shown based on the selected servings (in the header, next to the costs)
+- New option "price factor" per recipe ingredient (defaults to `1`) - the resulting costs of the recipe ingredient will be multiplied by that factor
+  - Use this for example for spices in combination with "Only check if a single unit is in stock" to not take the full price of a pack of pepper into account for a recipe
+- The search field on the recipe overview page now also searches for product names of recipe ingredients (means it's possible to search a recipe by a product name)
+- Fixed a problem where the meal plan did not load when a recipe, which was already added to the meal plan, was deleted
+
+### Chores improvements
+- Chores can now be assigned to users
+  - Option per chore, different "assignment types" like "Random", "Who least did first", etc.
+  - On the chores overview page, the list can be filtered to only show chores assigned to the currently logged in user (or to any other user)
+- New option "Due date rollover" per chore which means the chore can never be overdue, the due date will shift forward each day when due
+- New option "Consume product on chore execution" per chore to automatically consume a product when a chore execution is tracked
+- When tracking an execution from the chores overview page, filters are re-applied afterwards (means when you have filtered the page to only show overdue chores and after the execution the chore is not overdue anymore, it will now be immediately hidden)
+
+### Equipment improvements/fixes
+- Fixed that the delete button not always deleted the currently selected equipment item
+
+### Userfield improvements/fixes
+- New Userfield type "Select list" for a list of predefined values where a single or also multiple values can then be selected on the entity object
+- New Userfield type "Link" - a single-line-textbox where the content will be rendered as a clickable link
+- Userfields of type "checkbox" are rendered as a checkmark in tables when checked (instead of "1" as till now)
+- Product Userfields are now also rendered on the shopping list (for items which have a product referenced)
+- Fixed that the Userfield type "Preset list" had always the caption "Product group" instead of the configured one (thanks @oncleben31)
+
+### General & other improvements/fixes
+- Added a new `config.php` setting `CALENDAR_SHOW_WEEK_OF_YEAR` to configure if calendars should show week numbers (defaults to `true`)
+- Fixed that date/time pickers not considered the `config.php` setting `CALENDAR_FIRST_DAY_OF_WEEK`
+- Improved the handling which entry page to use with disabled feature flags (thanks @nielstholenaar)
+- Boolean settings provided via environment variables (so the strings `true` and `false`) are now parsed correctly (thanks @mduret)
+- All uploaded pictures (currently for products and recipes) are now automatically downscaled to the appropriate size when serving them to improve page load times (this requires the `php-gd` extension, if not installed, images will not be downscaled)
+- It's now possible to test plural forms of quantity units (button on the quantity unit edit page, only visible if the current language requires more than 2 plural forms)
+- On the login page the sidebar an all top-navbar menus is now hidden
+- New translations: (thanks all the translators)
+  - Danish (demo available at https://da.demo.grocy.info)
+  - Dutch (demo available at https://nl.demo.grocy.info)
+- Internal change for how the localizations for the demo instances are handled
+  - For the pre-release demo now all currently supported languages are available (was already the case for the stable demo)
+    - Additionally all language files which reached the completion limit of 80 % will now be automatically pulled from Transifex 10 minutes past every hour (to have a kind of instant preview of changed translations)
+  - The URLs have changed, I'll try to keep all existing URLs redirecting properly for a long time
+    - If you want to link to the demo, please only use https://demo.grocy.info (stable demo) or https://demo-prerelease.grocy.info (current master branch demo)
+
+### API improvements & non-breaking changes
+- New endpoint `/objects/{entity}/search/{searchString}` to search for objects by name (contains search)
+- New endpoint `/stock/shoppinglist/add-product` to add a product to a shopping list (thanks @Forceu)
+- New endpoint `/stock/shoppinglist/remove-product` to remove a product from a shopping list (thanks @Forceu)
+- New endpoint `/chores/executions/calculate-next-assignments` to (re)calculate next user assignments for a single or all chores
+- New endpoint `/stock/products/by-barcode/{barcode}/add` to add a product to stock by its barcode
+- New endpoint `/stock/products/by-barcode/{barcode}/consume` to remove a product to stock by its barcode
+- New endpoint `/stock/products/by-barcode/{barcode}/inventory` to inventory a product by its barcode
+- New endpoint `/stock/products/by-barcode/{barcode}/open` to mark a product as opened by its barcode
+- New endpoint `/stock/bookings/{bookingId}` to retrieve a single stock booking
+- Endpoint `GET /files/{group}/{fileName}` can now also downscale pictures (see API documentation on [/api](https://demo.grocy.info/api))
+- When adding a product (through `stock/product/{productId}/add` or `stock/product/{productId}/inventory`) with omitted best before date and if the given product has "Default best before days" set, the best before date is calculated based on that (so far always today was used which is still the case when no date is supplied and also the product has no "Default best before days set) (thanks @Forceu)
+- Field `stock_amount` of endpoint `/stock/products/{productId}` now returns `0` instead of `null` when the given product is not in stock (thanks @Forceu)
+- Fixed that `/system/db-changed-time` always returned the current time (more or less) due to that that time is the database file modification time and the database is effectively changed on each request because of session information tracking - which now explicitly does not change the database file modification time, so this should work again to determine if any data changes happened
+- It's now also possible to provide the API key via a query parameter (same name as the header, so `GROCY-API-KEY`)
+
+#### Say thanks
+Because there were some questions about that in the past: If grocy is useful for you, [say thanks](https://grocy.info/#say-thanks)!

changelog/53_2.5.1_2019-09-28.md

@@ -0,0 +1,37 @@
+### Stock improvements/fixes
+- Fixed that barcode lookups now compare the whole barcode, not parts of it (e. g. when you have two products with the barcodes `$1` and `$10` and scan `$1` maybe the product of `$10` was found till now)
+- Fixed that the "X products are already expired" count on the stock overview page was wrong
+- Fixed that after product actions (consume/purchase/etc.) on the stock overview page the highlighting of the row was maybe wrong
+- After product actions (consume/purchase/etc.) on the stock overview page on a sub product, now also the parent product (row) is refreshed
+- It's now possible to accumulate min. stock amounts on parent product level (new option per product, means the sub product will never be "missing" then, only the parent product)
+- On the purchase page there is now an option to select that the price is the total price (for the whole amount) - below the price field, defaults to "Unit price" (as it was until now), when set to "Total price", the entered price will be divided by the amount before posting
+- "Average shelf life" on the product card now displays just "Unlimited" when the resulting value would be > 200 years (for products which never expire, as they have a best before date of 2999-12-31)
+
+### Shopping list improvements
+- When adding a product to the shopping list from the new context/more menu from the stock overview page and if the product is already on the shopping list, the amount of that entry will be updated acccordingly instead of adding a new (double) shopping list item
+- Added a "clear" button above the new notes field on the shopping list page to quickly clear the notes field with one click
+
+### Recipe improvements/fixes
+- Fixed a problem regarding quantity unit conversion handling for recipe ingredients of products with no unit relations, but only a different purchase/stock quantity unit
+- It's now possible to display a recipe directly from the meal plan (new "eye button") (thanks @kriddles)
+- Improved the responsiveness of the meal plan and calendar page by automatically switching to a day calendar view on smaller screens (thanks for the idea @kriddles)
+
+### Chores improvements
+- There is now a new sub feature flag `FEATURE_FLAG_CHORES_ASSIGNMENTS` to disable chore assignments if you don't need them (defaults to `true`, so no changed behavior when not configured)
+
+### Calendar improvements
+- The calendar now also contains all planned recipes from the meal plan on the corresponding day
+- Improved that dates in the iCal calendar export now include the server timezone
+
+### Custom lists/fields improvements
+- Optimized the custom lists page that it can be printed properly (search field etc. is hidden when printing the page)
+
+### General & other improvements/fixes
+- Fixed that the browser barcode scanner button was not clickable on iOS Safari & other small styles fixes/improvements for iOS Safari (thanks @DeeeeLAN)
+- It's now also possible to set the meal plan page as the default/entry page (`config.php` setting `ENTRY_PAGE`) (thanks @lwis)
+- Some UI detail-refinements
+- In the header of the product-/chore-/battery-card there is now also a button to directly jump to the journal of the current product/chore/battery
+
+### API improvements/fixes
+- The API Endpoint `GET /files/{group}/{fileName}` now also returns a `Cache-Control` header (defaults fixed to 30 days) to further increase page load times
+- Fixed that the API endpoint `/stock/shoppinglist/add-product` failed when a product should be added which was not already on the shopping list (thanks @Forceu)

changelog/54_2.5.2_2019-10-05.md

@@ -0,0 +1,15 @@
+### Stock fixes
+- Fixed that product specific quantity unit conversions (product overrides) were also displayed on the product edit page of other products with the same stock quantity unit
+
+### Recipe fixes
+- Fixed that recipes were displayed without ingredients if the total recipe count was > 100
+
+### Shopping list improvements
+- Added a new sub feature flag `FEATURE_FLAG_SHOPPINGLIST_MULTIPLE_LISTS` to disable multiple shopping lists if you only need one (defaults to `true`, so no changed behavior when not configured)
+
+### Chores improvements
+- Added a new period type "yearly" (for yearly schedules)
+- Added a "period interval" option per chore to have more flexible schedules (possible for the daily/weekly/monthly/yearly schedules, means "schedule this chore only every x days/weeks/months" to have for example biweekly schedules)
+
+### General & other improvements
+- New Input shorthands for date fields to increase/decrease the date by 1 month/year (shift + arrow keys, see the full list [here](https://github.com/grocy/grocy#input-shorthands-for-date-fields))

changelog/55_2.6.0_2020-01-31.md

@@ -0,0 +1,85 @@
+### New feature: Transfer products between locations and edit stock entries
+- New menu entry in the sidebar to transfer products (or as a shortcut in the more/context menu per line on the stock overview page)
+- New button "Stock entries" in the header of the stock overview page (or as a shortcut in the more/context menu per line) to show the detail stock entries behind each product
+  - From there you can also edit the stock entries
+- (A huge THANK YOU goes to @kriddles for the work on this feature)
+
+### New feature: Scan mode
+- Just scan one product after another, no manual input required and audio feedback is provided
+- New switch-button on the purchase and consume page
+- When enabled
+  - The amount will always be filled with `1` after changing/scanning a product
+  - If all fields could be automatically populated (means for purchase the product has a default best before date set), the transaction is automatically submitted
+    - If not, a warning is displayed and you can fill in the missing information
+  - Audio feedback is provided after scanning and on success/error of the transaction
+- => Quick video demo: https://www.youtube.com/watch?v=83dm9iD718k
+
+### New feature: Self produced products
+- To a recipe a product can be attached
+  - This products needs a "Default best before date"
+- On using "Consume all ingredients needed by this recipe" and when it has a product attached, one unit of that product (per serving in purchase quantity unit) will be added to stock (with the proper price based on the recipe ingredients)
+- (Thanks @kriddles for the initial work on this)
+
+### New feature: Freeze/Thaw products
+- New product options "Default best before days after freezing/thawing" to set how the best before date should be changed on freezing/thawing
+- New location option "Is freezer" to indicate if the location is a freezer
+- => When moving a product from/to a freezer location, the best before date is changed accordingly
+- There is also a new sub feature flag `FEATURE_FLAG_STOCK_PRODUCT_FREEZING` to disable this if you don't need it (defaults to `true`)
+
+### Stock improvements/fixes
+- The productcard gets now also refreshed after a transaction was posted (purchase/consume/etc.) (thanks @kriddles)
+- The product field calories (kcal) now also allows decimal numbers
+- On the inventory page, "New amount" is now prefilled with the current stock amount of the selected product
+- Fixed that entering partial amounts was not possible on the inventory page (only applies if the product option "Allow partial units in stock" is enabled)
+- Fixed that on purchase a wrong minimum amount was enforced for products with enabled tare weight handling in combination with different purchase/stock quantity units
+- Fixed that the productcard did not load correctly when `FEATURE_FLAG_STOCK_LOCATION_TRACKING` was set to `false` (thanks @kriddles)
+- Fixed that the "Add as barcode to existing product" workflow did not work twice when not switching the page inbetween
+
+### Shopping list improvements/fixes
+- Added a compact view to have a better shopping list for shopping trips (new button "Compact view" in the header, additionally this is automatically enabled on mobile devices / when screen width is < 768 px)
+- It's now possible to filter for only undone (not striked through) items (new option in the "Filter by status" dropdown)
+- Fixed that when `FEATURE_FLAG_SHOPPINGLIST_MULTIPLE_LISTS` was set to `false`, the shopping list appeared empty after some actions
+
+### Recipe improvements
+- When consuming a recipe and if an ingredient is not in stock, but that product has any subproduct which is in stock, this gets now consumed (before consuming was not possible in that case)
+- When adding or editing a recipe ingredient, a dialog is now used instead of switching between pages (thanks @kriddles)
+
+### Meal plan improvements/fixes
+- It's now possible to add notes per day (in the dropdown of the add button in the header of each day column)
+- It's now possible to products directly (also in the dropdown of the add button in the header of each day column, maybe useful in combination with the new "Self produced products" feature)
+- Added that the calories per serving are now also shown
+- Added that the total costs and calories per day are displayed in the header of each day column
+- Added a new `config.php` setting `MEAL_PLAN_FIRST_DAY_OF_WEEK` which can be used to start the meal plan on a different day (defaults to `CALENDAR_FIRST_DAY_OF_WEEK`, so no changed behavior when not configured)
+- Fixed that when `FEATURE_FLAG_STOCK_PRICE_TRACKING` was set to `false`, prices were still shown (thanks @kriddles)
+- Fixed that the week costs were missing for the weeks 1 - 9 of a year
+
+### Calendar improvements
+- Improved that meal plan events in the iCal calendar export now contain a link to the appropriate meal plan week in the body of the event (thanks @kriddles)
+
+### Task fixes
+- Fixed that a due date was required when editing an existing task
+
+### API improvements/fixes
+- The endpoint `/stock` now includes also the product object itself (new field/property `product`) (thanks @gsacre)
+- The endpoint `/stock/products/{productId}/entries` can now include stock entries of child products (if the given product is a parent product and in addition to the ones of the given product) - new query parameter `include_sub_products` (defaults to `false` so no changed behavior when not supplied)
+- New endpoints for the new stock transfer & stock entry edit capabilities
+- Fixed that the route `/stock/barcodes/external-lookup/{barcode}` did not work, because the `barcode` argument was expected as a route argument but the route was missing it (thanks @Mikhail5555 and @beetle442002)
+- Fixed the response type description of the `/stock/volatile` endpoint
+
+### General & other improvements/fixes
+- It's now possible to keep the screen on always or when a "fullscreen-card" (e. g. used for recipes) is displayed
+  - New user options in the display settings menu in the top right corner (defaults to disabled)
+- Slightly optimized table loading & search performance (thanks @lwis)
+- Added that the currently active sidebar menu item is always in view
+- Reordered the sidebar menu items a little bit, grouped them by borders and made them a little smaller to waste less space
+- Changed/removed some animations (and replaced jQuery UI by [Animate.css](https://daneden.github.io/animate.css/)) to improve responsiveness
+- Fixed that also the first column (where in most tables only buttons/menus are displayed) in tables was searched when using the general search field
+- Fixed that the meal plan menu entry (sidebar) was not visible when the calendar was disabled (`FEATURE_FLAG_CALENDAR`) (thanks @lwis)
+- For integration: If a `GET` parameter `closeAfterCreation` is passed to the product edit page, the window will be closed on save (due to Browser restrictions, this only works when the window was opened from JavaScript) (thanks @Forceu)
+- Fixed that the `update.sh` file had wrong line endings (DOS instead of Unix)
+- Internal change: Demo mode is now handled via the setting `MODE` instead of checking the existence of the file `data/demo.txt`
+- There is now a RSS feed for the changelog, subscribe to get notified about new releases: https://grocy.info/changelog/feed
+- New translations: (thanks all the translators)
+  - Hungarian (demo available at https://hu.demo.grocy.info)
+  - Portuguese (Brazil) (demo available at https://pt-br.demo.grocy.info)
+  - Slovak (demo available at https://sk.demo.grocy.info)

changelog/56_2.6.1_2020-03-06.md

@@ -0,0 +1,49 @@
+## !! Important notice
+If you run grocy in a subdirectory, you need to set a new `config.php` setting (`BASE_PATH`, see `config-dist.php`)
+
+### Stock fixes
+- Fixed purchase/consume/inventory problems when `FEATURE_FLAG_STOCK_LOCATION_TRACKING` was set to `false`
+- Fixed that products on the Location Content Sheet were not ordered by the product name
+
+### Shopping list improvements/fixes
+- Added an option to hide the month-calendar (in the shopping list settings / top right corner settings menu) (defaults to disabled, so please enable this option if you still want to have the month-calendar on the shopping list)
+- Optimized the new compact view (there was a little too much white space at the sides of the page)
+- Added an option to not switch to the new compact view on mobile devices automatically (in the shopping list settings / top right corner settings menu) (defaults to `false`, so no changed behavior when not configured) (thanks @Forceu)
+- Fixed that the "Shopping list to stock workflow" did not work when `FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_TRACKING` was set to `false`
+
+### Recipe improvements/fixes
+- Optimized the ordering of the inputs on the recipe ingredient edit page (moved "Only check if a single unit is in stock" before the amount)
+- Variable ingredient amounts are now marked accordingly on the renedered recipe
+- After selecting a recipe on mobile devices, the page now automatically scrolls to the recipe card
+- Added the recipes base servings to be displayed on the recipe card and properly named the servings column in the recipes list/table (thanks @kriddles)
+- Added that recipe ingredients can now also be displayed grouped by the products product group (additionally to the ingredient group, new option in the recipes settings / top right corner settings menu) (defaults to `false`, so no changed behavior when not configured) (thanks @kriddles)
+- Fixed that when editing a recipe ingredient which had "Only check if a single unit is in stock" set, not any quantity unit could be picked and the amount stayed empty
+- Fixed that when reloading the "new recipe"-page (or when it gets auto-reloaded due to "Auto reload on external changes" is enabled), for each reload a new recipe was created
+- Fixed that the recipe "fullscreen card" was not correctly displayed
+- Fixed that nested recipes showed all ingredients of the nested recipes twice
+- Fixed that when displaying or consuming a recipe from the meal plan the serving amount was maybe wrong (was the one from the recipe instead the one from the meal plan entry) (thanks @kriddles)
+- Fixed that the stock fulfillment counts on the recipe card were maybe wrong if that recipe was also added to the meal plan (thanks @kriddles)
+- Fixed that the recipe page was reloaded when expanding a collapsed row on mobile (thanks @Mikhail5555)
+
+### Meal plan improvements
+- Improved that all add-dialogs can be submitted by using `ENTER` and that the next input is automatically selected after selecting a recipe/product
+- Added an edit button to all types of meal plan entries
+- When adding a recipe, the serving amount is now prefilled with the one of the selected recipe (thanks @kriddles)
+- Fixed that the meal plan not used the full height on mobile devices
+
+### Calendar fixes
+- Fixed to only include events when the corresponding feature flag is enabled (e. g. don't show expiring products when `FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_TRACKING` is set to `false`) (thanks @kriddles)
+- Fixed that the calendar not used the full height on mobile devices
+
+### API improvements/fixes
+- The endpoint `/chores` now also includes the chore name (new field `chore_name`) (thanks @DarienFord)
+
+### General & other improvements/fixes
+- Big backend performance improvements (thanks @zebardy)
+- Added a button to enable the device flash light on the camera barcode scanner popup (thanks @radim-ek)
+- Optimized the top navbar height and overall spacing to waste less space
+- Replaced the scan-mode-switch-button by a native button because it's less disturbing
+- Fixed that the "contextual time ago" of date/time pickers was not displayed
+- New translations: (thanks all the translators)
+  - Czech (demo available at https://cs.demo.grocy.info)
+  - Portuguese (Portugal) (demo available at https://pt-pt.demo.grocy.info)

changelog/57_2.6.2_2020-04-03.md

@@ -0,0 +1 @@
+Security fix (see [#696](https://github.com/grocy/grocy/issues/696))

changelog/58_2.7.0_2020-04-16.md

@@ -0,0 +1,66 @@
+### New feature: Price history per store
+- Define stores under master data
+- New product option to set the default store
+- Track on purchase/inventory in which store you bought the product (gets prefilled by the last store you purchased the product, or the default store of the product if you never bought it)
+- => The price history chart on the product card shows a line per store
+- (Thanks @immae and @kriddles)
+
+### Stock improvements/fixes
+- When creating a new product, the "QU id stock" is now preset by the "QU id purchase" (because most of the time that's most probably the same) (thanks @Mik-)
+- Clarified the row-button colors and toolips on the stock entries page
+- Added a camera-barcode-scanning-button to the barcode(s) field on the product edit page to be able to also scan barcodes by the device camera there
+- Added a new option (stock settings / top right corner settings menu) to show an icon on the stock overview if the product is already on the shopping list (next to the amount) (defaults to enabled)
+- Fixed that the aggregated parent product amount (displayed on the stock overview page and on the product card) did not respect quantity unit conversions when the parent/sub products had different stock quantity units (the unit conversion needs to be globally defined, or as an override on the sub product)
+- Fixed the conversion factor hint to display also decimal places on the purchase page (only displayed when the product has a different purchase/stock quantity unit)
+- Fixed that the stock entries page was broken when there were product userfields defined with enabled "Show as column in tables"
+- Fixed that best before dates were displayed on the stock overview and stock entries page even with disabled `FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_TRACKING`
+- Fixed that when editing a stock entry and setting a decimal amount, the decimal part was ignored (only possible when the product option "Allow partial units in stock" is enabled)
+- Fixed that "Default best before days" and "Default best before days after opened" on the product edit page were always shown regardless of the feature flags `FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_TRACKING` and `FEATURE_FLAG_STOCK_PRODUCT_OPENED_TRACKING`
+- Fixed that the form validation limits for the amount input and products with enabled tare weight handling were wrong
+- Fixed that the price was saved wrong for products with a different purchase/stock quantity unit when using "Total price" on purchase (resulted for example in wrong recipe costs)
+- Fixed that undoing "product-opened"-actions was not possible
+- Fixed/improved consuming from the stock overview page for products with enabled tare weight handling ("consume 1" button is now disabled for such products, "consume all" works again)
+
+### Shopping list improvements/fixes
+- It's now possible to collapse/expand the product group sections (by clicking on the grey group header)
+- Fixed that the "shopping list to stock workflow"-dialog was not visible in compact view
+- Fixed that when printing the shopping list, configured userfields were not included
+
+### Recipe fixes
+- Fixed that when editing an ingredient with "Only check if a single unit is in stock" set, the quantity unit was always set to the products stock quantity unit regardless if a different one was selected for that ingredient
+- Fixed a PHP notice on the recipes page when there are no recipes (thanks @mrunkel)
+
+### Chores fixes
+- Fixed that weekly chores, where the next execution should be in the same week, were scheduled always for the next week only
+
+### Calendar fixes
+- Fixed that the "Share/Integrate calendar (iCal)" button did not work (thanks @tsia)
+
+### API improvements/fixes
+- New endpoint `/user/settings` to get all user settings of the currently logged in user (key/value pairs)
+- New endpoint `/system/config` to get all config settings (`config.php`) (key/value pairs)
+- The endpoint `/stock/products/{productId}/locations` now also returns the current stock amount of the product in that loctation (new field/property `amount`) (thanks @Forceu)
+- The endpoints `/objects/{entity}` and `/objects/{entity}/{objectId}` now also include/return userfields of the object(s) (new field/property `userfields` per object, key/value pairs or `null`, when the object has no userfields)
+- Fixed that CORS was broken (there was no response to preflight OPTIONS requests)
+
+### General & other improvements/fixes
+- Optimized that sometimes the corresponding form was not validated when selecting a date from the datetimepicker
+- New `config.php` setting `FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_FIELD_NUMBER_PAD` which activates the number pad for best-before-date fields on (supported) mobile browsers (useful because of [shorthands](https://github.com/grocy/grocy#input-shorthands-for-date-fields)) (defaults to `true`) (thanks @Mik-)
+- Enhancements for the camera barcode scanner
+  - Torch / light improvements (thanks @Mik-)
+    - The light button is only displayed when the device has a flash light
+    - New `config.php` setting `FEATURE_FLAG_AUTO_TORCH_ON_WITH_CAMERA` to always enable the flash light automatically
+  - It's now possible to change the camera when the device has more than one (dropdown in the camera scanning dialog, only visible if there is more than one camera available) (thanks @MichaelMadsen)
+  - Replaced [QuaggaJS](https://github.com/serratus/quaggaJS) (seems to be unmaintained) by [Quagga2](https://github.com/ericblade/quagga2)
+  - New user setting `quagga2_numofworkers` (`config.php`) to make the Quagga2 setting "numOfWorkers" adjustable (defaults to `4`)
+  - Various display/CSS improvements (thanks @Mik-)
+- Prerequisites (PHP extensions, critical files/folders) will now be checked and properly reported if there are problems (thanks @Forceu)
+- Improved the the overview pages on mobile devices (main column was hidden) (thanks @Mik-)
+- The general search field now searches accent insensitive (and table sorting is also accent insensitive)
+- Fixed that all number inputs are always prefilled in the browser locale number format
+- Optimized the handling of settings provided by `data/settingoverrides` files (thanks @dacto)
+- Optimized the update script (`update.sh`) to create the backup tar archive before writing to it (was a problem on Btrfs file systems) (thanks @shane-kerr)
+- Fixed (again) that the `update.sh` file had wrong line endings (DOS instead of Unix)
+- New translations: (thanks all the translators)
+  - Japanese (demo available at https://ja.demo.grocy.info)
+  - Chinese (Taiwan) (demo available at https://zh-tw.demo.grocy.info)

changelog/59_2.7.1_2020-04-17.md

@@ -0,0 +1,2 @@
+- Fixed that camera barcode scanning was broken
+- Fixed that the new prerequisites check handled things incorrectly in Docker images and in embedded mode

