checking category for group changes

2023-07-01 20:02:06 +02:00 · 2023-07-01 20:02:06 +02:00 · 9b4bcbb880
parent 5050c6d07b
commit 9b4bcbb880
11 changed files with 314 additions and 420 deletions
--- a/groupTasks/groups/baumeister
+++ b/groupTasks/groups/baumeister
@ -1,6 +1,6 @@
 {
-    "category": "BaumeisterGGG",
-    "name": "baumeister 4555",
+    "category": "BaumeisterGHG",
+    "name": "baumeister GHG1",
    "tasks": [
      {
        "name": "Test1",
--- a/groupTasks/groups/baumeister
+++ b/groupTasks/groups/baumeister
@ -0,0 +1,42 @@
+{
+    "category": "AaumeisterGHG V2",
+    "name": "baumeister V5",
+    "tasks": [
+      {
+        "name": "Test1",
+        "onFinish": "pause",
+        "undoPossible": false,
+        "scriptPath": "",
+        "parameters": []
+      },
+      {
+        "name": "Test2",
+        "onFinish": "nextStep",
+        "undoPossible": false,
+        "scriptPath": "",
+        "parameters": []
+      },
+      {
+        "name": "Test3",
+        "onFinish": "nextStep",
+        "undoPossible": false,
+        "scriptPath": "",
+        "parameters": []
+      },
+      {
+        "name": "Test3",
+        "onFinish": "nextStep",
+        "undoPossible": false,
+        "scriptPath": "",
+        "parameters": []
+      },
+      {
+        "name": "Test3",
+        "onFinish": "nextStep",
+        "undoPossible": false,
+        "scriptPath": "",
+        "parameters": []
+      }
+    ]
+  }
+  
--- a/groupTasks/groups/baumeister/index.json
+++ b/groupTasks/groups/baumeister/index.json
@ -1,5 +1,5 @@
 {
-    "category": "BaumeisterFFFF",
+    "category": "BaumeisterFFFFB13",
    "name": "baumeister AAA",
    "tasks": [
      {
--- a/main.go
+++ b/main.go
@ -33,9 +33,9 @@ func init() {

 	utils.ValidatorInit()
 	logger.InitLanguageLogMessages()
-	systempermissions.InitSystemPermissions()
 	grouptasks.InitLoadCategoryGroups()
 	database.InitDatabase()
+	systempermissions.CreateMasterRoleIfNotExist()
 }

 func main() {
--- a/modules/cache/systempermissions.go
+++ b/modules/cache/systempermissions.go
@ -1,65 +0,0 @@
-package cache
-
-import (
-	"sync"
-
-	"github.com/rs/zerolog/log"
-)
-
-var systemPermissions []string
-var sp sync.RWMutex
-
-/*
-func AddSystemPermission(permission string) {
-	sp.Lock()
-	systemPermissions = append(systemPermissions, permission)
-	sp.Unlock()
-} */
-
-func AddSystemPermissions(permissions []string) {
-	sp.Lock()
-
-	for _, permission := range permissions {
-		systemPermissions = append(systemPermissions, permission)
-	}
-
-	sp.Unlock()
-}
-
-func DeleteSystemPermissions(permissions []string) {
-	sp.Lock()
-
-	for i, permission := range permissions {
-		if systemPermissions[i] == permission {
-			log.Debug().Msgf("delete permission %s", permission)
-			systemPermissions = removeSystemPermission(systemPermissions, i)
-		}
-	}
-
-	sp.Unlock()
-}
-
-/*
-func DeleteSystemPermission(permission string) {
-	sp.Lock()
-
-	for i := 0; i < len(systemPermissions); i++ {
-		if systemPermissions[i] == permission {
-			systemPermissions = removeSystemPermission(systemPermissions, i)
-			break
-		}
-	}
-
-	sp.Unlock()
-} */
-
-func removeSystemPermission(permissions []string, i int) []string {
-	return append(permissions[:i], permissions[i+1:]...)
-}
-
-func GetSystemPermissions() []string {
-	sp.RLock()
-	defer sp.RUnlock()
-
-	return systemPermissions
-}
--- a/modules/database/database.go
+++ b/modules/database/database.go
@ -2,14 +2,9 @@ package database

 import (
 	"fmt"
-	"janex/admin-dashboard-backend/modules/cache"
 	"janex/admin-dashboard-backend/modules/config"
 	"janex/admin-dashboard-backend/modules/structs"
-	"time"

