More Persian lang updates

Persian Locale
Merge pull request #4785 from NginxProxyManager/react
2025-12-06 00:16:49 +00:00 · 2025-11-03 08:12:52 +10:00 · 2025-11-02 22:52:43 +10:00 · 2025-11-02 22:48:16 +10:00 · 2025-11-02 21:28:25 +10:00 · 2025-10-31 12:50:54 +10:00
53 changed files with 1642 additions and 486 deletions
--- a/backend/lib/access.js
+++ b/backend/lib/access.js
@@ -265,7 +265,7 @@ export default function (tokenString) {
 					schemas: [roleSchema, permsSchema, objectSchema, permissionSchema],
 				});

-				const valid = ajv.validate("permissions", dataSchema);
+				const valid = await ajv.validate("permissions", dataSchema);
 				return valid && dataSchema[permission];
 			} catch (err) {
 				err.permission = permission;
--- a/backend/package.json
+++ b/backend/package.json
@@ -20,9 +20,9 @@
 		"body-parser": "^1.20.3",
 		"compression": "^1.7.4",
 		"express": "^4.20.0",
-		"express-fileupload": "^1.1.9",
-		"gravatar": "^1.8.0",
-		"jsonwebtoken": "^9.0.0",
+		"express-fileupload": "^1.5.2",
+		"gravatar": "^1.8.2",
+		"jsonwebtoken": "^9.0.2",
 		"knex": "2.4.2",
 		"liquidjs": "10.6.1",
 		"lodash": "^4.17.21",
@@ -38,7 +38,7 @@
 	},
 	"devDependencies": {
 		"@apidevtools/swagger-parser": "^10.1.0",
-		"@biomejs/biome": "^2.3.1",
+		"@biomejs/biome": "^2.3.2",
 		"chalk": "4.1.2",
 		"nodemon": "^2.0.2"
 	},
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@@ -43,59 +43,59 @@
    ajv-draft-04 "^1.0.0"
    call-me-maybe "^1.0.2"

-"@biomejs/biome@^2.3.1":
-  version "2.3.1"
-  resolved "https://registry.yarnpkg.com/@biomejs/biome/-/biome-2.3.1.tgz#d1a9284f52986324f288cdaf450331a0f3fb1da7"
-  integrity sha512-A29evf1R72V5bo4o2EPxYMm5mtyGvzp2g+biZvRFx29nWebGyyeOSsDWGx3tuNNMFRepGwxmA9ZQ15mzfabK2w==
+"@biomejs/biome@^2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/biome/-/biome-2.3.2.tgz#aeeb5f12c39571a18f36a919be63ba7dbc7b290a"
+  integrity sha512-8e9tzamuDycx7fdrcJ/F/GDZ8SYukc5ud6tDicjjFqURKYFSWMl0H0iXNXZEGmcmNUmABgGuHThPykcM41INgg==
  optionalDependencies:
-    "@biomejs/cli-darwin-arm64" "2.3.1"
-    "@biomejs/cli-darwin-x64" "2.3.1"
-    "@biomejs/cli-linux-arm64" "2.3.1"
-    "@biomejs/cli-linux-arm64-musl" "2.3.1"
-    "@biomejs/cli-linux-x64" "2.3.1"
-    "@biomejs/cli-linux-x64-musl" "2.3.1"
-    "@biomejs/cli-win32-arm64" "2.3.1"
-    "@biomejs/cli-win32-x64" "2.3.1"
+    "@biomejs/cli-darwin-arm64" "2.3.2"
+    "@biomejs/cli-darwin-x64" "2.3.2"
+    "@biomejs/cli-linux-arm64" "2.3.2"
+    "@biomejs/cli-linux-arm64-musl" "2.3.2"
+    "@biomejs/cli-linux-x64" "2.3.2"
+    "@biomejs/cli-linux-x64-musl" "2.3.2"
+    "@biomejs/cli-win32-arm64" "2.3.2"
+    "@biomejs/cli-win32-x64" "2.3.2"

-"@biomejs/cli-darwin-arm64@2.3.1":
-  version "2.3.1"
-  resolved "https://registry.yarnpkg.com/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.3.1.tgz#607835f8ef043e1a80f9ad2a232c9e860941ab60"
-  integrity sha512-ombSf3MnTUueiYGN1SeI9tBCsDUhpWzOwS63Dove42osNh0PfE1cUtHFx6eZ1+MYCCLwXzlFlYFdrJ+U7h6LcA==
+"@biomejs/cli-darwin-arm64@2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.3.2.tgz#93f866161abe32e702987ccbddf492c1aabe016f"
+  integrity sha512-4LECm4kc3If0JISai4c3KWQzukoUdpxy4fRzlrPcrdMSRFksR9ZoXK7JBcPuLBmd2SoT4/d7CQS33VnZpgBjew==

-"@biomejs/cli-darwin-x64@2.3.1":
-  version "2.3.1"
-  resolved "https://registry.yarnpkg.com/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.3.1.tgz#654fe4aaa8ea5d5bde5457db4961ad5d214713ac"
-  integrity sha512-pcOfwyoQkrkbGvXxRvZNe5qgD797IowpJPovPX5biPk2FwMEV+INZqfCaz4G5bVq9hYnjwhRMamg11U4QsRXrQ==
+"@biomejs/cli-darwin-x64@2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.3.2.tgz#9c3dffdac12e4f4d8db7680ca20f58ace1f38c23"
+  integrity sha512-jNMnfwHT4N3wi+ypRfMTjLGnDmKYGzxVr1EYAPBcauRcDnICFXN81wD6wxJcSUrLynoyyYCdfW6vJHS/IAoTDA==

-"@biomejs/cli-linux-arm64-musl@2.3.1":
-  version "2.3.1"
-  resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.3.1.tgz#5fe502082a575c31ef808cf080cbcd4485964167"
-  integrity sha512-+DZYv8l7FlUtTrWs1Tdt1KcNCAmRO87PyOnxKGunbWm5HKg1oZBSbIIPkjrCtDZaeqSG1DiGx7qF+CPsquQRcg==
+"@biomejs/cli-linux-arm64-musl@2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.3.2.tgz#a0424d2fe355cc43c375b3fbf3e42d39b7221d0e"
+  integrity sha512-2Zz4usDG1GTTPQnliIeNx6eVGGP2ry5vE/v39nT73a3cKN6t5H5XxjcEoZZh62uVZvED7hXXikclvI64vZkYqw==

-"@biomejs/cli-linux-arm64@2.3.1":
-  version "2.3.1"
-  resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.3.1.tgz#81c02547905d379dbb312e6ff24b04908c2e320f"
-  integrity sha512-td5O8pFIgLs8H1sAZsD6v+5quODihyEw4nv2R8z7swUfIK1FKk+15e4eiYVLcAE4jUqngvh4j3JCNgg0Y4o4IQ==
+"@biomejs/cli-linux-arm64@2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.3.2.tgz#f85717c04d420ede20523d173a1fc10df60d4d37"
+  integrity sha512-amnqvk+gWybbQleRRq8TMe0rIv7GHss8mFJEaGuEZYWg1Tw14YKOkeo8h6pf1c+d3qR+JU4iT9KXnBKGON4klw==

-"@biomejs/cli-linux-x64-musl@2.3.1":
-  version "2.3.1"
-  resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.3.1.tgz#c7c00beb5eda1ad25185544897e66eeec6be3b0b"
-  integrity sha512-Y3Ob4nqgv38Mh+6EGHltuN+Cq8aj/gyMTJYzkFZV2AEj+9XzoXB9VNljz9pjfFNHUxvLEV4b55VWyxozQTBaUQ==
+"@biomejs/cli-linux-x64-musl@2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.3.2.tgz#d3e114c744c32d2c50a77c13476bd941819c92d8"
+  integrity sha512-gzB19MpRdTuOuLtPpFBGrV3Lq424gHyq2lFj8wfX9tvLMLdmA/R9C7k/mqBp/spcbWuHeIEKgEs3RviOPcWGBA==

-"@biomejs/cli-linux-x64@2.3.1":
-  version "2.3.1"
-  resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-x64/-/cli-linux-x64-2.3.1.tgz#7481d2e7be98d4de574df233766a5bdda037c897"
-  integrity sha512-PYWgEO7up7XYwSAArOpzsVCiqxBCXy53gsReAb1kKYIyXaoAlhBaBMvxR/k2Rm9aTuZ662locXUmPk/Aj+Xu+Q==
+"@biomejs/cli-linux-x64@2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/cli-linux-x64/-/cli-linux-x64-2.3.2.tgz#f66ce85d2d757d45e6edecce04753a805bd816f0"
+  integrity sha512-8BG/vRAhFz1pmuyd24FQPhNeueLqPtwvZk6yblABY2gzL2H8fLQAF/Z2OPIc+BPIVPld+8cSiKY/KFh6k81xfA==

-"@biomejs/cli-win32-arm64@2.3.1":
-  version "2.3.1"
-  resolved "https://registry.yarnpkg.com/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.3.1.tgz#dac8c7c7223e97f86cd0eed7aa95584984761481"
-  integrity sha512-RHIG/zgo+69idUqVvV3n8+j58dKYABRpMyDmfWu2TITC+jwGPiEaT0Q3RKD+kQHiS80mpBrST0iUGeEXT0bU9A==
+"@biomejs/cli-win32-arm64@2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.3.2.tgz#b46f8b47a3d97e766cc5ad5eb67d90eeb230b2cb"
+  integrity sha512-lCruqQlfWjhMlOdyf5pDHOxoNm4WoyY2vZ4YN33/nuZBRstVDuqPPjS0yBkbUlLEte11FbpW+wWSlfnZfSIZvg==

-"@biomejs/cli-win32-x64@2.3.1":
-  version "2.3.1"
-  resolved "https://registry.yarnpkg.com/@biomejs/cli-win32-x64/-/cli-win32-x64-2.3.1.tgz#f8818ab2c1e3a6e2ed8a656935173e5ce4c720be"
-  integrity sha512-izl30JJ5Dp10mi90Eko47zhxE6pYyWPcnX1NQxKpL/yMhXxf95oLTzfpu4q+MDBh/gemNqyJEwjBpe0MT5iWPA==
+"@biomejs/cli-win32-x64@2.3.2":
+  version "2.3.2"
+  resolved "https://registry.yarnpkg.com/@biomejs/cli-win32-x64/-/cli-win32-x64-2.3.2.tgz#a14f5e220dd496705278315ee3e5e028dd657344"
+  integrity sha512-6Ee9P26DTb4D8sN9nXxgbi9Dw5vSOfH98M7UlmkjKB2vtUbrRqCbZiNfryGiwnPIpd6YUoTl7rLVD2/x1CyEHQ==

 "@gar/promisify@^1.0.1":
  version "1.1.3"
@@ -861,7 +861,7 @@ expand-template@^2.0.3:
  resolved "https://registry.yarnpkg.com/expand-template/-/expand-template-2.0.3.tgz#6e14b3fcee0f3a6340ecb57d2e8918692052a47c"
  integrity sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg==

-express-fileupload@^1.1.9:
+express-fileupload@^1.5.2:
  version "1.5.2"
  resolved "https://registry.yarnpkg.com/express-fileupload/-/express-fileupload-1.5.2.tgz#4da70ba6f2ffd4c736eab0776445865a9dbd9bfa"
  integrity sha512-wxUJn2vTHvj/kZCVmc5/bJO15C7aSMyHeuXYY3geKpeKibaAoQGcEv5+sM6nHS2T7VF+QHS4hTWPiY2mKofEdg==
@@ -1108,7 +1108,7 @@ graceful-fs@^4.1.15, graceful-fs@^4.1.2, graceful-fs@^4.2.0, graceful-fs@^4.2.6:
  resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.11.tgz#4183e4e8bf08bb6e05bbb2f7d2e0c8f712ca40e3"
  integrity sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==

-gravatar@^1.8.0:
+gravatar@^1.8.2:
  version "1.8.2"
  resolved "https://registry.yarnpkg.com/gravatar/-/gravatar-1.8.2.tgz#f298642b1562ed685af2ae938dbe31ec0c542cc1"
  integrity sha512-GdRwLM3oYpFQKy47MKuluw9hZ2gaCtiKPbDGdcDEuYDKlc8eNnW27KYL9LVbIDzEsx88WtDWQm2ClBcsgBnj6w==
@@ -1352,7 +1352,7 @@ json-schema-traverse@^1.0.0:
  resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz#ae7bcb3656ab77a73ba5c49bf654f38e6b6860e2"
  integrity sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==

