refactor: added more permission type enums

Author: thorsten

phpmyfaq/add.php

@@ -18,6 +18,7 @@
 use phpMyFAQ\Captcha\Captcha;
 use phpMyFAQ\Captcha\Helper\CaptchaHelper;
 use phpMyFAQ\Configuration;
+use phpMyFAQ\Enums\PermissionType;
 use phpMyFAQ\Filter;
 use phpMyFAQ\Helper\CategoryHelper as HelperCategory;
 use phpMyFAQ\Question;
@@ -46,7 +47,7 @@
 }
 
 // Check permission to add new faqs
-if (-1 !== $user->getUserId() && !$user->perm->hasPermission($user->getUserId(), 'addfaq')) {
+if (-1 !== $user->getUserId() && !$user->perm->hasPermission($user->getUserId(), PermissionType::FAQ_ADD)) {
     $response = new RedirectResponse($faqSystem->getSystemUri($faqConfig));
     $response->send();
 }

phpmyfaq/admin/dashboard.php

@@ -20,6 +20,7 @@
 use phpMyFAQ\Component\Alert;
 use phpMyFAQ\Configuration;
 use phpMyFAQ\Database;
+use phpMyFAQ\Enums\PermissionType;
 use phpMyFAQ\Filter;
 use phpMyFAQ\Session;
 use phpMyFAQ\System;
@@ -66,7 +67,7 @@
     'hasUserTracking' => $faqConfig->get('main.enableUserTracking'),
     'adminDashboardHeaderInactiveFaqs' => Translation::get('ad_record_inactive'),
     'adminDashboardInactiveFaqs' => $faq->getInactiveFaqsData(),
-    'hasPermissionEditConfig' => $user->perm->hasPermission($user->getUserId(), 'editconfig'),
+    'hasPermissionEditConfig' => $user->perm->hasPermission($user->getUserId(), PermissionType::CONFIGURATION_EDIT),
     'showVersion' => $faqConfig->get('main.enableAutoUpdateHint'),
 ];
 
@@ -92,7 +93,7 @@
     ];
 }
 
-if ($user->perm->hasPermission($user->getUserId(), 'editconfig')) {
+if ($user->perm->hasPermission($user->getUserId(), PermissionType::CONFIGURATION_EDIT)) {
     $api = new Api($faqConfig);
 
     $version = Filter::filterInput(INPUT_POST, 'param', FILTER_SANITIZE_SPECIAL_CHARS);

phpmyfaq/admin/faqs.editor.php

@@ -310,7 +310,7 @@
     //
     // Revisions
     //
-    if ($user->perm->hasPermission($currentUserId, 'changebtrevs') && $action === 'editentry') {
+    if ($user->perm->hasPermission($currentUserId, PermissionType::REVISION_UPDATE) && $action === 'editentry') {
         $faqRevision = new Revision($faqConfig);
         $revisions = $faqRevision->get($faqData['id'], $faqData['lang'], $faqData['author']);
 
@@ -374,7 +374,10 @@
         'ad_entry_locale' => Translation::get('ad_entry_locale'),
         'languageOptions' => LanguageHelper::renderSelectLanguage($faqData['lang'], false, [], 'lang'),
         'hasPermissionForAddAttachments' => $user->perm->hasPermission($currentUserId, PermissionType::ATTACHMENT_ADD),
-        'hasPermissionForDeleteAttachments' => $user->perm->hasPermission($currentUserId, PermissionType::ATTACHMENT_DELETE),
+        'hasPermissionForDeleteAttachments' => $user->perm->hasPermission(
+            $currentUserId,
+            PermissionType::ATTACHMENT_DELETE
+        ),
         'ad_menu_attachments' => Translation::get('ad_menu_attachments'),
         'csrfTokenDeleteAttachment' => Token::getInstance()->getTokenString('delete-attachment'),
         'attachments' => $attList,

phpmyfaq/admin/news.php

@@ -20,6 +20,7 @@
 use phpMyFAQ\Date;
 use phpMyFAQ\Entity\CommentType;
 use phpMyFAQ\Entity\NewsMessage;
+use phpMyFAQ\Enums\PermissionType;
 use phpMyFAQ\Filter;
 use phpMyFAQ\Helper\LanguageHelper;
 use phpMyFAQ\News;
@@ -43,9 +44,9 @@
 