changelog/60_3.0.0_2020-12-22.md

@@ -0,0 +1,279 @@
+> ⚠️ The major version bump is due to breaking API changes, please see below if you use the API
+
+> ⚠️⚠️ SQLite >= 3.9.0 (was released in late 2015) is required
+>
+> [Here](https://github.com/grocy/grocy/issues/1209#issuecomment-749760765) is a workaround if you still run a SQLite version >= 3.8.3 < 3.9.0
+>
+> _PHP 7.2 with SQLite 3.8.3 was the formerly in [README mentioned](https://github.com/grocy/grocy#how-to-install) minimum runtime requirement, any future release will only be tested against a reasonable recent runtime (currently PHP 7.4 with SQLite 3.27.2) - supporting those (very) old runtime stuff is too time consuming..._
+
+> ❗ If some pages/tables doesn't load at all, please check that your `/data/config.php` setting `CURRENCY` is a valid ISO 4217 currency code - that's most probably the issue then.
+
+### New feature: Use any product related quantity unit anywhere
+- Finally it's possible to use any product related quantity unit on any page
+- Products still have one quantity unit stock and one (default) quantity unit purchase, but any QU, which has a direct or indirect conversion for that product, can be used to pick an amount
+  - Because the stock quantity unit is now the base for everything, it cannot be changed after the product was once added to stock (for now, maybe there will be a possibilty to change it in a future release)
+
+### New feature: Prefill purchase data by barcodes
+- Imagine you buy for example eggs in different pack sizes and they have different barcodes
+- Each product barcode can be assigned an amount, quantity unit and store (on the product edit page), which is then automatically prefilled on the purchase page
+- Additionally, the last price per barcode will be tracked and prefilled as a "Total price" on purchase
+- (Thanks @kriddles for the initial work on this)
+
+### New feature: User permissions
+- Users can now have permissions, can be configured per user on the "Manage users" page (lock icon)
+- Default permissions for new users can be set via a new `config.php` setting `DEFAULT_PERMISSIONS` (defaults to `ADMIN`, so no changed behavior when not configured)
+- All currently existing users will get all permissions (`ADMIN`) during the update/migration
+- Creating API keys on the "Manage API keys"-page (top right corner settings menu) now requires the `ADMIN` permission
+  - Other users only see their API keys on that page
+- (Thanks @fipwmaqzufheoxq92ebc for the initial work on this)
+
+### New feature: External authentication support
+- New `config.php` setting `AUTH_CLASS` to change the used authentication provider
+- Via LDAP
+  - New `config.php` settings `LDAP_DOMAIN`, `LDAP_ADDRESS` and `LDAP_BASE_DN`
+  - If you set `AUTH_CLASS` to `Grocy\Middleware\LdapAuthMiddleware`, users will be authenticated against your directory (and will also be created (in grocy), if not already present)
+- Via a reverse proxy
+  - New `config.php` setting `REVERSE_PROXY_AUTH_HEADER`
+  - If you set `AUTH_CLASS` to `Grocy\Middleware\ReverseProxyAuthMiddleware` and your reverse proxy sends a username in the HTTP header `REMOTE_USER` (header name can be changed by the setting `REVERSE_PROXY_AUTH_HEADER`), the user is automatically authenticated (and will also be created (in grocy), if not already present)
+  - (Thanks @fipwmaqzufheoxq92ebc for the initial work on this)
+
+### Stock improvements/fixes
+- Changes about best before dates: It's now possible to distinguish between best before dates and expiration dates:
+  - New product option "Due date type" (defaults to "Best before date")
+  - Wording changes:
+    - All current places where "Best before date" was used now use "Due date"
+    - Products with `Due date type = Best before date` (so all existing products) are "due" or "overdue" (they don't "expire" or are "expired")
+    - Products with `Due date type = Expiration date` (new option) can "expire" or are "expired"
+  - Color changes:
+    - Products which are due soon or expire soon are (still) highlighted in yellow
+    - Products which are overdue are highlighted in grey (there is also a new filter button on the stock overview page for them)
+    - Products which are expired (new option) are highlighted in red
+- When creating a quantity unit conversion it's now possible to automatically create the inverse conversion (thanks @kriddles)
+- The product option "Allow partial units in stock" was removed, partial amounts are now possible by default for all products
+- On purchase there is now a warning shown, when the due date of the purchased product is earlier than the next due date in stock (enabled by default, can be disabled by a new stock setting (top right corner settings menu))
+- The amount to be used for the "quick consume/open buttons" on the stock overview page can now be configured per product (new product option "Quick consume amount", defaults to 1)
+  - This "Quick consume amount" can optionally also be used as the default on the consume page (new stock setting / top right corner settings menu)
+- Products can now be duplicated (new dropdown menu item on the products list page, all fields will be preset from the copied product, except the name)
+- Products can now be merged (new dropdown menu item on the products list page)
+  - Useful if you have two products which are basically the same and want to replace all occurrences of one with the other one
+- When consuming or opening a parent product, which is currently not in stock, any in-stock sub product will now be consumed/opened (like already automatically done when consuming recipes)
+- Opened stock entries get now consumed first by default when no specific stock entry is used/selected
+  - So the default consume rule is now "Opened first, then first due first, then first in first out"
+- Optimized/clarified what the total/unit price on the purchase page is (thanks @kriddles)
+- On the purchase page the amount field is now displayed above/before the due date for better `TAB` handling (thanks @kriddles)
+- Changed that when `FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_TRACKING` is disabled, products now get internally a due date of "never overdue" (aka `2999-12-31`) instead of today (thanks @kriddles)
+- Products can now be disabled to keep the history/journal, but hide it everywhere, without deleting it (new product option "Active", deleting a product now explicitly also deletes its journal and all other references) (thanks @kriddles for the initial work on this)
+- Products can now be hidden from the stock overview page, even if they are in-stock (new product option "Never show on stock overview", disabled by default, so no changed behavior when not configured)
+  - That's maybe useful for parent products you only use as a kind of "container"
+- The due date is now also prefilled on the inventory page based on the products "Default due days" (was only done on the purchase page before)
+- On the stock journal page, it's now visible if a consume-booking was spoiled
+- It's now tracked who made a stock change (currently logged in user, visible on the stock journal page) (thanks @fipwmaqzufheoxq92ebc)
+- Product edit page improvements ("Save & continue" button, deleting and adding a product picuture is now possible in one go) (thanks @Ma27)
+- For products with tare weight handling enabled, it's now optionally possible to consume a fixed/exact amount (just like for "normal" products) in case you don't want to weigh the whole container this time (new checkbox on the consume page) (thanks @fipwmaqzufheoxq92ebc)
+- The stock overview page now also shows the value - new column and also the total value in the header (thanks @kriddles)
+- It's now possible to set a custom purchased date on purchase (new field on the purchase and inventory page, hidden by default - enable it by a new stock setting (top right corner settings menu)) (thanks @kriddles)
+- The decimal places for all amount and price inputs can now be configured (stock settings / top right corner settings menu, default for amounts is `4`, for prices `2`)
+- When clicking the product name on the shopping list, the product card will now be displayed (like on the stock overview page) (thanks @kriddles)
+- On the product card there is now also a button to jump directly to the stock entries of the corresponding product (thanks @kriddles)
+- The product picker workflows can now also be started by `ENTER` (additionally to `TAB`)
+- Added a "retry camera barcode scan" button (button with camera icon, shortcut `C`) to the product picker workflow dialog
+- Added more filters on the stock journal page
+- Added a grouped/summarized stock journal (new button "Journal summary" at the top of the stock journal page) (thanks @fipwmaqzufheoxq92ebc)
+  - Provides an overview of summarized transactions per product, transaction type and user + summarized amount
+- The product option "Default due days after freezing" now also supports `-1` (like the option "Default due days") to set the product to "never due" on freezing
+- Fixed that changing the products "Factor purchase to stock quantity unit" not longer messes up historical prices (which results for example in wrong recipe costs) (thanks @kriddles)
+- Fixed that when adding products through a product picker workflow and when the created products contains special characters, the product was not preselected on the previous page (thanks @Forceu)
+- Fixed that when editing a product the default store was not visible / always empty regardless if the product had one set (thanks @kriddles)
+- Fixed that `FEATURE_SETTING_STOCK_COUNT_OPENED_PRODUCTS_AGAINST_MINIMUM_STOCK_AMOUNT` (option to configure if opened products should be considered for minimum stock amounts) was not handled correctly (thanks @teddybeermaniac)
+- Fixed that the "Due soon" sum (yellow filter button) on the stock overview page didn't include products which are due today (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that the shopping cart icon on the stock overview page was also shown if the product was on an already deleted shopping list (if enabled) (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that when editing a stock entry without a price, the price field was prefilled with `1`
+- Fixed that the location & product groups filter on the stock overview page used a contains search instead of an exact search
+- Fixed that the amount on the success popup was wrong when consuming a product with "Tare weight handling" enabled
+- Fixed that the aggregated amount of parent products was wrong on the stock overview page when the child products had not the same stock quantity units
+- Fixed that edited stock entries were not considered for the price history chart on the product card
+- Fixed that `FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_TRACKING` is set to `false`, the purchase page validation failed (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that consuming (and editing the amount of) products with enabled tare weight handling did not work on the stock entries page
+- Fixed that the recipes dropdown on the consume page also displayed internal recipes (thanks @kriddles)
+- Fixed that opening tare weight handling enabled products is prevented via the UI and the API (as this makes no sense)
+- Fixed that undoing a consume transaction of an opened item added it back to stock unopened
+- Fixed that a "Total price" on purchase was not handled correctly for tare weight handling enabled products (the total price was wrongly related to the amount including the tare weight)
+
+### Shopping list improvements
+- Added a button to add all currently in-stock but overdue and expired products to the shopping list (thanks @m-byte)
+- Improved that when `FEATURE_FLAG_STOCK` is disabled, all product/stock related inputs and buttons are now hidden on the shopping list page (thanks @fipwmaqzufheoxq92ebc)
+- Shopping list items can now have their own Userfields (entity `shopping_list`), on the shopping list table those fields are rendered additionally to the product Userfields
+- The print view is now configurable (new dialog before printing - option to hide header, group products by their product group, alternative list layout)
+- Fixed that "Add products that are below defined min. stock amount" always rounded up the missing amount to an integral number, this now allows decimal numbers
+
+### Recipe improvements/fixes
+- It's now possible to print recipes (button next to the recipe title) (thanks @zsarnett)
+- Changed that recipe costs are now based on the costs of the products picked by the default consume rule ("Opened first, then first due first, then first in first out") (thanks @kriddles)
+  - Recipe costs were based on the last purchase price per product before, so this now better reflects the current real costs
+- Improved the recipe add workflow (a recipe called "New recipe" is now not automatically created when starting to add a recipe) (thanks @zsarnett)
+- On the recipe page, the calories and costs per ingredient are now shown to get a better overview of how much each ingredient contributed
+- Fixed that images on the recipe gallery view were not scaled correctly on larger screens (thanks @zsarnett)
+- Fixed that decimal ingredient amounts maybe resulted in wrong conversions or truncated decimal places if your locale does not use a dot as the decimal separator (thanks @m-byte)
+- Fixed that a recipe cannot be included in itself (because this will cause an infinite loop) (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that when editing a recipe ingredient the checkbox "Disable stock fulfillment checking for this ingredient" was not initaliased with the saved value
+- Fixed that the status filter ("Enough in stock", etc.) on the recipes page did not filter recipes on the gallery tab (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that consuming a recipe ingredient with tare weight handling enabled consumed a wrong amount (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that consuming a parent product recipe ingredient did not consider quantity unit conversion when effectively consuming a child product
+
+### Meal plan fixes
+- Fixed that for products the quantity unit purchase was displayed instead of the products quantity unit stock (thanks @BenoitAnastay)
+
+### Chores improvements/fixes
+- Chores can now be disabled to keep the history/journal, but hide it everywhere, without deleting it (new chore option "Active", deleting a chore now explicitly also deletes its journal and all other references)
+- Changed that not assigned chores on the chores overview page display now just a dash instead of an ellipsis in the "Assigned to" column to make this more clear (thanks @Germs2004)
+- The assignment type "Random" now don't prevents anymore that the last user will be assigned next
+- Fixed (again) that weekly chores, where the next execution should be in the same week, were scheduled (not) always (but sometimes) for the next week only (thanks @shadow7412)
+- Fixed that the assignment type "In alphabetic order" did not work correctly (the last person in the list was always assigned next once reached) (thanks @fipwmaqzufheoxq92ebc)
+
+### Equipment improvements
+- There is now a button to download the instruction manual (next to the "expand to fullscreen"-button)
+
+### Calendar improvements/fixes
+- Events are now links to the corresponding page (thanks @zsarnett)
+- Fixed a PHP warning when using the "Share/Integrate calendar (iCal)" button (thanks @tsia)
+- Fixed that "Track date only"-chores were always displayed at 12am (are now displayed as all-day events)
+- Fixed that it was not possible to switch to an other view than the default one on mobile (thanks @PhyberApex)
+
+### Tasks improvements
+- Tasks don't need to unique anymore (name field)
+
+### Batteries improvements
+- Batteries can now be disabled to keep the history/journal, but hide it everywhere, without deleting it (new battery option "Active", deleting a battery now explicitly also deletes its journal and all other references)
+
+### Userfield improvements/fixes
+- New Userfield type "File" to attach any file, will be rendered as a link to the file in tables (if enabled) (thanks @fipwmaqzufheoxq92ebc)
+- New Userfield type "Picture" to attach a picture, the picture will be rendered (small) in tables (if enabled) (thanks @fipwmaqzufheoxq92ebc)
+- New Userfield type "Link (with title)" - a link with a title (two input fields), so that the title is rendered in tables (if enabled) instead of the link itself
+- Userfields can now be reordered on the input form (new field "Sort number" per Userfield, fields will be ordered by that number, if any)
+- Users can now also have Userfields
+
+### General & other improvements/fixes
+- UI refresh / style improvements (thanks @zsarnett for the idea and initial work on this)
+- Improved mobile views (thanks @4lloyd for the idea and initial work on this)
+  - The buttons on the top of each page and the filter row is now collapsed (use the ellipsis/filter button to show them, this also superseded the shopping list compact view)
+  - Tables are horizontally scrollable (instead of collapsing columns which don't fit)
+- All tables are now customizable (new little eye icon on the top left corner on each table)
+  - Table columns be shown/hidden
+    - There are also new columns on some pages, hidden by default
+      - Stock overview: Value, Product group, Calories, Last purchased, Last price, Min. stock amount
+      - Products list: Default store
+      - Shopping list: Last price (Unit), Last price (Total), Default store, Barcodes (as scannable code-image)
+  - Row grouping can be customized to use any available column (thanks @edenhaus)
+- Table states (visible columns, sorting, column order and so on) are now saved server side (in user settings) means that this stays the same when using different browsers
+- Dialogs are now used everywhere where appropriate instead of jumping between pages (for example when adding/editing shopping list items)
+- Added a "Clear filter"-button on all pages (with filters) to quickly reset applied filters
+- Users can now have a picture (will then be shown next to the current user name instead of the generic user icon)
+- Prefilled number inputs now use sensible decimal places (max. the configured decimals while hiding trailing zeros where appropriate, means if you never use partial amounts for a product, you'll never see decimals for it)
+- Improved / more precise validation messages for number inputs
+- Optimized what's hidden when `GROCY_FEATURE_FLAG_STOCK` is disabled
+  - Products, quantity units and product groups are possible to use now
+  - Means you can use for example the shopping list, recipes and the meal plan with products while the "stock handling part" is hidden
+- Ordering now happens case-insensitive
+- The data path (previously fixed to the `data` folder) is now configurable, making it possible to run multiple grocy instances from the same directory (with different `config.php` files / different database, etc.) (thanks @fgrsnau)
+  - Via an environment variable `GROCY_DATAPATH` (higher priority)
+  - Via an FastCGI parameter `GROCY_DATAPATH` (lower priority)
+- The language can now be set per user (see the new user settings page / top right corner settings menu) (thanks @fipwmaqzufheoxq92ebc)
+  - Additionally, the language is now also auto-guessed based on the browser locale (HTTP-Header `Accept-Language`)
+  - The `config.php` option `CULTURE` was renamed to `DEFAULT_LOCALE`
+  - So the used language is based on (in that order)
+    - The user setting
+    - If not set, then based on browser locale
+    - If no matching localizaton was found, `DEFAULT_LOCALE` from `config.php` is used
+- Performance improvements (page loading time) of the stock overview page (thanks @fipwmaqzufheoxq92ebc)
+- The prerequisites checker now also checks for the minimum required SQLite version (thanks @Forceu)
+- Replaced (again, added before in v2.7.0, then reverted in v2.7.1 due to some problems) [QuaggaJS](https://github.com/serratus/quaggaJS) (seems to be unmaintained) by [Quagga2](https://github.com/ericblade/quagga2)
+- More `config.php` settings (see the section `Component configuration for Quagga2`) to tweak Quagga2 (this is the component used for device camera for barcode scanning) (thanks @andrelam)
+- Some localization string fixes (thanks @duckfullstop)
+- Better error pages
+- Fixed that numeric and date-time sorting of table columns did not work correctly
+- Fixed that XSS / HTML injection was possible through some user input fields (low severity / not really a problem as this could not be abused unauthenticated)
+- New translations: (thanks all the translators)
+  - Greek (demo available at https://el.demo.grocy.info)
+  - Korean (demo available at https://ko.demo.grocy.info)
+  - Chinese (China) (demo available at https://zh-cn.demo.grocy.info)
+  - Tamil (demo available at https://ta.demo.grocy.info)
+  - Finnish (demo available at https://fi.demo.grocy.info)
+
+### API improvements/fixes
+- ⚠️ **Breaking changes**:
+  - All prices are now related to the products stock quantity unit (instead of the products purchase QU)
+  - All (product) amounts are now related to the products stock quantity unit (was related to the products purchase QU for the shopping list before)
+  - The product object no longer has a field `barcodes` with a comma separated barcode list, instead barcodes are now stored in a separate table/entity `product_barcodes` (use the existing "Generic entity interactions" endpoints to access them)
+  - The endpoint `/objects/{entity}/search` was removed (use the existing `/objects/{entity}` endpoint with the new filter capabilities mentioned below)
+  - The output / field names of `ProductDetailsResponse` have slightly changed (endpoint `/stock/products/{productId}`)
+  - Endpoint `/stock/volatile`
+    - The query parameter `expring_days` was renamed to `due_soon_days`
+    - The field `expiring_products` was renamed to `due_products`
+    - The field `expired_products` now only contains expired products (so them with `Due date type = Expiration date`)
+    - The new field `overdue_products` contains only overdue products (so them with `Due date type = Best before date`)
+  - The following endpoints now return all bookings of the transaction (so the response is now an array, was before a single stock booking - and a random one if the transaction affected multiple stock entries)
+    - PUT `/stock/entry/{entryId}`
+    - POST `/stock/products/{productId}/add`
+    - POST `/stock/products/{productId}/consume`
+    - POST `/stock/products/{productId}/transfer`
+    - POST `/stock/products/{productId}/inventory`
+    - POST `/stock/products/{productId}/open`
+    - POST `/stock/products/by-barcode/{barcode}/add`
+    - POST `/stock/products/by-barcode/{barcode}/consume`
+    - POST `/stock/products/by-barcode/{barcode}/transfer`
+    - POST `/stock/products/by-barcode/{barcode}/inventory`
+    - POST `/stock/products/by-barcode/{barcode}/open`
+    - (The response is the same as if you would fetch the stock transaction via `/stock/transactions/{transactionId}`)
+- For better integration (apps), it's now possible to show a QR-Code for API keys (thanks @fipwmaqzufheoxq92ebc)
+  - New QR-Code button on the "Manage API keys"-page (top right corner settings menu), the QR-Codes contains `<API-Url>|<API-Key>`
+  - And on the calendar page when using the button "Share/Integrate calendar (iCal)", there the QR-Codes contains the Share-URL (which is displayed in the textbox above)
+- The output of the following endpoints can now be filtered (by any field), ordered and paginated (thanks for the initial work on this @fipwmaqzufheoxq92ebc)
+  - `/objects/{entity}`
+  - `/stock/products/{productId}/entries`
+  - `/stock/products/{productId}/locations`
+  - `/recipes/fulfillment`
+  - `/users`
+  - `/tasks`
+  - `/chores`
+  - `/batteries`
+  - There are 4 new (optional) query parameters to utilize that
+    - `order` The field to order by (use the separator `:` to specify the sort order - `asc` or `desc`, defaults to `asc` when omitted)
+    - `limit` The maximum number of objects to return
+    - `offset` The number of objects to skip
+    - `query[]` An array of conditions, each of them is a string in the form of `<field><condition><value>`, where
+      - `<field>` is a field name
+      - `<condition>` is a comparison operator, one of
+        - `=` equal
+		- `!=` not equal
+        - `~` LIKE
+        - `!~` not LIKE
+        - `<` less
+        - `>` greater
+        - `<=` less or equal
+        - `>=` greater or equal
+        - `§` regular expression
+      - `<value>` is the value to search for
+- New endpoint `/stock/shoppinglist/add-overdue-products` to add all currently in-stock but overdue products to a shopping list (thanks @m-byte)
+- New endpoint `/stock/shoppinglist/add-expired-products` to add all currently in-stock but expired products to a shopping list
+- New endpoints GET/POST/PUT `/users/{userId}/permissions` for the new user permissions feature mentioned above
+- New endpoint `/user` to get the currently authenticated user
+- New endpoint DELETE `/user/settings/{settingKey}` to delete a user setting
+- New endpoint POST `/stock/products/{productIdToKeep}/merge/{productIdToRemove}` for the new product merging feature mentioned above
+- The following entities are now also available via the endpoint `/objects/{entity}` (only listing, no edit)
+  - `stock_log` (the stock journal)
+  - `stock` (the "raw" stock entries)
+  - `stock_current_locations` (info how much of each product is currently stored at which location)
+- Performance improvements of the `/stock/products/*` endpoints (thanks @fipwmaqzufheoxq92ebc)
+- The endpoint `/stock/products/{productId}/locations` now also has an optional query parameter `include_sub_products` to optionally also return locations of sub products of the given product
+- The following endpoints  now have an optional request body parameter `allow_subproduct_substitution` to consume/open any child product when the given product is a parent product and currently not in stock
+  - `/stock/products/{productId}/consume`
+  - `/stock/products/by-barcode/{barcode}/consume`
+  - `/stock/products/{productId}/open`
+  - `/stock/products/by-barcode/{barcode}/open`
+- Fixed that the endpoint `/objects/{entity}/{objectId}` always returned successfully, even when the given object not exists (now returns `404` when the object is not found) (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that the endpoint `/stock/volatile` didn't include products which are due today (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that the endpoint `/objects/{entity}` did not include Userfields for Userentities (so the effective endpoint `/objects/userobjects`)
+- Fixed that the endpoint `/stock/consume` returned the response code `200` and an empty response body when `stock_entry_id` was set (consuming a specific stock entry) but invalid (now returns the response code `400`) (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that the endpoint `/user/settings/{settingKey}` didn't return the default setting if it was not configured for the current user (same behavior as the endpoint `/user/settings` now)
+- Endpoint `/calendar/ical`: Fixed that "Track date only"-chores were always set to happen at 12am (are treated as all-day events now)
+- Fixed (again) that CORS was broken

changelog/61_3.0.1_2021-01-05.md

@@ -0,0 +1,19 @@
+> ⚠️⚠️ SQLite >= 3.9.0 (was released in late 2015) is required
+>
+> [Here](https://github.com/grocy/grocy/issues/1209#issuecomment-749760765) is a workaround if you still run a SQLite version >= 3.8.3 < 3.9.0
+>
+> _PHP 7.2 with SQLite 3.8.3 was the formerly in [README mentioned](https://github.com/grocy/grocy#how-to-install) minimum runtime requirement, any future release will only be tested against a reasonable recent runtime (currently PHP 7.4 with SQLite 3.27.2) - supporting those (very) old runtime stuff is too time consuming..._
+
+- Improved the prerequisites checker (added missing required PHP extension `ctype`) (thanks @Forceu)
+- Added validation checks for most `data/config.php` settings to prevent using invalid ones (thanks @Forceu)
+- When using reverse proxy authentication (`ReverseProxyAuthMiddleware`), _additionally_ a valid API key can now also be used for authentication (if you don't want to protect the API endpoints via your reverse proxy, however)
+- Added a new API endpoint `/system/time` to get the current server time (thanks @Forceu)
+- An amount attached to a barcode is now also prefiled when scanning the product on the Consume/Transfer/Inventory page
+- Fixed that some number inputs were broken when the new decimal places setting were set to `0`
+- Fixed that browser camera barcode scanning did not work on the product edit page for adding product barcodes
+- Fixed that indirect unit conversions (those between units, not product overrides) could not be used/selected
+- Fixed that the new product option "Never show on stock overview" was unintentionally set by default for new products
+- Fixed that adding items to the shopping list from the context/more menu on the stock overview page did not work
+- Fixed that consuming was not possible when `FEATURE_FLAG_STOCK_LOCATION_TRACKING` was disabled
+- Fixed that adding images in text editor fields did not work
+- Fixed some other minor UI glitches

changelog/62_3.1.0_2021-07-16.md

@@ -0,0 +1,125 @@
+> ⚠️ The following PHP extensions are now additionally required: `json`, `intl`, `zlib`
+
+> ⚠️ PHP 8 is now supported and from now on the only tested runtime version (although currently PHP 7.2 should still work).
+
+### New feature: grocycode / label printer support
+#### (Own) Product/stock entry/chores/batteries labels/barcodes
+- Print own labels/barcodes for products/stock entries/chores/batteries and then scan that code on every place a product/stock entry/chore/battery can be selected
+- Can be printed (or downloaded) via
+  - The product/chore/battery edit page
+  - The context/more menu per line on the overview pages and for stock entries on the stock entries page
+  - Automatically on purchase (new option on the purchase page, defaults can be configured per product) for stock entries
+- The used barcode type can be configured via the `config.php` option `GROCYCODE_TYPE`:
+  - `1D` (default) will produce a `Code128` 1D barcode (supported by the integrated camera barcode scanner)
+  - `2D` will produce a `DataMatrix` 2D barcode (currently not supported by the integrated camera barcode scanner, but can be probably printed smaller)
+- Label printer functionality can be enabled via the new feature flag `FEATURE_FLAG_LABEL_PRINTER` (defaults to disabled)
+- Label printer communication happens via WebHooks - see the new `LABEL_PRINTER*` `config.php` options
+- grocycodes can also be used without a label printer - you can view or download thm as pictures and print them manually
+- More information:
+  - https://github.com/grocy/grocy/tree/v3.1.0/docs/grocycode.md
+  - https://github.com/grocy/grocy/tree/v3.1.0/docs/label-printing.md
+- (Thanks a lot @mistressofjellyfish for the initial work on this)
+
+### New feature: Meal plan sections
+- Split the meal plan into sections like Breakfast/Lunch/Dinner
+  - => New button "Configure sections" on the meal plan page to configure the sections (top right corner)
+  - => Each meal plan entry can be assigned to a section
+
+### New feature: Shopping list thermal printer support
+- The shopping list can now be printed on a thermal printer
+  - The printer must be compatible to the `ESC/POS` protocol and needs to be locally attached or network reachable to/by the machine hosting grocy (so the server)
+  - See the new `TPRINTER*` `config.php` options to configure the printer connection and other options
+  - => New button on the shopping list print dialog
+- Can be enabled via the new feature flag `FEATURE_FLAG_THERMAL_PRINTER` (defaults to disabled)
+- (Thanks a lot @Forceu)
+
+### Stock improvements/fixes
+- Product barcodes are now enforced to be unique across products
+- On the stock overview page it's now also possible to search/filter by product barcodes (via the general search field)
+- The product picker on the consume and transfer page now only shows products which are currently in stock
+- Added a filter option to only show in-stock products on the stock overview and products list (master data) page
+- Added new columns on the stock overview page (hidden by default): Product description, product default location, parent product, product picture
+- Added a new product option "Should not be frozen" (defaults to disabled and only visible when `FEATURE_FLAG_STOCK_PRODUCT_FREEZING` is enabled)
+  - When enabled, on moving the product to a freezer location (so when freezing it), a corresponding warning will be shown
+- Optimized that when opening a product which has "Default due days after opened" set, the resulting date now never extends the original due date
+- Added a new stock setting (top right corner settings menu) "Add decimal separator automatically for price inputs" (defaults to disabled)
+  - When enabled, you always have to enter the value including decimal places, the decimal separator will be automatically added based on the amount of allowed decimal places
+- Fixed that editing stock entries was not possible
+- Fixed that consuming with Scan Mode was not possible
+- Fixed that the current stock total value (header of the stock overview page) didn't include decimal amounts (thanks @Ape)
+- Fixed that the transfer page was not fully populated when opening it from the stock entries page
+- Fixed that undoing a consume/open action from the success notification on the stock entries page was not possible
+- Fixed that adding a barcode to a product didn't save the selected quantity unit when the product only has a single one
+- Fixed that the store information on a stock entry was lost when transferring a partial amount to a different location
+- Fixed that the "Spoil rate" on the product card was wrong in some cases
+- Fixed that the stock journal showed always the products default location (instead of the location of the transaction)
+- Fixed that the aggregated amount of parent products was wrong when indirect quantity unit conversions were used
+
+### Shopping list improvements/fixes
+- The amount now defaults to `1` for adding items quicker
+- Added a status filter for only _done_ items
+- The total value is now also shown (based on "Last price (Total)" per item, displayed on the page header and only when `FEATURE_FLAG_STOCK_PRICE_TRACKING` is enabled)
+- Fixed that shopping list prints had a grey background (thanks @Forceu)
+- Fixed the form validation on the shopping list item page (thanks @Forceu)
+- Fixed that when adding products to the shopping list from the stock overview page, the used quantity unit was always the products default purchase QU (and not the selected one)
+- Fixed that the displayed last unit/total price was wrong when the used quantity unit was not the products stock QU
+- Fixed that the "Add as barcode to existing product" productpicker workflow did not work
+
+### Recipe improvements/fixes
+- Recipe printing improvements (thanks @Ape)
+- Calories are now always displayed per single serving (on the recipe and meal plan page)
+- The note of an ingredient will now also be added to the corresponding shopping list item when using "Put missing products on the shopping list"
+- It's now possible to copy a recipe (button/dropdown menu item per recipe)
+- Fixed that the recipe page was slow when there were a lot meal plan recipe entries
+- Fixed that "Only check if any amount is in stock" (recipe ingredient option) didn't work for stock amounts < 1
+- Fixed that when adding missing items to the shopping list, on the popup deselected items got also added
+- Fixed that the amount of self produced products with tare weight handling enabled was wrong ("Produces product" recipe option)
+- Fixed that the ingredient amount calculation for included/nested recipes was (for most cases) wrong
+- Fixed that the ingredient amount was wrong when using a to the product indirectly related quantity unit
+- Fixed that the calories amount calculation was wrong when quantity unit conversions were involved
+
+### Meal plan improvements/fixes
+- Improved the meal plan page loading time (drastically when having a big history of meal plan entries)
+- Meal plan entries can now be visually marked as "done" (new button per entry)
+  - This happens automatically on consuming a recipe/product from the meal plan page
+- It's now possible to copy all entries of a day to another day (in the dropdown of the add button in the header of each day column)
+- The "Display recipe" button was removed, instead clicking the recipe title now displays the recipe (and this now also works for products; shows the product card)
+- Fixed that stock fulfillment checking used the desired servings of the recipe (those selected on the recipes page, not them from the meal plan entry)
+
+### Chores improvements/fixes
+- It's now possible to track any addtional info on a chore execution by using Userfields
+  - => Configure the desired Userfields for the entity `chores_log`
+  - => The on chore execution tracking entered information is then visible on the corresponding chore journal entry
+- Fixed that tracking chores with "Done by" a different user was not possible
+
+### Userfield improvements/fixes
+- Userfields can now be configured as mandatory (new Userfield option, defaults to disabled)
+- Fixed that numeric Userfields were initialised with `1.0`
+- Fixed that shortcuts (up/down key) and the format did not work correctly when using multiple date/time Userfields per object
+- Fixed that Userfields were not saved when adding a product or a recipe (only on editing)
+
+### General & other improvements/fixes
+- LDAP authentication improvements / OpenLDAP support (thanks @tank0226)
+  - A read only service account can now be used for binding
+  - The username attribute is now configurable
+  - Filtering of accounts is now possible
+  - => See the new `LDAP*` `config.php` options
+- Improved the page loading time of all journal pages (stock/chores/batteries) by adding a new date range filter
+- Some night mode style improvements (thanks @BlizzWave and @KTibow)
+- Help tooltips are now additionally also triggered by clicking on them (instead of only hovering them, which doesn't work on mobile / touch devices)
+- The camera barcode scanner now also supports Code 39 barcodes (used for example in Germany on pharma products (PZN)) (thanks @andreheuer)
+- Fixed that the number picker up/down buttons did not work when the input field was empty or contained an invalid number
+- Fixed that links and embeds (e.g. YouTube videos) did not work in the text editor
+- Fixed that the "Manage users" and "Manage API keys" menu was not shown when using reverse proxy authentication
+
+### API improvements/fixes
+> ❗ Numbers are now returned as numbers (so technically without quotes around them, were strings for nearly all endpoints before - should practically be no real difference)
+- Added a new endpoint `/system/localization-strings` to get the localization strings (gettext JSON representation; in the by the user desired language)
+- Added a new endpoint `/recipes/{recipeId}/copy` to copy a recipe
+- The `GET /chores` endpoint now also returns the `next_execution_assigned_user` object per chore (like the endpoint `GET /chores​/{choreId}` already did for a single chore)
+- The `GET /tasks` endpoint now also returns the assigned user and category object per task
+- Empty Userfields are now also returned (were previously omitted, endpoint `GET /objects/{entity}` and `GET /objects/{entity}/{objectId}`)
+- Fixed that due soon products with `due_type` = "Expiration date" were missing in `due_products` of the `/stock/volatile` endpoint
+- Fixed that `PUT/DELETE /objects/{entity}/{objectId}` produced an internal server error when the given object id was invalid (now returns `400 Bad Request`)
+- Fixed that hyphens in filter values did not work
+- Fixed that cyrillic letters were not allowed in filter values

composer.json

@@ -1,12 +1,20 @@
 {
 	"require": {
-		"php": ">=7.2",
-		"slim/slim": "^3.8",
-		"morris/lessql": "^0.3.4",
-		"rubellum/slim-blade-view": "^0.1.1",
-		"tuupola/cors-middleware": "^0.7.0",
-		"eluceo/ical": "^0.15.0",
-		"erusev/parsedown": "^1.7.1"
+		"php": ">=8.0",
+		"slim/slim": "^4.0",
+		"slim/psr7": "^1.0",
+		"slim/http": "^1.0",
+		"php-di/php-di": "^6.0",
+		"berrnd/slim-blade-view": "^1.0.0",
+		"morris/lessql": "^1.0",
+		"gettext/gettext": "^4.8",
+		"eluceo/ical": "^2.2.0",
+		"erusev/parsedown": "^1.7",
+		"gumlet/php-image-resize": "^2.0",
+		"ezyang/htmlpurifier": "^4.13",
+		"interficieis/php-barcode": "^2.0.2",
+		"guzzlehttp/guzzle": "^7.0",
+		"mike42/escpos-php": "^3.0"
 	},
 	"autoload": {
 		"psr-4": {
@@ -18,5 +26,8 @@
 		"files": [
 			"helpers/extensions.php"
 		]
+	},
+	"config": {
+		"platform-check": false
 	}
 }

config-dist.php

@@ -1,84 +1,202 @@
 <?php
 
-# Settings can also be overwritten in two ways
-#
-# First priority
-# A .txt file with the same name as the setting in /data/settingoverrides
-# the content of the file is used as the setting value
-#
-# Second priority
-# An environment variable with the same name as the setting and prefix "GROCY_"
-# so for example "GROCY_BASE_URL"
-#
-# Third priority
-# The settings defined here below
+// Settings can also be overwritten in two ways
+//
+// First priority
+// A .txt file with the same name as the setting in /data/settingoverrides
+// the content of the file is used as the setting value
+//
+// Second priority
+// An environment variable with the same name as the setting and prefix "GROCY_"
+// so for example "GROCY_BASE_URL"
+//
+// Third priority
+// The settings defined here below
 
-
-# Either "production", "dev" or "prerelease"
+// Either "production", "dev", "demo" or "prerelease"
+// When not "production", authentication will be disabled and
+// demo data will be populated during database migrations
 Setting('MODE', 'production');
 
-# Either "en" or "de" or the filename (without extension) of
-# one of the other available localization files in the "/localization" directory
-Setting('CULTURE', 'en');
+// Either "en" or "de" or the directory name of
+// one of the other available localization folders in the "/localization" directory
+Setting('DEFAULT_LOCALE', 'en');
 
-# To keep it simple: grocy does not handle any currency conversions,
-# this here is used to format all money values,
-# so doesn't matter really matter, but should be the
-# ISO 4217 code of the currency ("USD", "EUR", "GBP", etc.)
+// This is used to define the first day of a week for calendar views in the frontend,
+// leave empty to use the locale default
+// Needs to be a number where Sunday = 0, Monday = 1 and so forth
+Setting('CALENDAR_FIRST_DAY_OF_WEEK', '');
+
+// If calendars should show week numbers
+Setting('CALENDAR_SHOW_WEEK_OF_YEAR', true);
+
+// To keep it simple: grocy does not handle any currency conversions,
+// this here is used to format all money values,
+// so doesn't really matter, but should be the
+// ISO 4217 code of the currency ("USD", "EUR", "GBP", etc.)
 Setting('CURRENCY', 'USD');
 
-# The base url of your installation,
-# should be just "/" when running directly under the root of a (sub)domain
-# or for example "https://example.com/grocy" when using a subdirectory
+// When running grocy in a subdirectory, this should be set to the relative path, otherwise empty
+// It needs to be set to the part (of the URL) after the document root,
+// if URL rewriting is disabled, including index.php
+// Example with URL Rewriting support:
+//  Root URL = https://example.com/grocy
+//  => BASE_PATH = /grocy
+// Example without URL Rewriting support:
+//  Root URL = https://example.com/grocy/public/index.php/
+//  => BASE_PATH = /grocy/public/index.php
+Setting('BASE_PATH', '');
+
+// The base URL of your installation,
+// should be just "/" when running directly under the root of a (sub)domain
+// or for example "https://example.com/grocy" when using a subdirectory
 Setting('BASE_URL', '/');
 
-# The plugin to use for external barcode lookups,
-# must be the filename without .php extension and must be located in /data/plugins,
-# see /data/plugins/DemoBarcodeLookupPlugin.php for an example implementation
+// The plugin to use for external barcode lookups,
+// must be the filename without .php extension and must be located in /data/plugins,
+// see /data/plugins/DemoBarcodeLookupPlugin.php for an example implementation
 Setting('STOCK_BARCODE_LOOKUP_PLUGIN', 'DemoBarcodeLookupPlugin');
 
-# If, however, your webserver does not support URL rewriting,
-# set this to true
+// If, however, your webserver does not support URL rewriting, set this to true
 Setting('DISABLE_URL_REWRITING', false);
 
+// Specify an custom homepage if desired - by default the homepage will be set to the stock overview page,
+// this needs to be one of the following values:
+// stock, shoppinglist, recipes, chores, tasks, batteries, equipment, calendar, mealplan
+Setting('ENTRY_PAGE', 'stock');
+
+// Set this to true if you want to disable authentication / the login screen,
+// places where user context is needed will then use the default (first existing) user
+Setting('DISABLE_AUTH', false);
+
+// Either "Grocy\Middleware\DefaultAuthMiddleware", "Grocy\Middleware\ReverseProxyAuthMiddleware"
+// or any class that implements Grocy\Middleware\AuthMiddleware
+Setting('AUTH_CLASS', 'Grocy\Middleware\DefaultAuthMiddleware');
+
+// When using ReverseProxyAuthMiddleware,
+// the name of the HTTP header which your reverse proxy uses to pass the username (on successful authentication)
+Setting('REVERSE_PROXY_AUTH_HEADER', 'REMOTE_USER');
+
+// LDAP options when using LdapAuthMiddleware
+Setting('LDAP_ADDRESS', ''); // Example value "ldap://vm-dc2019.local.berrnd.net"
+Setting('LDAP_BASE_DN', ''); // Example value "DC=local,DC=berrnd,DC=net"
+Setting('LDAP_BIND_DN', ''); // Example value "CN=grocy_bind_account,OU=service_accounts,DC=local,DC=berrnd,DC=net"
+Setting('LDAP_BIND_PW', ''); // Password for the above account
+Setting('LDAP_USER_FILTER', ''); // Example value "(OU=grocy_users)"
+Setting('LDAP_UID_ATTR', ''); // Windows AD: "sAMAccountName", OpenLDAP: "uid", GLAuth: "cn"
+
+// Set this to true if you want to disable the ability to scan a barcode via the device camera (Browser API)
+Setting('DISABLE_BROWSER_BARCODE_CAMERA_SCANNING', false);
+
+// Set this if you want to have a different start day for the weekly meal plan view,
+// leave empty to use CALENDAR_FIRST_DAY_OF_WEEK (see above)
+// Needs to be a number where Sunday = 0, Monday = 1 and so forth
+Setting('MEAL_PLAN_FIRST_DAY_OF_WEEK', '');
+
+// Default permissions for new users
+// the array needs to contain the technical/constant names
+// see the file controllers/Users/User.php for possible values
+Setting('DEFAULT_PERMISSIONS', ['ADMIN']);
+
+// 1D (=> Code128) or 2D (=> DataMatrix)
+Setting('GROCYCODE_TYPE', '1D');
+
+// Label printer settings
+// This is the URI that grocy will POST to when asked to print a label
+Setting('LABEL_PRINTER_WEBHOOK', '');
+// This setting decides whether the webhook will be called server- or clientside
+// If the machine grocy runs on has a network connection to the host the webhook receiver is on, this is probably a good idea
+// If, for example, grocy runs in the cloud and your printer daemon runs locally to you, set this to false to let your browser call the webhook instead
+Setting('LABEL_PRINTER_RUN_SERVER', true);
+// Additional parameters supplied to the webhook
+Setting('LABEL_PRINTER_PARAMS', ['font_family' => 'Source Sans Pro (Regular)']);
+// TRUE to use JSON or FALSE to use normal POST request variables
+Setting('LABEL_PRINTER_HOOK_JSON', false);
+
+// Thermal printer options
+// Thermal printers are receipt printers, not regular printers,
+// the printer must support the ESC/POS protocol, see https://github.com/mike42/escpos-php
+Setting('TPRINTER_IS_NETWORK_PRINTER', false); // Set to true if it's' a network printer
+Setting('TPRINTER_PRINT_QUANTITY_NAME', true); // Set to false if you do not want to print the quantity names (related to the shopping list)
+Setting('TPRINTER_PRINT_NOTES', true); // Set to false if you do not want to print notes (related to the shopping list)
+Setting('TPRINTER_IP', '127.0.0.1'); // IP of the network printer (does only matter if it's a network printer)
+Setting('TPRINTER_PORT', 9100); // Port of the network printer
+Setting('TPRINTER_CONNECTOR', '/dev/usb/lp0'); // Printer device (does only matter if you use a locally attached printer)
+// For USB on Linux this is often '/dev/usb/lp0', for serial printers it could be similar to '/dev/ttyS0'
+// Make sure that the user that runs the webserver has permissions to write to the printer - on Linux add your webserver user to the LP group with usermod -a -G lp www-data
 
 
+// Default user settings
+// These settings can be changed per user, here the defaults
+// are defined which are used when the user has not changed the setting so far
 
-# Default user settings
-# These settings can be changed per user, here the defaults
-# are defined which are used when the user has not changed the setting so far
-
-# Night mode related
+// Night mode related
 DefaultUserSetting('night_mode_enabled', false); // If night mode is enabled always
 DefaultUserSetting('auto_night_mode_enabled', false); // If night mode is enabled automatically when inside a given time range (see the two settings below)
-DefaultUserSetting('auto_night_mode_time_range_from', "20:00"); // Format HH:mm
-DefaultUserSetting('auto_night_mode_time_range_to', "07:00"); // Format HH:mm
+DefaultUserSetting('auto_night_mode_time_range_from', '20:00'); // Format HH:mm
+DefaultUserSetting('auto_night_mode_time_range_to', '07:00'); // Format HH:mm
 DefaultUserSetting('auto_night_mode_time_range_goes_over_midnight', true); // If the time range above goes over midnight
 DefaultUserSetting('currently_inside_night_mode_range', false); // If we're currently inside of night mode time range (this is not user configurable, but stored as a user setting because it's evaluated client side to be able to use the client time instead of the maybe different server time)
+
+// Keep screen on settings
+DefaultUserSetting('keep_screen_on', false); // Keep the screen always on
+DefaultUserSetting('keep_screen_on_when_fullscreen_card', false); // Keep the screen on when a "fullscreen-card" is displayed
+
+// Stock settings
 DefaultUserSetting('product_presets_location_id', -1); // Default location id for new products (-1 means no location is preset)
 DefaultUserSetting('product_presets_product_group_id', -1); // Default product group id for new products (-1 means no product group is preset)
 DefaultUserSetting('product_presets_qu_id', -1); // Default quantity unit id for new products (-1 means no quantity unit is preset)
+DefaultUserSetting('stock_decimal_places_amounts', 4); // Default decimal places allowed for amounts
+DefaultUserSetting('stock_decimal_places_prices', 2); // Default decimal places allowed for prices
+DefaultUserSetting('stock_auto_decimal_separator_prices', false);
+DefaultUserSetting('stock_due_soon_days', 5);
+DefaultUserSetting('stock_default_purchase_amount', 0);
+DefaultUserSetting('stock_default_consume_amount', 1);
+DefaultUserSetting('stock_default_consume_amount_use_quick_consume_amount', false);
+DefaultUserSetting('scan_mode_consume_enabled', false);
+DefaultUserSetting('scan_mode_purchase_enabled', false);
+DefaultUserSetting('show_icon_on_stock_overview_page_when_product_is_on_shopping_list', true);
+DefaultUserSetting('show_purchased_date_on_purchase', false); // Whether the purchased date should be editable on purchase (defaults to today otherwise)
+DefaultUserSetting('show_warning_on_purchase_when_due_date_is_earlier_than_next', true); // Show a warning on purchase when the due date of the purchased product is earlier than the next due date in stock
 
-# If the page should be automatically reloaded when there was
-# an external change
-DefaultUserSetting('auto_reload_on_db_change', true);
+// Shopping list settings
+DefaultUserSetting('shopping_list_to_stock_workflow_auto_submit_when_prefilled', false); // Automatically do the booking using the last price and the amount of the shopping list item, if the product has "Default due days" set
+DefaultUserSetting('shopping_list_show_calendar', false);
 