-jsonwebtoken@^9.0.0:
+jsonwebtoken@^9.0.2:
  version "9.0.2"
  resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz#65ff91f4abef1784697d40952bb1998c504caaf3"
  integrity sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==
--- a/frontend/src/api/backend/index.ts
+++ b/frontend/src/api/backend/index.ts
@@ -37,6 +37,7 @@ export * from "./getToken";
 export * from "./getUser";
 export * from "./getUsers";
 export * from "./helpers";
+export * from "./loginAsUser";
 export * from "./models";
 export * from "./refreshToken";
 export * from "./renewCertificate";
--- a/frontend/src/api/backend/loginAsUser.ts
+++ b/frontend/src/api/backend/loginAsUser.ts
@@ -0,0 +1,8 @@
+import * as api from "./base";
+import type { LoginAsTokenResponse } from "./responseTypes";
+
+export async function loginAsUser(id: number): Promise<LoginAsTokenResponse> {
+	return await api.post({
+		url: `/users/${id}/login`,
+	});
+}
--- a/frontend/src/api/backend/responseTypes.ts
+++ b/frontend/src/api/backend/responseTypes.ts
@@ -1,4 +1,4 @@
-import type { AppVersion } from "./models";
+import type { AppVersion, User } from "./models";

 export interface HealthResponse {
 	status: string;
@@ -15,3 +15,7 @@ export interface ValidatedCertificateResponse {
 	certificate: Record<string, any>;
 	certificateKey: boolean;
 }
+
+export interface LoginAsTokenResponse extends TokenResponse {
+	user: User;
+}
--- a/frontend/src/components/EmptyData.tsx
+++ b/frontend/src/components/EmptyData.tsx
@@ -1,8 +1,9 @@
 import type { Table as ReactTable } from "@tanstack/react-table";
 import cn from "classnames";
 import type { ReactNode } from "react";
-import { Button } from "src/components";
+import { Button, HasPermission } from "src/components";
 import { T } from "src/locale";
+import { type ADMIN, MANAGE, type Permission, type Section } from "src/modules/Permissions";

 interface Props {
 	tableInstance: ReactTable<any>;
@@ -12,8 +13,20 @@ interface Props {
 	objects: string;
 	color?: string;
 	customAddBtn?: ReactNode;
+	permissionSection?: Section | typeof ADMIN;
+	permission?: Permission;
 }
-function EmptyData({ tableInstance, onNew, isFiltered, object, objects, color = "primary", customAddBtn }: Props) {
+function EmptyData({
+	tableInstance,
+	onNew,
+	isFiltered,
+	object,
+	objects,
+	color = "primary",
+	customAddBtn,
+	permissionSection,
+	permission,
+}: Props) {
 	return (
 		<tr>
 			<td colSpan={tableInstance.getVisibleFlatColumns().length}>
@@ -27,6 +40,7 @@ function EmptyData({ tableInstance, onNew, isFiltered, object, objects, color =
 							<h2>
 								<T id="object.empty" tData={{ objects }} />
 							</h2>
+							<HasPermission section={permissionSection} permission={permission || MANAGE} hideError>
 								<p className="text-muted">
 									<T id="empty-subtitle" />
 								</p>
@@ -37,6 +51,7 @@ function EmptyData({ tableInstance, onNew, isFiltered, object, objects, color =
 										<T id="object.add" tData={{ object }} />
 									</Button>
 								)}
+							</HasPermission>
 						</>
 					)}
 				</div>
--- a/frontend/src/components/HasPermission.tsx
+++ b/frontend/src/components/HasPermission.tsx
@@ -3,25 +3,29 @@ import Alert from "react-bootstrap/Alert";
 import { Loading, LoadingPage } from "src/components";
 import { useUser } from "src/hooks";
 import { T } from "src/locale";
+import { type ADMIN, hasPermission, type Permission, type Section } from "src/modules/Permissions";

 interface Props {
-	permission: string;
-	type: "manage" | "view";
+	section?: Section | typeof ADMIN;
+	permission: Permission;
 	hideError?: boolean;
 	children?: ReactNode;
 	pageLoading?: boolean;
 	loadingNoLogo?: boolean;
 }
 function HasPermission({
+	section,
 	permission,
-	type,
 	children,
 	hideError = false,
 	pageLoading = false,
 	loadingNoLogo = false,
 }: Props) {
 	const { data, isLoading } = useUser("me");
-	const perms = data?.permissions;
+
+	if (!section) {
+		return <>{children}</>;
+	}

 	if (isLoading) {
 		if (hideError) {
@@ -33,33 +37,7 @@ function HasPermission({
 		return <Loading noLogo={loadingNoLogo} />;
 	}

-	let allowed = permission === "";
-	const acceptable = ["manage", type];
-
-	switch (permission) {
-		case "admin":
-			allowed = data?.roles?.includes("admin") || false;
-			break;
-		case "proxyHosts":
-			allowed = acceptable.indexOf(perms?.proxyHosts || "") !== -1;
-			break;
-		case "redirectionHosts":
-			allowed = acceptable.indexOf(perms?.redirectionHosts || "") !== -1;
-			break;
-		case "deadHosts":
-			allowed = acceptable.indexOf(perms?.deadHosts || "") !== -1;
-			break;
-		case "streams":
-			allowed = acceptable.indexOf(perms?.streams || "") !== -1;
-			break;
-		case "accessLists":
-			allowed = acceptable.indexOf(perms?.accessLists || "") !== -1;
-			break;
-		case "certificates":
-			allowed = acceptable.indexOf(perms?.certificates || "") !== -1;
-			break;
-	}
-
+	const allowed = hasPermission(section, permission, data?.permissions, data?.roles);
 	if (allowed) {
 		return <>{children}</>;
 	}
--- a/frontend/src/components/SiteHeader.tsx
+++ b/frontend/src/components/SiteHeader.tsx
@@ -1,5 +1,5 @@
 import { IconLock, IconLogout, IconUser } from "@tabler/icons-react";
-import { LocalePicker, ThemeSwitcher, NavLink } from "src/components";
+import { LocalePicker, NavLink, ThemeSwitcher } from "src/components";
 import { useAuthState } from "src/context";
 import { useUser } from "src/hooks";
 import { T } from "src/locale";
--- a/frontend/src/components/SiteMenu.tsx
+++ b/frontend/src/components/SiteMenu.tsx
@@ -11,14 +11,26 @@ import cn from "classnames";
 import React from "react";
 import { HasPermission, NavLink } from "src/components";
 import { T } from "src/locale";
+import {
+	ACCESS_LISTS,
+	ADMIN,
+	CERTIFICATES,
+	DEAD_HOSTS,
+	type MANAGE,
+	PROXY_HOSTS,
+	REDIRECTION_HOSTS,
+	type Section,
+	STREAMS,
+	VIEW,
+} from "src/modules/Permissions";

 interface MenuItem {
 	label: string;
 	icon?: React.ElementType;
 	to?: string;
 	items?: MenuItem[];
-	permission?: string;
-	permissionType?: "view" | "manage";
+	permissionSection?: Section | typeof ADMIN;
+	permission?: typeof VIEW | typeof MANAGE;
 }

 const menuItems: MenuItem[] = [
@@ -34,26 +46,26 @@ const menuItems: MenuItem[] = [
 			{
 				to: "/nginx/proxy",
 				label: "proxy-hosts",
-				permission: "proxyHosts",
-				permissionType: "view",
+				permissionSection: PROXY_HOSTS,
+				permission: VIEW,
 			},
 			{
 				to: "/nginx/redirection",
 				label: "redirection-hosts",
-				permission: "redirectionHosts",
-				permissionType: "view",
+				permissionSection: REDIRECTION_HOSTS,
+				permission: VIEW,
 			},
 			{
 				to: "/nginx/stream",
 				label: "streams",
-				permission: "streams",
-				permissionType: "view",
+				permissionSection: STREAMS,
+				permission: VIEW,
 			},
 			{
 				to: "/nginx/404",
 				label: "dead-hosts",
-				permission: "deadHosts",
-				permissionType: "view",
+				permissionSection: DEAD_HOSTS,
+				permission: VIEW,
 			},
 		],
 	},
@@ -61,33 +73,33 @@ const menuItems: MenuItem[] = [
 		to: "/access",
 		icon: IconLock,
 		label: "access-lists",
-		permission: "accessLists",
-		permissionType: "view",
+		permissionSection: ACCESS_LISTS,
+		permission: VIEW,
 	},
 	{
 		to: "/certificates",
 		icon: IconShield,
 		label: "certificates",
-		permission: "certificates",
-		permissionType: "view",
+		permissionSection: CERTIFICATES,
+		permission: VIEW,
 	},
 	{
 		to: "/users",
 		icon: IconUser,
 		label: "users",
-		permission: "admin",
+		permissionSection: ADMIN,
 	},
 	{
 		to: "/audit-log",
 		icon: IconBook,
 		label: "auditlogs",
-		permission: "admin",
+		permissionSection: ADMIN,
 	},
 	{
 		to: "/settings",
 		icon: IconSettings,
 		label: "settings",
-		permission: "admin",
+		permissionSection: ADMIN,
 	},
 ];

@@ -99,8 +111,8 @@ const getMenuItem = (item: MenuItem, onClick?: () => void) => {
 	return (
 		<HasPermission
 			key={`item-${item.label}`}
-			permission={item.permission || ""}
-			type={item.permissionType || "view"}
+			section={item.permissionSection}
+			permission={item.permission || VIEW}
 			hideError
 		>
 			<li className="nav-item">
@@ -122,8 +134,8 @@ const getMenuDropown = (item: MenuItem, onClick?: () => void) => {
 	return (
 		<HasPermission
 			key={`item-${item.label}`}
-			permission={item.permission || ""}
-			type={item.permissionType || "view"}
+			section={item.permissionSection}
+			permission={item.permission || VIEW}
 			hideError
 		>
 			<li className={cns}>
@@ -147,8 +159,8 @@ const getMenuDropown = (item: MenuItem, onClick?: () => void) => {
 						return (
 							<HasPermission
 								key={`${idx}-${subitem.to}`}
-								permission={subitem.permission || ""}
-								type={subitem.permissionType || "view"}
+								section={subitem.permissionSection}
+								permission={subitem.permission || VIEW}
 								hideError
 							>
 								<NavLink to={subitem.to} isDropdownItem onClick={onClick}>
--- a/frontend/src/context/AuthContext.tsx
+++ b/frontend/src/context/AuthContext.tsx
@@ -1,13 +1,14 @@
 import { useQueryClient } from "@tanstack/react-query";
 import { createContext, type ReactNode, useContext, useState } from "react";
 import { useIntervalWhen } from "rooks";
-import { getToken, refreshToken, type TokenResponse } from "src/api/backend";
+import { getToken, loginAsUser, refreshToken, type TokenResponse } from "src/api/backend";
 import AuthStore from "src/modules/AuthStore";

 // Context
 export interface AuthContextType {
 	authenticated: boolean;
 	login: (username: string, password: string) => Promise<void>;
+	loginAs: (id: number) => Promise<void>;
 	logout: () => void;
 	token?: string;
 }
@@ -34,7 +35,20 @@ function AuthProvider({ children, tokenRefreshInterval = 5 * 60 * 1000 }: Props)
 		handleTokenUpdate(response);
 	};

+	const loginAs = async (id: number) => {
+		const response = await loginAsUser(id);
+		AuthStore.add(response);
+		queryClient.clear();
+		window.location.reload();
+	};
+
 	const logout = () => {
+		if (AuthStore.count() >= 2) {
+			AuthStore.drop();
+			queryClient.clear();
+			window.location.reload();
+			return;
+		}
 		AuthStore.clear();
 		setAuthenticated(false);
 		queryClient.clear();
@@ -55,7 +69,7 @@ function AuthProvider({ children, tokenRefreshInterval = 5 * 60 * 1000 }: Props)
 		true,
 	);

