Issues in PermissionHandler.php (master) - Issues in master - mambax7/newbb5 - Measure and Improve Code Quality continuously with Scrutinizer

Issues (380)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/PermissionHandler.php (1 issue)

Severity

<?php

namespace XoopsModules\Newbb;

/**
 * NewBB 5.0x,  the forum module for XOOPS project
 *
 * @copyright      XOOPS Project (https://xoops.org)
 * @license        GNU GPL 2 or later (https://www.gnu.org/licenses/gpl-2.0.html)
 * @author         Taiwen Jiang (phppp or D.J.) <[email protected]>
 * @since          4.00
 * @package        module::newbb
 */

use XoopsModules\Newbb;



\defined('NEWBB_FUNCTIONS_INI') || require $GLOBALS['xoops']->path('modules/newbb/include/functions.ini.php');
\define('NEWBB_HANDLER_PERMISSION', 1);

// Initializing XoopsGroupPermHandler if not loaded yet
if (!\class_exists('XoopsGroupPermHandler')) {
    require_once $GLOBALS['xoops']->path('kernel/groupperm.php');
}

/**
 * Class PermissionHandler
 */
class PermissionHandler extends \XoopsGroupPermHandler
{
    /** @var \Xmf\Module\Helper\Cache */
    protected $cacheHelper;

    /** @var array */
    private $_handler;

    /**
     * @param \XoopsDatabase|null $db
     */
    public function __construct(\XoopsDatabase $db = null)
    {
        $this->cacheHelper = new \Xmf\Module\Helper\Cache('newbb');

        $this->db = $db;
        parent::__construct($db);
    }

    /**
     * @param $name
     * @return mixed
     */
    public function loadHandler($name)
    {
        if (!isset($this->_handler[$name])) {
            //            require_once __DIR__ . "/permission.{$name}.php";
            $className             = '\\XoopsModules\\Newbb\\Permission' . \ucfirst($name) . 'Handler';
            $this->_handler[$name] = new $className($this->db);
        }

        return $this->_handler[$name];
    }

    /**
     * @param bool $fullname
     * @return mixed
     */
    public function getValidForumPerms($fullname = false)
    {
        $handler = $this->loadHandler('Forum');

        return $handler->getValidPerms($fullname);
    }

    /**
     * @param int  $forum
     * @param bool $topic_locked
     * @param bool $isAdmin
     * @return mixed
     */
    public function getPermissionTable($forum = 0, $topic_locked = false, $isAdmin = false)
    {
        $handler = $this->loadHandler('Forum');
        $perm    = $handler->getPermissionTable($forum, $topic_locked, $isAdmin);

        return $perm;
    }

    /**
     * @param $forum_id
     * @return mixed
     */
    public function deleteByForum($forum_id)
    {
        $this->cacheHelper->delete('permission_forum');
        $handler = $this->loadHandler('Forum');

        return $handler->deleteByForum($forum_id);
    }

    /**
     * @param $cat_id
     * @return mixed
     */
    public function deleteByCategory($cat_id)
    {
        $this->cacheHelper->delete('permission_category');
        $handler = $this->loadHandler('Category');

        return $handler->deleteByCategory($cat_id);
    }

    /**
     * @param        $category
     * @param array  $groups
     * @return mixed
     */
    public function setCategoryPermission($category, array $groups = [])
    {
        $this->cacheHelper->delete('permission_category');
        $handler = $this->loadHandler('Category');

        return $handler->setCategoryPermission($category, $groups);
    }

    /**
     * @param         $type
     * @param string  $gperm_name
     * @param int     $id
     * @return bool
     */
    public function getPermission($type, $gperm_name = 'access', $id = 0)
    {
        global $xoopsModule;
        $ret = false;
        if ($GLOBALS['xoopsUserIsAdmin'] && 'newbb' === $xoopsModule->getVar('dirname')) {
            $ret = true;
        }

        $groups = \is_object($GLOBALS['xoopsUser']) ? $GLOBALS['xoopsUser']->getGroups() : [XOOPS_GROUP_ANONYMOUS];
        if (!$groups) {
            $ret = false;
        }
        if (!$allowed_groups = $this->getGroups("{$type}_{$gperm_name}", $id)) {
            $ret = false;
        }

        if (\count(\array_intersect($allowed_groups, $groups)) > 0) {
            $ret = true;
        }

        return $ret;
    }

    /**
     * @param string $perm_name
     * @return array
     */
    public function &getCategories($perm_name = 'access')
    {
        $ret = $this->getAllowedItems('category', "category_{$perm_name}");

        return $ret;
    }

    /**
     * @param string $perm_name
     * @return array
     */
    public function getForums($perm_name = 'access')
    {
        $ret = $this->getAllowedItems('forum', "forum_{$perm_name}");

        return $ret;
    }

    /**
     * @param $type
     * @param $perm_name
     * @return array
     */
    public function getAllowedItems($type, $perm_name)
    {
        $ret = [];