-	"github.com/google/uuid"
-	"github.com/rs/zerolog/log"
-	"golang.org/x/crypto/bcrypt"
 	"gorm.io/driver/mysql"
 	"gorm.io/gorm"
 )
@ -36,158 +31,4 @@ func InitDatabase() {
 	db.AutoMigrate(&structs.Scanner{})
 	db.AutoMigrate(&structs.Role{})
 	db.AutoMigrate(&structs.RolePermission{})
-
-	masterRoleId := handleMasterRolePermissions()
-	//handleMasterRolePermissions()
-	createDefaultAdminUser(masterRoleId)
-}
-
-func createDefaultAdminUser(masterRoleId string) {
-	var userCount int64
-	DB.Model(&structs.User{}).Count(&userCount)
-
-	if userCount > 0 {
-		return
-	}
-
-	log.Info().Msg("No users found. Master account was created:")
-
-	pw := []byte("adminadmin")
-
-	hashedPassword, err := bcrypt.GenerateFromPassword(pw, bcrypt.DefaultCost)
-
-	if err != nil {
-		panic(err)
-	}
-
-	user := structs.User{
-		Id:        uuid.New().String(),
-		RoleId:    masterRoleId,
-		Username:  "admin",
-		Email:     "admin@roese.dev",
-		Password:  string(hashedPassword),
-		CreatedAt: time.Now(),
-	}
-
-	DB.Create(&user)
-
-	log.Info().Msgf("Username: %s", user.Username)
-	log.Info().Msgf("Password: %s", string(pw))
-}
-
-func handleMasterRolePermissions() (roleId string) {
-	// create admin role if not already existing
-	role := structs.Role{
-		Id:           uuid.New().String(),
-		Master:       true,
-		DisplayName:  "Admin",
-		Description:  "Management board",
-		CreatedAt:    time.Now(),
-		SortingOrder: 0,
-	}
-
-	var foundRole structs.Role
-
-	DB.First(&foundRole, "master = ?", true)
-
-	if foundRole.Id == "" {
-		result := DB.Create(&role)
-
-		if result.Error != nil {
-			panic(result.Error)
-		}
-
-		foundRole.Id = role.Id
-	}
-
-	// looking for role permissions
-	var foundRolePermissions []structs.RolePermission
-
-	DB.Where("role_id = ?", foundRole.Id).Find(&foundRolePermissions)
-
-	systemPermissions := cache.GetSystemPermissions()
-
-	if len(foundRolePermissions) > 0 {
-		// add new permissions if not already present
-		var newPermissions []string
-
-		for _, systemPermission := range systemPermissions {
-			if !hasPermission(foundRolePermissions, systemPermission) {
-				newPermissions = append(newPermissions, systemPermission)
-			}
-		}
-
-		if len(newPermissions) > 0 {
-			var newRolePermissions []structs.RolePermission
-
-			for _, newPermission := range newPermissions {
-				newRolePermissions = append(newRolePermissions, structs.RolePermission{
-					RoleId:       foundRole.Id,
-					PermissionId: newPermission,
-				})
-			}
-
-			DB.Create(newRolePermissions)
-		}
-
-		// deleting permissions that are no longer supported
-		var outdatedPermissions []structs.RolePermission
-
-		for _, foundRolePermission := range foundRolePermissions {
-			if isPermissionOutdated(systemPermissions, foundRolePermission.PermissionId) {
-				outdatedPermissions = append(outdatedPermissions, foundRolePermission)
-			}
-		}
-
-		if len(outdatedPermissions) > 0 {
-			for _, outdatedPermission := range outdatedPermissions {
-				// delete old permissions for all roles
-				DB.Where("permission_id = ?", outdatedPermission.PermissionId).Delete(&outdatedPermission)
-			}
-		}
-	} else { // admin role has no permissions - grant all permissions
-		var newRolePermissions []structs.RolePermission
-
-		for _, systemPermission := range systemPermissions {
-			newRolePermissions = append(newRolePermissions, structs.RolePermission{
-				RoleId:       foundRole.Id,
-				PermissionId: systemPermission,
-			})
-		}
-
-		DB.Create(newRolePermissions)
-	}
-
-	return foundRole.Id
-}
-
-func hasPermission(rolePermissions []structs.RolePermission, permission string) bool {
-	for _, rolePermission := range rolePermissions {
-		if rolePermission.PermissionId == permission {
-			return true
-		}
-	}
-
-	return false
-}
-
-func isPermissionOutdated(systemPermissions []string, permission string) bool {
-	for _, systemPermission := range systemPermissions {
-		if systemPermission == permission {
-			return false
-		}
-	}
-
-	return true
-}
-
-func GetRoleSortingOrder() int {
-	var lastSortingOrder int
-
-	if err := DB.Model(&structs.Role{}).Select("MAX(sorting_order)").Scan(&lastSortingOrder).Error; err != nil {
-		log.Error().Msgf("Error getting role sorting order %v", err.Error())
-		return 0
-	}
-
-	return lastSortingOrder + 1
 }
--- a/modules/grouptasks/grouptasks.go
+++ b/modules/grouptasks/grouptasks.go
@ -63,8 +63,6 @@ func InitLoadCategoryGroups() {
 			}
 		}
 	}
-
-	systempermissions.AddDynamicGroupTasksPermissions()
 }