-	const value = { authenticated, login, logout };
+	const value = { authenticated, login, logout, loginAs };

 	return <AuthContext.Provider value={value}>{children}</AuthContext.Provider>;
 }
--- a/frontend/src/locale/lang/en.json
+++ b/frontend/src/locale/lang/en.json
@@ -201,6 +201,7 @@
  "user.current-password": "Current Password",
  "user.edit-profile": "Edit Profile",
  "user.full-name": "Full Name",
+  "user.login-as": "Sign in as {name}",
  "user.logout": "Logout",
  "user.new-password": "New Password",
  "user.nickname": "Nickname",
--- a/frontend/src/locale/lang/fa.json
+++ b/frontend/src/locale/lang/fa.json
@@ -1,3 +1,214 @@
 {
-  "dashboard": "داشبورد"
+  "access-list": "لیست دسترسی",
+  "access-list.access-count": "{count} {count, plural, one {Rule} other {Rules}}",
+  "access-list.auth-count": "{count} {count, plural, one {User} other {Users}}",
+  "access-list.help-rules-last": "When at least 1 rule exists, this deny all rule will be added last",
+  "access-list.help.rules-order": "توجه داشته باشید که دستورات allow و deny به ترتیب تعریف‌شده اعمال خواهند شد.",
+  "access-list.pass-auth": "ارسال احراز هویت به سرور بالادستی",
+  "access-list.public": "قابل دسترسی برای عموم",
+  "access-list.public.subtitle": "نیازی به احراز هویت پایه نیست",
+  "access-list.satisfy-any": "Satisfy Any",
+  "access-list.subtitle": "{users} {users, plural, one {User} other {Users}}, {rules} {rules, plural, one {Rule} other {Rules}} - Created: {date}",
+  "access-lists": "لیست‌های دسترسی",
+  "action.add": "افزودن",
+  "action.add-location": "افزودن مکان",
+  "action.close": "بستن",
+  "action.delete": "حذف",
+  "action.disable": "غیرفعال",
+  "action.download": "دانلود",
+  "action.edit": "ویرایش",
+  "action.enable": "فعال‌سازی",
+  "action.permissions": "مجوزها",
+  "action.renew": "تجدید",
+  "action.view-details": "مشاهده جزئیات",
+  "auditlogs": "لاگ‌های بررسی",
+  "cancel": "لغو",
+  "certificate": "گواهی‌نامه",
+  "certificate.custom-certificate": "Certificate",
+  "certificate.custom-certificate-key": "Certificate Key",
+  "certificate.custom-intermediate": "Intermediate Certificate",
+  "certificate.in-use": "In Use",
+  "certificate.none.subtitle": "No certificate assigned",
+  "certificate.none.subtitle.for-http": "This host will not use HTTPS",
+  "certificate.none.title": "None",
+  "certificate.not-in-use": "Not Used",
+  "certificates": "Certificates",
+  "certificates.custom": "Custom Certificate",
+  "certificates.custom.warning": "Key files protected with a passphrase are not supported.",
+  "certificates.dns.credentials": "Credentials File Content",
+  "certificates.dns.credentials-note": "This plugin requires a configuration file containing an API token or other credentials for your provider",
+  "certificates.dns.credentials-warning": "This data will be stored as plaintext in the database and in a file!",
+  "certificates.dns.propagation-seconds": "Propagation Seconds",
+  "certificates.dns.propagation-seconds-note": "Leave empty to use the plugins default value. Number of seconds to wait for DNS propagation.",
+  "certificates.dns.provider": "DNS Provider",
+  "certificates.dns.warning": "This section requires some knowledge about Certbot and its DNS plugins. Please consult the respective plugins documentation.",
+  "certificates.http.reachability-404": "There is a server found at this domain but it does not seem to be Nginx Proxy Manager. Please make sure your domain points to the IP where your NPM instance is running.",
+  "certificates.http.reachability-failed-to-check": "Failed to check the reachability due to a communication error with site24x7.com.",
+  "certificates.http.reachability-not-resolved": "There is no server available at this domain. Please make sure your domain exists and points to the IP where your NPM instance is running and if necessary port 80 is forwarded in your router.",
+  "certificates.http.reachability-ok": "Your server is reachable and creating certificates should be possible.",
+  "certificates.http.reachability-other": "There is a server found at this domain but it returned an unexpected status code {code}. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.",
+  "certificates.http.reachability-wrong-data": "There is a server found at this domain but it returned an unexpected data. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running.",
+  "certificates.http.test-results": "Test Results",
+  "certificates.http.warning": "These domains must be already configured to point to this installation.",
+  "certificates.request.subtitle": "with Let's Encrypt",
+  "certificates.request.title": "Request a new Certificate",
+  "column.access": "Access",
+  "column.authorization": "Authorization",
+  "column.authorizations": "Authorizations",
+  "column.custom-locations": "Custom Locations",
+  "column.destination": "Destination",
+  "column.details": "Details",
+  "column.email": "Email",
+  "column.event": "Event",
+  "column.expires": "Expires",
+  "column.http-code": "Access",
+  "column.incoming-port": "Incoming Port",
+  "column.name": "Name",
+  "column.protocol": "Protocol",
+  "column.provider": "Provider",
+  "column.roles": "Roles",
+  "column.rules": "Rules",
+  "column.satisfy": "Satisfy",
+  "column.satisfy-all": "All",
+  "column.satisfy-any": "Any",
+  "column.scheme": "Scheme",
+  "column.source": "Source",
+  "column.ssl": "SSL",
+  "column.status": "Status",
+  "created-on": "Created: {date}",
+  "dashboard": "خانه",
+  "dead-host": "404 Host",
+  "dead-hosts": "404 Hosts",
+  "dead-hosts.count": "{count} {count, plural, one {404 Host} other {404 Hosts}}",
+  "disabled": "Disabled",
+  "domain-names": "Domain Names",
+  "domain-names.max": "{count} domain names maximum",
+  "domain-names.placeholder": "Start typing to add domain...",
+  "domain-names.wildcards-not-permitted": "Wildcards not permitted for this type",
+  "domain-names.wildcards-not-supported": "Wildcards not supported for this CA",
+  "domains.force-ssl": "Force SSL",
+  "domains.hsts-enabled": "HSTS Enabled",
+  "domains.hsts-subdomains": "HSTS Sub-domains",
+  "domains.http2-support": "HTTP/2 Support",
+  "domains.use-dns": "Use DNS Challenge",
+  "email-address": "نشانی ایمیل",
+  "empty-search": "هیچ نتیجه‌ای یافت نشد",
+  "empty-subtitle": "چرا یکی ایجاد نمی‌کنید؟",
+  "enabled": "فعال",
+  "error.access.at-least-one": "Either one Authorization or one Access Rule is required",
+  "error.access.duplicate-usernames": "Authorization Usernames must be unique",
+  "error.invalid-auth": "ایمیل یا رمز عبور نامعتبر است",
+  "error.invalid-domain": "Invalid domain: {domain}",
+  "error.invalid-email": "نشانی ایمیل نامعتبر است",
+  "error.max-character-length": "Maximum length is {max} character{max, plural, one {} other {s}}",
+  "error.max-domains": "Too many domains, max is {max}",
+  "error.maximum": "Maximum is {max}",
+  "error.min-character-length": "Minimum length is {min} character{min, plural, one {} other {s}}",
+  "error.minimum": "Minimum is {min}",
+  "error.passwords-must-match": "Passwords must match",
+  "error.required": "This is required",
+  "expires.on": "Expires: {date}",
+  "footer.github-fork": "Fork me on Github",
+  "host.flags.block-exploits": "Block Common Exploits",
+  "host.flags.cache-assets": "Cache Assets",
+  "host.flags.preserve-path": "Preserve Path",
+  "host.flags.protocols": "Protocols",
+  "host.flags.websockets-upgrade": "Websockets Support",
+  "host.forward-port": "Forward Port",
+  "host.forward-scheme": "Scheme",
+  "hosts": "Hosts",
+  "http-only": "HTTP Only",
+  "lets-encrypt": "Let's Encrypt",
+  "lets-encrypt-via-dns": "Let's Encrypt via DNS",
+  "lets-encrypt-via-http": "Let's Encrypt via HTTP",
+  "loading": "Loading…",
+  "login.title": "Login to your account",
+  "nginx-config.label": "Custom Nginx Configuration",
+  "nginx-config.placeholder": "# Enter your custom Nginx configuration here at your own risk!",
+  "no-permission-error": "You do not have access to view this.",
+  "notfound.action": "Take me home",
+  "notfound.content": "We are sorry but the page you are looking for was not found",
+  "notfound.title": "Oops… You just found an error page",
+  "notification.error": "Error",
+  "notification.object-deleted": "{object} has been deleted",
+  "notification.object-disabled": "{object} has been disabled",
+  "notification.object-enabled": "{object} has been enabled",
+  "notification.object-renewed": "{object} has been renewed",
+  "notification.object-saved": "{object} has been saved",
+  "notification.success": "Success",
+  "object.actions-title": "{object} #{id}",
+  "object.add": "{object} افزودن",
+  "object.delete": "Delete {object}",
+  "object.delete.content": "Are you sure you want to delete this {object}?",
+  "object.edit": "Edit {object}",
+  "object.empty": "There are no {objects}",
+  "object.event.created": "Created {object}",
+  "object.event.deleted": "Deleted {object}",
+  "object.event.disabled": "Disabled {object}",
+  "object.event.enabled": "Enabled {object}",
+  "object.event.renewed": "Renewed {object}",
+  "object.event.updated": "Updated {object}",
+  "offline": "Offline",
+  "online": "Online",
+  "options": "Options",
+  "password": "Password",
+  "password.generate": "Generate random password",
+  "password.hide": "Hide Password",
+  "password.show": "Show Password",
+  "permissions.hidden": "Hidden",
+  "permissions.manage": "Manage",
+  "permissions.view": "View Only",
+  "permissions.visibility.all": "All Items",
+  "permissions.visibility.title": "Item Visibility",
+  "permissions.visibility.user": "Created Items Only",
+  "proxy-host": "Proxy Host",
+  "proxy-host.forward-host": "Forward Hostname / IP",
+  "proxy-hosts": "Proxy Hosts",
+  "proxy-hosts.count": "{count} {count, plural, one {Proxy Host} other {Proxy Hosts}}",
+  "public": "Public",
+  "redirection-host": "Redirection Host",
+  "redirection-host.forward-domain": "Forward Domain",
+  "redirection-hosts": "Redirection Hosts",
+  "redirection-hosts.count": "{count} {count, plural, one {Redirection Host} other {Redirection Hosts}}",
+  "role.admin": "Administrator",
+  "role.standard-user": "Standard User",
+  "save": "Save",
+  "setting": "Setting",
+  "settings": "Settings",
+  "settings.default-site": "Default Site",
+  "settings.default-site.404": "404 Page",
+  "settings.default-site.444": "No Response (444)",
+  "settings.default-site.congratulations": "Congratulations Page",
+  "settings.default-site.description": "What to show when Nginx is hit with an unknown Host",
+  "settings.default-site.html": "Custom HTML",
+  "settings.default-site.html.placeholder": "<!-- Enter your custom HTML content here -->",
+  "settings.default-site.redirect": "Redirect",
+  "setup.preamble": "Get started by creating your admin account.",
+  "setup.title": "Welcome!",
+  "sign-in": "Sign in",
+  "ssl-certificate": "SSL Certificate",
+  "stream": "Stream",
+  "stream.forward-host": "Forward Host",
+  "stream.incoming-port": "Incoming Port",
+  "streams": "Streams",
+  "streams.count": "{count} {count, plural, one {Stream} other {Streams}}",
+  "streams.tcp": "TCP",
+  "streams.udp": "UDP",
+  "test": "Test",
+  "user": "کاربر",
+  "user.change-password": "Change Password",
+  "user.confirm-password": "Confirm Password",
+  "user.current-password": "رمز عبور فعلی",
+  "user.edit-profile": "ویرایش پروفایل",
+  "user.full-name": "نام کامل",
+  "user.login-as": "Sign in as {name}",
+  "user.logout": "خروج",
+  "user.new-password": "رمز عبور جدید",
+  "user.nickname": "نام مستعار",
+  "user.set-password": "تنظیم رمز عبور",
+  "user.set-permissions": "Set Permissions for {name}",
+  "user.switch-dark": "تغییر به حالت تاریک",
+  "user.switch-light": "تغییر به حالت روشن",
+  "username": "نام کاربری",
+  "users": "کاربران"
 }
--- a/frontend/src/locale/lang/lang-list.json
+++ b/frontend/src/locale/lang/lang-list.json
@@ -1,5 +1,4 @@
 {
-  "locale-de-DE": "Deutsch",
  "locale-en-US": "English",
  "locale-fa-IR": "فارسی"
 }
--- a/frontend/src/locale/src/HelpDoc/fa/AccessLists.md
+++ b/frontend/src/locale/src/HelpDoc/fa/AccessLists.md
@@ -0,0 +1,7 @@
+## What is an Access List?
+
+Access Lists provide a blacklist or whitelist of specific client IP addresses along with authentication for the Proxy Hosts via Basic HTTP Authentication.
+
+You can configure multiple client rules, usernames and passwords for a single Access List and then apply that to one or more _Proxy Hosts_.
+
+This is most useful for forwarded web services that do not have authentication mechanisms built in or when you want to protect from unknown clients.
--- a/frontend/src/locale/src/HelpDoc/fa/Certificates.md
+++ b/frontend/src/locale/src/HelpDoc/fa/Certificates.md
@@ -0,0 +1,32 @@
+## Certificates Help
+
+### HTTP Certificate
+
+A HTTP validated certificate means Let's Encrypt servers will
+attempt to reach your domains over HTTP (not HTTPS!) and if successful, they
+will issue your certificate.
+
+For this method, you will have to have a _Proxy Host_ created for your domains(s) that
+is accessible with HTTP and pointing to this Nginx installation. After a certificate
+has been given, you can modify the _Proxy Host_ to also use this certificate for HTTPS
+connections. However, the _Proxy Host_ will still need to be configured for HTTP access
+in order for the certificate to renew.
+
+This process _does not_ support wildcard domains.
+
+### DNS Certificate
+
+A DNS validated certificate requires you to use a DNS Provider plugin. This DNS
+Provider will be used to create temporary records on your domain and then Let's
+Encrypt will query those records to be sure you're the owner and if successful, they
+will issue your certificate.
+
+You do not need a _Proxy Host_ to be created prior to requesting this type of
+certificate. Nor do you need to have your _Proxy Host_ configured for HTTP access.
+
+This process _does_ support wildcard domains.
+
+### Custom Certificate
+
+Use this option to upload your own SSL Certificate, as provided by your own
+Certificate Authority.
--- a/frontend/src/locale/src/HelpDoc/fa/DeadHosts.md
+++ b/frontend/src/locale/src/HelpDoc/fa/DeadHosts.md
@@ -0,0 +1,10 @@
+## What is a 404 Host?
+
+A 404 Host is simply a host setup that shows a 404 page.
+
+This can be useful when your domain is listed in search engines and you want
+to provide a nicer error page or specifically to tell the search indexers that
+the domain pages no longer exist.
+
+Another benefit of having this host is to track the logs for hits to it and
+view the referrers.
--- a/frontend/src/locale/src/HelpDoc/fa/ProxyHosts.md
+++ b/frontend/src/locale/src/HelpDoc/fa/ProxyHosts.md
@@ -0,0 +1,7 @@
+## What is a Proxy Host?
+
+A Proxy Host is the incoming endpoint for a web service that you want to forward.
+
+It provides optional SSL termination for your service that might not have SSL support built in.
+
+Proxy Hosts are the most common use for the Nginx Proxy Manager.
--- a/frontend/src/locale/src/HelpDoc/fa/RedirectionHosts.md
+++ b/frontend/src/locale/src/HelpDoc/fa/RedirectionHosts.md
@@ -0,0 +1,7 @@
+## What is a Redirection Host?
+
+A Redirection Host will redirect requests from the incoming domain and push the
+viewer to another domain.
+
+The most common reason to use this type of host is when your website changes
+domains but you still have search engine or referrer links pointing to the old domain.
--- a/frontend/src/locale/src/HelpDoc/fa/Streams.md
+++ b/frontend/src/locale/src/HelpDoc/fa/Streams.md
@@ -0,0 +1,6 @@
+## What is a Stream?
+
+A relatively new feature for Nginx, a Stream will serve to forward TCP/UDP
+traffic directly to another computer on the network.
+
+If you're running game servers, FTP or SSH servers this can come in handy.
--- a/frontend/src/locale/src/HelpDoc/fa/index.ts
+++ b/frontend/src/locale/src/HelpDoc/fa/index.ts
@@ -0,0 +1,6 @@
+export * as AccessLists from "./AccessLists.md";
+export * as Certificates from "./Certificates.md";
+export * as DeadHosts from "./DeadHosts.md";
+export * as ProxyHosts from "./ProxyHosts.md";
+export * as RedirectionHosts from "./RedirectionHosts.md";
+export * as Streams from "./Streams.md";
--- a/frontend/src/locale/src/HelpDoc/index.ts
+++ b/frontend/src/locale/src/HelpDoc/index.ts
@@ -1,17 +1,22 @@
-// import * as de from "./de/index";
-// import * as fa from "./fa/index";
 import * as en from "./en/index";
+import * as fa from "./fa/index";

