feat: Implement module permissions system with database-driven access control

- Added `users_permissions` table for managing user permissions.
- Created `PermissionRepository` for handling permission logic.
- Refactored `controls\Users::permissions()` to utilize the new database structure.
- Introduced AJAX endpoint for saving user permissions.
- Enhanced user management UI with permission checkboxes.
- Added vacation management template for handling employee absences.
- Implemented tests for `PermissionRepository`.

tests/Controllers/UsersControllerTest.php

@@ -27,6 +27,6 @@ function run_users_controller_tests()
   $state_with_existing = UsersController::impersonationStateAfterLoginAs( $regular_user, $target_user, $admin_user );
   assert_users_controller_same( 1, (int)$state_with_existing['impersonator_user']['id'], 'Expected existing impersonator to stay unchanged.' );
 
-  $view_model = UsersController::buildMainViewModel( $target_user, $admin_user, [ $admin_user, $regular_user, $target_user ] );
+  $view_model = UsersController::buildMainViewModel( $target_user, $admin_user, [ $admin_user, $regular_user, $target_user ], [] );
   assert_users_controller_same( true, $view_model['can_switch_back'], 'Expected can_switch_back to be true when impersonator is admin.' );
 }

tests/Domain/Users/PermissionRepositoryTest.php

@@ -0,0 +1,32 @@
+<?php
+
+require_once __DIR__ . '/../../../autoload/Domain/Users/PermissionRepository.php';
+
+use Domain\Users\PermissionRepository;
+
+function assert_perm( $expected, $actual, $message )
+{
+  if ( $expected !== $actual )
+    throw new Exception( $message . " (expected " . var_export( $expected, true ) . ", got " . var_export( $actual, true ) . ")" );
+}
+
+function run_permission_repository_tests()
+{
+  // Test MODULES constant
+  $modules = PermissionRepository::MODULES;
+  assert_perm( true, in_array( 'tasks', $modules ), 'MODULES should contain tasks' );
+  assert_perm( true, in_array( 'finances', $modules ), 'MODULES should contain finances' );
+  assert_perm( 6, count( $modules ), 'MODULES should have 6 entries' );
+  assert_perm( false, in_array( 'zaplecze', $modules ), 'MODULES should not contain zaplecze' );
+
+  // Test DEFAULTS constant
+  $defaults = PermissionRepository::DEFAULTS;
+  assert_perm( 1, $defaults['tasks'], 'tasks should default to 1' );
+  assert_perm( 0, $defaults['finances'], 'finances should default to 0' );
+  assert_perm( 0, $defaults['crm'], 'crm should default to 0' );
+
+  // Test defaults() returns full module array
+  $result = PermissionRepository::defaults();
+  assert_perm( 6, count( $result ), 'defaults() should return 6 modules' );
+  assert_perm( 1, $result['tasks'], 'defaults() tasks should be 1' );
+}

tests/run.php

@@ -4,6 +4,7 @@ require_once __DIR__ . '/Domain/Tasks/WorkTimeRepositoryTest.php';
 require_once __DIR__ . '/Domain/Tasks/TaskAttachmentRepositoryTest.php';
 require_once __DIR__ . '/Domain/Tasks/MailToTaskImporterTest.php';
 require_once __DIR__ . '/Domain/Users/UserRepositoryTest.php';
+require_once __DIR__ . '/Domain/Users/PermissionRepositoryTest.php';
 require_once __DIR__ . '/Controllers/TasksControllerTest.php';
 require_once __DIR__ . '/Controllers/UsersControllerTest.php';
 
@@ -12,6 +13,7 @@ $tests = [
   'run_task_attachment_repository_tests',
   'run_mail_to_task_importer_tests',
   'run_user_repository_tests',
+  'run_permission_repository_tests',
   'run_tasks_controller_tests',
   'run_users_controller_tests'
 ];