 $templateVars = [
     'action' => $action,
-    'permissionAddNews' => $user->perm->hasPermission($user->getUserId(), 'addnews'),
-    'permissionEditNews' => $user->perm->hasPermission($user->getUserId(), 'editnews'),
-    'permissionDeleteNews' => $user->perm->hasPermission($user->getUserId(), 'delnews'),
+    'permissionAddNews' => $user->perm->hasPermission($user->getUserId(), PermissionType::NEWS_ADD),
+    'permissionEditNews' => $user->perm->hasPermission($user->getUserId(), PermissionType::NEWS_EDIT),
+    'permissionDeleteNews' => $user->perm->hasPermission($user->getUserId(), PermissionType::NEWS_DELETE),
     'defaultUrl' => $faqConfig->getDefaultUrl(),
     'enableWysiwyg' => $faqConfig->get('main.enableWysiwygEditor'),
     'ad_news_add' => Translation::get('ad_news_add'),
@@ -92,20 +93,20 @@
     'csrfToken_activateNews' => Token::getInstance()->getTokenString('activate-news')
 ];
 
-if ('add-news' == $action && $user->perm->hasPermission($user->getUserId(), 'addnews')) {
+if ('add-news' == $action && $user->perm->hasPermission($user->getUserId(), PermissionType::NEWS_ADD)) {
     $templateVars = [
         ...$templateVars,
         'userEmail' => $user->getUserData('email'),
         'userName' => $user->getUserData('display_name')
     ];
-} elseif ('news' == $action && $user->perm->hasPermission($user->getUserId(), 'editnews')) {
+} elseif ('news' == $action && $user->perm->hasPermission($user->getUserId(), PermissionType::NEWS_EDIT)) {
     $newsHeaders = $news->getHeader();
 
     $templateVars = [
         ...$templateVars,
         'news' => $newsHeaders,
     ];
-} elseif ('edit-news' == $action && $user->perm->hasPermission($user->getUserId(), 'editnews')) {
+} elseif ('edit-news' == $action && $user->perm->hasPermission($user->getUserId(), PermissionType::NEWS_EDIT)) {
     $id = Filter::filterInput(INPUT_GET, 'id', FILTER_VALIDATE_INT);
     $newsData = $news->get($id, true);
 

phpmyfaq/admin/stopwords.php

@@ -44,7 +44,7 @@
 
 $templateVars = [
     'adminHeaderStopWords' => Translation::get('ad_menu_stopwordsconfig'),
-    'hasPermission' => $user->perm->hasPermission($user->getUserId(), 'editconfig'),
+    'hasPermission' => $user->perm->hasPermission($user->getUserId(), PermissionType::CONFIGURATION_EDIT),
     'msgDescription' => Translation::get('ad_stopwords_desc'),
     'csrfToken' => Token::getInstance()->getTokenInput('stopwords'),
     'msgStopWordsLabel' => Translation::get('ad_stopwords_desc'),

phpmyfaq/index.php

@@ -25,6 +25,7 @@
 use phpMyFAQ\Category\Relation;
 use phpMyFAQ\Configuration;
 use phpMyFAQ\Core\Exception;
+use phpMyFAQ\Enums\PermissionType;
 use phpMyFAQ\Faq;
 use phpMyFAQ\Filter;
 use phpMyFAQ\Helper\CategoryHelper as HelperCategory;
@@ -655,7 +656,7 @@
 // Show login box or logged-in user information
 //
 if ($user->isLoggedIn() && $user->getUserId() > 0) {
-    if ($user->perm->hasPermission($user->getUserId(), 'viewadminlink') || $user->isSuperAdmin()) {
+    if ($user->perm->hasPermission($user->getUserId(), PermissionType::VIEW_ADMIN_LINK) || $user->isSuperAdmin()) {
         $adminSection = sprintf(
             '<a class="dropdown-item" href="./admin/index.php">%s</a>',
             Translation::get('adminSection')

