Squashed commit

Always execute migration 9999 (can be used to fix things manually) Optimized meal plan navigation / date range filtering Prepared next release Pulled translations from Transifex Various code optimizations
Updated screenshots
2025-09-17 02:05:47 +00:00 · 2021-07-16 17:32:08 +02:00 · 2021-07-15 21:04:52 +02:00 · 2021-07-15 20:58:01 +02:00 · 2021-07-15 20:53:12 +02:00 · 2021-07-15 20:48:27 +02:00
577 changed files with 69303 additions and 17972 deletions
--- a/.devtools/create_release_package.bat
+++ b/.devtools/create_release_package.bat
@@ -10,7 +10,7 @@ for /f "tokens=*" %%a in ('jq .Version versiontemp.json --raw-output') do set ve
 del versiontemp.json

 del "%releasePath%\grocy_%version%.zip"
-7za a -r "%releasePath%\grocy_%version%.zip" "%projectPath%\*" -xr!.* -xr!build.bat -xr!composer.json -xr!composer.lock -xr!package.json -xr!yarn.lock -xr!publication_assets
+7za a -r "%releasePath%\grocy_%version%.zip" "%projectPath%\*" -xr!.* -xr!build.bat -xr!composer.json -xr!composer.lock -xr!package.json -xr!yarn.lock -xr!docs
 7za a "%releasePath%\grocy_%version%.zip" "%projectPath%\public\.htaccess"
 7za rn "%releasePath%\grocy_%version%.zip" .htaccess public\.htaccess
 7za d "%releasePath%\grocy_%version%.zip" data\*.* data\storage data\viewcache\*
--- a/.devtools/transifex_download.bat
+++ b/.devtools/transifex_download.bat
@@ -1,9 +1,11 @@
 pushd ..
-tx pull --all --minimum-perc=80
-tx pull --language en_GB
+tx pull --all --minimum-perc=70 --force
+tx pull --language en_GB --force
 copy /Y localization\en\userfield_types.po localization\en_GB\userfield_types.po
 copy /Y localization\en\stock_transaction_types.po localization\en_GB\stock_transaction_types.po
 copy /Y localization\en\component_translations.po localization\en_GB\component_translations.po
 copy /Y localization\en\chore_period_types.po localization\en_GB\chore_period_types.po
 copy /Y localization\en\chore_assignment_types.po localization\en_GB\chore_assignment_types.po
+copy /Y localization\en\permissions.po localization\en_GB\permissions.po
+copy /Y localization\en\locales.po localization\en_GB\locales.po
 popd
--- a/.devtools/transifex_upload.bat
+++ b/.devtools/transifex_upload.bat
@@ -1,3 +1,3 @@
 pushd ..
-tx push --source
+tx push --source --force
 popd
--- a/.devtools/update_dependencies.bat
+++ b/.devtools/update_dependencies.bat
@@ -1,4 +1,4 @@
 pushd ..
 call composer update
-yarn upgrade --latest
+yarn upgrade
 popd
--- a/.editorconfig
+++ b/.editorconfig
@@ -0,0 +1,8 @@
+root = true
+
+[*]
+indent_style = tab
+indent_size = 4
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,13 @@
+---
+name: Bug report
+about: If you've found something that does not work, please report it to help improve
+  grocy
+title: 'Bug: '
+labels: bug
+assignees: ''
+
+---
+
+Please describe the bug as detailed as possible, provide the steps how to reproduce it and maybe attach screenshots where useful.
+
+Please also check if your bug was maybe already fixed by searching closed issues here or by trying to reproduce your problem on the [pre-release demo](https://demo-prerelease.grocy.info/) (use a *private demo instance* if you want to make your example persistent).
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+    - name: Question / Help
+      url: https://www.reddit.com/r/grocy
+      about: Please use the r/grocy subreddit for general questions / help
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,11 @@
+---
+name: Feature request
+about: Ideas for improvements or new things which you would find useful are always
+  welcome
+title: 'Feature request: '
+labels: enhancement
+assignees: ''
+
+---
+
+Please describe what you would find useful and please also check (by searching open requests here) if that was maybe already requested.
--- a/.github/publication_assets/chores.png
+++ b/.github/publication_assets/chores.png
--- a/.github/publication_assets/mealplan.png
+++ b/.github/publication_assets/mealplan.png
--- a/.github/publication_assets/shoppinglist.png
+++ b/.github/publication_assets/shoppinglist.png
--- a/.github/publication_assets/stock.png
+++ b/.github/publication_assets/stock.png
--- a/.php-cs-fixer.php
+++ b/.php-cs-fixer.php
@@ -0,0 +1,95 @@
+<?php
+
+$finder = PhpCsFixer\Finder::create()
+	->exclude(['vendor'])
+	->ignoreVCSIgnored(true)
+	->files()->name('*.php')
+	->in(__DIR__)
+;
+
+$cfg = new PhpCsFixer\Config();
+return $cfg
+	->setRules([
+		'@PSR2' => true,
+		'array_indentation' => true,
+		'array_syntax' => ['syntax' => 'short'],
+		'combine_consecutive_unsets' => true,
+		'class_attributes_separation' => true,
+		'multiline_whitespace_before_semicolons' => false,
+		'single_quote' => true,
+		// 'blank_line_after_opening_tag' => true,
+		// 'blank_line_before_return' => true,
+		'braces' => [
+			'allow_single_line_closure' => true,
+			'position_after_anonymous_constructs' => 'same',
+			'position_after_control_structures' => 'next',
+			'position_after_functions_and_oop_constructs' => 'next',
+		],
+		// 'cast_spaces' => true,
+		// 'class_definition' => array('singleLine' => true),
+		'concat_space' => ['spacing' => 'one'],
+		'declare_equal_normalize' => true,
+		'function_typehint_space' => true,
+		'single_line_comment_style' => ['comment_types' => ['hash']],
+		'include' => true,
+		'lowercase_cast' => true,
+		// 'native_function_casing' => true,
+		// 'new_with_braces' => true,
+		// 'no_blank_lines_after_class_opening' => true,
+		// 'no_blank_lines_after_phpdoc' => true,
+		// 'no_empty_comment' => true,
+		// 'no_empty_phpdoc' => true,
+		// 'no_empty_statement' => true,
+		'no_leading_import_slash' => true,
+		'no_leading_namespace_whitespace' => true,
+		// 'no_mixed_echo_print' => array('use' => 'echo'),
+		'no_multiline_whitespace_around_double_arrow' => true,
+		// 'no_short_bool_cast' => true,
+		// 'no_singleline_whitespace_before_semicolons' => true,
+		'no_spaces_around_offset' => true,
+		// 'no_trailing_comma_in_list_call' => true,
+		// 'no_trailing_comma_in_singleline_array' => true,
+		// 'no_unneeded_control_parentheses' => true,
+		// 'no_unused_imports' => true,
+		'no_whitespace_before_comma_in_array' => true,
+		'no_whitespace_in_blank_line' => true,
+		// 'normalize_index_brace' => true,
+		'object_operator_without_whitespace' => true,
+		// 'php_unit_fqcn_annotation' => true,
+		// 'phpdoc_align' => true,
+		// 'phpdoc_annotation_without_dot' => true,
+		// 'phpdoc_indent' => true,
+		// 'phpdoc_inline_tag' => true,
+		// 'phpdoc_no_access' => true,
+		// 'phpdoc_no_alias_tag' => true,
+		// 'phpdoc_no_empty_return' => true,
+		// 'phpdoc_no_package' => true,
+		// 'phpdoc_no_useless_inheritdoc' => true,
+		// 'phpdoc_return_self_reference' => true,
+		// 'phpdoc_scalar' => true,
+		// 'phpdoc_separation' => true,
+		// 'phpdoc_single_line_var_spacing' => true,
+		// 'phpdoc_summary' => true,
+		// 'phpdoc_to_comment' => true,
+		// 'phpdoc_trim' => true,
+		// 'phpdoc_types' => true,
+		// 'phpdoc_var_without_name' => true,
+		// 'pre_increment' => true,
+		// 'return_type_declaration' => true,
+		// 'self_accessor' => true,
+		// 'short_scalar_cast' => true,
+		'single_blank_line_before_namespace' => true,
+		// 'single_class_element_per_statement' => true,
+		// 'space_after_semicolon' => true,
+		// 'standardize_not_equals' => true,
+		'ternary_operator_spaces' => true,
+		// 'trailing_comma_in_multiline_array' => true,
+		'trim_array_spaces' => true,
+		'unary_operator_spaces' => true,
+		'whitespace_after_comma_in_array' => true,
+	])
+	->setIndent("\t")
+	->setLineEnding("\n")
+	->setUsingCache(false)
+	->setFinder($finder)
+;
--- a/.tx/config
+++ b/.tx/config
@@ -42,3 +42,15 @@ file_filter = localization/<lang>/userfield_types.po
 source_file = localization/userfield_types.pot
 source_lang = en
 type = PO
+
+[grocy.permissions]
+file_filter = localization/<lang>/permissions.po
+source_file = localization/permissions.pot
+source_lang = en
+type = PO
+
+[grocy.locales]
+file_filter = localization/<lang>/locales.po
+source_file = localization/locales.pot
+source_lang = en
+type = PO
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,3 +1,17 @@
 {
-	"phpserver.relativePath": "public"
-}
+	"phpserver.relativePath": "public",
+	"editor.formatOnType": true,
+	"editor.formatOnPaste": true,
+	"editor.formatOnSave": true,
+	"editor.insertSpaces": false,
+	"javascript.format.placeOpenBraceOnNewLineForControlBlocks": true,
+	"javascript.format.placeOpenBraceOnNewLineForFunctions": true,
+	"javascript.format.insertSpaceAfterFunctionKeywordForAnonymousFunctions": false,
+	"javascript.preferences.quoteStyle": "double",
+	"blade.format.enable": true,
+	"html.format.wrapAttributes": "force",
+	"html.format.wrapLineLength": 0,
+	"php-cs-fixer.formatHtml": true,
+	"php-cs-fixer.autoFixBySemicolon": true,
+	"php-cs-fixer.onsave": true,
+}
--- a/README.md
+++ b/README.md
@@ -1,36 +1,48 @@
-# grocy
-ERP beyond your fridge
+<div align="center">
+<img alt="Logo" height="50" src="https://raw.githubusercontent.com/grocy/grocy/master/public/img/grocy_logo.svg?sanitize=true" />
+<h3>ERP beyond your fridge</h3>
+<h4>grocy is a web-based self-hosted groceries & household management solution for your home<br>Created by <a href="https://github.com/berrnd">@berrnd</a></h4>
+</div>
+
+-----

 ## Give it a try
 - Public demo of the latest stable version (`release` branch) &rarr; [https://demo.grocy.info](https://demo.grocy.info)
- Public demo of the latest pre-release version (`master` branch) &rarr; [https://demo-prerelease.grocy.info](https://demo-prerelease.grocy.info)
+- Public demo of the current development version (`master` branch) &rarr; [https://demo-prerelease.grocy.info](https://demo-prerelease.grocy.info)

 ## Questions / Help / Bug reporting / Feature requests
 There is the [r/grocy subreddit](https://www.reddit.com/r/grocy) to connect with other grocy users and getting help.

-If you've found something that does not work or if you have an idea for an improvement or new things which you would find useful, feel free to open an issue in the [issue tracker](https://github.com/grocy/grocy/issues) here.
+If you've found something that does not work or if you have an idea for an improvement or new things which you would find useful, feel free to open a request on the [issue tracker](https://github.com/grocy/grocy/issues) here.
+
+Please don't send me private messages regarding grocy help. I check the issue tracker and the subreddit pretty much daily, but don't provide grocy support beyond that.

 ## Community contributions
-See the website for a list of community contributed Add-ons / Tools: [https://grocy.info/#addons](https://grocy.info/#addons)
+See the website for a list of community contributed Add-ons / Tools: [https://grocy.info/addons](https://grocy.info/addons)

 ## Motivation
-A household needs to be managed. I did this so far (almost 10 years) with my first self written software (a C# windows forms application) and with a bunch of Excel sheets. The software is a pain to use and Excel is Excel. So I searched for and tried different things for a (very) long time, nothing 100 % fitted, so this is my aim for a "complete household management"-thing. ERP your fridge!
+A household needs to be managed. I did this so far (almost 10 years) with my first self written software (a C# Windows forms application) and with a bunch of Excel sheets. The software is a pain to use and Excel is Excel. So I searched for and tried different things for a (very) long time, nothing 100 % fitted, so this is my aim for a "complete household management"-thing. ERP your fridge!

 ## How to install
-> Checkout grocy-desktop, if you want to run grocy without a webserver just like a normal (windows) desktop application.
+> Checkout [grocy-desktop](https://github.com/grocy/grocy-desktop), if you want to run grocy without having to manage a webserver just like a normal (Windows) desktop application.
 >
-> See https://github.com/grocy/grocy-desktop or directly download the [latest release](https://releases.grocy.info/latest-desktop) - the installation is nothing more than just clicking 2 times "next"...
+> Directly download the [latest release](https://releases.grocy.info/latest-desktop) - the installation is nothing more than just clicking 2 times "next".

-Just unpack the [latest release](https://releases.grocy.info/latest) on your PHP (SQLite (3.8.3 or higher) extension required, currently only tested with PHP 7.4) enabled webserver (webservers root should point to the `public` directory), copy `config-dist.php` to `data/config.php`, edit it to your needs, ensure that the `data` directory is writable and you're ready to go, (to make it writable, maybe use `chown -R www-data:www-data data/`). Default login is user `admin` with password `admin`, please change the password immediately (see user menu).
+See [https://grocy.info/links](https://grocy.info/links) for some installation guides and troubleshooting help.
+
+grocy is technically a pretty simple PHP application, so the basic notes to get it running are:
+- Unpack the [latest release](https://releases.grocy.info/latest)
+- Copy `config-dist.php` to `data/config.php` + edit to your needs
+- Ensure that the `data` directory is writable
+- The webserver root should point to the `public` directory
+- Include `try_files $uri /index.php$is_args$query_string;` in your location block if you use nginx
+  - Or disable URL rewriting (see the option `DISABLE_URL_REWRITING` in `data/config.php`)
+- Based on user reports, the minmimum required/working runtime is PHP 7.2 with SQLite 3.9.0
+  - However, I don't really care about supporting old runtime stuff, currently everything is only tested against (means 100 % works with) PHP 8.0 with SQLite 3.27.2
+- &rarr; Default login is user `admin` with password `admin`, please change the password immediately (user menu at the top right corner)

 Alternatively clone this repository (the `release` branch always references the latest released version, or checkout the latest tagged revision) and install Composer and Yarn dependencies manually.

-If you use nginx as your webserver, please include `try_files $uri /index.php$is_args$query_string;` in your location block.
-
-If, however, your webserver does not support URL rewriting, set `DISABLE_URL_REWRITING` in `data/config.php` (`Setting('DISABLE_URL_REWRITING', true);`).
-
-See the website for further installation guides and troubleshooting help: https://grocy.info/links
-
 ## How to run using Docker

 See [grocy/grocy-docker](https://github.com/grocy/grocy-docker) or [linuxserver/docker-grocy](https://github.com/linuxserver/docker-grocy) for instructions.
@@ -43,23 +55,25 @@ If you run grocy on Linux, there is also `update.sh` (remember to make the scrip
 ## Localization
 grocy is fully localizable - the default language is English (integrated into code), a German localization is always maintained by me.
 You can easily help translating grocy at https://www.transifex.com/grocy/grocy, if your language is incomplete or not available yet.
-(Language can be changed in `data/config.php`, e. g. `Setting('CULTURE', 'it');`)
+(The default language can be set in `data/config.php`, e. g. `Setting('DEFAULT_LOCALE', 'it');` and there is also a user setting (see the user settings page) to set a different language per user).

-The [pre-release demo](https://demo-prerelease.grocy.info) is available for any translation which is at least 80 % complete and will pull the translations from Transifex 10 minutes past every hour, so you can have a kind of instant preview of your contributed translations. Thank you!
+The [pre-release demo](https://demo-prerelease.grocy.info) is available for any translation which is at least 70 % complete and will pull the translations from Transifex 10 minutes past every hour, so you can have a kind of instant preview of your contributed translations. Thank you!

-Also any translation which reached a completion level of 80 % will be included in releases.
+Also any translation which once reached a completion level of 70 % will be included in releases.
+
+_RTL languages are unfortunately not yet supported._

 ## Things worth to know

-### REST API & data model documentation
+### REST API
 See the integrated Swagger UI instance on [/api](https://demo.grocy.info/api).

 ### Barcode readers & camera scanning
 Some fields (with a barcode icon above) also allow to select a value by scanning a barcode. It works best when your barcode reader prefixes every barcode with a letter which is normally not part of a item name (I use a `$`) and sends a `TAB` after a scan.

-Additionally it's also possible to use your device camera to scan a barcode by using the camera button on the right side of the corresponding field (powered by [QuaggaJS](https://github.com/serratus/quaggaJS), totally offline / client-side camera stream processing, please note due to browser security restrictions, this only works when serving grocy via a secure connection (`https://`)). Quick video demo: https://www.youtube.com/watch?v=Y5YH6IJFnfc
+Additionally it's also possible to use your device camera to scan a barcode by using the camera button on the right side of the corresponding field (powered by [Quagga2](https://github.com/ericblade/quagga2), totally offline / client-side camera stream processing, please note due to browser security restrictions, this only works when serving grocy via a secure connection (`https://`)). Quick video demo: https://www.youtube.com/watch?v=Y5YH6IJFnfc

-My personal recommendation: Use a USB barcode laser scanner. They are cheap and work 1000 % better, faster, under any lighting condition and from any angle.
+_My personal recommendation: Use a USB barcode laser scanner. They are cheap and work 1000 % better, faster, under any lighting condition and from any angle._

 ### Input shorthands for date fields
 For (productivity) reasons all date (and time) input (and display) fields use the ISO-8601 format regardless of localization.
@@ -70,7 +84,7 @@ The following shorthands are available:
  - Example: `20190417` will be converted to `2019-04-17`
 - `YYYYMMe` or `YYYYMM+` gets expanded to the end of the given month in the given year in proper notation
  - Example: `201807e` will be converted to `2018-07-31`
- `x` gets expanded to `2999-12-31` (which I use for products which never expire)
+- `x` gets expanded to `2999-12-31` (which I use for products which are never overdue)
 - Down/up arrow keys will increase/decrease the date by 1 day
 - Right/left arrow keys will increase/decrease the date by 1 week
 - Shift + down/up arrow keys will increase/decrease the date by 1 month
@@ -78,7 +92,7 @@ The following shorthands are available:

 ### Keyboard shorthands for buttons
 Wherever a button contains a bold highlighted letter, this is a shortcut key.
-Example: Button "Add as new **p**roduct" can be "pressed" by using the `P` key on your keyboard.
+Example: Button "**P** Add as new product" can be "pressed" by using the `P` key on your keyboard.

 ### Barcode lookup via external services
 Products can be directly added to the database via looking them up against external services by a barcode.
@@ -88,6 +102,8 @@ There is no plugin included for any service, see the reference implementation in
 ### Database migrations
 Database schema migration is automatically done when visiting the root (`/`) route (click on the logo in the left upper edge).

+_Please note: Database migrations are supposed to work between releases, not between every commit. If you want to run the current `master` branch (which is the development version), however, you need to handle that (and maybe more) yourself._
+
 ### Disable certain features
 If you don't use certain feature sets of grocy (for example if you don't need "Chores"), there are feature flags per major feature set to hide/disable the related UI elements (see `config-dist.php`)

@@ -109,17 +125,20 @@ Any help is more than appreciated. Feel free to pick any open unassigned issue a
 See https://grocy.info/#say-thanks for more ideas if you just want to say thanks.

 ## Roadmap
-There is none. grocy is only my hobby, one I like, but not the only one, and because of that, there are no release dates, no schedules for when anything is ready, it's done when it's done, maybe tomorrow, maybe tomorrow next year, everyone is invited to contribute - I appreciate all ideas and contributions. The progress of a specific bug/enhancement is always tracked in the corresponding issue, at least by commit comment references.
+There is none. The progress of a specific bug/enhancement is always tracked in the corresponding issue, at least by commit comment references.

 ## Screenshots
-#### Dashboard
-![Dashboard](https://github.com/grocy/grocy/raw/master/publication_assets/dashboard.png "Dashboard")
+#### Stock overview
+![Stock overview](https://github.com/grocy/grocy/raw/master/.github/publication_assets/stock.png "Stock overview")

-#### Purchase - with barcode scan
-![Purchase - with barcode scan](https://github.com/grocy/grocy/raw/master/publication_assets/purchase-with-barcode.gif "purchase-with-barcode")
+#### Shopping List
+![Shopping List](https://github.com/grocy/grocy/raw/master/.github/publication_assets/shoppinglist.png "Shopping List")

-#### Consume - with manual search
-![Consume - with manual search](https://github.com/grocy/grocy/raw/master/publication_assets/consume.gif "consume")
+#### Meal Plan
+![Meal Plan](https://github.com/grocy/grocy/raw/master/.github/publication_assets/mealplan.png "Meal Plan")
+
+#### Chores overview
+![Chores overview](https://github.com/grocy/grocy/raw/master/.github/publication_assets/chores.png "Chores overview")

 ## License
 The MIT License (MIT)
--- a/app.php
+++ b/app.php
@@ -1,12 +1,11 @@
 <?php

-use Psr\Http\Message\ServerRequestInterface as Request;
-use Psr\Http\Message\ResponseInterface as Response;
+use Grocy\Controllers\LoginController;
+use Grocy\Helpers\UrlManager;
+use Grocy\Middleware\CorsMiddleware;
 use Psr\Container\ContainerInterface as Container;
 use Slim\Factory\AppFactory;
-
-use Grocy\Helpers\UrlManager;
-use Grocy\Controllers\LoginController;
+use Slim\Views\Blade;

 // Load composer dependencies
 require_once __DIR__ . '/vendor/autoload.php';
@@ -14,6 +13,17 @@ require_once __DIR__ . '/vendor/autoload.php';
 // Load config files
 require_once GROCY_DATAPATH . '/config.php';
 require_once __DIR__ . '/config-dist.php'; // For not in own config defined values we use the default ones
+require_once __DIR__ . '/helpers/ConfigurationValidator.php';
+
+// Error reporting definitions
+if (GROCY_MODE === 'dev')
+{
+	error_reporting(E_ALL);
+}
+else
+{
+	error_reporting(E_ALL ^ (E_NOTICE | E_WARNING | E_DEPRECATED));
+}

 // Definitions for dev/demo/prerelease mode
 if ((GROCY_MODE === 'dev' || GROCY_MODE === 'demo' || GROCY_MODE === 'prerelease') && !defined('GROCY_USER_ID'))
@@ -30,25 +40,36 @@ if (GROCY_DISABLE_AUTH === true)
 	}
 }

+// Check if any invalid entries in config.php have been made
+try
+{
+	(new ConfigurationValidator())->validateConfig();
+}
+catch (EInvalidConfig $ex)
+{
+	exit('Invalid setting in config.php: ' . $ex->getMessage());
+}
+
+// Create data/viewcache folder if it doesn't exist
+if (!file_exists(GROCY_DATAPATH . '/viewcache'))
+{
+	mkdir(GROCY_DATAPATH . '/viewcache');
+}
+
 // Setup base application
 AppFactory::setContainer(new DI\Container());
 $app = AppFactory::create();

 $container = $app->getContainer();
-$container->set('view', function(Container $container)
-{
-	return new Slim\Views\Blade(__DIR__ . '/views', GROCY_DATAPATH . '/viewcache');
+$container->set('view', function (Container $container) {
+	return new Blade(__DIR__ . '/views', GROCY_DATAPATH . '/viewcache');
 });
-$container->set('LoginControllerInstance', function(Container $container)
-{
-	return new LoginController($container, 'grocy_session');
-});
-$container->set('UrlManager', function(Container $container)
-{
+
+$container->set('UrlManager', function (Container $container) {
 	return new UrlManager(GROCY_BASE_URL);
 });
-$container->set('ApiKeyHeaderName', function(Container $container)
-{
+
+$container->set('ApiKeyHeaderName', function (Container $container) {
 	return 'GROCY-API-KEY';
 });

@@ -61,8 +82,25 @@ if (!empty(GROCY_BASE_PATH))
 	$app->setBasePath(GROCY_BASE_PATH);
 }

+if (GROCY_MODE === 'production' || GROCY_MODE === 'dev')
+{
+	$app->add(new \Grocy\Middleware\LocaleMiddleware($container));
+}
+else
+{
+	define('GROCY_LOCALE', GROCY_DEFAULT_LOCALE);
+}
+
+$authMiddlewareClass = GROCY_AUTH_CLASS;
+$app->add(new $authMiddlewareClass($container, $app->getResponseFactory()));
 // Add default middleware
 $app->addRoutingMiddleware();
-$app->addErrorMiddleware(true, false, false);
+$errorMiddleware = $app->addErrorMiddleware(true, false, false);
+$errorMiddleware->setDefaultErrorHandler(
+	new \Grocy\Controllers\ExceptionController($app, $container)
+);

+$app->add(new CorsMiddleware($app->getResponseFactory()));
+
+ob_clean(); // No response output before here
 $app->run();
--- a/changelog/55_2.6.0_2020-01-31.md
+++ b/changelog/55_2.6.0_2020-01-31.md
@@ -18,7 +18,7 @@
 - To a recipe a product can be attached
  - This products needs a "Default best before date"
 - On using "Consume all ingredients needed by this recipe" and when it has a product attached, one unit of that product (per serving in purchase quantity unit) will be added to stock (with the proper price based on the recipe ingredients)
- (Thanks @kriddles for the intial work on this)
+- (Thanks @kriddles for the initial work on this)