-const items: any = { en };
+const items: any = { en, fa };

 const fallbackLang = "en";

 export const getHelpFile = (lang: string, section: string): string => {
-	if (typeof items[lang] !== "undefined" && typeof items[lang][section] !== "undefined") {
+	if (
+		typeof items[lang] !== "undefined" &&
+		typeof items[lang][section] !== "undefined"
+	) {
 		return items[lang][section].default;
 	}
 	// Fallback to English
-	if (typeof items[fallbackLang] !== "undefined" && typeof items[fallbackLang][section] !== "undefined") {
+	if (
+		typeof items[fallbackLang] !== "undefined" &&
+		typeof items[fallbackLang][section] !== "undefined"
+	) {
 		return items[fallbackLang][section].default;
 	}
 	throw new Error(`Cannot load help doc for ${lang}-${section}`);
--- a/frontend/src/locale/src/en.json
+++ b/frontend/src/locale/src/en.json
@@ -605,6 +605,9 @@
 	"user.full-name": {
 		"defaultMessage": "Full Name"
 	},
+	"user.login-as": {
+		"defaultMessage": "Sign in as {name}"
+	},
 	"user.logout": {
 		"defaultMessage": "Logout"
 	},
--- a/frontend/src/locale/src/fa.json
+++ b/frontend/src/locale/src/fa.json
@@ -1,5 +1,638 @@
 {
+	"access-list": {
+		"defaultMessage": "لیست دسترسی"
+	},
+	"access-list.access-count": {
+		"defaultMessage": "{count} {count, plural, one {Rule} other {Rules}}"
+	},
+	"access-list.auth-count": {
+		"defaultMessage": "{count} {count, plural, one {User} other {Users}}"
+	},
+	"access-list.help-rules-last": {
+		"defaultMessage": "When at least 1 rule exists, this deny all rule will be added last"
+	},
+	"access-list.help.rules-order": {
+		"defaultMessage": "توجه داشته باشید که دستورات allow و deny به ترتیب تعریف‌شده اعمال خواهند شد."
+	},
+	"access-list.pass-auth": {
+		"defaultMessage": "ارسال احراز هویت به سرور بالادستی"
+	},
+	"access-list.public": {
+		"defaultMessage": "قابل دسترسی برای عموم"
+	},
+	"access-list.public.subtitle": {
+		"defaultMessage": "نیازی به احراز هویت پایه نیست"
+	},
+	"access-list.satisfy-any": {
+		"defaultMessage": "Satisfy Any"
+	},
+	"access-list.subtitle": {
+		"defaultMessage": "{users} {users, plural, one {User} other {Users}}, {rules} {rules, plural, one {Rule} other {Rules}} - Created: {date}"
+	},
+	"access-lists": {
+		"defaultMessage": "لیست‌های دسترسی"
+	},
+	"action.add": {
+		"defaultMessage": "افزودن"
+	},
+	"action.add-location": {
+		"defaultMessage": "افزودن مکان"
+	},
+	"action.close": {
+		"defaultMessage": "بستن"
+	},
+	"action.delete": {
+		"defaultMessage": "حذف"
+	},
+	"action.disable": {
+		"defaultMessage": "غیرفعال"
+	},
+	"action.download": {
+		"defaultMessage": "دانلود"
+	},
+	"action.edit": {
+		"defaultMessage": "ویرایش"
+	},
+	"action.enable": {
+		"defaultMessage": "فعال‌سازی"
+	},
+	"action.permissions": {
+		"defaultMessage": "مجوزها"
+	},
+	"action.renew": {
+		"defaultMessage": "تجدید"
+	},
+	"action.view-details": {
+		"defaultMessage": "مشاهده جزئیات"
+	},
+	"auditlogs": {
+		"defaultMessage": "لاگ‌های بررسی"
+	},
+	"cancel": {
+		"defaultMessage": "لغو"
+	},
+	"certificate": {
+		"defaultMessage": "گواهی‌نامه"
+	},
+	"certificate.custom-certificate": {
+		"defaultMessage": "Certificate"
+	},
+	"certificate.custom-certificate-key": {
+		"defaultMessage": "Certificate Key"
+	},
+	"certificate.custom-intermediate": {
+		"defaultMessage": "Intermediate Certificate"
+	},
+	"certificate.in-use": {
+		"defaultMessage": "In Use"
+	},
+	"certificate.none.subtitle": {
+		"defaultMessage": "No certificate assigned"
+	},
+	"certificate.none.subtitle.for-http": {
+		"defaultMessage": "This host will not use HTTPS"
+	},
+	"certificate.none.title": {
+		"defaultMessage": "None"
+	},
+	"certificate.not-in-use": {
+		"defaultMessage": "Not Used"
+	},
+	"certificates": {
+		"defaultMessage": "Certificates"
+	},
+	"certificates.custom": {
+		"defaultMessage": "Custom Certificate"
+	},
+	"certificates.custom.warning": {
+		"defaultMessage": "Key files protected with a passphrase are not supported."
+	},
+	"certificates.dns.credentials": {
+		"defaultMessage": "Credentials File Content"
+	},
+	"certificates.dns.credentials-note": {
+		"defaultMessage": "This plugin requires a configuration file containing an API token or other credentials for your provider"
+	},
+	"certificates.dns.credentials-warning": {
+		"defaultMessage": "This data will be stored as plaintext in the database and in a file!"
+	},
+	"certificates.dns.propagation-seconds": {
+		"defaultMessage": "Propagation Seconds"
+	},
+	"certificates.dns.propagation-seconds-note": {
+		"defaultMessage": "Leave empty to use the plugins default value. Number of seconds to wait for DNS propagation."
+	},
+	"certificates.dns.provider": {
+		"defaultMessage": "DNS Provider"
+	},
+	"certificates.dns.warning": {
+		"defaultMessage": "This section requires some knowledge about Certbot and its DNS plugins. Please consult the respective plugins documentation."
+	},
+	"certificates.http.reachability-404": {
+		"defaultMessage": "There is a server found at this domain but it does not seem to be Nginx Proxy Manager. Please make sure your domain points to the IP where your NPM instance is running."
+	},
+	"certificates.http.reachability-failed-to-check": {
+		"defaultMessage": "Failed to check the reachability due to a communication error with site24x7.com."
+	},
+	"certificates.http.reachability-not-resolved": {
+		"defaultMessage": "There is no server available at this domain. Please make sure your domain exists and points to the IP where your NPM instance is running and if necessary port 80 is forwarded in your router."
+	},
+	"certificates.http.reachability-ok": {
+		"defaultMessage": "Your server is reachable and creating certificates should be possible."
+	},
+	"certificates.http.reachability-other": {
+		"defaultMessage": "There is a server found at this domain but it returned an unexpected status code {code}. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running."
+	},
+	"certificates.http.reachability-wrong-data": {
+		"defaultMessage": "There is a server found at this domain but it returned an unexpected data. Is it the NPM server? Please make sure your domain points to the IP where your NPM instance is running."
+	},
+	"certificates.http.test-results": {
+		"defaultMessage": "Test Results"
+	},
+	"certificates.http.warning": {
+		"defaultMessage": "These domains must be already configured to point to this installation."
+	},
+	"certificates.request.subtitle": {
+		"defaultMessage": "with Let's Encrypt"
+	},
+	"certificates.request.title": {
+		"defaultMessage": "Request a new Certificate"
+	},
+	"column.access": {
+		"defaultMessage": "Access"
+	},
+	"column.authorization": {
+		"defaultMessage": "Authorization"
+	},
+	"column.authorizations": {
+		"defaultMessage": "Authorizations"
+	},
+	"column.custom-locations": {
+		"defaultMessage": "Custom Locations"
+	},
+	"column.destination": {
+		"defaultMessage": "Destination"
+	},
+	"column.details": {
+		"defaultMessage": "Details"
+	},
+	"column.email": {
+		"defaultMessage": "Email"
+	},
+	"column.event": {
+		"defaultMessage": "Event"
+	},
+	"column.expires": {
+		"defaultMessage": "Expires"
+	},
+	"column.http-code": {
+		"defaultMessage": "Access"
+	},
+	"column.incoming-port": {
+		"defaultMessage": "Incoming Port"
+	},
+	"column.name": {
+		"defaultMessage": "Name"
+	},
+	"column.protocol": {
+		"defaultMessage": "Protocol"
+	},
+	"column.provider": {
+		"defaultMessage": "Provider"
+	},
+	"column.roles": {
+		"defaultMessage": "Roles"
+	},
+	"column.rules": {
+		"defaultMessage": "Rules"
+	},
+	"column.satisfy": {
+		"defaultMessage": "Satisfy"
+	},
+	"column.satisfy-all": {
+		"defaultMessage": "All"
+	},
+	"column.satisfy-any": {
+		"defaultMessage": "Any"
+	},
+	"column.scheme": {
+		"defaultMessage": "Scheme"
+	},
+	"column.source": {
+		"defaultMessage": "Source"
+	},
+	"column.ssl": {
+		"defaultMessage": "SSL"
+	},
+	"column.status": {
+		"defaultMessage": "Status"
+	},
+	"created-on": {
+		"defaultMessage": "Created: {date}"
+	},
 	"dashboard": {
-		"defaultMessage": "داشبورد"
+		"defaultMessage": "خانه"
+	},
+	"dead-host": {
+		"defaultMessage": "404 Host"
+	},
+	"dead-hosts": {
+		"defaultMessage": "404 Hosts"
+	},
+	"dead-hosts.count": {
+		"defaultMessage": "{count} {count, plural, one {404 Host} other {404 Hosts}}"
+	},
+	"disabled": {
+		"defaultMessage": "Disabled"
+	},
+	"domain-names": {
+		"defaultMessage": "Domain Names"
+	},
+	"domain-names.max": {
+		"defaultMessage": "{count} domain names maximum"
+	},
+	"domain-names.placeholder": {
+		"defaultMessage": "Start typing to add domain..."
+	},
+	"domain-names.wildcards-not-permitted": {
+		"defaultMessage": "Wildcards not permitted for this type"
+	},
+	"domain-names.wildcards-not-supported": {
+		"defaultMessage": "Wildcards not supported for this CA"
+	},
+	"domains.force-ssl": {
+		"defaultMessage": "Force SSL"
+	},
+	"domains.hsts-enabled": {
+		"defaultMessage": "HSTS Enabled"
+	},
+	"domains.hsts-subdomains": {
+		"defaultMessage": "HSTS Sub-domains"
+	},
+	"domains.http2-support": {
+		"defaultMessage": "HTTP/2 Support"
+	},
+	"domains.use-dns": {
+		"defaultMessage": "Use DNS Challenge"
+	},
+	"email-address": {
+		"defaultMessage": "نشانی ایمیل"
+	},
+	"empty-search": {
+		"defaultMessage": "هیچ نتیجه‌ای یافت نشد"
+	},
+	"empty-subtitle": {
+		"defaultMessage": "چرا یکی ایجاد نمی‌کنید؟"
+	},
+	"enabled": {
+		"defaultMessage": "فعال"
+	},
+	"error.access.at-least-one": {
+		"defaultMessage": "Either one Authorization or one Access Rule is required"
+	},
+	"error.access.duplicate-usernames": {
+		"defaultMessage": "Authorization Usernames must be unique"