        $groups = \is_object($GLOBALS['xoopsUser']) ? $GLOBALS['xoopsUser']->getGroups() : [XOOPS_GROUP_ANONYMOUS];
        if (\count($groups) < 1) {
            return $ret;
        }

        if (!$_cachedPerms = $this->loadPermData($perm_name, $type)) {
            return $ret;
        }

        $allowed_items = [];
        foreach ($_cachedPerms as $id => $allowed_groups) {
            if (0 == $id || empty($allowed_groups)) {
                continue;
            }

            if (\array_intersect($groups, $allowed_groups)) {
                $allowed_items[$id] = 1;
            }
        }
        unset($_cachedPerms);
        $ret = \array_keys($allowed_items);

        return $ret;
    }

    /**
     * @param        $gperm_name
     * @param int    $id
     * @return array
     */
    public function getGroups($gperm_name, $id = 0)
    {
        $_cachedPerms = $this->loadPermData($gperm_name);
        $groups       = empty($_cachedPerms[$id]) ? [] : \array_unique($_cachedPerms[$id]);
        unset($_cachedPerms);

        return $groups;
    }

    /**
     * @param string $perm_name
     * @return array
     */
    public function createPermData($perm_name = 'forum_all')
    {
        global $xoopsModule;
        /** @var \XoopsModuleHandler $moduleHandler */
        $perms = [];

        if (\is_object($xoopsModule) && 'newbb' === $xoopsModule->getVar('dirname')) {
            $modid = $xoopsModule->getVar('mid');
        } else {
            $moduleHandler = \xoops_getHandler('module');
            $module        = $moduleHandler->getByDirname('newbb');
            $modid         = $module->getVar('mid');
            unset($module);
        }

        if (\in_array($perm_name, ['forum_all', 'category_all'])) {
            /** @var \XoopsMemberHandler $memberHandler */
            $memberHandler = \xoops_getHandler('member');
            $groups        = \array_keys($memberHandler->getGroupList());

            $type          = ('category_all' === $perm_name) ? 'category' : 'forum';
            $objectHandler = \XoopsModules\Newbb\Helper::getInstance()->getHandler($type);
            $object_ids    = $objectHandler->getIds();
            foreach ($object_ids as $item_id) {
                $perms[$perm_name][$item_id] = $groups;
            }
        } else {
            $grouppermHandler = \xoops_getHandler('groupperm');
            $criteria         = new \CriteriaCompo(new \Criteria('gperm_modid', $modid));
            if (!empty($perm_name) && 'forum_all' !== $perm_name && 'category_all' !== $perm_name) {
                $criteria->add(new \Criteria('gperm_name', $perm_name));
            }
            $permissions = $this->getObjects($criteria);

            foreach ($permissions as $gperm) {
                $item_id                                         = $gperm->getVar('gperm_itemid');
                $group_id                                        = (int)$gperm->getVar('gperm_groupid');
                $perms[$gperm->getVar('gperm_name')][$item_id][] = $group_id;
            }
        }
        if (\count($perms) > 0) {
            foreach (\array_keys($perms) as $perm) {
                $this->cacheHelper->write("permission_{$perm}", $perms[$perm]);
            }
        }
        $ret = !empty($perm_name) ? @$perms[$perm_name] : $perms;

        return $ret;
    }

    /**
     * @param string $perm_name
     * @return array|mixed|null
     */
    public function &loadPermData($perm_name = 'forum_access')
    {
        if (!$perms = $this->cacheHelper->read("permission_{$perm_name}")) {
            $perms = $this->createPermData($perm_name);
        }

        return $perms;
    }

    /**
     * @param       $perm
     * @param       $itemid
     * @param       $groupid
     * @param null  $mid
     * @return bool
     */
    public function validateRight($perm, $itemid, $groupid, $mid = null)
    {
        if (empty($mid)) {
            if (\is_object($GLOBALS['xoopsModule']) && 'newbb' === $GLOBALS['xoopsModule']->getVar('dirname')) {
                $mid = $GLOBALS['xoopsModule']->getVar('mid');
            } else {
                /** @var \XoopsModuleHandler $moduleHandler */
                $moduleHandler = \xoops_getHandler('module');
                $mod           = $moduleHandler->getByDirname('newbb');
                $mid           = $mod->getVar('mid');
                unset($mod);
            }
        }
        if ($this->myCheckRight($perm, $itemid, $groupid, $mid)) {
            return true;
        }
        $this->cacheHelper->delete('permission');
        $this->addRight($perm, $itemid, $groupid, $mid);