 ### New feature: Freeze/Thaw products
 - New product options "Default best before days after freezing/thawing" to set how the best before date should be changed on freezing/thawing
--- a/changelog/58_2.7.0_2020-04-16.md
+++ b/changelog/58_2.7.0_2020-04-16.md
@@ -56,7 +56,7 @@
  - Various display/CSS improvements (thanks @Mik-)
 - Prerequisites (PHP extensions, critical files/folders) will now be checked and properly reported if there are problems (thanks @Forceu)
 - Improved the the overview pages on mobile devices (main column was hidden) (thanks @Mik-)
- The general search field now searches accent insensitive
+- The general search field now searches accent insensitive (and table sorting is also accent insensitive)
 - Fixed that all number inputs are always prefilled in the browser locale number format
 - Optimized the handling of settings provided by `data/settingoverrides` files (thanks @dacto)
 - Optimized the update script (`update.sh`) to create the backup tar archive before writing to it (was a problem on Btrfs file systems) (thanks @shane-kerr)
--- a/changelog/60_3.0.0_2020-12-22.md
+++ b/changelog/60_3.0.0_2020-12-22.md
@@ -0,0 +1,279 @@
+> ⚠️ The major version bump is due to breaking API changes, please see below if you use the API
+
+> ⚠️⚠️ SQLite >= 3.9.0 (was released in late 2015) is required
+>
+> [Here](https://github.com/grocy/grocy/issues/1209#issuecomment-749760765) is a workaround if you still run a SQLite version >= 3.8.3 < 3.9.0
+>
+> _PHP 7.2 with SQLite 3.8.3 was the formerly in [README mentioned](https://github.com/grocy/grocy#how-to-install) minimum runtime requirement, any future release will only be tested against a reasonable recent runtime (currently PHP 7.4 with SQLite 3.27.2) - supporting those (very) old runtime stuff is too time consuming..._
+
+> ❗ If some pages/tables doesn't load at all, please check that your `/data/config.php` setting `CURRENCY` is a valid ISO 4217 currency code - that's most probably the issue then.
+
+### New feature: Use any product related quantity unit anywhere
+- Finally it's possible to use any product related quantity unit on any page
+- Products still have one quantity unit stock and one (default) quantity unit purchase, but any QU, which has a direct or indirect conversion for that product, can be used to pick an amount
+  - Because the stock quantity unit is now the base for everything, it cannot be changed after the product was once added to stock (for now, maybe there will be a possibilty to change it in a future release)
+
+### New feature: Prefill purchase data by barcodes
+- Imagine you buy for example eggs in different pack sizes and they have different barcodes
+- Each product barcode can be assigned an amount, quantity unit and store (on the product edit page), which is then automatically prefilled on the purchase page
+- Additionally, the last price per barcode will be tracked and prefilled as a "Total price" on purchase
+- (Thanks @kriddles for the initial work on this)
+
+### New feature: User permissions
+- Users can now have permissions, can be configured per user on the "Manage users" page (lock icon)
+- Default permissions for new users can be set via a new `config.php` setting `DEFAULT_PERMISSIONS` (defaults to `ADMIN`, so no changed behavior when not configured)
+- All currently existing users will get all permissions (`ADMIN`) during the update/migration
+- Creating API keys on the "Manage API keys"-page (top right corner settings menu) now requires the `ADMIN` permission
+  - Other users only see their API keys on that page
+- (Thanks @fipwmaqzufheoxq92ebc for the initial work on this)
+
+### New feature: External authentication support
+- New `config.php` setting `AUTH_CLASS` to change the used authentication provider
+- Via LDAP
+  - New `config.php` settings `LDAP_DOMAIN`, `LDAP_ADDRESS` and `LDAP_BASE_DN`
+  - If you set `AUTH_CLASS` to `Grocy\Middleware\LdapAuthMiddleware`, users will be authenticated against your directory (and will also be created (in grocy), if not already present)
+- Via a reverse proxy
+  - New `config.php` setting `REVERSE_PROXY_AUTH_HEADER`
+  - If you set `AUTH_CLASS` to `Grocy\Middleware\ReverseProxyAuthMiddleware` and your reverse proxy sends a username in the HTTP header `REMOTE_USER` (header name can be changed by the setting `REVERSE_PROXY_AUTH_HEADER`), the user is automatically authenticated (and will also be created (in grocy), if not already present)
+  - (Thanks @fipwmaqzufheoxq92ebc for the initial work on this)
+
+### Stock improvements/fixes
+- Changes about best before dates: It's now possible to distinguish between best before dates and expiration dates:
+  - New product option "Due date type" (defaults to "Best before date")
+  - Wording changes:
+    - All current places where "Best before date" was used now use "Due date"
+    - Products with `Due date type = Best before date` (so all existing products) are "due" or "overdue" (they don't "expire" or are "expired")
+    - Products with `Due date type = Expiration date` (new option) can "expire" or are "expired"
+  - Color changes:
+    - Products which are due soon or expire soon are (still) highlighted in yellow
+    - Products which are overdue are highlighted in grey (there is also a new filter button on the stock overview page for them)
+    - Products which are expired (new option) are highlighted in red
+- When creating a quantity unit conversion it's now possible to automatically create the inverse conversion (thanks @kriddles)
+- The product option "Allow partial units in stock" was removed, partial amounts are now possible by default for all products
+- On purchase there is now a warning shown, when the due date of the purchased product is earlier than the next due date in stock (enabled by default, can be disabled by a new stock setting (top right corner settings menu))
+- The amount to be used for the "quick consume/open buttons" on the stock overview page can now be configured per product (new product option "Quick consume amount", defaults to 1)
+  - This "Quick consume amount" can optionally also be used as the default on the consume page (new stock setting / top right corner settings menu)
+- Products can now be duplicated (new dropdown menu item on the products list page, all fields will be preset from the copied product, except the name)
+- Products can now be merged (new dropdown menu item on the products list page)
+  - Useful if you have two products which are basically the same and want to replace all occurrences of one with the other one
+- When consuming or opening a parent product, which is currently not in stock, any in-stock sub product will now be consumed/opened (like already automatically done when consuming recipes)
+- Opened stock entries get now consumed first by default when no specific stock entry is used/selected
+  - So the default consume rule is now "Opened first, then first due first, then first in first out"
+- Optimized/clarified what the total/unit price on the purchase page is (thanks @kriddles)
+- On the purchase page the amount field is now displayed above/before the due date for better `TAB` handling (thanks @kriddles)
+- Changed that when `FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_TRACKING` is disabled, products now get internally a due date of "never overdue" (aka `2999-12-31`) instead of today (thanks @kriddles)
+- Products can now be disabled to keep the history/journal, but hide it everywhere, without deleting it (new product option "Active", deleting a product now explicitly also deletes its journal and all other references) (thanks @kriddles for the initial work on this)
+- Products can now be hidden from the stock overview page, even if they are in-stock (new product option "Never show on stock overview", disabled by default, so no changed behavior when not configured)
+  - That's maybe useful for parent products you only use as a kind of "container"
+- The due date is now also prefilled on the inventory page based on the products "Default due days" (was only done on the purchase page before)
+- On the stock journal page, it's now visible if a consume-booking was spoiled
+- It's now tracked who made a stock change (currently logged in user, visible on the stock journal page) (thanks @fipwmaqzufheoxq92ebc)
+- Product edit page improvements ("Save & continue" button, deleting and adding a product picuture is now possible in one go) (thanks @Ma27)
+- For products with tare weight handling enabled, it's now optionally possible to consume a fixed/exact amount (just like for "normal" products) in case you don't want to weigh the whole container this time (new checkbox on the consume page) (thanks @fipwmaqzufheoxq92ebc)
+- The stock overview page now also shows the value - new column and also the total value in the header (thanks @kriddles)
+- It's now possible to set a custom purchased date on purchase (new field on the purchase and inventory page, hidden by default - enable it by a new stock setting (top right corner settings menu)) (thanks @kriddles)
+- The decimal places for all amount and price inputs can now be configured (stock settings / top right corner settings menu, default for amounts is `4`, for prices `2`)
+- When clicking the product name on the shopping list, the product card will now be displayed (like on the stock overview page) (thanks @kriddles)
+- On the product card there is now also a button to jump directly to the stock entries of the corresponding product (thanks @kriddles)
+- The product picker workflows can now also be started by `ENTER` (additionally to `TAB`)
+- Added a "retry camera barcode scan" button (button with camera icon, shortcut `C`) to the product picker workflow dialog
+- Added more filters on the stock journal page
+- Added a grouped/summarized stock journal (new button "Journal summary" at the top of the stock journal page) (thanks @fipwmaqzufheoxq92ebc)
+  - Provides an overview of summarized transactions per product, transaction type and user + summarized amount
+- The product option "Default due days after freezing" now also supports `-1` (like the option "Default due days") to set the product to "never due" on freezing
+- Fixed that changing the products "Factor purchase to stock quantity unit" not longer messes up historical prices (which results for example in wrong recipe costs) (thanks @kriddles)
+- Fixed that when adding products through a product picker workflow and when the created products contains special characters, the product was not preselected on the previous page (thanks @Forceu)
+- Fixed that when editing a product the default store was not visible / always empty regardless if the product had one set (thanks @kriddles)
+- Fixed that `FEATURE_SETTING_STOCK_COUNT_OPENED_PRODUCTS_AGAINST_MINIMUM_STOCK_AMOUNT` (option to configure if opened products should be considered for minimum stock amounts) was not handled correctly (thanks @teddybeermaniac)
+- Fixed that the "Due soon" sum (yellow filter button) on the stock overview page didn't include products which are due today (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that the shopping cart icon on the stock overview page was also shown if the product was on an already deleted shopping list (if enabled) (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that when editing a stock entry without a price, the price field was prefilled with `1`
+- Fixed that the location & product groups filter on the stock overview page used a contains search instead of an exact search
+- Fixed that the amount on the success popup was wrong when consuming a product with "Tare weight handling" enabled
+- Fixed that the aggregated amount of parent products was wrong on the stock overview page when the child products had not the same stock quantity units
+- Fixed that edited stock entries were not considered for the price history chart on the product card
+- Fixed that `FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_TRACKING` is set to `false`, the purchase page validation failed (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that consuming (and editing the amount of) products with enabled tare weight handling did not work on the stock entries page
+- Fixed that the recipes dropdown on the consume page also displayed internal recipes (thanks @kriddles)
+- Fixed that opening tare weight handling enabled products is prevented via the UI and the API (as this makes no sense)
+- Fixed that undoing a consume transaction of an opened item added it back to stock unopened
+- Fixed that a "Total price" on purchase was not handled correctly for tare weight handling enabled products (the total price was wrongly related to the amount including the tare weight)
+
+### Shopping list improvements
+- Added a button to add all currently in-stock but overdue and expired products to the shopping list (thanks @m-byte)
+- Improved that when `FEATURE_FLAG_STOCK` is disabled, all product/stock related inputs and buttons are now hidden on the shopping list page (thanks @fipwmaqzufheoxq92ebc)
+- Shopping list items can now have their own Userfields (entity `shopping_list`), on the shopping list table those fields are rendered additionally to the product Userfields
+- The print view is now configurable (new dialog before printing - option to hide header, group products by their product group, alternative list layout)
+- Fixed that "Add products that are below defined min. stock amount" always rounded up the missing amount to an integral number, this now allows decimal numbers
+
+### Recipe improvements/fixes
+- It's now possible to print recipes (button next to the recipe title) (thanks @zsarnett)
+- Changed that recipe costs are now based on the costs of the products picked by the default consume rule ("Opened first, then first due first, then first in first out") (thanks @kriddles)
+  - Recipe costs were based on the last purchase price per product before, so this now better reflects the current real costs
+- Improved the recipe add workflow (a recipe called "New recipe" is now not automatically created when starting to add a recipe) (thanks @zsarnett)
+- On the recipe page, the calories and costs per ingredient are now shown to get a better overview of how much each ingredient contributed
+- Fixed that images on the recipe gallery view were not scaled correctly on larger screens (thanks @zsarnett)
+- Fixed that decimal ingredient amounts maybe resulted in wrong conversions or truncated decimal places if your locale does not use a dot as the decimal separator (thanks @m-byte)
+- Fixed that a recipe cannot be included in itself (because this will cause an infinite loop) (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that when editing a recipe ingredient the checkbox "Disable stock fulfillment checking for this ingredient" was not initaliased with the saved value
+- Fixed that the status filter ("Enough in stock", etc.) on the recipes page did not filter recipes on the gallery tab (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that consuming a recipe ingredient with tare weight handling enabled consumed a wrong amount (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that consuming a parent product recipe ingredient did not consider quantity unit conversion when effectively consuming a child product
+
+### Meal plan fixes
+- Fixed that for products the quantity unit purchase was displayed instead of the products quantity unit stock (thanks @BenoitAnastay)
+
+### Chores improvements/fixes
+- Chores can now be disabled to keep the history/journal, but hide it everywhere, without deleting it (new chore option "Active", deleting a chore now explicitly also deletes its journal and all other references)
+- Changed that not assigned chores on the chores overview page display now just a dash instead of an ellipsis in the "Assigned to" column to make this more clear (thanks @Germs2004)
+- The assignment type "Random" now don't prevents anymore that the last user will be assigned next
+- Fixed (again) that weekly chores, where the next execution should be in the same week, were scheduled (not) always (but sometimes) for the next week only (thanks @shadow7412)
+- Fixed that the assignment type "In alphabetic order" did not work correctly (the last person in the list was always assigned next once reached) (thanks @fipwmaqzufheoxq92ebc)
+
+### Equipment improvements
+- There is now a button to download the instruction manual (next to the "expand to fullscreen"-button)
+
+### Calendar improvements/fixes
+- Events are now links to the corresponding page (thanks @zsarnett)
+- Fixed a PHP warning when using the "Share/Integrate calendar (iCal)" button (thanks @tsia)
+- Fixed that "Track date only"-chores were always displayed at 12am (are now displayed as all-day events)
+- Fixed that it was not possible to switch to an other view than the default one on mobile (thanks @PhyberApex)
+
+### Tasks improvements
+- Tasks don't need to unique anymore (name field)
+
+### Batteries improvements
+- Batteries can now be disabled to keep the history/journal, but hide it everywhere, without deleting it (new battery option "Active", deleting a battery now explicitly also deletes its journal and all other references)
+
+### Userfield improvements/fixes
+- New Userfield type "File" to attach any file, will be rendered as a link to the file in tables (if enabled) (thanks @fipwmaqzufheoxq92ebc)
+- New Userfield type "Picture" to attach a picture, the picture will be rendered (small) in tables (if enabled) (thanks @fipwmaqzufheoxq92ebc)
+- New Userfield type "Link (with title)" - a link with a title (two input fields), so that the title is rendered in tables (if enabled) instead of the link itself
+- Userfields can now be reordered on the input form (new field "Sort number" per Userfield, fields will be ordered by that number, if any)
+- Users can now also have Userfields
+
+### General & other improvements/fixes
+- UI refresh / style improvements (thanks @zsarnett for the idea and initial work on this)
+- Improved mobile views (thanks @4lloyd for the idea and initial work on this)
+  - The buttons on the top of each page and the filter row is now collapsed (use the ellipsis/filter button to show them, this also superseded the shopping list compact view)
+  - Tables are horizontally scrollable (instead of collapsing columns which don't fit)
+- All tables are now customizable (new little eye icon on the top left corner on each table)
+  - Table columns be shown/hidden
+    - There are also new columns on some pages, hidden by default
+      - Stock overview: Value, Product group, Calories, Last purchased, Last price, Min. stock amount
+      - Products list: Default store
+      - Shopping list: Last price (Unit), Last price (Total), Default store, Barcodes (as scannable code-image)
+  - Row grouping can be customized to use any available column (thanks @edenhaus)
+- Table states (visible columns, sorting, column order and so on) are now saved server side (in user settings) means that this stays the same when using different browsers
+- Dialogs are now used everywhere where appropriate instead of jumping between pages (for example when adding/editing shopping list items)
+- Added a "Clear filter"-button on all pages (with filters) to quickly reset applied filters
+- Users can now have a picture (will then be shown next to the current user name instead of the generic user icon)
+- Prefilled number inputs now use sensible decimal places (max. the configured decimals while hiding trailing zeros where appropriate, means if you never use partial amounts for a product, you'll never see decimals for it)
+- Improved / more precise validation messages for number inputs
+- Optimized what's hidden when `GROCY_FEATURE_FLAG_STOCK` is disabled
+  - Products, quantity units and product groups are possible to use now
+  - Means you can use for example the shopping list, recipes and the meal plan with products while the "stock handling part" is hidden
+- Ordering now happens case-insensitive
+- The data path (previously fixed to the `data` folder) is now configurable, making it possible to run multiple grocy instances from the same directory (with different `config.php` files / different database, etc.) (thanks @fgrsnau)
+  - Via an environment variable `GROCY_DATAPATH` (higher priority)
+  - Via an FastCGI parameter `GROCY_DATAPATH` (lower priority)
+- The language can now be set per user (see the new user settings page / top right corner settings menu) (thanks @fipwmaqzufheoxq92ebc)
+  - Additionally, the language is now also auto-guessed based on the browser locale (HTTP-Header `Accept-Language`)
+  - The `config.php` option `CULTURE` was renamed to `DEFAULT_LOCALE`
+  - So the used language is based on (in that order)
+    - The user setting
+    - If not set, then based on browser locale
+    - If no matching localizaton was found, `DEFAULT_LOCALE` from `config.php` is used
+- Performance improvements (page loading time) of the stock overview page (thanks @fipwmaqzufheoxq92ebc)
+- The prerequisites checker now also checks for the minimum required SQLite version (thanks @Forceu)
+- Replaced (again, added before in v2.7.0, then reverted in v2.7.1 due to some problems) [QuaggaJS](https://github.com/serratus/quaggaJS) (seems to be unmaintained) by [Quagga2](https://github.com/ericblade/quagga2)
+- More `config.php` settings (see the section `Component configuration for Quagga2`) to tweak Quagga2 (this is the component used for device camera for barcode scanning) (thanks @andrelam)
+- Some localization string fixes (thanks @duckfullstop)
+- Better error pages
+- Fixed that numeric and date-time sorting of table columns did not work correctly
+- Fixed that XSS / HTML injection was possible through some user input fields (low severity / not really a problem as this could not be abused unauthenticated)
+- New translations: (thanks all the translators)
+  - Greek (demo available at https://el.demo.grocy.info)
+  - Korean (demo available at https://ko.demo.grocy.info)
+  - Chinese (China) (demo available at https://zh-cn.demo.grocy.info)
+  - Tamil (demo available at https://ta.demo.grocy.info)
+  - Finnish (demo available at https://fi.demo.grocy.info)
+
+### API improvements/fixes
+- ⚠️ **Breaking changes**:
+  - All prices are now related to the products stock quantity unit (instead of the products purchase QU)
+  - All (product) amounts are now related to the products stock quantity unit (was related to the products purchase QU for the shopping list before)
+  - The product object no longer has a field `barcodes` with a comma separated barcode list, instead barcodes are now stored in a separate table/entity `product_barcodes` (use the existing "Generic entity interactions" endpoints to access them)
+  - The endpoint `/objects/{entity}/search` was removed (use the existing `/objects/{entity}` endpoint with the new filter capabilities mentioned below)
+  - The output / field names of `ProductDetailsResponse` have slightly changed (endpoint `/stock/products/{productId}`)
+  - Endpoint `/stock/volatile`
+    - The query parameter `expring_days` was renamed to `due_soon_days`
+    - The field `expiring_products` was renamed to `due_products`
+    - The field `expired_products` now only contains expired products (so them with `Due date type = Expiration date`)
+    - The new field `overdue_products` contains only overdue products (so them with `Due date type = Best before date`)
+  - The following endpoints now return all bookings of the transaction (so the response is now an array, was before a single stock booking - and a random one if the transaction affected multiple stock entries)
+    - PUT `/stock/entry/{entryId}`
+    - POST `/stock/products/{productId}/add`
+    - POST `/stock/products/{productId}/consume`
+    - POST `/stock/products/{productId}/transfer`
+    - POST `/stock/products/{productId}/inventory`
+    - POST `/stock/products/{productId}/open`
+    - POST `/stock/products/by-barcode/{barcode}/add`
+    - POST `/stock/products/by-barcode/{barcode}/consume`
+    - POST `/stock/products/by-barcode/{barcode}/transfer`
+    - POST `/stock/products/by-barcode/{barcode}/inventory`
+    - POST `/stock/products/by-barcode/{barcode}/open`
+    - (The response is the same as if you would fetch the stock transaction via `/stock/transactions/{transactionId}`)
+- For better integration (apps), it's now possible to show a QR-Code for API keys (thanks @fipwmaqzufheoxq92ebc)
+  - New QR-Code button on the "Manage API keys"-page (top right corner settings menu), the QR-Codes contains `<API-Url>|<API-Key>`
+  - And on the calendar page when using the button "Share/Integrate calendar (iCal)", there the QR-Codes contains the Share-URL (which is displayed in the textbox above)
+- The output of the following endpoints can now be filtered (by any field), ordered and paginated (thanks for the initial work on this @fipwmaqzufheoxq92ebc)
+  - `/objects/{entity}`
+  - `/stock/products/{productId}/entries`
+  - `/stock/products/{productId}/locations`
+  - `/recipes/fulfillment`
+  - `/users`
+  - `/tasks`
+  - `/chores`
+  - `/batteries`
+  - There are 4 new (optional) query parameters to utilize that
+    - `order` The field to order by (use the separator `:` to specify the sort order - `asc` or `desc`, defaults to `asc` when omitted)
+    - `limit` The maximum number of objects to return
+    - `offset` The number of objects to skip
+    - `query[]` An array of conditions, each of them is a string in the form of `<field><condition><value>`, where
+      - `<field>` is a field name
+      - `<condition>` is a comparison operator, one of
+        - `=` equal
+		- `!=` not equal
+        - `~` LIKE
+        - `!~` not LIKE
+        - `<` less
+        - `>` greater
+        - `<=` less or equal
+        - `>=` greater or equal
+        - `§` regular expression
+      - `<value>` is the value to search for
+- New endpoint `/stock/shoppinglist/add-overdue-products` to add all currently in-stock but overdue products to a shopping list (thanks @m-byte)
+- New endpoint `/stock/shoppinglist/add-expired-products` to add all currently in-stock but expired products to a shopping list
+- New endpoints GET/POST/PUT `/users/{userId}/permissions` for the new user permissions feature mentioned above
+- New endpoint `/user` to get the currently authenticated user
+- New endpoint DELETE `/user/settings/{settingKey}` to delete a user setting
+- New endpoint POST `/stock/products/{productIdToKeep}/merge/{productIdToRemove}` for the new product merging feature mentioned above
+- The following entities are now also available via the endpoint `/objects/{entity}` (only listing, no edit)
+  - `stock_log` (the stock journal)
+  - `stock` (the "raw" stock entries)
+  - `stock_current_locations` (info how much of each product is currently stored at which location)
+- Performance improvements of the `/stock/products/*` endpoints (thanks @fipwmaqzufheoxq92ebc)
+- The endpoint `/stock/products/{productId}/locations` now also has an optional query parameter `include_sub_products` to optionally also return locations of sub products of the given product
+- The following endpoints  now have an optional request body parameter `allow_subproduct_substitution` to consume/open any child product when the given product is a parent product and currently not in stock
+  - `/stock/products/{productId}/consume`
+  - `/stock/products/by-barcode/{barcode}/consume`
+  - `/stock/products/{productId}/open`
+  - `/stock/products/by-barcode/{barcode}/open`
+- Fixed that the endpoint `/objects/{entity}/{objectId}` always returned successfully, even when the given object not exists (now returns `404` when the object is not found) (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that the endpoint `/stock/volatile` didn't include products which are due today (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that the endpoint `/objects/{entity}` did not include Userfields for Userentities (so the effective endpoint `/objects/userobjects`)
+- Fixed that the endpoint `/stock/consume` returned the response code `200` and an empty response body when `stock_entry_id` was set (consuming a specific stock entry) but invalid (now returns the response code `400`) (thanks @fipwmaqzufheoxq92ebc)
+- Fixed that the endpoint `/user/settings/{settingKey}` didn't return the default setting if it was not configured for the current user (same behavior as the endpoint `/user/settings` now)
+- Endpoint `/calendar/ical`: Fixed that "Track date only"-chores were always set to happen at 12am (are treated as all-day events now)
+- Fixed (again) that CORS was broken
--- a/changelog/61_3.0.1_2021-01-05.md
+++ b/changelog/61_3.0.1_2021-01-05.md
@@ -0,0 +1,19 @@
+> ⚠️⚠️ SQLite >= 3.9.0 (was released in late 2015) is required
+>
+> [Here](https://github.com/grocy/grocy/issues/1209#issuecomment-749760765) is a workaround if you still run a SQLite version >= 3.8.3 < 3.9.0
+>
+> _PHP 7.2 with SQLite 3.8.3 was the formerly in [README mentioned](https://github.com/grocy/grocy#how-to-install) minimum runtime requirement, any future release will only be tested against a reasonable recent runtime (currently PHP 7.4 with SQLite 3.27.2) - supporting those (very) old runtime stuff is too time consuming..._
+
+- Improved the prerequisites checker (added missing required PHP extension `ctype`) (thanks @Forceu)
+- Added validation checks for most `data/config.php` settings to prevent using invalid ones (thanks @Forceu)
+- When using reverse proxy authentication (`ReverseProxyAuthMiddleware`), _additionally_ a valid API key can now also be used for authentication (if you don't want to protect the API endpoints via your reverse proxy, however)
+- Added a new API endpoint `/system/time` to get the current server time (thanks @Forceu)
+- An amount attached to a barcode is now also prefiled when scanning the product on the Consume/Transfer/Inventory page
+- Fixed that some number inputs were broken when the new decimal places setting were set to `0`
+- Fixed that browser camera barcode scanning did not work on the product edit page for adding product barcodes
+- Fixed that indirect unit conversions (those between units, not product overrides) could not be used/selected
+- Fixed that the new product option "Never show on stock overview" was unintentionally set by default for new products
+- Fixed that adding items to the shopping list from the context/more menu on the stock overview page did not work
+- Fixed that consuming was not possible when `FEATURE_FLAG_STOCK_LOCATION_TRACKING` was disabled
+- Fixed that adding images in text editor fields did not work
+- Fixed some other minor UI glitches
--- a/changelog/62_3.1.0_2021-07-16.md
+++ b/changelog/62_3.1.0_2021-07-16.md
@@ -0,0 +1,125 @@
+> ⚠️ The following PHP extensions are now additionally required: `json`, `intl`, `zlib`
+
+> ⚠️ PHP 8 is now supported and from now on the only tested runtime version (although currently PHP 7.2 should still work).
+
+### New feature: grocycode / label printer support
+#### (Own) Product/stock entry/chores/batteries labels/barcodes
+- Print own labels/barcodes for products/stock entries/chores/batteries and then scan that code on every place a product/stock entry/chore/battery can be selected
+- Can be printed (or downloaded) via
+  - The product/chore/battery edit page
+  - The context/more menu per line on the overview pages and for stock entries on the stock entries page
+  - Automatically on purchase (new option on the purchase page, defaults can be configured per product) for stock entries
+- The used barcode type can be configured via the `config.php` option `GROCYCODE_TYPE`:
+  - `1D` (default) will produce a `Code128` 1D barcode (supported by the integrated camera barcode scanner)
+  - `2D` will produce a `DataMatrix` 2D barcode (currently not supported by the integrated camera barcode scanner, but can be probably printed smaller)
+- Label printer functionality can be enabled via the new feature flag `FEATURE_FLAG_LABEL_PRINTER` (defaults to disabled)
+- Label printer communication happens via WebHooks - see the new `LABEL_PRINTER*` `config.php` options
+- grocycodes can also be used without a label printer - you can view or download thm as pictures and print them manually
+- More information:
+  - https://github.com/grocy/grocy/tree/v3.1.0/docs/grocycode.md
+  - https://github.com/grocy/grocy/tree/v3.1.0/docs/label-printing.md
+- (Thanks a lot @mistressofjellyfish for the initial work on this)
+
+### New feature: Meal plan sections
+- Split the meal plan into sections like Breakfast/Lunch/Dinner
+  - => New button "Configure sections" on the meal plan page to configure the sections (top right corner)
+  - => Each meal plan entry can be assigned to a section
+
+### New feature: Shopping list thermal printer support
+- The shopping list can now be printed on a thermal printer
+  - The printer must be compatible to the `ESC/POS` protocol and needs to be locally attached or network reachable to/by the machine hosting grocy (so the server)
+  - See the new `TPRINTER*` `config.php` options to configure the printer connection and other options
+  - => New button on the shopping list print dialog
+- Can be enabled via the new feature flag `FEATURE_FLAG_THERMAL_PRINTER` (defaults to disabled)
+- (Thanks a lot @Forceu)
+
+### Stock improvements/fixes
+- Product barcodes are now enforced to be unique across products
+- On the stock overview page it's now also possible to search/filter by product barcodes (via the general search field)
+- The product picker on the consume and transfer page now only shows products which are currently in stock
+- Added a filter option to only show in-stock products on the stock overview and products list (master data) page
+- Added new columns on the stock overview page (hidden by default): Product description, product default location, parent product, product picture
+- Added a new product option "Should not be frozen" (defaults to disabled and only visible when `FEATURE_FLAG_STOCK_PRODUCT_FREEZING` is enabled)
+  - When enabled, on moving the product to a freezer location (so when freezing it), a corresponding warning will be shown
+- Optimized that when opening a product which has "Default due days after opened" set, the resulting date now never extends the original due date
+- Added a new stock setting (top right corner settings menu) "Add decimal separator automatically for price inputs" (defaults to disabled)
+  - When enabled, you always have to enter the value including decimal places, the decimal separator will be automatically added based on the amount of allowed decimal places
+- Fixed that editing stock entries was not possible
+- Fixed that consuming with Scan Mode was not possible
+- Fixed that the current stock total value (header of the stock overview page) didn't include decimal amounts (thanks @Ape)
+- Fixed that the transfer page was not fully populated when opening it from the stock entries page
+- Fixed that undoing a consume/open action from the success notification on the stock entries page was not possible
+- Fixed that adding a barcode to a product didn't save the selected quantity unit when the product only has a single one
+- Fixed that the store information on a stock entry was lost when transferring a partial amount to a different location
+- Fixed that the "Spoil rate" on the product card was wrong in some cases
+- Fixed that the stock journal showed always the products default location (instead of the location of the transaction)
+- Fixed that the aggregated amount of parent products was wrong when indirect quantity unit conversions were used
+
+### Shopping list improvements/fixes
+- The amount now defaults to `1` for adding items quicker
+- Added a status filter for only _done_ items
+- The total value is now also shown (based on "Last price (Total)" per item, displayed on the page header and only when `FEATURE_FLAG_STOCK_PRICE_TRACKING` is enabled)
+- Fixed that shopping list prints had a grey background (thanks @Forceu)
+- Fixed the form validation on the shopping list item page (thanks @Forceu)
+- Fixed that when adding products to the shopping list from the stock overview page, the used quantity unit was always the products default purchase QU (and not the selected one)
+- Fixed that the displayed last unit/total price was wrong when the used quantity unit was not the products stock QU
+- Fixed that the "Add as barcode to existing product" productpicker workflow did not work
+
+### Recipe improvements/fixes
+- Recipe printing improvements (thanks @Ape)
+- Calories are now always displayed per single serving (on the recipe and meal plan page)
+- The note of an ingredient will now also be added to the corresponding shopping list item when using "Put missing products on the shopping list"
+- It's now possible to copy a recipe (button/dropdown menu item per recipe)
+- Fixed that the recipe page was slow when there were a lot meal plan recipe entries
+- Fixed that "Only check if any amount is in stock" (recipe ingredient option) didn't work for stock amounts < 1
+- Fixed that when adding missing items to the shopping list, on the popup deselected items got also added
+- Fixed that the amount of self produced products with tare weight handling enabled was wrong ("Produces product" recipe option)
+- Fixed that the ingredient amount calculation for included/nested recipes was (for most cases) wrong
+- Fixed that the ingredient amount was wrong when using a to the product indirectly related quantity unit
+- Fixed that the calories amount calculation was wrong when quantity unit conversions were involved
+
+### Meal plan improvements/fixes
+- Improved the meal plan page loading time (drastically when having a big history of meal plan entries)
+- Meal plan entries can now be visually marked as "done" (new button per entry)
+  - This happens automatically on consuming a recipe/product from the meal plan page
+- It's now possible to copy all entries of a day to another day (in the dropdown of the add button in the header of each day column)
+- The "Display recipe" button was removed, instead clicking the recipe title now displays the recipe (and this now also works for products; shows the product card)
+- Fixed that stock fulfillment checking used the desired servings of the recipe (those selected on the recipes page, not them from the meal plan entry)
+
+### Chores improvements/fixes
+- It's now possible to track any addtional info on a chore execution by using Userfields
+  - => Configure the desired Userfields for the entity `chores_log`
+  - => The on chore execution tracking entered information is then visible on the corresponding chore journal entry
+- Fixed that tracking chores with "Done by" a different user was not possible
+
+### Userfield improvements/fixes
+- Userfields can now be configured as mandatory (new Userfield option, defaults to disabled)
+- Fixed that numeric Userfields were initialised with `1.0`
+- Fixed that shortcuts (up/down key) and the format did not work correctly when using multiple date/time Userfields per object
+- Fixed that Userfields were not saved when adding a product or a recipe (only on editing)
+
+### General & other improvements/fixes
+- LDAP authentication improvements / OpenLDAP support (thanks @tank0226)
+  - A read only service account can now be used for binding
+  - The username attribute is now configurable
+  - Filtering of accounts is now possible
+  - => See the new `LDAP*` `config.php` options
+- Improved the page loading time of all journal pages (stock/chores/batteries) by adding a new date range filter
+- Some night mode style improvements (thanks @BlizzWave and @KTibow)
+- Help tooltips are now additionally also triggered by clicking on them (instead of only hovering them, which doesn't work on mobile / touch devices)
+- The camera barcode scanner now also supports Code 39 barcodes (used for example in Germany on pharma products (PZN)) (thanks @andreheuer)
+- Fixed that the number picker up/down buttons did not work when the input field was empty or contained an invalid number
+- Fixed that links and embeds (e.g. YouTube videos) did not work in the text editor
+- Fixed that the "Manage users" and "Manage API keys" menu was not shown when using reverse proxy authentication
+
+### API improvements/fixes
+> ❗ Numbers are now returned as numbers (so technically without quotes around them, were strings for nearly all endpoints before - should practically be no real difference)
+- Added a new endpoint `/system/localization-strings` to get the localization strings (gettext JSON representation; in the by the user desired language)
+- Added a new endpoint `/recipes/{recipeId}/copy` to copy a recipe
+- The `GET /chores` endpoint now also returns the `next_execution_assigned_user` object per chore (like the endpoint `GET /chores/{choreId}` already did for a single chore)
+- The `GET /tasks` endpoint now also returns the assigned user and category object per task
+- Empty Userfields are now also returned (were previously omitted, endpoint `GET /objects/{entity}` and `GET /objects/{entity}/{objectId}`)
+- Fixed that due soon products with `due_type` = "Expiration date" were missing in `due_products` of the `/stock/volatile` endpoint
+- Fixed that `PUT/DELETE /objects/{entity}/{objectId}` produced an internal server error when the given object id was invalid (now returns `400 Bad Request`)
+- Fixed that hyphens in filter values did not work
+- Fixed that cyrillic letters were not allowed in filter values
--- a/composer.json
+++ b/composer.json
@@ -1,16 +1,20 @@
 {
 	"require": {
-		"php": ">=7.2",
+		"php": ">=8.0",
 		"slim/slim": "^4.0",
 		"slim/psr7": "^1.0",
 		"slim/http": "^1.0",
 		"php-di/php-di": "^6.0",
-		"rubellum/slim-blade-view": "^0.1.1",
-		"morris/lessql": "^0.4.1",
+		"berrnd/slim-blade-view": "^1.0.0",
+		"morris/lessql": "^1.0",
 		"gettext/gettext": "^4.8",
-		"eluceo/ical": "^0.16.0",
+		"eluceo/ical": "^2.2.0",
 		"erusev/parsedown": "^1.7",
-		"gumlet/php-image-resize": "^1.9"
+		"gumlet/php-image-resize": "^2.0",
+		"ezyang/htmlpurifier": "^4.13",
+		"interficieis/php-barcode": "^2.0.2",
+		"guzzlehttp/guzzle": "^7.0",
+		"mike42/escpos-php": "^3.0"
 	},
 	"autoload": {
 		"psr-4": {
@@ -22,5 +26,8 @@
 		"files": [
 			"helpers/extensions.php"
 		]
+	},
+	"config": {
+		"platform-check": false
 	}
 }
--- a/composer.lock
+++ b/composer.lock
--- a/config-dist.php
+++ b/config-dist.php
@@ -1,140 +1,201 @@
 <?php

-# Settings can also be overwritten in two ways
-#
-# First priority
-# A .txt file with the same name as the setting in /data/settingoverrides
-# the content of the file is used as the setting value
-#
-# Second priority
-# An environment variable with the same name as the setting and prefix "GROCY_"
-# so for example "GROCY_BASE_URL"
-#
-# Third priority
-# The settings defined here below
+// Settings can also be overwritten in two ways
+//
+// First priority
+// A .txt file with the same name as the setting in /data/settingoverrides
+// the content of the file is used as the setting value
+//
+// Second priority
+// An environment variable with the same name as the setting and prefix "GROCY_"
+// so for example "GROCY_BASE_URL"
+//
+// Third priority
+// The settings defined here below

-
-# Either "production", "dev", "demo" or "prerelease"
-# When not "production", authentication will be disabled and
-# demo data will be populated during database migrations
+// Either "production", "dev", "demo" or "prerelease"
+// When not "production", authentication will be disabled and
+// demo data will be populated during database migrations
 Setting('MODE', 'production');

-# Either "en" or "de" or the directory name of
-# one of the other available localization folders in the "/localization" directory
-Setting('CULTURE', 'en');
+// Either "en" or "de" or the directory name of
+// one of the other available localization folders in the "/localization" directory
+Setting('DEFAULT_LOCALE', 'en');

-# This is used to define the first day of a week for calendar views in the frontend,
-# leave empty to use the locale default
-# Needs to be a number where Sunday = 0, Monday = 1 and so forth
+// This is used to define the first day of a week for calendar views in the frontend,
+// leave empty to use the locale default
+// Needs to be a number where Sunday = 0, Monday = 1 and so forth
 Setting('CALENDAR_FIRST_DAY_OF_WEEK', '');

-# If calendars should show week numbers
+// If calendars should show week numbers
 Setting('CALENDAR_SHOW_WEEK_OF_YEAR', true);

-# To keep it simple: grocy does not handle any currency conversions,
-# this here is used to format all money values,
-# so doesn't really matter, but should be the
-# ISO 4217 code of the currency ("USD", "EUR", "GBP", etc.)
+// To keep it simple: grocy does not handle any currency conversions,
+// this here is used to format all money values,
+// so doesn't really matter, but should be the
+// ISO 4217 code of the currency ("USD", "EUR", "GBP", etc.)
 Setting('CURRENCY', 'USD');

-# When running grocy in a subdirectory, this should be set to the relative path, otherwise empty
-# Example:
-#  Webserver root directory = /var/www
-#  grocy directory = /var/www/grocy
-#  => BASE_PATH = /grocy
+// When running grocy in a subdirectory, this should be set to the relative path, otherwise empty
+// It needs to be set to the part (of the URL) after the document root,
+// if URL rewriting is disabled, including index.php
+// Example with URL Rewriting support:
+//  Root URL = https://example.com/grocy
+//  => BASE_PATH = /grocy
+// Example without URL Rewriting support:
+//  Root URL = https://example.com/grocy/public/index.php/
+//  => BASE_PATH = /grocy/public/index.php
 Setting('BASE_PATH', '');

-# The base url of your installation,
-# should be just "/" when running directly under the root of a (sub)domain
-# or for example "https://example.com/grocy" when using a subdirectory
+// The base URL of your installation,
+// should be just "/" when running directly under the root of a (sub)domain
+// or for example "https://example.com/grocy" when using a subdirectory
 Setting('BASE_URL', '/');

-# The plugin to use for external barcode lookups,
-# must be the filename without .php extension and must be located in /data/plugins,
-# see /data/plugins/DemoBarcodeLookupPlugin.php for an example implementation
+// The plugin to use for external barcode lookups,
+// must be the filename without .php extension and must be located in /data/plugins,
+// see /data/plugins/DemoBarcodeLookupPlugin.php for an example implementation
 Setting('STOCK_BARCODE_LOOKUP_PLUGIN', 'DemoBarcodeLookupPlugin');

-# If, however, your webserver does not support URL rewriting, set this to true
+// If, however, your webserver does not support URL rewriting, set this to true
 Setting('DISABLE_URL_REWRITING', false);

-# Specify an custom homepage if desired - by default the homepage will be set to the stock overview,
-# this needs to be one of the following values:
-# stock, shoppinglist, recipes, chores, tasks, batteries, equipment, calendar, mealplan
+// Specify an custom homepage if desired - by default the homepage will be set to the stock overview page,
+// this needs to be one of the following values:
+// stock, shoppinglist, recipes, chores, tasks, batteries, equipment, calendar, mealplan
 Setting('ENTRY_PAGE', 'stock');

-# Set this to true if you want to disable authentication / the login screen,
-# places where user context is needed will then use the default (first existing) user
+// Set this to true if you want to disable authentication / the login screen,
+// places where user context is needed will then use the default (first existing) user
 Setting('DISABLE_AUTH', false);

-# Set this to true if you want to disable the ability to scan a barcode via the device camera (Browser API)
+// Either "Grocy\Middleware\DefaultAuthMiddleware", "Grocy\Middleware\ReverseProxyAuthMiddleware"
+// or any class that implements Grocy\Middleware\AuthMiddleware
+Setting('AUTH_CLASS', 'Grocy\Middleware\DefaultAuthMiddleware');
+
+// When using ReverseProxyAuthMiddleware,
+// the name of the HTTP header which your reverse proxy uses to pass the username (on successful authentication)
+Setting('REVERSE_PROXY_AUTH_HEADER', 'REMOTE_USER');
+
+// LDAP options when using LdapAuthMiddleware
+Setting('LDAP_ADDRESS', ''); // Example value "ldap://vm-dc2019.local.berrnd.net"
+Setting('LDAP_BASE_DN', ''); // Example value "DC=local,DC=berrnd,DC=net"
+Setting('LDAP_BIND_DN', ''); // Example value "CN=grocy_bind_account,OU=service_accounts,DC=local,DC=berrnd,DC=net"
+Setting('LDAP_BIND_PW', ''); // Password for the above account
+Setting('LDAP_USER_FILTER', ''); // Example value "(OU=grocy_users)"
+Setting('LDAP_UID_ATTR', ''); // Windows AD: "sAMAccountName", OpenLDAP: "uid", GLAuth: "cn"
+
+// Set this to true if you want to disable the ability to scan a barcode via the device camera (Browser API)
 Setting('DISABLE_BROWSER_BARCODE_CAMERA_SCANNING', false);

-# Set this if you want to have a different start day for the weekly meal plan view,
-# leave empty to use CALENDAR_FIRST_DAY_OF_WEEK (see above)
-# Needs to be a number where Sunday = 0, Monday = 1 and so forth
+// Set this if you want to have a different start day for the weekly meal plan view,
+// leave empty to use CALENDAR_FIRST_DAY_OF_WEEK (see above)
+// Needs to be a number where Sunday = 0, Monday = 1 and so forth
 Setting('MEAL_PLAN_FIRST_DAY_OF_WEEK', '');

+// Default permissions for new users
+// the array needs to contain the technical/constant names
+// see the file controllers/Users/User.php for possible values
+Setting('DEFAULT_PERMISSIONS', ['ADMIN']);

-# Default user settings
-# These settings can be changed per user, here the defaults
-# are defined which are used when the user has not changed the setting so far
+// 1D (=> Code128) or 2D (=> DataMatrix)
+Setting('GROCYCODE_TYPE', '1D');

-# Night mode related
+// Label printer settings
+// This is the URI that grocy will POST to when asked to print a label
+Setting('LABEL_PRINTER_WEBHOOK', '');
+// This setting decides whether the webhook will be called server- or clientside
+// If the machine grocy runs on has a network connection to the host the webhook receiver is on, this is probably a good idea
+// If, for example, grocy runs in the cloud and your printer daemon runs locally to you, set this to false to let your browser call the webhook instead
+Setting('LABEL_PRINTER_RUN_SERVER', true);
+// Additional parameters supplied to the webhook
+Setting('LABEL_PRINTER_PARAMS', ['font_family' => 'Source Sans Pro (Regular)']);
+// TRUE to use JSON or FALSE to use normal POST request variables
+Setting('LABEL_PRINTER_HOOK_JSON', false);
+
+// Thermal printer options
+// Thermal printers are receipt printers, not regular printers,
+// the printer must support the ESC/POS protocol, see https://github.com/mike42/escpos-php
+Setting('TPRINTER_IS_NETWORK_PRINTER', false); // Set to true if it's' a network printer
+Setting('TPRINTER_PRINT_QUANTITY_NAME', true); // Set to false if you do not want to print the quantity names (related to the shopping list)
+Setting('TPRINTER_PRINT_NOTES', true); // Set to false if you do not want to print notes (related to the shopping list)
+Setting('TPRINTER_IP', '127.0.0.1'); // IP of the network printer (does only matter if it's a network printer)
+Setting('TPRINTER_PORT', 9100); // Port of the network printer
+Setting('TPRINTER_CONNECTOR', '/dev/usb/lp0'); // Printer device (does only matter if you use a locally attached printer)
+// For USB on Linux this is often '/dev/usb/lp0', for serial printers it could be similar to '/dev/ttyS0'
+// Make sure that the user that runs the webserver has permissions to write to the printer - on Linux add your webserver user to the LP group with usermod -a -G lp www-data
+
+
+// Default user settings
+// These settings can be changed per user, here the defaults
+// are defined which are used when the user has not changed the setting so far
+
+// Night mode related
 DefaultUserSetting('night_mode_enabled', false); // If night mode is enabled always
 DefaultUserSetting('auto_night_mode_enabled', false); // If night mode is enabled automatically when inside a given time range (see the two settings below)
-DefaultUserSetting('auto_night_mode_time_range_from', "20:00"); // Format HH:mm
-DefaultUserSetting('auto_night_mode_time_range_to', "07:00"); // Format HH:mm
+DefaultUserSetting('auto_night_mode_time_range_from', '20:00'); // Format HH:mm
+DefaultUserSetting('auto_night_mode_time_range_to', '07:00'); // Format HH:mm
 DefaultUserSetting('auto_night_mode_time_range_goes_over_midnight', true); // If the time range above goes over midnight
 DefaultUserSetting('currently_inside_night_mode_range', false); // If we're currently inside of night mode time range (this is not user configurable, but stored as a user setting because it's evaluated client side to be able to use the client time instead of the maybe different server time)

-# Keep screen on settings
+// Keep screen on settings
 DefaultUserSetting('keep_screen_on', false); // Keep the screen always on
 DefaultUserSetting('keep_screen_on_when_fullscreen_card', false); // Keep the screen on when a "fullscreen-card" is displayed

-# Stock settings
+// Stock settings
 DefaultUserSetting('product_presets_location_id', -1); // Default location id for new products (-1 means no location is preset)
 DefaultUserSetting('product_presets_product_group_id', -1); // Default product group id for new products (-1 means no product group is preset)
 DefaultUserSetting('product_presets_qu_id', -1); // Default quantity unit id for new products (-1 means no quantity unit is preset)
-DefaultUserSetting('stock_expring_soon_days', 5);
+DefaultUserSetting('stock_decimal_places_amounts', 4); // Default decimal places allowed for amounts
+DefaultUserSetting('stock_decimal_places_prices', 2); // Default decimal places allowed for prices
+DefaultUserSetting('stock_auto_decimal_separator_prices', false);
+DefaultUserSetting('stock_due_soon_days', 5);
 DefaultUserSetting('stock_default_purchase_amount', 0);
 DefaultUserSetting('stock_default_consume_amount', 1);
+DefaultUserSetting('stock_default_consume_amount_use_quick_consume_amount', false);
 DefaultUserSetting('scan_mode_consume_enabled', false);
 DefaultUserSetting('scan_mode_purchase_enabled', false);
 DefaultUserSetting('show_icon_on_stock_overview_page_when_product_is_on_shopping_list', true);
+DefaultUserSetting('show_purchased_date_on_purchase', false); // Whether the purchased date should be editable on purchase (defaults to today otherwise)
+DefaultUserSetting('show_warning_on_purchase_when_due_date_is_earlier_than_next', true); // Show a warning on purchase when the due date of the purchased product is earlier than the next due date in stock

-# Shopping list settings
-DefaultUserSetting('shopping_list_to_stock_workflow_auto_submit_when_prefilled', false); // Automatically do the booking using the last price and the amount of the shopping list item, if the product has "Default best before days" set
+// Shopping list settings
+DefaultUserSetting('shopping_list_to_stock_workflow_auto_submit_when_prefilled', false); // Automatically do the booking using the last price and the amount of the shopping list item, if the product has "Default due days" set
 DefaultUserSetting('shopping_list_show_calendar', false);
-DefaultUserSetting('shopping_list_disable_auto_compact_view_on_mobile', false);

-# Recipe settings
+// Recipe settings
 DefaultUserSetting('recipe_ingredients_group_by_product_group', false); // Group recipe ingredients by their product group

-# Chores settings
+// Chores settings
 DefaultUserSetting('chores_due_soon_days', 5);

-# Batteries settings
+// Batteries settings
 DefaultUserSetting('batteries_due_soon_days', 5);

-# Tasks settings
+// Tasks settings
 DefaultUserSetting('tasks_due_soon_days', 5);

-# If the page should be automatically reloaded when there was
-# an external change
-DefaultUserSetting('auto_reload_on_db_change', true);
+// If the page should be automatically reloaded when there was an external change
+DefaultUserSetting('auto_reload_on_db_change', false);

-# Show a clock in the header next to the logo or not
+// Show a clock in the header next to the logo or not
 DefaultUserSetting('show_clock_in_header', false);

-# Component configuration
+// Component configuration for Quagga2 - read https://github.com/ericblade/quagga2#configobject for details
+// Below is a generic good configuration,
+// for an iPhone 7 Plus, halfsample = true, patchsize = small, frequency = 5 yields very good results
 DefaultUserSetting('quagga2_numofworkers', 4);
+DefaultUserSetting('quagga2_halfsample', false);
+DefaultUserSetting('quagga2_patchsize', 'medium');
+DefaultUserSetting('quagga2_frequency', 10);
+DefaultUserSetting('quagga2_debug', true);


-# Feature flags
-# grocy was initially about "stock management for your household", many other things
-# came and still come by, because they are useful - here you can disable the parts
-# which you don't need to have a less cluttered UI
-# (set the setting to "false" to disable the corresponding part, which should be self explanatory)
+// Feature flags
+// grocy was initially about "stock management for your household", many other things
+// came and still come by, because they are useful - here you can disable the parts
+// which you don't need to have a less cluttered UI
+// (set the setting to "false" to disable the corresponding part, which should be self explanatory)
 Setting('FEATURE_FLAG_STOCK', true);
 Setting('FEATURE_FLAG_SHOPPINGLIST', true);
 Setting('FEATURE_FLAG_RECIPES', true);
@@ -143,19 +204,19 @@ Setting('FEATURE_FLAG_TASKS', true);
 Setting('FEATURE_FLAG_BATTERIES', true);
 Setting('FEATURE_FLAG_EQUIPMENT', true);
 Setting('FEATURE_FLAG_CALENDAR', true);
+Setting('FEATURE_FLAG_LABEL_PRINTER', false);

-
-# Sub feature flags
+// Sub feature flags
 Setting('FEATURE_FLAG_STOCK_PRICE_TRACKING', true);
 Setting('FEATURE_FLAG_STOCK_LOCATION_TRACKING', true);
 Setting('FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_TRACKING', true);
 Setting('FEATURE_FLAG_STOCK_PRODUCT_OPENED_TRACKING', true);
 Setting('FEATURE_FLAG_STOCK_PRODUCT_FREEZING', true);
-Setting('FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_FIELD_NUMBER_PAD', true); // Activate the number pad in best-before-date fields on (supported) mobile browsers
+Setting('FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_FIELD_NUMBER_PAD', true); // Activate the number pad in due date fields on (supported) mobile browsers
 Setting('FEATURE_FLAG_SHOPPINGLIST_MULTIPLE_LISTS', true);
 Setting('FEATURE_FLAG_CHORES_ASSIGNMENTS', true);
+Setting('FEATURE_FLAG_THERMAL_PRINTER', false);

