Merge branch 'bugfix/permission_checks' into dev

bus/src/main/java/de/srsoftware/umbrella/messagebus/events/ItemEvent.java

@@ -1,16 +1,15 @@
+/* © SRSoftware 2025 */
 package de.srsoftware.umbrella.messagebus.events;
 
-import de.srsoftware.umbrella.core.ModuleRegistry;
-import de.srsoftware.umbrella.core.api.Owner;
-import de.srsoftware.umbrella.core.constants.Field;
-import de.srsoftware.umbrella.core.model.*;
-
-import java.util.Collection;
-import java.util.List;
-
 import static de.srsoftware.umbrella.core.constants.Field.*;
 import static de.srsoftware.umbrella.core.model.Translatable.t;
 
+import de.srsoftware.umbrella.core.ModuleRegistry;
+import de.srsoftware.umbrella.core.api.Owner;
+import de.srsoftware.umbrella.core.model.*;
+import java.util.Collection;
+import java.util.List;
+
 public class ItemEvent extends Event<Item>{
 	public ItemEvent(UmbrellaUser initiator, String module, Item item, EventType type) {
 		super(initiator, module, item, type);

frontend/src/routes/stock/ItemProps.svelte

@@ -76,12 +76,9 @@
 <table>
     <tbody>
         <tr>
-            <td>{t('ID')}</td>
+            <td>
-            <td>{item.id}</td>
+                {t('ID')}
-        </tr>
+            </td>
-
-        <tr>
-            <td>{t('Code')}:</td>
             <td>
                 <LineEditor type="span" editable={true} value={item.code} onSet={v => update('code',v)} />
             </td>

stock/src/main/java/de/srsoftware/umbrella/stock/StockModule.java

@@ -33,12 +33,10 @@ import de.srsoftware.umbrella.core.constants.Text;
 import de.srsoftware.umbrella.core.exceptions.UmbrellaException;
 import de.srsoftware.umbrella.core.model.*;
 import de.srsoftware.umbrella.core.model.Location;
-
-import java.io.IOException;
-import java.util.*;
-
 import de.srsoftware.umbrella.messagebus.events.Event;
 import de.srsoftware.umbrella.messagebus.events.ItemEvent;
+import java.io.IOException;
+import java.util.*;
 import org.json.JSONObject;
 
 public class StockModule extends BaseHandler implements StockService {
@@ -228,7 +226,8 @@ public class StockModule extends BaseHandler implements StockService {
 	}
 
 	private boolean getChildLocations(UmbrellaUser user, long parentId, HttpExchange ex) throws IOException {
-		LOG.log(WARNING,"No security check implemented for {0}.getChildLocations(user, parentId, ex)!",getClass().getSimpleName()); // TODO check, that user is allowed to request that location
+		var owner = stockDb.loadLocation(parentId).owner();
+		if (!assigned(owner,user)) throw forbidden("You are not allowed to access items of {owner}", OWNER,owner);
 		return sendContent(ex, stockDb.listChildLocations(parentId).stream().sorted(comparing(l -> l.name().toLowerCase())).map(DbLocation::toMap));
 	}