+	},
+	"error.invalid-auth": {
+		"defaultMessage": "ایمیل یا رمز عبور نامعتبر است"
+	},
+	"error.invalid-domain": {
+		"defaultMessage": "Invalid domain: {domain}"
+	},
+	"error.invalid-email": {
+		"defaultMessage": "نشانی ایمیل نامعتبر است"
+	},
+	"error.max-character-length": {
+		"defaultMessage": "Maximum length is {max} character{max, plural, one {} other {s}}"
+	},
+	"error.max-domains": {
+		"defaultMessage": "Too many domains, max is {max}"
+	},
+	"error.maximum": {
+		"defaultMessage": "Maximum is {max}"
+	},
+	"error.min-character-length": {
+		"defaultMessage": "Minimum length is {min} character{min, plural, one {} other {s}}"
+	},
+	"error.minimum": {
+		"defaultMessage": "Minimum is {min}"
+	},
+	"error.passwords-must-match": {
+		"defaultMessage": "Passwords must match"
+	},
+	"error.required": {
+		"defaultMessage": "This is required"
+	},
+	"expires.on": {
+		"defaultMessage": "Expires: {date}"
+	},
+	"footer.github-fork": {
+		"defaultMessage": "Fork me on Github"
+	},
+	"host.flags.block-exploits": {
+		"defaultMessage": "Block Common Exploits"
+	},
+	"host.flags.cache-assets": {
+		"defaultMessage": "Cache Assets"
+	},
+	"host.flags.preserve-path": {
+		"defaultMessage": "Preserve Path"
+	},
+	"host.flags.protocols": {
+		"defaultMessage": "Protocols"
+	},
+	"host.flags.websockets-upgrade": {
+		"defaultMessage": "Websockets Support"
+	},
+	"host.forward-port": {
+		"defaultMessage": "Forward Port"
+	},
+	"host.forward-scheme": {
+		"defaultMessage": "Scheme"
+	},
+	"hosts": {
+		"defaultMessage": "Hosts"
+	},
+	"http-only": {
+		"defaultMessage": "HTTP Only"
+	},
+	"lets-encrypt": {
+		"defaultMessage": "Let's Encrypt"
+	},
+	"lets-encrypt-via-dns": {
+		"defaultMessage": "Let's Encrypt via DNS"
+	},
+	"lets-encrypt-via-http": {
+		"defaultMessage": "Let's Encrypt via HTTP"
+	},
+	"loading": {
+		"defaultMessage": "Loading…"
+	},
+	"login.title": {
+		"defaultMessage": "Login to your account"
+	},
+	"nginx-config.label": {
+		"defaultMessage": "Custom Nginx Configuration"
+	},
+	"nginx-config.placeholder": {
+		"defaultMessage": "# Enter your custom Nginx configuration here at your own risk!"
+	},
+	"no-permission-error": {
+		"defaultMessage": "You do not have access to view this."
+	},
+	"notfound.action": {
+		"defaultMessage": "Take me home"
+	},
+	"notfound.content": {
+		"defaultMessage": "We are sorry but the page you are looking for was not found"
+	},
+	"notfound.title": {
+		"defaultMessage": "Oops… You just found an error page"
+	},
+	"notification.error": {
+		"defaultMessage": "Error"
+	},
+	"notification.object-deleted": {
+		"defaultMessage": "{object} has been deleted"
+	},
+	"notification.object-disabled": {
+		"defaultMessage": "{object} has been disabled"
+	},
+	"notification.object-enabled": {
+		"defaultMessage": "{object} has been enabled"
+	},
+	"notification.object-renewed": {
+		"defaultMessage": "{object} has been renewed"
+	},
+	"notification.object-saved": {
+		"defaultMessage": "{object} has been saved"
+	},
+	"notification.success": {
+		"defaultMessage": "Success"
+	},
+	"object.actions-title": {
+		"defaultMessage": "{object} #{id}"
+	},
+	"object.add": {
+		"defaultMessage": "{object} افزودن"
+	},
+	"object.delete": {
+		"defaultMessage": "Delete {object}"
+	},
+	"object.delete.content": {
+		"defaultMessage": "Are you sure you want to delete this {object}?"
+	},
+	"object.edit": {
+		"defaultMessage": "Edit {object}"
+	},
+	"object.empty": {
+		"defaultMessage": "There are no {objects}"
+	},
+	"object.event.created": {
+		"defaultMessage": "Created {object}"
+	},
+	"object.event.deleted": {
+		"defaultMessage": "Deleted {object}"
+	},
+	"object.event.disabled": {
+		"defaultMessage": "Disabled {object}"
+	},
+	"object.event.enabled": {
+		"defaultMessage": "Enabled {object}"
+	},
+	"object.event.renewed": {
+		"defaultMessage": "Renewed {object}"
+	},
+	"object.event.updated": {
+		"defaultMessage": "Updated {object}"
+	},
+	"offline": {
+		"defaultMessage": "Offline"
+	},
+	"online": {
+		"defaultMessage": "Online"
+	},
+	"options": {
+		"defaultMessage": "Options"
+	},
+	"password": {
+		"defaultMessage": "Password"
+	},
+	"password.generate": {
+		"defaultMessage": "Generate random password"
+	},
+	"password.hide": {
+		"defaultMessage": "Hide Password"
+	},
+	"password.show": {
+		"defaultMessage": "Show Password"
+	},
+	"permissions.hidden": {
+		"defaultMessage": "Hidden"
+	},
+	"permissions.manage": {
+		"defaultMessage": "Manage"
+	},
+	"permissions.view": {
+		"defaultMessage": "View Only"
+	},
+	"permissions.visibility.all": {
+		"defaultMessage": "All Items"
+	},
+	"permissions.visibility.title": {
+		"defaultMessage": "Item Visibility"
+	},
+	"permissions.visibility.user": {
+		"defaultMessage": "Created Items Only"
+	},
+	"proxy-host": {
+		"defaultMessage": "Proxy Host"
+	},
+	"proxy-host.forward-host": {
+		"defaultMessage": "Forward Hostname / IP"
+	},
+	"proxy-hosts": {
+		"defaultMessage": "Proxy Hosts"
+	},
+	"proxy-hosts.count": {
+		"defaultMessage": "{count} {count, plural, one {Proxy Host} other {Proxy Hosts}}"
+	},
+	"public": {
+		"defaultMessage": "Public"
+	},
+	"redirection-host": {
+		"defaultMessage": "Redirection Host"
+	},
+	"redirection-host.forward-domain": {
+		"defaultMessage": "Forward Domain"
+	},
+	"redirection-hosts": {
+		"defaultMessage": "Redirection Hosts"
+	},
+	"redirection-hosts.count": {
+		"defaultMessage": "{count} {count, plural, one {Redirection Host} other {Redirection Hosts}}"
+	},
+	"role.admin": {
+		"defaultMessage": "Administrator"
+	},
+	"role.standard-user": {
+		"defaultMessage": "Standard User"
+	},
+	"save": {
+		"defaultMessage": "Save"
+	},
+	"setting": {
+		"defaultMessage": "Setting"
+	},
+	"settings": {
+		"defaultMessage": "Settings"
+	},
+	"settings.default-site": {
+		"defaultMessage": "Default Site"
+	},
+	"settings.default-site.404": {
+		"defaultMessage": "404 Page"
+	},
+	"settings.default-site.444": {
+		"defaultMessage": "No Response (444)"
+	},
+	"settings.default-site.congratulations": {
+		"defaultMessage": "Congratulations Page"
+	},
+	"settings.default-site.description": {
+		"defaultMessage": "What to show when Nginx is hit with an unknown Host"
+	},
+	"settings.default-site.html": {
+		"defaultMessage": "Custom HTML"
+	},
+	"settings.default-site.html.placeholder": {
+		"defaultMessage": "<!-- Enter your custom HTML content here -->"
+	},
+	"settings.default-site.redirect": {
+		"defaultMessage": "Redirect"
+	},
+	"setup.preamble": {
+		"defaultMessage": "Get started by creating your admin account."
+	},
+	"setup.title": {
+		"defaultMessage": "Welcome!"
+	},
+	"sign-in": {
+		"defaultMessage": "Sign in"
+	},
+	"ssl-certificate": {
+		"defaultMessage": "SSL Certificate"
+	},
+	"stream": {
+		"defaultMessage": "Stream"
+	},
+	"stream.forward-host": {
+		"defaultMessage": "Forward Host"
+	},
+	"stream.incoming-port": {
+		"defaultMessage": "Incoming Port"
+	},
+	"streams": {
+		"defaultMessage": "Streams"
+	},
+	"streams.count": {
+		"defaultMessage": "{count} {count, plural, one {Stream} other {Streams}}"
+	},
+	"streams.tcp": {
+		"defaultMessage": "TCP"
+	},
+	"streams.udp": {
+		"defaultMessage": "UDP"
+	},
+	"test": {
+		"defaultMessage": "Test"
+	},
+	"user": {
+		"defaultMessage": "کاربر"
+	},
+	"user.change-password": {
+		"defaultMessage": "Change Password"
+	},
+	"user.confirm-password": {
+		"defaultMessage": "Confirm Password"
+	},
+	"user.current-password": {
+		"defaultMessage": "رمز عبور فعلی"
+	},
+	"user.edit-profile": {
+		"defaultMessage": "ویرایش پروفایل"
+	},
+	"user.full-name": {
+		"defaultMessage": "نام کامل"
+	},
+	"user.login-as": {
+		"defaultMessage": "Sign in as {name}"
+	},
+	"user.logout": {
+		"defaultMessage": "خروج"
+	},
+	"user.new-password": {
+		"defaultMessage": "رمز عبور جدید"
+	},
+	"user.nickname": {
+		"defaultMessage": "نام مستعار"
+	},
+	"user.set-password": {
+		"defaultMessage": "تنظیم رمز عبور"
+	},
+	"user.set-permissions": {
+		"defaultMessage": "Set Permissions for {name}"
+	},
+	"user.switch-dark": {
+		"defaultMessage": "تغییر به حالت تاریک"
+	},
+	"user.switch-light": {
+		"defaultMessage": "تغییر به حالت روشن"
+	},
+	"username": {
+		"defaultMessage": "نام کاربری"
+	},
+	"users": {
+		"defaultMessage": "کاربران"
 	}
 }
--- a/frontend/src/locale/src/lang-list.json
+++ b/frontend/src/locale/src/lang-list.json
@@ -1,7 +1,4 @@
 {
-	"locale-de-DE": {
-		"defaultMessage": "Deutsch"
-	},
 	"locale-en-US": {
 		"defaultMessage": "English"
 	},
--- a/frontend/src/modals/PermissionsModal.tsx
+++ b/frontend/src/modals/PermissionsModal.tsx
@@ -47,11 +47,41 @@ const PermissionsModal = EasyModal.create(({ id, visible, remove }: Props) => {
 		});
 	};

+	// given the field and clicked permission, intelligently set the value, and
+	// other values that depends on it.
+	const handleChange = (form: any, field: any, perm: string) => {
+		if (field.name === "proxyHosts" && perm !== "hidden" && form.values.accessLists === "hidden") {
+			form.setFieldValue("accessLists", "view");
+		}
+		// certs are required for proxy and redirection hosts, and streams
+		if (
+			["proxyHosts", "redirectionHosts", "deadHosts", "streams"].includes(field.name) &&
+			perm !== "hidden" &&
+			form.values.certificates === "hidden"
+		) {
+			form.setFieldValue("certificates", "view");
+		}
+
+		form.setFieldValue(field.name, perm);
+	};
+
 	const getPermissionButtons = (field: any, form: any) => {
 		const isManage = field.value === "manage";
 		const isView = field.value === "view";
 		const isHidden = field.value === "hidden";