-
-# Feature settings
-Setting('FEATURE_SETTING_STOCK_COUNT_OPENED_PRODUCTS_AGAINST_MINIMUM_STOCK_AMOUNT', true); // When set to false, opened products will not be considered for minimum stock amounts
-Setting('FEATURE_FLAG_AUTO_TORCH_ON_WITH_CAMERA', true); // Enables the torch automaticaly in every camera barcode scanner.
+// Feature settings
+Setting('FEATURE_SETTING_STOCK_COUNT_OPENED_PRODUCTS_AGAINST_MINIMUM_STOCK_AMOUNT', true); // When set to true, opened items will be counted as missing for calculating if a product is below its minimum stock amount
+Setting('FEATURE_FLAG_AUTO_TORCH_ON_WITH_CAMERA', true); // Enables the torch automatically (if the device has one)
--- a/controllers/BaseApiController.php
+++ b/controllers/BaseApiController.php
@@ -2,28 +2,26 @@

 namespace Grocy\Controllers;

+use LessQL\Result;
+
 class BaseApiController extends BaseController
 {
+	const PATTERN_FIELD = '[A-Za-z_][A-Za-z0-9_]+';

-	public function __construct(\DI\Container $container)
-	{
-		parent::__construct($container);
-	}
+	const PATTERN_OPERATOR = '!?(=|~|<|>|(>=)|(<=)|(§))';
+
+	const PATTERN_VALUE = '[A-Za-z\x{0400}-\x{04FF}_0-9.$#^|-]+';

 	protected $OpenApiSpec = null;

-	protected function getOpenApispec()
+	protected function ApiResponse(\Psr\Http\Message\ResponseInterface $response, $data, $cache = false)
 	{
-		if($this->OpenApiSpec == null)
+		if ($cache)
 		{
-			$this->OpenApiSpec = json_decode(file_get_contents(__DIR__ . '/../grocy.openapi.json'));
+			$response = $response->withHeader('Cache-Control', 'max-age=2592000');
 		}
-		return $this->OpenApiSpec;
-	}

-	protected function ApiResponse(\Psr\Http\Message\ResponseInterface $response, $data)
-	{
-		$response->getBody()->write(json_encode($data));
+		$response->getBody()->write(json_encode($data, JSON_NUMERIC_CHECK));
 		return $response;
 	}

@@ -34,8 +32,117 @@ class BaseApiController extends BaseController

 	protected function GenericErrorResponse(\Psr\Http\Message\ResponseInterface $response, $errorMessage, $status = 400)
 	{
-		return $response->withStatus($status)->withJson(array(
+		return $response->withStatus($status)->withJson([
 			'error_message' => $errorMessage
-		));
+		]);
+	}
+
+	public function FilteredApiResponse(\Psr\Http\Message\ResponseInterface $response, Result $data, array $query)
+	{
+		$data = $this->queryData($data, $query);
+		return $this->ApiResponse($response, $data);
+	}
+
+	protected function queryData(Result $data, array $query)
+	{
+		if (isset($query['query']))
+		{
+			$data = $this->filter($data, $query['query']);
+		}
+
+		if (isset($query['limit']))
+		{
+			$data = $data->limit(intval($query['limit']), intval($query['offset'] ?? 0));
+		}
+
+		if (isset($query['order']))
+		{
+			$parts = explode(':', $query['order']);
+
+			if (count($parts) == 1)
+			{
+				$data = $data->orderBy($parts[0]);
+			}
+			else
+			{
+				if ($parts[1] != 'asc' && $parts[1] != 'desc')
+				{
+					throw new \Exception('Invalid sort order ' . $parts[1]);
+				}
+
+				$data = $data->orderBy($parts[0], $parts[1]);
+			}
+		}
+
+		return $data;
+	}
+
+	protected function filter(Result $data, array $query): Result
+	{
+		foreach ($query as $q)
+		{
+			$matches = [];
+			preg_match(
+				'/(?P<field>' . self::PATTERN_FIELD . ')'
+				. '(?P<op>' . self::PATTERN_OPERATOR . ')'
+				. '(?P<value>' . self::PATTERN_VALUE . ')/u',
+				$q,
+				$matches
+			);
+
+			if (!array_key_exists('field', $matches) || !array_key_exists('op', $matches) || !array_key_exists('value', $matches))
+			{
+				throw new \Exception('Invalid query');
+			}
+
+			$sqlOrNull = '';
+			if (strtolower($matches['value']) == 'null')
+			{
+				$sqlOrNull = ' OR ' . $matches['field'] . ' IS NULL';
+			}
+
+			switch ($matches['op']) {
+				case '=':
+					$data = $data->where($matches['field'] . ' = ?' . $sqlOrNull, $matches['value']);
+					break;
+				case '!=':
+					$data = $data->where($matches['field'] . ' != ?' . $sqlOrNull, $matches['value']);
+					break;
+				case '~':
+					$data = $data->where($matches['field'] . ' LIKE ?', '%' . $matches['value'] . '%');
+					break;
+				case '!~':
+					$data = $data->where($matches['field'] . ' NOT LIKE ?', '%' . $matches['value'] . '%');
+					break;
+				case '<':
+					$data = $data->where($matches['field'] . ' < ?', $matches['value']);
+					break;
+				case '>':
+					$data = $data->where($matches['field'] . ' > ?', $matches['value']);
+					break;
+				case '>=':
+					$data = $data->where($matches['field'] . ' >= ?', $matches['value']);
+					break;
+				case '<=':
+					$data = $data->where($matches['field'] . ' <= ?', $matches['value']);
+					break;
+				case '§':
+					$data = $data->where($matches['field'] . ' REGEXP ?', $matches['value']);
+					break;
+
+			}
+		}
+
+		return $data;
+	}
+
+	protected function getOpenApispec()
+	{
+		if ($this->OpenApiSpec == null)
+		{
+			$this->OpenApiSpec = json_decode(file_get_contents(__DIR__ . '/../grocy.openapi.json'));
+		}
+
+		return $this->OpenApiSpec;
 	}
 }
--- a/controllers/BaseController.php
+++ b/controllers/BaseController.php
@@ -2,29 +2,118 @@

 namespace Grocy\Controllers;

-use \Grocy\Services\DatabaseService;
-use \Grocy\Services\ApplicationService;
-use \Grocy\Services\LocalizationService;
-use \Grocy\Services\StockService;
-use \Grocy\Services\UsersService;
-use \Grocy\Services\UserfieldsService;
-use \Grocy\Services\BatteriesService;
-use \Grocy\Services\CalendarService;
-use \Grocy\Services\SessionService;
-use \Grocy\Services\RecipesService;
-use \Grocy\Services\TasksService;
-use \Grocy\Services\FilesService;
-use \Grocy\Services\ChoresService;
-use \Grocy\Services\ApiKeyService;
+use Grocy\Controllers\Users\User;
+use Grocy\Services\ApiKeyService;
+use Grocy\Services\ApplicationService;
+use Grocy\Services\BatteriesService;
+use Grocy\Services\CalendarService;
+use Grocy\Services\ChoresService;
+use Grocy\Services\DatabaseService;
+use Grocy\Services\FilesService;
+use Grocy\Services\LocalizationService;
+use Grocy\Services\PrintService;
+use Grocy\Services\RecipesService;
+use Grocy\Services\SessionService;
+use Grocy\Services\StockService;
+use Grocy\Services\TasksService;
+use Grocy\Services\UserfieldsService;
+use Grocy\Services\UsersService;

 class BaseController
 {
-	public function __construct(\DI\Container $container) {
-
+	public function __construct(\DI\Container $container)
+	{
 		$this->AppContainer = $container;
 		$this->View = $container->get('view');
 	}

+	protected $AppContainer;
+
+	protected function getApiKeyService()
+	{
+		return ApiKeyService::getInstance();
+	}
+
+	protected function getApplicationservice()
+	{
+		return ApplicationService::getInstance();
+	}
+
+	protected function getBatteriesService()
+	{
+		return BatteriesService::getInstance();
+	}
+
+	protected function getCalendarService()
+	{
+		return CalendarService::getInstance();
+	}
+
+	protected function getChoresService()
+	{
+		return ChoresService::getInstance();
+	}
+
+	protected function getDatabase()
+	{
+		return $this->getDatabaseService()->GetDbConnection();
+	}
+
+	protected function getDatabaseService()
+	{
+		return DatabaseService::getInstance();
+	}
+
+	protected function getFilesService()
+	{
+		return FilesService::getInstance();
+	}
+
+	protected function getLocalizationService()
+	{
+		if (!defined('GROCY_LOCALE'))
+		{
+			define('GROCY_LOCALE', GROCY_DEFAULT_LOCALE);
+		}
+
+		return LocalizationService::getInstance(GROCY_LOCALE);
+	}
+
+	protected function getRecipesService()
+	{
+		return RecipesService::getInstance();
+	}
+
+	protected function getSessionService()
+	{
+		return SessionService::getInstance();
+	}
+
+	protected function getStockService()
+	{
+		return StockService::getInstance();
+	}
+
+	protected function getPrintService()
+	{
+		return PrintService::getInstance();
+	}
+
+	protected function getTasksService()
+	{
+		return TasksService::getInstance();
+	}
+
+	protected function getUserfieldsService()
+	{
+		return UserfieldsService::getInstance();
+	}
+
+	protected function getUsersService()
+	{
+		return UsersService::getInstance();
+	}
+
 	protected function render($response, $page, $data = [])
 	{
 		$container = $this->AppContainer;
@@ -33,19 +122,24 @@ class BaseController
 		$this->View->set('version', $versionInfo->Version);
 		$this->View->set('releaseDate', $versionInfo->ReleaseDate);

-        $localizationService = $this->getLocalizationService();
-		$this->View->set('__t', function(string $text, ...$placeholderValues) use($localizationService)
-		{
+		$localizationService = $this->getLocalizationService();
+		$this->View->set('__t', function (string $text, ...$placeholderValues) use ($localizationService) {
 			return $localizationService->__t($text, $placeholderValues);
 		});
-		$this->View->set('__n', function($number, $singularForm, $pluralForm) use($localizationService)
-		{
+		$this->View->set('__n', function ($number, $singularForm, $pluralForm) use ($localizationService) {
 			return $localizationService->__n($number, $singularForm, $pluralForm);
 		});
-		$this->View->set('GettextPo', $localizationService->GetPoAsJsonString());
+		$this->View->set('LocalizationStrings', $localizationService->GetPoAsJsonString());

-		$this->View->set('U', function($relativePath, $isResource = false) use($container)
+		// TODO: Better handle this generically based on the current language (header in .po file?)
+		$dir = 'ltr';
+		if (GROCY_LOCALE == 'he_IL')
 		{
+			$dir = 'rtl';
+		}
+		$this->View->set('dir', $dir);
+
+		$this->View->set('U', function ($relativePath, $isResource = false) use ($container) {
 			return $container->get('UrlManager')->ConstructUrl($relativePath, $isResource);
 		});

@@ -64,7 +158,23 @@ class BaseController
 				unset($constants[$constant]);
 			}
 		}
+
 		$this->View->set('featureFlags', $constants);
+		if (GROCY_AUTHENTICATED)
+		{
+			$this->View->set('permissions', User::PermissionList());
+
+			$decimalPlacesAmounts = intval($this->getUsersService()->GetUserSetting(GROCY_USER_ID, 'stock_decimal_places_amounts'));
+			if ($decimalPlacesAmounts <= 0)
+			{
+				$defaultMinAmount = 1;
+			}
+			else
+			{
+				$defaultMinAmount = '0.' . str_repeat('0', $decimalPlacesAmounts - 1) . '1';
+			}
+			$this->View->set('DEFAULT_MIN_AMOUNT', $defaultMinAmount);
+		}

 		return $this->View->render($response, $page, $data);
 	}
@@ -92,80 +202,41 @@ class BaseController
 		return $this->render($response, $page, $data);
 	}

-    protected function getDatabaseService()
-	{
-		return DatabaseService::getInstance();
-	}
+	private static $htmlPurifierInstance = null;

-    protected function getDatabase()
+	protected function GetParsedAndFilteredRequestBody($request)
 	{
-		return $this->getDatabaseService()->GetDbConnection();
-	}
+		if (self::$htmlPurifierInstance == null)
+		{
+			$htmlPurifierConfig = \HTMLPurifier_Config::createDefault();
+			$htmlPurifierConfig->set('Cache.SerializerPath', GROCY_DATAPATH . '/viewcache');
+			$htmlPurifierConfig->set('HTML.Allowed', 'div,b,strong,i,em,u,a[href|title|target],iframe[src|width|height|frameborder],ul,ol,li,p[style],br,span[style],img[width|height|alt|src],table[border|width|style],tbody,tr,td,th,blockquote,*[style|class|id]');
+			$htmlPurifierConfig->set('Attr.EnableID', true);
+			$htmlPurifierConfig->set('HTML.SafeIframe', true);
+			$htmlPurifierConfig->set('CSS.AllowedProperties', 'font,font-size,font-weight,font-style,font-family,text-decoration,padding-left,color,background-color,text-align');
+			$htmlPurifierConfig->set('URI.AllowedSchemes', ['data' => true, 'http' => true, 'https' => true]);
+			$htmlPurifierConfig->set('URI.SafeIframeRegexp', '%^.*%'); // Allow any iframe source

-	protected function getLocalizationService()
-	{
-		return LocalizationService::getInstance(GROCY_CULTURE);
-	}
+			self::$htmlPurifierInstance = new \HTMLPurifier($htmlPurifierConfig);
+		}

-	protected function getApplicationservice()
-	{
-		return ApplicationService::getInstance();
-	}
+		$requestBody = $request->getParsedBody();
+		foreach ($requestBody as $key => &$value)
+		{
+			// HTMLPurifier removes boolean values (true/false) and arrays, so explicitly keep them
+			// Maybe also possible through HTMLPurifier config (http://htmlpurifier.org/live/configdoc/plain.html)
+			if (!is_bool($value) && !is_array($value))
+			{
+				$value = self::$htmlPurifierInstance->purify($value);
+			}

-	protected function getBatteriesService()
-	{
-		return BatteriesService::getInstance();
-	}
+			// Allow some special chars
+			if (!is_array($value))
+			{
+				$value = str_replace('&amp;', '&', $value);
+			}
+		}

-	protected function getCalendarService()
-	{
-		return CalendarService::getInstance();
+		return $requestBody;
 	}
-
-    protected function getSessionService()
-	{
-		return SessionService::getInstance();
-	}
-
-	protected function getRecipesService()
-	{
-		return RecipesService::getInstance();
-	}
-
-	protected function getStockService()
-	{
-		return StockService::getInstance();
-	}
-
-    protected function getTasksService()
-	{
-		return TasksService::getInstance();
-	}
-
-    protected function getUsersService()
-	{
-		return UsersService::getInstance();
-	}
-
-	protected function getUserfieldsService()
-	{
-		return UserfieldsService::getInstance();
-	}
-
-	protected function getApiKeyService()
-	{
-		return ApiKeyService::getInstance();
-	}
-
-	protected function getChoresService()
-	{
-		return ChoresService::getInstance();
-	}
-
-	protected function getFilesService()
-	{
-		return FilesService::getInstance();
-	}
-	
-	protected $AppContainer;
 }
--- a/controllers/BatteriesApiController.php
+++ b/controllers/BatteriesApiController.php
@@ -2,16 +2,34 @@

 namespace Grocy\Controllers;

+use Grocy\Controllers\Users\User;
+use Grocy\Helpers\WebhookRunner;
+use Grocy\Helpers\Grocycode;
+
 class BatteriesApiController extends BaseApiController
 {
-	public function __construct(\DI\Container $container)
+	public function BatteryDetails(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		parent::__construct($container);
+		try
+		{
+			return $this->ApiResponse($response, $this->getBatteriesService()->GetBatteryDetails($args['batteryId']));
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function Current(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->FilteredApiResponse($response, $this->getBatteriesService()->GetCurrent(), $request->getQueryParams());
 	}

 	public function TrackChargeCycle(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$requestBody = $request->getParsedBody();
+		User::checkPermission($request, User::PERMISSION_BATTERIES_TRACK_CHARGE_CYCLE);
+
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);

 		try
 		{
@@ -30,25 +48,10 @@ class BatteriesApiController extends BaseApiController
 		}
 	}

-	public function BatteryDetails(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		try
-		{
-			return $this->ApiResponse($response, $this->getBatteriesService()->GetBatteryDetails($args['batteryId']));
-		}
-		catch (\Exception $ex)
-		{
-			return $this->GenericErrorResponse($response, $ex->getMessage());
-		}
-	}
-
-	public function Current(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->ApiResponse($response, $this->getBatteriesService()->GetCurrent());
-	}
-
 	public function UndoChargeCycle(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
+		User::checkPermission($request, User::PERMISSION_BATTERIES_UNDO_CHARGE_CYCLE);
+
 		try
 		{
 			$this->ApiResponse($response, $this->getBatteriesService()->UndoChargeCycle($args['chargeCycleId']));
@@ -59,4 +62,28 @@ class BatteriesApiController extends BaseApiController
 			return $this->GenericErrorResponse($response, $ex->getMessage());
 		}
 	}
+
+	public function BatteryPrintLabel(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			$battery = $this->getDatabase()->batteries()->where('id', $args['batteryId'])->fetch();
+
+			$webhookData = array_merge([
+				'battery' => $battery->name,
+				'grocycode' => (string)(new Grocycode(Grocycode::BATTERY, $args['batteryId'])),
+			], GROCY_LABEL_PRINTER_PARAMS);
+
+			if (GROCY_LABEL_PRINTER_RUN_SERVER)
+			{
+				(new WebhookRunner())->run(GROCY_LABEL_PRINTER_WEBHOOK, $webhookData, GROCY_LABEL_PRINTER_HOOK_JSON);
+			}
+
+			return $this->ApiResponse($response, $webhookData);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
 }
--- a/controllers/BatteriesController.php
+++ b/controllers/BatteriesController.php
@@ -2,43 +2,35 @@

 namespace Grocy\Controllers;

+use Grocy\Helpers\Grocycode;
+
 class BatteriesController extends BaseController
 {
-	public function __construct(\DI\Container $container)
-	{
-		parent::__construct($container);
-	}
-
-	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		$usersService = $this->getUsersService();
-		$nextXDays = $usersService->GetUserSettings(GROCY_USER_ID)['batteries_due_soon_days'];
-
-		return $this->renderPage($response, 'batteriesoverview', [
-			'batteries' => $this->getDatabase()->batteries()->orderBy('name'),
-			'current' => $this->getBatteriesService()->GetCurrent(),
-			'nextXDays' => $nextXDays,
-			'userfields' => $this->getUserfieldsService()->GetFields('batteries'),
-			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('batteries')
-		]);
-	}
-
-	public function TrackChargeCycle(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->renderPage($response, 'batterytracking', [
-			'batteries' =>  $this->getDatabase()->batteries()->orderBy('name')
-		]);
-	}
+	use GrocycodeTrait;

 	public function BatteriesList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
+		if (isset($request->getQueryParams()['include_disabled']))
+		{
+			$batteries = $this->getDatabase()->batteries()->orderBy('name', 'COLLATE NOCASE');
+		}
+		else
+		{
+			$batteries = $this->getDatabase()->batteries()->where('active = 1')->orderBy('name', 'COLLATE NOCASE');
+		}
+
 		return $this->renderPage($response, 'batteries', [
-			'batteries' => $this->getDatabase()->batteries()->orderBy('name'),
+			'batteries' => $batteries,
 			'userfields' => $this->getUserfieldsService()->GetFields('batteries'),
 			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('batteries')
 		]);
 	}

+	public function BatteriesSettings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'batteriessettings');
+	}
+
 	public function BatteryEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		if ($args['batteryId'] == 'new')
@@ -51,7 +43,7 @@ class BatteriesController extends BaseController
 		else
 		{
 			return $this->renderPage($response, 'batteryform', [
-				'battery' =>  $this->getDatabase()->batteries($args['batteryId']),
+				'battery' => $this->getDatabase()->batteries($args['batteryId']),
 				'mode' => 'edit',
 				'userfields' => $this->getUserfieldsService()->GetFields('batteries')
 			]);
@@ -60,14 +52,53 @@ class BatteriesController extends BaseController

 	public function Journal(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
+		if (isset($request->getQueryParams()['months']) && filter_var($request->getQueryParams()['months'], FILTER_VALIDATE_INT) !== false)
+		{
+			$months = $request->getQueryParams()['months'];
+			$where = "tracked_time > DATE(DATE('now', 'localtime'), '-$months months')";
+		}
+		else
+		{
+			// Default 2 years
+			$where = "tracked_time > DATE(DATE('now', 'localtime'), '-24 months')";
+		}
+
+		if (isset($request->getQueryParams()['battery']) && filter_var($request->getQueryParams()['battery'], FILTER_VALIDATE_INT) !== false)
+		{
+			$batteryId = $request->getQueryParams()['battery'];
+			$where .= " AND battery_id = $batteryId";
+		}
+
 		return $this->renderPage($response, 'batteriesjournal', [
-			'chargeCycles' => $this->getDatabase()->battery_charge_cycles()->orderBy('tracked_time', 'DESC'),
-			'batteries' => $this->getDatabase()->batteries()->orderBy('name')
+			'chargeCycles' => $this->getDatabase()->battery_charge_cycles()->where($where)->orderBy('tracked_time', 'DESC'),
+			'batteries' => $this->getDatabase()->batteries()->where('active = 1')->orderBy('name', 'COLLATE NOCASE')
 		]);
 	}

-	public function BatteriesSettings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->renderPage($response, 'batteriessettings');
+		$usersService = $this->getUsersService();
+		$nextXDays = $usersService->GetUserSettings(GROCY_USER_ID)['batteries_due_soon_days'];
+
+		return $this->renderPage($response, 'batteriesoverview', [
+			'batteries' => $this->getDatabase()->batteries()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'current' => $this->getBatteriesService()->GetCurrent(),
+			'nextXDays' => $nextXDays,
+			'userfields' => $this->getUserfieldsService()->GetFields('batteries'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('batteries')
+		]);
+	}
+
+	public function TrackChargeCycle(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'batterytracking', [
+			'batteries' => $this->getDatabase()->batteries()->where('active = 1')->orderBy('name', 'COLLATE NOCASE')
+		]);
+	}
+
+	public function BatteryGrocycodeImage(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$gc = new Grocycode(Grocycode::BATTERY, $args['batteryId']);
+		return $this->ServeGrocycodeImage($request, $response, $gc);
 	}
 }
--- a/controllers/CalendarApiController.php
+++ b/controllers/CalendarApiController.php
@@ -2,42 +2,54 @@

 namespace Grocy\Controllers;

+use Eluceo\iCal\Domain\Entity\Calendar;
+use Eluceo\iCal\Domain\Entity\Event;
+use Eluceo\iCal\Domain\ValueObject\Date;
+use Eluceo\iCal\Domain\ValueObject\DateTime;
+use Eluceo\iCal\Domain\ValueObject\SingleDay;
+use Eluceo\iCal\Domain\ValueObject\TimeSpan;
+use Eluceo\iCal\Presentation\Factory\CalendarFactory;
+
 class CalendarApiController extends BaseApiController
 {
-	public function __construct(\DI\Container $container)
-	{
-		parent::__construct($container);
-	}
-
 	public function Ical(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
 		{
-			$vCalendar = new \Eluceo\iCal\Component\Calendar('grocy');
-
 			$events = $this->getCalendarService()->GetEvents();
-			foreach($events as $event)
-			{
-				$date = new \DateTime($event['start']);
-				$date->setTimezone(date_default_timezone_get());

-				if ($event['date_format'] === 'date')
+			$vCalendar = new Calendar();
+			foreach ($events as $event)
+			{
+				$description = '';
+				if (isset($event['description']))
 				{
-					$date->setTime(23, 59, 59);
+					$description = $event['description'];
 				}

-				$vEvent = new \Eluceo\iCal\Component\Event();
-				$vEvent->setDtStart($date)
-					->setDtEnd($date)
-					->setSummary($event['title'])
-					->setDescription($event['description'])
-					->setNoTime($event['date_format'] === 'date')
-					->setUseTimezone(true);
+				if ($event['date_format'] === 'date' || (isset($event['allDay']) && $event['allDay']))
+				{
+					// All-day event
+					$date = new Date(\DateTimeImmutable::createFromFormat('Y-m-d', $event['start']));
+					$vEventOccurrence = new SingleDay($date);
+				}
+				else
+				{
+					// Time-point event
+					$start = new DateTime(\DateTimeImmutable::createFromFormat('Y-m-d H:i:s', $event['start']), false);
+					$end = new DateTime(\DateTimeImmutable::createFromFormat('Y-m-d H:i:s', $event['start']), false);
+					$vEventOccurrence = new TimeSpan($start, $end);
+				}

-				$vCalendar->addComponent($vEvent);
+				$vEvent = new Event();
+				$vEvent->setOccurrence($vEventOccurrence)
+					->setSummary($event['title'])
+					->setDescription($description);
+
+				$vCalendar->addEvent($vEvent);
 			}

-			$response->write($vCalendar->render());
+			$response->write((new CalendarFactory())->createCalendar($vCalendar));
 			$response = $response->withHeader('Content-Type', 'text/calendar; charset=utf-8');
 			return $response->withHeader('Content-Disposition', 'attachment; filename="grocy.ics"');
 		}
@@ -51,9 +63,9 @@ class CalendarApiController extends BaseApiController
 	{
 		try
 		{
-			return $this->ApiResponse($response, array(
+			return $this->ApiResponse($response, [
 				'url' => $this->AppContainer->get('UrlManager')->ConstructUrl('/api/calendar/ical?secret=' . $this->getApiKeyService()->GetOrCreateApiKey(\Grocy\Services\ApiKeyService::API_KEY_TYPE_SPECIAL_PURPOSE_CALENDAR_ICAL))
-			));
+			]);
 		}
 		catch (\Exception $ex)
 		{
--- a/controllers/CalendarController.php
+++ b/controllers/CalendarController.php
@@ -4,11 +4,6 @@ namespace Grocy\Controllers;

 class CalendarController extends BaseController
 {
-	public function __construct(\DI\Container $container)
-	{
-		parent::__construct($container);
-	}
-
 	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		return $this->renderPage($response, 'calendar', [
--- a/controllers/ChoresApiController.php
+++ b/controllers/ChoresApiController.php
@@ -2,77 +2,20 @@

 namespace Grocy\Controllers;

+use Grocy\Controllers\Users\User;
+use Grocy\Helpers\WebhookRunner;
+use Grocy\Helpers\Grocycode;
+
 class ChoresApiController extends BaseApiController
 {
-	public function __construct(\DI\Container $container)
-	{
-		parent::__construct($container);
-	}
-
-	public function TrackChoreExecution(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		$requestBody = $request->getParsedBody();
-
-		try
-		{
-			$trackedTime = date('Y-m-d H:i:s');
-			if (array_key_exists('tracked_time', $requestBody) && (IsIsoDateTime($requestBody['tracked_time']) || IsIsoDate($requestBody['tracked_time'])))
-			{
-				$trackedTime = $requestBody['tracked_time'];
-			}
-
-			$doneBy = GROCY_USER_ID;
-			if (array_key_exists('done_by', $requestBody) && !empty($requestBody['done_by']))
-			{
-				$doneBy = $requestBody['done_by'];
-			}
-
-			$choreExecutionId = $this->getChoresService()->TrackChore($args['choreId'], $trackedTime, $doneBy);
-			return $this->ApiResponse($response, $this->getDatabase()->chores_log($choreExecutionId));
-		}
-		catch (\Exception $ex)
-		{
-			return $this->GenericErrorResponse($response, $ex->getMessage());
-		}
-	}
-
-	public function ChoreDetails(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		try
-		{
-			return $this->ApiResponse($response, $this->getChoresService()->GetChoreDetails($args['choreId']));
-		}
-		catch (\Exception $ex)
-		{
-			return $this->GenericErrorResponse($response, $ex->getMessage());
-		}
-	}
-
-	public function Current(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->ApiResponse($response, $this->getChoresService()->GetCurrent());
-	}
-
-	public function UndoChoreExecution(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		try
-		{
-			$this->ApiResponse($response, $this->getChoresService()->UndoChoreExecution($args['executionId']));
-			return $this->EmptyApiResponse($response);
-		}
-		catch (\Exception $ex)
-		{
-			return $this->GenericErrorResponse($response, $ex->getMessage());
-		}
-	}
-
 	public function CalculateNextExecutionAssignments(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
 		{
-			$requestBody = $request->getParsedBody();
+			$requestBody = $this->GetParsedAndFilteredRequestBody($request);

 			$choreId = null;
+
 			if (array_key_exists('chore_id', $requestBody) && !empty($requestBody['chore_id']) && is_numeric($requestBody['chore_id']))
 			{
 				$choreId = intval($requestBody['chore_id']);
@@ -98,4 +41,94 @@ class ChoresApiController extends BaseApiController
 			return $this->GenericErrorResponse($response, $ex->getMessage());
 		}
 	}
+
+	public function ChoreDetails(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			return $this->ApiResponse($response, $this->getChoresService()->GetChoreDetails($args['choreId']));
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function Current(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->FilteredApiResponse($response, $this->getChoresService()->GetCurrent(), $request->getQueryParams());
+	}
+
+	public function TrackChoreExecution(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);
+
+		try
+		{
+			User::checkPermission($request, User::PERMISSION_CHORE_TRACK_EXECUTION);
+
+			$trackedTime = date('Y-m-d H:i:s');
+			if (array_key_exists('tracked_time', $requestBody) && (IsIsoDateTime($requestBody['tracked_time']) || IsIsoDate($requestBody['tracked_time'])))
+			{
+				$trackedTime = $requestBody['tracked_time'];
+			}
+
+			$doneBy = GROCY_USER_ID;
+			if (array_key_exists('done_by', $requestBody) && !empty($requestBody['done_by']))
+			{
+				$doneBy = $requestBody['done_by'];
+			}
+
+			if ($doneBy != GROCY_USER_ID)
+			{
+				User::checkPermission($request, User::PERMISSION_CHORE_TRACK_EXECUTION);
+			}
+
+			$choreExecutionId = $this->getChoresService()->TrackChore($args['choreId'], $trackedTime, $doneBy);
+			return $this->ApiResponse($response, $this->getDatabase()->chores_log($choreExecutionId));
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function UndoChoreExecution(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			User::checkPermission($request, User::PERMISSION_CHORE_UNDO_EXECUTION);
+
+			$this->ApiResponse($response, $this->getChoresService()->UndoChoreExecution($args['executionId']));
+			return $this->EmptyApiResponse($response);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function ChorePrintLabel(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			$chore = $this->getDatabase()->chores()->where('id', $args['choreId'])->fetch();
+
+			$webhookData = array_merge([
+				'chore' => $chore->name,
+				'grocycode' => (string)(new Grocycode(Grocycode::CHORE, $args['choreId'])),
+			], GROCY_LABEL_PRINTER_PARAMS);
+
+			if (GROCY_LABEL_PRINTER_RUN_SERVER)
+			{
+				(new WebhookRunner())->run(GROCY_LABEL_PRINTER_WEBHOOK, $webhookData, GROCY_LABEL_PRINTER_HOOK_JSON);
+			}
+
+			return $this->ApiResponse($response, $webhookData);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
 }
--- a/controllers/ChoresController.php
+++ b/controllers/ChoresController.php
@@ -2,53 +2,11 @@

 namespace Grocy\Controllers;

+use Grocy\Helpers\Grocycode;
+
 class ChoresController extends BaseController
 {
-	public function __construct(\DI\Container $container)
-	{
-		parent::__construct($container);
-	}
-
-	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		$usersService = $this->getUsersService();
-		$nextXDays = $usersService->GetUserSettings(GROCY_USER_ID)['chores_due_soon_days'];
-
-		return $this->renderPage($response, 'choresoverview', [
-			'chores' => $this->getDatabase()->chores()->orderBy('name'),
-			'currentChores' => $this->getChoresService()->GetCurrent(),
-			'nextXDays' => $nextXDays,
-			'userfields' => $this->getUserfieldsService()->GetFields('chores'),
-			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('chores'),
-			'users' => $usersService->GetUsersAsDto()
-		]);
-	}
-
-	public function TrackChoreExecution(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->renderPage($response, 'choretracking', [
-			'chores' => $this->getDatabase()->chores()->orderBy('name'),
-			'users' => $this->getDatabase()->users()->orderBy('username')
-		]);
-	}
-
-	public function ChoresList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->renderPage($response, 'chores', [
-			'chores' => $this->getDatabase()->chores()->orderBy('name'),
-			'userfields' => $this->getUserfieldsService()->GetFields('chores'),
-			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('chores')
-		]);
-	}
-
-	public function Journal(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->renderPage($response, 'choresjournal', [
-			'choresLog' => $this->getDatabase()->chores_log()->orderBy('tracked_time', 'DESC'),
-			'chores' => $this->getDatabase()->chores()->orderBy('name'),
-			'users' => $this->getDatabase()->users()->orderBy('username')
-		]);
-	}
+	use GrocycodeTrait;

 	public function ChoreEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
@@ -63,25 +21,101 @@ class ChoresController extends BaseController
 				'userfields' => $this->getUserfieldsService()->GetFields('chores'),
 				'assignmentTypes' => GetClassConstants('\Grocy\Services\ChoresService', 'CHORE_ASSIGNMENT_TYPE_'),
 				'users' => $users,
-				'products' => $this->getDatabase()->products()->orderBy('name')
+				'products' => $this->getDatabase()->products()->orderBy('name', 'COLLATE NOCASE')
 			]);
 		}
 		else
 		{
 			return $this->renderPage($response, 'choreform', [
-				'chore' =>  $this->getDatabase()->chores($args['choreId']),
+				'chore' => $this->getDatabase()->chores($args['choreId']),
 				'periodTypes' => GetClassConstants('\Grocy\Services\ChoresService', 'CHORE_PERIOD_TYPE_'),
 				'mode' => 'edit',
 				'userfields' => $this->getUserfieldsService()->GetFields('chores'),
 				'assignmentTypes' => GetClassConstants('\Grocy\Services\ChoresService', 'CHORE_ASSIGNMENT_TYPE_'),
 				'users' => $users,
-				'products' => $this->getDatabase()->products()->orderBy('name')
+				'products' => $this->getDatabase()->products()->orderBy('name', 'COLLATE NOCASE')
 			]);
 		}
 	}

+	public function ChoresList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if (isset($request->getQueryParams()['include_disabled']))
+		{
+			$chores = $this->getDatabase()->chores()->orderBy('name', 'COLLATE NOCASE');
+		}
+		else
+		{
+			$chores = $this->getDatabase()->chores()->where('active = 1')->orderBy('name', 'COLLATE NOCASE');
+		}
+
+		return $this->renderPage($response, 'chores', [
+			'chores' => $chores,
+			'userfields' => $this->getUserfieldsService()->GetFields('chores'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('chores')
+		]);
+	}
+
 	public function ChoresSettings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		return $this->renderPage($response, 'choressettings');
 	}
+
+	public function Journal(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if (isset($request->getQueryParams()['months']) && filter_var($request->getQueryParams()['months'], FILTER_VALIDATE_INT) !== false)
+		{
+			$months = $request->getQueryParams()['months'];
+			$where = "tracked_time > DATE(DATE('now', 'localtime'), '-$months months')";
+		}
+		else
+		{
+			// Default 1 year
+			$where = "tracked_time > DATE(DATE('now', 'localtime'), '-12 months')";
+		}
+
+		if (isset($request->getQueryParams()['chore']) && filter_var($request->getQueryParams()['chore'], FILTER_VALIDATE_INT) !== false)
+		{
+			$choreId = $request->getQueryParams()['chore'];
+			$where .= " AND chore_id = $choreId";
+		}
+
+		return $this->renderPage($response, 'choresjournal', [
+			'choresLog' => $this->getDatabase()->chores_log()->where($where)->orderBy('tracked_time', 'DESC'),
+			'chores' => $this->getDatabase()->chores()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'users' => $this->getDatabase()->users()->orderBy('username'),
+			'userfields' => $this->getUserfieldsService()->GetFields('chores_log'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('chores_log')
+		]);
+	}
+
+	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$usersService = $this->getUsersService();
+		$nextXDays = $usersService->GetUserSettings(GROCY_USER_ID)['chores_due_soon_days'];
+
+		return $this->renderPage($response, 'choresoverview', [
+			'chores' => $this->getDatabase()->chores()->orderBy('name', 'COLLATE NOCASE'),
+			'currentChores' => $this->getChoresService()->GetCurrent(),
+			'nextXDays' => $nextXDays,
+			'userfields' => $this->getUserfieldsService()->GetFields('chores'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('chores'),
+			'users' => $usersService->GetUsersAsDto()
+		]);
+	}
+
+	public function TrackChoreExecution(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'choretracking', [
+			'chores' => $this->getDatabase()->chores()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'users' => $this->getDatabase()->users()->orderBy('username'),
+			'userfields' => $this->getUserfieldsService()->GetFields('chores_log'),
+		]);
+	}
+
+	public function ChoreGrocycodeImage(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$gc = new Grocycode(Grocycode::CHORE, $args['choreId']);
+		return $this->ServeGrocycodeImage($request, $response, $gc);
+	}
 }
--- a/controllers/EquipmentController.php
+++ b/controllers/EquipmentController.php
@@ -4,22 +4,8 @@ namespace Grocy\Controllers;

 class EquipmentController extends BaseController
 {
-	public function __construct(\DI\Container $container)
-	{
-		parent::__construct($container);
-	}
-
 	protected $UserfieldsService;