 func ReloadCategoryGroups(category string) {
@ -86,8 +84,6 @@ func ReloadCategoryGroups(category string) {

 		files, err := os.ReadDir(config.Cfg.FolderPaths.GroupTasksGroups + entry.Name())

-		log.Debug().Msgf("entry %v", entry.Name())
-
 		if err != nil {
 			log.Error().Msg("Failed to read groups directory files, error: " + err.Error())
 			return
@ -111,18 +107,12 @@ func ReloadCategoryGroups(category string) {
 				if group.Category == category {
 					cache.AddCategoryGroup(group)

-					log.Debug().Msgf("added group %v", group)
-
 					categoryGroups = append(categoryGroups, group)
-				} else {
-					log.Debug().Msgf("not added group %v", group)
 				}
 			}
 		}
 	}

-	log.Debug().Msgf("categoryGroups %v", categoryGroups)
-
 	if len(categoryGroups) > 0 {
 		socketclients.BroadcastMessage(structs.SendSocketMessage{
 			Cmd: utils.SentCmdGroupTasksReloaded,
@ -165,8 +155,6 @@ func LookingForCategoryGroupChanges() {

 		files, err := os.ReadDir(config.Cfg.FolderPaths.GroupTasksGroups + entry.Name())

-		log.Debug().Msgf("entry %v", entry.Name())
-
 		if err != nil {
 			log.Error().Msg("Failed to read groups directory files, error: " + err.Error())
 			return
@ -193,10 +181,10 @@ func LookingForCategoryGroupChanges() {
 	}

 	cachedCategoryGroups := cache.GetCategoryGroups()
-	var newGroupTasksPermissions []string
+	var addedGroupTasksPermissions []string
 	var newCategories []string

-	var newCategoryGroups []structs.CategoryGroup
+	var addedCategoryGroups []structs.CategoryGroup

 	for _, foundCategoryGroup := range foundCategoryGroups {
 		// check for new added category groups
@ -209,15 +197,11 @@ func LookingForCategoryGroupChanges() {
 		}
 	}