+		let hiddenDisabled = false;
+		if (field.name === "accessLists") {
+			hiddenDisabled = form.values.proxyHosts !== "hidden";
+		}
+		if (field.name === "certificates") {
+			hiddenDisabled =
+				form.values.proxyHosts !== "hidden" ||
+				form.values.redirectionHosts !== "hidden" ||
+				form.values.deadHosts !== "hidden" ||
+				form.values.streams !== "hidden";
+		}
+
 		return (
 			<div>
 				<div className="btn-group w-100" role="group">
@@ -63,7 +93,7 @@ const PermissionsModal = EasyModal.create(({ id, visible, remove }: Props) => {
 						autoComplete="off"
 						value="manage"
 						checked={field.value === "manage"}
-						onChange={() => form.setFieldValue(field.name, "manage")}
+						onChange={() => handleChange(form, field, "manage")}
 					/>
 					<label htmlFor={`${field.name}-manage`} className={getClasses(isManage)}>
 						<T id="permissions.manage" />
@@ -76,7 +106,7 @@ const PermissionsModal = EasyModal.create(({ id, visible, remove }: Props) => {
 						autoComplete="off"
 						value="view"
 						checked={field.value === "view"}
-						onChange={() => form.setFieldValue(field.name, "view")}
+						onChange={() => handleChange(form, field, "view")}
 					/>
 					<label htmlFor={`${field.name}-view`} className={getClasses(isView)}>
 						<T id="permissions.view" />
@@ -89,7 +119,8 @@ const PermissionsModal = EasyModal.create(({ id, visible, remove }: Props) => {
 						autoComplete="off"
 						value="hidden"
 						checked={field.value === "hidden"}
-						onChange={() => form.setFieldValue(field.name, "hidden")}
+						disabled={hiddenDisabled}
+						onChange={() => handleChange(form, field, "hidden")}
 					/>
 					<label htmlFor={`${field.name}-hidden`} className={getClasses(isHidden)}>
 						<T id="permissions.hidden" />
--- a/frontend/src/modals/ProxyHostModal.tsx
+++ b/frontend/src/modals/ProxyHostModal.tsx
@@ -9,14 +9,16 @@ import {
 	AccessField,
 	Button,
 	DomainNamesField,
+	HasPermission,
 	Loading,
 	LocationsFields,
 	NginxConfigField,
 	SSLCertificateField,
 	SSLOptionsFields,
 } from "src/components";
-import { useProxyHost, useSetProxyHost } from "src/hooks";
+import { useProxyHost, useSetProxyHost, useUser } from "src/hooks";
 import { T } from "src/locale";
+import { MANAGE, PROXY_HOSTS } from "src/modules/Permissions";
 import { validateNumber, validateString } from "src/modules/Validations";
 import { showObjectSuccess } from "src/notifications";

@@ -28,6 +30,7 @@ interface Props extends InnerModalProps {
 	id: number | "new";
 }
 const ProxyHostModal = EasyModal.create(({ id, visible, remove }: Props) => {
+	const { data: currentUser, isLoading: userIsLoading, error: userError } = useUser("me");
 	const { data, isLoading, error } = useProxyHost(id);
 	const { mutate: setProxyHost } = useSetProxyHost();
 	const [errorMsg, setErrorMsg] = useState<ReactNode | null>(null);
@@ -58,13 +61,13 @@ const ProxyHostModal = EasyModal.create(({ id, visible, remove }: Props) => {

 	return (
 		<Modal show={visible} onHide={remove}>
-			{!isLoading && error && (
+			{!isLoading && (error || userError) && (
 				<Alert variant="danger" className="m-3">
-					{error?.message || "Unknown error"}
+					{error?.message || userError?.message || "Unknown error"}
 				</Alert>
 			)}
-			{isLoading && <Loading noLogo />}
-			{!isLoading && data && (
+			{isLoading || (userIsLoading && <Loading noLogo />)}
+			{!isLoading && !userIsLoading && data && currentUser && (
 				<Formik
 					initialValues={
 						{
@@ -349,6 +352,7 @@ const ProxyHostModal = EasyModal.create(({ id, visible, remove }: Props) => {
 								<Button data-bs-dismiss="modal" onClick={remove} disabled={isSubmitting}>
 									<T id="cancel" />
 								</Button>
+								<HasPermission section={PROXY_HOSTS} permission={MANAGE} hideError>
 									<Button
 										type="submit"
 										actionType="primary"
@@ -359,6 +363,7 @@ const ProxyHostModal = EasyModal.create(({ id, visible, remove }: Props) => {
 									>
 										<T id="save" />
 									</Button>
+								</HasPermission>
 							</Modal.Footer>
 						</Form>
 					)}
--- a/frontend/src/modules/AuthStore.ts
+++ b/frontend/src/modules/AuthStore.ts
@@ -44,6 +44,7 @@ export class AuthStore {
 	// 	const t = this.tokens;
 	// 	return t.length > 0;
 	// }
+	// Start from the END of the stack and work backwards
 	hasActiveToken() {
 		const t = this.tokens;
 		if (!t.length) {
@@ -68,22 +69,27 @@ export class AuthStore {
 		localStorage.setItem(TOKEN_KEY, JSON.stringify([{ token, expires }]));
 	}

-	// Add a token to the stack
+	// Add a token to the END of the stack
 	add({ token, expires }: TokenResponse) {
 		const t = this.tokens;
 		t.push({ token, expires });
 		localStorage.setItem(TOKEN_KEY, JSON.stringify(t));
 	}

-	// Drop a token from the stack
+	// Drop a token from the END of the stack
 	drop() {
 		const t = this.tokens;
-		localStorage.setItem(TOKEN_KEY, JSON.stringify(t.splice(-1, 1)));
+		t.splice(-1, 1);
+		localStorage.setItem(TOKEN_KEY, JSON.stringify(t));
 	}

 	clear() {
 		localStorage.removeItem(TOKEN_KEY);
 	}
+
+	count() {
+		return this.tokens.length;
+	}
 }

 export default new AuthStore();
--- a/frontend/src/modules/Permissions.ts
+++ b/frontend/src/modules/Permissions.ts
@@ -0,0 +1,49 @@
+import type { UserPermissions } from "src/api/backend";
+
+export const ADMIN = "admin";
+export const VISIBILITY = "visibility";
+export const PROXY_HOSTS = "proxyHosts";
+export const REDIRECTION_HOSTS = "redirectionHosts";
+export const DEAD_HOSTS = "deadHosts";
+export const STREAMS = "streams";
+export const CERTIFICATES = "certificates";
+export const ACCESS_LISTS = "accessLists";
+
+export const MANAGE = "manage";
+export const VIEW = "view";
+export const HIDDEN = "hidden";
+
+export const ALL = "all";
+export const USER = "user";
+
+export type Section =
+	| typeof ADMIN
+	| typeof VISIBILITY
+	| typeof PROXY_HOSTS
+	| typeof REDIRECTION_HOSTS
+	| typeof DEAD_HOSTS
+	| typeof STREAMS
+	| typeof CERTIFICATES
+	| typeof ACCESS_LISTS;
+
+export type Permission = typeof MANAGE | typeof VIEW;
+
+const hasPermission = (
+	section: Section,
+	perm: Permission,
+	userPerms: UserPermissions | undefined,
+	roles: string[] | undefined,
+): boolean => {
+	if (!userPerms) return false;
+	if (isAdmin(roles)) return true;
+	const acceptable = [MANAGE, perm];
+	// @ts-expect-error 7053
+	const v = typeof userPerms[section] !== "undefined" ? userPerms[section] : HIDDEN;
+	return acceptable.indexOf(v) !== -1;
+};
+
+const isAdmin = (roles: string[] | undefined): boolean => {
+	return roles?.includes("admin") || false;
+};
+
+export { hasPermission, isAdmin };
--- a/frontend/src/pages/Access/Table.tsx
+++ b/frontend/src/pages/Access/Table.tsx
@@ -2,9 +2,10 @@ import { IconDotsVertical, IconEdit, IconTrash } from "@tabler/icons-react";
 import { createColumnHelper, getCoreRowModel, useReactTable } from "@tanstack/react-table";
 import { useMemo } from "react";
 import type { AccessList } from "src/api/backend";
-import { EmptyData, GravatarFormatter, ValueWithDateFormatter } from "src/components";
+import { EmptyData, GravatarFormatter, HasPermission, ValueWithDateFormatter } from "src/components";
 import { TableLayout } from "src/components/Table/TableLayout";
 import { intl, T } from "src/locale";
+import { ACCESS_LISTS, MANAGE } from "src/modules/Permissions";

 interface Props {
 	data: AccessList[];
@@ -84,6 +85,7 @@ export default function Table({ data, isFetching, isFiltered, onEdit, onDelete,
 									<IconEdit size={16} />
 									<T id="action.edit" />
 								</a>
+								<HasPermission section={ACCESS_LISTS} permission={MANAGE} hideError>
 									<div className="dropdown-divider" />
 									<a
 										className="dropdown-item"
@@ -96,6 +98,7 @@ export default function Table({ data, isFetching, isFiltered, onEdit, onDelete,
 										<IconTrash size={16} />
 										<T id="action.delete" />
 									</a>
+								</HasPermission>
 							</div>
 						</span>
 					);
@@ -130,6 +133,7 @@ export default function Table({ data, isFetching, isFiltered, onEdit, onDelete,
 					onNew={onNew}
 					isFiltered={isFiltered}
 					color="cyan"
+					permissionSection={ACCESS_LISTS}
 				/>
 			}
 		/>
--- a/frontend/src/pages/Access/TableWrapper.tsx
+++ b/frontend/src/pages/Access/TableWrapper.tsx
@@ -2,10 +2,11 @@ import { IconHelp, IconSearch } from "@tabler/icons-react";
 import { useState } from "react";
 import Alert from "react-bootstrap/Alert";
 import { deleteAccessList } from "src/api/backend";
-import { Button, LoadingPage } from "src/components";
+import { Button, HasPermission, LoadingPage } from "src/components";
 import { useAccessLists } from "src/hooks";
 import { T } from "src/locale";
 import { showAccessListModal, showDeleteConfirmModal, showHelpModal } from "src/modals";
+import { ACCESS_LISTS, MANAGE } from "src/modules/Permissions";
 import { showObjectSuccess } from "src/notifications";
 import Table from "./Table";

@@ -67,11 +68,17 @@ export default function TableWrapper() {
 								<Button size="sm" onClick={() => showHelpModal("AccessLists", "cyan")}>
 									<IconHelp size={20} />
 								</Button>
+								<HasPermission section={ACCESS_LISTS} permission={MANAGE} hideError>
 									{data?.length ? (
-									<Button size="sm" className="btn-cyan" onClick={() => showAccessListModal("new")}>
+										<Button
+											size="sm"
+											className="btn-cyan"
+											onClick={() => showAccessListModal("new")}
+										>
 											<T id="object.add" tData={{ object: "access-list" }} />
 										</Button>
 									) : null}
+								</HasPermission>
 							</div>
 						</div>
 					</div>
--- a/frontend/src/pages/Access/index.tsx
+++ b/frontend/src/pages/Access/index.tsx
@@ -1,9 +1,10 @@
 import { HasPermission } from "src/components";
+import { ACCESS_LISTS, VIEW } from "src/modules/Permissions";
 import TableWrapper from "./TableWrapper";

 const Access = () => {
 	return (
-		<HasPermission permission="accessLists" type="view" pageLoading loadingNoLogo>
+		<HasPermission section={ACCESS_LISTS} permission={VIEW} pageLoading loadingNoLogo>
 			<TableWrapper />
 		</HasPermission>
 	);
--- a/frontend/src/pages/AuditLog/index.tsx
+++ b/frontend/src/pages/AuditLog/index.tsx
@@ -1,9 +1,10 @@
 import { HasPermission } from "src/components";
+import { ADMIN, VIEW } from "src/modules/Permissions";
 import TableWrapper from "./TableWrapper";

 const AuditLog = () => {
 	return (
-		<HasPermission permission="admin" type="manage" pageLoading loadingNoLogo>
+		<HasPermission section={ADMIN} permission={VIEW} pageLoading loadingNoLogo>
 			<TableWrapper />
 		</HasPermission>
 	);
--- a/frontend/src/pages/Certificates/Table.tsx
+++ b/frontend/src/pages/Certificates/Table.tsx
@@ -8,10 +8,12 @@ import {
 	DomainsFormatter,
 	EmptyData,
 	GravatarFormatter,
+	HasPermission,
 } from "src/components";
 import { TableLayout } from "src/components/Table/TableLayout";
 import { intl, T } from "src/locale";
 import { showCustomCertificateModal, showDNSCertificateModal, showHTTPCertificateModal } from "src/modals";
+import { CERTIFICATES, MANAGE } from "src/modules/Permissions";

 interface Props {
 	data: Certificate[];
@@ -125,6 +127,7 @@ export default function Table({ data, isFetching, onDelete, onRenew, onDownload,
 									<IconRefresh size={16} />
 									<T id="action.renew" />
 								</a>
+								<HasPermission section={CERTIFICATES} permission={MANAGE} hideError>
 									<a
 										className="dropdown-item"
 										href="#"
@@ -148,6 +151,7 @@ export default function Table({ data, isFetching, onDelete, onRenew, onDownload,
 										<IconTrash size={16} />
 										<T id="action.delete" />
 									</a>
+								</HasPermission>
 							</div>
 						</span>
 					);
@@ -223,6 +227,7 @@ export default function Table({ data, isFetching, onDelete, onRenew, onDownload,
 					isFiltered={isFiltered}
 					color="pink"
 					customAddBtn={customAddBtn}
+					permissionSection={CERTIFICATES}
 				/>
 			}
 		/>
--- a/frontend/src/pages/Certificates/TableWrapper.tsx
+++ b/frontend/src/pages/Certificates/TableWrapper.tsx
@@ -2,7 +2,7 @@ import { IconHelp, IconSearch } from "@tabler/icons-react";
 import { useState } from "react";
 import Alert from "react-bootstrap/Alert";
 import { deleteCertificate, downloadCertificate } from "src/api/backend";
-import { Button, LoadingPage } from "src/components";
+import { Button, HasPermission, LoadingPage } from "src/components";
 import { useCertificates } from "src/hooks";
 import { T } from "src/locale";
 import {
@@ -13,6 +13,7 @@ import {
 	showHTTPCertificateModal,
 	showRenewCertificateModal,
 } from "src/modals";
+import { CERTIFICATES, MANAGE } from "src/modules/Permissions";
 import { showError, showObjectSuccess } from "src/notifications";
 import Table from "./Table";