-	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->renderPage($response, 'equipment', [
-			'equipment' => $this->getDatabase()->equipment()->orderBy('name'),
-			'userfields' => $this->getUserfieldsService()->GetFields('equipment'),
-			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('equipment')
-		]);
-	}
-
 	public function EditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		if ($args['equipmentId'] == 'new')
@@ -32,10 +18,19 @@ class EquipmentController extends BaseController
 		else
 		{
 			return $this->renderPage($response, 'equipmentform', [
-				'equipment' =>  $this->getDatabase()->equipment($args['equipmentId']),
+				'equipment' => $this->getDatabase()->equipment($args['equipmentId']),
 				'mode' => 'edit',
 				'userfields' => $this->getUserfieldsService()->GetFields('equipment')
 			]);
 		}
 	}
+
+	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'equipment', [
+			'equipment' => $this->getDatabase()->equipment()->orderBy('name', 'COLLATE NOCASE'),
+			'userfields' => $this->getUserfieldsService()->GetFields('equipment'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('equipment')
+		]);
+	}
 }
--- a/controllers/ExceptionController.php
+++ b/controllers/ExceptionController.php
@@ -0,0 +1,83 @@
+<?php
+
+namespace Grocy\Controllers;
+
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Log\LoggerInterface;
+use Slim\Exception\HttpException;
+use Slim\Exception\HttpForbiddenException;
+use Slim\Exception\HttpNotFoundException;
+use Throwable;
+
+class ExceptionController extends BaseApiController
+{
+	public function __construct(\Slim\App $app, \DI\Container $container)
+	{
+		parent::__construct($container);
+		$this->app = $app;
+	}
+
+	/**
+	 * @var \Slim\App
+	 */
+	private $app;
+
+	public function __invoke(ServerRequestInterface $request, Throwable $exception, bool $displayErrorDetails, bool $logErrors, bool $logErrorDetails, ?LoggerInterface $logger = null)
+	{
+		$response = $this->app->getResponseFactory()->createResponse();
+		$isApiRoute = string_starts_with($request->getUri()->getPath(), '/api/');
+
+		if (!defined('GROCY_AUTHENTICATED'))
+		{
+			define('GROCY_AUTHENTICATED', false);
+		}
+
+		if ($isApiRoute)
+		{
+			$status = 500;
+
+			if ($exception instanceof HttpException)
+			{
+				$status = $exception->getCode();
+			}
+
+			$data = [
+				'error_message' => $exception->getMessage()
+			];
+
+			if ($displayErrorDetails)
+			{
+				$data['error_details'] = [
+					'stack_trace' => $exception->getTraceAsString(),
+					'file' => $exception->getFile(),
+					'line' => $exception->getLine()
+				];
+			}
+
+			return $this->ApiResponse($response->withStatus($status)->withHeader('Content-Type', 'application/json'), $data);
+		}
+
+		if ($exception instanceof HttpNotFoundException)
+		{
+			if (!defined('GROCY_AUTHENTICATED'))
+			{
+				define('GROCY_AUTHENTICATED', false);
+			}
+
+			return $this->renderPage($response->withStatus(404), 'errors/404', [
+				'exception' => $exception
+			]);
+		}
+
+		if ($exception instanceof HttpForbiddenException)
+		{
+			return $this->renderPage($response->withStatus(403), 'errors/403', [
+				'exception' => $exception
+			]);
+		}
+
+		return $this->renderPage($response->withStatus(500), 'errors/500', [
+			'exception' => $exception
+		]);
+	}
+}
--- a/controllers/FilesApiController.php
+++ b/controllers/FilesApiController.php
@@ -2,19 +2,20 @@

 namespace Grocy\Controllers;

-use \Grocy\Services\FilesService;
+use Grocy\Services\FilesService;
+use Slim\Exception\HttpNotFoundException;

 class FilesApiController extends BaseApiController
 {
-	public function __construct(\DI\Container $container)
-	{
-		parent::__construct($container);
-	}
-
-	public function UploadFile(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	public function DeleteFile(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
 		{
+			if (!in_array($args['group'], $this->getOpenApiSpec()->components->schemas->FileGroups->enum))
+			{
+				throw new \Exception('Invalid file group');
+			}
+
 			if (IsValidFileName(base64_decode($args['fileName'])))
 			{
 				$fileName = base64_decode($args['fileName']);
@@ -24,8 +25,7 @@ class FilesApiController extends BaseApiController
 				throw new \Exception('Invalid filename');
 			}

-			$data = $request->getBody()->getContents();
-			file_put_contents($this->getFilesService()->GetFilePath($args['group'], $fileName), $data);
+			$this->getFilesService()->DeleteFile($args['group'], $fileName);

 			return $this->EmptyApiResponse($response);
 		}
@@ -39,41 +39,13 @@ class FilesApiController extends BaseApiController
 	{
 		try
 		{
-			if (IsValidFileName(base64_decode($args['fileName'])))
+			if (!in_array($args['group'], $this->getOpenApiSpec()->components->schemas->FileGroups->enum))
 			{
-				$fileName = base64_decode($args['fileName']);
-			}
-			else
-			{
-				throw new \Exception('Invalid filename');
+				throw new \Exception('Invalid file group');
 			}

-			$forceServeAs = null;
-			if (isset($request->getQueryParams()['force_serve_as']) && !empty($request->getQueryParams()['force_serve_as']))
-			{
-				$forceServeAs = $request->getQueryParams()['force_serve_as'];
-			}
-
-			if ($forceServeAs == FilesService::FILE_SERVE_TYPE_PICTURE)
-			{
-				$bestFitHeight = null;
-				if (isset($request->getQueryParams()['best_fit_height']) && !empty($request->getQueryParams()['best_fit_height']) && is_numeric($request->getQueryParams()['best_fit_height']))
-				{
-					$bestFitHeight = $request->getQueryParams()['best_fit_height'];
-				}
-
-				$bestFitWidth = null;
-				if (isset($request->getQueryParams()['best_fit_width']) && !empty($request->getQueryParams()['best_fit_width']) && is_numeric($request->getQueryParams()['best_fit_width']))
-				{
-					$bestFitWidth = $request->getQueryParams()['best_fit_width'];
-				}
-
-				$filePath = $this->getFilesService()->DownscaleImage($args['group'], $fileName, $bestFitHeight, $bestFitWidth);
-			}
-			else
-			{
-				$filePath = $this->getFilesService()->GetFilePath($args['group'], $fileName);
-			}
+			$fileName = $this->checkFileName($args['fileName']);
+			$filePath = $this->getFilePath($args['group'], $fileName, $request->getQueryParams());

 			if (file_exists($filePath))
 			{
@@ -84,33 +56,59 @@ class FilesApiController extends BaseApiController
 			}
 			else
 			{
-				return $this->GenericErrorResponse($response, 'File not found', 404);
+				throw new HttpNotFoundException($request, 'File not found');
 			}
 		}
 		catch (\Exception $ex)
 		{
-			return $this->GenericErrorResponse($response, $ex->getMessage());
+			throw new HttpNotFoundException($request, $ex->getMessage(), $ex);
 		}
 	}

-	public function DeleteFile(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	public function ShowFile(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
 		{
-			if (IsValidFileName(base64_decode($args['fileName'])))
+			if (!in_array($args['group'], $this->getOpenApiSpec()->components->schemas->FileGroups->enum))
 			{
-				$fileName = base64_decode($args['fileName']);
+				throw new \Exception('Invalid file group');
+			}
+
+			$fileInfo = explode('_', $args['fileName']);
+			$fileName = $this->checkFileName($fileInfo[1]);
+			$filePath = $this->getFilePath($args['group'], base64_decode($fileInfo[0]), $request->getQueryParams());
+
+			if (file_exists($filePath))
+			{
+				$response->write(file_get_contents($filePath));
+				$response = $response->withHeader('Cache-Control', 'max-age=2592000');
+				$response = $response->withHeader('Content-Type', mime_content_type($filePath));
+				return $response->withHeader('Content-Disposition', 'inline; filename="' . $fileName . '"');
 			}
 			else
 			{
-				throw new \Exception('Invalid filename');
+				throw new HttpNotFoundException($request, 'File not found');
+			}
+		}
+		catch (\Exception $ex)
+		{
+			throw new HttpNotFoundException($request, $ex->getMessage(), $ex);
+		}
+	}
+
+	public function UploadFile(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			if (!in_array($args['group'], $this->getOpenApiSpec()->components->schemas->FileGroups->enum))
+			{
+				throw new \Exception('Invalid file group');
 			}

-			$filePath = $this->getFilesService()->GetFilePath($args['group'], $fileName);
-			if (file_exists($filePath))
-			{
-				unlink($filePath);
-			}
+			$fileName = $this->checkFileName($args['fileName']);
+			$data = $request->getBody()->getContents();
+
+			file_put_contents($this->getFilesService()->GetFilePath($args['group'], $fileName), $data);

 			return $this->EmptyApiResponse($response);
 		}
@@ -119,4 +117,61 @@ class FilesApiController extends BaseApiController
 			return $this->GenericErrorResponse($response, $ex->getMessage());
 		}
 	}
+
+	/**
+	 * @param string $fileName base64-encoded file-name
+	 * @return false|string the decoded file-name
+	 * @throws \Exception if the file-name is invalid.
+	 */
+	protected function checkFileName(string $fileName)
+	{
+		if (IsValidFileName(base64_decode($fileName)))
+		{
+			$fileName = base64_decode($fileName);
+		}
+		else
+		{
+			throw new \Exception('Invalid filename');
+		}
+
+		return $fileName;
+	}
+
+	/**
+	 * @param string $group The group the requested files belongs to.
+	 * @param string $fileName The name of the requested file.
+	 * @param array $queryParams Parameter, e.g. for scaling. Optional.
+	 * @return string
+	 */
+	protected function getFilePath(string $group, string $fileName, array $queryParams = [])
+	{
+		$forceServeAs = null;
+		if (isset($queryParams['force_serve_as']) && !empty($queryParams['force_serve_as']))
+		{
+			$forceServeAs = $queryParams['force_serve_as'];
+		}
+
+		if ($forceServeAs == FilesService::FILE_SERVE_TYPE_PICTURE)
+		{
+			$bestFitHeight = null;
+			if (isset($queryParams['best_fit_height']) && !empty($queryParams['best_fit_height']) && is_numeric($queryParams['best_fit_height']))
+			{
+				$bestFitHeight = $queryParams['best_fit_height'];
+			}
+
+			$bestFitWidth = null;
+			if (isset($queryParams['best_fit_width']) && !empty($queryParams['best_fit_width']) && is_numeric($queryParams['best_fit_width']))
+			{
+				$bestFitWidth = $queryParams['best_fit_width'];
+			}
+
+			$filePath = $this->getFilesService()->DownscaleImage($group, $fileName, $bestFitHeight, $bestFitWidth);
+		}
+		else
+		{
+			$filePath = $this->getFilesService()->GetFilePath($group, $fileName);
+		}
+
+		return $filePath;
+	}
 }
--- a/controllers/GenericEntityApiController.php
+++ b/controllers/GenericEntityApiController.php
@@ -2,69 +2,23 @@

 namespace Grocy\Controllers;

+use Grocy\Controllers\Users\User;
+use Slim\Exception\HttpBadRequestException;
+
 class GenericEntityApiController extends BaseApiController
 {
-	public function __construct(\DI\Container $container)
-	{
-		parent::__construct($container);
-	}
-
-	public function GetObjects(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		$objects = $this->getDatabase()->{$args['entity']}();
-		$allUserfields = $this->getUserfieldsService()->GetAllValues($args['entity']);
-
-		foreach ($objects as $object)
-		{
-			$userfields = FindAllObjectsInArrayByPropertyValue($allUserfields, 'object_id', $object->id);
-			$userfieldKeyValuePairs = null;
-			if (count($userfields) > 0)
-			{
-				foreach ($userfields as $userfield)
-				{
-					$userfieldKeyValuePairs[$userfield->name] = $userfield->value;
-				}
-			}
-
-			$object->userfields = $userfieldKeyValuePairs;
-		}
-
-		if ($this->IsValidEntity($args['entity']) && !$this->IsEntityWithPreventedListing($args['entity']))
-		{
-			return $this->ApiResponse($response, $objects);
-		}
-		else
-		{
-			return $this->GenericErrorResponse($response, 'Entity does not exist or is not exposed');
-		}
-	}
-
-	public function GetObject(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		if ($this->IsValidEntity($args['entity']) && !$this->IsEntityWithPreventedListing($args['entity']))
-		{
-			$userfields = $this->getUserfieldsService()->GetValues($args['entity'], $args['objectId']);
-			if (count($userfields) === 0)
-			{
-				$userfields = null;
-			}
-
-			$object = $this->getDatabase()->{$args['entity']}($args['objectId']);
-			$object['userfields'] = $userfields;
-
-			return $this->ApiResponse($response, $object);
-		}
-		else
-		{
-			return $this->GenericErrorResponse($response, 'Entity does not exist or is not exposed');
-		}
-	}
-
 	public function AddObject(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		if ($this->IsValidEntity($args['entity']))
+		User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
+
+		if ($this->IsValidExposedEntity($args['entity']) && !$this->IsEntityWithNoEdit($args['entity']))
 		{
-			$requestBody = $request->getParsedBody();
+			if ($this->IsEntityWithEditRequiresAdmin($args['entity']))
+			{
+				User::checkPermission($request, User::PERMISSION_ADMIN);
+			}
+
+			$requestBody = $this->GetParsedAndFilteredRequestBody($request);

 			try
 			{
@@ -76,38 +30,10 @@ class GenericEntityApiController extends BaseApiController
 				$newRow = $this->getDatabase()->{$args['entity']}()->createRow($requestBody);
 				$newRow->save();
 				$success = $newRow->isClean();
-				return $this->ApiResponse($response, array(
+
+				return $this->ApiResponse($response, [
 					'created_object_id' => $this->getDatabase()->lastInsertId()
-				));
-			}
-			catch (\Exception $ex)
-			{
-				return $this->GenericErrorResponse($response, $ex->getMessage());
-			}
-		}
-		else
-		{
-			return $this->GenericErrorResponse($response, 'Entity does not exist or is not exposed');
-		}
-	}
-
-	public function EditObject(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		if ($this->IsValidEntity($args['entity']))
-		{
-			$requestBody = $request->getParsedBody();
-
-			try
-			{
-				if ($requestBody === null)
-				{
-					throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
-				}
-
-				$row = $this->getDatabase()->{$args['entity']}($args['objectId']);
-				$row->update($requestBody);
-				$success = $row->isClean();
-				return $this->EmptyApiResponse($response);
+				]);
 			}
 			catch (\Exception $ex)
 			{
@@ -122,30 +48,66 @@ class GenericEntityApiController extends BaseApiController

 	public function DeleteObject(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		if ($this->IsValidEntity($args['entity']))
+		User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
+
+		if ($this->IsValidExposedEntity($args['entity']) && !$this->IsEntityWithNoDelete($args['entity']))
 		{
+			if ($this->IsEntityWithEditRequiresAdmin($args['entity']))
+			{
+				User::checkPermission($request, User::PERMISSION_ADMIN);
+			}
+
 			$row = $this->getDatabase()->{$args['entity']}($args['objectId']);
+			if ($row == null)
+			{
+				return $this->GenericErrorResponse($response, 'Object not found', 400);
+			}
+
 			$row->delete();
 			$success = $row->isClean();
+
 			return $this->EmptyApiResponse($response);
 		}
 		else
 		{
-			return $this->GenericErrorResponse($response, $ex->getMessage());
+			return $this->GenericErrorResponse($response, 'Invalid entity');
 		}
 	}

-	public function SearchObjects(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	public function EditObject(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		if ($this->IsValidEntity($args['entity']) && !$this->IsEntityWithPreventedListing($args['entity']))
+		User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
+
+		if ($this->IsValidExposedEntity($args['entity']) && !$this->IsEntityWithNoEdit($args['entity']))
 		{
+			if ($this->IsEntityWithEditRequiresAdmin($args['entity']))
+			{
+				User::checkPermission($request, User::PERMISSION_ADMIN);
+			}
+
+			$requestBody = $this->GetParsedAndFilteredRequestBody($request);
+
 			try
 			{
-				return $this->ApiResponse($response, $this->getDatabase()->{$args['entity']}()->where('name LIKE ?', '%' . $args['searchString'] . '%'));
+				if ($requestBody === null)
+				{
+					throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
+				}
+
+				$row = $this->getDatabase()->{$args['entity']}($args['objectId']);
+				if ($row == null)
+				{
+					return $this->GenericErrorResponse($response, 'Object not found', 400);
+				}
+
+				$row->update($requestBody);
+				$success = $row->isClean();
+
+				return $this->EmptyApiResponse($response);
 			}
-			catch (\PDOException $ex)
+			catch (\Exception $ex)
 			{
-				return $this->GenericErrorResponse($response, 'The given entity has no field "name"');
+				return $this->GenericErrorResponse($response, $ex->getMessage());
 			}
 		}
 		else
@@ -154,6 +116,69 @@ class GenericEntityApiController extends BaseApiController
 		}
 	}

+	public function GetObject(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if ($this->IsValidExposedEntity($args['entity']) && !$this->IsEntityWithNoListing($args['entity']))
+		{
+			$userfields = $this->getUserfieldsService()->GetValues($args['entity'], $args['objectId']);
+			if (count($userfields) === 0)
+			{
+				$userfields = null;
+			}
+
+			$object = $this->getDatabase()->{$args['entity']}($args['objectId']);
+			if ($object == null)
+			{
+				return $this->GenericErrorResponse($response, 'Object not found', 404);
+			}
+
+			$object['userfields'] = $userfields;
+
+			return $this->ApiResponse($response, $object);
+		}
+		else
+		{
+			return $this->GenericErrorResponse($response, 'Entity does not exist or is not exposed');
+		}
+	}
+
+	public function GetObjects(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if (!$this->IsValidExposedEntity($args['entity']) || $this->IsEntityWithNoListing($args['entity']))
+		{
+			return $this->GenericErrorResponse($response, 'Entity does not exist or is not exposed');
+		}
+
+		$objects = $this->queryData($this->getDatabase()->{$args['entity']}(), $request->getQueryParams());
+		$userfields = $this->getUserfieldsService()->GetFields($args['entity']);
+
+		if (count($userfields) > 0)
+		{
+			$allUserfieldValues = $this->getUserfieldsService()->GetAllValues($args['entity']);
+
+			foreach ($objects as $object)
+			{
+				$userfieldKeyValuePairs = null;
+				foreach ($userfields as $userfield)
+				{
+					$value = FindObjectInArrayByPropertyValue($allUserfieldValues, 'object_id', $object->id);
+					if ($value)
+					{
+						$userfieldKeyValuePairs[$userfield->name] = $value->value;
+					}
+					else
+					{
+						$userfieldKeyValuePairs[$userfield->name] = null;
+					}
+				}
+
+				$object->userfields = $userfieldKeyValuePairs;
+			}
+		}
+
+		return $this->ApiResponse($response, $objects);
+	}
+
 	public function GetUserfields(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
@@ -168,7 +193,9 @@ class GenericEntityApiController extends BaseApiController

 	public function SetUserfields(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$requestBody = $request->getParsedBody();
+		User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
+
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);

 		try
 		{
@@ -186,13 +213,28 @@ class GenericEntityApiController extends BaseApiController
 		}
 	}

-	private function IsValidEntity($entity)
+	private function IsEntityWithEditRequiresAdmin($entity)
 	{
-		return in_array($entity, $this->getOpenApiSpec()->components->internalSchemas->ExposedEntity->enum);
+		return in_array($entity, $this->getOpenApiSpec()->components->schemas->ExposedEntityEditRequiresAdmin->enum);
 	}

-	private function IsEntityWithPreventedListing($entity)
+	private function IsEntityWithNoListing($entity)
 	{
-		return !in_array($entity, $this->getOpenApiSpec()->components->internalSchemas->ExposedEntityButNoListing->enum);
+		return in_array($entity, $this->getOpenApiSpec()->components->schemas->ExposedEntityNoListing->enum);
+	}
+
+	private function IsEntityWithNoEdit($entity)
+	{
+		return in_array($entity, $this->getOpenApiSpec()->components->schemas->ExposedEntityNoEdit->enum);
+	}
+
+	private function IsEntityWithNoDelete($entity)
+	{
+		return in_array($entity, $this->getOpenApiSpec()->components->schemas->ExposedEntityNoDelete->enum);
+	}
+
+	private function IsValidExposedEntity($entity)
+	{
+		return in_array($entity, $this->getOpenApiSpec()->components->schemas->ExposedEntity->enum);
 	}
 }
--- a/controllers/GenericEntityController.php
+++ b/controllers/GenericEntityController.php
@@ -4,36 +4,28 @@ namespace Grocy\Controllers;

 class GenericEntityController extends BaseController
 {
-	public function __construct(\DI\Container $container)
-	{
-		parent::__construct($container);
-	}
-
-	public function UserfieldsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->renderPage($response, 'userfields', [
-			'userfields' => $this->getUserfieldsService()->GetAllFields(),
-			'entities' => $this->getUserfieldsService()->GetEntities()
-		]);
-	}
-
 	public function UserentitiesList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		return $this->renderPage($response, 'userentities', [
-			'userentities' => $this->getDatabase()->userentities()->orderBy('name')
+			'userentities' => $this->getDatabase()->userentities()->orderBy('name', 'COLLATE NOCASE')
 		]);
 	}

-	public function UserobjectsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	public function UserentityEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$userentity = $this->getDatabase()->userentities()->where('name = :1', $args['userentityName'])->fetch();
-
-		return $this->renderPage($response, 'userobjects', [
-			'userentity' => $userentity,
-			'userobjects' => $this->getDatabase()->userobjects()->where('userentity_id = :1', $userentity->id),
-			'userfields' => $this->getUserfieldsService()->GetFields('userentity-' . $args['userentityName']),
-			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('userentity-' . $args['userentityName'])
-		]);
+		if ($args['userentityId'] == 'new')
+		{
+			return $this->renderPage($response, 'userentityform', [
+				'mode' => 'create'
+			]);
+		}
+		else
+		{
+			return $this->renderPage($response, 'userentityform', [
+				'mode' => 'edit',
+				'userentity' => $this->getDatabase()->userentities($args['userentityId'])
+			]);
+		}
 	}

 	public function UserfieldEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
@@ -50,28 +42,19 @@ class GenericEntityController extends BaseController
 		{
 			return $this->renderPage($response, 'userfieldform', [
 				'mode' => 'edit',
-				'userfield' =>  $this->getUserfieldsService()->GetField($args['userfieldId']),
+				'userfield' => $this->getUserfieldsService()->GetField($args['userfieldId']),
 				'userfieldTypes' => $this->getUserfieldsService()->GetFieldTypes(),
 				'entities' => $this->getUserfieldsService()->GetEntities()
 			]);
 		}
 	}

-	public function UserentityEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	public function UserfieldsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		if ($args['userentityId'] == 'new')
-		{
-			return $this->renderPage($response, 'userentityform', [
-				'mode' => 'create'
-			]);
-		}
-		else
-		{
-			return $this->renderPage($response, 'userentityform', [
-				'mode' => 'edit',
-				'userentity' =>  $this->getDatabase()->userentities($args['userentityId'])
-			]);
-		}
+		return $this->renderPage($response, 'userfields', [
+			'userfields' => $this->getUserfieldsService()->GetAllFields(),
+			'entities' => $this->getUserfieldsService()->GetEntities()
+		]);
 	}

 	public function UserobjectEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
@@ -91,9 +74,21 @@ class GenericEntityController extends BaseController
 			return $this->renderPage($response, 'userobjectform', [
 				'userentity' => $userentity,
 				'mode' => 'edit',
-				'userobject' =>  $this->getDatabase()->userobjects($args['userobjectId']),
+				'userobject' => $this->getDatabase()->userobjects($args['userobjectId']),
 				'userfields' => $this->getUserfieldsService()->GetFields('userentity-' . $args['userentityName'])
 			]);
 		}
 	}
+
+	public function UserobjectsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$userentity = $this->getDatabase()->userentities()->where('name = :1', $args['userentityName'])->fetch();
+
+		return $this->renderPage($response, 'userobjects', [
+			'userentity' => $userentity,
+			'userobjects' => $this->getDatabase()->userobjects()->where('userentity_id = :1', $userentity->id),
+			'userfields' => $this->getUserfieldsService()->GetFields('userentity-' . $args['userentityName']),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('userentity-' . $args['userentityName'])
+		]);
+	}
 }
--- a/controllers/GrocycodeTrait.php
+++ b/controllers/GrocycodeTrait.php
@@ -0,0 +1,45 @@
+<?php
+
+namespace Grocy\Controllers;
+
+use Grocy\Helpers\Grocycode;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Message\ResponseInterface;
+use jucksearm\barcode\lib\BarcodeFactory;
+use jucksearm\barcode\lib\DatamatrixFactory;
+
+trait GrocycodeTrait
+{
+	public function ServeGrocycodeImage(ServerRequestInterface $request, ResponseInterface $response, Grocycode $grocycode)
+	{
+		$size = $request->getQueryParam('size', null);
+
+		if (GROCY_GROCYCODE_TYPE == '2D')
+		{
+			$png = (new DatamatrixFactory())->setCode((string) $grocycode)->setSize($size)->getDatamatrixPngData();
+		}
+		else
+		{
+			$png = (new BarcodeFactory())->setType('C128')->setCode((string) $grocycode)->setHeight($size)->getBarcodePngData();
+		}
+
+		$isDownload = $request->getQueryParam('download', false);
+		if ($isDownload)
+		{
+			$response = $response->withHeader('Content-Type', 'application/octet-stream')
+				->withHeader('Content-Disposition', 'attachment; filename=grocycode.png')
+				->withHeader('Content-Length', strlen($png))
+				->withHeader('Cache-Control', 'no-cache')
+				->withHeader('Last-Modified', gmdate('D, d M Y H:i:s') . ' GMT');
+		}
+		else
+		{
+			$response = $response->withHeader('Content-Type', 'image/png')
+				->withHeader('Content-Length', strlen($png))
+				->withHeader('Cache-Control', 'no-cache')
+				->withHeader('Last-Modified', gmdate('D, d M Y H:i:s') . ' GMT');
+		}
+		$response->getBody()->write($png);
+		return $response;
+	}
+}
--- a/controllers/LoginController.php
+++ b/controllers/LoginController.php
@@ -2,49 +2,10 @@

 namespace Grocy\Controllers;

+use Grocy\Services\SessionService;
+
 class LoginController extends BaseController
 {
-	public function __construct(\DI\Container $container, string $sessionCookieName)
-	{
-		parent::__construct($container);
-		$this->SessionCookieName = $sessionCookieName;
-	}
-	protected $SessionCookieName;
-
-	public function ProcessLogin(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		$postParams = $request->getParsedBody();
-		if (isset($postParams['username']) && isset($postParams['password']))
-		{
-			$user = $this->getDatabase()->users()->where('username', $postParams['username'])->fetch();
-			$inputPassword = $postParams['password'];
-			$stayLoggedInPermanently = $postParams['stay_logged_in'] == 'on';
-
-			if ($user !== null && password_verify($inputPassword, $user->password))
-			{
-				$sessionKey = $this->getSessionService()->CreateSession($user->id, $stayLoggedInPermanently);
-				setcookie($this->SessionCookieName, $sessionKey, PHP_INT_SIZE == 4 ? PHP_INT_MAX : PHP_INT_MAX>>32); // Cookie expires never, but session validity is up to SessionService
-
-				if (password_needs_rehash($user->password, PASSWORD_DEFAULT))
-				{
-					$user->update(array(
-						'password' => password_hash($inputPassword, PASSWORD_DEFAULT)
-					));
-				}
-
-				return $response->withRedirect($this->AppContainer->get('UrlManager')->ConstructUrl('/'));
-			}
-			else
-			{
-				return $response->withRedirect($this->AppContainer->get('UrlManager')->ConstructUrl('/login?invalid=true'));
-			}
-		}
-		else
-		{
-			return $response->withRedirect($this->AppContainer->get('UrlManager')->ConstructUrl('/login?invalid=true'));
-		}
-	}
-
 	public function LoginPage(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		return $this->renderPage($response, 'login');
@@ -52,12 +13,20 @@ class LoginController extends BaseController

 	public function Logout(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$this->getSessionService()->RemoveSession($_COOKIE[$this->SessionCookieName]);
+		$this->getSessionService()->RemoveSession($_COOKIE[SessionService::SESSION_COOKIE_NAME]);
 		return $response->withRedirect($this->AppContainer->get('UrlManager')->ConstructUrl('/'));
 	}

-	public function GetSessionCookieName()
+	public function ProcessLogin(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->SessionCookieName;
+		$authMiddlewareClass = GROCY_AUTH_CLASS;
+		if ($authMiddlewareClass::ProcessLogin($this->GetParsedAndFilteredRequestBody($request)))
+		{
+			return $response->withRedirect($this->AppContainer->get('UrlManager')->ConstructUrl('/'));
+		}
+		else
+		{
+			return $response->withRedirect($this->AppContainer->get('UrlManager')->ConstructUrl('/login?invalid=true'));
+		}
 	}
 }
--- a/controllers/OpenApiController.php
+++ b/controllers/OpenApiController.php
@@ -2,34 +2,19 @@

 namespace Grocy\Controllers;

+use Grocy\Controllers\Users\User;
+
 class OpenApiController extends BaseApiController
 {
-	public function __construct(\DI\Container $container)
-	{
-		parent::__construct($container);
-	}
-
-	public function DocumentationUi(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->render($response, 'openapiui');
-	}
-
-	public function DocumentationSpec(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		$applicationService = $this->getApplicationService();
-
-		$versionInfo = $applicationService->GetInstalledVersion();
-		$this->getOpenApiSpec()->info->version = $versionInfo->Version;
-		$this->getOpenApiSpec()->info->description = str_replace('PlaceHolderManageApiKeysUrl', $this->AppContainer->get('UrlManager')->ConstructUrl('/manageapikeys'), $this->getOpenApiSpec()->info->description);
-		$this->getOpenApiSpec()->servers[0]->url = $this->AppContainer->get('UrlManager')->ConstructUrl('/api');
-
-		return $this->ApiResponse($response, $this->getOpenApiSpec());
-	}
-
 	public function ApiKeysList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
+		$apiKeys = $this->getDatabase()->api_keys();
+		if (!User::hasPermissions(User::PERMISSION_ADMIN))
+		{
+			$apiKeys = $apiKeys->where('user_id', GROCY_USER_ID);
+		}
 		return $this->renderPage($response, 'manageapikeys', [
-			'apiKeys' => $this->getDatabase()->api_keys(),
+			'apiKeys' => $apiKeys,
 			'users' => $this->getDatabase()->users()
 		]);
 	}
@@ -40,4 +25,64 @@ class OpenApiController extends BaseApiController
 		$newApiKeyId = $this->getApiKeyService()->GetApiKeyId($newApiKey);
 		return $response->withRedirect($this->AppContainer->get('UrlManager')->ConstructUrl("/manageapikeys?CreatedApiKeyId=$newApiKeyId"));
 	}
+
+	public function DocumentationSpec(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$spec = $this->getOpenApiSpec();
+
+		$applicationService = $this->getApplicationService();
+		$versionInfo = $applicationService->GetInstalledVersion();
+		$spec->info->version = $versionInfo->Version;
+		$spec->info->description = str_replace('PlaceHolderManageApiKeysUrl', $this->AppContainer->get('UrlManager')->ConstructUrl('/manageapikeys'), $spec->info->description);
+		$spec->servers[0]->url = $this->AppContainer->get('UrlManager')->ConstructUrl('/api');
+
+		$spec->components->schemas->ExposedEntity_IncludingUserEntities = clone $spec->components->schemas->ExposedEntity;
+		foreach ($this->getUserfieldsService()->GetEntities() as $userEntity)
+		{
+			array_push($spec->components->schemas->ExposedEntity_IncludingUserEntities->enum, $userEntity);
+		}
+
+		$spec->components->schemas->ExposedEntity_NotIncludingNotEditable = clone $spec->components->schemas->StringEnumTemplate;
+		foreach ($spec->components->schemas->ExposedEntity->enum as $value)
+		{
+			if (!in_array($value, $spec->components->schemas->ExposedEntityNoEdit->enum))
+			{
+				array_push($spec->components->schemas->ExposedEntity_NotIncludingNotEditable->enum, $value);
+			}
+		}
+
+		$spec->components->schemas->ExposedEntity_IncludingUserEntities_NotIncludingNotEditable = clone $spec->components->schemas->StringEnumTemplate;
+		foreach ($spec->components->schemas->ExposedEntity_IncludingUserEntities->enum as $value)
+		{
+			if (!in_array($value, $spec->components->schemas->ExposedEntityNoEdit->enum))
+			{
+				array_push($spec->components->schemas->ExposedEntity_IncludingUserEntities_NotIncludingNotEditable->enum, $value);
+			}
+		}
+
+		$spec->components->schemas->ExposedEntity_NotIncludingNotDeletable = clone $spec->components->schemas->StringEnumTemplate;
+		foreach ($spec->components->schemas->ExposedEntity->enum as $value)
+		{
+			if (!in_array($value, $spec->components->schemas->ExposedEntityNoDelete->enum))
+			{
+				array_push($spec->components->schemas->ExposedEntity_NotIncludingNotDeletable->enum, $value);
+			}
+		}
+
+		$spec->components->schemas->ExposedEntity_NotIncludingNotListable = clone $spec->components->schemas->StringEnumTemplate;
+		foreach ($spec->components->schemas->ExposedEntity->enum as $value)
+		{
+			if (!in_array($value, $spec->components->schemas->ExposedEntityNoListing->enum))
+			{
+				array_push($spec->components->schemas->ExposedEntity_NotIncludingNotListable->enum, $value);
+			}
+		}
+
+		return $this->ApiResponse($response, $spec);
+	}
+
+	public function DocumentationUi(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->render($response, 'openapiui');
+	}
 }
--- a/controllers/PrintApiController.php
+++ b/controllers/PrintApiController.php
@@ -0,0 +1,37 @@
+<?php
+
+namespace Grocy\Controllers;
+
+use Grocy\Controllers\Users\User;
+use Grocy\Services\StockService;
+
+class PrintApiController extends BaseApiController
+{
+	public function PrintShoppingListThermal(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			User::checkPermission($request, User::PERMISSION_SHOPPINGLIST);
+
+			$params = $request->getQueryParams();
+
+			$listId = 1;
+			if (isset($params['list']))
+			{
+				$listId = $params['list'];
+			}
+
+			$printHeader = true;
+			if (isset($params['printHeader']))
+			{
+				$printHeader = ($params['printHeader'] === 'true');
+			}
+			$items = $this->getStockService()->GetShoppinglistInPrintableStrings($listId);
+			return $this->ApiResponse($response, $this->getPrintService()->printShoppingList($printHeader, $items));
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+}
--- a/controllers/RecipesApiController.php
+++ b/controllers/RecipesApiController.php
@@ -1,63 +1,79 @@
-<?php
-
-namespace Grocy\Controllers;
-
-class RecipesApiController extends BaseApiController
-{
-	public function __construct(\DI\Container $container)
-	{
-		parent::__construct($container);
-	}
-
-	public function AddNotFulfilledProductsToShoppingList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		$requestBody = $request->getParsedBody();
-		$excludedProductIds = null;
-
-		if ($requestBody !== null && array_key_exists('excludedProductIds', $requestBody))
-		{
-			$excludedProductIds = $requestBody['excludedProductIds'];
-		}
-
-		$this->getRecipesService()->AddNotFulfilledProductsToShoppingList($args['recipeId'], $excludedProductIds);
-		return $this->EmptyApiResponse($response);
-	}
-
-	public function ConsumeRecipe(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		try
-		{
-			$this->getRecipesService()->ConsumeRecipe($args['recipeId']);
-			return $this->EmptyApiResponse($response);
-		}
-		catch (\Exception $ex)
-		{
-			return $this->GenericErrorResponse($response, $ex->getMessage());
-		}
-	}
-
-	public function GetRecipeFulfillment(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		try
-		{
-			if(!isset($args['recipeId']))
-			{
-				return $this->ApiResponse($response, $this->getRecipesService()->GetRecipesResolved());
-			}
-
-			$recipeResolved = FindObjectInArrayByPropertyValue($this->getRecipesService()->GetRecipesResolved(), 'recipe_id', $args['recipeId']);
-			if(!$recipeResolved)
-			{
-				throw new \Exception('Recipe does not exist');
-			}
-			else
-			{
-				return $this->ApiResponse($response, $recipeResolved);
-			}
-		}
-		catch (\Exception $ex)
-		{
-			return $this->GenericErrorResponse($response, $ex->getMessage());
-		}
-	}
-}
+<?php
+
+namespace Grocy\Controllers;
+
+use Grocy\Controllers\Users\User;
+
+class RecipesApiController extends BaseApiController
+{
+	public function AddNotFulfilledProductsToShoppingList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_SHOPPINGLIST_ITEMS_ADD);
+
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);
+		$excludedProductIds = null;
+
+		if ($requestBody !== null && array_key_exists('excludedProductIds', $requestBody))
+		{
+			$excludedProductIds = $requestBody['excludedProductIds'];
+		}
+
+		$this->getRecipesService()->AddNotFulfilledProductsToShoppingList($args['recipeId'], $excludedProductIds);
+		return $this->EmptyApiResponse($response);
+	}
+
+	public function ConsumeRecipe(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_STOCK_CONSUME);
+
+		try
+		{
+			$this->getRecipesService()->ConsumeRecipe($args['recipeId']);
+			return $this->EmptyApiResponse($response);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function GetRecipeFulfillment(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			if (!isset($args['recipeId']))
+			{
+				return $this->FilteredApiResponse($response, $this->getRecipesService()->GetRecipesResolved(), $request->getQueryParams());
+			}
+
+			$recipeResolved = FindObjectInArrayByPropertyValue($this->getRecipesService()->GetRecipesResolved(), 'recipe_id', $args['recipeId']);
+
+			if (!$recipeResolved)
+			{
+				throw new \Exception('Recipe does not exist');
+			}
+			else
+			{
+				return $this->ApiResponse($response, $recipeResolved);
+			}
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function CopyRecipe(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			return $this->ApiResponse($response, [
+				'created_object_id' => $this->getRecipesService()->CopyRecipe($args['recipeId'])
+			]);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+}
--- a/controllers/RecipesController.php
+++ b/controllers/RecipesController.php
@@ -2,81 +2,142 @@

 namespace Grocy\Controllers;

-use \Grocy\Services\RecipesService;
+use Grocy\Services\RecipesService;

 class RecipesController extends BaseController
 {
-	public function __construct(\DI\Container $container)
+	public function MealPlan(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		parent::__construct($container);
+		$start = date('Y-m-d');
+		if (isset($request->getQueryParams()['start']) && IsIsoDate($request->getQueryParams()['start']))
+		{
+			$start = $request->getQueryParams()['start'];
+		}
+
+		$days = 6;
+		if (isset($request->getQueryParams()['days']) && filter_var($request->getQueryParams()['days'], FILTER_VALIDATE_INT) !== false)
+		{
+			$days = $request->getQueryParams()['days'];
+		}
+
+		$mealPlanWhereTimespan = "day BETWEEN DATE('$start') AND DATE('$start', '+$days days')";
+
+		$recipes = $this->getDatabase()->recipes()->where('type', RecipesService::RECIPE_TYPE_NORMAL)->fetchAll();
+		$events = [];
+		foreach ($this->getDatabase()->meal_plan()->where($mealPlanWhereTimespan) as $mealPlanEntry)
+		{
+			$recipe = FindObjectInArrayByPropertyValue($recipes, 'id', $mealPlanEntry['recipe_id']);
+			$title = '';
+
+			if ($recipe !== null)
+			{
+				$title = $recipe->name;
+			}
+
+			$productDetails = null;
+			if ($mealPlanEntry['product_id'] !== null)
+			{
+				$productDetails = $this->getStockService()->GetProductDetails($mealPlanEntry['product_id']);
+			}
+
+			$events[] = [
+				'id' => $mealPlanEntry['id'],
+				'title' => $title,
+				'start' => $mealPlanEntry['day'],
+				'date_format' => 'date',
+				'recipe' => json_encode($recipe),
+				'mealPlanEntry' => json_encode($mealPlanEntry),
+				'type' => $mealPlanEntry['type'],
+				'productDetails' => json_encode($productDetails)
+			];
+		}
+
+		return $this->renderPage($response, 'mealplan', [
+			'fullcalendarEventSources' => $events,
+			'recipes' => $recipes,
+			'internalRecipes' => $this->getDatabase()->recipes()->where("id IN (SELECT recipe_id FROM meal_plan_internal_recipe_relation WHERE $mealPlanWhereTimespan)")->fetchAll(),
+			'recipesResolved' => $this->getRecipesService()->GetRecipesResolved2("recipe_id IN (SELECT recipe_id FROM meal_plan_internal_recipe_relation WHERE $mealPlanWhereTimespan)"),
+			'products' => $this->getDatabase()->products()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved(),
+			'mealplanSections' => $this->getDatabase()->meal_plan_sections()->orderBy('sort_number'),
+			'usedMealplanSections' => $this->getDatabase()->meal_plan_sections()->where("id IN (SELECT section_id FROM meal_plan WHERE $mealPlanWhereTimespan)")->orderBy('sort_number')
+		]);
 	}