-	log.Debug().Msgf("new categories %v", newCategories)
-
 	for _, newCategory := range newCategories {
-		dynamicPermissions := systempermissions.AddDynamicGroupTasksPermissionsByCategory(newCategory)
-		newGroupTasksPermissions = append(newGroupTasksPermissions, dynamicPermissions...)
-		cache.AddSystemPermissions(dynamicPermissions)
+		addedGroupTasksPermissions = append(addedGroupTasksPermissions, systempermissions.AddDynamicGroupTasksPermissionsByCategory(newCategory)...)

 		cGroup := cache.GetCategoryGroupByCategory(newCategory)
-		newCategoryGroups = append(newCategoryGroups, cGroup)
+		addedCategoryGroups = append(addedCategoryGroups, cGroup)
 	}

 	var removedCategoryGroups []string
@ -232,24 +216,29 @@ func LookingForCategoryGroupChanges() {
 		}
 	}

-	log.Debug().Msgf("New permissions %v", newGroupTasksPermissions)
-	log.Debug().Msgf("New category groups %v", newCategoryGroups)
-	log.Debug().Msgf("Removed category groups %v", removedCategoryGroups)
-	log.Debug().Msgf("Removed permissions %v", removedGroupTasksPermissions)
+	result := make(map[string]interface{})
+
+	if len(addedGroupTasksPermissions) > 0 {
+		result["AddedPermissions"] = addedGroupTasksPermissions
+		result["MasterRoleId"] = systempermissions.GetMasterRoleId()
+	}
+
+	if len(addedCategoryGroups) > 0 {
+		result["AddedCategoryGroups"] = addedCategoryGroups
+	}
+
+	if len(removedCategoryGroups) > 0 {
+		result["RemovedCategoryGroups"] = removedCategoryGroups
+	}
+
+	if len(removedGroupTasksPermissions) > 0 {
+		result["RemovedPermissions"] = removedGroupTasksPermissions
+	}

 	socketclients.BroadcastMessage(structs.SendSocketMessage{
 		Cmd:  utils.SentCmdGroupTasksCategoryGroupChanges,
-		Body: struct {
-			NewPermissions        []string
-			NewCategoryGroups     []structs.CategoryGroup
-			RemovedCategoryGroups []string
-			RemovedPermissions    []string
-		}{
-			NewPermissions:        newGroupTasksPermissions,
-			NewCategoryGroups:     newCategoryGroups,
-			RemovedCategoryGroups: removedCategoryGroups,
-			RemovedPermissions:    removedGroupTasksPermissions,
-		}})
+		Body: result,
+	})
 }

 func isInList(value string, list []string) bool {
@ -282,109 +271,6 @@ func existsGroup(category string, groupsList []structs.Group) bool {
 	return false
 }