-# Show a clock in the header next to the logo or not
+// Recipe settings
+DefaultUserSetting('recipe_ingredients_group_by_product_group', false); // Group recipe ingredients by their product group
+
+// Chores settings
+DefaultUserSetting('chores_due_soon_days', 5);
+
+// Batteries settings
+DefaultUserSetting('batteries_due_soon_days', 5);
+
+// Tasks settings
+DefaultUserSetting('tasks_due_soon_days', 5);
+
+// If the page should be automatically reloaded when there was an external change
+DefaultUserSetting('auto_reload_on_db_change', false);
+
+// Show a clock in the header next to the logo or not
 DefaultUserSetting('show_clock_in_header', false);
 
-# Shopping list to stock workflow:
-# Automatically do the booking using the last price and the amount
-# of the shopping list item, if the product has "Default best before days" set
-DefaultUserSetting('shopping_list_to_stock_workflow_auto_submit_when_prefilled', false);
+// Component configuration for Quagga2 - read https://github.com/ericblade/quagga2#configobject for details
+// Below is a generic good configuration,
+// for an iPhone 7 Plus, halfsample = true, patchsize = small, frequency = 5 yields very good results
+DefaultUserSetting('quagga2_numofworkers', 4);
+DefaultUserSetting('quagga2_halfsample', false);
+DefaultUserSetting('quagga2_patchsize', 'medium');
+DefaultUserSetting('quagga2_frequency', 10);
+DefaultUserSetting('quagga2_debug', true);
 
 
-
-
-# Feature flags
-# grocy was initially about "stock management for your household", many other things
-# came and still come by, because they are useful - here you can disable the parts
-# which you don't need to have a less cluttered UI
-# (set the setting to "false" to disable the corresponding part, which should be self explanatory)
+// Feature flags
+// grocy was initially about "stock management for your household", many other things
+// came and still come by, because they are useful - here you can disable the parts
+// which you don't need to have a less cluttered UI
+// (set the setting to "false" to disable the corresponding part, which should be self explanatory)
+Setting('FEATURE_FLAG_STOCK', true);
 Setting('FEATURE_FLAG_SHOPPINGLIST', true);
 Setting('FEATURE_FLAG_RECIPES', true);
 Setting('FEATURE_FLAG_CHORES', true);
@@ -86,3 +204,19 @@ Setting('FEATURE_FLAG_TASKS', true);
 Setting('FEATURE_FLAG_BATTERIES', true);
 Setting('FEATURE_FLAG_EQUIPMENT', true);
 Setting('FEATURE_FLAG_CALENDAR', true);
+Setting('FEATURE_FLAG_LABEL_PRINTER', false);
+
+// Sub feature flags
+Setting('FEATURE_FLAG_STOCK_PRICE_TRACKING', true);
+Setting('FEATURE_FLAG_STOCK_LOCATION_TRACKING', true);
+Setting('FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_TRACKING', true);
+Setting('FEATURE_FLAG_STOCK_PRODUCT_OPENED_TRACKING', true);
+Setting('FEATURE_FLAG_STOCK_PRODUCT_FREEZING', true);
+Setting('FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_FIELD_NUMBER_PAD', true); // Activate the number pad in due date fields on (supported) mobile browsers
+Setting('FEATURE_FLAG_SHOPPINGLIST_MULTIPLE_LISTS', true);
+Setting('FEATURE_FLAG_CHORES_ASSIGNMENTS', true);
+Setting('FEATURE_FLAG_THERMAL_PRINTER', false);
+
+// Feature settings
+Setting('FEATURE_SETTING_STOCK_COUNT_OPENED_PRODUCTS_AGAINST_MINIMUM_STOCK_AMOUNT', true); // When set to true, opened items will be counted as missing for calculating if a product is below its minimum stock amount
+Setting('FEATURE_FLAG_AUTO_TORCH_ON_WITH_CAMERA', true); // Enables the torch automatically (if the device has one)

controllers/BaseApiController.php

@@ -2,31 +2,147 @@
 
 namespace Grocy\Controllers;
 
+use LessQL\Result;
+
 class BaseApiController extends BaseController
 {
+	const PATTERN_FIELD = '[A-Za-z_][A-Za-z0-9_]+';
 
-	public function __construct(\Slim\Container $container)
+	const PATTERN_OPERATOR = '!?(=|~|<|>|(>=)|(<=)|(§))';
+
+	const PATTERN_VALUE = '[A-Za-z\x{0400}-\x{04FF}_0-9.$#^|-]+';
+
+	protected $OpenApiSpec = null;
+
+	protected function ApiResponse(\Psr\Http\Message\ResponseInterface $response, $data, $cache = false)
 	{
-		parent::__construct($container);
-		$this->OpenApiSpec = json_decode(file_get_contents(__DIR__ . '/../grocy.openapi.json'));
+		if ($cache)
+		{
+			$response = $response->withHeader('Cache-Control', 'max-age=2592000');
 		}
 
-	protected $OpenApiSpec;
-
-	protected function ApiResponse($data)
-	{
-		return json_encode($data);
+		$response->getBody()->write(json_encode($data, JSON_NUMERIC_CHECK));
+		return $response;
 	}
 
-	protected function EmptyApiResponse($response, $status = 204)
+	protected function EmptyApiResponse(\Psr\Http\Message\ResponseInterface $response, $status = 204)
 	{
 		return $response->withStatus($status);
 	}
 
-	protected function GenericErrorResponse($response, $errorMessage, $status = 400)
+	protected function GenericErrorResponse(\Psr\Http\Message\ResponseInterface $response, $errorMessage, $status = 400)
 	{
-		return $response->withStatus($status)->withJson(array(
+		return $response->withStatus($status)->withJson([
 			'error_message' => $errorMessage
-		));
+		]);
+	}
+
+	public function FilteredApiResponse(\Psr\Http\Message\ResponseInterface $response, Result $data, array $query)
+	{
+		$data = $this->queryData($data, $query);
+		return $this->ApiResponse($response, $data);
+	}
+
+	protected function queryData(Result $data, array $query)
+	{
+		if (isset($query['query']))
+		{
+			$data = $this->filter($data, $query['query']);
+		}
+
+		if (isset($query['limit']))
+		{
+			$data = $data->limit(intval($query['limit']), intval($query['offset'] ?? 0));
+		}
+
+		if (isset($query['order']))
+		{
+			$parts = explode(':', $query['order']);
+
+			if (count($parts) == 1)
+			{
+				$data = $data->orderBy($parts[0]);
+			}
+			else
+			{
+				if ($parts[1] != 'asc' && $parts[1] != 'desc')
+				{
+					throw new \Exception('Invalid sort order ' . $parts[1]);
+				}
+
+				$data = $data->orderBy($parts[0], $parts[1]);
+			}
+		}
+
+		return $data;
+	}
+
+	protected function filter(Result $data, array $query): Result
+	{
+		foreach ($query as $q)
+		{
+			$matches = [];
+			preg_match(
+				'/(?P<field>' . self::PATTERN_FIELD . ')'
+				. '(?P<op>' . self::PATTERN_OPERATOR . ')'
+				. '(?P<value>' . self::PATTERN_VALUE . ')/u',
+				$q,
+				$matches
+			);
+
+			if (!array_key_exists('field', $matches) || !array_key_exists('op', $matches) || !array_key_exists('value', $matches))
+			{
+				throw new \Exception('Invalid query');
+			}
+
+			$sqlOrNull = '';
+			if (strtolower($matches['value']) == 'null')
+			{
+				$sqlOrNull = ' OR ' . $matches['field'] . ' IS NULL';
+			}
+
+			switch ($matches['op']) {
+				case '=':
+					$data = $data->where($matches['field'] . ' = ?' . $sqlOrNull, $matches['value']);
+					break;
+				case '!=':
+					$data = $data->where($matches['field'] . ' != ?' . $sqlOrNull, $matches['value']);
+					break;
+				case '~':
+					$data = $data->where($matches['field'] . ' LIKE ?', '%' . $matches['value'] . '%');
+					break;
+				case '!~':
+					$data = $data->where($matches['field'] . ' NOT LIKE ?', '%' . $matches['value'] . '%');
+					break;
+				case '<':
+					$data = $data->where($matches['field'] . ' < ?', $matches['value']);
+					break;
+				case '>':
+					$data = $data->where($matches['field'] . ' > ?', $matches['value']);
+					break;
+				case '>=':
+					$data = $data->where($matches['field'] . ' >= ?', $matches['value']);
+					break;
+				case '<=':
+					$data = $data->where($matches['field'] . ' <= ?', $matches['value']);
+					break;
+				case '§':
+					$data = $data->where($matches['field'] . ' REGEXP ?', $matches['value']);
+					break;
+
+			}
+		}
+
+		return $data;
+	}
+
+	protected function getOpenApispec()
+	{
+		if ($this->OpenApiSpec == null)
+		{
+			$this->OpenApiSpec = json_decode(file_get_contents(__DIR__ . '/../grocy.openapi.json'));
+		}
+
+		return $this->OpenApiSpec;
 	}
 }

controllers/BaseController.php

@@ -2,52 +2,153 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\DatabaseService;
-use \Grocy\Services\ApplicationService;
-use \Grocy\Services\LocalizationService;
-use \Grocy\Services\UsersService;
+use Grocy\Controllers\Users\User;
+use Grocy\Services\ApiKeyService;
+use Grocy\Services\ApplicationService;
+use Grocy\Services\BatteriesService;
+use Grocy\Services\CalendarService;
+use Grocy\Services\ChoresService;
+use Grocy\Services\DatabaseService;
+use Grocy\Services\FilesService;
+use Grocy\Services\LocalizationService;
+use Grocy\Services\PrintService;
+use Grocy\Services\RecipesService;
+use Grocy\Services\SessionService;
+use Grocy\Services\StockService;
+use Grocy\Services\TasksService;
+use Grocy\Services\UserfieldsService;
+use Grocy\Services\UsersService;
 
 class BaseController
 {
-	public function __construct(\Slim\Container $container) {
-		$databaseService = new DatabaseService();
-		$this->Database = $databaseService->GetDbConnection();
-		
-		$localizationService = new LocalizationService(GROCY_CULTURE);
-		$this->LocalizationService = $localizationService;
-
-		if (GROCY_MODE === 'prerelease')
+	public function __construct(\DI\Container $container)
 	{
-			$commitHash = trim(exec('git log --pretty="%h" -n1 HEAD'));
-			$commitDate = trim(exec('git log --date=iso --pretty="%cd" -n1 HEAD'));
-			
-			$container->view->set('version', "pre-release-$commitHash");
-			$container->view->set('releaseDate', \substr($commitDate, 0, 19));
-		}
-		else
-		{
-			$applicationService = new ApplicationService();
-			$versionInfo = $applicationService->GetInstalledVersion();
-			$container->view->set('version', $versionInfo->Version);
-			$container->view->set('releaseDate', $versionInfo->ReleaseDate);
+		$this->AppContainer = $container;
+		$this->View = $container->get('view');
 	}
 
-		$container->view->set('localizationStrings', $localizationService->GetCurrentCultureLocalizations());
-		$container->view->set('L', function($text, ...$placeholderValues) use($localizationService)
+	protected $AppContainer;
+
+	protected function getApiKeyService()
 	{
-			return $localizationService->Localize($text, ...$placeholderValues);
+		return ApiKeyService::getInstance();
+	}
+
+	protected function getApplicationservice()
+	{
+		return ApplicationService::getInstance();
+	}
+
+	protected function getBatteriesService()
+	{
+		return BatteriesService::getInstance();
+	}
+
+	protected function getCalendarService()
+	{
+		return CalendarService::getInstance();
+	}
+
+	protected function getChoresService()
+	{
+		return ChoresService::getInstance();
+	}
+
+	protected function getDatabase()
+	{
+		return $this->getDatabaseService()->GetDbConnection();
+	}
+
+	protected function getDatabaseService()
+	{
+		return DatabaseService::getInstance();
+	}
+
+	protected function getFilesService()
+	{
+		return FilesService::getInstance();
+	}
+
+	protected function getLocalizationService()
+	{
+		if (!defined('GROCY_LOCALE'))
+		{
+			define('GROCY_LOCALE', GROCY_DEFAULT_LOCALE);
+		}
+
+		return LocalizationService::getInstance(GROCY_LOCALE);
+	}
+
+	protected function getRecipesService()
+	{
+		return RecipesService::getInstance();
+	}
+
+	protected function getSessionService()
+	{
+		return SessionService::getInstance();
+	}
+
+	protected function getStockService()
+	{
+		return StockService::getInstance();
+	}
+
+	protected function getPrintService()
+	{
+		return PrintService::getInstance();
+	}
+
+	protected function getTasksService()
+	{
+		return TasksService::getInstance();
+	}
+
+	protected function getUserfieldsService()
+	{
+		return UserfieldsService::getInstance();
+	}
+
+	protected function getUsersService()
+	{
+		return UsersService::getInstance();
+	}
+
+	protected function render($response, $page, $data = [])
+	{
+		$container = $this->AppContainer;
+
+		$versionInfo = $this->getApplicationService()->GetInstalledVersion();
+		$this->View->set('version', $versionInfo->Version);
+		$this->View->set('releaseDate', $versionInfo->ReleaseDate);
+
+		$localizationService = $this->getLocalizationService();
+		$this->View->set('__t', function (string $text, ...$placeholderValues) use ($localizationService) {
+			return $localizationService->__t($text, $placeholderValues);
 		});
-		$container->view->set('U', function($relativePath, $isResource = false) use($container)
+		$this->View->set('__n', function ($number, $singularForm, $pluralForm) use ($localizationService) {
+			return $localizationService->__n($number, $singularForm, $pluralForm);
+		});
+		$this->View->set('LocalizationStrings', $localizationService->GetPoAsJsonString());
+
+		// TODO: Better handle this generically based on the current language (header in .po file?)
+		$dir = 'ltr';
+		if (GROCY_LOCALE == 'he_IL')
 		{
-			return $container->UrlManager->ConstructUrl($relativePath, $isResource);
+			$dir = 'rtl';
+		}
+		$this->View->set('dir', $dir);
+
+		$this->View->set('U', function ($relativePath, $isResource = false) use ($container) {
+			return $container->get('UrlManager')->ConstructUrl($relativePath, $isResource);
 		});
 
 		$embedded = false;
-		if (isset($container->request->getQueryParams()['embedded']))
+		if (isset($_GET['embedded']))
 		{
 			$embedded = true;
 		}
-		$container->view->set('embedded', $embedded);
+		$this->View->set('embedded', $embedded);
 
 		$constants = get_defined_constants();
 		foreach ($constants as $constant => $value)
@@ -57,14 +158,40 @@ class BaseController
 				unset($constants[$constant]);
 			}
 		}
-		$container->view->set('featureFlags', $constants);
 
+		$this->View->set('featureFlags', $constants);
+		if (GROCY_AUTHENTICATED)
+		{
+			$this->View->set('permissions', User::PermissionList());
+
+			$decimalPlacesAmounts = intval($this->getUsersService()->GetUserSetting(GROCY_USER_ID, 'stock_decimal_places_amounts'));
+			if ($decimalPlacesAmounts <= 0)
+			{
+				$defaultMinAmount = 1;
+			}
+			else
+			{
+				$defaultMinAmount = '0.' . str_repeat('0', $decimalPlacesAmounts - 1) . '1';
+			}
+			$this->View->set('DEFAULT_MIN_AMOUNT', $defaultMinAmount);
+		}
+
+		return $this->View->render($response, $page, $data);
+	}
+
+	protected function renderPage($response, $page, $data = [])
+	{
+		$this->View->set('userentitiesForSidebar', $this->getDatabase()->userentities()->where('show_in_sidebar_menu = 1')->orderBy('name'));
 		try
 		{
-			$usersService = new UsersService();
+			$usersService = $this->getUsersService();
 			if (defined('GROCY_USER_ID'))
 			{
-				$container->view->set('userSettings', $usersService->GetUserSettings(GROCY_USER_ID));
+				$this->View->set('userSettings', $usersService->GetUserSettings(GROCY_USER_ID));
+			}
+			else
+			{
+				$this->View->set('userSettings', null);
 			}
 		}
 		catch (\Exception $ex)
@@ -72,10 +199,44 @@ class BaseController
 			// Happens when database is not initialised or migrated...
 		}
 
-		$this->AppContainer = $container;
+		return $this->render($response, $page, $data);
 	}
 
-	protected $AppContainer;
-	protected $Database;
-	protected $LocalizationService;
+	private static $htmlPurifierInstance = null;
+
+	protected function GetParsedAndFilteredRequestBody($request)
+	{
+		if (self::$htmlPurifierInstance == null)
+		{
+			$htmlPurifierConfig = \HTMLPurifier_Config::createDefault();
+			$htmlPurifierConfig->set('Cache.SerializerPath', GROCY_DATAPATH . '/viewcache');
+			$htmlPurifierConfig->set('HTML.Allowed', 'div,b,strong,i,em,u,a[href|title|target],iframe[src|width|height|frameborder],ul,ol,li,p[style],br,span[style],img[width|height|alt|src],table[border|width|style],tbody,tr,td,th,blockquote,*[style|class|id]');
+			$htmlPurifierConfig->set('Attr.EnableID', true);
+			$htmlPurifierConfig->set('HTML.SafeIframe', true);
+			$htmlPurifierConfig->set('CSS.AllowedProperties', 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align');
+			$htmlPurifierConfig->set('URI.AllowedSchemes', ['data' => true, 'http' => true, 'https' => true]);
+			$htmlPurifierConfig->set('URI.SafeIframeRegexp', '%^.*%'); // Allow any iframe source
+
+			self::$htmlPurifierInstance = new \HTMLPurifier($htmlPurifierConfig);
+		}
+
+		$requestBody = $request->getParsedBody();
+		foreach ($requestBody as $key => &$value)
+		{
+			// HTMLPurifier removes boolean values (true/false) and arrays, so explicitly keep them
+			// Maybe also possible through HTMLPurifier config (http://htmlpurifier.org/live/configdoc/plain.html)
+			if (!is_bool($value) && !is_array($value))
+			{
+				$value = self::$htmlPurifierInstance->purify($value);
+			}
+
+			// Allow some special chars
+			if (!is_array($value))
+			{
+				$value = str_replace('&amp;', '&', $value);
+			}
+		}
+
+		return $requestBody;
+	}
 }

controllers/BatteriesApiController.php

@@ -2,21 +2,34 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\BatteriesService;
+use Grocy\Controllers\Users\User;
+use Grocy\Helpers\WebhookRunner;
+use Grocy\Helpers\Grocycode;
 
 class BatteriesApiController extends BaseApiController
 {
-	public function __construct(\Slim\Container $container)
+	public function BatteryDetails(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		parent::__construct($container);
-		$this->BatteriesService = new BatteriesService();
+		try
+		{
+			return $this->ApiResponse($response, $this->getBatteriesService()->GetBatteryDetails($args['batteryId']));
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
 	}
 
-	protected $BatteriesService;
-
-	public function TrackChargeCycle(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function Current(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$requestBody = $request->getParsedBody();
+		return $this->FilteredApiResponse($response, $this->getBatteriesService()->GetCurrent(), $request->getQueryParams());
+	}
+
+	public function TrackChargeCycle(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_BATTERIES_TRACK_CHARGE_CYCLE);
+
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);
 
 		try
 		{
@@ -26,8 +39,8 @@ class BatteriesApiController extends BaseApiController
 				$trackedTime = $requestBody['tracked_time'];
 			}
 
-			$chargeCycleId = $this->BatteriesService->TrackChargeCycle($args['batteryId'], $trackedTime);
-			return $this->ApiResponse($this->Database->battery_charge_cycles($chargeCycleId));
+			$chargeCycleId = $this->getBatteriesService()->TrackChargeCycle($args['batteryId'], $trackedTime);
+			return $this->ApiResponse($response, $this->getDatabase()->battery_charge_cycles($chargeCycleId));
 		}
 		catch (\Exception $ex)
 		{
@@ -35,28 +48,13 @@ class BatteriesApiController extends BaseApiController
 		}
 	}
 
-	public function BatteryDetails(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function UndoChargeCycle(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
+		User::checkPermission($request, User::PERMISSION_BATTERIES_UNDO_CHARGE_CYCLE);
+
 		try
 		{
-			return $this->ApiResponse($this->BatteriesService->GetBatteryDetails($args['batteryId']));
-		}
-		catch (\Exception $ex)
-		{
-			return $this->GenericErrorResponse($response, $ex->getMessage());
-		}
-	}
-
-	public function Current(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->ApiResponse($this->BatteriesService->GetCurrent());
-	}
-
-	public function UndoChargeCycle(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		try
-		{
-			$this->ApiResponse($this->BatteriesService->UndoChargeCycle($args['chargeCycleId']));
+			$this->ApiResponse($response, $this->getBatteriesService()->UndoChargeCycle($args['chargeCycleId']));
 			return $this->EmptyApiResponse($response);
 		}
 		catch (\Exception $ex)
@@ -64,4 +62,28 @@ class BatteriesApiController extends BaseApiController
 			return $this->GenericErrorResponse($response, $ex->getMessage());
 		}
 	}
+
+	public function BatteryPrintLabel(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			$battery = $this->getDatabase()->batteries()->where('id', $args['batteryId'])->fetch();
+
+			$webhookData = array_merge([
+				'battery' => $battery->name,
+				'grocycode' => (string)(new Grocycode(Grocycode::BATTERY, $args['batteryId'])),
+			], GROCY_LABEL_PRINTER_PARAMS);
+
+			if (GROCY_LABEL_PRINTER_RUN_SERVER)
+			{
+				(new WebhookRunner())->run(GROCY_LABEL_PRINTER_WEBHOOK, $webhookData, GROCY_LABEL_PRINTER_HOOK_JSON);
+			}
+
+			return $this->ApiResponse($response, $webhookData);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
 }

controllers/BatteriesController.php

@@ -2,63 +2,103 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\BatteriesService;
+use Grocy\Helpers\Grocycode;
 
 class BatteriesController extends BaseController
 {
-	public function __construct(\Slim\Container $container)
+	use GrocycodeTrait;
+
+	public function BatteriesList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		parent::__construct($container);
-		$this->BatteriesService = new BatteriesService();
+		if (isset($request->getQueryParams()['include_disabled']))
+		{
+			$batteries = $this->getDatabase()->batteries()->orderBy('name', 'COLLATE NOCASE');
+		}
+		else
+		{
+			$batteries = $this->getDatabase()->batteries()->where('active = 1')->orderBy('name', 'COLLATE NOCASE');
 		}
 
-	protected $BatteriesService;
-
-	public function Overview(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'batteriesoverview', [
-			'batteries' => $this->Database->batteries()->orderBy('name'),
-			'current' => $this->BatteriesService->GetCurrent(),
-			'nextXDays' => 5
+		return $this->renderPage($response, 'batteries', [
+			'batteries' => $batteries,
+			'userfields' => $this->getUserfieldsService()->GetFields('batteries'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('batteries')
 		]);
 	}
 
-	public function TrackChargeCycle(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function BatteriesSettings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->AppContainer->view->render($response, 'batterytracking', [
-			'batteries' =>  $this->Database->batteries()->orderBy('name')
-		]);
+		return $this->renderPage($response, 'batteriessettings');
 	}
 
-	public function BatteriesList(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'batteries', [
-			'batteries' => $this->Database->batteries()->orderBy('name')
-		]);
-	}
-
-	public function BatteryEditForm(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function BatteryEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		if ($args['batteryId'] == 'new')
 		{
-			return $this->AppContainer->view->render($response, 'batteryform', [
-				'mode' => 'create'
+			return $this->renderPage($response, 'batteryform', [
+				'mode' => 'create',
+				'userfields' => $this->getUserfieldsService()->GetFields('batteries')
 			]);
 		}
 		else
 		{
-			return $this->AppContainer->view->render($response, 'batteryform', [
-				'battery' =>  $this->Database->batteries($args['batteryId']),
-				'mode' => 'edit'
+			return $this->renderPage($response, 'batteryform', [
+				'battery' => $this->getDatabase()->batteries($args['batteryId']),
+				'mode' => 'edit',
+				'userfields' => $this->getUserfieldsService()->GetFields('batteries')
 			]);
 		}
 	}
 
-	public function Journal(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function Journal(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->AppContainer->view->render($response, 'batteriesjournal', [
-			'chargeCycles' => $this->Database->battery_charge_cycles()->orderBy('tracked_time', 'DESC'),
-			'batteries' => $this->Database->batteries()->orderBy('name')
+		if (isset($request->getQueryParams()['months']) && filter_var($request->getQueryParams()['months'], FILTER_VALIDATE_INT) !== false)
+		{
+			$months = $request->getQueryParams()['months'];
+			$where = "tracked_time > DATE(DATE('now', 'localtime'), '-$months months')";
+		}
+		else
+		{
+			// Default 2 years
+			$where = "tracked_time > DATE(DATE('now', 'localtime'), '-24 months')";
+		}
+
+		if (isset($request->getQueryParams()['battery']) && filter_var($request->getQueryParams()['battery'], FILTER_VALIDATE_INT) !== false)
+		{
+			$batteryId = $request->getQueryParams()['battery'];
+			$where .= " AND battery_id = $batteryId";
+		}
+
+		return $this->renderPage($response, 'batteriesjournal', [
+			'chargeCycles' => $this->getDatabase()->battery_charge_cycles()->where($where)->orderBy('tracked_time', 'DESC'),
+			'batteries' => $this->getDatabase()->batteries()->where('active = 1')->orderBy('name', 'COLLATE NOCASE')
 		]);
 	}
+
+	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$usersService = $this->getUsersService();
+		$nextXDays = $usersService->GetUserSettings(GROCY_USER_ID)['batteries_due_soon_days'];
+
+		return $this->renderPage($response, 'batteriesoverview', [
+			'batteries' => $this->getDatabase()->batteries()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'current' => $this->getBatteriesService()->GetCurrent(),
+			'nextXDays' => $nextXDays,
+			'userfields' => $this->getUserfieldsService()->GetFields('batteries'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('batteries')
+		]);
+	}
+
+	public function TrackChargeCycle(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'batterytracking', [
+			'batteries' => $this->getDatabase()->batteries()->where('active = 1')->orderBy('name', 'COLLATE NOCASE')
+		]);
+	}
+
+	public function BatteryGrocycodeImage(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$gc = new Grocycode(Grocycode::BATTERY, $args['batteryId']);
+		return $this->ServeGrocycodeImage($request, $response, $gc);
+	}
 }

controllers/CalendarApiController.php

@@ -2,41 +2,54 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\CalendarService;
-use \Grocy\Services\ApiKeyService;
+use Eluceo\iCal\Domain\Entity\Calendar;
+use Eluceo\iCal\Domain\Entity\Event;
+use Eluceo\iCal\Domain\ValueObject\Date;
+use Eluceo\iCal\Domain\ValueObject\DateTime;
+use Eluceo\iCal\Domain\ValueObject\SingleDay;
+use Eluceo\iCal\Domain\ValueObject\TimeSpan;
+use Eluceo\iCal\Presentation\Factory\CalendarFactory;
 
 class CalendarApiController extends BaseApiController
 {
-	public function __construct(\Slim\Container $container)
-	{
-		parent::__construct($container);
-		$this->CalendarService = new CalendarService();
-		$this->ApiKeyService = new ApiKeyService();
-	}
-
-	protected $CalendarService;
-	protected $ApiKeyService;
-
-	public function Ical(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function Ical(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
 		{
-			$vCalendar = new \Eluceo\iCal\Component\Calendar('grocy');
+			$events = $this->getCalendarService()->GetEvents();
 
-			$events = $this->CalendarService->GetEvents();
+			$vCalendar = new Calendar();
 			foreach ($events as $event)
 			{
-				$vEvent = new \Eluceo\iCal\Component\Event();
-				$vEvent->setDtStart(new \DateTime($event['start']))
-					->setDtEnd(new \DateTime($event['start']))
-					->setSummary($event['title'])
-					->setNoTime($event['date_format'] === 'date')
-					->setUseUtc(false);
-				
-				$vCalendar->addComponent($vEvent);
+				$description = '';
+				if (isset($event['description']))
+				{
+					$description = $event['description'];
 				}
 
-			$response->write($vCalendar->render());
+				if ($event['date_format'] === 'date' || (isset($event['allDay']) && $event['allDay']))
+				{
+					// All-day event
+					$date = new Date(\DateTimeImmutable::createFromFormat('Y-m-d', $event['start']));
+					$vEventOccurrence = new SingleDay($date);
+				}
+				else
+				{
+					// Time-point event
+					$start = new DateTime(\DateTimeImmutable::createFromFormat('Y-m-d H:i:s', $event['start']), false);
+					$end = new DateTime(\DateTimeImmutable::createFromFormat('Y-m-d H:i:s', $event['start']), false);
+					$vEventOccurrence = new TimeSpan($start, $end);
+				}
+
+				$vEvent = new Event();
+				$vEvent->setOccurrence($vEventOccurrence)
+					->setSummary($event['title'])
+					->setDescription($description);
+
+				$vCalendar->addEvent($vEvent);
+			}
+
+			$response->write((new CalendarFactory())->createCalendar($vCalendar));
 			$response = $response->withHeader('Content-Type', 'text/calendar; charset=utf-8');
 			return $response->withHeader('Content-Disposition', 'attachment; filename="grocy.ics"');
 		}
@@ -46,13 +59,13 @@ class CalendarApiController extends BaseApiController
 		}
 	}
 
-	public function IcalSharingLink(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function IcalSharingLink(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
 		{
-			return $this->ApiResponse(array(
-				'url' => $this->AppContainer->UrlManager->ConstructUrl('/api/calendar/ical?secret=' . $this->ApiKeyService->GetOrCreateApiKey(ApiKeyService::API_KEY_TYPE_SPECIAL_PURPOSE_CALENDAR_ICAL))
-			));
+			return $this->ApiResponse($response, [
+				'url' => $this->AppContainer->get('UrlManager')->ConstructUrl('/api/calendar/ical?secret=' . $this->getApiKeyService()->GetOrCreateApiKey(\Grocy\Services\ApiKeyService::API_KEY_TYPE_SPECIAL_PURPOSE_CALENDAR_ICAL))
+			]);
 		}
 		catch (\Exception $ex)
 		{

controllers/CalendarController.php

@@ -2,22 +2,12 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\CalendarService;
-
 class CalendarController extends BaseController
 {
-	public function __construct(\Slim\Container $container)
+	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		parent::__construct($container);
-		$this->CalendarService = new CalendarService();
-	}
-
-	protected $CalendarService;
-
-	public function Overview(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'calendar', [
-			'fullcalendarEventSources' => $this->CalendarService->GetEvents()
+		return $this->renderPage($response, 'calendar', [
+			'fullcalendarEventSources' => $this->getCalendarService()->GetEvents()
 		]);
 	}
 }

controllers/ChoresApiController.php

@@ -2,26 +2,73 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\ChoresService;
+use Grocy\Controllers\Users\User;
+use Grocy\Helpers\WebhookRunner;
+use Grocy\Helpers\Grocycode;
 
 class ChoresApiController extends BaseApiController
 {
-	public function __construct(\Slim\Container $container)
+	public function CalculateNextExecutionAssignments(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		parent::__construct($container);
-		$this->ChoresService = new ChoresService();
+		try
+		{
+			$requestBody = $this->GetParsedAndFilteredRequestBody($request);
+
+			$choreId = null;
+
+			if (array_key_exists('chore_id', $requestBody) && !empty($requestBody['chore_id']) && is_numeric($requestBody['chore_id']))
+			{
+				$choreId = intval($requestBody['chore_id']);
 			}
 
-	protected $ChoresService;
-
-	public function TrackChoreExecution(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+			if ($choreId === null)
 			{
-		$requestBody = $request->getParsedBody();
+				$chores = $this->getDatabase()->chores();
+				foreach ($chores as $chore)
+				{
+					$this->getChoresService()->CalculateNextExecutionAssignment($chore->id);
+				}
+			}
+			else
+			{
+				$this->getChoresService()->CalculateNextExecutionAssignment($choreId);
+			}
+
+			return $this->EmptyApiResponse($response);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function ChoreDetails(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			return $this->ApiResponse($response, $this->getChoresService()->GetChoreDetails($args['choreId']));
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function Current(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->FilteredApiResponse($response, $this->getChoresService()->GetCurrent(), $request->getQueryParams());
+	}
+
+	public function TrackChoreExecution(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);
 
 		try
 		{
+			User::checkPermission($request, User::PERMISSION_CHORE_TRACK_EXECUTION);
+
 			$trackedTime = date('Y-m-d H:i:s');
-			if (array_key_exists('tracked_time', $requestBody) && IsIsoDateTime($requestBody['tracked_time']))
+			if (array_key_exists('tracked_time', $requestBody) && (IsIsoDateTime($requestBody['tracked_time']) || IsIsoDate($requestBody['tracked_time'])))
 			{
 				$trackedTime = $requestBody['tracked_time'];
 			}
@@ -32,8 +79,13 @@ class ChoresApiController extends BaseApiController
 				$doneBy = $requestBody['done_by'];
 			}
 
-			$choreExecutionId = $this->ChoresService->TrackChore($args['choreId'], $trackedTime, $doneBy);
-			return $this->ApiResponse($this->Database->chores_log($choreExecutionId));
+			if ($doneBy != GROCY_USER_ID)
+			{
+				User::checkPermission($request, User::PERMISSION_CHORE_TRACK_EXECUTION);
+			}
+
+			$choreExecutionId = $this->getChoresService()->TrackChore($args['choreId'], $trackedTime, $doneBy);
+			return $this->ApiResponse($response, $this->getDatabase()->chores_log($choreExecutionId));
 		}
 		catch (\Exception $ex)
 		{
@@ -41,28 +93,13 @@ class ChoresApiController extends BaseApiController
 		}
 	}
 
-	public function ChoreDetails(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function UndoChoreExecution(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
 		{
-			return $this->ApiResponse($this->ChoresService->GetChoreDetails($args['choreId']));
-		}
-		catch (\Exception $ex)
-		{
-			return $this->GenericErrorResponse($response, $ex->getMessage());
-		}
-	}
+			User::checkPermission($request, User::PERMISSION_CHORE_UNDO_EXECUTION);
 
-	public function Current(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->ApiResponse($this->ChoresService->GetCurrent());
-	}
-
-	public function UndoChoreExecution(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		try
-		{
-			$this->ApiResponse($this->ChoresService->UndoChoreExecution($args['executionId']));
+			$this->ApiResponse($response, $this->getChoresService()->UndoChoreExecution($args['executionId']));
 			return $this->EmptyApiResponse($response);
 		}
 		catch (\Exception $ex)
@@ -70,4 +107,28 @@ class ChoresApiController extends BaseApiController
 			return $this->GenericErrorResponse($response, $ex->getMessage());
 		}
 	}
+
+	public function ChorePrintLabel(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			$chore = $this->getDatabase()->chores()->where('id', $args['choreId'])->fetch();
+
+			$webhookData = array_merge([
+				'chore' => $chore->name,
+				'grocycode' => (string)(new Grocycode(Grocycode::CHORE, $args['choreId'])),
+			], GROCY_LABEL_PRINTER_PARAMS);
+
+			if (GROCY_LABEL_PRINTER_RUN_SERVER)
+			{
+				(new WebhookRunner())->run(GROCY_LABEL_PRINTER_WEBHOOK, $webhookData, GROCY_LABEL_PRINTER_HOOK_JSON);
+			}
+
+			return $this->ApiResponse($response, $webhookData);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
 }

controllers/ChoresController.php

@@ -2,67 +2,120 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\ChoresService;
+use Grocy\Helpers\Grocycode;
 
 class ChoresController extends BaseController
 {
-	public function __construct(\Slim\Container $container)
-	{
-		parent::__construct($container);
-		$this->ChoresService = new ChoresService();
-	}
+	use GrocycodeTrait;
 
-	protected $ChoresService;
-
-	public function Overview(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function ChoreEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->AppContainer->view->render($response, 'choresoverview', [
-			'chores' => $this->Database->chores()->orderBy('name'),
-			'currentChores' => $this->ChoresService->GetCurrent(),
-			'nextXDays' => 5
-		]);
-	}
+		$usersService = $this->getUsersService();
+		$users = $usersService->GetUsersAsDto();
 