 	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$recipes = $this->getDatabase()->recipes()->where('type', RecipesService::RECIPE_TYPE_NORMAL)->orderBy('name');
-		$recipesResolved = $this->getRecipesService()->GetRecipesResolved();
+		$recipes = $this->getDatabase()->recipes()->where('type', RecipesService::RECIPE_TYPE_NORMAL)->orderBy('name', 'COLLATE NOCASE');
+		$recipesResolved = $this->getRecipesService()->GetRecipesResolved('recipe_id > 0');

 		$selectedRecipe = null;
-		$selectedRecipePositionsResolved = null;
+
 		if (isset($request->getQueryParams()['recipe']))
 		{
 			$selectedRecipe = $this->getDatabase()->recipes($request->getQueryParams()['recipe']);
-			$selectedRecipePositionsResolved = $this->getDatabase()->recipes_pos_resolved()->where('recipe_id = :1 AND is_nested_recipe_pos = 0', $request->getQueryParams()['recipe'])->orderBy('ingredient_group', 'ASC', 'product_group', 'ASC');
 		}
 		else
 		{
 			foreach ($recipes as $recipe)
 			{
 				$selectedRecipe = $recipe;
-				$selectedRecipePositionsResolved = $this->getDatabase()->recipes_pos_resolved()->where('recipe_id = :1 AND is_nested_recipe_pos = 0', $recipe->id)->orderBy('ingredient_group', 'ASC', 'product_group', 'ASC');
 				break;
 			}
 		}

+		$totalCosts = null;
+		$totalCalories = null;
 		if ($selectedRecipe)
 		{
-			$selectedRecipeSubRecipes = $this->getDatabase()->recipes()->where('id IN (SELECT includes_recipe_id FROM recipes_nestings_resolved WHERE recipe_id = :1 AND includes_recipe_id != :1)', $selectedRecipe->id)->orderBy('name')->fetchAll();
-			$selectedRecipeSubRecipesPositions = $this->getDatabase()->recipes_pos_resolved()->where('recipe_id = :1', $selectedRecipe->id)->orderBy('ingredient_group', 'ASC', 'product_group', 'ASC')->fetchAll();
+			$totalCosts = FindObjectInArrayByPropertyValue($recipesResolved, 'recipe_id', $selectedRecipe->id)->costs;
+			$totalCalories = FindObjectInArrayByPropertyValue($recipesResolved, 'recipe_id', $selectedRecipe->id)->calories;
+		}

-			$includedRecipeIdsAbsolute = array();
+		$renderArray = [
+			'recipes' => $recipes,
+			'recipesResolved' => $recipesResolved,
+			'recipePositionsResolved' => $this->getDatabase()->recipes_pos_resolved()->where('recipe_type', RecipesService::RECIPE_TYPE_NORMAL),
+			'selectedRecipe' => $selectedRecipe,
+			'products' => $this->getDatabase()->products(),
+			'quantityUnits' => $this->getDatabase()->quantity_units(),
+			'userfields' => $this->getUserfieldsService()->GetFields('recipes'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('recipes'),
+			'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved(),
+			'selectedRecipeTotalCosts' => $totalCosts,
+			'selectedRecipeTotalCalories' => $totalCalories
+		];
+
+		if ($selectedRecipe)
+		{
+			$selectedRecipeSubRecipes = $this->getDatabase()->recipes()->where('id IN (SELECT includes_recipe_id FROM recipes_nestings_resolved WHERE recipe_id = :1 AND includes_recipe_id != :1)', $selectedRecipe->id)->orderBy('name', 'COLLATE NOCASE')->fetchAll();
+
+			$includedRecipeIdsAbsolute = [];
 			$includedRecipeIdsAbsolute[] = $selectedRecipe->id;
-			foreach($selectedRecipeSubRecipes as $subRecipe)
+			foreach ($selectedRecipeSubRecipes as $subRecipe)
 			{
 				$includedRecipeIdsAbsolute[] = $subRecipe->id;
 			}

-			$renderArray = [
-				'recipes' => $recipes,
-				'recipesResolved' => $recipesResolved,
-				'recipePositionsResolved' => $this->getDatabase()->recipes_pos_resolved()->where('recipe_type', RecipesService::RECIPE_TYPE_NORMAL),
-				'selectedRecipe' => $selectedRecipe,
-				'selectedRecipePositionsResolved' => $selectedRecipePositionsResolved,
-				'products' => $this->getDatabase()->products(),
-				'quantityUnits' => $this->getDatabase()->quantity_units(),
-				'selectedRecipeSubRecipes' => $selectedRecipeSubRecipes,
-				'selectedRecipeSubRecipesPositions' => $selectedRecipeSubRecipesPositions,
-				'includedRecipeIdsAbsolute' => $includedRecipeIdsAbsolute,
-				'selectedRecipeTotalCosts' => FindObjectInArrayByPropertyValue($recipesResolved, 'recipe_id', $selectedRecipe->id)->costs,
-				'selectedRecipeTotalCalories' => FindObjectInArrayByPropertyValue($recipesResolved, 'recipe_id', $selectedRecipe->id)->calories,
-				'userfields' => $this->getUserfieldsService()->GetFields('recipes'),
-				'userfieldValues' => $this->getUserfieldsService()->GetAllValues('recipes'),
-				'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved()
-			];
-		}
-		else
-		{
-			$renderArray = [
-				'recipes' => $recipes,
-				'recipesResolved' => $recipesResolved,
-				'recipePositionsResolved' => $this->getDatabase()->recipes_pos_resolved()->where('recipe_type', RecipesService::RECIPE_TYPE_NORMAL),
-				'selectedRecipe' => $selectedRecipe,
-				'selectedRecipePositionsResolved' => $selectedRecipePositionsResolved,
-				'products' => $this->getDatabase()->products(),
-				'quantityUnits' => $this->getDatabase()->quantity_units(),
-				'userfields' => $this->getUserfieldsService()->GetFields('recipes'),
-				'userfieldValues' => $this->getUserfieldsService()->GetAllValues('recipes'),
-				'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved()
-			];
+			// TODO: Why not directly use recipes_pos_resolved for all recipe positions here (parent and child)?
+			// This view already correctly recolves child recipe amounts...
+			$allRecipePositions = [];
+			foreach ($includedRecipeIdsAbsolute as $id)
+			{
+				$allRecipePositions[$id] = $this->getDatabase()->recipes_pos_resolved()->where('recipe_id = :1 AND is_nested_recipe_pos = 0', $id)->orderBy('ingredient_group', 'ASC', 'product_group', 'ASC');
+				foreach ($allRecipePositions[$id] as $pos)
+				{
+					if ($id != $selectedRecipe->id)
+					{
+						$pos2 = $this->getDatabase()->recipes_pos_resolved()->where('recipe_id = :1  AND recipe_pos_id = :2 AND is_nested_recipe_pos = 1', $selectedRecipe->id, $pos->recipe_pos_id)->fetch();
+						$pos->recipe_amount = $pos2->recipe_amount;
+						$pos->missing_amount = $pos2->missing_amount;
+					}
+				}
+			}
+
+			$renderArray['selectedRecipeSubRecipes'] = $selectedRecipeSubRecipes;
+			$renderArray['includedRecipeIdsAbsolute'] = $includedRecipeIdsAbsolute;
+			$renderArray['allRecipePositions'] = $allRecipePositions;
 		}

 		return $this->renderPage($response, 'recipes', $renderArray);
@@ -85,26 +146,17 @@ class RecipesController extends BaseController
 	public function RecipeEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		$recipeId = $args['recipeId'];
-		if ($recipeId  == 'new')
-		{
-			$newRecipe = $this->getDatabase()->recipes()->where('type', RecipesService::RECIPE_TYPE_NORMAL)->createRow(array(
-				'name' => $this->getLocalizationService()->__t('New recipe')
-			));
-			$newRecipe->save();
-
-			$recipeId = $this->getDatabase()->lastInsertId();
-		}

 		return $this->renderPage($response, 'recipeform', [
-			'recipe' =>  $this->getDatabase()->recipes($recipeId),
-			'recipePositions' =>  $this->getDatabase()->recipes_pos()->where('recipe_id', $recipeId),
-			'mode' => 'edit',
-			'products' => $this->getDatabase()->products()->orderBy('name'),
+			'recipe' => $this->getDatabase()->recipes($recipeId),
+			'recipePositions' => $this->getDatabase()->recipes_pos()->where('recipe_id', $recipeId),
+			'mode' => $recipeId == 'new' ? 'create' : 'edit',
+			'products' => $this->getDatabase()->products()->orderBy('name', 'COLLATE NOCASE'),
 			'quantityunits' => $this->getDatabase()->quantity_units(),
 			'recipePositionsResolved' => $this->getRecipesService()->GetRecipesPosResolved(),
 			'recipesResolved' => $this->getRecipesService()->GetRecipesResolved(),
-			'recipes' =>  $this->getDatabase()->recipes()->where('type', RecipesService::RECIPE_TYPE_NORMAL)->orderBy('name'),
-			'recipeNestings' =>  $this->getDatabase()->recipes_nestings()->where('recipe_id', $recipeId),
+			'recipes' => $this->getDatabase()->recipes()->where('type', RecipesService::RECIPE_TYPE_NORMAL)->orderBy('name', 'COLLATE NOCASE'),
+			'recipeNestings' => $this->getDatabase()->recipes_nestings()->where('recipe_id', $recipeId),
 			'userfields' => $this->getUserfieldsService()->GetFields('recipes'),
 			'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved()
 		]);
@@ -118,8 +170,8 @@ class RecipesController extends BaseController
 				'mode' => 'create',
 				'recipe' => $this->getDatabase()->recipes($args['recipeId']),
 				'recipePos' => new \stdClass(),
-				'products' => $this->getDatabase()->products()->orderBy('name'),
-				'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name'),
+				'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
 				'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved()
 			]);
 		}
@@ -127,10 +179,10 @@ class RecipesController extends BaseController
 		{
 			return $this->renderPage($response, 'recipeposform', [
 				'mode' => 'edit',
-				'recipe' =>  $this->getDatabase()->recipes($args['recipeId']),
+				'recipe' => $this->getDatabase()->recipes($args['recipeId']),
 				'recipePos' => $this->getDatabase()->recipes_pos($args['recipePosId']),
-				'products' => $this->getDatabase()->products()->orderBy('name'),
-				'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name'),
+				'products' => $this->getDatabase()->products()->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
 				'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved()
 			]);
 		}
@@ -141,46 +193,27 @@ class RecipesController extends BaseController
 		return $this->renderPage($response, 'recipessettings');
 	}

-	public function MealPlan(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	public function MealPlanSectionEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$recipes = $this->getDatabase()->recipes()->where('type', RecipesService::RECIPE_TYPE_NORMAL)->fetchAll();
-
-		$events = array();
-		foreach($this->getDatabase()->meal_plan() as $mealPlanEntry)
+		if ($args['sectionId'] == 'new')
 		{
-			$recipe = FindObjectInArrayByPropertyValue($recipes, 'id', $mealPlanEntry['recipe_id']);
-			$title = '';
-			if ($recipe !== null)
-			{
-				$title = $recipe->name;
-			}
-
-			$productDetails = null;
-			if ($mealPlanEntry['product_id'] !== null)
-			{
-				$productDetails = $this->getStockService()->GetProductDetails($mealPlanEntry['product_id']);
-			}
-
-			$events[] = array(
-				'id' => $mealPlanEntry['id'],
-				'title' => $title,
-				'start' => $mealPlanEntry['day'],
-				'date_format' => 'date',
-				'recipe' => json_encode($recipe),
-				'mealPlanEntry' => json_encode($mealPlanEntry),
-				'type' => $mealPlanEntry['type'],
-				'productDetails' => json_encode($productDetails)
-			);
+			return $this->renderPage($response, 'mealplansectionform', [
+				'mode' => 'create'
+			]);
 		}
+		else
+		{
+			return $this->renderPage($response, 'mealplansectionform', [
+				'mealplanSection' => $this->getDatabase()->meal_plan_sections($args['sectionId']),
+				'mode' => 'edit'
+			]);
+		}
+	}

-		return $this->renderPage($response, 'mealplan', [
-			'fullcalendarEventSources' => $events,
-			'recipes' => $recipes,
-			'internalRecipes' => $this->getDatabase()->recipes()->whereNot('type', RecipesService::RECIPE_TYPE_NORMAL)->fetchAll(),
-			'recipesResolved' => $this->getRecipesService()->GetRecipesResolved(),
-			'products' => $this->getDatabase()->products()->orderBy('name'),
-			'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name'),
-			'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved()
+	public function MealPlanSectionsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'mealplansections', [
+			'mealplanSections' => $this->getDatabase()->meal_plan_sections()->where('id > 0')->orderBy('sort_number')
 		]);
 	}
 }
--- a/controllers/StockApiController.php
+++ b/controllers/StockApiController.php
--- a/controllers/StockController.php
+++ b/controllers/StockController.php
@@ -2,209 +2,75 @@

 namespace Grocy\Controllers;

+use Grocy\Helpers\Grocycode;
+use Grocy\Services\RecipesService;
+
 class StockController extends BaseController
 {
-
-	public function __construct(\DI\Container $container)
-	{
-		parent::__construct($container);
-	}
-
-	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		$usersService = $this->getUsersService();
-		$nextXDays = $usersService->GetUserSettings(GROCY_USER_ID)['stock_expring_soon_days'];
-
-		return $this->renderPage($response, 'stockoverview', [
-			'products' => $this->getDatabase()->products()->orderBy('name'),
-			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name'),
-			'locations' => $this->getDatabase()->locations()->orderBy('name'),
-			'currentStock' => $this->getStockService()->GetCurrentStock(true),
-			'currentStockLocations' => $this->getStockService()->GetCurrentStockLocations(),
-			'missingProducts' => $this->getStockService()->GetMissingProducts(),
-			'nextXDays' => $nextXDays,
-			'productGroups' => $this->getDatabase()->product_groups()->orderBy('name'),
-			'userfields' => $this->getUserfieldsService()->GetFields('products'),
-			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('products'),
-			'shoppingListItems' => $this->getDatabase()->shopping_list(),
-		]);
-	}
-
-	public function Stockentries(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		$usersService = $this->getUsersService();
-		$nextXDays = $usersService->GetUserSettings(GROCY_USER_ID)['stock_expring_soon_days'];
-
-		return $this->renderPage($response, 'stockentries', [
-			'products' => $this->getDatabase()->products()->orderBy('name'),
-			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name'),
-			'locations' => $this->getDatabase()->locations()->orderBy('name'),
-			'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name'),
-			'stockEntries' => $this->getDatabase()->stock()->orderBy('product_id'),
-			'currentStockLocations' => $this->getStockService()->GetCurrentStockLocations(),
-			'nextXDays' => $nextXDays,
-			'userfields' => $this->getUserfieldsService()->GetFields('products'),
-			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('products')
-		]);
-	}
-
-	public function Purchase(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->renderPage($response, 'purchase', [
-			'products' => $this->getDatabase()->products()->orderBy('name'),
-			'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name'),
-			'locations' => $this->getDatabase()->locations()->orderBy('name')
-		]);
-	}
+	use GrocycodeTrait;

 	public function Consume(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		return $this->renderPage($response, 'consume', [
-			'products' => $this->getDatabase()->products()->orderBy('name'),
-			'recipes' => $this->getDatabase()->recipes()->orderBy('name'),
-			'locations' => $this->getDatabase()->locations()->orderBy('name')
-		]);
-	}
-
-	public function Transfer(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->renderPage($response, 'transfer', [
-			'products' => $this->getDatabase()->products()->orderBy('name'),
-			'recipes' => $this->getDatabase()->recipes()->orderBy('name'),
-			'locations' => $this->getDatabase()->locations()->orderBy('name')
+			'products' => $this->getDatabase()->products()->where('active = 1')->where('id IN (SELECT product_id from stock_current WHERE amount_aggregated > 0)')->orderBy('name'),
+			'barcodes' => $this->getDatabase()->product_barcodes_comma_separated(),
+			'recipes' => $this->getDatabase()->recipes()->where('type', RecipesService::RECIPE_TYPE_NORMAL)->orderBy('name', 'COLLATE NOCASE'),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved()
 		]);
 	}

 	public function Inventory(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		return $this->renderPage($response, 'inventory', [
-			'products' => $this->getDatabase()->products()->orderBy('name'),
-			'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name'),
-			'locations' => $this->getDatabase()->locations()->orderBy('name')
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'barcodes' => $this->getDatabase()->product_barcodes_comma_separated(),
+			'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved()
 		]);
 	}

-	public function StockEntryEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	public function Journal(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->renderPage($response, 'stockentryform', [
-			'stockEntry' => $this->getDatabase()->stock()->where('id', $args['entryId'])->fetch(),
-			'products' => $this->getDatabase()->products()->orderBy('name'),
-			'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name'),
-			'locations' => $this->getDatabase()->locations()->orderBy('name')
-		]);
-	}
-
-	public function ShoppingList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		$listId = 1;
-		if (isset($request->getQueryParams()['list']))
+		if (isset($request->getQueryParams()['months']) && filter_var($request->getQueryParams()['months'], FILTER_VALIDATE_INT) !== false)
 		{
-			$listId = $request->getQueryParams()['list'];
-		}
-
-		return $this->renderPage($response, 'shoppinglist', [
-			'listItems' => $this->getDatabase()->shopping_list()->where('shopping_list_id = :1', $listId),
-			'products' => $this->getDatabase()->products()->orderBy('name'),
-			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name'),
-			'missingProducts' => $this->getStockService()->GetMissingProducts(),
-			'productGroups' => $this->getDatabase()->product_groups()->orderBy('name'),
-			'shoppingLists' => $this->getDatabase()->shopping_lists()->orderBy('name'),
-			'selectedShoppingListId' => $listId,
-			'userfields' => $this->getUserfieldsService()->GetFields('products'),
-			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('products')
-		]);
-	}
-
-	public function ProductsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->renderPage($response, 'products', [
-			'products' => $this->getDatabase()->products()->orderBy('name'),
-			'locations' => $this->getDatabase()->locations()->orderBy('name'),
-			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name'),
-			'productGroups' => $this->getDatabase()->product_groups()->orderBy('name'),
-			'userfields' => $this->getUserfieldsService()->GetFields('products'),
-			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('products')
-		]);
-	}
-
-	public function StockSettings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->renderPage($response, 'stocksettings', [
-			'locations' => $this->getDatabase()->locations()->orderBy('name'),
-			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name'),
-			'productGroups' => $this->getDatabase()->product_groups()->orderBy('name')
-		]);
-	}
-
-	public function LocationsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->renderPage($response, 'locations', [
-			'locations' => $this->getDatabase()->locations()->orderBy('name'),
-			'userfields' => $this->getUserfieldsService()->GetFields('locations'),
-			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('locations')
-		]);
-	}
-
-	public function ShoppingLocationsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->renderPage($response, 'shoppinglocations', [
-			'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name'),
-			'userfields' => $this->getUserfieldsService()->GetFields('shopping_locations'),
-			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('shopping_locations')
-		]);
-	}
-
-	public function ProductGroupsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->renderPage($response, 'productgroups', [
-			'productGroups' => $this->getDatabase()->product_groups()->orderBy('name'),
-			'products' => $this->getDatabase()->products()->orderBy('name'),
-			'userfields' => $this->getUserfieldsService()->GetFields('product_groups'),
-			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('product_groups')
-		]);
-	}
-
-	public function QuantityUnitsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->renderPage($response, 'quantityunits', [
-			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name'),
-			'userfields' => $this->getUserfieldsService()->GetFields('quantity_units'),
-			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('quantity_units')
-		]);
-	}
-
-	public function ProductEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		if ($args['productId'] == 'new')
-		{
-			return $this->renderPage($response, 'productform', [
-				'locations' =>  $this->getDatabase()->locations()->orderBy('name'),
-				'quantityunits' =>  $this->getDatabase()->quantity_units()->orderBy('name'),
-				'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name'),
-				'productgroups' => $this->getDatabase()->product_groups()->orderBy('name'),
-				'userfields' => $this->getUserfieldsService()->GetFields('products'),
-				'products' => $this->getDatabase()->products()->where('parent_product_id IS NULL')->orderBy('name'),
-				'isSubProductOfOthers' => false,
-				'mode' => 'create'
-			]);
+			$months = $request->getQueryParams()['months'];
+			$where = "row_created_timestamp > DATE(DATE('now', 'localtime'), '-$months months')";
 		}
 		else
 		{
-			$product = $this->getDatabase()->products($args['productId']);
-
-			return $this->renderPage($response, 'productform', [
-				'product' =>  $product,
-				'locations' =>  $this->getDatabase()->locations()->orderBy('name'),
-				'quantityunits' =>  $this->getDatabase()->quantity_units()->orderBy('name'),
-				'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name'),
-				'productgroups' => $this->getDatabase()->product_groups()->orderBy('name'),
-				'userfields' => $this->getUserfieldsService()->GetFields('products'),
-				'products' => $this->getDatabase()->products()->where('id != :1 AND parent_product_id IS NULL', $product->id)->orderBy('name'),
-				'isSubProductOfOthers' => $this->getDatabase()->products()->where('parent_product_id = :1', $product->id)->count() !== 0,
-				'mode' => 'edit',
-				'quConversions' => $this->getDatabase()->quantity_unit_conversions()
-			]);
+			// Default 6 months
+			$where = "row_created_timestamp > DATE(DATE('now', 'localtime'), '-6 months')";
 		}
+
+		if (isset($request->getQueryParams()['product']) && filter_var($request->getQueryParams()['product'], FILTER_VALIDATE_INT) !== false)
+		{
+			$productId = $request->getQueryParams()['product'];
+			$where .= " AND product_id = $productId";
+		}
+
+		$usersService = $this->getUsersService();
+
+		return $this->renderPage($response, 'stockjournal', [
+			'stockLog' => $this->getDatabase()->uihelper_stock_journal()->where($where)->orderBy('row_created_timestamp', 'DESC'),
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'users' => $usersService->GetUsersAsDto(),
+			'transactionTypes' => GetClassConstants('\Grocy\Services\StockService', 'TRANSACTION_TYPE_')
+		]);
+	}
+
+	public function LocationContentSheet(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'locationcontentsheet', [
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'currentStockLocationContent' => $this->getStockService()->GetCurrentStockLocationContent()
+		]);
 	}

 	public function LocationEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
@@ -219,32 +85,117 @@ class StockController extends BaseController
 		else
 		{
 			return $this->renderPage($response, 'locationform', [
-				'location' =>  $this->getDatabase()->locations($args['locationId']),
+				'location' => $this->getDatabase()->locations($args['locationId']),
 				'mode' => 'edit',
 				'userfields' => $this->getUserfieldsService()->GetFields('locations')
 			]);
 		}
 	}

-	public function ShoppingLocationEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	public function LocationsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		if ($args['shoppingLocationId'] == 'new')
+		return $this->renderPage($response, 'locations', [
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'userfields' => $this->getUserfieldsService()->GetFields('locations'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('locations')
+		]);
+	}
+
+	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$usersService = $this->getUsersService();
+		$nextXDays = $usersService->GetUserSettings(GROCY_USER_ID)['stock_due_soon_days'];
+
+		return $this->renderPage($response, 'stockoverview', [
+			'currentStock' => $this->getStockService()->GetCurrentStockOverview(),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'currentStockLocations' => $this->getStockService()->GetCurrentStockLocations(),
+			'nextXDays' => $nextXDays,
+			'productGroups' => $this->getDatabase()->product_groups()->orderBy('name', 'COLLATE NOCASE'),
+			'userfields' => $this->getUserfieldsService()->GetFields('products'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('products')
+		]);
+	}
+
+	public function ProductBarcodesEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$product = null;
+
+		if (isset($request->getQueryParams()['product']))
 		{
-			return $this->renderPage($response, 'shoppinglocationform', [
+			$product = $this->getDatabase()->products($request->getQueryParams()['product']);
+		}
+
+		if ($args['productBarcodeId'] == 'new')
+		{
+			return $this->renderPage($response, 'productbarcodeform', [
 				'mode' => 'create',
-				'userfields' => $this->getUserfieldsService()->GetFields('shopping_locations')
+				'barcodes' => $this->getDatabase()->product_barcodes()->orderBy('barcode'),
+				'product' => $product,
+				'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved(),
+				'userfields' => $this->getUserfieldsService()->GetFields('product_barcodes')
 			]);
 		}
 		else
 		{
-			return $this->renderPage($response, 'shoppinglocationform', [
-				'shoppinglocation' =>  $this->getDatabase()->shopping_locations($args['shoppingLocationId']),
+			return $this->renderPage($response, 'productbarcodeform', [
 				'mode' => 'edit',
-				'userfields' => $this->getUserfieldsService()->GetFields('shopping_locations')
+				'barcode' => $this->getDatabase()->product_barcodes($args['productBarcodeId']),
+				'product' => $product,
+				'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved(),
+				'userfields' => $this->getUserfieldsService()->GetFields('product_barcodes')
 			]);
 		}
 	}

+	public function ProductEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if ($args['productId'] == 'new')
+		{
+			return $this->renderPage($response, 'productform', [
+				'locations' => $this->getDatabase()->locations()->orderBy('name'),
+				'barcodes' => $this->getDatabase()->product_barcodes()->orderBy('barcode'),
+				'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+				'productgroups' => $this->getDatabase()->product_groups()->orderBy('name', 'COLLATE NOCASE'),
+				'userfields' => $this->getUserfieldsService()->GetFields('products'),
+				'products' => $this->getDatabase()->products()->where('parent_product_id IS NULL and active = 1')->orderBy('name', 'COLLATE NOCASE'),
+				'isSubProductOfOthers' => false,
+				'mode' => 'create'
+			]);
+		}
+		else
+		{
+			$product = $this->getDatabase()->products($args['productId']);
+
+			return $this->renderPage($response, 'productform', [
+				'product' => $product,
+				'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+				'barcodes' => $this->getDatabase()->product_barcodes()->orderBy('barcode'),
+				'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+				'productgroups' => $this->getDatabase()->product_groups()->orderBy('name', 'COLLATE NOCASE'),
+				'userfields' => $this->getUserfieldsService()->GetFields('products'),
+				'products' => $this->getDatabase()->products()->where('id != :1 AND parent_product_id IS NULL and active = 1', $product->id)->orderBy('name', 'COLLATE NOCASE'),
+				'isSubProductOfOthers' => $this->getDatabase()->products()->where('parent_product_id = :1', $product->id)->count() !== 0,
+				'mode' => 'edit',
+				'quConversions' => $this->getDatabase()->quantity_unit_conversions(),
+				'productBarcodeUserfields' => $this->getUserfieldsService()->GetFields('product_barcodes'),
+				'productBarcodeUserfieldValues' => $this->getUserfieldsService()->GetAllValues('product_barcodes')
+			]);
+		}
+	}
+
+	public function ProductGrocycodeImage(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$gc = new Grocycode(Grocycode::PRODUCT, $args['productId']);
+		return $this->ServeGrocycodeImage($request, $response, $gc);
+	}
+
 	public function ProductGroupEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		if ($args['productGroupId'] == 'new')
@@ -257,13 +208,100 @@ class StockController extends BaseController
 		else
 		{
 			return $this->renderPage($response, 'productgroupform', [
-				'group' =>  $this->getDatabase()->product_groups($args['productGroupId']),
+				'group' => $this->getDatabase()->product_groups($args['productGroupId']),
 				'mode' => 'edit',
 				'userfields' => $this->getUserfieldsService()->GetFields('product_groups')
 			]);
 		}
 	}

+	public function ProductGroupsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'productgroups', [
+			'productGroups' => $this->getDatabase()->product_groups()->orderBy('name', 'COLLATE NOCASE'),
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'userfields' => $this->getUserfieldsService()->GetFields('product_groups'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('product_groups')
+		]);
+	}
+
+	public function ProductsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$products = $this->getDatabase()->products();
+		if (!isset($request->getQueryParams()['include_disabled']))
+		{
+			$products = $products->where('active = 1');
+		}
+
+		if (isset($request->getQueryParams()['only_in_stock']))
+		{
+			$products = $products->where('id IN (SELECT product_id from stock_current WHERE amount_aggregated > 0)');
+		}
+
+		$products = $products->orderBy('name', 'COLLATE NOCASE');
+
+		return $this->renderPage($response, 'products', [
+			'products' => $products,
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'productGroups' => $this->getDatabase()->product_groups()->orderBy('name', 'COLLATE NOCASE'),
+			'shoppingLocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+			'userfields' => $this->getUserfieldsService()->GetFields('products'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('products')
+		]);
+	}
+
+	public function Purchase(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'purchase', [
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'barcodes' => $this->getDatabase()->product_barcodes_comma_separated(),
+			'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved()
+		]);
+	}
+
+	public function QuantityUnitConversionEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$product = null;
+
+		if (isset($request->getQueryParams()['product']))
+		{
+			$product = $this->getDatabase()->products($request->getQueryParams()['product']);
+		}
+
+		$defaultQuUnit = null;
+
+		if (isset($request->getQueryParams()['qu-unit']))
+		{
+			$defaultQuUnit = $this->getDatabase()->quantity_units($request->getQueryParams()['qu-unit']);
+		}
+
+		if ($args['quConversionId'] == 'new')
+		{
+			return $this->renderPage($response, 'quantityunitconversionform', [
+				'mode' => 'create',
+				'userfields' => $this->getUserfieldsService()->GetFields('quantity_unit_conversions'),
+				'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'product' => $product,
+				'defaultQuUnit' => $defaultQuUnit
+			]);
+		}
+		else
+		{
+			return $this->renderPage($response, 'quantityunitconversionform', [
+				'quConversion' => $this->getDatabase()->quantity_unit_conversions($args['quConversionId']),
+				'mode' => 'edit',
+				'userfields' => $this->getUserfieldsService()->GetFields('quantity_unit_conversions'),
+				'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'product' => $product,
+				'defaultQuUnit' => $defaultQuUnit
+			]);
+		}
+	}
+
 	public function QuantityUnitEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		if ($args['quantityunitId'] == 'new')
@@ -280,7 +318,7 @@ class StockController extends BaseController
 			$quantityUnit = $this->getDatabase()->quantity_units($args['quantityunitId']);

 			return $this->renderPage($response, 'quantityunitform', [
-				'quantityUnit' =>  $quantityUnit,
+				'quantityUnit' => $quantityUnit,
 				'mode' => 'edit',
 				'userfields' => $this->getUserfieldsService()->GetFields('quantity_units'),
 				'pluralCount' => $this->getLocalizationService()->GetPluralCount(),
@@ -291,25 +329,44 @@ class StockController extends BaseController
 		}
 	}

-	public function ShoppingListItemEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	public function QuantityUnitPluralFormTesting(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		if ($args['itemId'] == 'new')
+		return $this->renderPage($response, 'quantityunitpluraltesting', [
+			'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE')
+		]);
+	}
+
+	public function QuantityUnitsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'quantityunits', [
+			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'userfields' => $this->getUserfieldsService()->GetFields('quantity_units'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('quantity_units')
+		]);
+	}
+
+	public function ShoppingList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$listId = 1;
+
+		if (isset($request->getQueryParams()['list']))
 		{
-			return $this->renderPage($response, 'shoppinglistitemform', [
-				'products' =>  $this->getDatabase()->products()->orderBy('name'),
-				'shoppingLists' => $this->getDatabase()->shopping_lists()->orderBy('name'),
-				'mode' => 'create'
-			]);
-		}
-		else
-		{
-			return $this->renderPage($response, 'shoppinglistitemform', [
-				'listItem' =>  $this->getDatabase()->shopping_list($args['itemId']),
-				'products' =>  $this->getDatabase()->products()->orderBy('name'),
-				'shoppingLists' => $this->getDatabase()->shopping_lists()->orderBy('name'),
-				'mode' => 'edit'
-			]);
+			$listId = $request->getQueryParams()['list'];
 		}
+
+		return $this->renderPage($response, 'shoppinglist', [
+			'listItems' => $this->getDatabase()->uihelper_shopping_list()->where('shopping_list_id = :1', $listId),
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'missingProducts' => $this->getStockService()->GetMissingProducts(),
+			'shoppingLists' => $this->getDatabase()->shopping_lists()->orderBy('name', 'COLLATE NOCASE'),
+			'selectedShoppingListId' => $listId,
+			'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved(),
+			'productUserfields' => $this->getUserfieldsService()->GetFields('products'),
+			'productUserfieldValues' => $this->getUserfieldsService()->GetAllValues('products'),
+			'userfields' => $this->getUserfieldsService()->GetFields('shopping_list'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('shopping_list')
+		]);
 	}

 	public function ShoppingListEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
@@ -317,14 +374,43 @@ class StockController extends BaseController
 		if ($args['listId'] == 'new')
 		{
 			return $this->renderPage($response, 'shoppinglistform', [
-				'mode' => 'create'
+				'mode' => 'create',
+				'userfields' => $this->getUserfieldsService()->GetFields('shopping_lists')
 			]);
 		}
 		else
 		{
 			return $this->renderPage($response, 'shoppinglistform', [
-				'shoppingList' =>  $this->getDatabase()->shopping_lists($args['listId']),
-				'mode' => 'edit'
+				'shoppingList' => $this->getDatabase()->shopping_lists($args['listId']),
+				'mode' => 'edit',
+				'userfields' => $this->getUserfieldsService()->GetFields('shopping_lists')
+			]);
+		}
+	}
+
+	public function ShoppingListItemEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if ($args['itemId'] == 'new')
+		{
+			return $this->renderPage($response, 'shoppinglistitemform', [
+				'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+				'shoppingLists' => $this->getDatabase()->shopping_lists()->orderBy('name', 'COLLATE NOCASE'),
+				'mode' => 'create',
+				'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved(),
+				'userfields' => $this->getUserfieldsService()->GetFields('shopping_list')
+			]);
+		}
+		else
+		{
+			return $this->renderPage($response, 'shoppinglistitemform', [
+				'listItem' => $this->getDatabase()->shopping_list($args['itemId']),
+				'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+				'shoppingLists' => $this->getDatabase()->shopping_lists()->orderBy('name', 'COLLATE NOCASE'),
+				'mode' => 'edit',
+				'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+				'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved(),
+				'userfields' => $this->getUserfieldsService()->GetFields('shopping_list')
 			]);
 		}
 	}
@@ -334,67 +420,120 @@ class StockController extends BaseController
 		return $this->renderPage($response, 'shoppinglistsettings');
 	}

-	public function Journal(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	public function ShoppingLocationEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->renderPage($response, 'stockjournal', [
-			'stockLog' => $this->getDatabase()->stock_log()->orderBy('row_created_timestamp', 'DESC'),
-			'locations' => $this->getDatabase()->locations()->orderBy('name'),
-			'products' => $this->getDatabase()->products()->orderBy('name'),
-			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name')
-		]);
-	}
-
-	public function LocationContentSheet(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->renderPage($response, 'locationcontentsheet', [
-			'products' => $this->getDatabase()->products()->orderBy('name'),
-			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name'),
-			'locations' => $this->getDatabase()->locations()->orderBy('name'),
-			'currentStockLocationContent' => $this->getStockService()->GetCurrentStockLocationContent()
-		]);
-	}
-
-	public function QuantityUnitConversionEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		$product = null;
-		if (isset($request->getQueryParams()['product']))
+		if ($args['shoppingLocationId'] == 'new')
 		{
-			$product = $this->getDatabase()->products($request->getQueryParams()['product']);
-		}
-
-		$defaultQuUnit = null;
-		if (isset($request->getQueryParams()['qu-unit']))
-		{
-			$defaultQuUnit = $this->getDatabase()->quantity_units($request->getQueryParams()['qu-unit']);
-		}
-
-		if ($args['quConversionId'] == 'new')
-		{
-			return $this->renderPage($response, 'quantityunitconversionform', [
+			return $this->renderPage($response, 'shoppinglocationform', [
 				'mode' => 'create',
-				'userfields' => $this->getUserfieldsService()->GetFields('quantity_unit_conversions'),
-				'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name'),
-				'product' => $product,
-				'defaultQuUnit' => $defaultQuUnit
+				'userfields' => $this->getUserfieldsService()->GetFields('shopping_locations')
 			]);
 		}
 		else
 		{
-			return $this->renderPage($response, 'quantityunitconversionform', [
-				'quConversion' =>  $this->getDatabase()->quantity_unit_conversions($args['quConversionId']),
+			return $this->renderPage($response, 'shoppinglocationform', [
+				'shoppinglocation' => $this->getDatabase()->shopping_locations($args['shoppingLocationId']),
 				'mode' => 'edit',
-				'userfields' => $this->getUserfieldsService()->GetFields('quantity_unit_conversions'),
-				'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name'),
-				'product' => $product,
-				'defaultQuUnit' => $defaultQuUnit
+				'userfields' => $this->getUserfieldsService()->GetFields('shopping_locations')
 			]);
 		}
 	}