-/*
-func LoadGroups(loadingType uint8, category string) {
-	entries, err := os.ReadDir(config.Cfg.FolderPaths.GroupTasksGroups)
-
-	if err != nil {
-		panic(err)
-	}
-
-	if loadingType == LoadingTypeCategoryReload {
-		cache.RemoveAllCategoryGroupsByCategory(category)
-	}
-
-	/*
-		- ordner gelöscht
-		- ordner dazu gekommen
-*/
-/*
-	var categoryGroups []structs.Group
-	//var deletedCategories []string
-
-	// looping through groups directory
-	for _, entry := range entries {
-		if !entry.IsDir() {
-			continue
-		}
-
-		if loadingType == LoadingTypeCheckingForChanges {
-			// + entry nicht in category group list = neuer dazu gekommen
-			// - entry in der liste aber kein ordner dafür = ein task gelöscht
-		}
-
-		files, err := os.ReadDir(config.Cfg.FolderPaths.GroupTasksGroups + entry.Name())
-
-		log.Debug().Msgf("entry %v", entry.Name())
-
-		if err != nil {
-			log.Error().Msg("Failed to read groups directory files, error: " + err.Error())
-			return
-		}
-
-		for _, file := range files {
-			if file.Name() == "index.json" {
-				content, err := os.ReadFile(config.Cfg.FolderPaths.GroupTasksGroups + entry.Name() + "/index.json")
-
-				if err != nil {
-					log.Error().Msg("Failed to read file content, error: " + err.Error())
-					return
-				}
-
-				var group structs.Group
-
-				json.Unmarshal(content, &group)
-
-				group.Id = entry.Name()
-
-				if loadingType == LoadingTypeInit ||
-					loadingType == LoadingTypeCategoryReload && group.Category == category ||
-					loadingType == LoadingTypeCheckingForChanges {
-					cache.AddCategoryGroup(group)
-
-					log.Debug().Msgf("added group %v", group)
-
-					categoryGroups = append(categoryGroups, group)
-				} else {
-					log.Debug().Msgf("not added group %v", group)
-				}
-			}
-		}
-	}
-
-	if loadingType == LoadingTypeCategoryReload {
-		log.Debug().Msgf("categoryGroups %v", categoryGroups)
-
-		if len(categoryGroups) > 0 {
-			socketclients.BroadcastMessage(structs.SendSocketMessage{
-				Cmd: utils.SentCmdGroupTasksReloaded,
-				Body: struct {
-					Category       string
-					CategoryGroups []structs.Group
-				}{
-					Category:       category,
-					CategoryGroups: categoryGroups,
-				},
-			})
-		} else { // category was removed
-			socketclients.BroadcastMessage(structs.SendSocketMessage{
-				Cmd: utils.SentCmdGroupTasksCategoryGroupsUpdate,
-				Body: struct {
-					RemovedCategory string
-				}{
-					RemovedCategory: category,
-				},
-			})
-
-			// TODO: remove dynmaic group permissions
-		}
-	}
-
-	if loadingType == LoadingTypeInit {
-		systempermissions.AddDynamicGroupTasksPermissions()
-	}
-} */
-
 const (
 	RunGroupTaskStartTypeNormal   = 0
 	RunGroupTaskStartTypeTryAgain = 1
--- a/modules/systempermissions/systempermissions.go
+++ b/modules/systempermissions/systempermissions.go
@ -2,70 +2,222 @@ package systempermissions

 import (
 	"janex/admin-dashboard-backend/modules/cache"
+	"janex/admin-dashboard-backend/modules/database"
+	"janex/admin-dashboard-backend/modules/structs"
 	"janex/admin-dashboard-backend/modules/utils"
 	"strings"
+	"time"

+	"github.com/google/uuid"
 	"github.com/rs/zerolog/log"
+	"golang.org/x/crypto/bcrypt"
 )

-func InitSystemPermissions() {
-	cache.AddSystemPermissions([]string{
-		utils.PermissionGroupTasksHistory,
-		utils.PermissionGroupTasksCheckingForCategoryGroupChanges,
-		utils.PermissionAllUsersActionChangeRole,
-		utils.PermissionAllUsersActionDeleteUser,
-		utils.PermissionAllUsersActionUserDeactivation,
-		utils.PermissionAllUsersCreateNewUser,
-		utils.PermissionScannerUseScanners,
-		utils.PermissionAdminAreaCreateNewRole,
-		utils.PermissionAdminAreaUpdateRole,
-		utils.PermissionAdminAreaDeleteRole,
-		utils.PermissionAdminAreaMoveRoleUpDown,
-		utils.PermissionAdminAreaLogs,
-	})
-}
-
-// dynamic permissions like group_tasks.overview.XY.new_task are replaced with the category to group_tasks.overview.test.new_task
-func AddDynamicGroupTasksPermissions() {
-	var newGroupTasksPermissions []string
-
-	for _, categoryGroup := range cache.GetCategoryGroups() {
-		for _, dynamicGroupTasksPermission := range utils.DynamicGroupTasksPermissions {
-			newGroupTasksPermissions = append(newGroupTasksPermissions, ConvertXYPermission(dynamicGroupTasksPermission, categoryGroup.Category))
-		}
-	}
-
-	cache.AddSystemPermissions(newGroupTasksPermissions)
-}
-
 func AddDynamicGroupTasksPermissionsByCategory(category string) []string {
-	var newGroupTasksPermissions []string
+	var newRolePermissions []structs.RolePermission
+	var newPermissions []string