        return true;
    }

    /**
     * Check permission (directly)
     *
     * @param string $gperm_name   Name of permission
     * @param int    $gperm_itemid ID of an item
     * @param int           /array $gperm_groupid A group ID or an array of group IDs
     * @param int    $gperm_modid  ID of a module
     *
     * @return bool TRUE if permission is enabled
     */
    public function myCheckRight($gperm_name, $gperm_itemid, $gperm_groupid, $gperm_modid = 1)
    {
        $ret      = false;
        $criteria = new \CriteriaCompo(new \Criteria('gperm_modid', $gperm_modid));
        $criteria->add(new \Criteria('gperm_name', $gperm_name));
        $gperm_itemid = (int)$gperm_itemid;
        if ($gperm_itemid > 0) {
            $criteria->add(new \Criteria('gperm_itemid', $gperm_itemid));
        }
        if (\is_array($gperm_groupid)) {
            $criteria2 = new \CriteriaCompo();
            foreach ($gperm_groupid as $gid) {
                $criteria2->add(new \Criteria('gperm_groupid', $gid), 'OR');
            }
            $criteria->add($criteria2);
        } else {
            $criteria->add(new \Criteria('gperm_groupid', $gperm_groupid));
        }
        if ($this->getCount($criteria) > 0) {
            $ret = true;
        }

        return $ret;
    }

    /**
     * @param       $perm
     * @param       $itemid
     * @param       $groupid
     * @param null  $mid
     * @return bool
     */
    public function deleteRight($perm, $itemid, $groupid, $mid = null)
    {
        $this->cacheHelper->delete('permission');
        if (null === $mid) {

            if (\is_object($GLOBALS['xoopsModule']) && 'newbb' === $GLOBALS['xoopsModule']->getVar('dirname')) {
                $mid = $GLOBALS['xoopsModule']->getVar('mid');
            } else {
                /** @var \XoopsModuleHandler $moduleHandler */
                $moduleHandler = \xoops_getHandler('module');
                $mod           = $moduleHandler->getByDirname('newbb');
                $mid           = $mod->getVar('mid');
                unset($mod);
            }
        }
        if (\is_callable('parent::deleteRight')) {
            return parent::deleteRight($perm, $itemid, $groupid, $mid);
        }
        $criteria = new \CriteriaCompo(new \Criteria('gperm_name', $perm));
        $criteria->add(new \Criteria('gperm_groupid', $groupid));
        $criteria->add(new \Criteria('gperm_itemid', $itemid));
        $criteria->add(new \Criteria('gperm_modid', $mid));
        $permsObject = $this->getObjects($criteria);
        if (!empty($permsObject)) {
            foreach ($permsObject as $permObject) {
                $this->delete($permObject);
            }
        }
        unset($criteria, $permsObject);

        return true;
    }

    /**
     * @param        $forum
     * @param int    $mid
     * @return mixed
     */
    public function applyTemplate($forum, $mid = 0)
    {
        $this->cacheHelper->delete('permission_forum');
        $handler = $this->loadHandler('Forum');

        return $handler->applyTemplate($forum, $mid);
    }

    /**
     * @return mixed
     */
    public function getTemplate()
    {
        $handler  = $this->loadHandler('Forum');
        $template = $handler->getTemplate();

        return $template;
    }

    /**
     * @param $perms
     * @return mixed
     */
    public function setTemplate($perms)
    {
        $handler = $this->loadHandler('Forum');