-	public function QuantityUnitPluralFormTesting(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	public function ShoppingLocationsList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->renderPage($response, 'quantityunitpluraltesting', [
-			'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name')
+		return $this->renderPage($response, 'shoppinglocations', [
+			'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+			'userfields' => $this->getUserfieldsService()->GetFields('shopping_locations'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('shopping_locations')
+		]);
+	}
+
+	public function StockEntryEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'stockentryform', [
+			'stockEntry' => $this->getDatabase()->stock()->where('id', $args['entryId'])->fetch(),
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE')
+		]);
+	}
+
+	public function StockEntryGrocycodeImage(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$stockEntry = $this->getDatabase()->stock()->where('id', $args['entryId'])->fetch();
+		$gc = new Grocycode(Grocycode::PRODUCT, $stockEntry->product_id, [$stockEntry->stock_id]);
+		return $this->ServeGrocycodeImage($request, $response, $gc);
+	}
+
+	public function StockEntryGrocycodeLabel(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$stockEntry = $this->getDatabase()->stock()->where('id', $args['entryId'])->fetch();
+		return $this->renderPage($response, 'stockentrylabel', [
+			'stockEntry' => $stockEntry,
+			'product' => $this->getDatabase()->products($stockEntry->product_id),
+		]);
+	}
+
+	public function StockSettings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'stocksettings', [
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'productGroups' => $this->getDatabase()->product_groups()->orderBy('name', 'COLLATE NOCASE')
+		]);
+	}
+
+	public function Stockentries(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$usersService = $this->getUsersService();
+		$nextXDays = $usersService->GetUserSettings(GROCY_USER_ID)['stock_due_soon_days'];
+
+		return $this->renderPage($response, 'stockentries', [
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'quantityunits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'shoppinglocations' => $this->getDatabase()->shopping_locations()->orderBy('name', 'COLLATE NOCASE'),
+			'stockEntries' => $this->getDatabase()->stock()->orderBy('product_id'),
+			'currentStockLocations' => $this->getStockService()->GetCurrentStockLocations(),
+			'nextXDays' => $nextXDays,
+			'userfields' => $this->getUserfieldsService()->GetFields('products'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('products')
+		]);
+	}
+
+	public function Transfer(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'transfer', [
+			'products' => $this->getDatabase()->products()->where('active = 1')->where('id IN (SELECT product_id from stock_current WHERE amount_aggregated > 0)')->orderBy('name', 'COLLATE NOCASE'),
+			'barcodes' => $this->getDatabase()->product_barcodes_comma_separated(),
+			'locations' => $this->getDatabase()->locations()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnits' => $this->getDatabase()->quantity_units()->orderBy('name', 'COLLATE NOCASE'),
+			'quantityUnitConversionsResolved' => $this->getDatabase()->quantity_unit_conversions_resolved()
+		]);
+	}
+
+	public function JournalSummary(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		$entries = $this->getDatabase()->uihelper_stock_journal_summary();
+		if (isset($request->getQueryParams()['product_id']))
+		{
+			$entries = $entries->where('product_id', $request->getQueryParams()['product_id']);
+		}
+		if (isset($request->getQueryParams()['user_id']))
+		{
+			$entries = $entries->where('user_id', $request->getQueryParams()['user_id']);
+		}
+		if (isset($request->getQueryParams()['transaction_type']))
+		{
+			$entries = $entries->where('transaction_type', $request->getQueryParams()['transaction_type']);
+		}
+
+		$usersService = $this->getUsersService();
+		return $this->renderPage($response, 'stockjournalsummary', [
+			'entries' => $entries,
+			'products' => $this->getDatabase()->products()->where('active = 1')->orderBy('name', 'COLLATE NOCASE'),
+			'users' => $usersService->GetUsersAsDto(),
+			'transactionTypes' => GetClassConstants('\Grocy\Services\StockService', 'TRANSACTION_TYPE_')
 		]);
 	}
 }
--- a/controllers/SystemApiController.php
+++ b/controllers/SystemApiController.php
@@ -4,18 +4,6 @@ namespace Grocy\Controllers;

 class SystemApiController extends BaseApiController
 {
-	public function __construct(\DI\Container $container)
-	{
-		parent::__construct($container);
-	}
-
-	public function GetDbChangedTime(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-        return $this->ApiResponse($response, array(
-            'changed_time' => $this->getDatabaseService()->GetDbChangedTime()
-        ));
-	}
-
 	public function GetConfig(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
@@ -23,12 +11,10 @@ class SystemApiController extends BaseApiController
 			$constants = get_defined_constants();

 			// Some GROCY_* constants are not really config settings and therefore should not be exposed
-			unset($constants['GROCY_AUTHENTICATED']);
-			unset($constants['GROCY_DATAPATH']);
-			unset($constants['GROCY_IS_EMBEDDED_INSTALL']);
-			unset($constants['GROCY_USER_ID']);
+			unset($constants['GROCY_AUTHENTICATED'], $constants['GROCY_DATAPATH'], $constants['GROCY_IS_EMBEDDED_INSTALL'], $constants['GROCY_USER_ID']);
+
+			$returnArray = [];

-			$returnArray = array();
 			foreach ($constants as $constant => $value)
 			{
 				if (substr($constant, 0, 6) === 'GROCY_')
@@ -45,13 +31,49 @@ class SystemApiController extends BaseApiController
 		}
 	}

+	public function GetDbChangedTime(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->ApiResponse($response, [
+			'changed_time' => $this->getDatabaseService()->GetDbChangedTime()
+		]);
+	}
+
+	public function GetSystemInfo(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->ApiResponse($response, $this->getApplicationService()->GetSystemInfo());
+	}
+
+	public function GetSystemTime(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			$offset = 0;
+			$params = $request->getQueryParams();
+			if (isset($params['offset']))
+			{
+				if (filter_var($params['offset'], FILTER_VALIDATE_INT) === false)
+				{
+					throw new \Exception('Query parameter "offset" is not a valid integer');
+				}
+
+				$offset = $params['offset'];
+			}
+
+			return $this->ApiResponse($response, $this->getApplicationService()->GetSystemTime($offset));
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
 	public function LogMissingLocalization(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		if (GROCY_MODE === 'dev')
 		{
 			try
 			{
-				$requestBody = $request->getParsedBody();
+				$requestBody = $this->GetParsedAndFilteredRequestBody($request);

 				$this->getLocalizationService()->CheckAndAddMissingTranslationToPot($requestBody['text']);
 				return $this->EmptyApiResponse($response);
@@ -63,8 +85,8 @@ class SystemApiController extends BaseApiController
 		}
 	}

-	public function GetSystemInfo(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	public function GetLocalizationStrings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->ApiResponse($response, $this->getApplicationService()->GetSystemInfo());
+		return $this->ApiResponse($response, json_decode($this->getLocalizationService()->GetPoAsJsonString()), true);
 	}
 }
--- a/controllers/SystemController.php
+++ b/controllers/SystemController.php
@@ -2,15 +2,22 @@

 namespace Grocy\Controllers;

-use \Grocy\Services\DatabaseMigrationService;
-use \Grocy\Services\DemoDataGeneratorService;
+use Grocy\Services\DatabaseMigrationService;
+use Grocy\Services\DemoDataGeneratorService;

 class SystemController extends BaseController
 {
-
-	public function __construct(\DI\Container $container)
+	public function About(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		parent::__construct($container);
+		return $this->renderPage($response, 'about', [
+			'system_info' => $this->getApplicationService()->GetSystemInfo(),
+			'changelog' => $this->getApplicationService()->GetChangelog()
+		]);
+	}
+
+	public function BarcodeScannerTesting(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'barcodescannertesting');
 	}

 	public function Root(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
@@ -38,69 +45,68 @@ class SystemController extends BaseController
 	 */
 	private function GetEntryPageRelative()
 	{
-		if (defined('GROCY_ENTRY_PAGE')) {
+		if (defined('GROCY_ENTRY_PAGE'))
+		{
 			$entryPage = constant('GROCY_ENTRY_PAGE');
-		} else {
+		}
+		else
+		{
 			$entryPage = 'stock';
 		}

 		// Stock
-		if ($entryPage === 'stock' && constant('GROCY_FEATURE_FLAG_STOCK')) {
+		if ($entryPage === 'stock' && constant('GROCY_FEATURE_FLAG_STOCK'))
+		{
 			return '/stockoverview';
 		}

 		// Shoppinglist
-		if ($entryPage === 'shoppinglist' && constant('GROCY_FEATURE_FLAG_SHOPPINGLIST')) {
+		if ($entryPage === 'shoppinglist' && constant('GROCY_FEATURE_FLAG_SHOPPINGLIST'))
+		{
 			return '/shoppinglist';
 		}

 		// Recipes
-		if ($entryPage === 'recipes' && constant('GROCY_FEATURE_FLAG_RECIPES')) {
+		if ($entryPage === 'recipes' && constant('GROCY_FEATURE_FLAG_RECIPES'))
+		{
 			return '/recipes';
 		}

 		// Chores
-		if ($entryPage === 'chores' && constant('GROCY_FEATURE_FLAG_CHORES')) {
+		if ($entryPage === 'chores' && constant('GROCY_FEATURE_FLAG_CHORES'))
+		{
 			return '/choresoverview';
 		}

 		// Tasks
-		if ($entryPage === 'tasks' && constant('GROCY_FEATURE_FLAG_TASKS')) {
+		if ($entryPage === 'tasks' && constant('GROCY_FEATURE_FLAG_TASKS'))
+		{
 			return '/tasks';
 		}

 		// Batteries
-		if ($entryPage === 'batteries' && constant('GROCY_FEATURE_FLAG_BATTERIES')) {
+		if ($entryPage === 'batteries' && constant('GROCY_FEATURE_FLAG_BATTERIES'))
+		{
 			return '/batteriesoverview';
 		}

-		if ($entryPage === 'equipment' && constant('GROCY_FEATURE_FLAG_EQUIPMENT')) {
+		if ($entryPage === 'equipment' && constant('GROCY_FEATURE_FLAG_EQUIPMENT'))
+		{
 			return '/equipment';
 		}

 		// Calendar
-		if ($entryPage === 'calendar' && constant('GROCY_FEATURE_FLAG_CALENDAR')) {
+		if ($entryPage === 'calendar' && constant('GROCY_FEATURE_FLAG_CALENDAR'))
+		{
 			return '/calendar';
 		}

 		// Meal Plan
-		if ($entryPage === 'mealplan' && constant('GROCY_FEATURE_FLAG_RECIPES')) {
+		if ($entryPage === 'mealplan' && constant('GROCY_FEATURE_FLAG_RECIPES'))
+		{
 			return '/mealplan';
 		}

 		return '/about';
 	}
-
-	public function About(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->renderPage($response, 'about', [
-			'system_info' => $this->getApplicationService()->GetSystemInfo(),
-			'changelog' => $this->getApplicationService()->GetChangelog()
-		]);
-	}
-
-	public function BarcodeScannerTesting(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		return $this->renderPage($response, 'barcodescannertesting');
-	}
 }
--- a/controllers/TasksApiController.php
+++ b/controllers/TasksApiController.php
@@ -2,25 +2,25 @@

 namespace Grocy\Controllers;

+use Grocy\Controllers\Users\User;
+
 class TasksApiController extends BaseApiController
 {
-	public function __construct(\DI\Container $container)
-	{
-		parent::__construct($container);
-	}
-
 	public function Current(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->ApiResponse($response, $this->getTasksService()->GetCurrent());
+		return $this->FilteredApiResponse($response, $this->getTasksService()->GetCurrent(), $request->getQueryParams());
 	}

 	public function MarkTaskAsCompleted(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$requestBody = $request->getParsedBody();
+		User::checkPermission($request, User::PERMISSION_TASKS_MARK_COMPLETED);
+
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);

 		try
 		{
 			$doneTime = date('Y-m-d H:i:s');
+
 			if (array_key_exists('done_time', $requestBody) && IsIsoDateTime($requestBody['done_time']))
 			{
 				$doneTime = $requestBody['done_time'];
@@ -37,6 +37,8 @@ class TasksApiController extends BaseApiController

 	public function UndoTask(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
+		User::checkPermission($request, User::PERMISSION_TASKS_UNDO_EXECUTION);
+
 		try
 		{
 			$this->getTasksService()->UndoTask($args['taskId']);
--- a/controllers/TasksController.php
+++ b/controllers/TasksController.php
@@ -4,16 +4,11 @@ namespace Grocy\Controllers;

 class TasksController extends BaseController
 {
-	public function __construct(\DI\Container $container)
-	{
-		parent::__construct($container);
-	}
-
 	public function Overview(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		if (isset($request->getQueryParams()['include_done']))
 		{
-			$tasks = $this->getDatabase()->tasks()->orderBy('name');
+			$tasks = $this->getDatabase()->tasks()->orderBy('name', 'COLLATE NOCASE');
 		}
 		else
 		{
@@ -26,40 +21,17 @@ class TasksController extends BaseController
 		return $this->renderPage($response, 'tasks', [
 			'tasks' => $tasks,
 			'nextXDays' => $nextXDays,
-			'taskCategories' => $this->getDatabase()->task_categories()->orderBy('name'),
+			'taskCategories' => $this->getDatabase()->task_categories()->orderBy('name', 'COLLATE NOCASE'),
 			'users' => $this->getDatabase()->users(),
 			'userfields' => $this->getUserfieldsService()->GetFields('tasks'),
 			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('tasks')
 		]);
 	}

-	public function TaskEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
-	{
-		if ($args['taskId'] == 'new')
-		{
-			return $this->renderPage($response, 'taskform', [
-				'mode' => 'create',
-				'taskCategories' => $this->getDatabase()->task_categories()->orderBy('name'),
-				'users' => $this->getDatabase()->users()->orderBy('username'),
-				'userfields' => $this->getUserfieldsService()->GetFields('tasks')
-			]);
-		}
-		else
-		{
-			return $this->renderPage($response, 'taskform', [
-				'task' =>  $this->getDatabase()->tasks($args['taskId']),
-				'mode' => 'edit',
-				'taskCategories' => $this->getDatabase()->task_categories()->orderBy('name'),
-				'users' => $this->getDatabase()->users()->orderBy('username'),
-				'userfields' => $this->getUserfieldsService()->GetFields('tasks')
-			]);
-		}
-	}
-
 	public function TaskCategoriesList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		return $this->renderPage($response, 'taskcategories', [
-			'taskCategories' => $this->getDatabase()->task_categories()->orderBy('name'),
+			'taskCategories' => $this->getDatabase()->task_categories()->orderBy('name', 'COLLATE NOCASE'),
 			'userfields' => $this->getUserfieldsService()->GetFields('task_categories'),
 			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('task_categories')
 		]);
@@ -77,13 +49,36 @@ class TasksController extends BaseController
 		else
 		{
 			return $this->renderPage($response, 'taskcategoryform', [
-				'category' =>  $this->getDatabase()->task_categories($args['categoryId']),
+				'category' => $this->getDatabase()->task_categories($args['categoryId']),
 				'mode' => 'edit',
 				'userfields' => $this->getUserfieldsService()->GetFields('task_categories')
 			]);
 		}
 	}

+	public function TaskEditForm(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		if ($args['taskId'] == 'new')
+		{
+			return $this->renderPage($response, 'taskform', [
+				'mode' => 'create',
+				'taskCategories' => $this->getDatabase()->task_categories()->orderBy('name', 'COLLATE NOCASE'),
+				'users' => $this->getDatabase()->users()->orderBy('username'),
+				'userfields' => $this->getUserfieldsService()->GetFields('tasks')
+			]);
+		}
+		else
+		{
+			return $this->renderPage($response, 'taskform', [
+				'task' => $this->getDatabase()->tasks($args['taskId']),
+				'mode' => 'edit',
+				'taskCategories' => $this->getDatabase()->task_categories()->orderBy('name', 'COLLATE NOCASE'),
+				'users' => $this->getDatabase()->users()->orderBy('username'),
+				'userfields' => $this->getUserfieldsService()->GetFields('tasks')
+			]);
+		}
+	}
+
 	public function TasksSettings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		return $this->renderPage($response, 'taskssettings');
--- a/controllers/Users/PermissionMissingException.php
+++ b/controllers/Users/PermissionMissingException.php
@@ -0,0 +1,15 @@
+<?php
+
+namespace Grocy\Controllers\Users;
+
+use Psr\Http\Message\ServerRequestInterface;
+use Slim\Exception\HttpForbiddenException;
+use Throwable;
+
+class PermissionMissingException extends HttpForbiddenException
+{
+	public function __construct(ServerRequestInterface $request, string $permission, ?Throwable $previous = null)
+	{
+		parent::__construct($request, 'Permission missing: ' . $permission, $previous);
+	}
+}
--- a/controllers/Users/User.php
+++ b/controllers/Users/User.php
@@ -0,0 +1,128 @@
+<?php
+
+namespace Grocy\Controllers\Users;
+
+use Grocy\Services\DatabaseService;
+use LessQL\Result;
+
+class User
+{
+	const PERMISSION_ADMIN = 'ADMIN';
+
+	const PERMISSION_BATTERIES = 'BATTERIES';
+
+	const PERMISSION_BATTERIES_TRACK_CHARGE_CYCLE = 'BATTERIES_TRACK_CHARGE_CYCLE';
+
+	const PERMISSION_BATTERIES_UNDO_CHARGE_CYCLE = 'BATTERIES_UNDO_CHARGE_CYCLE';
+
+	const PERMISSION_CALENDAR = 'CALENDAR';
+
+	const PERMISSION_CHORES = 'CHORES';
+
+	const PERMISSION_CHORE_TRACK_EXECUTION = 'CHORE_TRACK_EXECUTION';
+
+	const PERMISSION_CHORE_UNDO_EXECUTION = 'CHORE_UNDO_EXECUTION';
+
+	const PERMISSION_EQUIPMENT = 'EQUIPMENT';
+
+	const PERMISSION_MASTER_DATA_EDIT = 'MASTER_DATA_EDIT';
+
+	const PERMISSION_RECIPES = 'RECIPES';
+
+	const PERMISSION_RECIPES_MEALPLAN = 'RECIPES_MEALPLAN';
+
+	const PERMISSION_SHOPPINGLIST = 'SHOPPINGLIST';
+
+	const PERMISSION_SHOPPINGLIST_ITEMS_ADD = 'SHOPPINGLIST_ITEMS_ADD';
+
+	const PERMISSION_SHOPPINGLIST_ITEMS_DELETE = 'SHOPPINGLIST_ITEMS_DELETE';
+
+	const PERMISSION_STOCK = 'STOCK';
+
+	const PERMISSION_STOCK_CONSUME = 'STOCK_CONSUME';
+
+	const PERMISSION_STOCK_EDIT = 'STOCK_EDIT';
+
+	const PERMISSION_STOCK_INVENTORY = 'STOCK_INVENTORY';
+
+	const PERMISSION_STOCK_OPEN = 'STOCK_OPEN';
+
+	const PERMISSION_STOCK_PURCHASE = 'STOCK_PURCHASE';
+
+	const PERMISSION_STOCK_TRANSFER = 'STOCK_TRANSFER';
+
+	const PERMISSION_TASKS = 'TASKS';
+
+	const PERMISSION_TASKS_MARK_COMPLETED = 'TASKS_MARK_COMPLETED';
+
+	const PERMISSION_TASKS_UNDO_EXECUTION = 'TASKS_UNDO_EXECUTION';
+
+	const PERMISSION_USERS = 'USERS';
+
+	const PERMISSION_USERS_CREATE = 'USERS_CREATE';
+
+	const PERMISSION_USERS_EDIT = 'USERS_EDIT';
+
+	const PERMISSION_USERS_EDIT_SELF = 'USERS_EDIT_SELF';
+
+	const PERMISSION_USERS_READ = 'USERS_READ';
+
+	public function __construct()
+	{
+		$this->db = DatabaseService::getInstance()->GetDbConnection();
+	}
+
+	/**
+	 * @var \LessQL\Database|null
+	 */
+	protected $db;
+
+	public static function PermissionList()
+	{
+		$user = new self();
+		return $user->getPermissionList();
+	}
+
+	public static function checkPermission($request, string ...$permissions): void
+	{
+		$user = new self();
+
+		foreach ($permissions as $permission)
+		{
+			if (!$user->hasPermission($permission))
+			{
+				throw new PermissionMissingException($request, $permission);
+			}
+		}
+	}
+
+	public function getPermissionList()
+	{
+		return $this->db->uihelper_user_permissions()->where('user_id', GROCY_USER_ID);
+	}
+
+	public function hasPermission(string $permission): bool
+	{
+		return $this->getPermissions()->where('permission_name', $permission)->fetch() !== null;
+	}
+
+	public static function hasPermissions(string ...$permissions)
+	{
+		$user = new self();
+
+		foreach ($permissions as $permission)
+		{
+			if (!$user->hasPermission($permission))
+			{
+				return false;
+			}
+		}
+
+		return true;
+	}
+
+	protected function getPermissions(): Result
+	{
+		return $this->db->user_permissions_resolved()->where('user_id', GROCY_USER_ID);
+	}
+}
--- a/controllers/UsersApiController.php
+++ b/controllers/UsersApiController.php
@@ -2,18 +2,26 @@

 namespace Grocy\Controllers;

+use Grocy\Controllers\Users\User;
+
 class UsersApiController extends BaseApiController
 {
-	public function __construct(\DI\Container $container)
-	{
-		parent::__construct($container);
-	}
-
-	public function GetUsers(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	public function AddPermission(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
 		{
-			return $this->ApiResponse($response, $this->getUsersService()->GetUsersAsDto());
+			User::checkPermission($request, User::PERMISSION_ADMIN);
+			$requestBody = $this->GetParsedAndFilteredRequestBody($request);
+
+			$this->getDatabase()->user_permissions()->createRow([
+				'user_id' => $args['userId'],
+				'permission_id' => $requestBody['permission_id']
+			])->save();
+			return $this->EmptyApiResponse($response);
+		}
+		catch (\Slim\Exception\HttpSpecializedException $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage(), $ex->getCode());
 		}
 		catch (\Exception $ex)
 		{
@@ -23,7 +31,8 @@ class UsersApiController extends BaseApiController

 	public function CreateUser(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$requestBody = $request->getParsedBody();
+		User::checkPermission($request, User::PERMISSION_USERS_CREATE);
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);

 		try
 		{
@@ -32,7 +41,7 @@ class UsersApiController extends BaseApiController
 				throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
 			}

-			$this->getUsersService()->CreateUser($requestBody['username'], $requestBody['first_name'], $requestBody['last_name'], $requestBody['password']);
+			$this->getUsersService()->CreateUser($requestBody['username'], $requestBody['first_name'], $requestBody['last_name'], $requestBody['password'], $requestBody['picture_file_name']);
 			return $this->EmptyApiResponse($response);
 		}
 		catch (\Exception $ex)
@@ -43,6 +52,7 @@ class UsersApiController extends BaseApiController

 	public function DeleteUser(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
+		User::checkPermission($request, User::PERMISSION_USERS_EDIT);
 		try
 		{
 			$this->getUsersService()->DeleteUser($args['userId']);
@@ -56,11 +66,20 @@ class UsersApiController extends BaseApiController

 	public function EditUser(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		$requestBody = $request->getParsedBody();
+		if ($args['userId'] == GROCY_USER_ID)
+		{
+			User::checkPermission($request, User::PERMISSION_USERS_EDIT_SELF);
+		}
+		else
+		{
+			User::checkPermission($request, User::PERMISSION_USERS_EDIT);
+		}
+
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);

 		try
 		{
-			$this->getUsersService()->EditUser($args['userId'], $requestBody['username'], $requestBody['first_name'], $requestBody['last_name'], $requestBody['password']);
+			$this->getUsersService()->EditUser($args['userId'], $requestBody['username'], $requestBody['first_name'], $requestBody['last_name'], $requestBody['password'], $requestBody['picture_file_name']);
 			return $this->EmptyApiResponse($response);
 		}
 		catch (\Exception $ex)
@@ -69,6 +88,19 @@ class UsersApiController extends BaseApiController
 		}
 	}

+	public function GetUserSetting(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			$value = $this->getUsersService()->GetUserSetting(GROCY_USER_ID, $args['settingKey']);
+			return $this->ApiResponse($response, ['value' => $value]);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
 	public function GetUserSettings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
@@ -81,12 +113,90 @@ class UsersApiController extends BaseApiController
 		}
 	}

-	public function GetUserSetting(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	public function GetUsers(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_USERS_READ);
+		try
+		{
+			return $this->FilteredApiResponse($response, $this->getUsersService()->GetUsersAsDto(), $request->getQueryParams());
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function CurrentUser(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
 		try
 		{
-			$value = $this->getUsersService()->GetUserSetting(GROCY_USER_ID, $args['settingKey']);
-			return $this->ApiResponse($response, array('value' => $value));
+			return $this->ApiResponse($response, $this->getUsersService()->GetUsersAsDto()->where('id', GROCY_USER_ID));
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function ListPermissions(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			User::checkPermission($request, User::PERMISSION_ADMIN);
+
+			return $this->ApiResponse(
+				$response,
+				$this->getDatabase()->user_permissions()->where('user_id', $args['userId'])
+			);
+		}
+		catch (\Slim\Exception\HttpSpecializedException $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage(), $ex->getCode());
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
+
+	public function SetPermissions(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			User::checkPermission($request, User::PERMISSION_ADMIN);
+
+			$requestBody = $request->getParsedBody();
+			$db = $this->getDatabase();
+			$db->user_permissions()
+				->where('user_id', $args['userId'])
+				->delete();
+
+			$perms = [];
+			if (GROCY_MODE === 'demo' || GROCY_MODE === 'prerelease')
+			{
+				// For demo mode always all users have and keep the ADMIN permission
+				$perms[] = [
+					'user_id' => $args['userId'],
+					'permission_id' => 1
+				];
+			}
+			else
+			{
+				foreach ($requestBody['permissions'] as $perm_id)
+				{
+					$perms[] = [
+						'user_id' => $args['userId'],
+						'permission_id' => $perm_id
+					];
+				}
+			}
+			$db->insert('user_permissions', $perms, 'batch');
+
+			return $this->EmptyApiResponse($response);
+		}
+		catch (\Slim\Exception\HttpSpecializedException $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage(), $ex->getCode());
 		}
 		catch (\Exception $ex)
 		{
@@ -98,7 +208,7 @@ class UsersApiController extends BaseApiController
 	{
 		try
 		{
-			$requestBody = $request->getParsedBody();
+			$requestBody = $this->GetParsedAndFilteredRequestBody($request);

 			$value = $this->getUsersService()->SetUserSetting(GROCY_USER_ID, $args['settingKey'], $requestBody['value']);
 			return $this->EmptyApiResponse($response);
@@ -108,4 +218,17 @@ class UsersApiController extends BaseApiController
 			return $this->GenericErrorResponse($response, $ex->getMessage());
 		}
 	}
+
+	public function DeleteUserSetting(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		try
+		{
+			$value = $this->getUsersService()->DeleteUserSetting(GROCY_USER_ID, $args['settingKey']);
+			return $this->EmptyApiResponse($response);
+		}
+		catch (\Exception $ex)
+		{
+			return $this->GenericErrorResponse($response, $ex->getMessage());
+		}
+	}
 }
--- a/controllers/UsersController.php
+++ b/controllers/UsersController.php
@@ -2,12 +2,17 @@

 namespace Grocy\Controllers;

+use Grocy\Controllers\Users\User;
+
 class UsersController extends BaseController
 {
-	public function UsersList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	public function PermissionList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
 	{
-		return $this->renderPage($response, 'users', [
-			'users' => $this->getDatabase()->users()->orderBy('username')
+		User::checkPermission($request, User::PERMISSION_USERS_READ);
+		return $this->renderPage($response, 'userpermissions', [
+			'user' => $this->getDatabase()->users($args['userId']),
+			'permissions' => $this->getDatabase()->uihelper_user_permissions()
+				->where('parent IS NULL')->where('user_id', $args['userId'])
 		]);
 	}

@@ -15,16 +20,53 @@ class UsersController extends BaseController
 	{
 		if ($args['userId'] == 'new')
 		{
+			User::checkPermission($request, User::PERMISSION_USERS_CREATE);
 			return $this->renderPage($response, 'userform', [
-				'mode' => 'create'
+				'mode' => 'create',
+				'userfields' => $this->getUserfieldsService()->GetFields('users')
 			]);
 		}
 		else
 		{
+			if ($args['userId'] == GROCY_USER_ID)
+			{
+				User::checkPermission($request, User::PERMISSION_USERS_EDIT_SELF);
+			}
+			else
+			{
+				User::checkPermission($request, User::PERMISSION_USERS_EDIT);
+			}
+
 			return $this->renderPage($response, 'userform', [
-				'user' =>  $this->getDatabase()->users($args['userId']),
-				'mode' => 'edit'
+				'user' => $this->getDatabase()->users($args['userId']),
+				'mode' => 'edit',
+				'userfields' => $this->getUserfieldsService()->GetFields('users'),
+				'userfieldValues' => $this->getUserfieldsService()->GetAllValues('users')
 			]);
 		}
 	}
+
+	public function UserSettings(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		return $this->renderPage($response, 'usersettings', [
+			'languages' => array_filter(scandir(__DIR__ . '/../localization'), function ($item) {
+				if ($item == '.' || $item == '..')
+				{
+					return false;
+				}
+
+				return is_dir(__DIR__ . '/../localization/' . $item);
+			})
+		]);
+	}
+
+	public function UsersList(\Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Message\ResponseInterface $response, array $args)
+	{
+		User::checkPermission($request, User::PERMISSION_USERS_READ);
+		return $this->renderPage($response, 'users', [
+			'users' => $this->getDatabase()->users()->orderBy('username'),
+			'userfields' => $this->getUserfieldsService()->GetFields('users'),
+			'userfieldValues' => $this->getUserfieldsService()->GetAllValues('users')
+		]);
+	}
 }
--- a/data/plugins/DemoBarcodeLookupPlugin.php
+++ b/data/plugins/DemoBarcodeLookupPlugin.php
@@ -1,6 +1,6 @@
 <?php

-use \Grocy\Helpers\BaseBarcodeLookupPlugin;
+use Grocy\Helpers\BaseBarcodeLookupPlugin;

 /*
 	This class must extend BaseBarcodeLookupPlugin (in namespace \Grocy\Helpers)
@@ -55,24 +55,24 @@ class DemoBarcodeLookupPlugin extends BaseBarcodeLookupPlugin
 	*/
 	protected function ExecuteLookup($barcode)
 	{
-		if ($barcode === 'x') // Demonstration when nothing is found
-		{
+		if ($barcode === 'x')
+		{ // Demonstration when nothing is found
 			return null;
 		}
-		elseif ($barcode === 'e') // Demonstration when an error occurred
-		{
+		elseif ($barcode === 'e')
+		{ // Demonstration when an error occurred
 			throw new \Exception('This is the error message from the plugin...');
 		}
 		else
 		{
-			return array(
+			return [
 				'name' => 'LookedUpProduct_' . RandomString(5),
 				'location_id' => $this->Locations[0]->id,
 				'qu_id_purchase' => $this->QuantityUnits[0]->id,
 				'qu_id_stock' => $this->QuantityUnits[0]->id,
 				'qu_factor_purchase_to_stock' => 1,
 				'barcode' => $barcode
-			);
+			];
 		}
 	}
 }
--- a/docs/grocycode.md
+++ b/docs/grocycode.md
@@ -0,0 +1,66 @@
+grocycode
+==========
+
+grocycode is, in essence, a simple way to reference to arbitrary grocy entities.
+Each grocycode includes a magic, an entitiy identifier, an id and an ordered set of extra data.
+It is supported to be entered anywhere grocy expects one to read a barcode, but can also reference
+grocy-internal properties like specific stock entries, or specific batteries.
+
+Serialization
+----
+
+There are three mandatory parts in a grocycode:
+
+1. The magic `grcy`
+2. An entity identifer matching the regular expression `[a-z]+` (that is, lowercase english alphabet without any fancy accents, minimum length 1 character).
+3. An object identifer matching the regular expression `[0-9]+`
+
+Optionally, any number of further data without format restrictions besides not containing any double colons [0] may be appended.
+
+These parts are then linearly appended, seperated by a double colon `:`.
+
+Entity Identifers
+----
+
+Currently, there are three different entity types defined:
+
+- `p` for Products
+- `b` for Batteries
+- `c` for Chores
+
+Example
+----
+
+In this example, we encode a *Product* with ID *13*, which results in `grcy:p:13` when serialized.
+
+Product grocycodes
+----
+
+Product grocycodes extend the data format to include an optional stock id, thus may reference a specific stock entry directly.
+
+Example: `grcy:p:13:60bf8b5244b04`
+
+Battery grocycodes
+----
+
+Currently, Battery grocycodes do not define any extra fields.
+
+Chore grocycodes
+----
+
+Currently, Chore grocycodes do not define any extra fields.
+
+Visual Encoding
+----
+
+Grocy uses DataMatrix 2D (or alternatively Code128 1D) Barcodes to encode grocycodes into a visual representation. In principle, there is no problem with using
+other encoding formats like QR codes; however DataMatrix uses less space for the same information and redundancy and is a bit
+easier read by 2D barcode scanners, especially on non-flat surfaces.
+
+You can pick up cheap-ish used scanners from ebay (about 45€ in germany). Make sure to set them to the correct keyboard emulation,
+so that the double colons get entered correctly.
+
+
+Notes
+---
+[0]: Obviously, it needs to be encoded into some usable visual representation and then read. So probably you only want to encode stuff that can be typed on a keyboard.
--- a/docs/label-printing.md
+++ b/docs/label-printing.md
@@ -0,0 +1,40 @@
+Label printing
+====
+
+To enable label printing, set `FEATURE_FLAG_LABEL_PRINTER` to `true`in your `config.php`. You also need to provide a webhook target that is responsible for printing.
+
+Why webhook?
+---
+
+Label printers come in all shapes and forms, and your particular one is probably not the one used by the author of this feature. Also, grocy may does not have a
+direct connection to a local label printer (e.g. grocy is hosted in a cloud vps). Thus, a lightweight implementation is provided by grocy: whenever something
+should print, a POST request to a configured URL is made. The target then is responsible for label printing.
+
+Reference implementation
+---
+
+The webhook was developed and tested against a Brother QL-600 label printer, using endless 62mm label paper. The webhook provider implementation was
+implemented into [a fork of brother_ql_web](https://github.com/mistressofjellyfish/brother_ql_web).
+
+Webhook request
+---
+
+Requests can be configured to be sent server-side (that is, from the machine hosting grocy through GuzzleHttp) or by an AJAX request directly from the browser.
+The latter is neccesary for situations where the grocy hosting machine cannot reach your label printer, however server-side requests are a bit faster and
+tend to be more stable.
+
+Both methods fire this request upon printing:
+
+```
+POST /your/printing/api/endpoint HTTP/1.1
+
+product=<productname>&grocycode=grocy:x:xxx&due_date=DD:%2021-06-09&...
+
+```
+
+If specified, the request body may also be JSON encoded, however the fields stay the same.
+
+Additional POST parameters (like the font to use) may be supplied in `config.php`. Keep in mind that these config values will be distributed to all clients on all requests
+if the webhook is configured to run client-side.
+
+The webhook receiver is required to layout and print the resulting label.
--- a/grocy.openapi.json
+++ b/grocy.openapi.json
--- a/helpers/BaseBarcodeLookupPlugin.php
+++ b/helpers/BaseBarcodeLookupPlugin.php
@@ -11,9 +11,8 @@ abstract class BaseBarcodeLookupPlugin
 	}

 	protected $Locations;
-	protected $QuantityUnits;

-	abstract protected function ExecuteLookup($barcode);
+	protected $QuantityUnits;

 	final public function Lookup($barcode)
 	{
@@ -29,20 +28,22 @@ abstract class BaseBarcodeLookupPlugin
 		{
 			throw new \Exception('Plugin output must be an associative array');
 		}
-		if (!IsAssociativeArray($pluginOutput)) // $pluginOutput is at least an indexed array here
-		{
+
+		if (!IsAssociativeArray($pluginOutput))
+		{ // $pluginOutput is at least an indexed array here
 			throw new \Exception('Plugin output must be an associative array');
 		}

 		// Check for minimum needed properties
-		$minimunNeededProperties = array(
+		$minimunNeededProperties = [
 			'name',
 			'location_id',
 			'qu_id_purchase',
 			'qu_id_stock',
 			'qu_factor_purchase_to_stock',
 			'barcode'
-		);
+		];
+
 		foreach ($minimunNeededProperties as $prop)
 		{
 			if (!array_key_exists($prop, $pluginOutput))
@@ -59,16 +60,19 @@ abstract class BaseBarcodeLookupPlugin
 		{
 			throw new \Exception("Location $locationId is not a valid location id");
 		}
+
 		$quIdPurchase = $pluginOutput['qu_id_purchase'];
 		if (FindObjectInArrayByPropertyValue($this->QuantityUnits, 'id', $quIdPurchase) === null)
 		{
 			throw new \Exception("Location $quIdPurchase is not a valid quantity unit id");
 		}
+
 		$quIdStock = $pluginOutput['qu_id_stock'];
 		if (FindObjectInArrayByPropertyValue($this->QuantityUnits, 'id', $quIdStock) === null)
 		{
 			throw new \Exception("Location $quIdStock is not a valid quantity unit id");
 		}
+
 		$quFactor = $pluginOutput['qu_factor_purchase_to_stock'];
 		if (empty($quFactor) || !is_numeric($quFactor))
 		{
@@ -77,4 +81,6 @@ abstract class BaseBarcodeLookupPlugin

 		return $pluginOutput;
 	}
+
+	abstract protected function ExecuteLookup($barcode);
 }
--- a/helpers/ConfigurationValidator.php
+++ b/helpers/ConfigurationValidator.php
@@ -0,0 +1,84 @@
+<?php
+
+class EInvalidConfig extends Exception
+{
+}
+
+class ConfigurationValidator
+{
+	public function validateConfig()
+	{
+		self::checkMode();
+		self::checkDefaultLocale();
+		self::checkCurrencyFormat();
+		self::checkFirstDayOfWeek();
+		self::checkEntryPage();
+		self::checkMealplanFirstDayOfWeek();
+		self::checkAutoNightModeRange();
+	}
+
+	private function checkMode()
+	{
+		$allowedModes = ['production', 'dev', 'demo', 'prerelease'];
+		if (!in_array(GROCY_MODE, $allowedModes))
+		{
+			throw new EInvalidConfig('Invalid mode "' . GROCY_MODE . '" set, only ' . implode(', ', $allowedModes) . ' allowed');
+		}
+	}
+
+	private function checkDefaultLocale()
+	{
+		if (!file_exists(__DIR__ . '/../localization/' . GROCY_DEFAULT_LOCALE))
+		{
+			throw new EInvalidConfig('Invalid locale "' . GROCY_DEFAULT_LOCALE . '" set, locale needs to exist in folder localization');
+		}
+	}
+
+	private function checkFirstDayOfWeek()
+	{
+		if (!(GROCY_CALENDAR_FIRST_DAY_OF_WEEK == '' ||
+			(is_numeric(GROCY_CALENDAR_FIRST_DAY_OF_WEEK) && GROCY_CALENDAR_FIRST_DAY_OF_WEEK >= 0 && GROCY_CALENDAR_FIRST_DAY_OF_WEEK <= 6)))
+		{
+			throw new EInvalidConfig('Invalid value for CALENDAR_FIRST_DAY_OF_WEEK');
+		}
+	}
+
+	private function checkCurrencyFormat()
+	{
+		if (!(preg_match('/^([A-z]){3}$/', GROCY_CURRENCY)))
+		{
+			throw new EInvalidConfig('CURRENCY is not in ISO 4217 format (three letter code)');
+		}
+	}
+
+	private function checkEntryPage()
+	{
+		$allowedPages = ['stock', 'shoppinglist', 'recipes', 'chores', 'tasks', 'batteries', 'equipment', 'calendar', 'mealplan'];
+		if (!in_array(GROCY_ENTRY_PAGE, $allowedPages))
+		{
+			throw new EInvalidConfig('Invalid entry page "' . GROCY_ENTRY_PAGE . '" set, only ' . implode(', ', $allowedPages) . ' allowed');
+		}
+	}
+
+	private function checkMealplanFirstDayOfWeek()
+	{
+		if (!(GROCY_MEAL_PLAN_FIRST_DAY_OF_WEEK == '' ||
+			(is_numeric(GROCY_MEAL_PLAN_FIRST_DAY_OF_WEEK) && GROCY_MEAL_PLAN_FIRST_DAY_OF_WEEK >= 0 && GROCY_MEAL_PLAN_FIRST_DAY_OF_WEEK <= 6)))
+		{
+			throw new EInvalidConfig('Invalid value for MEAL_PLAN_FIRST_DAY_OF_WEEK');
+		}
+	}
+
+	private function checkAutoNightModeRange()
+	{
+		global $GROCY_DEFAULT_USER_SETTINGS;
+		if (!(preg_match('/^(?:2[0-3]|[01][0-9]):[0-5][0-9]$/', $GROCY_DEFAULT_USER_SETTINGS['auto_night_mode_time_range_from'])))
+		{
+			throw new EInvalidConfig('auto_night_mode_time_range_from is not in HH:mm format (' . $GROCY_DEFAULT_USER_SETTINGS['auto_night_mode_time_range_from'] . ')');
+		}
+		if (!(preg_match('/^(?:2[0-3]|[01][0-9]):[0-5][0-9]$/', $GROCY_DEFAULT_USER_SETTINGS['auto_night_mode_time_range_to'])))
+		{
+			throw new EInvalidConfig('auto_night_mode_time_range_to is not in HH:mm format (' . $GROCY_DEFAULT_USER_SETTINGS['auto_night_mode_time_range_to'] . ')');
+		}
+	}
+}
--- a/helpers/Grocycode.php
+++ b/helpers/Grocycode.php
@@ -0,0 +1,146 @@
+<?php
+
+namespace Grocy\Helpers;
+
+/**
+ * A class that abstracts grocycode.
+ *
+ * grocycode is a simple, easily serializable format to reference
+ * stuff within grocy. It consists of n (n ≥ 3) double-colon seperated parts:
+ *
+ *  1. The magic `grcy`
+ *  2. A type identifer, must match `[a-z]+` (i.e. only lowercase ascii, minimum length 1 character)
+ *  3. An object id
+ *  4. Any number of further data fields, double-colon seperated.
+ *
+ * @author Katharina Bogad <katharina@hacked.xyz>
+ */
+class Grocycode
+{
+	public const PRODUCT = 'p';
+
+	public const BATTERY = 'b';
+
+	public const CHORE = 'c';
+
+	public const MAGIC = 'grcy';
+
+	/**
+	 * Constructs a new instance of the Grocycode class.
+	 *
+	 * Because php doesn't support overloading, this is a proxy
+	 * to either setFromCode($code) or setFromData($type, $id, $extra_data = []).
+	 */
+	public function __construct(...$args)
+	{
+		$argc = count($args);
+		if ($argc == 1)
+		{
+			$this->setFromCode($args[0]);
+			return;
+		}
+		elseif ($argc == 2 || $argc == 3)
+		{
+			if ($argc == 2)
+			{
+				$args[] = [];
+			}
+			$this->setFromData($args[0], $args[1], $args[2]);
+			return;
+		}
+
+		throw new \Exception('No suitable overload found.');
+	}
+
+	/**
+	 * An array that registers all valid grocycode types. Register yours here by appending to this array.
+	 */
+	public static $Items = [self::PRODUCT, self::BATTERY, self::CHORE];
+
+	private $type;
+
+	private $id;
+
+	private $extra_data = [];
+
+	/**
+	 * Validates a grocycode.
+	 *
+	 * Returns true, if a supplied $code is a valid grocycode, false otherwise.
+	 *
+	 * @return bool
+	 */
+	public static function Validate(string $code)
+	{
+		try
+		{
+			$gc = new self($code);
+			return true;
+		}
+		catch (Exception $e)
+		{
+			return false;
+		}
+	}
+
+	public function GetId()
+	{
+		return $this->id;
+	}
+
+	public function GetExtraData()
+	{
+		return $this->extra_data;
+	}
+
+	public function GetType()
+	{
+		return $this->type;
+	}
+
+	public function __toString(): string
+	{
+		$arr = array_merge([self::MAGIC, $this->type, $this->id], $this->extra_data);
+
+		return implode(':', $arr);
+	}
+
+	/**
+	 * Parses a grocycode.
+	 */
+	private function setFromCode($code)
+	{
+		$parts = array_reverse(explode(':', $barcode));
+		if (array_pop($parts) != self::MAGIC)
+		{
+			throw new \Exception('Not a grocycode');
+		}
+
+		if (!in_array($this->type = array_pop($parts), self::$Items))
+		{
+			throw new \Exception('Unknown grocycode type');
+		}
+
+		$this->id = array_pop($parts);
+		$this->extra_data = array_reverse($parse);
+	}
+
+	/**
+	 * Constructs a grocycode from data.
+	 */
+	private function setFromData($type, $id, $extra_data = [])
+	{
+		if (!is_array($extra_data))
+		{
+			throw new \Exception('Extra data must be array of string');
+		}
+		if (!in_array($type, self::$Items))
+		{
+			throw new \Exception('Unknown grocycode type');
+		}
+
+		$this->type = $type;
+		$this->id = $id;
+		$this->extra_data = $extra_data;
+	}
+}
--- a/helpers/PrerequisiteChecker.php
+++ b/helpers/PrerequisiteChecker.php
@@ -1,53 +1,73 @@
 <?php