 	for _, dynamicGroupTasksPermission := range utils.DynamicGroupTasksPermissions {
-		newGroupTasksPermissions = append(newGroupTasksPermissions, ConvertXYPermission(dynamicGroupTasksPermission, category))
+		convertedPermission := ConvertXYPermission(dynamicGroupTasksPermission, category)
+
+		newRolePermissions = append(newRolePermissions, structs.RolePermission{
+			RoleId:       GetMasterRoleId(),
+			PermissionId: convertedPermission})
+
+		newPermissions = append(newPermissions, convertedPermission)
 	}

-	log.Debug().Msgf("AddDynamicGroupTasksPermissionsByCategory: %v", newGroupTasksPermissions)
+	database.DB.Create(newRolePermissions)

-	cache.AddSystemPermissions(newGroupTasksPermissions)
-
-	return newGroupTasksPermissions
+	return newPermissions
 }

 func RemoveDynamicGroupTasksPermissionsByCategory(category string) []string {
 	var permissions []string

 	for _, dynamicGroupTasksPermission := range utils.DynamicGroupTasksPermissions {
-		permissions = append(permissions, ConvertXYPermission(dynamicGroupTasksPermission, category))
+		convertedPermission := ConvertXYPermission(dynamicGroupTasksPermission, category)
+		permissions = append(permissions, convertedPermission)
+
+		database.DB.Where("permission_id = ?", convertedPermission).Delete(&structs.RolePermission{})
 	}

-	log.Debug().Msgf("DynamicGroupTasksPermissions %v", permissions)
-
-	cache.DeleteSystemPermissions(permissions)
-
 	return permissions
 }