-	public function TrackChoreExecution(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'choretracking', [
-			'chores' => $this->Database->chores()->orderBy('name'),
-			'users' => $this->Database->users()->orderBy('username')
-		]);
-	}
-
-	public function ChoresList(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'chores', [
-			'chores' => $this->Database->chores()->orderBy('name')
-		]);
-	}
-
-	public function Journal(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'choresjournal', [
-			'choresLog' => $this->Database->chores_log()->orderBy('tracked_time', 'DESC'),
-			'chores' => $this->Database->chores()->orderBy('name'),
-			'users' => $this->Database->users()->orderBy('username')
-		]);
-	}
-
-	public function ChoreEditForm(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
 		if ($args['choreId'] == 'new')
 		{
-			return $this->AppContainer->view->render($response, 'choreform', [
-				'periodTypes' => GetClassConstants('\Grocy\Services\ChoresService'),
-				'mode' => 'create'
+			return $this->renderPage($response, 'choreform', [
+				'periodTypes' => GetClassConstants('\Grocy\Services\ChoresService', 'CHORE_PERIOD_TYPE_'),
+				'mode' => 'create',
+				'userfields' => $this->getUserfieldsService()->GetFields('chores'),
+				'assignmentTypes' => GetClassConstants('\Grocy\Services\ChoresService', 'CHORE_ASSIGNMENT_TYPE_'),
+				'users' => $users,
+				'products' => $this->getDatabase()->products()->orderBy('name', 'COLLATE NOCASE')
 			]);
 		}
 		else
 		{
-			return $this->AppContainer->view->render($response, 'choreform', [
-				'chore' =>  $this->Database->chores($args['choreId']),
-				'periodTypes' => GetClassConstants('\Grocy\Services\ChoresService'),
-				'mode' => 'edit'
+			return $this->renderPage($response, 'choreform', [
+				'chore' => $this->getDatabase()->chores($args['choreId']),
+				'periodTypes' => GetClassConstants('\Grocy\Services\ChoresService', 'CHORE_PERIOD_TYPE_'),
+				'mode' => 'edit',
+				'userfields' => $this->getUserfieldsService()->GetFields('chores'),
+				'assignmentTypes' => GetClassConstants('\Grocy\Services\ChoresService', 'CHORE_ASSIGNMENT_TYPE_'),
+				'users' => $users,
+				'products' => $this->getDatabase()->products()->orderBy('name', 'COLLATE NOCASE')
 			]);
 		}
 	}
+
+	public function ChoresList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if (isset($request->getQueryParams()['include_disabled']))
+		{
+			$chores = $this->getDatabase()->chores()->orderBy('name', 'COLLATE NOCASE');
+		}
+		else
+		{
+			$chores = $this->getDatabase()->chores()->where('active = 1')->orderBy('name', 'COLLATE NOCASE');
+		}
+
+		return $this->renderPage($response, 'chores', [
+			'chores' => $chores,
+			'userfields' => $this->getUserfieldsService()->GetFields('chores'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('chores')
+		]);
+	}
+
+	public function ChoresSettings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'choressettings');
+	}
+
+	public function Journal(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if (isset($request->getQueryParams()['months']) && filter_var($request->getQueryParams()['months'], FILTER_VALIDATE_INT) !== false)
+		{
+			$months = $request->getQueryParams()['months'];
+			$where = "tracked_time > DATE(DATE('now', 'localtime'), '-$months months')";
+		}
+		else
+		{
+			// Default 1 year
+			$where = "tracked_time > DATE(DATE('now', 'localtime'), '-12 months')";
+		}
+
+		if (isset($request->getQueryParams()['chore']) && filter_var($request->getQueryParams()['chore'], FILTER_VALIDATE_INT) !== false)
+		{
+			$choreId = $request->getQueryParams()['chore'];
+			$where .= " AND chore_id = $choreId";
+		}
+
+		return $this->renderPage($response, 'choresjournal', [
+			'choresLog' => $this->getDatabase()->chores_log()->where($where)->orderBy('tracked_time', 'DESC'),
+			'chores' => $this->getDatabase()->chores()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'users' => $this->getDatabase()->users()->orderBy('username'),
+			'userfields' => $this->getUserfieldsService()->GetFields('chores_log'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('chores_log')
+		]);
+	}
+
+	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$usersService = $this->getUsersService();
+		$nextXDays = $usersService->GetUserSettings(GROCY_USER_ID)['chores_due_soon_days'];
+
+		return $this->renderPage($response, 'choresoverview', [
+			'chores' => $this->getDatabase()->chores()->orderBy('name', 'COLLATE NOCASE'),
+			'currentChores' => $this->getChoresService()->GetCurrent(),
+			'nextXDays' => $nextXDays,
+			'userfields' => $this->getUserfieldsService()->GetFields('chores'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('chores'),
+			'users' => $usersService->GetUsersAsDto()
+		]);
+	}
+
+	public function TrackChoreExecution(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'choretracking', [
+			'chores' => $this->getDatabase()->chores()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'users' => $this->getDatabase()->users()->orderBy('username'),
+			'userfields' => $this->getUserfieldsService()->GetFields('chores_log'),
+		]);
+	}
+
+	public function ChoreGrocycodeImage(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$gc = new Grocycode(Grocycode::CHORE, $args['choreId']);
+		return $this->ServeGrocycodeImage($request, $response, $gc);
+	}
 }

controllers/EquipmentController.php

@@ -2,30 +2,35 @@
 
 namespace Grocy\Controllers;
 
-
 class EquipmentController extends BaseController
 {
-	public function Overview(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'equipment', [
-			'equipment' => $this->Database->equipment()->orderBy('name')
-		]);
-	}
+	protected $UserfieldsService;
 
-	public function EditForm(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function EditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		if ($args['equipmentId'] == 'new')
 		{
-			return $this->AppContainer->view->render($response, 'equipmentform', [
-				'mode' => 'create'
+			return $this->renderPage($response, 'equipmentform', [
+				'mode' => 'create',
+				'userfields' => $this->getUserfieldsService()->GetFields('equipment')
 			]);
 		}
 		else
 		{
-			return $this->AppContainer->view->render($response, 'equipmentform', [
-				'equipment' =>  $this->Database->equipment($args['equipmentId']),
-				'mode' => 'edit'
+			return $this->renderPage($response, 'equipmentform', [
+				'equipment' => $this->getDatabase()->equipment($args['equipmentId']),
+				'mode' => 'edit',
+				'userfields' => $this->getUserfieldsService()->GetFields('equipment')
 			]);
 		}
 	}
+
+	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'equipment', [
+			'equipment' => $this->getDatabase()->equipment()->orderBy('name', 'COLLATE NOCASE'),
+			'userfields' => $this->getUserfieldsService()->GetFields('equipment'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('equipment')
+		]);
+	}
 }

controllers/ExceptionController.php

@@ -0,0 +1,83 @@
+<?php
+
+namespace Grocy\Controllers;
+
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Log\LoggerInterface;
+use Slim\Exception\HttpException;
+use Slim\Exception\HttpForbiddenException;
+use Slim\Exception\HttpNotFoundException;
+use Throwable;
+
+class ExceptionController extends BaseApiController
+{
+	public function __construct(\Slim\App $app, \DI\Container $container)
+	{
+		parent::__construct($container);
+		$this->app = $app;
+	}
+
+	/**
+	 * @var \Slim\App
+	 */
+	private $app;
+
+	public function __invoke(ServerRequestInterface $request, Throwable $exception, bool $displayErrorDetails, bool $logErrors, bool $logErrorDetails, ?LoggerInterface $logger = null)
+	{
+		$response = $this->app->getResponseFactory()->createResponse();
+		$isApiRoute = string_starts_with($request->getUri()->getPath(), '/api/');
+
+		if (!defined('GROCY_AUTHENTICATED'))
+		{
+			define('GROCY_AUTHENTICATED', false);
+		}
+
+		if ($isApiRoute)
+		{
+			$status = 500;
+
+			if ($exception instanceof HttpException)
+			{
+				$status = $exception->getCode();
+			}
+
+			$data = [
+				'error_message' => $exception->getMessage()
+			];
+
+			if ($displayErrorDetails)
+			{
+				$data['error_details'] = [
+					'stack_trace' => $exception->getTraceAsString(),
+					'file' => $exception->getFile(),
+					'line' => $exception->getLine()
+				];
+			}
+
+			return $this->ApiResponse($response->withStatus($status)->withHeader('Content-Type', 'application/json'), $data);
+		}
+
+		if ($exception instanceof HttpNotFoundException)
+		{
+			if (!defined('GROCY_AUTHENTICATED'))
+			{
+				define('GROCY_AUTHENTICATED', false);
+			}
+
+			return $this->renderPage($response->withStatus(404), 'errors/404', [
+				'exception' => $exception
+			]);
+		}
+
+		if ($exception instanceof HttpForbiddenException)
+		{
+			return $this->renderPage($response->withStatus(403), 'errors/403', [
+				'exception' => $exception
+			]);
+		}
+
+		return $this->renderPage($response->withStatus(500), 'errors/500', [
+			'exception' => $exception
+		]);
+	}
+}

controllers/FilesApiController.php

@@ -2,22 +2,20 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\FilesService;
+use Grocy\Services\FilesService;
+use Slim\Exception\HttpNotFoundException;
 
 class FilesApiController extends BaseApiController
 {
-	public function __construct(\Slim\Container $container)
-	{
-		parent::__construct($container);
-		$this->FilesService = new FilesService();
-	}
-
-	protected $FilesService;
-
-	public function UploadFile(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function DeleteFile(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
 		{
+			if (!in_array($args['group'], $this->getOpenApiSpec()->components->schemas->FileGroups->enum))
+			{
+				throw new \Exception('Invalid file group');
+			}
+
 			if (IsValidFileName(base64_decode($args['fileName'])))
 			{
 				$fileName = base64_decode($args['fileName']);
@@ -27,8 +25,7 @@ class FilesApiController extends BaseApiController
 				throw new \Exception('Invalid filename');
 			}
 
-			$data = $request->getBody()->getContents();
-			file_put_contents($this->FilesService->GetFilePath($args['group'], $fileName), $data);
+			$this->getFilesService()->DeleteFile($args['group'], $fileName);
 
 			return $this->EmptyApiResponse($response);
 		}
@@ -38,57 +35,81 @@ class FilesApiController extends BaseApiController
 		}
 	}
 
-	public function ServeFile(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function ServeFile(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
 		{
-			if (IsValidFileName(base64_decode($args['fileName'])))
+			if (!in_array($args['group'], $this->getOpenApiSpec()->components->schemas->FileGroups->enum))
 			{
-				$fileName = base64_decode($args['fileName']);
-			}
-			else
-			{
-				throw new \Exception('Invalid filename');
+				throw new \Exception('Invalid file group');
 			}
 
-			$filePath = $this->FilesService->GetFilePath($args['group'], $fileName);
+			$fileName = $this->checkFileName($args['fileName']);
+			$filePath = $this->getFilePath($args['group'], $fileName, $request->getQueryParams());
 
 			if (file_exists($filePath))
 			{
 				$response->write(file_get_contents($filePath));
+				$response = $response->withHeader('Cache-Control', 'max-age=2592000');
 				$response = $response->withHeader('Content-Type', mime_content_type($filePath));
 				return $response->withHeader('Content-Disposition', 'inline; filename="' . $fileName . '"');
 			}
 			else
 			{
-				return $this->GenericErrorResponse($response, 'File not found', 404);
+				throw new HttpNotFoundException($request, 'File not found');
 			}
 		}
 		catch (\Exception $ex)
 		{
-			return $this->GenericErrorResponse($response, $ex->getMessage());
+			throw new HttpNotFoundException($request, $ex->getMessage(), $ex);
 		}
 	}
 
-	public function DeleteFile(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function ShowFile(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
 		{
-			if (IsValidFileName(base64_decode($args['fileName'])))
+			if (!in_array($args['group'], $this->getOpenApiSpec()->components->schemas->FileGroups->enum))
 			{
-				$fileName = base64_decode($args['fileName']);
+				throw new \Exception('Invalid file group');
+			}
+
+			$fileInfo = explode('_', $args['fileName']);
+			$fileName = $this->checkFileName($fileInfo[1]);
+			$filePath = $this->getFilePath($args['group'], base64_decode($fileInfo[0]), $request->getQueryParams());
+
+			if (file_exists($filePath))
+			{
+				$response->write(file_get_contents($filePath));
+				$response = $response->withHeader('Cache-Control', 'max-age=2592000');
+				$response = $response->withHeader('Content-Type', mime_content_type($filePath));
+				return $response->withHeader('Content-Disposition', 'inline; filename="' . $fileName . '"');
 			}
 			else
 			{
-				throw new \Exception('Invalid filename');
+				throw new HttpNotFoundException($request, 'File not found');
+			}
+		}
+		catch (\Exception $ex)
+		{
+			throw new HttpNotFoundException($request, $ex->getMessage(), $ex);
+		}
 	}
 
-			$filePath = $this->FilesService->GetFilePath($args['group'], $fileName);
-			if (file_exists($filePath))
+	public function UploadFile(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-				unlink($filePath);
+		try
+		{
+			if (!in_array($args['group'], $this->getOpenApiSpec()->components->schemas->FileGroups->enum))
+			{
+				throw new \Exception('Invalid file group');
 			}
 
+			$fileName = $this->checkFileName($args['fileName']);
+			$data = $request->getBody()->getContents();
+
+			file_put_contents($this->getFilesService()->GetFilePath($args['group'], $fileName), $data);
+
 			return $this->EmptyApiResponse($response);
 		}
 		catch (\Exception $ex)
@@ -96,4 +117,61 @@ class FilesApiController extends BaseApiController
 			return $this->GenericErrorResponse($response, $ex->getMessage());
 		}
 	}
+
+	/**
+	 * @param string $fileName base64-encoded file-name
+	 * @return false|string the decoded file-name
+	 * @throws \Exception if the file-name is invalid.
+	 */
+	protected function checkFileName(string $fileName)
+	{
+		if (IsValidFileName(base64_decode($fileName)))
+		{
+			$fileName = base64_decode($fileName);
+		}
+		else
+		{
+			throw new \Exception('Invalid filename');
+		}
+
+		return $fileName;
+	}
+
+	/**
+	 * @param string $group The group the requested files belongs to.
+	 * @param string $fileName The name of the requested file.
+	 * @param array $queryParams Parameter, e.g. for scaling. Optional.
+	 * @return string
+	 */
+	protected function getFilePath(string $group, string $fileName, array $queryParams = [])
+	{
+		$forceServeAs = null;
+		if (isset($queryParams['force_serve_as']) && !empty($queryParams['force_serve_as']))
+		{
+			$forceServeAs = $queryParams['force_serve_as'];
+		}
+
+		if ($forceServeAs == FilesService::FILE_SERVE_TYPE_PICTURE)
+		{
+			$bestFitHeight = null;
+			if (isset($queryParams['best_fit_height']) && !empty($queryParams['best_fit_height']) && is_numeric($queryParams['best_fit_height']))
+			{
+				$bestFitHeight = $queryParams['best_fit_height'];
+			}
+
+			$bestFitWidth = null;
+			if (isset($queryParams['best_fit_width']) && !empty($queryParams['best_fit_width']) && is_numeric($queryParams['best_fit_width']))
+			{
+				$bestFitWidth = $queryParams['best_fit_width'];
+			}
+
+			$filePath = $this->getFilesService()->DownscaleImage($group, $fileName, $bestFitHeight, $bestFitWidth);
+		}
+		else
+		{
+			$filePath = $this->getFilesService()->GetFilePath($group, $fileName);
+		}
+
+		return $filePath;
+	}
 }

controllers/GenericEntityApiController.php

@@ -2,37 +2,23 @@
 
 namespace Grocy\Controllers;
 
+use Grocy\Controllers\Users\User;
+use Slim\Exception\HttpBadRequestException;
+
 class GenericEntityApiController extends BaseApiController
 {
-	public function GetObjects(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function AddObject(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		if ($this->IsValidEntity($args['entity']) && !$this->IsEntityWithPreventedListing($args['entity']))
+		User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
+
+		if ($this->IsValidExposedEntity($args['entity']) && !$this->IsEntityWithNoEdit($args['entity']))
 		{
-			return $this->ApiResponse($this->Database->{$args['entity']}());
-		}
-		else
+			if ($this->IsEntityWithEditRequiresAdmin($args['entity']))
 			{
-			return $this->GenericErrorResponse($response, 'Entity does not exist or is not exposed');
-		}
+				User::checkPermission($request, User::PERMISSION_ADMIN);
 			}
 
-	public function GetObject(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		if ($this->IsValidEntity($args['entity']) && !$this->IsEntityWithPreventedListing($args['entity']))
-		{
-			return $this->ApiResponse($this->Database->{$args['entity']}($args['objectId']));
-		}
-		else
-		{
-			return $this->GenericErrorResponse($response, 'Entity does not exist or is not exposed');
-		}
-	}
-
-	public function AddObject(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		if ($this->IsValidEntity($args['entity']))
-		{
-			$requestBody = $request->getParsedBody();
+			$requestBody = $this->GetParsedAndFilteredRequestBody($request);
 
 			try
 			{
@@ -41,10 +27,13 @@ class GenericEntityApiController extends BaseApiController
 					throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
 				}
 
-				$newRow = $this->Database->{$args['entity']}()->createRow($requestBody);
+				$newRow = $this->getDatabase()->{$args['entity']}()->createRow($requestBody);
 				$newRow->save();
 				$success = $newRow->isClean();
-				return $this->EmptyApiResponse($response);
+
+				return $this->ApiResponse($response, [
+					'created_object_id' => $this->getDatabase()->lastInsertId()
+				]);
 			}
 			catch (\Exception $ex)
 			{
@@ -57,11 +46,46 @@ class GenericEntityApiController extends BaseApiController
 		}
 	}
 
-	public function EditObject(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function DeleteObject(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		if ($this->IsValidEntity($args['entity']))
+		User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
+
+		if ($this->IsValidExposedEntity($args['entity']) && !$this->IsEntityWithNoDelete($args['entity']))
 		{
-			$requestBody = $request->getParsedBody();
+			if ($this->IsEntityWithEditRequiresAdmin($args['entity']))
+			{
+				User::checkPermission($request, User::PERMISSION_ADMIN);
+			}
+
+			$row = $this->getDatabase()->{$args['entity']}($args['objectId']);
+			if ($row == null)
+			{
+				return $this->GenericErrorResponse($response, 'Object not found', 400);
+			}
+
+			$row->delete();
+			$success = $row->isClean();
+
+			return $this->EmptyApiResponse($response);
+		}
+		else
+		{
+			return $this->GenericErrorResponse($response, 'Invalid entity');
+		}
+	}
+
+	public function EditObject(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
+
+		if ($this->IsValidExposedEntity($args['entity']) && !$this->IsEntityWithNoEdit($args['entity']))
+		{
+			if ($this->IsEntityWithEditRequiresAdmin($args['entity']))
+			{
+				User::checkPermission($request, User::PERMISSION_ADMIN);
+			}
+
+			$requestBody = $this->GetParsedAndFilteredRequestBody($request);
 
 			try
 			{
@@ -70,9 +94,15 @@ class GenericEntityApiController extends BaseApiController
 					throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
 				}
 
-				$row = $this->Database->{$args['entity']}($args['objectId']);
+				$row = $this->getDatabase()->{$args['entity']}($args['objectId']);
+				if ($row == null)
+				{
+					return $this->GenericErrorResponse($response, 'Object not found', 400);
+				}
+
 				$row->update($requestBody);
 				$success = $row->isClean();
+
 				return $this->EmptyApiResponse($response);
 			}
 			catch (\Exception $ex)
@@ -86,28 +116,125 @@ class GenericEntityApiController extends BaseApiController
 		}
 	}
 
-	public function DeleteObject(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function GetObject(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		if ($this->IsValidEntity($args['entity']))
+		if ($this->IsValidExposedEntity($args['entity']) && !$this->IsEntityWithNoListing($args['entity']))
 		{
-			$row = $this->Database->{$args['entity']}($args['objectId']);
-			$row->delete();
-			$success = $row->isClean();
-			return $this->EmptyApiResponse($response);
+			$userfields = $this->getUserfieldsService()->GetValues($args['entity'], $args['objectId']);
+			if (count($userfields) === 0)
+			{
+				$userfields = null;
+			}
+
+			$object = $this->getDatabase()->{$args['entity']}($args['objectId']);
+			if ($object == null)
+			{
+				return $this->GenericErrorResponse($response, 'Object not found', 404);
+			}
+
+			$object['userfields'] = $userfields;
+
+			return $this->ApiResponse($response, $object);
 		}
 		else
+		{
+			return $this->GenericErrorResponse($response, 'Entity does not exist or is not exposed');
+		}
+	}
+
+	public function GetObjects(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if (!$this->IsValidExposedEntity($args['entity']) || $this->IsEntityWithNoListing($args['entity']))
+		{
+			return $this->GenericErrorResponse($response, 'Entity does not exist or is not exposed');
+		}
+
+		$objects = $this->queryData($this->getDatabase()->{$args['entity']}(), $request->getQueryParams());
+		$userfields = $this->getUserfieldsService()->GetFields($args['entity']);
+
+		if (count($userfields) > 0)
+		{
+			$allUserfieldValues = $this->getUserfieldsService()->GetAllValues($args['entity']);
+
+			foreach ($objects as $object)
+			{
+				$userfieldKeyValuePairs = null;
+				foreach ($userfields as $userfield)
+				{
+					$value = FindObjectInArrayByPropertyValue($allUserfieldValues, 'object_id', $object->id);
+					if ($value)
+					{
+						$userfieldKeyValuePairs[$userfield->name] = $value->value;
+					}
+					else
+					{
+						$userfieldKeyValuePairs[$userfield->name] = null;
+					}
+				}
+
+				$object->userfields = $userfieldKeyValuePairs;
+			}
+		}
+
+		return $this->ApiResponse($response, $objects);
+	}
+
+	public function GetUserfields(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			return $this->ApiResponse($response, $this->getUserfieldsService()->GetValues($args['entity'], $args['objectId']));
+		}
+		catch (\Exception $ex)
 		{
 			return $this->GenericErrorResponse($response, $ex->getMessage());
 		}
 	}
 
-	private function IsValidEntity($entity)
+	public function SetUserfields(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return in_array($entity, $this->OpenApiSpec->components->internalSchemas->ExposedEntity->enum);
+		User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
+
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);
+
+		try
+		{
+			if ($requestBody === null)
+			{
+				throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
 			}
 
-	private function IsEntityWithPreventedListing($entity)
+			$this->getUserfieldsService()->SetValues($args['entity'], $args['objectId'], $requestBody);
+			return $this->EmptyApiResponse($response);
+		}
+		catch (\Exception $ex)
 		{
-		return in_array($entity, $this->OpenApiSpec->components->internalSchemas->ExposedEntitiesPreventListing->enum);
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	private function IsEntityWithEditRequiresAdmin($entity)
+	{
+		return in_array($entity, $this->getOpenApiSpec()->components->schemas->ExposedEntityEditRequiresAdmin->enum);
+	}
+
+	private function IsEntityWithNoListing($entity)
+	{
+		return in_array($entity, $this->getOpenApiSpec()->components->schemas->ExposedEntityNoListing->enum);
+	}
+
+	private function IsEntityWithNoEdit($entity)
+	{
+		return in_array($entity, $this->getOpenApiSpec()->components->schemas->ExposedEntityNoEdit->enum);
+	}
+
+	private function IsEntityWithNoDelete($entity)
+	{
+		return in_array($entity, $this->getOpenApiSpec()->components->schemas->ExposedEntityNoDelete->enum);
+	}
+
+	private function IsValidExposedEntity($entity)
+	{
+		return in_array($entity, $this->getOpenApiSpec()->components->schemas->ExposedEntity->enum);
 	}
 }

controllers/GenericEntityController.php

@@ -0,0 +1,94 @@
+<?php
+
+namespace Grocy\Controllers;
+
+class GenericEntityController extends BaseController
+{
+	public function UserentitiesList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'userentities', [
+			'userentities' => $this->getDatabase()->userentities()->orderBy('name', 'COLLATE NOCASE')
+		]);
+	}
+
+	public function UserentityEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if ($args['userentityId'] == 'new')
+		{
+			return $this->renderPage($response, 'userentityform', [
+				'mode' => 'create'
+			]);
+		}
+		else
+		{
+			return $this->renderPage($response, 'userentityform', [
+				'mode' => 'edit',
+				'userentity' => $this->getDatabase()->userentities($args['userentityId'])
+			]);
+		}
+	}
+
+	public function UserfieldEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if ($args['userfieldId'] == 'new')
+		{
+			return $this->renderPage($response, 'userfieldform', [
+				'mode' => 'create',
+				'userfieldTypes' => $this->getUserfieldsService()->GetFieldTypes(),
+				'entities' => $this->getUserfieldsService()->GetEntities()
+			]);
+		}
+		else
+		{
+			return $this->renderPage($response, 'userfieldform', [
+				'mode' => 'edit',
+				'userfield' => $this->getUserfieldsService()->GetField($args['userfieldId']),
+				'userfieldTypes' => $this->getUserfieldsService()->GetFieldTypes(),
+				'entities' => $this->getUserfieldsService()->GetEntities()
+			]);
+		}
+	}
+
+	public function UserfieldsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'userfields', [
+			'userfields' => $this->getUserfieldsService()->GetAllFields(),
+			'entities' => $this->getUserfieldsService()->GetEntities()
+		]);
+	}
+
+	public function UserobjectEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$userentity = $this->getDatabase()->userentities()->where('name = :1', $args['userentityName'])->fetch();
+
+		if ($args['userobjectId'] == 'new')
+		{
+			return $this->renderPage($response, 'userobjectform', [
+				'userentity' => $userentity,
+				'mode' => 'create',
+				'userfields' => $this->getUserfieldsService()->GetFields('userentity-' . $args['userentityName'])
+			]);
+		}
+		else
+		{
+			return $this->renderPage($response, 'userobjectform', [
+				'userentity' => $userentity,
+				'mode' => 'edit',
+				'userobject' => $this->getDatabase()->userobjects($args['userobjectId']),
+				'userfields' => $this->getUserfieldsService()->GetFields('userentity-' . $args['userentityName'])
+			]);
+		}
+	}
+
+	public function UserobjectsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$userentity = $this->getDatabase()->userentities()->where('name = :1', $args['userentityName'])->fetch();
+
+		return $this->renderPage($response, 'userobjects', [
+			'userentity' => $userentity,
+			'userobjects' => $this->getDatabase()->userobjects()->where('userentity_id = :1', $userentity->id),
+			'userfields' => $this->getUserfieldsService()->GetFields('userentity-' . $args['userentityName']),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('userentity-' . $args['userentityName'])
+		]);
+	}
+}

controllers/GrocycodeTrait.php

@@ -0,0 +1,45 @@
+<?php
+
+namespace Grocy\Controllers;
+
+use Grocy\Helpers\Grocycode;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Message\ResponseInterface;
+use jucksearm\barcode\lib\BarcodeFactory;
+use jucksearm\barcode\lib\DatamatrixFactory;
+
+trait GrocycodeTrait
+{
+	public function ServeGrocycodeImage(ServerRequestInterface $request, ResponseInterface $response, Grocycode $grocycode)
+	{
+		$size = $request->getQueryParam('size', null);
+
+		if (GROCY_GROCYCODE_TYPE == '2D')
+		{
+			$png = (new DatamatrixFactory())->setCode((string) $grocycode)->setSize($size)->getDatamatrixPngData();
+		}
+		else
+		{
+			$png = (new BarcodeFactory())->setType('C128')->setCode((string) $grocycode)->setHeight($size)->getBarcodePngData();
+		}
+
+		$isDownload = $request->getQueryParam('download', false);
+		if ($isDownload)
+		{
+			$response = $response->withHeader('Content-Type', 'application/octet-stream')
+				->withHeader('Content-Disposition', 'attachment; filename=grocycode.png')
+				->withHeader('Content-Length', strlen($png))
+				->withHeader('Cache-Control', 'no-cache')
+				->withHeader('Last-Modified', gmdate('D, d M Y H:i:s') . ' GMT');
+		}
+		else
+		{
+			$response = $response->withHeader('Content-Type', 'image/png')
+				->withHeader('Content-Length', strlen($png))
+				->withHeader('Cache-Control', 'no-cache')
+				->withHeader('Last-Modified', gmdate('D, d M Y H:i:s') . ' GMT');
+		}
+		$response->getBody()->write($png);
+		return $response;
+	}
+}

controllers/LoginController.php

@@ -2,69 +2,31 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\SessionService;
-use \Grocy\Services\DatabaseMigrationService;
-use \Grocy\Services\DemoDataGeneratorService;
+use Grocy\Services\SessionService;
 
 class LoginController extends BaseController
 {
-	public function __construct(\Slim\Container $container, string $sessionCookieName)
+	public function LoginPage(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		parent::__construct($container);
-		$this->SessionService = new SessionService();
-		$this->SessionCookieName = $sessionCookieName;
+		return $this->renderPage($response, 'login');
 	}
 
-	protected $SessionService;
-	protected $SessionCookieName;
-
-	public function ProcessLogin(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function Logout(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$postParams = $request->getParsedBody();
-		if (isset($postParams['username']) && isset($postParams['password']))
-		{
-			$user = $this->Database->users()->where('username', $postParams['username'])->fetch();
-			$inputPassword = $postParams['password'];
-			$stayLoggedInPermanently = $postParams['stay_logged_in'] == 'on';
-
-			if ($user !== null && password_verify($inputPassword, $user->password))
-			{
-				$sessionKey = $this->SessionService->CreateSession($user->id, $stayLoggedInPermanently);
-				setcookie($this->SessionCookieName, $sessionKey, intval(time() + 31220640000)); // Cookie expires in 999 years, but session validity is up to SessionService
-
-				if (password_needs_rehash($user->password, PASSWORD_DEFAULT))
-				{
-					$user->update(array(
-						'password' => password_hash($inputPassword, PASSWORD_DEFAULT)
-					));
+		$this->getSessionService()->RemoveSession($_COOKIE[SessionService::SESSION_COOKIE_NAME]);
+		return $response->withRedirect($this->AppContainer->get('UrlManager')->ConstructUrl('/'));
 	}
 
-				return $response->withRedirect($this->AppContainer->UrlManager->ConstructUrl('/'));
+	public function ProcessLogin(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$authMiddlewareClass = GROCY_AUTH_CLASS;
+		if ($authMiddlewareClass::ProcessLogin($this->GetParsedAndFilteredRequestBody($request)))
+		{
+			return $response->withRedirect($this->AppContainer->get('UrlManager')->ConstructUrl('/'));
 		}
 		else
 		{
-				return $response->withRedirect($this->AppContainer->UrlManager->ConstructUrl('/login?invalid=true'));
+			return $response->withRedirect($this->AppContainer->get('UrlManager')->ConstructUrl('/login?invalid=true'));
 		}
 	}
-		else
-		{
-			return $response->withRedirect($this->AppContainer->UrlManager->ConstructUrl('/login?invalid=true'));
-		}
-	}
-
-	public function LoginPage(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'login');
-	}
-
-	public function Logout(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		$this->SessionService->RemoveSession($_COOKIE[$this->SessionCookieName]);
-		return $response->withRedirect($this->AppContainer->UrlManager->ConstructUrl('/'));
-	}
-
-	public function GetSessionCookieName()
-	{
-		return $this->SessionCookieName;
-	}
 }

controllers/OpenApiController.php

@@ -2,48 +2,87 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\ApplicationService;
-use \Grocy\Services\ApiKeyService;
+use Grocy\Controllers\Users\User;
 
 class OpenApiController extends BaseApiController
 {
-	public function __construct(\Slim\Container $container)
+	public function ApiKeysList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		parent::__construct($container);
-		$this->ApiKeyService = new ApiKeyService();
+		$apiKeys = $this->getDatabase()->api_keys();
+		if (!User::hasPermissions(User::PERMISSION_ADMIN))
+		{
+			$apiKeys = $apiKeys->where('user_id', GROCY_USER_ID);
 		}
-
-	protected $ApiKeyService;
-
-	public function DocumentationUi(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'openapiui');
-	}
-
-	public function DocumentationSpec(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		$applicationService = new ApplicationService();
-
-		$versionInfo = $applicationService->GetInstalledVersion();
-		$this->OpenApiSpec->info->version = $versionInfo->Version;
-		$this->OpenApiSpec->info->description = str_replace('PlaceHolderManageApiKeysUrl', $this->AppContainer->UrlManager->ConstructUrl('/manageapikeys'), $this->OpenApiSpec->info->description);
-		$this->OpenApiSpec->servers[0]->url = $this->AppContainer->UrlManager->ConstructUrl('/api');
-
-		return $this->ApiResponse($this->OpenApiSpec);
-	}
-
-	public function ApiKeysList(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'manageapikeys', [
-			'apiKeys' => $this->Database->api_keys(),
-			'users' => $this->Database->users()
+		return $this->renderPage($response, 'manageapikeys', [
+			'apiKeys' => $apiKeys,
+			'users' => $this->getDatabase()->users()
 		]);
 	}
 
-	public function CreateNewApiKey(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function CreateNewApiKey(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$newApiKey = $this->ApiKeyService->CreateApiKey();
-		$newApiKeyId = $this->ApiKeyService->GetApiKeyId($newApiKey);
-		return $response->withRedirect($this->AppContainer->UrlManager->ConstructUrl("/manageapikeys?CreatedApiKeyId=$newApiKeyId"));
+		$newApiKey = $this->getApiKeyService()->CreateApiKey();
+		$newApiKeyId = $this->getApiKeyService()->GetApiKeyId($newApiKey);
+		return $response->withRedirect($this->AppContainer->get('UrlManager')->ConstructUrl("/manageapikeys?CreatedApiKeyId=$newApiKeyId"));
+	}
+
+	public function DocumentationSpec(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$spec = $this->getOpenApiSpec();
+
+		$applicationService = $this->getApplicationService();
+		$versionInfo = $applicationService->GetInstalledVersion();
+		$spec->info->version = $versionInfo->Version;
+		$spec->info->description = str_replace('PlaceHolderManageApiKeysUrl', $this->AppContainer->get('UrlManager')->ConstructUrl('/manageapikeys'), $spec->info->description);
+		$spec->servers[0]->url = $this->AppContainer->get('UrlManager')->ConstructUrl('/api');
+
+		$spec->components->schemas->ExposedEntity_IncludingUserEntities = clone $spec->components->schemas->ExposedEntity;
+		foreach ($this->getUserfieldsService()->GetEntities() as $userEntity)
+		{
+			array_push($spec->components->schemas->ExposedEntity_IncludingUserEntities->enum, $userEntity);
+		}
+
+		$spec->components->schemas->ExposedEntity_NotIncludingNotEditable = clone $spec->components->schemas->StringEnumTemplate;
+		foreach ($spec->components->schemas->ExposedEntity->enum as $value)
+		{
+			if (!in_array($value, $spec->components->schemas->ExposedEntityNoEdit->enum))
+			{
+				array_push($spec->components->schemas->ExposedEntity_NotIncludingNotEditable->enum, $value);
+			}
+		}
+
+		$spec->components->schemas->ExposedEntity_IncludingUserEntities_NotIncludingNotEditable = clone $spec->components->schemas->StringEnumTemplate;
+		foreach ($spec->components->schemas->ExposedEntity_IncludingUserEntities->enum as $value)
+		{
+			if (!in_array($value, $spec->components->schemas->ExposedEntityNoEdit->enum))
+			{
+				array_push($spec->components->schemas->ExposedEntity_IncludingUserEntities_NotIncludingNotEditable->enum, $value);
+			}
+		}
+
+		$spec->components->schemas->ExposedEntity_NotIncludingNotDeletable = clone $spec->components->schemas->StringEnumTemplate;
+		foreach ($spec->components->schemas->ExposedEntity->enum as $value)
+		{
+			if (!in_array($value, $spec->components->schemas->ExposedEntityNoDelete->enum))
+			{
+				array_push($spec->components->schemas->ExposedEntity_NotIncludingNotDeletable->enum, $value);
+			}
+		}
+
+		$spec->components->schemas->ExposedEntity_NotIncludingNotListable = clone $spec->components->schemas->StringEnumTemplate;
+		foreach ($spec->components->schemas->ExposedEntity->enum as $value)
+		{
+			if (!in_array($value, $spec->components->schemas->ExposedEntityNoListing->enum))
+			{
+				array_push($spec->components->schemas->ExposedEntity_NotIncludingNotListable->enum, $value);
+			}
+		}
+
+		return $this->ApiResponse($response, $spec);
+	}
+
+	public function DocumentationUi(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->render($response, 'openapiui');
 	}
 }

controllers/PrintApiController.php

@@ -0,0 +1,37 @@
+<?php
+
+namespace Grocy\Controllers;
+
+use Grocy\Controllers\Users\User;
+use Grocy\Services\StockService;
+
+class PrintApiController extends BaseApiController
+{
+	public function PrintShoppingListThermal(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			User::checkPermission($request, User::PERMISSION_SHOPPINGLIST);
+
+			$params = $request->getQueryParams();
+
+			$listId = 1;
+			if (isset($params['list']))
+			{
+				$listId = $params['list'];
+			}
+
+			$printHeader = true;
+			if (isset($params['printHeader']))
+			{
+				$printHeader = ($params['printHeader'] === 'true');
+			}
+			$items = $this->getStockService()->GetShoppinglistInPrintableStrings($listId);
+			return $this->ApiResponse($response, $this->getPrintService()->printShoppingList($printHeader, $items));
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+}

controllers/RecipesApiController.php

@@ -2,21 +2,15 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\RecipesService;
+use Grocy\Controllers\Users\User;
 
 class RecipesApiController extends BaseApiController
 {
-	public function __construct(\Slim\Container $container)
+	public function AddNotFulfilledProductsToShoppingList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		parent::__construct($container);
-		$this->RecipesService = new RecipesService();
-	}
+		User::checkPermission($request, User::PERMISSION_SHOPPINGLIST_ITEMS_ADD);
 