-class ERequirementNotMet extends Exception { }
+class ERequirementNotMet extends Exception
+{
+}

-const REQUIRED_PHP_EXTENSIONS = array('fileinfo', 'pdo_sqlite', 'gd');
+const REQUIRED_PHP_EXTENSIONS = ['fileinfo', 'pdo_sqlite', 'gd', 'ctype', 'json', 'intl', 'zlib'];
+const REQUIRED_SQLITE_VERSION = '3.9.0';

 class PrerequisiteChecker
 {
-    public function checkRequirements()
-    {
-        self::checkForConfigFile();
-        self::checkForConfigDistFile();
-        self::checkForComposer();
-        self::checkForPhpExtensions();
-    }
-    
-    
-    private function checkForConfigFile()
-    {
-        if (!file_exists(GROCY_DATAPATH . '/config.php'))
-        {
-            throw new ERequirementNotMet('config.php in data directory (' . GROCY_DATAPATH . ') not found. Have you copied config-dist.php to the data directory and renamed it to config.php?');
-        }
-    }
+	public function checkRequirements()
+	{
+		self::checkForConfigFile();
+		self::checkForConfigDistFile();
+		self::checkForComposer();
+		self::checkForPhpExtensions();
+		self::checkForSqliteVersion();
+	}

-    private function checkForConfigDistFile()
-    {
-        if (!file_exists(__DIR__ . '/../config-dist.php'))
-        {
-            throw new ERequirementNotMet('config-dist.php not found. Please do not remove this file.');
-        }
-    }
+	private function checkForComposer()
+	{
+		if (!file_exists(__DIR__ . '/../vendor/autoload.php'))
+		{
+			throw new ERequirementNotMet('/vendor/autoload.php not found. Have you run Composer?');
+		}
+	}

-    private function checkForComposer()
-    {
-        if (!file_exists(__DIR__ . '/../vendor/autoload.php'))
-        {
-            throw new ERequirementNotMet('/vendor/autoload.php not found. Have you run Composer?');
-        }
-    }
+	private function checkForConfigDistFile()
+	{
+		if (!file_exists(__DIR__ . '/../config-dist.php'))
+		{
+			throw new ERequirementNotMet('config-dist.php not found. Please do not remove this file.');
+		}
+	}

-    private function checkForPhpExtensions()
-    {
-        $loadedExtensions = get_loaded_extensions();
-        foreach (REQUIRED_PHP_EXTENSIONS as $extension)
-        {
-            if (!in_array($extension, $loadedExtensions))
-            {
-                throw new ERequirementNotMet("PHP module '{$extension}' not installed, but required.");
-            }
-        }
-    }
+	private function checkForConfigFile()
+	{
+		if (!file_exists(GROCY_DATAPATH . '/config.php'))
+		{
+			throw new ERequirementNotMet('config.php in data directory (' . GROCY_DATAPATH . ') not found. Have you copied config-dist.php to the data directory and renamed it to config.php?');
+		}
+	}
+
+	private function checkForPhpExtensions()
+	{
+		$loadedExtensions = get_loaded_extensions();
+
+		foreach (REQUIRED_PHP_EXTENSIONS as $extension)
+		{
+			if (!in_array($extension, $loadedExtensions))
+			{
+				throw new ERequirementNotMet("PHP module '{$extension}' not installed, but required.");
+			}
+		}
+	}
+
+	private function checkForSqliteVersion()
+	{
+		$sqliteVersion = self::getSqlVersionAsString();
+
+		if (version_compare($sqliteVersion, REQUIRED_SQLITE_VERSION, '<'))
+		{
+			throw new ERequirementNotMet('SQLite ' . REQUIRED_SQLITE_VERSION . ' is required, however you are running ' . $sqliteVersion);
+		}
+	}
+
+	private function getSqlVersionAsString()
+	{
+		$dbh = new PDO('sqlite::memory:');
+		return $dbh->query('select sqlite_version()')->fetch()[0];
+	}
 }
--- a/helpers/UrlManager.php
+++ b/helpers/UrlManager.php
@@ -24,8 +24,8 @@ class UrlManager
 		{
 			return rtrim($this->BasePath, '/') . $relativePath;
 		}
-		else // Is not a resource and URL rewriting is disabled
-		{
+		else
+		{ // Is not a resource and URL rewriting is disabled
 			return rtrim($this->BasePath, '/') . '/index.php' . $relativePath;
 		}
 	}
@@ -37,6 +37,6 @@ class UrlManager
 			$_SERVER['HTTPS'] = 'on';
 		}

-		return (isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]";
+		return (isset($_SERVER['HTTPS']) ? 'https' : 'http') . "://$_SERVER[HTTP_HOST]";
 	}
 }
--- a/helpers/WebhookRunner.php
+++ b/helpers/WebhookRunner.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace Grocy\Helpers;
+
+use GuzzleHttp\Client;
+use GuzzleHttp\ExceptionRequestException;
+use Psr\Http\Message\ResponseInterface;
+
+class WebhookRunner
+{
+	public function __construct()
+	{
+		$this->client = new Client(['timeout' => 2.0]);
+	}
+
+	private $client;
+
+	public function run($url, $args, $json = false)
+	{
+		$reqArgs = [];
+		if ($json)
+		{
+			$reqArgs = ['json' => $args];
+		}
+		else
+		{
+			$reqArgs = ['form_params' => $args];
+		}
+		try
+		{
+			file_put_contents('php://stderr', 'Running Webhook: ' . $url . "\n" . print_r($reqArgs, true));
+
+			$this->client->request('POST', $url, $reqArgs);
+		}
+		catch (RequestException $e)
+		{
+			file_put_contents('php://stderr', 'Webhook failed: ' . $url . "\n" . $e->getMessage());
+		}
+	}
+
+	public function runAll($urls, $args)
+	{
+		foreach ($urls as $url)
+		{
+			$this->run($url, $args);
+		}
+	}
+}
--- a/helpers/extensions.php
+++ b/helpers/extensions.php
@@ -2,9 +2,9 @@

 function FindObjectInArrayByPropertyValue($array, $propertyName, $propertyValue)
 {
-	foreach($array as $object)
+	foreach ($array as $object)
 	{
-		if($object->{$propertyName} == $propertyValue)
+		if ($object->{$propertyName} == $propertyValue)
 		{
 			return $object;
 		}
@@ -15,26 +15,26 @@ function FindObjectInArrayByPropertyValue($array, $propertyName, $propertyValue)

 function FindAllObjectsInArrayByPropertyValue($array, $propertyName, $propertyValue, $operator = '==')
 {
-	$returnArray = array();
-
-	foreach($array as $object)
+	$returnArray = [];
+	foreach ($array as $object)
 	{
-		switch($operator)
+		switch ($operator)
 		{
 			case '==':
-				if($object->{$propertyName} == $propertyValue)
+				if ($object->{$propertyName} == $propertyValue)
 				{
 					$returnArray[] = $object;
 				}
 				break;
 			case '>':
-				if($object->{$propertyName} > $propertyValue)
+				if ($object->{$propertyName} > $propertyValue)
 				{
 					$returnArray[] = $object;
 				}
 				break;
 			case '<':
-				if($object->{$propertyName} < $propertyValue)
+
+				if ($object->{$propertyName} < $propertyValue)
 				{
 					$returnArray[] = $object;
 				}
@@ -47,26 +47,28 @@ function FindAllObjectsInArrayByPropertyValue($array, $propertyName, $propertyVa

 function FindAllItemsInArrayByValue($array, $value, $operator = '==')
 {
-	$returnArray = array();
-
-	foreach($array as $item)
+	$returnArray = [];
+	foreach ($array as $item)
 	{
-		switch($operator)
+		switch ($operator)
 		{
 			case '==':
-				if($item == $value)
+
+				if ($item == $value)
 				{
 					$returnArray[] = $item;
 				}
 				break;
 			case '>':
-				if($item > $value)
+
+				if ($item > $value)
 				{
 					$returnArray[] = $item;
 				}
 				break;
 			case '<':
-				if($item < $value)
+
+				if ($item < $value)
 				{
 					$returnArray[] = $item;
 				}
@@ -80,7 +82,7 @@ function FindAllItemsInArrayByValue($array, $value, $operator = '==')
 function SumArrayValue($array, $propertyName)
 {
 	$sum = 0;
-	foreach($array as $object)
+	foreach ($array as $object)
 	{
 		$sum += floatval($object->{$propertyName});
 	}
@@ -138,17 +140,25 @@ function BoolToString(bool $bool)
 	return $bool ? 'true' : 'false';
 }

+function BoolToInt(bool $bool)
+{
+	return $bool ? 1 : 0;
+}
+
 function ExternalSettingValue(string $value)
 {
 	$tvalue = rtrim($value, "\r\n");
 	$lvalue = strtolower($tvalue);
-	if ($lvalue === "true"){
+
+	if ($lvalue === 'true')
+	{
 		return true;
 	}
-	elseif ($lvalue === "false")
+	elseif ($lvalue === 'false')
 	{
 		return false;
 	}
+
 	return $tvalue;
 }

@@ -158,13 +168,15 @@ function Setting(string $name, $value)
 	{
 		// The content of a $name.txt file in /data/settingoverrides can overwrite the given setting (for embedded mode)
 		$settingOverrideFile = GROCY_DATAPATH . '/settingoverrides/' . $name . '.txt';
+
 		if (file_exists($settingOverrideFile))
 		{
 			define('GROCY_' . $name, ExternalSettingValue(file_get_contents($settingOverrideFile)));
 		}
-		elseif (getenv('GROCY_' . $name) !== false) // An environment variable with the same name and prefix GROCY_ overwrites the given setting
+		elseif (getenv('GROCY_' . $name) !== false)
 		{
-			define('GROCY_' . $name, ExternalSettingValue(getenv('GROCY_'. $name)));
+			// An environment variable with the same name and prefix GROCY_ overwrites the given setting
+			define('GROCY_' . $name, ExternalSettingValue(getenv('GROCY_' . $name)));
 		}
 		else
 		{
@@ -174,10 +186,11 @@ function Setting(string $name, $value)
 }

 global $GROCY_DEFAULT_USER_SETTINGS;
-$GROCY_DEFAULT_USER_SETTINGS = array();
+$GROCY_DEFAULT_USER_SETTINGS = [];
 function DefaultUserSetting(string $name, $value)
 {
 	global $GROCY_DEFAULT_USER_SETTINGS;
+
 	if (!array_key_exists($name, $GROCY_DEFAULT_USER_SETTINGS))
 	{
 		$GROCY_DEFAULT_USER_SETTINGS[$name] = $value;
@@ -210,7 +223,7 @@ function GetUserDisplayName($user)

 function IsValidFileName($fileName)
 {
-	if(preg_match('=^[^/?*;:{}\\\\]+\.[^/?*;:{}\\\\]+$=', $fileName))
+	if (preg_match('=^[^/?*;:{}\\\\]+\.[^/?*;:{}\\\\]+$=', $fileName))
 	{
 		return true;
 	}
@@ -232,6 +245,7 @@ function string_starts_with($haystack, $needle)
 function string_ends_with($haystack, $needle)
 {
 	$length = strlen($needle);
+
 	if ($length == 0)
 	{
 		return true;
--- a/localization/cs/chore_assignment_types.po
+++ b/localization/cs/chore_assignment_types.po
@@ -1,3 +1,4 @@
+# 
 # Translators:
 # Radim Kabeláč <radim.ekk@gmail.com>, 2020
 # 
--- a/localization/cs/chore_period_types.po
+++ b/localization/cs/chore_period_types.po
@@ -1,3 +1,4 @@
+# 
 # Translators:
 # Tomas Reznicek <tomas.reznicek@gmail.com>, 2019
 # Michal Petříček <michal@petricek.org>, 2019
--- a/localization/cs/component_translations.po
+++ b/localization/cs/component_translations.po
@@ -1,3 +1,4 @@
+# 
 # Translators:
 # Tomas Reznicek <tomas.reznicek@gmail.com>, 2019
 # Radim Kabeláč <radim.ekk@gmail.com>, 2020
--- a/localization/cs/demo_data.po
+++ b/localization/cs/demo_data.po
@@ -1,3 +1,4 @@
+# 
 # Translators:
 # Michal Petříček <michal@petricek.org>, 2019
 # Ondřej Suk <ondra.suk.55@gmail.com>, 2020
@@ -75,8 +76,8 @@ msgid "Bunch"
 msgid_plural "Bunches"
 msgstr[0] "Svazek"
 msgstr[1] "Svazky"
-msgstr[2] "Svazky"
-msgstr[3] "Svazky"
+msgstr[2] "Svazků"
+msgstr[3] "Svazků"

 msgid "Gummy bears"
 msgstr "Gumoví medvídci"
@@ -151,7 +152,7 @@ msgid "Salami"
 msgstr "Salám"

 msgid "Toast"
-msgstr "Toast"
+msgstr "Toust"

 msgid "Minced meat"
 msgstr "Mleté maso"
@@ -363,21 +364,48 @@ msgid "Slovak"
 msgstr "Slovenština"

 msgid "Czech"
-msgstr ""
+msgstr "Čeština"

 msgid "Portuguese (Portugal)"
-msgstr ""
+msgstr "Portugalština (Portugalsko)"

 # Use a in your country well known supermarket name
 msgid "DemoSupermarket1"
-msgstr ""
+msgstr "UkazkovyObchod1"

 # Use a in your country well known supermarket name
 msgid "DemoSupermarket2"
-msgstr ""
+msgstr "UkazkovyObchod2"

 msgid "Japanese"
-msgstr ""
+msgstr "Japonština"

 msgid "Chinese (Taiwan)"
+msgstr "Čínština (Tchaj-wan)"
+
+msgid "Greek"
+msgstr "Řečtina"
+
+msgid "Korean"
+msgstr "Korejština"
+
+msgid "Chinese (China)"
+msgstr "Čínština (Čína)"
+
+msgid "Hebrew (Israel)"
+msgstr "Hebrejsky (Izraeil)"
+
+msgid "Tamil"
+msgstr ""
+
+msgid "Finnish"
+msgstr "Finsky"
+
+msgid "Breakfast"
+msgstr ""
+
+msgid "Lunch"
+msgstr ""
+
+msgid "Dinner"
 msgstr ""
--- a/localization/cs/locales.po
+++ b/localization/cs/locales.po
@@ -0,0 +1,123 @@
+# 
+# Translators:
+# Radim Kabeláč <radim.ekk@gmail.com>, 2020
+# Jarda Tesar <intossh@gmail.com>, 2021
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2020-08-31 19:11+0000\n"
+"Last-Translator: Jarda Tesar <intossh@gmail.com>, 2021\n"
+"Language-Team: Czech (https://www.transifex.com/grocy/teams/93189/cs/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: cs\n"
+"Plural-Forms: nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;\n"
+"X-Domain: grocy/locales\n"
+
+# Czech
+msgid "cs"
+msgstr "Čeština"
+
+# Danish
+msgid "da"
+msgstr "Dánština"
+
+# German
+msgid "de"
+msgstr "Němčina"
+
+# Greek
+msgid "el_GR"
+msgstr "Řečtina"
+
+# English
+msgid "en"
+msgstr "Angličtina"
+
+# English (Great Britain)
+msgid "en_GB"
+msgstr "Angličtina (Britská)"
+
+# Spanish
+msgid "es"
+msgstr "Španělština"
+
+# French
+msgid "fr"
+msgstr "Francouzština"
+
+# Hungarian
+msgid "hu"
+msgstr "Maďarština"
+
+# Italian
+msgid "it"
+msgstr "Italština"
+
+# Japanese
+msgid "ja"
+msgstr "Japonština"
+
+# Korean
+msgid "ko_KR"
+msgstr "Korejština"
+
+# Dutch
+msgid "nl"
+msgstr "Nizozemština"
+
+# Norwegian
+msgid "no"
+msgstr "Norština"
+
+# Polish
+msgid "pl"
+msgstr "Polština"
+
+# Portuguese (Brazil)
+msgid "pt_BR"
+msgstr "Portugalština (Brazílie)"
+
+# Portuguese (Portugal)
+msgid "pt_PT"
+msgstr "Portugalština (Portugalsko)"
+
+# Russian
+msgid "ru"
+msgstr "Ruština"
+
+# Slovak
+msgid "sk_SK"
+msgstr "Slovenština"
+
+# Swedish
+msgid "sv_SE"
+msgstr "Švédština"
+
+# Turkish
+msgid "tr"
+msgstr "Turečtina"
+
+# Chinese (Taiwan)
+msgid "zh_TW"
+msgstr "Čínština (Tradiční)"
+
+# Chinese (China)
+msgid "zh_CN"
+msgstr "Čínština (Zjednodušená)"
+
+# Hebrew (Israel)
+msgid "he_IL"
+msgstr "Hebrejština"
+
+# Tamil
+msgid "ta"
+msgstr "Tamilština"
+
+# Finnish
+msgid "fi"
+msgstr "Finština"
--- a/localization/cs/permissions.po
+++ b/localization/cs/permissions.po
@@ -0,0 +1,139 @@
+# 
+# Translators:
+# Radim Kabeláč <radim.ekk@gmail.com>, 2020
+# Jarda Tesar <intossh@gmail.com>, 2021
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2020-08-29 16:33+0000\n"
+"Last-Translator: Jarda Tesar <intossh@gmail.com>, 2021\n"
+"Language-Team: Czech (https://www.transifex.com/grocy/teams/93189/cs/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: cs\n"
+"Plural-Forms: nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;\n"
+"X-Domain: grocy/permissions\n"
+
+# All permissions
+msgid "ADMIN"
+msgstr "ADMINISTRATOR"
+
+# Create users
+msgid "USERS_CREATE"
+msgstr "UZIVATELE_VYTVORIT"
+
+# Edit users (including passwords)
+msgid "USERS_EDIT"
+msgstr "UZIVATELE_EDITACE"
+
+# Show users
+msgid "USERS_READ"
+msgstr "UZIVATEL_CTENI"
+
+# Edit own user data / change own password
+msgid "USERS_EDIT_SELF"
+msgstr "UZIVATELE_EDITOVAT_SEBE"
+
+# Undo charge cycle
+msgid "BATTERIES_UNDO_CHARGE_CYCLE"
+msgstr "BATERIE_VRACENI_NABIJECI_CYKLUS"
+
+# Track charge cycle
+msgid "BATTERIES_TRACK_CHARGE_CYCLE"
+msgstr "BATERIE_SLEDOVANI_NABIJECI_CYKLUS"
+
+# Track execution
+msgid "CHORE_TRACK_EXECUTION"
+msgstr "POVINNOST_SLEDOVANI_VYKONANI"
+
+# Undo execution
+msgid "CHORE_UNDO_EXECUTION"
+msgstr "POVINNOST_VYKONANI_VRACENI"
+
+# Edit master data
+msgid "MASTER_DATA_EDIT"
+msgstr "ZAKLADNI_DATA_EDIT"
+
+# Undo execution
+msgid "TASKS_UNDO_EXECUTION"
+msgstr "UKOL_VYKONANI_VRACENI"
+
+# Mark completed
+msgid "TASKS_MARK_COMPLETED"
+msgstr "UKOLY_OZNACIT_HOTOVO"
+
+# Edit stock entries
+msgid "STOCK_EDIT"
+msgstr "ZASOBY_EDITACE"
+
+# Transfer
+msgid "STOCK_TRANSFER"
+msgstr "PREVOD_ZASOB"
+
+# Inventory
+msgid "STOCK_INVENTORY"
+msgstr "ZASOBA_INVENTAR"
+
+# Consume
+msgid "STOCK_CONSUME"
+msgstr "ZASOBY_SPOTREBOVAT"
+
+# Open products
+msgid "STOCK_OPEN"
+msgstr "ZASOBY_OTEVRIT"
+
+# Purchase
+msgid "STOCK_PURCHASE"
+msgstr "ZASOBA_NAKUP"
+
+# Add items
+msgid "SHOPPINGLIST_ITEMS_ADD"
+msgstr "NAKUPNISEZNAM_POLOZKA_PRIDANO"
+
+# Remove items
+msgid "SHOPPINGLIST_ITEMS_DELETE"
+msgstr "NAKUPNISEZNAM_POLOZKA_SMAZANO"
+
+# User management
+msgid "USERS"
+msgstr "UZIVATEL"
+
+# Stock
+msgid "STOCK"
+msgstr "ZASOBA"
+
+# Shopping list
+msgid "SHOPPINGLIST"
+msgstr "NAKUPNISEZNAM"
+
+# Chores
+msgid "CHORES"
+msgstr "POVINOSTI"
+
+# Batteries
+msgid "BATTERIES"
+msgstr "BATERIE"
+
+# Tasks
+msgid "TASKS"
+msgstr "UKOL"
+
+# Recipes
+msgid "RECIPES"
+msgstr "RECEPTY"
+
+# Equipment
+msgid "EQUIPMENT"
+msgstr "VYBAVENI"
+
+# Calendar
+msgid "CALENDAR"
+msgstr "KALENDAR"
+
+# Meal plan
+msgid "RECIPES_MEALPLAN"
+msgstr "RECEPTY_STRAVOVACIPLANY"
--- a/localization/cs/stock_transaction_types.po
+++ b/localization/cs/stock_transaction_types.po
@@ -0,0 +1,48 @@
+# 
+# Translators:
+# Tomas Reznicek <tomas.reznicek@gmail.com>, 2019
+# Michal Franc, 2020
+# Ondřej Suk <ondra.suk.55@gmail.com>, 2020
+# Radim Kabeláč <radim.ekk@gmail.com>, 2020
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2019-05-01 17:42+0000\n"
+"Last-Translator: Radim Kabeláč <radim.ekk@gmail.com>, 2020\n"
+"Language-Team: Czech (https://www.transifex.com/grocy/teams/93189/cs/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: cs\n"
+"Plural-Forms: nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;\n"
+"X-Domain: grocy/stock_transaction_types\n"
+
+msgid "purchase"
+msgstr "Nákup"
+
+msgid "transfer_from"
+msgstr "Převod z"
+
+msgid "transfer_to"
+msgstr "Převod do"
+
+msgid "consume"
+msgstr "Spotřeba"
+
+msgid "inventory-correction"
+msgstr "Úprava zásoby"
+
+msgid "product-opened"
+msgstr "Otevření balení"
+
+msgid "stock-edit-old"
+msgstr "zasoba-editace-stary"
+
+msgid "stock-edit-new"
+msgstr "zasoba-editace-novy"
+
+msgid "self-production"
+msgstr "vlastni-produkce"
--- a/localization/cs/strings.po
+++ b/localization/cs/strings.po
--- a/localization/cs/userfield_types.po
+++ b/localization/cs/userfield_types.po
@@ -1,6 +1,8 @@
+# 
 # Translators:
 # Tomas Reznicek <tomas.reznicek@gmail.com>, 2019
 # Michal Franc, 2020
+# Radim Kabeláč <radim.ekk@gmail.com>, 2020
 # 
 msgid ""
 msgstr ""
@@ -8,7 +10,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
 "PO-Revision-Date: 2019-05-01 17:43+0000\n"
-"Last-Translator: Michal Franc, 2020\n"
+"Last-Translator: Radim Kabeláč <radim.ekk@gmail.com>, 2020\n"
 "Language-Team: Czech (https://www.transifex.com/grocy/teams/93189/cs/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -17,32 +19,54 @@ msgstr ""
 "Plural-Forms: nplurals=4; plural=(n == 1 && n % 1 == 0) ? 0 : (n >= 2 && n <= 4 && n % 1 == 0) ? 1: (n % 1 != 0 ) ? 2 : 3;\n"
 "X-Domain: grocy/userfield_types\n"

+# Text (single line)
 msgid "text-single-line"
 msgstr "Text (jeden řádek)"

+# Text (multi line)
 msgid "text-multi-line"
 msgstr "Text (více řádků)"

+# Number (integral)
 msgid "number-integral"
 msgstr "Celé číslo"

+# Number (decimal)
 msgid "number-decimal"
 msgstr "Číslo s desetinami"

+# Date (without time)
 msgid "date"
 msgstr "Datum"

+# Date & time
 msgid "datetime"
 msgstr "Datum a čas"

+# Checkbox
 msgid "checkbox"
 msgstr "Zaškrtávací políčko"

+# Select list (a single item can be selected)
 msgid "preset-list"
 msgstr "Seznam"

+# Select list (multiple items can be selected)
 msgid "preset-checklist"
 msgstr "Zaškrtávací seznam"

+# Link
 msgid "link"
 msgstr "Odkaz"
+
+# Link (with title)
+msgid "link-with-title"
+msgstr ""
+
+# File
+msgid "file"
+msgstr "soubor"
+
+# Image
+msgid "image"
+msgstr "obrazek"
--- a/localization/da/chore_assignment_types.po
+++ b/localization/da/chore_assignment_types.po
@@ -1,5 +1,7 @@
+# 
 # Translators:
 # Troels Siggaard <troels@siggaard.com>, 2019
+# klavslund <klavslund@gmail.com>, 2021
 # 
 msgid ""
 msgstr ""
@@ -7,7 +9,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
 "PO-Revision-Date: 2019-09-17 10:45+0000\n"
-"Last-Translator: Troels Siggaard <troels@siggaard.com>, 2019\n"
+"Last-Translator: klavslund <klavslund@gmail.com>, 2021\n"
 "Language-Team: Danish (https://www.transifex.com/grocy/teams/93189/da/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -20,7 +22,7 @@ msgid "no-assignment"
 msgstr "ingen-tildeling"

 msgid "who-least-did-first"
-msgstr "hvem-mindst-gjorde-først"
+msgstr "hvem-gjorde-mindst-først"

 msgid "random"
 msgstr "tilfældig"
--- a/localization/da/chore_period_types.po
+++ b/localization/da/chore_period_types.po
@@ -1,3 +1,4 @@
+# 
 # Translators:
 # Troels Siggaard <troels@siggaard.com>, 2019
 # Rasmus Bojsen <rasmus@bojsen.cn>, 2019
--- a/localization/da/component_translations.po
+++ b/localization/da/component_translations.po
@@ -1,3 +1,4 @@
+# 
 # Translators:
 # Bernd Bestel <bernd@berrnd.de>, 2019
 # 
--- a/localization/da/demo_data.po
+++ b/localization/da/demo_data.po
@@ -1,8 +1,11 @@
+# 
 # Translators:
 # dark159123 <r.j.hansen@protonmail.com>, 2019
 # Troels Siggaard <troels@siggaard.com>, 2019
 # Rasmus Bojsen <rasmus@bojsen.cn>, 2019
 # Brian Moos Lindberg <brian@blueeel.dk>, 2019
+# Mihai Marinescu <mihai@marinescu.dk>, 2020
+# klavslund <klavslund@gmail.com>, 2021
 # 
 msgid ""
 msgstr ""
@@ -10,7 +13,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
 "PO-Revision-Date: 2019-05-01 17:42+0000\n"
-"Last-Translator: Brian Moos Lindberg <brian@blueeel.dk>, 2019\n"
+"Last-Translator: klavslund <klavslund@gmail.com>, 2021\n"
 "Language-Team: Danish (https://www.transifex.com/grocy/teams/93189/da/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -167,7 +170,7 @@ msgid "This is the note content of the recipe ingredient"
 msgstr "Dette er indholdet af opskrift-ingrediensens notefeltet"

 msgid "Demo User"
-msgstr "Demobruger"
+msgstr "Demo bruger"

 msgid "Gram"
 msgid_plural "Grams"
@@ -336,33 +339,60 @@ msgid "Portuguese (Brazil)"
 msgstr "Portugisisk (Brasilien)"

 msgid "This is a note"
-msgstr ""
+msgstr "Denne er en note"

 msgid "Freezer"
-msgstr ""
+msgstr "Fryser"

 msgid "Hungarian"
-msgstr ""
+msgstr "Ungarsk"

 msgid "Slovak"
-msgstr ""
+msgstr "Slovakisk"

 msgid "Czech"
-msgstr ""
+msgstr "Tjekkisk"

 msgid "Portuguese (Portugal)"
-msgstr ""
+msgstr "Portugisisk (Portugal)"

 # Use a in your country well known supermarket name
 msgid "DemoSupermarket1"
-msgstr ""
+msgstr "Netto"

 # Use a in your country well known supermarket name
 msgid "DemoSupermarket2"
-msgstr ""
+msgstr "Fakta"

 msgid "Japanese"
-msgstr ""
+msgstr "Japansk"

 msgid "Chinese (Taiwan)"
+msgstr "Kinesisk (Taiwan)"
+
+msgid "Greek"
+msgstr "Græsk"
+
+msgid "Korean"
+msgstr "Koreansk"
+
+msgid "Chinese (China)"
+msgstr "Kinesisk"
+
+msgid "Hebrew (Israel)"
+msgstr "Hebraisk"
+
+msgid "Tamil"
+msgstr "Tamilsk"
+
+msgid "Finnish"
+msgstr "Finsk"
+
+msgid "Breakfast"
+msgstr ""
+
+msgid "Lunch"
+msgstr ""
+
+msgid "Dinner"
 msgstr ""
--- a/localization/da/locales.po
+++ b/localization/da/locales.po
@@ -0,0 +1,122 @@
+# 
+# Translators:
+# klavslund <klavslund@gmail.com>, 2021
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2020-08-31 19:11+0000\n"
+"Last-Translator: klavslund <klavslund@gmail.com>, 2021\n"
+"Language-Team: Danish (https://www.transifex.com/grocy/teams/93189/da/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: da\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Domain: grocy/locales\n"
+
+# Czech
+msgid "cs"
+msgstr "cs"
+
+# Danish
+msgid "da"
+msgstr "da"
+
+# German
+msgid "de"
+msgstr "de"
+
+# Greek
+msgid "el_GR"
+msgstr "el_GR"
+
+# English
+msgid "en"
+msgstr "en"
+
+# English (Great Britain)
+msgid "en_GB"
+msgstr "en_GB"
+
+# Spanish
+msgid "es"
+msgstr "es"
+
+# French
+msgid "fr"
+msgstr "fr"
+
+# Hungarian
+msgid "hu"
+msgstr "hu"
+
+# Italian
+msgid "it"
+msgstr "it"
+
+# Japanese
+msgid "ja"
+msgstr "ja"
+
+# Korean
+msgid "ko_KR"
+msgstr "ko_KR"
+
+# Dutch
+msgid "nl"
+msgstr "nl"
+
+# Norwegian
+msgid "no"
+msgstr "no"
+
+# Polish
+msgid "pl"
+msgstr "pl"
+
+# Portuguese (Brazil)
+msgid "pt_BR"
+msgstr "pt_BR"
+
+# Portuguese (Portugal)
+msgid "pt_PT"
+msgstr "pt_PT"
+
+# Russian
+msgid "ru"
+msgstr "ru"
+
+# Slovak
+msgid "sk_SK"
+msgstr "sk_SK"
+
+# Swedish
+msgid "sv_SE"
+msgstr "sv_SE"
+
+# Turkish
+msgid "tr"
+msgstr "tr"
+
+# Chinese (Taiwan)
+msgid "zh_TW"
+msgstr "zh_TW"
+
+# Chinese (China)
+msgid "zh_CN"
+msgstr "zh_CN"
+
+# Hebrew (Israel)
+msgid "he_IL"
+msgstr "he_IL"
+
+# Tamil
+msgid "ta"
+msgstr "ta"
+
+# Finnish
+msgid "fi"
+msgstr "fi"
--- a/localization/da/permissions.po
+++ b/localization/da/permissions.po
@@ -0,0 +1,139 @@
+# 
+# Translators:
+# Mihai Marinescu <mihai@marinescu.dk>, 2020
+# klavslund <klavslund@gmail.com>, 2021
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2020-08-29 16:33+0000\n"
+"Last-Translator: klavslund <klavslund@gmail.com>, 2021\n"
+"Language-Team: Danish (https://www.transifex.com/grocy/teams/93189/da/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: da\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Domain: grocy/permissions\n"
+
+# All permissions
+msgid "ADMIN"
+msgstr "ADMIN"
+
+# Create users
+msgid "USERS_CREATE"
+msgstr "USERS_CREATE"
+
+# Edit users (including passwords)
+msgid "USERS_EDIT"
+msgstr "USERS_EDIT"
+
+# Show users
+msgid "USERS_READ"
+msgstr "USERS_READ"
+
+# Edit own user data / change own password
+msgid "USERS_EDIT_SELF"
+msgstr "USERS_EDIT_SELF"
+
+# Undo charge cycle
+msgid "BATTERIES_UNDO_CHARGE_CYCLE"
+msgstr "BATTERIES_UNDO_CHARGE_CYCLE"
+
+# Track charge cycle
+msgid "BATTERIES_TRACK_CHARGE_CYCLE"
+msgstr "BATTERIES_TRACK_CHARGE_CYCLE"
+
+# Track execution
+msgid "CHORE_TRACK_EXECUTION"
+msgstr "CHORE_TRACK_EXECUTION"
+
+# Undo execution
+msgid "CHORE_UNDO_EXECUTION"
+msgstr "CHORE_UNDO_EXECUTION"
+
+# Edit master data
+msgid "MASTER_DATA_EDIT"
+msgstr "MASTER_DATA_EDIT"
+
+# Undo execution
+msgid "TASKS_UNDO_EXECUTION"
+msgstr "TASKS_UNDO_EXECUTION"
+
+# Mark completed
+msgid "TASKS_MARK_COMPLETED"
+msgstr "TASKS_MARK_COMPLETED"
+
+# Edit stock entries
+msgid "STOCK_EDIT"
+msgstr "STOCK_EDIT"
+
+# Transfer
+msgid "STOCK_TRANSFER"
+msgstr "STOCK_TRANSFER"
+
+# Inventory
+msgid "STOCK_INVENTORY"
+msgstr "STOCK_INVENTORY"
+
+# Consume
+msgid "STOCK_CONSUME"
+msgstr "STOCK_CONSUME"
+
+# Open products
+msgid "STOCK_OPEN"
+msgstr "STOCK_OPEN"
+
+# Purchase
+msgid "STOCK_PURCHASE"
+msgstr "STOCK_PURCHASE"
+
+# Add items
+msgid "SHOPPINGLIST_ITEMS_ADD"
+msgstr "SHOPPINGLIST_ITEMS_ADD"
+
+# Remove items
+msgid "SHOPPINGLIST_ITEMS_DELETE"
+msgstr "SHOPPINGLIST_ITEMS_DELETE"
+
+# User management
+msgid "USERS"
+msgstr "BRUGERE"
+
+# Stock
+msgid "STOCK"
+msgstr "BEHOLDNING"
+
+# Shopping list
+msgid "SHOPPINGLIST"
+msgstr "INDKØBSLISTE"
+
+# Chores
+msgid "CHORES"
+msgstr "GØREMÅL"
+
+# Batteries
+msgid "BATTERIES"
+msgstr "BATTERIER"
+
+# Tasks
+msgid "TASKS"
+msgstr "OPGAVER"
+
+# Recipes
+msgid "RECIPES"
+msgstr "OPSKRIFTER"
+
+# Equipment
+msgid "EQUIPMENT"
+msgstr "UDSTYR"
+
+# Calendar
+msgid "CALENDAR"
+msgstr "KALENDER"
+
+# Meal plan
+msgid "RECIPES_MEALPLAN"
+msgstr "RECIPES_MEALPLAN"
--- a/localization/da/stock_transaction_types.po
+++ b/localization/da/stock_transaction_types.po
@@ -1,6 +1,8 @@
+# 
 # Translators:
 # Troels Siggaard <troels@siggaard.com>, 2019
 # Brian Moos Lindberg <brian@blueeel.dk>, 2019
+# Mihai Marinescu <mihai@marinescu.dk>, 2020
 # 
 msgid ""
 msgstr ""
@@ -8,7 +10,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
 "PO-Revision-Date: 2019-05-01 17:42+0000\n"
-"Last-Translator: Brian Moos Lindberg <brian@blueeel.dk>, 2019\n"
+"Last-Translator: Mihai Marinescu <mihai@marinescu.dk>, 2020\n"
 "Language-Team: Danish (https://www.transifex.com/grocy/teams/93189/da/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -42,4 +44,4 @@ msgid "stock-edit-new"
 msgstr "lager-redigering-ny"

 msgid "self-production"
-msgstr ""
+msgstr "selvproduktion"
--- a/localization/da/strings.po
+++ b/localization/da/strings.po
--- a/localization/da/userfield_types.po
+++ b/localization/da/userfield_types.po
@@ -1,5 +1,8 @@
+# 
 # Translators:
 # Brian Moos Lindberg <brian@blueeel.dk>, 2019
+# Mihai Marinescu <mihai@marinescu.dk>, 2020
+# klavslund <klavslund@gmail.com>, 2021
 # 
 msgid ""
 msgstr ""
@@ -7,7 +10,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
 "PO-Revision-Date: 2019-05-01 17:43+0000\n"
-"Last-Translator: Brian Moos Lindberg <brian@blueeel.dk>, 2019\n"
+"Last-Translator: klavslund <klavslund@gmail.com>, 2021\n"
 "Language-Team: Danish (https://www.transifex.com/grocy/teams/93189/da/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -16,32 +19,54 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 "X-Domain: grocy/userfield_types\n"