@@ -70,7 +71,6 @@ export default function TableWrapper() {
 								<T id="certificates" />
 							</h2>
 						</div>
-
 						<div className="col-md-auto col-sm-12">
 							<div className="ms-auto d-flex flex-wrap btn-list">
 								{data?.length ? (
@@ -90,6 +90,7 @@ export default function TableWrapper() {
 								<Button size="sm" onClick={() => showHelpModal("Certificates", "pink")}>
 									<IconHelp size={20} />
 								</Button>
+								<HasPermission section={CERTIFICATES} permission={MANAGE} hideError>
 									{data?.length ? (
 										<div className="dropdown">
 											<button
@@ -134,6 +135,7 @@ export default function TableWrapper() {
 											</div>
 										</div>
 									) : null}
+								</HasPermission>
 							</div>
 						</div>
 					</div>
--- a/frontend/src/pages/Certificates/index.tsx
+++ b/frontend/src/pages/Certificates/index.tsx
@@ -1,9 +1,10 @@
 import { HasPermission } from "src/components";
+import { CERTIFICATES, VIEW } from "src/modules/Permissions";
 import TableWrapper from "./TableWrapper";

 const Certificates = () => {
 	return (
-		<HasPermission permission="certificates" type="view" pageLoading loadingNoLogo>
+		<HasPermission section={CERTIFICATES} permission={VIEW} pageLoading loadingNoLogo>
 			<TableWrapper />
 		</HasPermission>
 	);
--- a/frontend/src/pages/Dashboard/index.tsx
+++ b/frontend/src/pages/Dashboard/index.tsx
@@ -1,7 +1,9 @@
 import { IconArrowsCross, IconBolt, IconBoltOff, IconDisc } from "@tabler/icons-react";
 import { useNavigate } from "react-router-dom";
+import { HasPermission } from "src/components";
 import { useHostReport } from "src/hooks";
 import { T } from "src/locale";
+import { DEAD_HOSTS, PROXY_HOSTS, REDIRECTION_HOSTS, STREAMS, VIEW } from "src/modules/Permissions";

 const Dashboard = () => {
 	const { data: hostReport } = useHostReport();
@@ -15,6 +17,7 @@ const Dashboard = () => {
 			<div className="row row-deck row-cards">
 				<div className="col-12 my-4">
 					<div className="row row-cards">
+						<HasPermission section={PROXY_HOSTS} permission={VIEW} hideError>
 							<div className="col-sm-6 col-lg-3">
 								<a
 									href="/nginx/proxy"
@@ -40,6 +43,8 @@ const Dashboard = () => {
 									</div>
 								</a>
 							</div>
+						</HasPermission>
+						<HasPermission section={REDIRECTION_HOSTS} permission={VIEW} hideError>
 							<div className="col-sm-6 col-lg-3">
 								<a
 									href="/nginx/redirection"
@@ -57,12 +62,17 @@ const Dashboard = () => {
 												</span>
 											</div>
 											<div className="col">
-											<T id="redirection-hosts.count" data={{ count: hostReport?.redirection }} />
+												<T
+													id="redirection-hosts.count"
+													data={{ count: hostReport?.redirection }}
+												/>
 											</div>
 										</div>
 									</div>
 								</a>
 							</div>
+						</HasPermission>
+						<HasPermission section={STREAMS} permission={VIEW} hideError>
 							<div className="col-sm-6 col-lg-3">
 								<a
 									href="/nginx/stream"
@@ -86,6 +96,8 @@ const Dashboard = () => {
 									</div>
 								</a>
 							</div>
+						</HasPermission>
+						<HasPermission section={DEAD_HOSTS} permission={VIEW} hideError>
 							<div className="col-sm-6 col-lg-3">
 								<a
 									href="/nginx/404"
@@ -109,23 +121,10 @@ const Dashboard = () => {
 									</div>
 								</a>
 							</div>
+						</HasPermission>
 					</div>
 				</div>
 			</div>
-			<pre>
-				<code>{`Todo:
-
- check mobile
- REDO SCREENSHOTS in docs folder
- check permissions in all places
-
-More for api, then implement here:
- Add error message_18n for all backend errors
- properly wrap all logger.debug called in isDebug check
- add new api endpoint changes to swagger docs
-
-`}</code>
-			</pre>
 		</div>
 	);
 };
--- a/frontend/src/pages/Nginx/DeadHosts/Table.tsx
+++ b/frontend/src/pages/Nginx/DeadHosts/Table.tsx
@@ -7,10 +7,12 @@ import {
 	DomainsFormatter,
 	EmptyData,
 	GravatarFormatter,
+	HasPermission,
 	TrueFalseFormatter,
 } from "src/components";
 import { TableLayout } from "src/components/Table/TableLayout";
 import { intl, T } from "src/locale";
+import { DEAD_HOSTS, MANAGE } from "src/modules/Permissions";

 interface Props {
 	data: DeadHost[];
@@ -89,6 +91,7 @@ export default function Table({ data, isFetching, onEdit, onDelete, onDisableTog
 									<IconEdit size={16} />
 									<T id="action.edit" />
 								</a>
+								<HasPermission section={DEAD_HOSTS} permission={MANAGE} hideError>
 									<a
 										className="dropdown-item"
 										href="#"
@@ -112,6 +115,7 @@ export default function Table({ data, isFetching, onEdit, onDelete, onDisableTog
 										<IconTrash size={16} />
 										<T id="action.delete" />
 									</a>
+								</HasPermission>
 							</div>
 						</span>
 					);
@@ -146,6 +150,7 @@ export default function Table({ data, isFetching, onEdit, onDelete, onDisableTog
 					onNew={onNew}
 					isFiltered={isFiltered}
 					color="red"
+					permissionSection={DEAD_HOSTS}
 				/>
 			}
 		/>
--- a/frontend/src/pages/Nginx/DeadHosts/TableWrapper.tsx
+++ b/frontend/src/pages/Nginx/DeadHosts/TableWrapper.tsx
@@ -3,10 +3,11 @@ import { useQueryClient } from "@tanstack/react-query";
 import { useState } from "react";
 import Alert from "react-bootstrap/Alert";
 import { deleteDeadHost, toggleDeadHost } from "src/api/backend";
-import { Button, LoadingPage } from "src/components";
+import { Button, HasPermission, LoadingPage } from "src/components";
 import { useDeadHosts } from "src/hooks";
 import { T } from "src/locale";
 import { showDeadHostModal, showDeleteConfirmModal, showHelpModal } from "src/modals";
+import { DEAD_HOSTS, MANAGE } from "src/modules/Permissions";
 import { showObjectSuccess } from "src/notifications";
 import Table from "./Table";

@@ -76,11 +77,13 @@ export default function TableWrapper() {
 								<Button size="sm" onClick={() => showHelpModal("DeadHosts", "red")}>
 									<IconHelp size={20} />
 								</Button>
+								<HasPermission section={DEAD_HOSTS} permission={MANAGE} hideError>
 									{data?.length ? (
 										<Button size="sm" className="btn-red" onClick={() => showDeadHostModal("new")}>
 											<T id="object.add" tData={{ object: "dead-host" }} />
 										</Button>
 									) : null}
+								</HasPermission>
 							</div>
 						</div>
 					</div>
--- a/frontend/src/pages/Nginx/DeadHosts/index.tsx
+++ b/frontend/src/pages/Nginx/DeadHosts/index.tsx
@@ -1,9 +1,10 @@
 import { HasPermission } from "src/components";
+import { DEAD_HOSTS, VIEW } from "src/modules/Permissions";
 import TableWrapper from "./TableWrapper";

 const DeadHosts = () => {
 	return (
-		<HasPermission permission="deadHosts" type="view" pageLoading loadingNoLogo>
+		<HasPermission section={DEAD_HOSTS} permission={VIEW} pageLoading loadingNoLogo>
 			<TableWrapper />
 		</HasPermission>
 	);
--- a/frontend/src/pages/Nginx/ProxyHosts/Table.tsx
+++ b/frontend/src/pages/Nginx/ProxyHosts/Table.tsx
@@ -8,10 +8,12 @@ import {
 	DomainsFormatter,
 	EmptyData,
 	GravatarFormatter,
+	HasPermission,
 	TrueFalseFormatter,
 } from "src/components";
 import { TableLayout } from "src/components/Table/TableLayout";
 import { intl, T } from "src/locale";
+import { MANAGE, PROXY_HOSTS } from "src/modules/Permissions";

 interface Props {
 	data: ProxyHost[];
@@ -105,6 +107,7 @@ export default function Table({ data, isFetching, onEdit, onDelete, onDisableTog
 									<IconEdit size={16} />
 									<T id="action.edit" />
 								</a>
+								<HasPermission section={PROXY_HOSTS} permission={MANAGE} hideError>
 									<a
 										className="dropdown-item"
 										href="#"
@@ -128,6 +131,7 @@ export default function Table({ data, isFetching, onEdit, onDelete, onDisableTog
 										<IconTrash size={16} />
 										<T id="action.delete" />
 									</a>
+								</HasPermission>
 							</div>
 						</span>
 					);
@@ -162,6 +166,7 @@ export default function Table({ data, isFetching, onEdit, onDelete, onDisableTog
 					onNew={onNew}
 					isFiltered={isFiltered}
 					color="lime"
+					permissionSection={PROXY_HOSTS}
 				/>
 			}
 		/>
--- a/frontend/src/pages/Nginx/ProxyHosts/TableWrapper.tsx
+++ b/frontend/src/pages/Nginx/ProxyHosts/TableWrapper.tsx
@@ -3,10 +3,11 @@ import { useQueryClient } from "@tanstack/react-query";
 import { useState } from "react";
 import Alert from "react-bootstrap/Alert";
 import { deleteProxyHost, toggleProxyHost } from "src/api/backend";
-import { Button, LoadingPage } from "src/components";
+import { Button, HasPermission, LoadingPage } from "src/components";
 import { useProxyHosts } from "src/hooks";
 import { T } from "src/locale";
 import { showDeleteConfirmModal, showHelpModal, showProxyHostModal } from "src/modals";
+import { MANAGE, PROXY_HOSTS } from "src/modules/Permissions";
 import { showObjectSuccess } from "src/notifications";
 import Table from "./Table";

@@ -59,7 +60,6 @@ export default function TableWrapper() {
 								<T id="proxy-hosts" />
 							</h2>
 						</div>
-
 						<div className="col-md-auto col-sm-12">
 							<div className="ms-auto d-flex flex-wrap btn-list">
 								{data?.length ? (
@@ -79,11 +79,17 @@ export default function TableWrapper() {
 								<Button size="sm" onClick={() => showHelpModal("ProxyHosts", "lime")}>
 									<IconHelp size={20} />
 								</Button>
+								<HasPermission section={PROXY_HOSTS} permission={MANAGE} hideError>
 									{data?.length ? (
-									<Button size="sm" className="btn-lime" onClick={() => showProxyHostModal("new")}>
+										<Button
+											size="sm"
+											className="btn-lime"
+											onClick={() => showProxyHostModal("new")}
+										>
 											<T id="object.add" tData={{ object: "proxy-host" }} />
 										</Button>
 									) : null}
+								</HasPermission>
 							</div>
 						</div>
 					</div>
--- a/frontend/src/pages/Nginx/ProxyHosts/index.tsx
+++ b/frontend/src/pages/Nginx/ProxyHosts/index.tsx
@@ -1,9 +1,10 @@
 import { HasPermission } from "src/components";
+import { PROXY_HOSTS, VIEW } from "src/modules/Permissions";
 import TableWrapper from "./TableWrapper";

 const ProxyHosts = () => {
 	return (
-		<HasPermission permission="proxyHosts" type="view" pageLoading loadingNoLogo>
+		<HasPermission section={PROXY_HOSTS} permission={VIEW} pageLoading loadingNoLogo>
 			<TableWrapper />
 		</HasPermission>
 	);
--- a/frontend/src/pages/Nginx/RedirectionHosts/Table.tsx
+++ b/frontend/src/pages/Nginx/RedirectionHosts/Table.tsx
@@ -7,10 +7,12 @@ import {
 	DomainsFormatter,
 	EmptyData,
 	GravatarFormatter,
+	HasPermission,
 	TrueFalseFormatter,
 } from "src/components";
 import { TableLayout } from "src/components/Table/TableLayout";
 import { intl, T } from "src/locale";
+import { MANAGE, REDIRECTION_HOSTS } from "src/modules/Permissions";

 interface Props {
 	data: RedirectionHost[];
@@ -110,6 +112,7 @@ export default function Table({ data, isFetching, onEdit, onDelete, onDisableTog
 									<IconEdit size={16} />
 									<T id="action.edit" />
 								</a>
+								<HasPermission section={REDIRECTION_HOSTS} permission={MANAGE} hideError>
 									<a
 										className="dropdown-item"
 										href="#"
@@ -133,6 +136,7 @@ export default function Table({ data, isFetching, onEdit, onDelete, onDisableTog
 										<IconTrash size={16} />
 										<T id="action.delete" />
 									</a>
+								</HasPermission>
 							</div>
 						</span>
 					);
@@ -167,6 +171,7 @@ export default function Table({ data, isFetching, onEdit, onDelete, onDisableTog
 					onNew={onNew}
 					isFiltered={isFiltered}
 					color="yellow"
+					permissionSection={REDIRECTION_HOSTS}
 				/>
 			}
 		/>
--- a/frontend/src/pages/Nginx/RedirectionHosts/TableWrapper.tsx
+++ b/frontend/src/pages/Nginx/RedirectionHosts/TableWrapper.tsx
@@ -3,10 +3,11 @@ import { useQueryClient } from "@tanstack/react-query";
 import { useState } from "react";
 import Alert from "react-bootstrap/Alert";
 import { deleteRedirectionHost, toggleRedirectionHost } from "src/api/backend";
-import { Button, LoadingPage } from "src/components";
+import { Button, HasPermission, LoadingPage } from "src/components";
 import { useRedirectionHosts } from "src/hooks";
 import { T } from "src/locale";
 import { showDeleteConfirmModal, showHelpModal, showRedirectionHostModal } from "src/modals";
+import { MANAGE, REDIRECTION_HOSTS } from "src/modules/Permissions";
 import { showObjectSuccess } from "src/notifications";
 import Table from "./Table";