-	protected $RecipesService;
-
-	public function AddNotFulfilledProductsToShoppingList(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		$requestBody = $request->getParsedBody();
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);
 		$excludedProductIds = null;
 
 		if ($requestBody !== null && array_key_exists('excludedProductIds', $requestBody))
@@ -24,15 +18,17 @@ class RecipesApiController extends BaseApiController
 			$excludedProductIds = $requestBody['excludedProductIds'];
 		}
 
-		$this->RecipesService->AddNotFulfilledProductsToShoppingList($args['recipeId'], $excludedProductIds);
+		$this->getRecipesService()->AddNotFulfilledProductsToShoppingList($args['recipeId'], $excludedProductIds);
 		return $this->EmptyApiResponse($response);
 	}
 
-	public function ConsumeRecipe(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function ConsumeRecipe(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
+		User::checkPermission($request, User::PERMISSION_STOCK_CONSUME);
+
 		try
 		{
-			$this->RecipesService->ConsumeRecipe($args['recipeId']);
+			$this->getRecipesService()->ConsumeRecipe($args['recipeId']);
 			return $this->EmptyApiResponse($response);
 		}
 		catch (\Exception $ex)
@@ -40,4 +36,44 @@ class RecipesApiController extends BaseApiController
 			return $this->GenericErrorResponse($response, $ex->getMessage());
 		}
 	}
+
+	public function GetRecipeFulfillment(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			if (!isset($args['recipeId']))
+			{
+				return $this->FilteredApiResponse($response, $this->getRecipesService()->GetRecipesResolved(), $request->getQueryParams());
+			}
+
+			$recipeResolved = FindObjectInArrayByPropertyValue($this->getRecipesService()->GetRecipesResolved(), 'recipe_id', $args['recipeId']);
+
+			if (!$recipeResolved)
+			{
+				throw new \Exception('Recipe does not exist');
+			}
+			else
+			{
+				return $this->ApiResponse($response, $recipeResolved);
+			}
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function CopyRecipe(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			return $this->ApiResponse($response, [
+				'created_object_id' => $this->getRecipesService()->CopyRecipe($args['recipeId'])
+			]);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
 }

controllers/RecipesController.php

@@ -2,111 +2,218 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\RecipesService;
+use Grocy\Services\RecipesService;
 
 class RecipesController extends BaseController
 {
-	public function __construct(\Slim\Container $container)
+	public function MealPlan(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		parent::__construct($container);
-		$this->RecipesService = new RecipesService();
+		$start = date('Y-m-d');
+		if (isset($request->getQueryParams()['start']) && IsIsoDate($request->getQueryParams()['start']))
+		{
+			$start = $request->getQueryParams()['start'];
 		}
 
-	protected $RecipesService;
-
-	public function Overview(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+		$days = 6;
+		if (isset($request->getQueryParams()['days']) && filter_var($request->getQueryParams()['days'], FILTER_VALIDATE_INT) !== false)
 		{
-		$recipes = $this->Database->recipes()->orderBy('name');
-		$recipesResolved = $this->RecipesService->GetRecipesResolved();
+			$days = $request->getQueryParams()['days'];
+		}
+
+		$mealPlanWhereTimespan = "day BETWEEN DATE('$start') AND DATE('$start', '+$days days')";
+
+		$recipes = $this->getDatabase()->recipes()->where('type', RecipesService::RECIPE_TYPE_NORMAL)->fetchAll();
+		$events = [];
+		foreach ($this->getDatabase()->meal_plan()->where($mealPlanWhereTimespan) as $mealPlanEntry)
+		{
+			$recipe = FindObjectInArrayByPropertyValue($recipes, 'id', $mealPlanEntry['recipe_id']);
+			$title = '';
+
+			if ($recipe !== null)
+			{
+				$title = $recipe->name;
+			}
+
+			$productDetails = null;
+			if ($mealPlanEntry['product_id'] !== null)
+			{
+				$productDetails = $this->getStockService()->GetProductDetails($mealPlanEntry['product_id']);
+			}
+
+			$events[] = [
+				'id' => $mealPlanEntry['id'],
+				'title' => $title,
+				'start' => $mealPlanEntry['day'],
+				'date_format' => 'date',
+				'recipe' => json_encode($recipe),
+				'mealPlanEntry' => json_encode($mealPlanEntry),
+				'type' => $mealPlanEntry['type'],
+				'productDetails' => json_encode($productDetails)
+			];
+		}
+
+		return $this->renderPage($response, 'mealplan', [
+			'fullcalendarEventSources' => $events,
+			'recipes' => $recipes,
+			'internalRecipes' => $this->getDatabase()->recipes()->where("id IN (SELECT recipe_id FROM meal_plan_internal_recipe_relation WHERE $mealPlanWhereTimespan)")->fetchAll(),
+			'recipesResolved' => $this->getRecipesService()->GetRecipesResolved2("recipe_id IN (SELECT recipe_id FROM meal_plan_internal_recipe_relation WHERE $mealPlanWhereTimespan)"),
+			'products' => $this->getDatabase()->products()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved(),
+			'mealplanSections' => $this->getDatabase()->meal_plan_sections()->orderBy('sort_number'),
+			'usedMealplanSections' => $this->getDatabase()->meal_plan_sections()->where("id IN (SELECT section_id FROM meal_plan WHERE $mealPlanWhereTimespan)")->orderBy('sort_number')
+		]);
+	}
+
+	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$recipes = $this->getDatabase()->recipes()->where('type', RecipesService::RECIPE_TYPE_NORMAL)->orderBy('name', 'COLLATE NOCASE');
+		$recipesResolved = $this->getRecipesService()->GetRecipesResolved('recipe_id > 0');
 
 		$selectedRecipe = null;
-		$selectedRecipePositionsResolved = null;
+
 		if (isset($request->getQueryParams()['recipe']))
 		{
-			$selectedRecipe = $this->Database->recipes($request->getQueryParams()['recipe']);
-			$selectedRecipePositionsResolved = $this->Database->recipes_pos_resolved()->where('recipe_id', $request->getQueryParams()['recipe'])->orderBy('ingredient_group');
+			$selectedRecipe = $this->getDatabase()->recipes($request->getQueryParams()['recipe']);
 		}
 		else
 		{
 			foreach ($recipes as $recipe)
 			{
 				$selectedRecipe = $recipe;
-				$selectedRecipePositionsResolved = $this->Database->recipes_pos_resolved()->where('recipe_id', $recipe->id)->orderBy('ingredient_group');
 				break;
 			}
 		}
 
-		$selectedRecipeSubRecipes = $this->Database->recipes()->where('id IN (SELECT includes_recipe_id FROM recipes_nestings_resolved WHERE recipe_id = :1 AND includes_recipe_id != :1)', $selectedRecipe->id)->orderBy('name')->fetchAll();
-		$selectedRecipeSubRecipesPositions = $this->Database->recipes_pos_resolved()->where('recipe_id = :1', $selectedRecipe->id)->orderBy('ingredient_group')->fetchAll();
+		$totalCosts = null;
+		$totalCalories = null;
+		if ($selectedRecipe)
+		{
+			$totalCosts = FindObjectInArrayByPropertyValue($recipesResolved, 'recipe_id', $selectedRecipe->id)->costs;
+			$totalCalories = FindObjectInArrayByPropertyValue($recipesResolved, 'recipe_id', $selectedRecipe->id)->calories;
+		}
 
-		$includedRecipeIdsAbsolute = array();
+		$renderArray = [
+			'recipes' => $recipes,
+			'recipesResolved' => $recipesResolved,
+			'recipePositionsResolved' => $this->getDatabase()->recipes_pos_resolved()->where('recipe_type', RecipesService::RECIPE_TYPE_NORMAL),
+			'selectedRecipe' => $selectedRecipe,
+			'products' => $this->getDatabase()->products(),
+			'quantityUnits' => $this->getDatabase()->quantity_units(),
+			'userfields' => $this->getUserfieldsService()->GetFields('recipes'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('recipes'),
+			'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved(),
+			'selectedRecipeTotalCosts' => $totalCosts,
+			'selectedRecipeTotalCalories' => $totalCalories
+		];
+
+		if ($selectedRecipe)
+		{
+			$selectedRecipeSubRecipes = $this->getDatabase()->recipes()->where('id IN (SELECT includes_recipe_id FROM recipes_nestings_resolved WHERE recipe_id = :1 AND includes_recipe_id != :1)', $selectedRecipe->id)->orderBy('name', 'COLLATE NOCASE')->fetchAll();
+
+			$includedRecipeIdsAbsolute = [];
 			$includedRecipeIdsAbsolute[] = $selectedRecipe->id;
 			foreach ($selectedRecipeSubRecipes as $subRecipe)
 			{
 				$includedRecipeIdsAbsolute[] = $subRecipe->id;
 			}
 
-		return $this->AppContainer->view->render($response, 'recipes', [
-			'recipes' => $recipes,
-			'recipesResolved' => $recipesResolved,
-			'recipePositionsResolved' => $this->Database->recipes_pos_resolved(),
-			'selectedRecipe' => $selectedRecipe,
-			'selectedRecipePositionsResolved' => $selectedRecipePositionsResolved,
-			'products' => $this->Database->products(),
-			'quantityunits' => $this->Database->quantity_units(),
-			'selectedRecipeSubRecipes' => $selectedRecipeSubRecipes,
-			'selectedRecipeSubRecipesPositions' => $selectedRecipeSubRecipesPositions,
-			'includedRecipeIdsAbsolute' => $includedRecipeIdsAbsolute,
-			'selectedRecipeTotalCosts' => FindObjectInArrayByPropertyValue($recipesResolved, 'recipe_id', $selectedRecipe->id)->costs
-		]);
+			// TODO: Why not directly use recipes_pos_resolved for all recipe positions here (parent and child)?
+			// This view already correctly recolves child recipe amounts...
+			$allRecipePositions = [];
+			foreach ($includedRecipeIdsAbsolute as $id)
+			{
+				$allRecipePositions[$id] = $this->getDatabase()->recipes_pos_resolved()->where('recipe_id = :1 AND is_nested_recipe_pos = 0', $id)->orderBy('ingredient_group', 'ASC', 'product_group', 'ASC');
+				foreach ($allRecipePositions[$id] as $pos)
+				{
+					if ($id != $selectedRecipe->id)
+					{
+						$pos2 = $this->getDatabase()->recipes_pos_resolved()->where('recipe_id = :1  AND recipe_pos_id = :2 AND is_nested_recipe_pos = 1', $selectedRecipe->id, $pos->recipe_pos_id)->fetch();
+						$pos->recipe_amount = $pos2->recipe_amount;
+						$pos->missing_amount = $pos2->missing_amount;
+					}
+				}
 			}
 
-	public function RecipeEditForm(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+			$renderArray['selectedRecipeSubRecipes'] = $selectedRecipeSubRecipes;
+			$renderArray['includedRecipeIdsAbsolute'] = $includedRecipeIdsAbsolute;
+			$renderArray['allRecipePositions'] = $allRecipePositions;
+		}
+
+		return $this->renderPage($response, 'recipes', $renderArray);
+	}
+
+	public function RecipeEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		$recipeId = $args['recipeId'];
-		if ($recipeId  == 'new')
-		{
-			$newRecipe = $this->Database->recipes()->createRow(array(
-				'name' => $this->LocalizationService->Localize('New recipe')
-			));
-			$newRecipe->save();
 
-			$recipeId = $this->Database->lastInsertId();
-		}
-		
-		return $this->AppContainer->view->render($response, 'recipeform', [
-			'recipe' =>  $this->Database->recipes($recipeId),
-			'recipePositions' =>  $this->Database->recipes_pos()->where('recipe_id', $recipeId),
-			'mode' => 'edit',
-			'products' => $this->Database->products(),
-			'quantityunits' => $this->Database->quantity_units(),
-			'recipePositionsResolved' => $this->RecipesService->GetRecipesPosResolved(),
-			'recipesResolved' => $this->RecipesService->GetRecipesResolved(),
-			'recipes' =>  $this->Database->recipes()->orderBy('name'),
-			'recipeNestings' =>  $this->Database->recipes_nestings()->where('recipe_id', $recipeId)
+		return $this->renderPage($response, 'recipeform', [
+			'recipe' => $this->getDatabase()->recipes($recipeId),
+			'recipePositions' => $this->getDatabase()->recipes_pos()->where('recipe_id', $recipeId),
+			'mode' => $recipeId == 'new' ? 'create' : 'edit',
+			'products' => $this->getDatabase()->products()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityunits' => $this->getDatabase()->quantity_units(),
+			'recipePositionsResolved' => $this->getRecipesService()->GetRecipesPosResolved(),
+			'recipesResolved' => $this->getRecipesService()->GetRecipesResolved(),
+			'recipes' => $this->getDatabase()->recipes()->where('type', RecipesService::RECIPE_TYPE_NORMAL)->orderBy('name', 'COLLATE NOCASE'),
+			'recipeNestings' => $this->getDatabase()->recipes_nestings()->where('recipe_id', $recipeId),
+			'userfields' => $this->getUserfieldsService()->GetFields('recipes'),
+			'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved()
 		]);
 	}
 
-	public function RecipePosEditForm(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function RecipePosEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		if ($args['recipePosId'] == 'new')
 		{
-			return $this->AppContainer->view->render($response, 'recipeposform', [
+			return $this->renderPage($response, 'recipeposform', [
 				'mode' => 'create',
-				'recipe' => $this->Database->recipes($args['recipeId']),
-				'products' => $this->Database->products()->orderBy('name'),
-				'quantityUnits' => $this->Database->quantity_units()->orderBy('name')
+				'recipe' => $this->getDatabase()->recipes($args['recipeId']),
+				'recipePos' => new \stdClass(),
+				'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved()
 			]);
 		}
 		else
 		{
-			return $this->AppContainer->view->render($response, 'recipeposform', [
+			return $this->renderPage($response, 'recipeposform', [
 				'mode' => 'edit',
-				'recipe' =>  $this->Database->recipes($args['recipeId']),
-				'recipePos' => $this->Database->recipes_pos($args['recipePosId']),
-				'products' => $this->Database->products()->orderBy('name'),
-				'quantityUnits' => $this->Database->quantity_units()->orderBy('name')
+				'recipe' => $this->getDatabase()->recipes($args['recipeId']),
+				'recipePos' => $this->getDatabase()->recipes_pos($args['recipePosId']),
+				'products' => $this->getDatabase()->products()->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved()
 			]);
 		}
 	}
+
+	public function RecipesSettings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'recipessettings');
+	}
+
+	public function MealPlanSectionEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if ($args['sectionId'] == 'new')
+		{
+			return $this->renderPage($response, 'mealplansectionform', [
+				'mode' => 'create'
+			]);
+		}
+		else
+		{
+			return $this->renderPage($response, 'mealplansectionform', [
+				'mealplanSection' => $this->getDatabase()->meal_plan_sections($args['sectionId']),
+				'mode' => 'edit'
+			]);
+		}
+	}
+
+	public function MealPlanSectionsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'mealplansections', [
+			'mealplanSections' => $this->getDatabase()->meal_plan_sections()->where('id > 0')->orderBy('sort_number')
+		]);
+	}
 }

controllers/StockApiController.php

@@ -2,23 +2,30 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\StockService;
+use Grocy\Controllers\Users\User;
+use Grocy\Services\StockService;
+use Grocy\Helpers\WebhookRunner;
+use Grocy\Helpers\Grocycode;
 
 class StockApiController extends BaseApiController
 {
-	public function __construct(\Slim\Container $container)
+	public function AddMissingProductsToShoppingList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		parent::__construct($container);
-		$this->StockService = new StockService();
-	}
+		User::checkPermission($request, User::PERMISSION_SHOPPINGLIST_ITEMS_ADD);
 
-	protected $StockService;
-
-	public function ProductDetails(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
 		try
 		{
-			return $this->ApiResponse($this->StockService->GetProductDetails($args['productId']));
+			$requestBody = $this->GetParsedAndFilteredRequestBody($request);
+
+			$listId = 1;
+
+			if (array_key_exists('list_id', $requestBody) && !empty($requestBody['list_id']) && is_numeric($requestBody['list_id']))
+			{
+				$listId = intval($requestBody['list_id']);
+			}
+
+			$this->getStockService()->AddMissingProductsToShoppingList($listId);
+			return $this->EmptyApiResponse($response);
 		}
 		catch (\Exception $ex)
 		{
@@ -26,12 +33,23 @@ class StockApiController extends BaseApiController
 		}
 	}
 
-	public function ProductDetailsByBarcode(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function AddOverdueProductsToShoppingList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
+		User::checkPermission($request, User::PERMISSION_SHOPPINGLIST_ITEMS_ADD);
+
 		try
 		{
-			$productId = $this->StockService->GetProductIdFromBarcode($args['barcode']);
-			return $this->ApiResponse($this->StockService->GetProductDetails($productId));
+			$requestBody = $this->GetParsedAndFilteredRequestBody($request);
+
+			$listId = 1;
+
+			if (array_key_exists('list_id', $requestBody) && !empty($requestBody['list_id']) && is_numeric($requestBody['list_id']))
+			{
+				$listId = intval($requestBody['list_id']);
+			}
+
+			$this->getStockService()->AddOverdueProductsToShoppingList($listId);
+			return $this->EmptyApiResponse($response);
 		}
 		catch (\Exception $ex)
 		{
@@ -39,11 +57,23 @@ class StockApiController extends BaseApiController
 		}
 	}
 
-	public function ProductPriceHistory(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function AddExpiredProductsToShoppingList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
+		User::checkPermission($request, User::PERMISSION_SHOPPINGLIST_ITEMS_ADD);
+
 		try
 		{
-			return $this->ApiResponse($this->StockService->GetProductPriceHistory($args['productId']));
+			$requestBody = $this->GetParsedAndFilteredRequestBody($request);
+
+			$listId = 1;
+
+			if (array_key_exists('list_id', $requestBody) && !empty($requestBody['list_id']) && is_numeric($requestBody['list_id']))
+			{
+				$listId = intval($requestBody['list_id']);
+			}
+
+			$this->getStockService()->AddExpiredProductsToShoppingList($listId);
+			return $this->EmptyApiResponse($response);
 		}
 		catch (\Exception $ex)
 		{
@@ -51,9 +81,11 @@ class StockApiController extends BaseApiController
 		}
 	}
 
-	public function AddProduct(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function AddProduct(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$requestBody = $request->getParsedBody();
+		User::checkPermission($request, User::PERMISSION_STOCK_PURCHASE);
+
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);
 
 		try
 		{
@@ -67,32 +99,57 @@ class StockApiController extends BaseApiController
 				throw new \Exception('An amount is required');
 			}
 
-			$bestBeforeDate = date('Y-m-d');
+			$bestBeforeDate = null;
+
 			if (array_key_exists('best_before_date', $requestBody) && IsIsoDate($requestBody['best_before_date']))
 			{
 				$bestBeforeDate = $requestBody['best_before_date'];
 			}
 
+			$purchasedDate = date('Y-m-d');
+
+			if (array_key_exists('purchased_date', $requestBody) && IsIsoDate($requestBody['purchased_date']))
+			{
+				$purchasedDate = $requestBody['purchased_date'];
+			}
+
 			$price = null;
+
 			if (array_key_exists('price', $requestBody) && is_numeric($requestBody['price']))
 			{
 				$price = $requestBody['price'];
 			}
 
 			$locationId = null;
+
 			if (array_key_exists('location_id', $requestBody) && is_numeric($requestBody['location_id']))
 			{
 				$locationId = $requestBody['location_id'];
 			}
 
+			$shoppingLocationId = null;
+
+			if (array_key_exists('shopping_location_id', $requestBody) && is_numeric($requestBody['shopping_location_id']))
+			{
+				$shoppingLocationId = $requestBody['shopping_location_id'];
+			}
+
 			$transactionType = StockService::TRANSACTION_TYPE_PURCHASE;
+
 			if (array_key_exists('transaction_type', $requestBody) && !empty($requestBody['transactiontype']))
 			{
 				$transactionType = $requestBody['transactiontype'];
 			}
+			$runPrinterWebhook = false;
+			if (array_key_exists('print_stock_label', $requestBody) && intval($requestBody['print_stock_label']))
+			{
+				$runPrinterWebhook = intval($requestBody['print_stock_label']);
+			}
 
-			$bookingId = $this->StockService->AddProduct($args['productId'], $requestBody['amount'], $bestBeforeDate, $transactionType, date('Y-m-d'), $price, $locationId);
-			return $this->ApiResponse($this->Database->stock_log($bookingId));
+			$transactionId = $this->getStockService()->AddProduct($args['productId'], $requestBody['amount'], $bestBeforeDate, $transactionType, $purchasedDate, $price, $locationId, $shoppingLocationId, $unusedTransactionId, $runPrinterWebhook);
+
+			$args['transactionId'] = $transactionId;
+			return $this->StockTransactions($request, $response, $args);
 		}
 		catch (\Exception $ex)
 		{
@@ -100,9 +157,101 @@ class StockApiController extends BaseApiController
 		}
 	}
 
-	public function ConsumeProduct(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function AddProductByBarcode(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$requestBody = $request->getParsedBody();
+		try
+		{
+			$args['productId'] = $this->getStockService()->GetProductIdFromBarcode($args['barcode']);
+			return $this->AddProduct($request, $response, $args);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function AddProductToShoppingList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_SHOPPINGLIST_ITEMS_ADD);
+
+		try
+		{
+			$requestBody = $this->GetParsedAndFilteredRequestBody($request);
+
+			$listId = 1;
+			$amount = 1;
+			$quId = -1;
+			$productId = null;
+			$note = null;
+
+			if (array_key_exists('list_id', $requestBody) && !empty($requestBody['list_id']) && is_numeric($requestBody['list_id']))
+			{
+				$listId = intval($requestBody['list_id']);
+			}
+
+			if (array_key_exists('product_amount', $requestBody) && !empty($requestBody['product_amount']) && is_numeric($requestBody['product_amount']))
+			{
+				$amount = intval($requestBody['product_amount']);
+			}
+
+			if (array_key_exists('product_id', $requestBody) && !empty($requestBody['product_id']) && is_numeric($requestBody['product_id']))
+			{
+				$productId = intval($requestBody['product_id']);
+			}
+
+			if (array_key_exists('note', $requestBody) && !empty($requestBody['note']))
+			{
+				$note = $requestBody['note'];
+			}
+
+			if (array_key_exists('qu_id', $requestBody) && !empty($requestBody['qu_id']))
+			{
+				$quId = $requestBody['qu_id'];
+			}
+
+			if ($productId == null)
+			{
+				throw new \Exception('No product id was supplied');
+			}
+
+			$this->getStockService()->AddProductToShoppingList($productId, $amount, $quId, $note, $listId);
+			return $this->EmptyApiResponse($response);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function ClearShoppingList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_SHOPPINGLIST_ITEMS_DELETE);
+
+		try
+		{
+			$requestBody = $this->GetParsedAndFilteredRequestBody($request);
+
+			$listId = 1;
+
+			if (array_key_exists('list_id', $requestBody) && !empty($requestBody['list_id']) && is_numeric($requestBody['list_id']))
+			{
+				$listId = intval($requestBody['list_id']);
+			}
+
+			$this->getStockService()->ClearShoppingList($listId);
+			return $this->EmptyApiResponse($response);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function ConsumeProduct(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_STOCK_CONSUME);
+
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);
 
 		try
 		{
@@ -134,14 +283,34 @@ class StockApiController extends BaseApiController
 				$specificStockEntryId = $requestBody['stock_entry_id'];
 			}
 
+			$locationId = null;
+			if (array_key_exists('location_id', $requestBody) && !empty($requestBody['location_id']) && is_numeric($requestBody['location_id']))
+			{
+				$locationId = $requestBody['location_id'];
+			}
+
 			$recipeId = null;
 			if (array_key_exists('recipe_id', $requestBody) && is_numeric($requestBody['recipe_id']))
 			{
 				$recipeId = $requestBody['recipe_id'];
 			}
 
-			$bookingId = $this->StockService->ConsumeProduct($args['productId'], $requestBody['amount'], $spoiled, $transactionType, $specificStockEntryId, $recipeId);
-			return $this->ApiResponse($this->Database->stock_log($bookingId));
+			$consumeExact = false;
+			if (array_key_exists('exact_amount', $requestBody))
+			{
+				$consumeExact = $requestBody['exact_amount'];
+			}
+
+			$allowSubproductSubstitution = false;
+			if (array_key_exists('allow_subproduct_substitution', $requestBody))
+			{
+				$allowSubproductSubstitution = $requestBody['allow_subproduct_substitution'];
+			}
+
+			$transactionId = null;
+			$transactionId = $this->getStockService()->ConsumeProduct($args['productId'], $requestBody['amount'], $spoiled, $transactionType, $specificStockEntryId, $recipeId, $locationId, $transactionId, $allowSubproductSubstitution, $consumeExact);
+			$args['transactionId'] = $transactionId;
+			return $this->StockTransactions($request, $response, $args);
 		}
 		catch (\Exception $ex)
 		{
@@ -149,9 +318,127 @@ class StockApiController extends BaseApiController
 		}
 	}
 
-	public function InventoryProduct(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function ConsumeProductByBarcode(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$requestBody = $request->getParsedBody();
+		try
+		{
+			$args['productId'] = $this->getStockService()->GetProductIdFromBarcode($args['barcode']);
+			return $this->ConsumeProduct($request, $response, $args);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function CurrentStock(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->ApiResponse($response, $this->getStockService()->GetCurrentStock());
+	}
+
+	public function CurrentVolatileStock(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$nextXDays = 5;
+
+		if (isset($request->getQueryParams()['due_soon_days']) && !empty($request->getQueryParams()['due_soon_days']) && is_numeric($request->getQueryParams()['due_soon_days']))
+		{
+			$nextXDays = $request->getQueryParams()['due_soon_days'];
+		}
+
+		$dueProducts = $this->getStockService()->GetDueProducts($nextXDays, true);
+		$overdueProducts = $this->getStockService()->GetDueProducts(-1);
+		$expiredProducts = $this->getStockService()->GetExpiredProducts();
+		$missingProducts = $this->getStockService()->GetMissingProducts();
+		return $this->ApiResponse($response, [
+			'due_products' => $dueProducts,
+			'overdue_products' => $overdueProducts,
+			'expired_products' => $expiredProducts,
+			'missing_products' => $missingProducts
+		]);
+	}
+
+	public function EditStockEntry(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_STOCK_EDIT);
+
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);
+
+		try
+		{
+			if ($requestBody === null)
+			{
+				throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
+			}
+
+			if (!array_key_exists('amount', $requestBody))
+			{
+				throw new \Exception('An amount is required');
+			}
+
+			$bestBeforeDate = null;
+
+			if (array_key_exists('best_before_date', $requestBody) && IsIsoDate($requestBody['best_before_date']))
+			{
+				$bestBeforeDate = $requestBody['best_before_date'];
+			}
+
+			$price = null;
+
+			if (array_key_exists('price', $requestBody) && is_numeric($requestBody['price']))
+			{
+				$price = $requestBody['price'];
+			}
+
+			$locationId = null;
+
+			if (array_key_exists('location_id', $requestBody) && is_numeric($requestBody['location_id']))
+			{
+				$locationId = $requestBody['location_id'];
+			}
+
+			$shoppingLocationId = null;
+
+			if (array_key_exists('shopping_location_id', $requestBody) && is_numeric($requestBody['shopping_location_id']))
+			{
+				$shoppingLocationId = $requestBody['shopping_location_id'];
+			}
+
+			$transactionId = $this->getStockService()->EditStockEntry($args['entryId'], $requestBody['amount'], $bestBeforeDate, $locationId, $shoppingLocationId, $price, $requestBody['open'], $requestBody['purchased_date']);
+			$args['transactionId'] = $transactionId;
+			return $this->StockTransactions($request, $response, $args);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function ExternalBarcodeLookup(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
+
+		try
+		{
+			$addFoundProduct = false;
+
+			if (isset($request->getQueryParams()['add']) && ($request->getQueryParams()['add'] === 'true' || $request->getQueryParams()['add'] === 1))
+			{
+				$addFoundProduct = true;
+			}
+
+			return $this->ApiResponse($response, $this->getStockService()->ExternalBarcodeLookup($args['barcode'], $addFoundProduct));
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function InventoryProduct(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_STOCK_INVENTORY);
+
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);
 
 		try
 		{
@@ -165,14 +452,39 @@ class StockApiController extends BaseApiController
 				throw new \Exception('An new amount is required');
 			}
 
-			$bestBeforeDate = date('Y-m-d');
+			$bestBeforeDate = null;
 			if (array_key_exists('best_before_date', $requestBody) && IsIsoDate($requestBody['best_before_date']))
 			{
 				$bestBeforeDate = $requestBody['best_before_date'];
 			}
 
-			$bookingId = $this->StockService->InventoryProduct($args['productId'], $requestBody['new_amount'], $bestBeforeDate);
-			return $this->ApiResponse($this->Database->stock_log($bookingId));
+			$purchasedDate = null;
+			if (array_key_exists('purchased_date', $requestBody) && IsIsoDate($requestBody['purchased_date']))
+			{
+				$purchasedDate = $requestBody['purchased_date'];
+			}
+
+			$locationId = null;
+			if (array_key_exists('location_id', $requestBody) && is_numeric($requestBody['location_id']))
+			{
+				$locationId = $requestBody['location_id'];
+			}
+
+			$price = null;
+			if (array_key_exists('price', $requestBody) && is_numeric($requestBody['price']))
+			{
+				$price = $requestBody['price'];
+			}
+
+			$shoppingLocationId = null;
+			if (array_key_exists('shopping_location_id', $requestBody) && is_numeric($requestBody['shopping_location_id']))
+			{
+				$shoppingLocationId = $requestBody['shopping_location_id'];
+			}
+
+			$transactionId = $this->getStockService()->InventoryProduct($args['productId'], $requestBody['new_amount'], $bestBeforeDate, $locationId, $price, $shoppingLocationId, $purchasedDate);
+			$args['transactionId'] = $transactionId;
+			return $this->StockTransactions($request, $response, $args);
 		}
 		catch (\Exception $ex)
 		{
@@ -180,9 +492,24 @@ class StockApiController extends BaseApiController
 		}
 	}
 
-	public function OpenProduct(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function InventoryProductByBarcode(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$requestBody = $request->getParsedBody();
+		try
+		{
+			$args['productId'] = $this->getStockService()->GetProductIdFromBarcode($args['barcode']);
+			return $this->InventoryProduct($request, $response, $args);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function OpenProduct(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_STOCK_OPEN);
+
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);
 
 		try
 		{
@@ -202,8 +529,16 @@ class StockApiController extends BaseApiController
 				$specificStockEntryId = $requestBody['stock_entry_id'];
 			}
 
-			$bookingId = $this->StockService->OpenProduct($args['productId'], $requestBody['amount'], $specificStockEntryId);
-			return $this->ApiResponse($this->Database->stock_log($bookingId));
+			$allowSubproductSubstitution = false;
+			if (array_key_exists('allow_subproduct_substitution', $requestBody))
+			{
+				$allowSubproductSubstitution = $requestBody['allow_subproduct_substitution'];
+			}
+
+			$transactionId = null;
+			$transactionId = $this->getStockService()->OpenProduct($args['productId'], $requestBody['amount'], $specificStockEntryId, $transactionId, $allowSubproductSubstitution);
+			$args['transactionId'] = $transactionId;
+			return $this->StockTransactions($request, $response, $args);
 		}
 		catch (\Exception $ex)
 		{
@@ -211,52 +546,12 @@ class StockApiController extends BaseApiController
 		}
 	}
 
-	public function CurrentStock(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->ApiResponse($this->StockService->GetCurrentStock());
-	}
-
-	public function CurrentVolatilStock(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		$nextXDays = 5;
-		if (isset($request->getQueryParams()['expiring_days']) && !empty($request->getQueryParams()['expiring_days']) && is_numeric($request->getQueryParams()['expiring_days']))
-		{
-			$nextXDays = $request->getQueryParams()['expiring_days'];
-		}
-
-		$expiringProducts = $this->StockService->GetExpiringProducts($nextXDays, true);
-		$expiredProducts = $this->StockService->GetExpiringProducts(-1);
-		$missingProducts = $this->StockService->GetMissingProducts();
-		return $this->ApiResponse(array(
-			 'expiring_products' => $expiringProducts,
-			 'expired_products' => $expiredProducts,
-			 'missing_products' => $missingProducts
-		));
-	}
-
-	public function AddMissingProductsToShoppingList(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		$this->StockService->AddMissingProductsToShoppingList();
-		return $this->EmptyApiResponse($response);
-	}
-
-	public function ClearShoppingList(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		$this->StockService->ClearShoppingList();
-		return $this->EmptyApiResponse($response);
-	}
-
-	public function ExternalBarcodeLookup(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function OpenProductByBarcode(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
 		{
-			$addFoundProduct = false;
-			if (isset($request->getQueryParams()['add']) && ($request->getQueryParams()['add'] === 'true' || $request->getQueryParams()['add'] === 1))
-			{
-				$addFoundProduct = true;
-			}
-			
-			return $this->ApiResponse($this->StockService->ExternalBarcodeLookup($args['barcode'], $addFoundProduct));
+			$args['productId'] = $this->getStockService()->GetProductIdFromBarcode($args['barcode']);
+			return $this->OpenProduct($request, $response, $args);
 		}
 		catch (\Exception $ex)
 		{
@@ -264,11 +559,152 @@ class StockApiController extends BaseApiController
 		}
 	}
 