+# Text (single line)
 msgid "text-single-line"
 msgstr "tekst-enkelt-linje"

+# Text (multi line)
 msgid "text-multi-line"
 msgstr "tekst-flere-linjer"

+# Number (integral)
 msgid "number-integral"
 msgstr "tal-heltal"

+# Number (decimal)
 msgid "number-decimal"
 msgstr "tal-decimal"

+# Date (without time)
 msgid "date"
 msgstr "dato"

+# Date & time
 msgid "datetime"
 msgstr "datotid"

+# Checkbox
 msgid "checkbox"
 msgstr "afkrydsningsfelt"

+# Select list (a single item can be selected)
 msgid "preset-list"
 msgstr "forudindstillet-liste"

+# Select list (multiple items can be selected)
 msgid "preset-checklist"
 msgstr "forudindstillet-tjekliste"

+# Link
 msgid "link"
 msgstr "link"
+
+# Link (with title)
+msgid "link-with-title"
+msgstr "link-med-overskrift"
+
+# File
+msgid "file"
+msgstr "fil"
+
+# Image
+msgid "image"
+msgstr "billede"
--- a/localization/de/chore_assignment_types.po
+++ b/localization/de/chore_assignment_types.po
@@ -1,5 +1,6 @@
+# 
 # Translators:
-# Bernd Bestel <bernd@berrnd.de>, 2019
+# Bernd Bestel <bernd@berrnd.de>, 2021
 # 
 msgid ""
 msgstr ""
@@ -7,7 +8,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
 "PO-Revision-Date: 2019-09-17 10:45+0000\n"
-"Last-Translator: Bernd Bestel <bernd@berrnd.de>, 2019\n"
+"Last-Translator: Bernd Bestel <bernd@berrnd.de>, 2021\n"
 "Language-Team: German (https://www.transifex.com/grocy/teams/93189/de/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
--- a/localization/de/chore_period_types.po
+++ b/localization/de/chore_period_types.po
@@ -1,5 +1,6 @@
+# 
 # Translators:
-# Bernd Bestel <bernd@berrnd.de>, 2019
+# Bernd Bestel <bernd@berrnd.de>, 2021
 # 
 msgid ""
 msgstr ""
@@ -7,7 +8,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
 "PO-Revision-Date: 2019-05-01 17:42+0000\n"
-"Last-Translator: Bernd Bestel <bernd@berrnd.de>, 2019\n"
+"Last-Translator: Bernd Bestel <bernd@berrnd.de>, 2021\n"
 "Language-Team: German (https://www.transifex.com/grocy/teams/93189/de/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
--- a/localization/de/component_translations.po
+++ b/localization/de/component_translations.po
@@ -1,3 +1,4 @@
+# 
 # Translators:
 # Bernd Bestel <bernd@berrnd.de>, 2019
 # 
--- a/localization/de/demo_data.po
+++ b/localization/de/demo_data.po
@@ -1,5 +1,6 @@
+# 
 # Translators:
-# Bernd Bestel <bernd@berrnd.de>, 2020
+# Bernd Bestel <bernd@berrnd.de>, 2021
 # 
 msgid ""
 msgstr ""
@@ -7,7 +8,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
 "PO-Revision-Date: 2019-05-01 17:42+0000\n"
-"Last-Translator: Bernd Bestel <bernd@berrnd.de>, 2020\n"
+"Last-Translator: Bernd Bestel <bernd@berrnd.de>, 2021\n"
 "Language-Team: German (https://www.transifex.com/grocy/teams/93189/de/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -363,3 +364,30 @@ msgstr "Japanisch"

 msgid "Chinese (Taiwan)"
 msgstr "Chinesisch (Taiwan)"
+
+msgid "Greek"
+msgstr "Griechisch"
+
+msgid "Korean"
+msgstr "Koreanisch"
+
+msgid "Chinese (China)"
+msgstr "Chinesisch (China)"
+
+msgid "Hebrew (Israel)"
+msgstr "Hebräisch (Israel)"
+
+msgid "Tamil"
+msgstr "Tamil"
+
+msgid "Finnish"
+msgstr "Finnisch"
+
+msgid "Breakfast"
+msgstr "Frühstück"
+
+msgid "Lunch"
+msgstr "Mittagessen"
+
+msgid "Dinner"
+msgstr "Abendessen"
--- a/localization/de/locales.po
+++ b/localization/de/locales.po
@@ -0,0 +1,122 @@
+# 
+# Translators:
+# Bernd Bestel <bernd@berrnd.de>, 2020
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2020-08-31 19:11+0000\n"
+"Last-Translator: Bernd Bestel <bernd@berrnd.de>, 2020\n"
+"Language-Team: German (https://www.transifex.com/grocy/teams/93189/de/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: de\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Domain: grocy/locales\n"
+
+# Czech
+msgid "cs"
+msgstr "Tschechisch"
+
+# Danish
+msgid "da"
+msgstr "Dänisch"
+
+# German
+msgid "de"
+msgstr "de"
+
+# Greek
+msgid "el_GR"
+msgstr "Griechisch"
+
+# English
+msgid "en"
+msgstr "de"
+
+# English (Great Britain)
+msgid "en_GB"
+msgstr "Englisch (Großbritannien)"
+
+# Spanish
+msgid "es"
+msgstr "Spanisch"
+
+# French
+msgid "fr"
+msgstr "Französisch"
+
+# Hungarian
+msgid "hu"
+msgstr "Ungarisch "
+
+# Italian
+msgid "it"
+msgstr "Italienisch"
+
+# Japanese
+msgid "ja"
+msgstr "Japanisch"
+
+# Korean
+msgid "ko_KR"
+msgstr "Koreanisch"
+
+# Dutch
+msgid "nl"
+msgstr "Niederländisch"
+
+# Norwegian
+msgid "no"
+msgstr "Norwegisch"
+
+# Polish
+msgid "pl"
+msgstr "Polnisch"
+
+# Portuguese (Brazil)
+msgid "pt_BR"
+msgstr "Portugiesisch (Brasilien)"
+
+# Portuguese (Portugal)
+msgid "pt_PT"
+msgstr "Portugiesisch (Portugal)"
+
+# Russian
+msgid "ru"
+msgstr "Russisch"
+
+# Slovak
+msgid "sk_SK"
+msgstr "Slowakisch"
+
+# Swedish
+msgid "sv_SE"
+msgstr "Schwedisch"
+
+# Turkish
+msgid "tr"
+msgstr "Türkisch"
+
+# Chinese (Taiwan)
+msgid "zh_TW"
+msgstr "Chinesisch (Taiwan)"
+
+# Chinese (China)
+msgid "zh_CN"
+msgstr "Chinesisch (China)"
+
+# Hebrew (Israel)
+msgid "he_IL"
+msgstr "Hebräisch (Israel)"
+
+# Tamil
+msgid "ta"
+msgstr "Tamil"
+
+# Finnish
+msgid "fi"
+msgstr "Finnisch"
--- a/localization/de/permissions.po
+++ b/localization/de/permissions.po
@@ -0,0 +1,139 @@
+# 
+# Translators:
+# @RubenKelevra <ruben@freifunk-nrw.de>, 2021
+# Bernd Bestel <bernd@berrnd.de>, 2021
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2020-08-29 16:33+0000\n"
+"Last-Translator: Bernd Bestel <bernd@berrnd.de>, 2021\n"
+"Language-Team: German (https://www.transifex.com/grocy/teams/93189/de/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: de\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Domain: grocy/permissions\n"
+
+# All permissions
+msgid "ADMIN"
+msgstr "Alle Berechtigungen"
+
+# Create users
+msgid "USERS_CREATE"
+msgstr "Benutzer erstellen"
+
+# Edit users (including passwords)
+msgid "USERS_EDIT"
+msgstr "Benutzer bearbeiten (inklusive Passwörter)"
+
+# Show users
+msgid "USERS_READ"
+msgstr "Benutzer anzeigen"
+
+# Edit own user data / change own password
+msgid "USERS_EDIT_SELF"
+msgstr "Eigene Benutzerdaten bearbeiten / eigenes Passwort ändern"
+
+# Undo charge cycle
+msgid "BATTERIES_UNDO_CHARGE_CYCLE"
+msgstr "Ladezyklus rückgängig machen"
+
+# Track charge cycle
+msgid "BATTERIES_TRACK_CHARGE_CYCLE"
+msgstr "Ladezyklus erfassen"
+
+# Track execution
+msgid "CHORE_TRACK_EXECUTION"
+msgstr "Ausführung erfassen"
+
+# Undo execution
+msgid "CHORE_UNDO_EXECUTION"
+msgstr "Ausführung rückgängig machen"
+
+# Edit master data
+msgid "MASTER_DATA_EDIT"
+msgstr "Stammdaten bearbeiten"
+
+# Undo execution
+msgid "TASKS_UNDO_EXECUTION"
+msgstr "Ausführung rückgängig machen"
+
+# Mark completed
+msgid "TASKS_MARK_COMPLETED"
+msgstr "Als erledigt markieren"
+
+# Edit stock entries
+msgid "STOCK_EDIT"
+msgstr "Bestandseinträge bearbeiten"
+
+# Transfer
+msgid "STOCK_TRANSFER"
+msgstr "Umlagern"
+
+# Inventory
+msgid "STOCK_INVENTORY"
+msgstr "Inventur"
+
+# Consume
+msgid "STOCK_CONSUME"
+msgstr "Verbrauch"
+
+# Open products
+msgid "STOCK_OPEN"
+msgstr "Produkt als geöffnet markieren"
+
+# Purchase
+msgid "STOCK_PURCHASE"
+msgstr "Einkauf"
+
+# Add items
+msgid "SHOPPINGLIST_ITEMS_ADD"
+msgstr "Eintrag hinzufügen"
+
+# Remove items
+msgid "SHOPPINGLIST_ITEMS_DELETE"
+msgstr "Eintrag entfernen"
+
+# User management
+msgid "USERS"
+msgstr "Benutzerverwaltung"
+
+# Stock
+msgid "STOCK"
+msgstr "Bestand"
+
+# Shopping list
+msgid "SHOPPINGLIST"
+msgstr "Einkaufszettel"
+
+# Chores
+msgid "CHORES"
+msgstr "Hausarbeiten"
+
+# Batteries
+msgid "BATTERIES"
+msgstr "Batterien"
+
+# Tasks
+msgid "TASKS"
+msgstr "Aufgaben"
+
+# Recipes
+msgid "RECIPES"
+msgstr "Rezepte"
+
+# Equipment
+msgid "EQUIPMENT"
+msgstr "Ausstattung"
+
+# Calendar
+msgid "CALENDAR"
+msgstr "Kalender"
+
+# Meal plan
+msgid "RECIPES_MEALPLAN"
+msgstr "Speiseplan"
--- a/localization/de/stock_transaction_types.po
+++ b/localization/de/stock_transaction_types.po
@@ -1,3 +1,4 @@
+# 
 # Translators:
 # Bernd Bestel <bernd@berrnd.de>, 2020
 # 
--- a/localization/de/strings.po
+++ b/localization/de/strings.po
--- a/localization/de/userfield_types.po
+++ b/localization/de/userfield_types.po
@@ -1,5 +1,6 @@
+# 
 # Translators:
-# Bernd Bestel <bernd@berrnd.de>, 2019
+# Bernd Bestel <bernd@berrnd.de>, 2020
 # 
 msgid ""
 msgstr ""
@@ -7,7 +8,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
 "PO-Revision-Date: 2019-05-01 17:43+0000\n"
-"Last-Translator: Bernd Bestel <bernd@berrnd.de>, 2019\n"
+"Last-Translator: Bernd Bestel <bernd@berrnd.de>, 2020\n"
 "Language-Team: German (https://www.transifex.com/grocy/teams/93189/de/)\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -16,32 +17,54 @@ msgstr ""
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 "X-Domain: grocy/userfield_types\n"

+# Text (single line)
 msgid "text-single-line"
 msgstr "Text (einzeilig)"

+# Text (multi line)
 msgid "text-multi-line"
 msgstr "Text (mehrzeilig)"

+# Number (integral)
 msgid "number-integral"
 msgstr "Zahl (Ganzzahl)"

+# Number (decimal)
 msgid "number-decimal"
 msgstr "Zahl (mit Dezimalstellen)"

+# Date (without time)
 msgid "date"
 msgstr "Datum (ohne Zeitanteil)"

+# Date & time
 msgid "datetime"
 msgstr "Datum & Zeit"

+# Checkbox
 msgid "checkbox"
 msgstr "Kontrollkästchen"

+# Select list (a single item can be selected)
 msgid "preset-list"
 msgstr "Auswahlliste (feste Werte, einzelner Wert kann ausgewählt werden)"

+# Select list (multiple items can be selected)
 msgid "preset-checklist"
 msgstr "Auswahlliste (feste Werte, mehrere Werte können ausgewählt werden)"

+# Link
 msgid "link"
 msgstr "Link"
+
+# Link (with title)
+msgid "link-with-title"
+msgstr "Link (mit Titel)"
+
+# File
+msgid "file"
+msgstr "Datei"
+
+# Image
+msgid "image"
+msgstr "Bild"
--- a/localization/demo_data.pot
+++ b/localization/demo_data.pot
@@ -359,3 +359,30 @@ msgstr ""

 msgid "Chinese (Taiwan)"
 msgstr ""
+
+msgid "Greek"
+msgstr ""
+
+msgid "Korean"
+msgstr ""
+
+msgid "Chinese (China)"
+msgstr ""
+
+msgid "Hebrew (Israel)"
+msgstr ""
+
+msgid "Tamil"
+msgstr ""
+
+msgid "Finnish"
+msgstr ""
+
+msgid "Breakfast"
+msgstr ""
+
+msgid "Lunch"
+msgstr ""
+
+msgid "Dinner"
+msgstr ""
--- a/localization/el_GR/chore_assignment_types.po
+++ b/localization/el_GR/chore_assignment_types.po
@@ -0,0 +1,30 @@
+# 
+# Translators:
+# Dionysios Gkotsis <bloodsak4@yahoo.gr>, 2020
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2019-09-17 10:45+0000\n"
+"Last-Translator: Dionysios Gkotsis <bloodsak4@yahoo.gr>, 2020\n"
+"Language-Team: Greek (Greece) (https://www.transifex.com/grocy/teams/93189/el_GR/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: el_GR\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Domain: grocy/chore_assignment_types\n"
+
+msgid "no-assignment"
+msgstr "χωρίς ανάθεση"
+
+msgid "who-least-did-first"
+msgstr "όποιος το έκανε πρώτα"
+
+msgid "random"
+msgstr "τυχαία"
+
+msgid "in-alphabetical-order"
+msgstr "με αλφαβητική σειρά"
--- a/localization/el_GR/chore_period_types.po
+++ b/localization/el_GR/chore_period_types.po
@@ -0,0 +1,36 @@
+# 
+# Translators:
+# datablitz7 <plant7@gmail.com>, 2019
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2019-05-01 17:42+0000\n"
+"Last-Translator: datablitz7 <plant7@gmail.com>, 2019\n"
+"Language-Team: Greek (Greece) (https://www.transifex.com/grocy/teams/93189/el_GR/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: el_GR\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Domain: grocy/chore_types\n"
+
+msgid "manually"
+msgstr "χρειροκίνητα"
+
+msgid "dynamic-regular"
+msgstr "δυναμικό-κανονικό"
+
+msgid "daily"
+msgstr "ημερήσιο"
+
+msgid "weekly"
+msgstr "εβδομαδιαίο"
+
+msgid "monthly"
+msgstr "μηνιαίο"
+
+msgid "yearly"
+msgstr "ετήσιο"
--- a/localization/el_GR/component_translations.po
+++ b/localization/el_GR/component_translations.po
@@ -0,0 +1,50 @@
+# 
+# Translators:
+# Bernd Bestel <bernd@berrnd.de>, 2020
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2019-05-01 17:42+0000\n"
+"Last-Translator: Bernd Bestel <bernd@berrnd.de>, 2020\n"
+"Language-Team: Greek (Greece) (https://www.transifex.com/grocy/teams/93189/el_GR/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: el_GR\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Domain: grocy/component_translations\n"
+
+msgid "timeago_locale"
+msgstr "el"
+
+msgid "timeago_nan"
+msgstr "πριν NaN χρόνια"
+
+msgid "moment_locale"
+msgstr "el"
+
+msgid "datatables_localization"
+msgstr ""
+"{\"sDecimal\":\",\",\"sEmptyTable\":\"Δεν υπάρχουν δεδομένα στον "
+"πίνακα\",\"sInfo\":\"Εμφανίζονται _START_ έως _END_ από _TOTAL_ "
+"εγγραφές\",\"sInfoEmpty\":\"Εμφανίζονται 0 έως 0 από 0 "
+"εγγραφές\",\"sInfoFiltered\":\"(φιλτραρισμένες από _MAX_ συνολικά "
+"εγγραφές)\",\"sInfoPostFix\":\"\",\"sInfoThousands\":\".\",\"sLengthMenu\":\"Δείξε"
+" _MENU_ "
+"εγγραφές\",\"sLoadingRecords\":\"Φόρτωση...\",\"sProcessing\":\"Επεξεργασία...\",\"sSearch\":\"Αναζήτηση:\",\"sSearchPlaceholder\":\"Αναζήτηση\",\"sThousands\":\".\",\"sUrl\":\"\",\"sZeroRecords\":\"Δεν"
+" βρέθηκαν εγγραφές που να "
+"ταιριάζουν\",\"oPaginate\":{\"sFirst\":\"Πρώτη\",\"sPrevious\":\"Προηγούμενη\",\"sNext\":\"Επόμενη\",\"sLast\":\"Τελευταία\"},\"oAria\":{\"sSortAscending\":\":"
+" ενεργοποιήστε για αύξουσα ταξινόμηση της στήλης\",\"sSortDescending\":\": "
+"ενεργοποιήστε για φθίνουσα ταξινόμηση της στήλης\"}}"
+
+msgid "summernote_locale"
+msgstr "el-GR"
+
+msgid "fullcalendar_locale"
+msgstr "el"
+
+msgid "bootstrap-select_locale"
+msgstr "en_US"
--- a/localization/el_GR/demo_data.po
+++ b/localization/el_GR/demo_data.po
@@ -0,0 +1,395 @@
+# 
+# Translators:
+# datablitz7 <plant7@gmail.com>, 2019
+# ByteGet, 2020
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2019-05-01 17:42+0000\n"
+"Last-Translator: ByteGet, 2020\n"
+"Language-Team: Greek (Greece) (https://www.transifex.com/grocy/teams/93189/el_GR/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: el_GR\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Domain: grocy/demo_data\n"
+
+msgid "Cookies"
+msgstr "Μπισκότα"
+
+msgid "Chocolate"
+msgstr "Σοκολάτα"
+
+msgid "Pantry"
+msgstr "Τροφοθήκη"
+
+msgid "Candy cupboard"
+msgstr "Ντουλάπι γλυκών"
+
+msgid "Tinned food cupboard"
+msgstr "Ντουλάπι κονσερβών"
+
+msgid "Fridge"
+msgstr "Ψυγείο"
+
+msgid "Piece"
+msgid_plural "Pieces"
+msgstr[0] "Τεμάχιο"
+msgstr[1] "Τεμάχια"
+
+msgid "Pack"
+msgid_plural "Packs"
+msgstr[0] "Πακέτο"
+msgstr[1] "Πακέτα"
+
+msgid "Glass"
+msgid_plural "Glasses"
+msgstr[0] "Ποτήρι"
+msgstr[1] "Ποτήρια"
+
+msgid "Tin"
+msgid_plural "Tins"
+msgstr[0] "Κουτάκι"
+msgstr[1] "Κουτάκια"
+
+msgid "Can"
+msgid_plural "Cans"
+msgstr[0] "Κουτάκι"
+msgstr[1] "Κουτάκια"
+
+msgid "Bunch"
+msgid_plural "Bunches"
+msgstr[0] "Ματσάκι"
+msgstr[1] "Ματσάκια"
+
+msgid "Gummy bears"
+msgstr "Gummy bears"
+
+msgid "Crisps"
+msgstr "Πατατάκια"
+
+msgid "Eggs"
+msgstr "Αυγά"
+
+msgid "Noodles"
+msgstr "Νούντλς"
+
+msgid "Pickles"
+msgstr "Πίκλες"
+
+msgid "Gulash soup"
+msgstr "Σούπα Γκούλας"
+
+msgid "Yogurt"
+msgstr "Γιαούρτι"
+
+msgid "Cheese"
+msgstr "Τυρί"
+
+msgid "Cold cuts"
+msgstr "Αλλαντικά"
+
+msgid "Paprika"
+msgstr "Πάπρικα"
+
+msgid "Cucumber"
+msgstr "Αγγούρι"
+
+msgid "Radish"
+msgstr "Ραδίκι"
+
+msgid "Tomato"
+msgstr "Τομάτα"
+
+msgid "Changed towels in the bathroom"
+msgstr "Άλλαγμα πετσετών στο μπάνιο"
+
+msgid "Cleaned the kitchen floor"
+msgstr "Καθάρισμα πατώματος κουζίνας"
+
+msgid "Warranty ends"
+msgstr "Λήξη εγγύησης"
+
+msgid "TV remote control"
+msgstr "Τηλεκοντρόλ τηλεόρασης"
+
+msgid "Alarm clock"
+msgstr "Ξυπνητήρι"
+
+msgid "Heat remote control"
+msgstr "Τηλεκοντρόλ θέρμανσης"
+
+msgid "Lawn mowed in the garden"
+msgstr "Κούρεμα γρασιδιού στον κήπο"
+
+msgid "Some good snacks"
+msgstr "Μερικά καλά σνακ"
+
+msgid "Pizza dough"
+msgstr "Ζυμάρι πίτσας"
+
+msgid "Sieved tomatoes"
+msgstr "Πασάτα"
+
+msgid "Salami"
+msgstr "Σαλάμι"
+
+msgid "Toast"
+msgstr "Τοστ"
+
+msgid "Minced meat"
+msgstr "Κιμάς"
+
+msgid "Pizza"
+msgstr "Πίτσα"
+
+msgid "Spaghetti bolognese"
+msgstr "Μακαρόνια Μπολονέζ"
+
+msgid "Sandwiches"
+msgstr "Σάντουιτς"
+
+msgid "English"
+msgstr "Αγγλικά"
+
+msgid "German"
+msgstr "Γερμανικά"
+
+msgid "Italian"
+msgstr "Ιταλικά"
+
+msgid "This is the note content of the recipe ingredient"
+msgstr "Αυτό είναι το περιεχόμενο της σημείωσης του υλικού της συνταγής"
+
+msgid "Demo User"
+msgstr "Δοκιμαστικός Χρήστης"
+
+msgid "Gram"
+msgid_plural "Grams"
+msgstr[0] "Γραμμάριο"
+msgstr[1] "Γραμμάρια"
+
+msgid "Flour"
+msgstr "Αλεύρι"
+
+msgid "Pancakes"
+msgstr "Τηγανήτες"
+
+msgid "Sugar"
+msgstr "Ζάχαρη"
+
+msgid "Home"
+msgstr "Σπίτι"
+
+msgid "Life"
+msgstr "Ζωή"
+
+msgid "Projects"
+msgstr "Σχέδιο"
+
+msgid "Repair the garage door"
+msgstr "Επισκευάστε την πόρτα του γκαράζ"
+
+msgid "Fork and improve grocy"
+msgstr "Fork και Βελτιώστε το grocy"
+
+msgid "Find a solution for what to do when I forget the door keys"
+msgstr ""
+"Βρείτε μια λύση για το τι πρέπει να κάνω όταν ξεχάσω τα κλειδιά της πόρτας"
+
+msgid "Sweets"
+msgstr "Γλυκά"
+
+msgid "Bakery products"
+msgstr "Προϊόντα αρτοποιίας"
+
+msgid "Tinned food"
+msgstr "Κονσερβοποιημένα τρόφιμα"
+
+msgid "Butchery products"
+msgstr "Προϊόντα κρεοπωλείου"
+
+msgid "Vegetables/Fruits"
+msgstr "Λαχανικά / Φρούτα"
+
+msgid "Refrigerated products"
+msgstr "Προϊόντα Ψυγείου "
+
+msgid "Coffee machine"
+msgstr "Μηχανή καφέ"
+
+msgid "Dishwasher"
+msgstr "Πλυντήριο πιάτων"
+
+msgid "Liter"
+msgstr "Λίτρο"
+
+msgid "Liters"
+msgstr "Λίτρα"
+
+msgid "Bottle"
+msgstr "Μπουκάλι"
+
+msgid "Bottles"
+msgstr "Μπουκάλια"
+
+msgid "Milk"
+msgstr "Γάλα"
+
+msgid "Chocolate sauce"
+msgstr "Σάλτσα σοκολάτας"
+
+msgid "Milliliters"
+msgstr "Χιλιοστόλιτρα"
+
+msgid "Milliliter"
+msgstr "Χιλιοστόλιτρο"
+
+msgid "Bottom"
+msgstr "Κάτω μέρος"
+
+msgid "Topping"
+msgstr "Επικάλυψη"
+
+msgid "French"
+msgstr "Γαλλικά"
+
+msgid "Turkish"
+msgstr "Turkish"
+
+msgid "Spanish"
+msgstr "Ισπανικά"
+
+msgid "Russian"
+msgstr "Ρώσικα"
+
+msgid "The thing which happens on the 5th of every month"
+msgstr "Το πράγμα που συμβαίνει στις 5 κάθε μήνα"
+
+msgid "The thing which happens daily"
+msgstr "Το πράγμα που συμβαίνει καθημερινά"
+
+msgid "The thing which happens on Mondays and Wednesdays"
+msgstr "Αυτό που συμβαίνει Δευτέρα και Τετάρτη"
+
+msgid "Swedish"
+msgstr "Σουηδικά"
+
+msgid "Polish"
+msgstr "Πολωνικά"
+
+msgid "Milk Chocolate"
+msgstr "Σοκολάτα γάλακτος"
+
+msgid "Dark Chocolate"
+msgstr "Μαύρη σοκολάτα"
+
+msgid "Slice"
+msgid_plural "Slices"
+msgstr[0] "Φέτα"
+msgstr[1] "Φέτες"
+
+msgid "Example userentity"
+msgstr "Παράδειγμα χρήστη"
+
+msgid "This is an example user entity..."
+msgstr "Αυτό είναι ένα παράδειγμα οντότητας χρήστη ..."
+
+msgid "Custom field"
+msgstr "Προσαρμοσμένο πεδίο"
+
+msgid "Example field value..."
+msgstr "Παράδειγμα τιμής πεδίου ..."
+
+msgid "Waffle rolls"
+msgstr "Βάφλες"
+
+msgid "Danish"
+msgstr "Δανέζικα"
+
+msgid "Dutch"
+msgstr "Ολλανδικά"
+
+msgid "Norwegian"
+msgstr "Νορβηγικά"
+
+msgid "Demo"
+msgstr "Δοκιμή "
+
+msgid "Stable version"
+msgstr "Σταθερή έκδοση"
+
+msgid "Preview version"
+msgstr "Έκδοση προεπισκόπησης"
+
+msgid "current release"
+msgstr "τρέχουσα κυκλοφορία"
+
+msgid "not yet released"
+msgstr "δεν έχει κυκλοφορήσει ακόμη"
+
+msgid "Portuguese (Brazil)"
+msgstr "Πορτογαλικά (Βραζιλία)"
+
+msgid "This is a note"
+msgstr "Αυτή είναι μια σημείωση"
+
+msgid "Freezer"
+msgstr "Καταψύκτης"
+
+msgid "Hungarian"
+msgstr "Ουγγρικά"
+
+msgid "Slovak"
+msgstr "Σλοβάκος"
+
+msgid "Czech"
+msgstr "Τσέχικα"
+
+msgid "Portuguese (Portugal)"
+msgstr "Πορτογαλικά (Πορτογαλία)"
+
+# Use a in your country well known supermarket name
+msgid "DemoSupermarket1"
+msgstr "Επίδειξη σούπερ μάρκετ1"
+
+# Use a in your country well known supermarket name
+msgid "DemoSupermarket2"
+msgstr "Επίδειξη σούπερ μάρκετ2"
+
+msgid "Japanese"
+msgstr "Ιαπωνικά"
+
+msgid "Chinese (Taiwan)"
+msgstr "Κινέζικα (Ταϊβάν)"
+
+msgid "Greek"
+msgstr "Ελληνικά"
+
+msgid "Korean"
+msgstr "Κορεάτικα"
+
+msgid "Chinese (China)"
+msgstr ""
+
+msgid "Hebrew (Israel)"
+msgstr ""
+
+msgid "Tamil"
+msgstr ""
+
+msgid "Finnish"
+msgstr ""
+
+msgid "Breakfast"
+msgstr ""
+
+msgid "Lunch"
+msgstr ""
+
+msgid "Dinner"
+msgstr ""
--- a/localization/el_GR/locales.po
+++ b/localization/el_GR/locales.po
@@ -0,0 +1,122 @@
+# 
+# Translators:
+# ByteGet, 2020
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2020-08-31 19:11+0000\n"
+"Last-Translator: ByteGet, 2020\n"
+"Language-Team: Greek (Greece) (https://www.transifex.com/grocy/teams/93189/el_GR/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: el_GR\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Domain: grocy/locales\n"
+
+# Czech
+msgid "cs"
+msgstr "cs"
+
+# Danish
+msgid "da"
+msgstr "da"
+
+# German
+msgid "de"
+msgstr "de"
+
+# Greek
+msgid "el_GR"
+msgstr "el_GR"
+
+# English
+msgid "en"
+msgstr "en"
+
+# English (Great Britain)
+msgid "en_GB"
+msgstr "en_GB"
+
+# Spanish
+msgid "es"
+msgstr "es"
+
+# French
+msgid "fr"
+msgstr "fr"
+
+# Hungarian
+msgid "hu"
+msgstr "hu"
+
+# Italian
+msgid "it"
+msgstr "it"
+
+# Japanese
+msgid "ja"
+msgstr "ja"
+
+# Korean
+msgid "ko_KR"
+msgstr "ko_KR"
+
+# Dutch
+msgid "nl"
+msgstr "nl"
+
+# Norwegian
+msgid "no"
+msgstr "no"
+
+# Polish
+msgid "pl"
+msgstr "pl"
+
+# Portuguese (Brazil)
+msgid "pt_BR"
+msgstr "pt_BR"
+
+# Portuguese (Portugal)
+msgid "pt_PT"
+msgstr "pt_PT"
+
+# Russian
+msgid "ru"
+msgstr "ru"
+
+# Slovak
+msgid "sk_SK"
+msgstr "sk_SK"
+
+# Swedish
+msgid "sv_SE"
+msgstr "sv_SE"
+
+# Turkish
+msgid "tr"
+msgstr "tr"
+
+# Chinese (Taiwan)
+msgid "zh_TW"
+msgstr "zh_TW"
+
+# Chinese (China)
+msgid "zh_CN"
+msgstr ""
+
+# Hebrew (Israel)
+msgid "he_IL"
+msgstr ""
+
+# Tamil
+msgid "ta"
+msgstr ""
+
+# Finnish
+msgid "fi"
+msgstr ""
--- a/localization/el_GR/permissions.po
+++ b/localization/el_GR/permissions.po
@@ -0,0 +1,139 @@
+# 
+# Translators:
+# datablitz7 <plant7@gmail.com>, 2020
+# ByteGet, 2020
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2020-08-29 16:33+0000\n"
+"Last-Translator: ByteGet, 2020\n"
+"Language-Team: Greek (Greece) (https://www.transifex.com/grocy/teams/93189/el_GR/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: el_GR\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Domain: grocy/permissions\n"
+
+# All permissions
+msgid "ADMIN"
+msgstr "ΔΙΑΧΕΙΡΙΣΤΗΣ"
+
+# Create users
+msgid "USERS_CREATE"
+msgstr "ΔΗΜΙΟΥΡΓΙΑ_ΧΡΗΣΤΩΝ"
+
+# Edit users (including passwords)
+msgid "USERS_EDIT"
+msgstr "ΕΠΕΞΕΡΓΑΣΙΑ_ΧΡΗΣΤΩΝ"
+
+# Show users
+msgid "USERS_READ"
+msgstr "ΠΡΟΒΟΛΗ_ΧΡΗΣΤΩΝ"
+
+# Edit own user data / change own password
+msgid "USERS_EDIT_SELF"
+msgstr "ΕΠΕΞΕΡΓΑΣΙΑ_ΙΔΙΟΥ_ΧΡΗΣΤΗ"
+
+# Undo charge cycle
+msgid "BATTERIES_UNDO_CHARGE_CYCLE"
+msgstr "ΔΙΑΧΕΙΡΙΣΤΗΣ"
+
+# Track charge cycle
+msgid "BATTERIES_TRACK_CHARGE_CYCLE"
+msgstr "USERS_CREATE"
+
+# Track execution
+msgid "CHORE_TRACK_EXECUTION"
+msgstr "ΧΡΗΣΤΕΣ_EDIT"
+
+# Undo execution
+msgid "CHORE_UNDO_EXECUTION"
+msgstr "USERS_READ"
+
+# Edit master data
+msgid "MASTER_DATA_EDIT"
+msgstr "USERS_EDIT_SELF"
+
+# Undo execution
+msgid "TASKS_UNDO_EXECUTION"
+msgstr "ΜΠΑΤΑΡΙΕΣ_UNDO_CHARGE_CYCLE"
+
+# Mark completed
+msgid "TASKS_MARK_COMPLETED"
+msgstr "ΜΠΑΤΑΡΙΑ_TRACK_CHARGE_CYCLE"
+
+# Edit stock entries
+msgid "STOCK_EDIT"
+msgstr "CHORE_TRACK_EXECUTION"
+
+# Transfer
+msgid "STOCK_TRANSFER"
+msgstr "CHORE_UNDO_EXECUTION"
+
+# Inventory
+msgid "STOCK_INVENTORY"
+msgstr "MASTER_DATA_EDIT"
+
+# Consume
+msgid "STOCK_CONSUME"
+msgstr "ΚΑΘΗΚΟΝΤΑ_UNDO_EXECUTION"
+
+# Open products
+msgid "STOCK_OPEN"
+msgstr "ΚΑΘΗΚΟΝΤΑ_MARK_COMPLETED"
+
+# Purchase
+msgid "STOCK_PURCHASE"
+msgstr "STOCK_EDIT"
+
+# Add items
+msgid "SHOPPINGLIST_ITEMS_ADD"
+msgstr "STOCK_TRANSFER"
+
+# Remove items
+msgid "SHOPPINGLIST_ITEMS_DELETE"
+msgstr "STOCK_INVENTORY"
+
+# User management
+msgid "USERS"
+msgstr "STOCK_CONSUME"
+
+# Stock
+msgid "STOCK"
+msgstr "STOCK_OPEN"
+
+# Shopping list
+msgid "SHOPPINGLIST"
+msgstr "STOCK_PURCHASE"
+
+# Chores
+msgid "CHORES"
+msgstr "ΑΓΟΡΑ ΛΙΣΤΑ_ITEMS_ADD"
+
+# Batteries
+msgid "BATTERIES"
+msgstr "ΑΓΟΡΑ ΛΙΣΤΑ_ITEMS_DELETE"
+
+# Tasks
+msgid "TASKS"
+msgstr "ΧΡΗΣΤΕΣ"
+
+# Recipes
+msgid "RECIPES"
+msgstr "ΣΤΟΚ"
+
+# Equipment
+msgid "EQUIPMENT"
+msgstr "ΛΙΣΤΑ ΜΕ ΤΑ ΨΩΝΙΑ"
+
+# Calendar
+msgid "CALENDAR"
+msgstr "ΜΙΚΡΟΔΟΥΛΕΙΕΣ"
+
+# Meal plan
+msgid "RECIPES_MEALPLAN"
+msgstr "ΜΠΑΤΑΡΙΕΣ"
--- a/localization/el_GR/stock_transaction_types.po
+++ b/localization/el_GR/stock_transaction_types.po
@@ -0,0 +1,46 @@
+# 
+# Translators:
+# Dionysios Gkotsis <bloodsak4@yahoo.gr>, 2020
+# ByteGet, 2020
+# 
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2019-05-01T17:59:17+00:00\n"
+"PO-Revision-Date: 2019-05-01 17:42+0000\n"
+"Last-Translator: ByteGet, 2020\n"
+"Language-Team: Greek (Greece) (https://www.transifex.com/grocy/teams/93189/el_GR/)\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: el_GR\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Domain: grocy/stock_transaction_types\n"
+
+msgid "purchase"
+msgstr "Αγορά"
+
+msgid "transfer_from"
+msgstr "μεταφορά απο"
+
+msgid "transfer_to"
+msgstr "μεταφορά στο"
+
+msgid "consume"
+msgstr "καταναλώνω"
+
+msgid "inventory-correction"
+msgstr "διόρθωση αποθέματος"
+
+msgid "product-opened"
+msgstr "το προϊόν είναι ανοιχτό"
+
+msgid "stock-edit-old"
+msgstr "απόθεμα-επεξεργασία-παλιά"
+
+msgid "stock-edit-new"
+msgstr "απόθεμα-επεξεργασία-νέο"
+
+msgid "self-production"
+msgstr "αυτοπαραγωγή"
--- a/Show More
+++ b/Show More