Add permissions tables and API function

api.php

@@ -228,6 +228,31 @@ switch ($VARS['action']) {
         $data = $database->select('accounts', ['uid', 'username', 'realname (name)'], ["OR" => ['username[~]' => $VARS['search'], 'realname[~]' => $VARS['search']], "LIMIT" => 10]);
         exit(json_encode(["status" => "OK", "result" => $data]));
         break;
+    case "permission":
+        if (is_empty($VARS['code'])) {
+            header("HTTP/1.1 400 Bad Request");
+            die("\"400 Bad Request\"");
+        }
+        $perm = $VARS['code'];
+        if ($VARS['uid']) {
+            if ($database->has("accounts", ['uid' => $VARS['uid']])) {
+                $user = $database->select('accounts', ['username'], ['uid' => $VARS['uid']])[0]['username'];
+            } else {
+                exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false)]));
+            }
+        } else if ($VARS['username']) {
+            if ($database->has("accounts", ['username' => $VARS['username']])) {
+                $user = $VARS['username'];
+            } else {
+                exit(json_encode(["status" => "ERROR", "msg" => lang("user does not exist", false)]));
+            }
+        } else {
+            header("HTTP/1.1 400 Bad Request");
+            die("\"400 Bad Request\"");
+        }
+        $hasperm = account_has_permission($user, $perm);
+        exit(json_encode(["status" => "OK", "has_permission" => $hasperm]));
+        break;
     default:
         header("HTTP/1.1 400 Bad Request");
         die("\"400 Bad Request\"");

lib/login.php

@@ -236,6 +236,25 @@ function get_account_status($username, &$error) {
     }
 }
 
+/**
+ * Check if the given username has the given permission (or admin access)
+ * @global $database $database
+ * @param string $username
+ * @param string $permcode
+ * @return boolean TRUE if the user has the permission (or admin access), else FALSE
+ */
+function account_has_permission($username, $permcode) {
+    global $database;
+    return $database->has('assigned_permissions', [
+                '[>]accounts' => [
+                    'uid' => 'uid'
+                ],
+                '[>]permissions' => [
+                    'permid' => 'permid'
+                ]
+                    ], ['AND' => ['OR' => ['permcode' => $permcode, 'permcode' => 'ADMIN'], 'username' => $username]]) === TRUE;
+}
+
 ////////////////////////////////////////////////////////////////////////////////
 //                              Login handling                                //
 ////////////////////////////////////////////////////////////////////////////////