-	public function UndoBooking(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function ProductDetails(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
 		{
-			$this->ApiResponse($this->StockService->UndoBooking($args['bookingId']));
+			return $this->ApiResponse($response, $this->getStockService()->GetProductDetails($args['productId']));
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function ProductDetailsByBarcode(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			$productId = $this->getStockService()->GetProductIdFromBarcode($args['barcode']);
+			return $this->ApiResponse($response, $this->getStockService()->GetProductDetails($productId));
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function ProductPriceHistory(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			return $this->ApiResponse($response, $this->getStockService()->GetProductPriceHistory($args['productId']));
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function ProductStockEntries(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$allowSubproductSubstitution = false;
+		if (isset($request->getQueryParams()['include_sub_products']) && filter_var($request->getQueryParams()['include_sub_products'], FILTER_VALIDATE_BOOLEAN) !== false)
+		{
+			$allowSubproductSubstitution = true;
+		}
+
+		return $this->FilteredApiResponse($response, $this->getStockService()->GetProductStockEntries($args['productId'], false, $allowSubproductSubstitution, true), $request->getQueryParams());
+	}
+
+	public function ProductStockLocations(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$allowSubproductSubstitution = false;
+		if (isset($request->getQueryParams()['include_sub_products']) && filter_var($request->getQueryParams()['include_sub_products'], FILTER_VALIDATE_BOOLEAN) !== false)
+		{
+			$allowSubproductSubstitution = true;
+		}
+
+		return $this->FilteredApiResponse($response, $this->getStockService()->GetProductStockLocations($args['productId'], $allowSubproductSubstitution), $request->getQueryParams());
+	}
+
+	public function ProductPrintLabel(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			$product = $this->getDatabase()->products()->where('id', $args['productId'])->fetch();
+
+			$webhookData = array_merge([
+				'product' => $product->name,
+				'grocycode' => (string)(new Grocycode(Grocycode::PRODUCT, $product->id)),
+			], GROCY_LABEL_PRINTER_PARAMS);
+
+			if (GROCY_LABEL_PRINTER_RUN_SERVER)
+			{
+				(new WebhookRunner())->run(GROCY_LABEL_PRINTER_WEBHOOK, $webhookData, GROCY_LABEL_PRINTER_HOOK_JSON);
+			}
+
+			return $this->ApiResponse($response, $webhookData);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function StockEntryPrintLabel(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			$stockEntry = $this->getDatabase()->stock()->where('id', $args['entryId'])->fetch();
+			$product = $this->getDatabase()->products()->where('id', $stockEntry->product_id)->fetch();
+
+			$webhookData = array_merge([
+				'product' => $product->name,
+				'grocycode' => (string)(new Grocycode(Grocycode::PRODUCT, $stockEntry->product_id, [$stockEntry->stock_id])),
+			], GROCY_LABEL_PRINTER_PARAMS);
+
+			if (GROCY_FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_TRACKING)
+			{
+				$webhookData['due_date'] = $this->getLocalizationService()->__t('DD') . ': ' . $stockEntry->best_before_date;
+			}
+
+			if (GROCY_LABEL_PRINTER_RUN_SERVER)
+			{
+				(new WebhookRunner())->run(GROCY_LABEL_PRINTER_WEBHOOK, $webhookData, GROCY_LABEL_PRINTER_HOOK_JSON);
+			}
+
+			return $this->ApiResponse($response, $webhookData);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function RemoveProductFromShoppingList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_SHOPPINGLIST_ITEMS_DELETE);
+
+		try
+		{
+			$requestBody = $this->GetParsedAndFilteredRequestBody($request);
+
+			$listId = 1;
+			$amount = 1;
+			$productId = null;
+
+			if (array_key_exists('list_id', $requestBody) && !empty($requestBody['list_id']) && is_numeric($requestBody['list_id']))
+			{
+				$listId = intval($requestBody['list_id']);
+			}
+
+			if (array_key_exists('product_amount', $requestBody) && !empty($requestBody['product_amount']) && is_numeric($requestBody['product_amount']))
+			{
+				$amount = intval($requestBody['product_amount']);
+			}
+
+			if (array_key_exists('product_id', $requestBody) && !empty($requestBody['product_id']) && is_numeric($requestBody['product_id']))
+			{
+				$productId = intval($requestBody['product_id']);
+			}
+
+			if ($productId == null)
+			{
+				throw new \Exception('No product id was supplied');
+			}
+
+			$this->getStockService()->RemoveProductFromShoppingList($productId, $amount, $listId);
 			return $this->EmptyApiResponse($response);
 		}
 		catch (\Exception $ex)
@@ -277,8 +713,153 @@ class StockApiController extends BaseApiController
 		}
 	}
 
-	public function ProductStockEntries(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function StockBooking(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->ApiResponse($this->StockService->GetProductStockEntries($args['productId']));
+		try
+		{
+			$stockLogRow = $this->getDatabase()->stock_log($args['bookingId']);
+
+			if ($stockLogRow === null)
+			{
+				throw new \Exception('Stock booking does not exist');
+			}
+
+			return $this->ApiResponse($response, $stockLogRow);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function StockEntry(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->ApiResponse($response, $this->getStockService()->GetStockEntry($args['entryId']));
+	}
+
+	public function StockTransactions(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			$transactionRows = $this->getDatabase()->stock_log()->where('transaction_id = :1', $args['transactionId'])->fetchAll();
+			if (count($transactionRows) === 0)
+			{
+				throw new \Exception('No transaction was found by the given transaction id');
+			}
+
+			return $this->ApiResponse($response, $transactionRows);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function TransferProduct(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_STOCK_TRANSFER);
+
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);
+
+		try
+		{
+			if ($requestBody === null)
+			{
+				throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
+			}
+
+			if (!array_key_exists('amount', $requestBody))
+			{
+				throw new \Exception('An amount is required');
+			}
+
+			if (!array_key_exists('location_id_from', $requestBody))
+			{
+				throw new \Exception('A transfer from location is required');
+			}
+
+			if (!array_key_exists('location_id_to', $requestBody))
+			{
+				throw new \Exception('A transfer to location is required');
+			}
+
+			$specificStockEntryId = 'default';
+
+			if (array_key_exists('stock_entry_id', $requestBody) && !empty($requestBody['stock_entry_id']))
+			{
+				$specificStockEntryId = $requestBody['stock_entry_id'];
+			}
+
+			$transactionId = $this->getStockService()->TransferProduct($args['productId'], $requestBody['amount'], $requestBody['location_id_from'], $requestBody['location_id_to'], $specificStockEntryId);
+			$args['transactionId'] = $transactionId;
+			return $this->StockTransactions($request, $response, $args);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function TransferProductByBarcode(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			$args['productId'] = $this->getStockService()->GetProductIdFromBarcode($args['barcode']);
+			return $this->TransferProduct($request, $response, $args);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function UndoBooking(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_STOCK_EDIT);
+
+		try
+		{
+			$this->ApiResponse($response, $this->getStockService()->UndoBooking($args['bookingId']));
+			return $this->EmptyApiResponse($response);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function UndoTransaction(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_STOCK_EDIT);
+
+		try
+		{
+			$this->ApiResponse($response, $this->getStockService()->UndoTransaction($args['transactionId']));
+			return $this->EmptyApiResponse($response);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function MergeProducts(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_STOCK_EDIT);
+
+		try
+		{
+			if (filter_var($args['productIdToKeep'], FILTER_VALIDATE_INT) === false || filter_var($args['productIdToRemove'], FILTER_VALIDATE_INT) === false)
+			{
+				throw new \Exception('Provided {productIdToKeep} or {productIdToRemove} is not a valid integer');
+			}
+
+			$this->ApiResponse($response, $this->getStockService()->MergeProducts($args['productIdToKeep'], $args['productIdToRemove']));
+			return $this->EmptyApiResponse($response);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
 	}
 }

controllers/StockController.php

@@ -2,206 +2,538 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\StockService;
+use Grocy\Helpers\Grocycode;
+use Grocy\Services\RecipesService;
 
 class StockController extends BaseController
 {
+	use GrocycodeTrait;
 
-	public function __construct(\Slim\Container $container)
+	public function Consume(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		parent::__construct($container);
-		$this->StockService = new StockService();
-	}
-
-	protected $StockService;
-
-	public function Overview(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'stockoverview', [
-			'products' => $this->Database->products()->orderBy('name'),
-			'quantityunits' => $this->Database->quantity_units()->orderBy('name'),
-			'locations' => $this->Database->locations()->orderBy('name'),
-			'currentStock' => $this->StockService->GetCurrentStock(),
-			'currentStockLocations' => $this->StockService->GetCurrentStockLocations(),
-			'missingProducts' => $this->StockService->GetMissingProducts(),
-			'nextXDays' => 5,
-			'productGroups' => $this->Database->product_groups()->orderBy('name')
+		return $this->renderPage($response, 'consume', [
+			'products' => $this->getDatabase()->products()->where('active = 1')->where('id IN (SELECT product_id from stock_current WHERE amount_aggregated > 0)')->orderBy('name'),
+			'barcodes' => $this->getDatabase()->product_barcodes_comma_separated(),
+			'recipes' => $this->getDatabase()->recipes()->where('type', RecipesService::RECIPE_TYPE_NORMAL)->orderBy('name', 'COLLATE NOCASE'),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved()
 		]);
 	}
 
-	public function Purchase(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function Inventory(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->AppContainer->view->render($response, 'purchase', [
-			'products' => $this->Database->products()->orderBy('name'),
-			'locations' => $this->Database->locations()->orderBy('name')
+		return $this->renderPage($response, 'inventory', [
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'barcodes' => $this->getDatabase()->product_barcodes_comma_separated(),
+			'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved()
 		]);
 	}
 
-	public function Consume(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function Journal(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->AppContainer->view->render($response, 'consume', [
-			'products' => $this->Database->products()->orderBy('name'),
-			'recipes' => $this->Database->recipes()->orderBy('name')
-		]);
-	}
-
-	public function Inventory(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+		if (isset($request->getQueryParams()['months']) && filter_var($request->getQueryParams()['months'], FILTER_VALIDATE_INT) !== false)
 		{
-		return $this->AppContainer->view->render($response, 'inventory', [
-			'products' => $this->Database->products()->orderBy('name')
-		]);
-	}
-
-	public function ShoppingList(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'shoppinglist', [
-			'listItems' => $this->Database->shopping_list(),
-			'products' => $this->Database->products()->orderBy('name'),
-			'quantityunits' => $this->Database->quantity_units()->orderBy('name'),
-			'missingProducts' => $this->StockService->GetMissingProducts(),
-			'productGroups' => $this->Database->product_groups()->orderBy('name')
-		]);
-	}
-
-	public function ProductsList(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'products', [
-			'products' => $this->Database->products()->orderBy('name'),
-			'locations' => $this->Database->locations()->orderBy('name'),
-			'quantityunits' => $this->Database->quantity_units()->orderBy('name'),
-			'productGroups' => $this->Database->product_groups()->orderBy('name')
-		]);
-	}
-
-	public function StockSettings(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'stocksettings', [
-			'locations' => $this->Database->locations()->orderBy('name'),
-			'quantityunits' => $this->Database->quantity_units()->orderBy('name'),
-			'productGroups' => $this->Database->product_groups()->orderBy('name')
-		]);
-	}
-
-	public function LocationsList(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'locations', [
-			'locations' => $this->Database->locations()->orderBy('name')
-		]);
-	}
-
-	public function ProductGroupsList(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'productgroups', [
-			'productGroups' => $this->Database->product_groups()->orderBy('name')
-		]);
-	}
-
-	public function QuantityUnitsList(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'quantityunits', [
-			'quantityunits' => $this->Database->quantity_units()->orderBy('name')
-		]);
-	}
-
-	public function ProductEditForm(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		if ($args['productId'] == 'new')
-		{
-			return $this->AppContainer->view->render($response, 'productform', [
-				'locations' =>  $this->Database->locations()->orderBy('name'),
-				'quantityunits' =>  $this->Database->quantity_units()->orderBy('name'),
-				'productgroups' => $this->Database->product_groups()->orderBy('name'),
-				'mode' => 'create'
-			]);
+			$months = $request->getQueryParams()['months'];
+			$where = "row_created_timestamp > DATE(DATE('now', 'localtime'), '-$months months')";
 		}
 		else
 		{
-			return $this->AppContainer->view->render($response, 'productform', [
-				'product' =>  $this->Database->products($args['productId']),
-				'locations' =>  $this->Database->locations()->orderBy('name'),
-				'quantityunits' =>  $this->Database->quantity_units()->orderBy('name'),
-				'productgroups' => $this->Database->product_groups()->orderBy('name'),
-				'mode' => 'edit'
-			]);
-		}
+			// Default 6 months
+			$where = "row_created_timestamp > DATE(DATE('now', 'localtime'), '-6 months')";
 		}
 
-	public function LocationEditForm(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+		if (isset($request->getQueryParams()['product']) && filter_var($request->getQueryParams()['product'], FILTER_VALIDATE_INT) !== false)
+		{
+			$productId = $request->getQueryParams()['product'];
+			$where .= " AND product_id = $productId";
+		}
+
+		$usersService = $this->getUsersService();
+
+		return $this->renderPage($response, 'stockjournal', [
+			'stockLog' => $this->getDatabase()->uihelper_stock_journal()->where($where)->orderBy('row_created_timestamp', 'DESC'),
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'users' => $usersService->GetUsersAsDto(),
+			'transactionTypes' => GetClassConstants('\Grocy\Services\StockService', 'TRANSACTION_TYPE_')
+		]);
+	}
+
+	public function LocationContentSheet(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'locationcontentsheet', [
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'currentStockLocationContent' => $this->getStockService()->GetCurrentStockLocationContent()
+		]);
+	}
+
+	public function LocationEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		if ($args['locationId'] == 'new')
 		{
-			return $this->AppContainer->view->render($response, 'locationform', [
+			return $this->renderPage($response, 'locationform', [
+				'mode' => 'create',
+				'userfields' => $this->getUserfieldsService()->GetFields('locations')
+			]);
+		}
+		else
+		{
+			return $this->renderPage($response, 'locationform', [
+				'location' => $this->getDatabase()->locations($args['locationId']),
+				'mode' => 'edit',
+				'userfields' => $this->getUserfieldsService()->GetFields('locations')
+			]);
+		}
+	}
+
+	public function LocationsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'locations', [
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'userfields' => $this->getUserfieldsService()->GetFields('locations'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('locations')
+		]);
+	}
+
+	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$usersService = $this->getUsersService();
+		$nextXDays = $usersService->GetUserSettings(GROCY_USER_ID)['stock_due_soon_days'];
+
+		return $this->renderPage($response, 'stockoverview', [
+			'currentStock' => $this->getStockService()->GetCurrentStockOverview(),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'currentStockLocations' => $this->getStockService()->GetCurrentStockLocations(),
+			'nextXDays' => $nextXDays,
+			'productGroups' => $this->getDatabase()->product_groups()->orderBy('name', 'COLLATE NOCASE'),
+			'userfields' => $this->getUserfieldsService()->GetFields('products'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('products')
+		]);
+	}
+
+	public function ProductBarcodesEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$product = null;
+
+		if (isset($request->getQueryParams()['product']))
+		{
+			$product = $this->getDatabase()->products($request->getQueryParams()['product']);
+		}
+
+		if ($args['productBarcodeId'] == 'new')
+		{
+			return $this->renderPage($response, 'productbarcodeform', [
+				'mode' => 'create',
+				'barcodes' => $this->getDatabase()->product_barcodes()->orderBy('barcode'),
+				'product' => $product,
+				'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved(),
+				'userfields' => $this->getUserfieldsService()->GetFields('product_barcodes')
+			]);
+		}
+		else
+		{
+			return $this->renderPage($response, 'productbarcodeform', [
+				'mode' => 'edit',
+				'barcode' => $this->getDatabase()->product_barcodes($args['productBarcodeId']),
+				'product' => $product,
+				'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved(),
+				'userfields' => $this->getUserfieldsService()->GetFields('product_barcodes')
+			]);
+		}
+	}
+
+	public function ProductEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if ($args['productId'] == 'new')
+		{
+			return $this->renderPage($response, 'productform', [
+				'locations' => $this->getDatabase()->locations()->orderBy('name'),
+				'barcodes' => $this->getDatabase()->product_barcodes()->orderBy('barcode'),
+				'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+				'productgroups' => $this->getDatabase()->product_groups()->orderBy('name', 'COLLATE NOCASE'),
+				'userfields' => $this->getUserfieldsService()->GetFields('products'),
+				'products' => $this->getDatabase()->products()->where('parent_product_id IS NULL and active = 1')->orderBy('name', 'COLLATE NOCASE'),
+				'isSubProductOfOthers' => false,
 				'mode' => 'create'
 			]);
 		}
 		else
 		{
-			return $this->AppContainer->view->render($response, 'locationform', [
-				'location' =>  $this->Database->locations($args['locationId']),
-				'mode' => 'edit'
+			$product = $this->getDatabase()->products($args['productId']);
+
+			return $this->renderPage($response, 'productform', [
+				'product' => $product,
+				'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+				'barcodes' => $this->getDatabase()->product_barcodes()->orderBy('barcode'),
+				'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+				'productgroups' => $this->getDatabase()->product_groups()->orderBy('name', 'COLLATE NOCASE'),
+				'userfields' => $this->getUserfieldsService()->GetFields('products'),
+				'products' => $this->getDatabase()->products()->where('id != :1 AND parent_product_id IS NULL and active = 1', $product->id)->orderBy('name', 'COLLATE NOCASE'),
+				'isSubProductOfOthers' => $this->getDatabase()->products()->where('parent_product_id = :1', $product->id)->count() !== 0,
+				'mode' => 'edit',
+				'quConversions' => $this->getDatabase()->quantity_unit_conversions(),
+				'productBarcodeUserfields' => $this->getUserfieldsService()->GetFields('product_barcodes'),
+				'productBarcodeUserfieldValues' => $this->getUserfieldsService()->GetAllValues('product_barcodes')
 			]);
 		}
 	}
 
-	public function ProductGroupEditForm(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function ProductGrocycodeImage(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$gc = new Grocycode(Grocycode::PRODUCT, $args['productId']);
+		return $this->ServeGrocycodeImage($request, $response, $gc);
+	}
+
+	public function ProductGroupEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		if ($args['productGroupId'] == 'new')
 		{
-			return $this->AppContainer->view->render($response, 'productgroupform', [
-				'mode' => 'create'
+			return $this->renderPage($response, 'productgroupform', [
+				'mode' => 'create',
+				'userfields' => $this->getUserfieldsService()->GetFields('product_groups')
 			]);
 		}
 		else
 		{
-			return $this->AppContainer->view->render($response, 'productgroupform', [
-				'group' =>  $this->Database->product_groups($args['productGroupId']),
-				'mode' => 'edit'
+			return $this->renderPage($response, 'productgroupform', [
+				'group' => $this->getDatabase()->product_groups($args['productGroupId']),
+				'mode' => 'edit',
+				'userfields' => $this->getUserfieldsService()->GetFields('product_groups')
 			]);
 		}
 	}
 
-	public function QuantityUnitEditForm(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function ProductGroupsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'productgroups', [
+			'productGroups' => $this->getDatabase()->product_groups()->orderBy('name', 'COLLATE NOCASE'),
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'userfields' => $this->getUserfieldsService()->GetFields('product_groups'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('product_groups')
+		]);
+	}
+
+	public function ProductsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$products = $this->getDatabase()->products();
+		if (!isset($request->getQueryParams()['include_disabled']))
+		{
+			$products = $products->where('active = 1');
+		}
+
+		if (isset($request->getQueryParams()['only_in_stock']))
+		{
+			$products = $products->where('id IN (SELECT product_id from stock_current WHERE amount_aggregated > 0)');
+		}
+
+		$products = $products->orderBy('name', 'COLLATE NOCASE');
+
+		return $this->renderPage($response, 'products', [
+			'products' => $products,
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'productGroups' => $this->getDatabase()->product_groups()->orderBy('name', 'COLLATE NOCASE'),
+			'shoppingLocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+			'userfields' => $this->getUserfieldsService()->GetFields('products'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('products')
+		]);
+	}
+
+	public function Purchase(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'purchase', [
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'barcodes' => $this->getDatabase()->product_barcodes_comma_separated(),
+			'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved()
+		]);
+	}
+
+	public function QuantityUnitConversionEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$product = null;
+
+		if (isset($request->getQueryParams()['product']))
+		{
+			$product = $this->getDatabase()->products($request->getQueryParams()['product']);
+		}
+
+		$defaultQuUnit = null;
+
+		if (isset($request->getQueryParams()['qu-unit']))
+		{
+			$defaultQuUnit = $this->getDatabase()->quantity_units($request->getQueryParams()['qu-unit']);
+		}
+
+		if ($args['quConversionId'] == 'new')
+		{
+			return $this->renderPage($response, 'quantityunitconversionform', [
+				'mode' => 'create',
+				'userfields' => $this->getUserfieldsService()->GetFields('quantity_unit_conversions'),
+				'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'product' => $product,
+				'defaultQuUnit' => $defaultQuUnit
+			]);
+		}
+		else
+		{
+			return $this->renderPage($response, 'quantityunitconversionform', [
+				'quConversion' => $this->getDatabase()->quantity_unit_conversions($args['quConversionId']),
+				'mode' => 'edit',
+				'userfields' => $this->getUserfieldsService()->GetFields('quantity_unit_conversions'),
+				'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'product' => $product,
+				'defaultQuUnit' => $defaultQuUnit
+			]);
+		}
+	}
+
+	public function QuantityUnitEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		if ($args['quantityunitId'] == 'new')
 		{
-			return $this->AppContainer->view->render($response, 'quantityunitform', [
-				'mode' => 'create'
+			return $this->renderPage($response, 'quantityunitform', [
+				'mode' => 'create',
+				'userfields' => $this->getUserfieldsService()->GetFields('quantity_units'),
+				'pluralCount' => $this->getLocalizationService()->GetPluralCount(),
+				'pluralRule' => $this->getLocalizationService()->GetPluralDefinition()
 			]);
 		}
 		else
 		{
-			return $this->AppContainer->view->render($response, 'quantityunitform', [
-				'quantityunit' =>  $this->Database->quantity_units($args['quantityunitId']),
-				'mode' => 'edit'
+			$quantityUnit = $this->getDatabase()->quantity_units($args['quantityunitId']);
+
+			return $this->renderPage($response, 'quantityunitform', [
+				'quantityUnit' => $quantityUnit,
+				'mode' => 'edit',
+				'userfields' => $this->getUserfieldsService()->GetFields('quantity_units'),
+				'pluralCount' => $this->getLocalizationService()->GetPluralCount(),
+				'pluralRule' => $this->getLocalizationService()->GetPluralDefinition(),
+				'defaultQuConversions' => $this->getDatabase()->quantity_unit_conversions()->where('from_qu_id = :1 AND product_id IS NULL', $quantityUnit->id),
+				'quantityUnits' => $this->getDatabase()->quantity_units()
 			]);
 		}
 	}
 
-	public function ShoppingListItemEditForm(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function QuantityUnitPluralFormTesting(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'quantityunitpluraltesting', [
+			'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE')
+		]);
+	}
+
+	public function QuantityUnitsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'quantityunits', [
+			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'userfields' => $this->getUserfieldsService()->GetFields('quantity_units'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('quantity_units')
+		]);
+	}
+
+	public function ShoppingList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$listId = 1;
+
+		if (isset($request->getQueryParams()['list']))
+		{
+			$listId = $request->getQueryParams()['list'];
+		}
+
+		return $this->renderPage($response, 'shoppinglist', [
+			'listItems' => $this->getDatabase()->uihelper_shopping_list()->where('shopping_list_id = :1', $listId),
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'missingProducts' => $this->getStockService()->GetMissingProducts(),
+			'shoppingLists' => $this->getDatabase()->shopping_lists()->orderBy('name', 'COLLATE NOCASE'),
+			'selectedShoppingListId' => $listId,
+			'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved(),
+			'productUserfields' => $this->getUserfieldsService()->GetFields('products'),
+			'productUserfieldValues' => $this->getUserfieldsService()->GetAllValues('products'),
+			'userfields' => $this->getUserfieldsService()->GetFields('shopping_list'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('shopping_list')
+		]);
+	}
+
+	public function ShoppingListEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if ($args['listId'] == 'new')
+		{
+			return $this->renderPage($response, 'shoppinglistform', [
+				'mode' => 'create',
+				'userfields' => $this->getUserfieldsService()->GetFields('shopping_lists')
+			]);
+		}
+		else
+		{
+			return $this->renderPage($response, 'shoppinglistform', [
+				'shoppingList' => $this->getDatabase()->shopping_lists($args['listId']),
+				'mode' => 'edit',
+				'userfields' => $this->getUserfieldsService()->GetFields('shopping_lists')
+			]);
+		}
+	}
+
+	public function ShoppingListItemEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		if ($args['itemId'] == 'new')
 		{
-			return $this->AppContainer->view->render($response, 'shoppinglistform', [
-				'products' =>  $this->Database->products()->orderBy('name'),
-				'mode' => 'create'
+			return $this->renderPage($response, 'shoppinglistitemform', [
+				'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+				'shoppingLists' => $this->getDatabase()->shopping_lists()->orderBy('name', 'COLLATE NOCASE'),
+				'mode' => 'create',
+				'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved(),
+				'userfields' => $this->getUserfieldsService()->GetFields('shopping_list')
 			]);
 		}
 		else
 		{
-			return $this->AppContainer->view->render($response, 'shoppinglistform', [
-				'listItem' =>  $this->Database->shopping_list($args['itemId']),
-				'products' =>  $this->Database->products()->orderBy('name'),
-				'mode' => 'edit'
+			return $this->renderPage($response, 'shoppinglistitemform', [
+				'listItem' => $this->getDatabase()->shopping_list($args['itemId']),
+				'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+				'shoppingLists' => $this->getDatabase()->shopping_lists()->orderBy('name', 'COLLATE NOCASE'),
+				'mode' => 'edit',
+				'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved(),
+				'userfields' => $this->getUserfieldsService()->GetFields('shopping_list')
 			]);
 		}
 	}
 
-	public function Journal(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function ShoppingListSettings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->AppContainer->view->render($response, 'stockjournal', [
-			'stockLog' => $this->Database->stock_log()->orderBy('row_created_timestamp', 'DESC'),
-			'products' => $this->Database->products()->orderBy('name'),
-			'quantityunits' => $this->Database->quantity_units()->orderBy('name')
+		return $this->renderPage($response, 'shoppinglistsettings');
+	}
+
+	public function ShoppingLocationEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if ($args['shoppingLocationId'] == 'new')
+		{
+			return $this->renderPage($response, 'shoppinglocationform', [
+				'mode' => 'create',
+				'userfields' => $this->getUserfieldsService()->GetFields('shopping_locations')
+			]);
+		}
+		else
+		{
+			return $this->renderPage($response, 'shoppinglocationform', [
+				'shoppinglocation' => $this->getDatabase()->shopping_locations($args['shoppingLocationId']),
+				'mode' => 'edit',
+				'userfields' => $this->getUserfieldsService()->GetFields('shopping_locations')
+			]);
+		}
+	}
+
+	public function ShoppingLocationsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'shoppinglocations', [
+			'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+			'userfields' => $this->getUserfieldsService()->GetFields('shopping_locations'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('shopping_locations')
+		]);
+	}
+
+	public function StockEntryEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'stockentryform', [
+			'stockEntry' => $this->getDatabase()->stock()->where('id', $args['entryId'])->fetch(),
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE')
+		]);
+	}
+
+	public function StockEntryGrocycodeImage(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$stockEntry = $this->getDatabase()->stock()->where('id', $args['entryId'])->fetch();
+		$gc = new Grocycode(Grocycode::PRODUCT, $stockEntry->product_id, [$stockEntry->stock_id]);
+		return $this->ServeGrocycodeImage($request, $response, $gc);
+	}
+
+	public function StockEntryGrocycodeLabel(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$stockEntry = $this->getDatabase()->stock()->where('id', $args['entryId'])->fetch();
+		return $this->renderPage($response, 'stockentrylabel', [
+			'stockEntry' => $stockEntry,
+			'product' => $this->getDatabase()->products($stockEntry->product_id),
+		]);
+	}
+
+	public function StockSettings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'stocksettings', [
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'productGroups' => $this->getDatabase()->product_groups()->orderBy('name', 'COLLATE NOCASE')
+		]);
+	}
+
+	public function Stockentries(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$usersService = $this->getUsersService();
+		$nextXDays = $usersService->GetUserSettings(GROCY_USER_ID)['stock_due_soon_days'];
+
+		return $this->renderPage($response, 'stockentries', [
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+			'stockEntries' => $this->getDatabase()->stock()->orderBy('product_id'),
+			'currentStockLocations' => $this->getStockService()->GetCurrentStockLocations(),
+			'nextXDays' => $nextXDays,
+			'userfields' => $this->getUserfieldsService()->GetFields('products'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('products')
+		]);
+	}
+
+	public function Transfer(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'transfer', [
+			'products' => $this->getDatabase()->products()->where('active = 1')->where('id IN (SELECT product_id from stock_current WHERE amount_aggregated > 0)')->orderBy('name', 'COLLATE NOCASE'),
+			'barcodes' => $this->getDatabase()->product_barcodes_comma_separated(),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved()
+		]);
+	}
+
+	public function JournalSummary(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$entries = $this->getDatabase()->uihelper_stock_journal_summary();
+		if (isset($request->getQueryParams()['product_id']))
+		{
+			$entries = $entries->where('product_id', $request->getQueryParams()['product_id']);
+		}
+		if (isset($request->getQueryParams()['user_id']))
+		{
+			$entries = $entries->where('user_id', $request->getQueryParams()['user_id']);
+		}
+		if (isset($request->getQueryParams()['transaction_type']))
+		{
+			$entries = $entries->where('transaction_type', $request->getQueryParams()['transaction_type']);
+		}
+
+		$usersService = $this->getUsersService();
+		return $this->renderPage($response, 'stockjournalsummary', [
+			'entries' => $entries,
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'users' => $usersService->GetUsersAsDto(),
+			'transactionTypes' => GetClassConstants('\Grocy\Services\StockService', 'TRANSACTION_TYPE_')
 		]);
 	}
 }

controllers/SystemApiController.php

@@ -2,37 +2,80 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\DatabaseService;
-use \Grocy\Services\ApplicationService;
-
 class SystemApiController extends BaseApiController
 {
-	public function __construct(\Slim\Container $container)
+	public function GetConfig(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		parent::__construct($container);
-		$this->DatabaseService = new DatabaseService();
-		$this->ApplicationService = new ApplicationService();
+		try
+		{
+			$constants = get_defined_constants();
+
+			// Some GROCY_* constants are not really config settings and therefore should not be exposed
+			unset($constants['GROCY_AUTHENTICATED'], $constants['GROCY_DATAPATH'], $constants['GROCY_IS_EMBEDDED_INSTALL'], $constants['GROCY_USER_ID']);
+
+			$returnArray = [];
+
+			foreach ($constants as $constant => $value)
+			{
+				if (substr($constant, 0, 6) === 'GROCY_')
+				{
+					$returnArray[substr($constant, 6)] = $value;
+				}
 			}
 
-	protected $DatabaseService;
-	protected $ApplicationService;
-
-	public function GetDbChangedTime(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+			return $this->ApiResponse($response, $returnArray);
+		}
+		catch (\Exception $ex)
 		{
-		return $this->ApiResponse(array(
-			'changed_time' => $this->DatabaseService->GetDbChangedTime()
-		));
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
 	}
 
-	public function LogMissingLocalization(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function GetDbChangedTime(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->ApiResponse($response, [
+			'changed_time' => $this->getDatabaseService()->GetDbChangedTime()
+		]);
+	}
+
+	public function GetSystemInfo(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->ApiResponse($response, $this->getApplicationService()->GetSystemInfo());
+	}
+
+	public function GetSystemTime(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			$offset = 0;
+			$params = $request->getQueryParams();
+			if (isset($params['offset']))
+			{
+				if (filter_var($params['offset'], FILTER_VALIDATE_INT) === false)
+				{
+					throw new \Exception('Query parameter "offset" is not a valid integer');
+				}
+
+				$offset = $params['offset'];
+			}
+
+			return $this->ApiResponse($response, $this->getApplicationService()->GetSystemTime($offset));
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function LogMissingLocalization(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		if (GROCY_MODE === 'dev')
 		{
 			try
 			{
-				$requestBody = $request->getParsedBody();
+				$requestBody = $this->GetParsedAndFilteredRequestBody($request);
 
-				$this->LocalizationService->LogMissingLocalization(GROCY_CULTURE, $requestBody['text']);
+				$this->getLocalizationService()->CheckAndAddMissingTranslationToPot($requestBody['text']);
 				return $this->EmptyApiResponse($response);
 			}
 			catch (\Exception $ex)
@@ -42,8 +85,8 @@ class SystemApiController extends BaseApiController
 		}
 	}
 
-	public function GetSystemInfo(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function GetLocalizationStrings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->ApiResponse($this->ApplicationService->GetSystemInfo());
+		return $this->ApiResponse($response, json_decode($this->getLocalizationService()->GetPoAsJsonString()), true);
 	}
 }

controllers/SystemController.php

@@ -2,40 +2,111 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\ApplicationService;
-use \Grocy\Services\DatabaseMigrationService;
-use \Grocy\Services\DemoDataGeneratorService;
+use Grocy\Services\DatabaseMigrationService;
+use Grocy\Services\DemoDataGeneratorService;
 
 class SystemController extends BaseController
 {
-	public function __construct(\Slim\Container $container)
+	public function About(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		parent::__construct($container);
-		$this->ApplicationService = new ApplicationService();
+		return $this->renderPage($response, 'about', [
+			'system_info' => $this->getApplicationService()->GetSystemInfo(),
+			'changelog' => $this->getApplicationService()->GetChangelog()
+		]);
 	}
 
-	protected $ApplicationService;
+	public function BarcodeScannerTesting(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'barcodescannertesting');
+	}
 
-	public function Root(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function Root(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		// Schema migration is done here
-		$databaseMigrationService = new DatabaseMigrationService();
+		$databaseMigrationService = DatabaseMigrationService::getInstance();
 		$databaseMigrationService->MigrateDatabase();
 
-		if (GROCY_IS_DEMO_INSTALL)
+		if (GROCY_MODE === 'dev' || GROCY_MODE === 'demo' || GROCY_MODE === 'prerelease')
 		{
-			$demoDataGeneratorService = new DemoDataGeneratorService();
+			$demoDataGeneratorService = DemoDataGeneratorService::getInstance();
 			$demoDataGeneratorService->PopulateDemoData();
 		}
 
-		return $response->withRedirect($this->AppContainer->UrlManager->ConstructUrl('/stockoverview'));
+		return $response->withRedirect($this->AppContainer->get('UrlManager')->ConstructUrl($this->GetEntryPageRelative()));
 	}
 
-	public function About(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	/**
+	 * Get the entry page of the application based on the value of the entry page setting.
+	 *
+	 * We fallback to the about page when no entry page is specified or
+	 * when the specified entry page has been disabled.
+	 *
+	 * @return string
+	 */
+	private function GetEntryPageRelative()
 	{
-		return $this->AppContainer->view->render($response, 'about', [
-			'system_info' => $this->ApplicationService->GetSystemInfo(),
-			'changelog' => $this->ApplicationService->GetChangelog()
-		]);
+		if (defined('GROCY_ENTRY_PAGE'))
+		{
+			$entryPage = constant('GROCY_ENTRY_PAGE');
+		}
+		else
+		{
+			$entryPage = 'stock';
+		}
+
+		// Stock
+		if ($entryPage === 'stock' && constant('GROCY_FEATURE_FLAG_STOCK'))
+		{
+			return '/stockoverview';
+		}
+
+		// Shoppinglist
+		if ($entryPage === 'shoppinglist' && constant('GROCY_FEATURE_FLAG_SHOPPINGLIST'))
+		{
+			return '/shoppinglist';
+		}
+
+		// Recipes
+		if ($entryPage === 'recipes' && constant('GROCY_FEATURE_FLAG_RECIPES'))
+		{
+			return '/recipes';
+		}
+
+		// Chores
+		if ($entryPage === 'chores' && constant('GROCY_FEATURE_FLAG_CHORES'))
+		{
+			return '/choresoverview';
+		}
+
+		// Tasks
+		if ($entryPage === 'tasks' && constant('GROCY_FEATURE_FLAG_TASKS'))
+		{
+			return '/tasks';
+		}
+
+		// Batteries
+		if ($entryPage === 'batteries' && constant('GROCY_FEATURE_FLAG_BATTERIES'))
+		{
+			return '/batteriesoverview';
+		}
+
+		if ($entryPage === 'equipment' && constant('GROCY_FEATURE_FLAG_EQUIPMENT'))
+		{
+			return '/equipment';
+		}
+
+		// Calendar
+		if ($entryPage === 'calendar' && constant('GROCY_FEATURE_FLAG_CALENDAR'))
+		{
+			return '/calendar';
+		}
+
+		// Meal Plan
+		if ($entryPage === 'mealplan' && constant('GROCY_FEATURE_FLAG_RECIPES'))
+		{
+			return '/mealplan';
+		}
+
+		return '/about';
 	}
 }

controllers/TasksApiController.php

@@ -2,36 +2,46 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\TasksService;
+use Grocy\Controllers\Users\User;
 
 class TasksApiController extends BaseApiController
 {
-	public function __construct(\Slim\Container $container)
+	public function Current(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		parent::__construct($container);
-		$this->TasksService = new TasksService();
+		return $this->FilteredApiResponse($response, $this->getTasksService()->GetCurrent(), $request->getQueryParams());
 	}
 