phpmyfaq/news.php

@@ -23,6 +23,7 @@
 use phpMyFAQ\Configuration;
 use phpMyFAQ\Date;
 use phpMyFAQ\Entity\CommentType;
+use phpMyFAQ\Enums\PermissionType;
 use phpMyFAQ\Filter;
 use phpMyFAQ\Glossary;
 use phpMyFAQ\Helper\CommentHelper;
@@ -82,7 +83,7 @@
 
 // Show a link to edit the news?
 $editThisEntry = '';
-if ($user->perm->hasPermission($user->getUserId(), 'editnews')) {
+if ($user->perm->hasPermission($user->getUserId(), PermissionType::NEWS_EDIT)) {
     $editThisEntry = sprintf(
         '<a href="./admin/index.php?action=news&amp;do=edit&amp;id=%d">%s</a>',
         $newsId,

phpmyfaq/pdf.php

@@ -20,6 +20,7 @@
  */
 
 use phpMyFAQ\Category;
+use phpMyFAQ\Enums\PermissionType;
 use phpMyFAQ\Export\Pdf;
 use phpMyFAQ\Faq;
 use phpMyFAQ\Filter;
@@ -110,7 +111,7 @@
 
 $response->setExpires(new DateTime());
 
-if (true === $getAll && $user->perm->hasPermission($user->getUserId(), 'export')) {
+if (true === $getAll && $user->perm->hasPermission($user->getUserId(), PermissionType::EXPORT)) {
     $filename = 'FAQs.pdf';
     $pdfFile = $pdf->generate(0, true, $lang);
 } else {

phpmyfaq/src/phpMyFAQ/Controller/Administration/FormController.php

@@ -22,6 +22,7 @@
 use phpMyFAQ\Controller\AbstractController;
 use phpMyFAQ\Enums\PermissionType;
 use phpMyFAQ\Translation;
+use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use phpMyFAQ\Filter;
 use phpMyFAQ\Session\Token;
@@ -118,16 +119,22 @@ public function deleteTranslation(Request $request)
         }
     }
 
+    /**
+     * @throws Exception
+     */
     #[Route('admin/api/forms/translation-add')]
-    public function addTranslation(Request $request)
+    public function addTranslation(Request $request): JsonResponse
     {
         $this->userHasPermission(PermissionType::FORMS_EDIT);
+
         $data = json_decode($request->getContent());
+
         $formId = Filter::filterVar($data->formId, FILTER_SANITIZE_NUMBER_INT);
         $inputId = Filter::filterVar($data->inputId, FILTER_SANITIZE_NUMBER_INT);
         $lang = Filter::filterVar($data->lang, FILTER_SANITIZE_SPECIAL_CHARS);
         $translation = Filter::filterVar($data->translation, FILTER_SANITIZE_SPECIAL_CHARS);
         $forms = new Forms(Configuration::getConfigurationInstance());
+
         if (!Token::getInstance()->verifyToken('add-translation', $data->csrf)) {
             return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED);
         }

phpmyfaq/src/phpMyFAQ/Enums/PermissionType.php

@@ -80,6 +80,8 @@ enum PermissionType: string
 
     case RESTORE = 'restore';
 
+    case REVISION_UPDATE = 'changebtrevs';
+
     case STATISTICS_ADMINLOG = 'adminlog';
 
     case STATISTICS_VIEWLOGS = 'viewlog';
@@ -91,4 +93,6 @@ enum PermissionType: string
     case USER_DELETE = 'delete_user';
 
     case FORMS_EDIT = 'forms_edit';
+
+    case VIEW_ADMIN_LINK = 'viewadminlink';
 }