+func CreateMasterRoleIfNotExist() {
+	masterRoleId := handleMasterRolePermissions()
+	createDefaultAdminUser(masterRoleId)
+}
+
+func createDefaultAdminUser(masterRoleId string) {
+	var userCount int64
+	database.DB.Model(&structs.User{}).Count(&userCount)
+
+	if userCount > 0 {
+		return
+	}
+
+	log.Info().Msg("No users found. Master account was created:")
+
+	pw := []byte("adminadmin")
+
+	hashedPassword, err := bcrypt.GenerateFromPassword(pw, bcrypt.DefaultCost)
+
+	if err != nil {
+		panic(err)
+	}
+
+	user := structs.User{
+		Id:        uuid.New().String(),
+		RoleId:    masterRoleId,
+		Username:  "admin",
+		Email:     "admin@roese.dev",
+		Password:  string(hashedPassword),
+		CreatedAt: time.Now(),
+	}
+
+	database.DB.Create(&user)
+
+	log.Info().Msgf("Username: %s", user.Username)
+	log.Info().Msgf("Password: %s", string(pw))
+}
+
+func handleMasterRolePermissions() (roleId string) {
+	// create admin role if not already existing
+	role := structs.Role{
+		Id:           uuid.New().String(),
+		Master:       true,
+		DisplayName:  "Admin",
+		Description:  "Management board",
+		CreatedAt:    time.Now(),
+		SortingOrder: 0,
+	}
+
+	masterRoleId := GetMasterRoleId()
+
+	if masterRoleId == "" {
+		result := database.DB.Create(&role)
+
+		if result.Error != nil {
+			panic(result.Error)
+		}
+
+		masterRoleId = role.Id
+	}
+
+	// looking for role permissions
+	var foundRolePermissions []structs.RolePermission
+
+	database.DB.Where("role_id = ?", masterRoleId).Find(&foundRolePermissions)
+
+	systemPermissions := getSystemPermissions()
+
+	if len(foundRolePermissions) > 0 {
+		// add new permissions if not already present
+		var newPermissions []string
+
+		for _, systemPermission := range systemPermissions {
+			if !hasPermission(foundRolePermissions, systemPermission) {
+				newPermissions = append(newPermissions, systemPermission)
+			}
+		}
+
+		if len(newPermissions) > 0 {
+			var newRolePermissions []structs.RolePermission
+
+			for _, newPermission := range newPermissions {
+				newRolePermissions = append(newRolePermissions, structs.RolePermission{
+					RoleId:       masterRoleId,
+					PermissionId: newPermission,
+				})
+			}
+
+			database.DB.Create(newRolePermissions)
+		}
+
+		// deleting permissions that are no longer supported
+		var outdatedPermissions []structs.RolePermission
+
+		for _, foundRolePermission := range foundRolePermissions {
+			if isPermissionOutdated(systemPermissions, foundRolePermission.PermissionId) {
+				outdatedPermissions = append(outdatedPermissions, foundRolePermission)
+			}
+		}
+
+		if len(outdatedPermissions) > 0 {
+			for _, outdatedPermission := range outdatedPermissions {
+				// delete old permissions for all roles
+				database.DB.Where("permission_id = ?", outdatedPermission.PermissionId).Delete(&outdatedPermission)
+			}
+		}
+	} else { // admin role has no permissions - grant all permissions
+		var newRolePermissions []structs.RolePermission
+
+		for _, systemPermission := range systemPermissions {
+			newRolePermissions = append(newRolePermissions, structs.RolePermission{
+				RoleId:       masterRoleId,
+				PermissionId: systemPermission,
+			})
+		}
+
+		database.DB.Create(newRolePermissions)
+	}
+
+	return masterRoleId
+}
+
+func hasPermission(rolePermissions []structs.RolePermission, permission string) bool {
+	for _, rolePermission := range rolePermissions {
+		if rolePermission.PermissionId == permission {
+			return true
+		}
+	}
+
+	return false
+}
+
+func isPermissionOutdated(systemPermissions []string, permission string) bool {
+	for _, systemPermission := range systemPermissions {
+		if systemPermission == permission {
+			return false
+		}
+	}
+
+	return true
+}
+
+func GetRoleSortingOrder() int {
+	var lastSortingOrder int
+
+	if err := database.DB.Model(&structs.Role{}).Select("MAX(sorting_order)").Scan(&lastSortingOrder).Error; err != nil {
+		log.Error().Msgf("Error getting role sorting order %v", err.Error())
+		return 0
+	}
+
+	return lastSortingOrder + 1
+}
+
 func ConvertXYPermission(permission string, category string) string {
 	return strings.Replace(permission, "XY", strings.ToLower(category), 1)
 }
+
+func GetMasterRoleId() string {
+	var masterRole structs.Role
+
+	database.DB.Select("Id").First(&masterRole, "master = ?", true)
+
+	return masterRole.Id
+}
+
+func getSystemPermissions() []string {
+	permissions := utils.SystemPermissions
+
+	for _, categoryGroup := range cache.GetCategoryGroups() {
+		for _, dynamicGroupTasksPermission := range utils.DynamicGroupTasksPermissions {
+			permissions = append(permissions, ConvertXYPermission(dynamicGroupTasksPermission, categoryGroup.Category))
+		}
+	}
+
+	return permissions
+}
--- a/modules/utils/globals.go
+++ b/modules/utils/globals.go
@ -101,12 +101,6 @@ var (
 	}
 )

-var DynamicGroupTasksPermissions = []string{
-	PermissionGroupTasksOverviewXYNewTask,
-	PermissionGroupTasksOverviewXYReloadGroupConfig,
-	PermissionGroupTasksOverviewXYView,
-}
-
 const (
 	_groupTasks                                         = "group_tasks."
 	PermissionGroupTasksOverviewXYNewTask               = _groupTasks + "overview.XY.new_task"
@ -130,6 +124,27 @@ const (
 	PermissionAdminAreaLogs           = _adminArea + "logs"
 )