-	protected $TasksService;
-
-	public function Current(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function MarkTaskAsCompleted(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->ApiResponse($this->TasksService->GetCurrent());
-	}
+		User::checkPermission($request, User::PERMISSION_TASKS_MARK_COMPLETED);
 
-	public function MarkTaskAsCompleted(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		$requestBody = $request->getParsedBody();
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);
 
 		try
 		{
 			$doneTime = date('Y-m-d H:i:s');
+
 			if (array_key_exists('done_time', $requestBody) && IsIsoDateTime($requestBody['done_time']))
 			{
 				$doneTime = $requestBody['done_time'];
 			}
 
-			$this->TasksService->MarkTaskAsCompleted($args['taskId'], $doneTime);
+			$this->getTasksService()->MarkTaskAsCompleted($args['taskId'], $doneTime);
+			return $this->EmptyApiResponse($response);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function UndoTask(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_TASKS_UNDO_EXECUTION);
+
+		try
+		{
+			$this->getTasksService()->UndoTask($args['taskId']);
 			return $this->EmptyApiResponse($response);
 		}
 		catch (\Exception $ex)

controllers/TasksController.php

@@ -2,79 +2,85 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\TasksService;
-
 class TasksController extends BaseController
 {
-	public function __construct(\Slim\Container $container)
-	{
-		parent::__construct($container);
-		$this->TasksService = new TasksService();
-	}
-
-	protected $TasksService;
-
-	public function Overview(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		if (isset($request->getQueryParams()['include_done']))
 		{
-			$tasks = $this->Database->tasks()->orderBy('name');
+			$tasks = $this->getDatabase()->tasks()->orderBy('name', 'COLLATE NOCASE');
 		}
 		else
 		{
-			$tasks = $this->TasksService->GetCurrent();
+			$tasks = $this->getTasksService()->GetCurrent();
 		}
 
-		return $this->AppContainer->view->render($response, 'tasks', [
+		$usersService = $this->getUsersService();
+		$nextXDays = $usersService->GetUserSettings(GROCY_USER_ID)['tasks_due_soon_days'];
+
+		return $this->renderPage($response, 'tasks', [
 			'tasks' => $tasks,
-			'nextXDays' => 5,
-			'taskCategories' => $this->Database->task_categories()->orderBy('name'),
-			'users' => $this->Database->users()
+			'nextXDays' => $nextXDays,
+			'taskCategories' => $this->getDatabase()->task_categories()->orderBy('name', 'COLLATE NOCASE'),
+			'users' => $this->getDatabase()->users(),
+			'userfields' => $this->getUserfieldsService()->GetFields('tasks'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('tasks')
 		]);
 	}
 
-	public function TaskEditForm(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function TaskCategoriesList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		if ($args['taskId'] == 'new')
-		{
-			return $this->AppContainer->view->render($response, 'taskform', [
-				'mode' => 'create',
-				'taskCategories' => $this->Database->task_categories()->orderBy('name'),
-				'users' => $this->Database->users()->orderBy('username')
-			]);
-		}
-		else
-		{
-			return $this->AppContainer->view->render($response, 'taskform', [
-				'task' =>  $this->Database->tasks($args['taskId']),
-				'mode' => 'edit',
-				'taskCategories' => $this->Database->task_categories()->orderBy('name'),
-				'users' => $this->Database->users()->orderBy('username')
-			]);
-		}
-	}
-
-	public function TaskCategoriesList(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		return $this->AppContainer->view->render($response, 'taskcategories', [
-			'taskCategories' => $this->Database->task_categories()->orderBy('name')
+		return $this->renderPage($response, 'taskcategories', [
+			'taskCategories' => $this->getDatabase()->task_categories()->orderBy('name', 'COLLATE NOCASE'),
+			'userfields' => $this->getUserfieldsService()->GetFields('task_categories'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('task_categories')
 		]);
 	}
 
-	public function TaskCategoryEditForm(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function TaskCategoryEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		if ($args['categoryId'] == 'new')
 		{
-			return $this->AppContainer->view->render($response, 'taskcategoryform', [
-				'mode' => 'create'
+			return $this->renderPage($response, 'taskcategoryform', [
+				'mode' => 'create',
+				'userfields' => $this->getUserfieldsService()->GetFields('task_categories')
 			]);
 		}
 		else
 		{
-			return $this->AppContainer->view->render($response, 'taskcategoryform', [
-				'category' =>  $this->Database->task_categories($args['categoryId']),
-				'mode' => 'edit'
+			return $this->renderPage($response, 'taskcategoryform', [
+				'category' => $this->getDatabase()->task_categories($args['categoryId']),
+				'mode' => 'edit',
+				'userfields' => $this->getUserfieldsService()->GetFields('task_categories')
 			]);
 		}
 	}
+
+	public function TaskEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if ($args['taskId'] == 'new')
+		{
+			return $this->renderPage($response, 'taskform', [
+				'mode' => 'create',
+				'taskCategories' => $this->getDatabase()->task_categories()->orderBy('name', 'COLLATE NOCASE'),
+				'users' => $this->getDatabase()->users()->orderBy('username'),
+				'userfields' => $this->getUserfieldsService()->GetFields('tasks')
+			]);
+		}
+		else
+		{
+			return $this->renderPage($response, 'taskform', [
+				'task' => $this->getDatabase()->tasks($args['taskId']),
+				'mode' => 'edit',
+				'taskCategories' => $this->getDatabase()->task_categories()->orderBy('name', 'COLLATE NOCASE'),
+				'users' => $this->getDatabase()->users()->orderBy('username'),
+				'userfields' => $this->getUserfieldsService()->GetFields('tasks')
+			]);
+		}
+	}
+
+	public function TasksSettings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'taskssettings');
+	}
 }

controllers/Users/PermissionMissingException.php

@@ -0,0 +1,15 @@
+<?php
+
+namespace Grocy\Controllers\Users;
+
+use Psr\Http\Message\ServerRequestInterface;
+use Slim\Exception\HttpForbiddenException;
+use Throwable;
+
+class PermissionMissingException extends HttpForbiddenException
+{
+	public function __construct(ServerRequestInterface $request, string $permission, ?Throwable $previous = null)
+	{
+		parent::__construct($request, 'Permission missing: ' . $permission, $previous);
+	}
+}

controllers/Users/User.php

@@ -0,0 +1,128 @@
+<?php
+
+namespace Grocy\Controllers\Users;
+
+use Grocy\Services\DatabaseService;
+use LessQL\Result;
+
+class User
+{
+	const PERMISSION_ADMIN = 'ADMIN';
+
+	const PERMISSION_BATTERIES = 'BATTERIES';
+
+	const PERMISSION_BATTERIES_TRACK_CHARGE_CYCLE = 'BATTERIES_TRACK_CHARGE_CYCLE';
+
+	const PERMISSION_BATTERIES_UNDO_CHARGE_CYCLE = 'BATTERIES_UNDO_CHARGE_CYCLE';
+
+	const PERMISSION_CALENDAR = 'CALENDAR';
+
+	const PERMISSION_CHORES = 'CHORES';
+
+	const PERMISSION_CHORE_TRACK_EXECUTION = 'CHORE_TRACK_EXECUTION';
+
+	const PERMISSION_CHORE_UNDO_EXECUTION = 'CHORE_UNDO_EXECUTION';
+
+	const PERMISSION_EQUIPMENT = 'EQUIPMENT';
+
+	const PERMISSION_MASTER_DATA_EDIT = 'MASTER_DATA_EDIT';
+
+	const PERMISSION_RECIPES = 'RECIPES';
+
+	const PERMISSION_RECIPES_MEALPLAN = 'RECIPES_MEALPLAN';
+
+	const PERMISSION_SHOPPINGLIST = 'SHOPPINGLIST';
+
+	const PERMISSION_SHOPPINGLIST_ITEMS_ADD = 'SHOPPINGLIST_ITEMS_ADD';
+
+	const PERMISSION_SHOPPINGLIST_ITEMS_DELETE = 'SHOPPINGLIST_ITEMS_DELETE';
+
+	const PERMISSION_STOCK = 'STOCK';
+
+	const PERMISSION_STOCK_CONSUME = 'STOCK_CONSUME';
+
+	const PERMISSION_STOCK_EDIT = 'STOCK_EDIT';
+
+	const PERMISSION_STOCK_INVENTORY = 'STOCK_INVENTORY';
+
+	const PERMISSION_STOCK_OPEN = 'STOCK_OPEN';
+
+	const PERMISSION_STOCK_PURCHASE = 'STOCK_PURCHASE';
+
+	const PERMISSION_STOCK_TRANSFER = 'STOCK_TRANSFER';
+
+	const PERMISSION_TASKS = 'TASKS';
+
+	const PERMISSION_TASKS_MARK_COMPLETED = 'TASKS_MARK_COMPLETED';
+
+	const PERMISSION_TASKS_UNDO_EXECUTION = 'TASKS_UNDO_EXECUTION';
+
+	const PERMISSION_USERS = 'USERS';
+
+	const PERMISSION_USERS_CREATE = 'USERS_CREATE';
+
+	const PERMISSION_USERS_EDIT = 'USERS_EDIT';
+
+	const PERMISSION_USERS_EDIT_SELF = 'USERS_EDIT_SELF';
+
+	const PERMISSION_USERS_READ = 'USERS_READ';
+
+	public function __construct()
+	{
+		$this->db = DatabaseService::getInstance()->GetDbConnection();
+	}
+
+	/**
+	 * @var \LessQL\Database|null
+	 */
+	protected $db;
+
+	public static function PermissionList()
+	{
+		$user = new self();
+		return $user->getPermissionList();
+	}
+
+	public static function checkPermission($request, string ...$permissions): void
+	{
+		$user = new self();
+
+		foreach ($permissions as $permission)
+		{
+			if (!$user->hasPermission($permission))
+			{
+				throw new PermissionMissingException($request, $permission);
+			}
+		}
+	}
+
+	public function getPermissionList()
+	{
+		return $this->db->uihelper_user_permissions()->where('user_id', GROCY_USER_ID);
+	}
+
+	public function hasPermission(string $permission): bool
+	{
+		return $this->getPermissions()->where('permission_name', $permission)->fetch() !== null;
+	}
+
+	public static function hasPermissions(string ...$permissions)
+	{
+		$user = new self();
+
+		foreach ($permissions as $permission)
+		{
+			if (!$user->hasPermission($permission))
+			{
+				return false;
+			}
+		}
+
+		return true;
+	}
+
+	protected function getPermissions(): Result
+	{
+		return $this->db->user_permissions_resolved()->where('user_id', GROCY_USER_ID);
+	}
+}

controllers/UsersApiController.php

@@ -2,23 +2,26 @@
 
 namespace Grocy\Controllers;
 
-use \Grocy\Services\UsersService;
+use Grocy\Controllers\Users\User;
 
 class UsersApiController extends BaseApiController
 {
-	public function __construct(\Slim\Container $container)
-	{
-		parent::__construct($container);
-		$this->UsersService = new UsersService();
-	}
-
-	protected $UsersService;
-
-	public function GetUsers(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function AddPermission(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
 		{
-			return $this->ApiResponse($this->UsersService->GetUsersAsDto());
+			User::checkPermission($request, User::PERMISSION_ADMIN);
+			$requestBody = $this->GetParsedAndFilteredRequestBody($request);
+
+			$this->getDatabase()->user_permissions()->createRow([
+				'user_id' => $args['userId'],
+				'permission_id' => $requestBody['permission_id']
+			])->save();
+			return $this->EmptyApiResponse($response);
+		}
+		catch (\Slim\Exception\HttpSpecializedException $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage(), $ex->getCode());
 		}
 		catch (\Exception $ex)
 		{
@@ -26,9 +29,10 @@ class UsersApiController extends BaseApiController
 		}
 	}
 
-	public function CreateUser(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function CreateUser(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$requestBody = $request->getParsedBody();
+		User::checkPermission($request, User::PERMISSION_USERS_CREATE);
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);
 
 		try
 		{
@@ -37,7 +41,7 @@ class UsersApiController extends BaseApiController
 				throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
 			}
 
-			$this->UsersService->CreateUser($requestBody['username'], $requestBody['first_name'], $requestBody['last_name'], $requestBody['password']);
+			$this->getUsersService()->CreateUser($requestBody['username'], $requestBody['first_name'], $requestBody['last_name'], $requestBody['password'], $requestBody['picture_file_name']);
 			return $this->EmptyApiResponse($response);
 		}
 		catch (\Exception $ex)
@@ -46,12 +50,50 @@ class UsersApiController extends BaseApiController
 		}
 	}
 
-	public function DeleteUser(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function DeleteUser(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_USERS_EDIT);
+		try
+		{
+			$this->getUsersService()->DeleteUser($args['userId']);
+			return $this->EmptyApiResponse($response);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function EditUser(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if ($args['userId'] == GROCY_USER_ID)
+		{
+			User::checkPermission($request, User::PERMISSION_USERS_EDIT_SELF);
+		}
+		else
+		{
+			User::checkPermission($request, User::PERMISSION_USERS_EDIT);
+		}
+
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);
+
+		try
+		{
+			$this->getUsersService()->EditUser($args['userId'], $requestBody['username'], $requestBody['first_name'], $requestBody['last_name'], $requestBody['password'], $requestBody['picture_file_name']);
+			return $this->EmptyApiResponse($response);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function GetUserSetting(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
 		{
-			$this->UsersService->DeleteUser($args['userId']);
-			return $this->EmptyApiResponse($response);
+			$value = $this->getUsersService()->GetUserSetting(GROCY_USER_ID, $args['settingKey']);
+			return $this->ApiResponse($response, ['value' => $value]);
 		}
 		catch (\Exception $ex)
 		{
@@ -59,13 +101,116 @@ class UsersApiController extends BaseApiController
 		}
 	}
 
-	public function EditUser(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function GetUserSettings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
+		try
+		{
+			return $this->ApiResponse($response, $this->getUsersService()->GetUserSettings(GROCY_USER_ID));
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function GetUsers(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_USERS_READ);
+		try
+		{
+			return $this->FilteredApiResponse($response, $this->getUsersService()->GetUsersAsDto(), $request->getQueryParams());
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function CurrentUser(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			return $this->ApiResponse($response, $this->getUsersService()->GetUsersAsDto()->where('id', GROCY_USER_ID));
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function ListPermissions(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			User::checkPermission($request, User::PERMISSION_ADMIN);
+
+			return $this->ApiResponse(
+				$response,
+				$this->getDatabase()->user_permissions()->where('user_id', $args['userId'])
+			);
+		}
+		catch (\Slim\Exception\HttpSpecializedException $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage(), $ex->getCode());
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function SetPermissions(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			User::checkPermission($request, User::PERMISSION_ADMIN);
+
 			$requestBody = $request->getParsedBody();
+			$db = $this->getDatabase();
+			$db->user_permissions()
+				->where('user_id', $args['userId'])
+				->delete();
 
+			$perms = [];
+			if (GROCY_MODE === 'demo' || GROCY_MODE === 'prerelease')
+			{
+				// For demo mode always all users have and keep the ADMIN permission
+				$perms[] = [
+					'user_id' => $args['userId'],
+					'permission_id' => 1
+				];
+			}
+			else
+			{
+				foreach ($requestBody['permissions'] as $perm_id)
+				{
+					$perms[] = [
+						'user_id' => $args['userId'],
+						'permission_id' => $perm_id
+					];
+				}
+			}
+			$db->insert('user_permissions', $perms, 'batch');
+
+			return $this->EmptyApiResponse($response);
+		}
+		catch (\Slim\Exception\HttpSpecializedException $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage(), $ex->getCode());
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function SetUserSetting(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
 		try
 		{
-			$this->UsersService->EditUser($args['userId'], $requestBody['username'], $requestBody['first_name'], $requestBody['last_name'], $requestBody['password']);
+			$requestBody = $this->GetParsedAndFilteredRequestBody($request);
+
+			$value = $this->getUsersService()->SetUserSetting(GROCY_USER_ID, $args['settingKey'], $requestBody['value']);
 			return $this->EmptyApiResponse($response);
 		}
 		catch (\Exception $ex)
@@ -74,26 +219,11 @@ class UsersApiController extends BaseApiController
 		}
 	}
 
-	public function GetUserSetting(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function DeleteUserSetting(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
 		{
-			$value = $this->UsersService->GetUserSetting(GROCY_USER_ID, $args['settingKey']);
-			return $this->ApiResponse(array('value' => $value));
-		}
-		catch (\Exception $ex)
-		{
-			return $this->GenericErrorResponse($response, $ex->getMessage());
-		}
-	}
-
-	public function SetUserSetting(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
-	{
-		try
-		{
-			$requestBody = $request->getParsedBody();
-
-			$value = $this->UsersService->SetUserSetting(GROCY_USER_ID, $args['settingKey'], $requestBody['value']);
+			$value = $this->getUsersService()->DeleteUserSetting(GROCY_USER_ID, $args['settingKey']);
 			return $this->EmptyApiResponse($response);
 		}
 		catch (\Exception $ex)

controllers/UsersController.php

@@ -2,29 +2,71 @@
 
 namespace Grocy\Controllers;
 
+use Grocy\Controllers\Users\User;
+
 class UsersController extends BaseController
 {
-	public function UsersList(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function PermissionList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->AppContainer->view->render($response, 'users', [
-			'users' => $this->Database->users()->orderBy('username')
+		User::checkPermission($request, User::PERMISSION_USERS_READ);
+		return $this->renderPage($response, 'userpermissions', [
+			'user' => $this->getDatabase()->users($args['userId']),
+			'permissions' => $this->getDatabase()->uihelper_user_permissions()
+				->where('parent IS NULL')->where('user_id', $args['userId'])
 		]);
 	}
 
-	public function UserEditForm(\Slim\Http\Request $request, \Slim\Http\Response $response, array $args)
+	public function UserEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		if ($args['userId'] == 'new')
 		{
-			return $this->AppContainer->view->render($response, 'userform', [
-				'mode' => 'create'
+			User::checkPermission($request, User::PERMISSION_USERS_CREATE);
+			return $this->renderPage($response, 'userform', [
+				'mode' => 'create',
+				'userfields' => $this->getUserfieldsService()->GetFields('users')
 			]);
 		}
 		else
 		{
-			return $this->AppContainer->view->render($response, 'userform', [
-				'user' =>  $this->Database->users($args['userId']),
-				'mode' => 'edit'
+			if ($args['userId'] == GROCY_USER_ID)
+			{
+				User::checkPermission($request, User::PERMISSION_USERS_EDIT_SELF);
+			}
+			else
+			{
+				User::checkPermission($request, User::PERMISSION_USERS_EDIT);
+			}
+
+			return $this->renderPage($response, 'userform', [
+				'user' => $this->getDatabase()->users($args['userId']),
+				'mode' => 'edit',
+				'userfields' => $this->getUserfieldsService()->GetFields('users'),
+				'userfieldValues' => $this->getUserfieldsService()->GetAllValues('users')
 			]);
 		}
 	}
+
+	public function UserSettings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'usersettings', [
+			'languages' => array_filter(scandir(__DIR__ . '/../localization'), function ($item) {
+				if ($item == '.' || $item == '..')
+				{
+					return false;
+				}
+
+				return is_dir(__DIR__ . '/../localization/' . $item);
+			})
+		]);
+	}
+
+	public function UsersList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_USERS_READ);
+		return $this->renderPage($response, 'users', [
+			'users' => $this->getDatabase()->users()->orderBy('username'),
+			'userfields' => $this->getUserfieldsService()->GetFields('users'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('users')
+		]);
+	}
 }

data/.htaccess

@@ -0,0 +1 @@
+Deny from all

data/plugins/DemoBarcodeLookupPlugin.php

@@ -1,6 +1,6 @@
 <?php
 
-use \Grocy\Helpers\BaseBarcodeLookupPlugin;
+use Grocy\Helpers\BaseBarcodeLookupPlugin;
 
 /*
 	This class must extend BaseBarcodeLookupPlugin (in namespace \Grocy\Helpers)
@@ -14,7 +14,7 @@ class DemoBarcodeLookupPlugin extends BaseBarcodeLookupPlugin
 
 	/*
 		To try it:
-		Call the API function at /api/stock/external-barcode-lookup/{barcode}
+		Call the API function at /api/stock/barcodes/external-lookup/{barcode}
 
 		When you also add ?add=true as a query parameter to the API call,
 		on a successful lookup the product is added to the database and in the output
@@ -55,24 +55,24 @@ class DemoBarcodeLookupPlugin extends BaseBarcodeLookupPlugin
 	*/
 	protected function ExecuteLookup($barcode)
 	{
-		if ($barcode === 'x') // Demonstration when nothing is found
-		{
+		if ($barcode === 'x')
+		{ // Demonstration when nothing is found
 			return null;
 		}
-		elseif ($barcode === 'e') // Demonstration when an error occurred
-		{
+		elseif ($barcode === 'e')
+		{ // Demonstration when an error occurred
 			throw new \Exception('This is the error message from the plugin...');
 		}
 		else
 		{
-			return array(
+			return [
 				'name' => 'LookedUpProduct_' . RandomString(5),
 				'location_id' => $this->Locations[0]->id,
 				'qu_id_purchase' => $this->QuantityUnits[0]->id,
 				'qu_id_stock' => $this->QuantityUnits[0]->id,
 				'qu_factor_purchase_to_stock' => 1,
 				'barcode' => $barcode
-			);
+			];
 		}
 	}
 }

data/viewcache/.gitignore

@@ -1,2 +0,0 @@
-*
-!.gitignore

docs/grocycode.md

@@ -0,0 +1,66 @@
+grocycode
+==========
+
+grocycode is, in essence, a simple way to reference to arbitrary grocy entities.
+Each grocycode includes a magic, an entitiy identifier, an id and an ordered set of extra data.
+It is supported to be entered anywhere grocy expects one to read a barcode, but can also reference
+grocy-internal properties like specific stock entries, or specific batteries.
+
+Serialization
+----
+
+There are three mandatory parts in a grocycode:
+
+1. The magic `grcy`
+2. An entity identifer matching the regular expression `[a-z]+` (that is, lowercase english alphabet without any fancy accents, minimum length 1 character).
+3. An object identifer matching the regular expression `[0-9]+`
+
+Optionally, any number of further data without format restrictions besides not containing any double colons [0] may be appended.
+
+These parts are then linearly appended, seperated by a double colon `:`.
+
+Entity Identifers
+----
+
+Currently, there are three different entity types defined:
+
+- `p` for Products
+- `b` for Batteries
+- `c` for Chores
+
+Example
+----
+
+In this example, we encode a *Product* with ID *13*, which results in `grcy:p:13` when serialized.
+
+Product grocycodes
+----
+
+Product grocycodes extend the data format to include an optional stock id, thus may reference a specific stock entry directly.
+
+Example: `grcy:p:13:60bf8b5244b04`
+
+Battery grocycodes
+----
+
+Currently, Battery grocycodes do not define any extra fields.
+
+Chore grocycodes
+----
+
+Currently, Chore grocycodes do not define any extra fields.
+
+Visual Encoding
+----
+
+Grocy uses DataMatrix 2D (or alternatively Code128 1D) Barcodes to encode grocycodes into a visual representation. In principle, there is no problem with using
+other encoding formats like QR codes; however DataMatrix uses less space for the same information and redundancy and is a bit
+easier read by 2D barcode scanners, especially on non-flat surfaces.
+
+You can pick up cheap-ish used scanners from ebay (about 45€ in germany). Make sure to set them to the correct keyboard emulation,
+so that the double colons get entered correctly.
+
+
+Notes
+---
+[0]: Obviously, it needs to be encoded into some usable visual representation and then read. So probably you only want to encode stuff that can be typed on a keyboard.

docs/label-printing.md

@@ -0,0 +1,40 @@
+Label printing
+====
+
+To enable label printing, set `FEATURE_FLAG_LABEL_PRINTER` to `true`in your `config.php`. You also need to provide a webhook target that is responsible for printing.
+
+Why webhook?
+---
+
+Label printers come in all shapes and forms, and your particular one is probably not the one used by the author of this feature. Also, grocy may does not have a
+direct connection to a local label printer (e.g. grocy is hosted in a cloud vps). Thus, a lightweight implementation is provided by grocy: whenever something
+should print, a POST request to a configured URL is made. The target then is responsible for label printing.
+
+Reference implementation
+---
+
+The webhook was developed and tested against a Brother QL-600 label printer, using endless 62mm label paper. The webhook provider implementation was
+implemented into [a fork of brother_ql_web](https://github.com/mistressofjellyfish/brother_ql_web).
+
+Webhook request
+---
+
+Requests can be configured to be sent server-side (that is, from the machine hosting grocy through GuzzleHttp) or by an AJAX request directly from the browser.
+The latter is neccesary for situations where the grocy hosting machine cannot reach your label printer, however server-side requests are a bit faster and
+tend to be more stable.
+
+Both methods fire this request upon printing:
+
+```
+POST /your/printing/api/endpoint HTTP/1.1
+
+product=<productname>&grocycode=grocy:x:xxx&due_date=DD:%2021-06-09&...
+
+```
+
+If specified, the request body may also be JSON encoded, however the fields stay the same.
+
+Additional POST parameters (like the font to use) may be supplied in `config.php`. Keep in mind that these config values will be distributed to all clients on all requests
+if the webhook is configured to run client-side.
+
+The webhook receiver is required to layout and print the resulting label.

helpers/BaseBarcodeLookupPlugin.php

@@ -11,9 +11,8 @@ abstract class BaseBarcodeLookupPlugin
 	}
 
 	protected $Locations;
-	protected $QuantityUnits;
 
-	abstract protected function ExecuteLookup($barcode);
+	protected $QuantityUnits;
 
 	final public function Lookup($barcode)
 	{
@@ -29,20 +28,22 @@ abstract class BaseBarcodeLookupPlugin
 		{
 			throw new \Exception('Plugin output must be an associative array');
 		}
-		if (!IsAssociativeArray($pluginOutput)) // $pluginOutput is at least an indexed array here
-		{
+
+		if (!IsAssociativeArray($pluginOutput))
+		{ // $pluginOutput is at least an indexed array here
 			throw new \Exception('Plugin output must be an associative array');
 		}
 
 		// Check for minimum needed properties
-		$minimunNeededProperties = array(
+		$minimunNeededProperties = [
 			'name',
 			'location_id',
 			'qu_id_purchase',
 			'qu_id_stock',
 			'qu_factor_purchase_to_stock',
 			'barcode'
-		);
+		];
+
 		foreach ($minimunNeededProperties as $prop)
 		{
 			if (!array_key_exists($prop, $pluginOutput))
@@ -59,16 +60,19 @@ abstract class BaseBarcodeLookupPlugin
 		{
 			throw new \Exception("Location $locationId is not a valid location id");
 		}
+
 		$quIdPurchase = $pluginOutput['qu_id_purchase'];
 		if (FindObjectInArrayByPropertyValue($this->QuantityUnits, 'id', $quIdPurchase) === null)
 		{
 			throw new \Exception("Location $quIdPurchase is not a valid quantity unit id");
 		}
+
 		$quIdStock = $pluginOutput['qu_id_stock'];
 		if (FindObjectInArrayByPropertyValue($this->QuantityUnits, 'id', $quIdStock) === null)
 		{
 			throw new \Exception("Location $quIdStock is not a valid quantity unit id");
 		}
+
 		$quFactor = $pluginOutput['qu_factor_purchase_to_stock'];
 		if (empty($quFactor) || !is_numeric($quFactor))
 		{
@@ -77,4 +81,6 @@ abstract class BaseBarcodeLookupPlugin
 
 		return $pluginOutput;
 	}
+
+	abstract protected function ExecuteLookup($barcode);
 }

helpers/ConfigurationValidator.php

@@ -0,0 +1,84 @@
+<?php
+
+class EInvalidConfig extends Exception
+{
+}
+
+class ConfigurationValidator
+{
+	public function validateConfig()
+	{
+		self::checkMode();
+		self::checkDefaultLocale();
+		self::checkCurrencyFormat();
+		self::checkFirstDayOfWeek();
+		self::checkEntryPage();
+		self::checkMealplanFirstDayOfWeek();
+		self::checkAutoNightModeRange();
+	}
+
+	private function checkMode()
+	{
+		$allowedModes = ['production', 'dev', 'demo', 'prerelease'];
+		if (!in_array(GROCY_MODE, $allowedModes))
+		{
+			throw new EInvalidConfig('Invalid mode "' . GROCY_MODE . '" set, only ' . implode(', ', $allowedModes) . ' allowed');
+		}
+	}
+
+	private function checkDefaultLocale()
+	{
+		if (!file_exists(__DIR__ . '/../localization/' . GROCY_DEFAULT_LOCALE))
+		{
+			throw new EInvalidConfig('Invalid locale "' . GROCY_DEFAULT_LOCALE . '" set, locale needs to exist in folder localization');
+		}
+	}
+
+	private function checkFirstDayOfWeek()
+	{
+		if (!(GROCY_CALENDAR_FIRST_DAY_OF_WEEK == '' ||
+			(is_numeric(GROCY_CALENDAR_FIRST_DAY_OF_WEEK) && GROCY_CALENDAR_FIRST_DAY_OF_WEEK >= 0 && GROCY_CALENDAR_FIRST_DAY_OF_WEEK <= 6)))
+		{
+			throw new EInvalidConfig('Invalid value for CALENDAR_FIRST_DAY_OF_WEEK');
+		}
+	}
+
+	private function checkCurrencyFormat()
+	{
+		if (!(preg_match('/^([A-z]){3}$/', GROCY_CURRENCY)))
+		{
+			throw new EInvalidConfig('CURRENCY is not in ISO 4217 format (three letter code)');
+		}
+	}
+
+	private function checkEntryPage()
+	{
+		$allowedPages = ['stock', 'shoppinglist', 'recipes', 'chores', 'tasks', 'batteries', 'equipment', 'calendar', 'mealplan'];
+		if (!in_array(GROCY_ENTRY_PAGE, $allowedPages))
+		{
+			throw new EInvalidConfig('Invalid entry page "' . GROCY_ENTRY_PAGE . '" set, only ' . implode(', ', $allowedPages) . ' allowed');
+		}
+	}
+
+	private function checkMealplanFirstDayOfWeek()
+	{
+		if (!(GROCY_MEAL_PLAN_FIRST_DAY_OF_WEEK == '' ||
+			(is_numeric(GROCY_MEAL_PLAN_FIRST_DAY_OF_WEEK) && GROCY_MEAL_PLAN_FIRST_DAY_OF_WEEK >= 0 && GROCY_MEAL_PLAN_FIRST_DAY_OF_WEEK <= 6)))
+		{
+			throw new EInvalidConfig('Invalid value for MEAL_PLAN_FIRST_DAY_OF_WEEK');
+		}
+	}
+
+	private function checkAutoNightModeRange()
+	{
+		global $GROCY_DEFAULT_USER_SETTINGS;
+		if (!(preg_match('/^(?:2[0-3]|[01][0-9]):[0-5][0-9]$/', $GROCY_DEFAULT_USER_SETTINGS['auto_night_mode_time_range_from'])))
+		{
+			throw new EInvalidConfig('auto_night_mode_time_range_from is not in HH:mm format (' . $GROCY_DEFAULT_USER_SETTINGS['auto_night_mode_time_range_from'] . ')');
+		}
+		if (!(preg_match('/^(?:2[0-3]|[01][0-9]):[0-5][0-9]$/', $GROCY_DEFAULT_USER_SETTINGS['auto_night_mode_time_range_to'])))
+		{
+			throw new EInvalidConfig('auto_night_mode_time_range_to is not in HH:mm format (' . $GROCY_DEFAULT_USER_SETTINGS['auto_night_mode_time_range_to'] . ')');
+		}
+	}
+}

helpers/Grocycode.php

@@ -0,0 +1,146 @@
+<?php
+
+namespace Grocy\Helpers;
+
+/**
+ * A class that abstracts grocycode.
+ *
+ * grocycode is a simple, easily serializable format to reference
+ * stuff within grocy. It consists of n (n ≥ 3) double-colon seperated parts:
+ *
+ *  1. The magic `grcy`
+ *  2. A type identifer, must match `[a-z]+` (i.e. only lowercase ascii, minimum length 1 character)
+ *  3. An object id
+ *  4. Any number of further data fields, double-colon seperated.
+ *
+ * @author Katharina Bogad <katharina@hacked.xyz>
+ */
+class Grocycode
+{
+	public const PRODUCT = 'p';
+
+	public const BATTERY = 'b';
+
+	public const CHORE = 'c';
+
+	public const MAGIC = 'grcy';
+
+	/**
+	 * Constructs a new instance of the Grocycode class.
+	 *
+	 * Because php doesn't support overloading, this is a proxy
+	 * to either setFromCode($code) or setFromData($type, $id, $extra_data = []).
+	 */
+	public function __construct(...$args)
+	{
+		$argc = count($args);
+		if ($argc == 1)
+		{
+			$this->setFromCode($args[0]);
+			return;
+		}
+		elseif ($argc == 2 || $argc == 3)
+		{
+			if ($argc == 2)
+			{
+				$args[] = [];
+			}
+			$this->setFromData($args[0], $args[1], $args[2]);
+			return;
+		}
+
+		throw new \Exception('No suitable overload found.');
+	}
+
+	/**
+	 * An array that registers all valid grocycode types. Register yours here by appending to this array.
+	 */
+	public static $Items = [self::PRODUCT, self::BATTERY, self::CHORE];
+
+	private $type;
+
+	private $id;
+
+	private $extra_data = [];
+
+	/**
+	 * Validates a grocycode.
+	 *
+	 * Returns true, if a supplied $code is a valid grocycode, false otherwise.
+	 *
+	 * @return bool
+	 */
+	public static function Validate(string $code)
+	{
+		try
+		{
+			$gc = new self($code);
+			return true;
+		}
+		catch (Exception $e)
+		{
+			return false;
+		}
+	}
+
+	public function GetId()
+	{
+		return $this->id;
+	}
+
+	public function GetExtraData()
+	{
+		return $this->extra_data;
+	}
+
+	public function GetType()
+	{
+		return $this->type;
+	}
+
+	public function __toString(): string
+	{
+		$arr = array_merge([self::MAGIC, $this->type, $this->id], $this->extra_data);
+
+		return implode(':', $arr);
+	}
+
+	/**
+	 * Parses a grocycode.
+	 */
+	private function setFromCode($code)
+	{
+		$parts = array_reverse(explode(':', $barcode));
+		if (array_pop($parts) != self::MAGIC)
+		{
+			throw new \Exception('Not a grocycode');
+		}
+
+		if (!in_array($this->type = array_pop($parts), self::$Items))
+		{
+			throw new \Exception('Unknown grocycode type');
+		}
+
+		$this->id = array_pop($parts);
+		$this->extra_data = array_reverse($parse);
+	}
+
+	/**
+	 * Constructs a grocycode from data.
+	 */
+	private function setFromData($type, $id, $extra_data = [])
+	{
+		if (!is_array($extra_data))
+		{
+			throw new \Exception('Extra data must be array of string');
+		}
+		if (!in_array($type, self::$Items))
+		{
+			throw new \Exception('Unknown grocycode type');
+		}
+
+		$this->type = $type;
+		$this->id = $id;
+		$this->extra_data = $extra_data;
+	}
+}

helpers/PrerequisiteChecker.php

@@ -0,0 +1,73 @@
+<?php
+
+class ERequirementNotMet extends Exception
+{
+}
+
+const REQUIRED_PHP_EXTENSIONS = ['fileinfo', 'pdo_sqlite', 'gd', 'ctype', 'json', 'intl', 'zlib'];
+const REQUIRED_SQLITE_VERSION = '3.9.0';
+
+class PrerequisiteChecker
+{
+	public function checkRequirements()
+	{
+		self::checkForConfigFile();
+		self::checkForConfigDistFile();
+		self::checkForComposer();
+		self::checkForPhpExtensions();
+		self::checkForSqliteVersion();
+	}
+
+	private function checkForComposer()
+	{
+		if (!file_exists(__DIR__ . '/../vendor/autoload.php'))
+		{
+			throw new ERequirementNotMet('/vendor/autoload.php not found. Have you run Composer?');
+		}
+	}
+
+	private function checkForConfigDistFile()
+	{
+		if (!file_exists(__DIR__ . '/../config-dist.php'))
+		{
+			throw new ERequirementNotMet('config-dist.php not found. Please do not remove this file.');
+		}
+	}
+
+	private function checkForConfigFile()
+	{
+		if (!file_exists(GROCY_DATAPATH . '/config.php'))
+		{
+			throw new ERequirementNotMet('config.php in data directory (' . GROCY_DATAPATH . ') not found. Have you copied config-dist.php to the data directory and renamed it to config.php?');
+		}
+	}
+
+	private function checkForPhpExtensions()
+	{
+		$loadedExtensions = get_loaded_extensions();
+
+		foreach (REQUIRED_PHP_EXTENSIONS as $extension)
+		{
+			if (!in_array($extension, $loadedExtensions))
+			{
+				throw new ERequirementNotMet("PHP module '{$extension}' not installed, but required.");
+			}
+		}
+	}
+
+	private function checkForSqliteVersion()
+	{
+		$sqliteVersion = self::getSqlVersionAsString();
+
+		if (version_compare($sqliteVersion, REQUIRED_SQLITE_VERSION, '<'))
+		{
+			throw new ERequirementNotMet('SQLite ' . REQUIRED_SQLITE_VERSION . ' is required, however you are running ' . $sqliteVersion);
+		}
+	}
+
+	private function getSqlVersionAsString()
+	{
+		$dbh = new PDO('sqlite::memory:');
+		return $dbh->query('select sqlite_version()')->fetch()[0];
+	}
+}

helpers/UrlManager.php

@@ -24,8 +24,8 @@ class UrlManager
 		{
 			return rtrim($this->BasePath, '/') . $relativePath;
 		}
-		else // Is not a resource and URL rewriting is disabled
-		{
+		else
+		{ // Is not a resource and URL rewriting is disabled
 			return rtrim($this->BasePath, '/') . '/index.php' . $relativePath;
 		}
 	}
@@ -37,6 +37,6 @@ class UrlManager
 			$_SERVER['HTTPS'] = 'on';
 		}
 