@@ -59,7 +60,6 @@ export default function TableWrapper() {
 								<T id="redirection-hosts" />
 							</h2>
 						</div>
-
 						<div className="col-md-auto col-sm-12">
 							<div className="ms-auto d-flex flex-wrap btn-list">
 								{data?.length ? (
@@ -79,6 +79,7 @@ export default function TableWrapper() {
 								<Button size="sm" onClick={() => showHelpModal("RedirectionHosts", "yellow")}>
 									<IconHelp size={20} />
 								</Button>
+								<HasPermission section={REDIRECTION_HOSTS} permission={MANAGE} hideError>
 									{data?.length ? (
 										<Button
 											size="sm"
@@ -88,6 +89,7 @@ export default function TableWrapper() {
 											<T id="object.add" tData={{ object: "redirection-host" }} />
 										</Button>
 									) : null}
+								</HasPermission>
 							</div>
 						</div>
 					</div>
--- a/frontend/src/pages/Nginx/RedirectionHosts/index.tsx
+++ b/frontend/src/pages/Nginx/RedirectionHosts/index.tsx
@@ -1,9 +1,10 @@
 import { HasPermission } from "src/components";
+import { REDIRECTION_HOSTS, VIEW } from "src/modules/Permissions";
 import TableWrapper from "./TableWrapper";

 const RedirectionHosts = () => {
 	return (
-		<HasPermission permission="redirectionHosts" type="view" pageLoading loadingNoLogo>
+		<HasPermission section={REDIRECTION_HOSTS} permission={VIEW} pageLoading loadingNoLogo>
 			<TableWrapper />
 		</HasPermission>
 	);
--- a/frontend/src/pages/Nginx/Streams/Table.tsx
+++ b/frontend/src/pages/Nginx/Streams/Table.tsx
@@ -6,11 +6,13 @@ import {
 	CertificateFormatter,
 	EmptyData,
 	GravatarFormatter,
+	HasPermission,
 	TrueFalseFormatter,
 	ValueWithDateFormatter,
 } from "src/components";
 import { TableLayout } from "src/components/Table/TableLayout";
 import { intl, T } from "src/locale";
+import { MANAGE, STREAMS } from "src/modules/Permissions";

 interface Props {
 	data: Stream[];
@@ -118,6 +120,7 @@ export default function Table({ data, isFetching, isFiltered, onEdit, onDelete,
 									<IconEdit size={16} />
 									<T id="action.edit" />
 								</a>
+								<HasPermission section={STREAMS} permission={MANAGE} hideError>
 									<a
 										className="dropdown-item"
 										href="#"
@@ -141,6 +144,7 @@ export default function Table({ data, isFetching, isFiltered, onEdit, onDelete,
 										<IconTrash size={16} />
 										<T id="action.delete" />
 									</a>
+								</HasPermission>
 							</div>
 						</span>
 					);
@@ -175,6 +179,7 @@ export default function Table({ data, isFetching, isFiltered, onEdit, onDelete,
 					onNew={onNew}
 					isFiltered={isFiltered}
 					color="blue"
+					permissionSection={STREAMS}
 				/>
 			}
 		/>
--- a/frontend/src/pages/Nginx/Streams/TableWrapper.tsx
+++ b/frontend/src/pages/Nginx/Streams/TableWrapper.tsx
@@ -3,10 +3,11 @@ import { useQueryClient } from "@tanstack/react-query";
 import { useState } from "react";
 import Alert from "react-bootstrap/Alert";
 import { deleteStream, toggleStream } from "src/api/backend";
-import { Button, LoadingPage } from "src/components";
+import { Button, HasPermission, LoadingPage } from "src/components";
 import { useStreams } from "src/hooks";
 import { T } from "src/locale";
 import { showDeleteConfirmModal, showHelpModal, showStreamModal } from "src/modals";
+import { MANAGE, STREAMS } from "src/modules/Permissions";
 import { showObjectSuccess } from "src/notifications";
 import Table from "./Table";

@@ -61,7 +62,6 @@ export default function TableWrapper() {
 								<T id="streams" />
 							</h2>
 						</div>
-
 						<div className="col-md-auto col-sm-12">
 							<div className="ms-auto d-flex flex-wrap btn-list">
 								{data?.length ? (
@@ -81,11 +81,13 @@ export default function TableWrapper() {
 								<Button size="sm" onClick={() => showHelpModal("Streams", "blue")}>
 									<IconHelp size={20} />
 								</Button>
+								<HasPermission section={STREAMS} permission={MANAGE} hideError>
 									{data?.length ? (
 										<Button size="sm" className="btn-blue" onClick={() => showStreamModal("new")}>
 											<T id="object.add" tData={{ object: "stream" }} />
 										</Button>
 									) : null}
+								</HasPermission>
 							</div>
 						</div>
 					</div>
--- a/frontend/src/pages/Nginx/Streams/index.tsx
+++ b/frontend/src/pages/Nginx/Streams/index.tsx
@@ -1,9 +1,10 @@
 import { HasPermission } from "src/components";
+import { STREAMS, VIEW } from "src/modules/Permissions";
 import TableWrapper from "./TableWrapper";

 const Streams = () => {
 	return (
-		<HasPermission permission="streams" type="view" pageLoading loadingNoLogo>
+		<HasPermission section={STREAMS} permission={VIEW} pageLoading loadingNoLogo>
 			<TableWrapper />
 		</HasPermission>
 	);
--- a/frontend/src/pages/Settings/index.tsx
+++ b/frontend/src/pages/Settings/index.tsx
@@ -1,9 +1,10 @@
 import { HasPermission } from "src/components";
+import { ADMIN, VIEW } from "src/modules/Permissions";
 import Layout from "./Layout";

 const Settings = () => {
 	return (
-		<HasPermission permission="admin" type="manage" pageLoading loadingNoLogo>
+		<HasPermission section={ADMIN} permission={VIEW} pageLoading loadingNoLogo>
 			<Layout />
 		</HasPermission>
 	);
--- a/frontend/src/pages/Users/Table.tsx
+++ b/frontend/src/pages/Users/Table.tsx
@@ -1,4 +1,12 @@
-import { IconDotsVertical, IconEdit, IconLock, IconPower, IconShield, IconTrash } from "@tabler/icons-react";
+import {
+	IconDotsVertical,
+	IconEdit,
+	IconLock,
+	IconLogin2,
+	IconPower,
+	IconShield,
+	IconTrash,
+} from "@tabler/icons-react";
 import { createColumnHelper, getCoreRowModel, useReactTable } from "@tanstack/react-table";
 import { useMemo } from "react";
 import type { User } from "src/api/backend";
@@ -24,6 +32,7 @@ interface Props {
 	onDeleteUser?: (id: number) => void;
 	onDisableToggle?: (id: number, enabled: boolean) => void;
 	onNewUser?: () => void;
+	onLoginAs?: (id: number) => void;
 }
 export default function Table({
 	data,
@@ -36,6 +45,7 @@ export default function Table({
 	onDeleteUser,
 	onDisableToggle,
 	onNewUser,
+	onLoginAs,
 }: Props) {
 	const columnHelper = createColumnHelper<User>();
 	const columns = useMemo(
@@ -153,6 +163,24 @@ export default function Table({
 											<IconPower size={16} />
 											<T id={info.row.original.isDisabled ? "action.enable" : "action.disable"} />
 										</a>
+										{info.row.original.isDisabled ? (
+											<div className="dropdown-item text-muted">
+												<IconLogin2 size={16} />
+												<T id="user.login-as" data={{ name: info.row.original.name }} />
+											</div>
+										) : (
+											<a
+												className="dropdown-item"
+												href="#"
+												onClick={(e) => {
+													e.preventDefault();
+													onLoginAs?.(info.row.original.id);
+												}}
+											>
+												<IconLogin2 size={16} />
+												<T id="user.login-as" data={{ name: info.row.original.name }} />
+											</a>
+										)}
 										<div className="dropdown-divider" />
 										<a
 											className="dropdown-item"
@@ -176,7 +204,16 @@ export default function Table({
 				},
 			}),
 		],
-		[columnHelper, currentUserId, onEditUser, onDisableToggle, onDeleteUser, onEditPermissions, onSetPassword],
+		[
+			columnHelper,
+			currentUserId,
+			onEditUser,
+			onDisableToggle,
+			onDeleteUser,
+			onEditPermissions,
+			onSetPassword,
+			onLoginAs,
+		],
 	);

 	const tableInstance = useReactTable<User>({
--- a/frontend/src/pages/Users/TableWrapper.tsx
+++ b/frontend/src/pages/Users/TableWrapper.tsx
@@ -4,14 +4,16 @@ import { useState } from "react";
 import Alert from "react-bootstrap/Alert";
 import { deleteUser, toggleUser } from "src/api/backend";
 import { Button, LoadingPage } from "src/components";
+import { useAuthState } from "src/context";
 import { useUser, useUsers } from "src/hooks";
 import { T } from "src/locale";
 import { showDeleteConfirmModal, showPermissionsModal, showSetPasswordModal, showUserModal } from "src/modals";
-import { showObjectSuccess } from "src/notifications";
+import { showError, showObjectSuccess } from "src/notifications";
 import Table from "./Table";

 export default function TableWrapper() {
 	const queryClient = useQueryClient();
+	const { loginAs } = useAuthState();
 	const [search, setSearch] = useState("");
 	const { isFetching, isLoading, isError, error, data } = useUsers(["permissions"]);
 	const { data: currentUser } = useUser("me");
@@ -24,6 +26,16 @@ export default function TableWrapper() {
 		return <Alert variant="danger">{error?.message || "Unknown error"}</Alert>;
 	}

+	const handleLoginAs = async (id: number) => {
+		try {
+			await loginAs(id);
+		} catch (err) {
+			if (err instanceof Error) {
+				showError(err.message);
+			}
+		}
+	};
+
 	const handleDelete = async (id: number) => {
 		await deleteUser(id);
 		showObjectSuccess("user", "deleted");
@@ -103,6 +115,7 @@ export default function TableWrapper() {
 					}
 					onDisableToggle={handleDisableToggle}
 					onNewUser={() => showUserModal("new")}
+					onLoginAs={handleLoginAs}
 				/>
 			</div>
 		</div>
--- a/frontend/src/pages/Users/index.tsx
+++ b/frontend/src/pages/Users/index.tsx
@@ -1,9 +1,10 @@
 import { HasPermission } from "src/components";
+import { ADMIN, VIEW } from "src/modules/Permissions";
 import TableWrapper from "./TableWrapper";

 const Users = () => {
 	return (
-		<HasPermission permission="admin" type="manage" pageLoading loadingNoLogo>
+		<HasPermission section={ADMIN} permission={VIEW} pageLoading loadingNoLogo>
 			<TableWrapper />
 		</HasPermission>
 	);
Author	SHA1	Message	Date
Jamie Curnow	32208f3864	More Persian lang updates	2025-11-03 08:12:52 +10:00
Jamie Curnow	52ab4844dc	Persian Locale	2025-11-02 22:52:43 +10:00
jc21	24216f1f2f	Merge pull request #4785 from NginxProxyManager/react v2.13.0 React UI	2025-11-02 22:48:16 +10:00
Jamie Curnow	52e528f217	Remove incomplete languages and cleanup	2025-11-02 21:28:25 +10:00
Jamie Curnow	4709f9826c	Permissions polish for restricted users	2025-10-31 12:50:54 +10:00
Jamie Curnow	74a8c5d806	Fix app crash when do unautorized things	2025-10-30 15:03:01 +10:00
Jamie Curnow	82a1a86c3a	Log in as user support	2025-10-30 14:45:22 +10:00