+var SystemPermissions = []string{
+	PermissionGroupTasksHistory,
+	PermissionGroupTasksCheckingForCategoryGroupChanges,
+	PermissionAllUsersActionChangeRole,
+	PermissionAllUsersActionDeleteUser,
+	PermissionAllUsersActionUserDeactivation,
+	PermissionAllUsersCreateNewUser,
+	PermissionScannerUseScanners,
+	PermissionAdminAreaCreateNewRole,
+	PermissionAdminAreaUpdateRole,
+	PermissionAdminAreaDeleteRole,
+	PermissionAdminAreaMoveRoleUpDown,
+	PermissionAdminAreaLogs,
+}
+
+var DynamicGroupTasksPermissions = []string{
+	PermissionGroupTasksOverviewXYNewTask,
+	PermissionGroupTasksOverviewXYReloadGroupConfig,
+	PermissionGroupTasksOverviewXYView,
+}
+
 const (
 	LogTypeInfo  = 0
 	LogTypeError = 1
--- a/socketclients/socketclients.go
+++ b/socketclients/socketclients.go
@ -41,6 +41,26 @@ func BroadcastMessageExceptUserId(ignoreUserId string, sendSocketMessage structs
 	}
 }

+func BroadcastMessageToUsersWithPermission(neededPermission string, sendSocketMessage structs.SendSocketMessage) {
+	var rolePermissions []structs.RolePermission
+
+	database.DB.Model(&structs.RolePermission{}).Where("permission_id = ?", neededPermission).Find(&rolePermissions)
+
+	var foundUsers []structs.User
+
+	for _, rolePermission := range rolePermissions {
+		var users []structs.User
+
+		database.DB.Where("role_id = ?", rolePermission.RoleId).Select("id").Find(&users)
+
+		foundUsers = append(foundUsers, users...)
+	}
+
+	for _, foundUser := range foundUsers {
+		SendMessageToUser(foundUser.Id, "", sendSocketMessage)
+	}
+}
+
 func SendMessageToUser(userId string, ignoreUserSessionId string, sendSocketMessage structs.SendSocketMessage) {
 	for _, client := range cache.GetSocketClients() {
 		if client.UserId == userId && client.SessionId != ignoreUserSessionId {
@ -563,7 +583,7 @@ func AdminAreaMoveRoleToSortingOrder(conn *websocket.Conn, body map[string]inter
 	if direction == 1 {
 		newSortingOrder = currentSortingOrder + 1

-		if newSortingOrder > database.GetRoleSortingOrder()-1 {
+		if newSortingOrder > systempermissions.GetRoleSortingOrder()-1 {
 			return
 		}
 	} else {
--- a/socketserver/hub.go
+++ b/socketserver/hub.go
@ -8,6 +8,7 @@ import (
 	"janex/admin-dashboard-backend/modules/grouptasks"
 	"janex/admin-dashboard-backend/modules/logger"
 	"janex/admin-dashboard-backend/modules/structs"
+	"janex/admin-dashboard-backend/modules/systempermissions"
 	"janex/admin-dashboard-backend/modules/utils"
 	"janex/admin-dashboard-backend/socketclients"
 	"time"
@ -216,7 +217,9 @@ func RunHub() {
 					break
 				}

-				socketclients.BroadcastMessage(structs.SendSocketMessage{
+				socketclients.BroadcastMessageToUsersWithPermission(
+					systempermissions.ConvertXYPermission(utils.PermissionGroupTasksOverviewXYView, category),
+					structs.SendSocketMessage{
 						Cmd:  utils.SentCmdReloadingGroupTasks,
 						Body: category,
 					})
@ -267,7 +270,7 @@ func RunHub() {
 					DisplayName:  "New Role " + uuid.New().String(),
 					Description:  "Role description",
 					CreatedAt:    time.Now(),
-					SortingOrder: database.GetRoleSortingOrder(),
+					SortingOrder: systempermissions.GetRoleSortingOrder(),
 				}

 				database.DB.Create(&role)