-		return (isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]";
+		return (isset($_SERVER['HTTPS']) ? 'https' : 'http') . "://$_SERVER[HTTP_HOST]";
 	}
 }

helpers/WebhookRunner.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace Grocy\Helpers;
+
+use GuzzleHttp\Client;
+use GuzzleHttp\ExceptionRequestException;
+use Psr\Http\Message\ResponseInterface;
+
+class WebhookRunner
+{
+	public function __construct()
+	{
+		$this->client = new Client(['timeout' => 2.0]);
+	}
+
+	private $client;
+
+	public function run($url, $args, $json = false)
+	{
+		$reqArgs = [];
+		if ($json)
+		{
+			$reqArgs = ['json' => $args];
+		}
+		else
+		{
+			$reqArgs = ['form_params' => $args];
+		}
+		try
+		{
+			file_put_contents('php://stderr', 'Running Webhook: ' . $url . "\n" . print_r($reqArgs, true));
+
+			$this->client->request('POST', $url, $reqArgs);
+		}
+		catch (RequestException $e)
+		{
+			file_put_contents('php://stderr', 'Webhook failed: ' . $url . "\n" . $e->getMessage());
+		}
+	}
+
+	public function runAll($urls, $args)
+	{
+		foreach ($urls as $url)
+		{
+			$this->run($url, $args);
+		}
+	}
+}

helpers/extensions.php

@@ -15,8 +15,7 @@ function FindObjectInArrayByPropertyValue($array, $propertyName, $propertyValue)
 
 function FindAllObjectsInArrayByPropertyValue($array, $propertyName, $propertyValue, $operator = '==')
 {
-	$returnArray = array();
-
+	$returnArray = [];
 	foreach ($array as $object)
 	{
 		switch ($operator)
@@ -34,6 +33,7 @@ function FindAllObjectsInArrayByPropertyValue($array, $propertyName, $propertyVa
 				}
 				break;
 			case '<':
+
 				if ($object->{$propertyName} < $propertyValue)
 				{
 					$returnArray[] = $object;
@@ -47,25 +47,27 @@ function FindAllObjectsInArrayByPropertyValue($array, $propertyName, $propertyVa
 
 function FindAllItemsInArrayByValue($array, $value, $operator = '==')
 {
-	$returnArray = array();
-
+	$returnArray = [];
 	foreach ($array as $item)
 	{
 		switch ($operator)
 		{
 			case '==':
+
 				if ($item == $value)
 				{
 					$returnArray[] = $item;
 				}
 				break;
 			case '>':
+
 				if ($item > $value)
 				{
 					$returnArray[] = $item;
 				}
 				break;
 			case '<':
+
 				if ($item < $value)
 				{
 					$returnArray[] = $item;
@@ -82,16 +84,26 @@ function SumArrayValue($array, $propertyName)
 	$sum = 0;
 	foreach ($array as $object)
 	{
-		$sum += $object->{$propertyName};
+		$sum += floatval($object->{$propertyName});
 	}
 
 	return $sum;
 }
 
-function GetClassConstants($className)
+function GetClassConstants($className, $prefix = null)
 {
 	$r = new ReflectionClass($className);
-	return $r->getConstants();
+	$constants = $r->getConstants();
+
+	if ($prefix === null)
+	{
+		return $constants;
+	}
+	else
+	{
+		$matchingKeys = preg_grep('!^' . $prefix . '!', array_keys($constants));
+		return array_intersect_key($constants, array_flip($matchingKeys));
+	}
 }
 
 function RandomString($length, $allowedChars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
@@ -128,19 +140,43 @@ function BoolToString(bool $bool)
 	return $bool ? 'true' : 'false';
 }
 
+function BoolToInt(bool $bool)
+{
+	return $bool ? 1 : 0;
+}
+
+function ExternalSettingValue(string $value)
+{
+	$tvalue = rtrim($value, "\r\n");
+	$lvalue = strtolower($tvalue);
+
+	if ($lvalue === 'true')
+	{
+		return true;
+	}
+	elseif ($lvalue === 'false')
+	{
+		return false;
+	}
+
+	return $tvalue;
+}
+
 function Setting(string $name, $value)
 {
 	if (!defined('GROCY_' . $name))
 	{
 		// The content of a $name.txt file in /data/settingoverrides can overwrite the given setting (for embedded mode)
 		$settingOverrideFile = GROCY_DATAPATH . '/settingoverrides/' . $name . '.txt';
+
 		if (file_exists($settingOverrideFile))
 		{
-			define('GROCY_' . $name, file_get_contents($settingOverrideFile));
+			define('GROCY_' . $name, ExternalSettingValue(file_get_contents($settingOverrideFile)));
 		}
-		elseif (getenv('GROCY_' . $name) !== false) // An environment variable with the same name and prefix GROCY_ overwrites the given setting
+		elseif (getenv('GROCY_' . $name) !== false)
 		{
-			define('GROCY_' . $name, getenv('GROCY_' . $name));
+			// An environment variable with the same name and prefix GROCY_ overwrites the given setting
+			define('GROCY_' . $name, ExternalSettingValue(getenv('GROCY_' . $name)));
 		}
 		else
 		{
@@ -150,10 +186,11 @@ function Setting(string $name, $value)
 }
 
 global $GROCY_DEFAULT_USER_SETTINGS;
-$GROCY_DEFAULT_USER_SETTINGS = array();
+$GROCY_DEFAULT_USER_SETTINGS = [];
 function DefaultUserSetting(string $name, $value)
 {
 	global $GROCY_DEFAULT_USER_SETTINGS;
+
 	if (!array_key_exists($name, $GROCY_DEFAULT_USER_SETTINGS))
 	{
 		$GROCY_DEFAULT_USER_SETTINGS[$name] = $value;
@@ -184,16 +221,6 @@ function GetUserDisplayName($user)
 	return $displayName;
 }
 
-function Pluralize($number, $singularForm, $pluralForm)
-{
-	$text = $singularForm;
-	if ($number != 1 && $pluralForm !== null && !empty($pluralForm))
-	{
-		$text = $pluralForm;
-	}
-	return $text;
-}
-
 function IsValidFileName($fileName)
 {
 	if (preg_match('=^[^/?*;:{}\\\\]+\.[^/?*;:{}\\\\]+$=', $fileName))
@@ -203,3 +230,26 @@ function IsValidFileName($fileName)
 
 	return false;
 }
+
+function IsJsonString($text)
+{
+	json_decode($text);
+	return (json_last_error() == JSON_ERROR_NONE);
+}
+
+function string_starts_with($haystack, $needle)
+{
+	return (substr($haystack, 0, strlen($needle)) === $needle);
+}
+
+function string_ends_with($haystack, $needle)
+{
+	$length = strlen($needle);
+
+	if ($length == 0)
+	{
+		return true;
+	}
+
+	return (substr($haystack, -$length) === $needle);
+}

localization/chore_assignment_types.pot

@@ -0,0 +1,25 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: Translation migration from old PHP array files\n"
+"Language-Team: http://www.transifex.com/grocy/grocy/language/en\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2019-05-01T17:59:17+00:00\n"
+"Language: en\n"
+"X-Domain: grocy/chore_assignment_types\n"
+
+msgid "no-assignment"
+msgstr ""
+
+msgid "who-least-did-first"
+msgstr ""
+
+msgid "random"
+msgstr ""
+
+msgid "in-alphabetical-order"
+msgstr ""

localization/chore_period_types.pot

@@ -0,0 +1,31 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: Translation migration from old PHP array files\n"
+"Language-Team: http://www.transifex.com/grocy/grocy/language/en\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2019-05-01T17:59:17+00:00\n"
+"Language: en\n"
+"X-Domain: grocy/chore_types\n"
+
+msgid "manually"
+msgstr ""
+
+msgid "dynamic-regular"
+msgstr ""
+
+msgid "daily"
+msgstr ""
+
+msgid "weekly"
+msgstr ""
+
+msgid "monthly"
+msgstr ""
+
+msgid "yearly"
+msgstr ""

localization/component_translations.pot

@@ -0,0 +1,34 @@
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: Translation migration from old PHP array files\n"
+"Language-Team: http://www.transifex.com/grocy/grocy/language/en\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2019-05-01T17:59:17+00:00\n"
+"Language: en\n"
+"X-Domain: grocy/component_translations\n"
+
+msgid "timeago_locale"
+msgstr ""
+
+msgid "timeago_nan"
+msgstr ""
+
+msgid "moment_locale"
+msgstr ""
+
+msgid "datatables_localization"
+msgstr ""
+
+msgid "summernote_locale"
+msgstr ""
+
+msgid "fullcalendar_locale"
+msgstr ""
+
+msgid "bootstrap-select_locale"
+msgstr ""

localization/cs/chore_assignment_types.po

@@ -0,0 +1,30 @@
+# 
+# Translators:
+# Radim Kabeláč <radim.ekk@gmail.com>, 2020
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2019-09-17 10:45+0000\n"
+"Last-Translator: Radim Kabeláč <radim.ekk@gmail.com>, 2020\n"
+"Language-Team: Czech (https://www.transifex.com/grocy/teams/93189/cs/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: cs\n"
+"Plural-Forms: nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;\n"
+"X-Domain: grocy/chore_assignment_types\n"
+
+msgid "no-assignment"
+msgstr "bez-přiřazení"
+
+msgid "who-least-did-first"
+msgstr "poslední-je-první"
+
+msgid "random"
+msgstr "náhodně"
+
+msgid "in-alphabetical-order"
+msgstr "řazení-podle-abecedy"

localization/cs/chore_period_types.po

@@ -0,0 +1,37 @@
+# 
+# Translators:
+# Tomas Reznicek <tomas.reznicek@gmail.com>, 2019
+# Michal Petříček <michal@petricek.org>, 2019
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2019-05-01 17:42+0000\n"
+"Last-Translator: Michal Petříček <michal@petricek.org>, 2019\n"
+"Language-Team: Czech (https://www.transifex.com/grocy/teams/93189/cs/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: cs\n"
+"Plural-Forms: nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;\n"
+"X-Domain: grocy/chore_types\n"
+
+msgid "manually"
+msgstr "Manuální"
+
+msgid "dynamic-regular"
+msgstr "Dynamický"
+
+msgid "daily"
+msgstr "Denní"
+
+msgid "weekly"
+msgstr "Týdně"
+
+msgid "monthly"
+msgstr "Měsíčně"
+
+msgid "yearly"
+msgstr "Ročně"

localization/cs/component_translations.po

@@ -0,0 +1,51 @@
+# 
+# Translators:
+# Tomas Reznicek <tomas.reznicek@gmail.com>, 2019
+# Radim Kabeláč <radim.ekk@gmail.com>, 2020
+# Bernd Bestel <bernd@berrnd.de>, 2020
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2019-05-01 17:42+0000\n"
+"Last-Translator: Bernd Bestel <bernd@berrnd.de>, 2020\n"
+"Language-Team: Czech (https://www.transifex.com/grocy/teams/93189/cs/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: cs\n"
+"Plural-Forms: nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;\n"
+"X-Domain: grocy/component_translations\n"
+
+msgid "timeago_locale"
+msgstr "cs"
+
+msgid "timeago_nan"
+msgstr "před NaN lety"
+
+msgid "moment_locale"
+msgstr "cs"
+
+msgid "datatables_localization"
+msgstr ""
+"{\"sEmptyTable\":\"Tabulka neobsahuje žádná data\",\"sInfo\":\"Zobrazuji "
+"_START_ až _END_ z celkem _TOTAL_ záznamů\",\"sInfoEmpty\":\"Zobrazuji 0 až "
+"0 z 0 záznamů\",\"sInfoFiltered\":\"(filtrováno z celkem _MAX_ "
+"záznamů)\",\"sInfoPostFix\":\"\",\"sInfoThousands\":\" "
+"\",\"sLengthMenu\":\"Zobraz záznamů "
+"_MENU_\",\"sLoadingRecords\":\"Načítám...\",\"sProcessing\":\"Provádím...\",\"sSearch\":\"Hledat:\",\"sZeroRecords\":\"Žádné"
+" záznamy nebyly "
+"nalezeny\",\"oPaginate\":{\"sFirst\":\"První\",\"sLast\":\"Poslední\",\"sNext\":\"Další\",\"sPrevious\":\"Předchozí\"},\"oAria\":{\"sSortAscending\":\":"
+" aktivujte pro řazení sloupce vzestupně\",\"sSortDescending\":\": aktivujte "
+"pro řazení sloupce sestupně\"}}"
+
+msgid "summernote_locale"
+msgstr "cs-CZ"
+
+msgid "fullcalendar_locale"
+msgstr "cs"
+
+msgid "bootstrap-select_locale"
+msgstr "cs_CZ"

localization/cs/demo_data.po

@@ -0,0 +1,411 @@
+# 
+# Translators:
+# Michal Petříček <michal@petricek.org>, 2019
+# Ondřej Suk <ondra.suk.55@gmail.com>, 2020
+# Radim Kabeláč <radim.ekk@gmail.com>, 2020
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2019-05-01 17:42+0000\n"
+"Last-Translator: Radim Kabeláč <radim.ekk@gmail.com>, 2020\n"
+"Language-Team: Czech (https://www.transifex.com/grocy/teams/93189/cs/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: cs\n"
+"Plural-Forms: nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;\n"
+"X-Domain: grocy/demo_data\n"
+
+msgid "Cookies"
+msgstr "Sušenky"
+
+msgid "Chocolate"
+msgstr "Čokoláda"
+
+msgid "Pantry"
+msgstr "Spíž"
+
+msgid "Candy cupboard"
+msgstr "Skříňka s cukrovím"
+
+msgid "Tinned food cupboard"
+msgstr "Skříňka s konzervami"
+
+msgid "Fridge"
+msgstr "Lednička"
+
+msgid "Piece"
+msgid_plural "Pieces"
+msgstr[0] "Kus"
+msgstr[1] "Kusů"
+msgstr[2] "Kusů"
+msgstr[3] "Kusů"
+
+msgid "Pack"
+msgid_plural "Packs"
+msgstr[0] "Balení"
+msgstr[1] "Balení"
+msgstr[2] "Balení"
+msgstr[3] "Balení"
+
+msgid "Glass"
+msgid_plural "Glasses"
+msgstr[0] "Sklenice"
+msgstr[1] "Sklenic"
+msgstr[2] "Sklenic"
+msgstr[3] "Sklenic"
+
+msgid "Tin"
+msgid_plural "Tins"
+msgstr[0] "Plechovka"
+msgstr[1] "Plechovek"
+msgstr[2] "Plechovek"
+msgstr[3] "Plechovek"
+
+msgid "Can"
+msgid_plural "Cans"
+msgstr[0] "Konzerva"
+msgstr[1] "Konzerv"
+msgstr[2] "Konzerv"
+msgstr[3] "Konzerv"
+
+msgid "Bunch"
+msgid_plural "Bunches"
+msgstr[0] "Svazek"
+msgstr[1] "Svazky"
+msgstr[2] "Svazků"
+msgstr[3] "Svazků"
+
+msgid "Gummy bears"
+msgstr "Gumoví medvídci"
+
+msgid "Crisps"
+msgstr "Brambůrky"
+
+msgid "Eggs"
+msgstr "Vajíčka"
+
+msgid "Noodles"
+msgstr "Nudle"
+
+msgid "Pickles"
+msgstr "Kyselé okurky"
+
+msgid "Gulash soup"
+msgstr "Gulášová polévka"
+
+msgid "Yogurt"
+msgstr "Jogurt"
+
+msgid "Cheese"
+msgstr "Sýr"
+
+msgid "Cold cuts"
+msgstr "Uzeniny"
+
+msgid "Paprika"
+msgstr "Paprika"
+
+msgid "Cucumber"
+msgstr "Okurka"
+
+msgid "Radish"
+msgstr "Ředkev"
+
+msgid "Tomato"
+msgstr "Rajče"
+
+msgid "Changed towels in the bathroom"
+msgstr "Vyměněny ručníky v koupeně"
+
+msgid "Cleaned the kitchen floor"
+msgstr "Vytřena podlaha v kuchyni"
+
+msgid "Warranty ends"
+msgstr "Záruka končí"
+
+msgid "TV remote control"
+msgstr "Dálkový ovladač k TV"
+
+msgid "Alarm clock"
+msgstr "Budík"
+
+msgid "Heat remote control"
+msgstr "Dálkové ovládání k topení"
+
+msgid "Lawn mowed in the garden"
+msgstr "Posekán trávník na zahradě"
+
+msgid "Some good snacks"
+msgstr "Nějaké dobroty"
+
+msgid "Pizza dough"
+msgstr "Těsto na pizzu"
+
+msgid "Sieved tomatoes"
+msgstr "Drcená rajčata"
+
+msgid "Salami"
+msgstr "Salám"
+
+msgid "Toast"
+msgstr "Toust"
+
+msgid "Minced meat"
+msgstr "Mleté maso"
+
+msgid "Pizza"
+msgstr "Pizza"
+
+msgid "Spaghetti bolognese"
+msgstr "Boloňské špagety"
+
+msgid "Sandwiches"
+msgstr "Sendviče"
+
+msgid "English"
+msgstr "Angličtina"
+
+msgid "German"
+msgstr "Němčina"
+
+msgid "Italian"
+msgstr "Italština"
+
+msgid "This is the note content of the recipe ingredient"
+msgstr "Toto je poznámka u suroviny receptu"
+
+msgid "Demo User"
+msgstr "Demo uživatel"
+
+msgid "Gram"
+msgid_plural "Grams"
+msgstr[0] "Gram"
+msgstr[1] "Gramů"
+msgstr[2] "Gramů"
+msgstr[3] "Gramů"
+
+msgid "Flour"
+msgstr "Mouka"
+
+msgid "Pancakes"
+msgstr "Palačinky"
+
+msgid "Sugar"
+msgstr "Cukr"
+
+msgid "Home"
+msgstr "Domov"
+
+msgid "Life"
+msgstr "Život"
+
+msgid "Projects"
+msgstr "Projekty"
+
+msgid "Repair the garage door"
+msgstr "Opravit garážová vrata"
+
+msgid "Fork and improve grocy"
+msgstr "Forknout a vylepšit grocy"
+
+msgid "Find a solution for what to do when I forget the door keys"
+msgstr "Najít řešení situace, když si zapomenu klíče od domova"
+
+msgid "Sweets"
+msgstr "Sladkosti"
+
+msgid "Bakery products"
+msgstr "Pečivo"
+
+msgid "Tinned food"
+msgstr "Konzervované potraviny"
+
+msgid "Butchery products"
+msgstr "Maso a uzeniny"
+
+msgid "Vegetables/Fruits"
+msgstr "Ovoce a zelenina"
+
+msgid "Refrigerated products"
+msgstr "Chlazené potraviny"
+
+msgid "Coffee machine"
+msgstr "Kávovar"
+
+msgid "Dishwasher"
+msgstr "Myčka nádobí"
+
+msgid "Liter"
+msgstr "Litr"
+
+msgid "Liters"
+msgstr "Litry"
+
+msgid "Bottle"
+msgstr "Láhev"
+
+msgid "Bottles"
+msgstr "Láhve"
+
+msgid "Milk"
+msgstr "Mléko"
+
+msgid "Chocolate sauce"
+msgstr "Čokoládová poleva"
+
+msgid "Milliliters"
+msgstr "Mililitry"
+
+msgid "Milliliter"
+msgstr "Mililitr"
+
+msgid "Bottom"
+msgstr "Dno"
+
+msgid "Topping"
+msgstr "Poleva"
+
+msgid "French"
+msgstr "Francouzština"
+
+msgid "Turkish"
+msgstr "Turečtina"
+
+msgid "Spanish"
+msgstr "Španělština"
+
+msgid "Russian"
+msgstr "Ruština"
+
+msgid "The thing which happens on the 5th of every month"
+msgstr "Událost opakující se 5. den každý měsíc"
+
+msgid "The thing which happens daily"
+msgstr "Událost opakující se každý den"
+
+msgid "The thing which happens on Mondays and Wednesdays"
+msgstr "Událost opakující se každé pondělí a středu"
+
+msgid "Swedish"
+msgstr "Švédština"
+
+msgid "Polish"
+msgstr "Polština"
+
+msgid "Milk Chocolate"
+msgstr "Mléčná čokoláda"
+
+msgid "Dark Chocolate"
+msgstr "Hořká čokoláda"
+
+msgid "Slice"
+msgid_plural "Slices"
+msgstr[0] "Plátek"
+msgstr[1] "Plátky"
+msgstr[2] "Plátky"
+msgstr[3] "Plátky"
+
+msgid "Example userentity"
+msgstr "Příklad uživatelské entity"
+
+msgid "This is an example user entity..."
+msgstr "Toto je ukázková položka uživatelské entity"
+
+msgid "Custom field"
+msgstr "Vlastní pole"
+
+msgid "Example field value..."
+msgstr "Příklad hodnoty pole..."
+
+msgid "Waffle rolls"
+msgstr "Oplatky"
+
+msgid "Danish"
+msgstr "Dánština"
+
+msgid "Dutch"
+msgstr "Holandština"
+
+msgid "Norwegian"
+msgstr "Norština"
+
+msgid "Demo"
+msgstr "Demo"
+
+msgid "Stable version"
+msgstr "Stabilní verze"
+
+msgid "Preview version"
+msgstr "Preview verze"
+
+msgid "current release"
+msgstr "aktuální vydání"
+
+msgid "not yet released"
+msgstr "zatím nevydáno"
+
+msgid "Portuguese (Brazil)"
+msgstr "Portugalština (Brazílie)"
+
+msgid "This is a note"
+msgstr "Toto je poznámka"
+
+msgid "Freezer"
+msgstr "Mrazák"
+
+msgid "Hungarian"
+msgstr "Maďarština"
+
+msgid "Slovak"
+msgstr "Slovenština"
+
+msgid "Czech"
+msgstr "Čeština"
+
+msgid "Portuguese (Portugal)"
+msgstr "Portugalština (Portugalsko)"
+
+# Use a in your country well known supermarket name
+msgid "DemoSupermarket1"
+msgstr "UkazkovyObchod1"
+
+# Use a in your country well known supermarket name
+msgid "DemoSupermarket2"
+msgstr "UkazkovyObchod2"
+
+msgid "Japanese"
+msgstr "Japonština"
+
+msgid "Chinese (Taiwan)"
+msgstr "Čínština (Tchaj-wan)"
+
+msgid "Greek"
+msgstr "Řečtina"
+
+msgid "Korean"
+msgstr "Korejština"
+
+msgid "Chinese (China)"
+msgstr "Čínština (Čína)"
+
+msgid "Hebrew (Israel)"
+msgstr "Hebrejsky (Izraeil)"
+
+msgid "Tamil"
+msgstr ""
+
+msgid "Finnish"
+msgstr "Finsky"
+
+msgid "Breakfast"
+msgstr ""
+
+msgid "Lunch"
+msgstr ""
+
+msgid "Dinner"
+msgstr ""

localization/cs/locales.po

@@ -0,0 +1,123 @@
+# 
+# Translators:
+# Radim Kabeláč <radim.ekk@gmail.com>, 2020
+# Jarda Tesar <intossh@gmail.com>, 2021
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2020-08-31 19:11+0000\n"
+"Last-Translator: Jarda Tesar <intossh@gmail.com>, 2021\n"
+"Language-Team: Czech (https://www.transifex.com/grocy/teams/93189/cs/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: cs\n"
+"Plural-Forms: nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;\n"
+"X-Domain: grocy/locales\n"
+
+# Czech
+msgid "cs"
+msgstr "Čeština"
+
+# Danish
+msgid "da"
+msgstr "Dánština"
+
+# German
+msgid "de"
+msgstr "Němčina"
+
+# Greek
+msgid "el_GR"
+msgstr "Řečtina"
+
+# English
+msgid "en"
+msgstr "Angličtina"
+
+# English (Great Britain)
+msgid "en_GB"
+msgstr "Angličtina (Britská)"
+
+# Spanish
+msgid "es"
+msgstr "Španělština"
+
+# French
+msgid "fr"
+msgstr "Francouzština"
+
+# Hungarian
+msgid "hu"
+msgstr "Maďarština"
+
+# Italian
+msgid "it"
+msgstr "Italština"
+
+# Japanese
+msgid "ja"
+msgstr "Japonština"
+
+# Korean
+msgid "ko_KR"
+msgstr "Korejština"
+
+# Dutch
+msgid "nl"
+msgstr "Nizozemština"
+
+# Norwegian
+msgid "no"
+msgstr "Norština"
+
+# Polish
+msgid "pl"
+msgstr "Polština"
+
+# Portuguese (Brazil)
+msgid "pt_BR"
+msgstr "Portugalština (Brazílie)"
+
+# Portuguese (Portugal)
+msgid "pt_PT"
+msgstr "Portugalština (Portugalsko)"
+
+# Russian
+msgid "ru"
+msgstr "Ruština"
+
+# Slovak
+msgid "sk_SK"
+msgstr "Slovenština"
+
+# Swedish
+msgid "sv_SE"
+msgstr "Švédština"
+
+# Turkish
+msgid "tr"
+msgstr "Turečtina"
+
+# Chinese (Taiwan)
+msgid "zh_TW"
+msgstr "Čínština (Tradiční)"
+
+# Chinese (China)
+msgid "zh_CN"
+msgstr "Čínština (Zjednodušená)"
+
+# Hebrew (Israel)
+msgid "he_IL"
+msgstr "Hebrejština"
+
+# Tamil
+msgid "ta"
+msgstr "Tamilština"
+
+# Finnish
+msgid "fi"
+msgstr "Finština"

localization/cs/permissions.po

@@ -0,0 +1,139 @@
+# 
+# Translators:
+# Radim Kabeláč <radim.ekk@gmail.com>, 2020
+# Jarda Tesar <intossh@gmail.com>, 2021
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2020-08-29 16:33+0000\n"
+"Last-Translator: Jarda Tesar <intossh@gmail.com>, 2021\n"
+"Language-Team: Czech (https://www.transifex.com/grocy/teams/93189/cs/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: cs\n"
+"Plural-Forms: nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;\n"
+"X-Domain: grocy/permissions\n"
+
+# All permissions
+msgid "ADMIN"
+msgstr "ADMINISTRATOR"
+
+# Create users
+msgid "USERS_CREATE"
+msgstr "UZIVATELE_VYTVORIT"
+
+# Edit users (including passwords)
+msgid "USERS_EDIT"
+msgstr "UZIVATELE_EDITACE"
+
+# Show users
+msgid "USERS_READ"
+msgstr "UZIVATEL_CTENI"
+
+# Edit own user data / change own password
+msgid "USERS_EDIT_SELF"
+msgstr "UZIVATELE_EDITOVAT_SEBE"
+
+# Undo charge cycle
+msgid "BATTERIES_UNDO_CHARGE_CYCLE"
+msgstr "BATERIE_VRACENI_NABIJECI_CYKLUS"
+
+# Track charge cycle
+msgid "BATTERIES_TRACK_CHARGE_CYCLE"
+msgstr "BATERIE_SLEDOVANI_NABIJECI_CYKLUS"
+
+# Track execution
+msgid "CHORE_TRACK_EXECUTION"
+msgstr "POVINNOST_SLEDOVANI_VYKONANI"
+
+# Undo execution
+msgid "CHORE_UNDO_EXECUTION"
+msgstr "POVINNOST_VYKONANI_VRACENI"
+
+# Edit master data
+msgid "MASTER_DATA_EDIT"
+msgstr "ZAKLADNI_DATA_EDIT"
+
+# Undo execution
+msgid "TASKS_UNDO_EXECUTION"
+msgstr "UKOL_VYKONANI_VRACENI"
+
+# Mark completed
+msgid "TASKS_MARK_COMPLETED"
+msgstr "UKOLY_OZNACIT_HOTOVO"
+
+# Edit stock entries
+msgid "STOCK_EDIT"
+msgstr "ZASOBY_EDITACE"
+
+# Transfer
+msgid "STOCK_TRANSFER"
+msgstr "PREVOD_ZASOB"
+
+# Inventory
+msgid "STOCK_INVENTORY"
+msgstr "ZASOBA_INVENTAR"
+
+# Consume
+msgid "STOCK_CONSUME"
+msgstr "ZASOBY_SPOTREBOVAT"
+
+# Open products
+msgid "STOCK_OPEN"
+msgstr "ZASOBY_OTEVRIT"
+
+# Purchase
+msgid "STOCK_PURCHASE"
+msgstr "ZASOBA_NAKUP"
+
+# Add items
+msgid "SHOPPINGLIST_ITEMS_ADD"
+msgstr "NAKUPNISEZNAM_POLOZKA_PRIDANO"
+
+# Remove items
+msgid "SHOPPINGLIST_ITEMS_DELETE"
+msgstr "NAKUPNISEZNAM_POLOZKA_SMAZANO"
+
+# User management
+msgid "USERS"
+msgstr "UZIVATEL"
+
+# Stock
+msgid "STOCK"
+msgstr "ZASOBA"
+
+# Shopping list
+msgid "SHOPPINGLIST"
+msgstr "NAKUPNISEZNAM"
+
+# Chores
+msgid "CHORES"
+msgstr "POVINOSTI"
+
+# Batteries
+msgid "BATTERIES"
+msgstr "BATERIE"
+
+# Tasks
+msgid "TASKS"
+msgstr "UKOL"
+
+# Recipes
+msgid "RECIPES"
+msgstr "RECEPTY"
+
+# Equipment
+msgid "EQUIPMENT"
+msgstr "VYBAVENI"
+
+# Calendar
+msgid "CALENDAR"
+msgstr "KALENDAR"
+
+# Meal plan
+msgid "RECIPES_MEALPLAN"
+msgstr "RECEPTY_STRAVOVACIPLANY"

localization/cs/stock_transaction_types.po

@@ -0,0 +1,48 @@
+# 
+# Translators:
+# Tomas Reznicek <tomas.reznicek@gmail.com>, 2019
+# Michal Franc, 2020
+# Ondřej Suk <ondra.suk.55@gmail.com>, 2020
+# Radim Kabeláč <radim.ekk@gmail.com>, 2020
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2019-05-01 17:42+0000\n"
+"Last-Translator: Radim Kabeláč <radim.ekk@gmail.com>, 2020\n"
+"Language-Team: Czech (https://www.transifex.com/grocy/teams/93189/cs/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: cs\n"
+"Plural-Forms: nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;\n"
+"X-Domain: grocy/stock_transaction_types\n"
+
+msgid "purchase"
+msgstr "Nákup"
+
+msgid "transfer_from"
+msgstr "Převod z"
+
+msgid "transfer_to"
+msgstr "Převod do"
+
+msgid "consume"
+msgstr "Spotřeba"
+
+msgid "inventory-correction"
+msgstr "Úprava zásoby"
+
+msgid "product-opened"
+msgstr "Otevření balení"
+
+msgid "stock-edit-old"
+msgstr "zasoba-editace-stary"
+
+msgid "stock-edit-new"
+msgstr "zasoba-editace-novy"
+
+msgid "self-production"
+msgstr "vlastni-produkce"

localization/cs/userfield_types.po

@@ -0,0 +1,72 @@
+# 
+# Translators:
+# Tomas Reznicek <tomas.reznicek@gmail.com>, 2019
+# Michal Franc, 2020
+# Radim Kabeláč <radim.ekk@gmail.com>, 2020
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2019-05-01 17:43+0000\n"
+"Last-Translator: Radim Kabeláč <radim.ekk@gmail.com>, 2020\n"
+"Language-Team: Czech (https://www.transifex.com/grocy/teams/93189/cs/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: cs\n"
+"Plural-Forms: nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;\n"
+"X-Domain: grocy/userfield_types\n"
+
+# Text (single line)
+msgid "text-single-line"
+msgstr "Text (jeden řádek)"
+
+# Text (multi line)
+msgid "text-multi-line"
+msgstr "Text (více řádků)"
+
+# Number (integral)
+msgid "number-integral"
+msgstr "Celé číslo"
+
+# Number (decimal)
+msgid "number-decimal"
+msgstr "Číslo s desetinami"
+
+# Date (without time)
+msgid "date"
+msgstr "Datum"
+
+# Date & time
+msgid "datetime"
+msgstr "Datum a čas"
+
+# Checkbox
+msgid "checkbox"
+msgstr "Zaškrtávací políčko"
+
+# Select list (a single item can be selected)
+msgid "preset-list"
+msgstr "Seznam"
+
+# Select list (multiple items can be selected)
+msgid "preset-checklist"
+msgstr "Zaškrtávací seznam"
+
+# Link
+msgid "link"
+msgstr "Odkaz"
+
+# Link (with title)
+msgid "link-with-title"
+msgstr ""
+
+# File
+msgid "file"
+msgstr "soubor"
+
+# Image
+msgid "image"
+msgstr "obrazek"

localization/da/chore_assignment_types.po

@@ -0,0 +1,31 @@
+# 
+# Translators:
+# Troels Siggaard <troels@siggaard.com>, 2019
+# klavslund <klavslund@gmail.com>, 2021
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2019-09-17 10:45+0000\n"
+"Last-Translator: klavslund <klavslund@gmail.com>, 2021\n"
+"Language-Team: Danish (https://www.transifex.com/grocy/teams/93189/da/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: da\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Domain: grocy/chore_assignment_types\n"
+
+msgid "no-assignment"
+msgstr "ingen-tildeling"
+
+msgid "who-least-did-first"
+msgstr "hvem-gjorde-mindst-først"
+
+msgid "random"
+msgstr "tilfældig"
+
+msgid "in-alphabetical-order"
+msgstr "i-alfabetisk-rækkefølge"

localization/da/chore_period_types.po

@@ -0,0 +1,38 @@
+# 
+# Translators:
+# Troels Siggaard <troels@siggaard.com>, 2019
+# Rasmus Bojsen <rasmus@bojsen.cn>, 2019
+# Brian Moos Lindberg <brian@blueeel.dk>, 2019
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2019-05-01 17:42+0000\n"
+"Last-Translator: Brian Moos Lindberg <brian@blueeel.dk>, 2019\n"
+"Language-Team: Danish (https://www.transifex.com/grocy/teams/93189/da/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: da\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Domain: grocy/chore_types\n"
+
+msgid "manually"
+msgstr "manuelt"
+
+msgid "dynamic-regular"
+msgstr "dynamisk-regelmæssig"
+
+msgid "daily"
+msgstr "daglig"
+
+msgid "weekly"
+msgstr "ugentlig"
+
+msgid "monthly"
+msgstr "månedlig"
+
+msgid "yearly"
+msgstr "årlig"