        return $handler->setTemplate($perms);
    }
}


1			<?php
2
3			namespace XoopsModules\Newbb;
4
5			/**
6			* NewBB 5.0x, the forum module for XOOPS project
7			*
8			* @copyright XOOPS Project (https://xoops.org)
9			* @license GNU GPL 2 or later (https://www.gnu.org/licenses/gpl-2.0.html)
10			* @author Taiwen Jiang (phppp or D.J.) <[email protected]>
11			* @since 4.00
12			* @package module::newbb
13			*/
14
15			use XoopsModules\Newbb;
16
17
18
19			\defined('NEWBB_FUNCTIONS_INI') \|\| require $GLOBALS['xoops']->path('modules/newbb/include/functions.ini.php');
20			\define('NEWBB_HANDLER_PERMISSION', 1);
21
22			// Initializing XoopsGroupPermHandler if not loaded yet
23			if (!\class_exists('XoopsGroupPermHandler')) {
24			require_once $GLOBALS['xoops']->path('kernel/groupperm.php');
25			}
26
27			/**
28			* Class PermissionHandler
29			*/
30			class PermissionHandler extends \XoopsGroupPermHandler
31			{
32			/** @var \Xmf\Module\Helper\Cache */
33			protected $cacheHelper;
34
35			/** @var array */
36			private $_handler;
37
38			/**
39			* @param \XoopsDatabase\|null $db
40			*/
41			public function __construct(\XoopsDatabase $db = null)
42			{
43			$this->cacheHelper = new \Xmf\Module\Helper\Cache('newbb');
44
45			$this->db = $db;
46			parent::__construct($db);
47			}
48
49			/**
50			* @param $name
51			* @return mixed
52			*/
53			public function loadHandler($name)
54			{
55			if (!isset($this->_handler[$name])) {
56			// require_once __DIR__ . "/permission.{$name}.php";
57			$className = '\\XoopsModules\\Newbb\\Permission' . \ucfirst($name) . 'Handler';
58			$this->_handler[$name] = new $className($this->db);
59			}
60
61			return $this->_handler[$name];
62			}
63
64			/**
65			* @param bool $fullname
66			* @return mixed
67			*/
68			public function getValidForumPerms($fullname = false)
69			{
70			$handler = $this->loadHandler('Forum');
71
72			return $handler->getValidPerms($fullname);
73			}
74
75			/**
76			* @param int $forum
77			* @param bool $topic_locked
78			* @param bool $isAdmin
79			* @return mixed
80			*/
81			public function getPermissionTable($forum = 0, $topic_locked = false, $isAdmin = false)
82			{
83			$handler = $this->loadHandler('Forum');
84			$perm = $handler->getPermissionTable($forum, $topic_locked, $isAdmin);
85
86			return $perm;
87			}
88
89			/**
90			* @param $forum_id
91			* @return mixed
92			*/
93			public function deleteByForum($forum_id)
94			{
95			$this->cacheHelper->delete('permission_forum');
96			$handler = $this->loadHandler('Forum');
97
98			return $handler->deleteByForum($forum_id);
99			}
100
101			/**
102			* @param $cat_id
103			* @return mixed
104			*/
105			public function deleteByCategory($cat_id)
106			{
107			$this->cacheHelper->delete('permission_category');
108			$handler = $this->loadHandler('Category');
109
110			return $handler->deleteByCategory($cat_id);
111			}
112
113			/**
114			* @param $category
115			* @param array $groups
116			* @return mixed
117			*/
118			public function setCategoryPermission($category, array $groups = [])
119			{
120			$this->cacheHelper->delete('permission_category');
121			$handler = $this->loadHandler('Category');
122
123			return $handler->setCategoryPermission($category, $groups);
124			}
125
126			/**
127			* @param $type
128			* @param string $gperm_name
129			* @param int $id
130			* @return bool
131			*/
132			public function getPermission($type, $gperm_name = 'access', $id = 0)
133			{
134			global $xoopsModule;
135			$ret = false;
136			if ($GLOBALS['xoopsUserIsAdmin'] && 'newbb' === $xoopsModule->getVar('dirname')) {
137			$ret = true;
138			}
139
140			$groups = \is_object($GLOBALS['xoopsUser']) ? $GLOBALS['xoopsUser']->getGroups() : [XOOPS_GROUP_ANONYMOUS];
141			if (!$groups) {
142			$ret = false;
143			}
144			if (!$allowed_groups = $this->getGroups("{$type}_{$gperm_name}", $id)) {
145			$ret = false;
146			}
147
148			if (\count(\array_intersect($allowed_groups, $groups)) > 0) {
149			$ret = true;
150			}
151
152			return $ret;
153			}
154
155			/**
156			* @param string $perm_name
157			* @return array
158			*/
159			public function &getCategories($perm_name = 'access')
160			{
161			$ret = $this->getAllowedItems('category', "category_{$perm_name}");
162
163			return $ret;
164			}
165
166			/**
167			* @param string $perm_name
168			* @return array
169			*/
170			public function getForums($perm_name = 'access')
171			{
172			$ret = $this->getAllowedItems('forum', "forum_{$perm_name}");
173
174			return $ret;
175			}
176
177			/**
178			* @param $type
179			* @param $perm_name
180			* @return array
181			*/
182			public function getAllowedItems($type, $perm_name)
183			{
184			$ret = [];
185
186			$groups = \is_object($GLOBALS['xoopsUser']) ? $GLOBALS['xoopsUser']->getGroups() : [XOOPS_GROUP_ANONYMOUS];
187			if (\count($groups) < 1) {
188			return $ret;
189			}
190
191			if (!$_cachedPerms = $this->loadPermData($perm_name, $type)) {
192			return $ret;
193			}
194
195			$allowed_items = [];
196			foreach ($_cachedPerms as $id => $allowed_groups) {
197			if (0 == $id \|\| empty($allowed_groups)) {
198			continue;
199			}
200
201			if (\array_intersect($groups, $allowed_groups)) {
202			$allowed_items[$id] = 1;
203			}
204			}
205			unset($_cachedPerms);
206			$ret = \array_keys($allowed_items);
207
208			return $ret;
209			}
210
211			/**
212			* @param $gperm_name
213			* @param int $id
214			* @return array
215			*/
216			public function getGroups($gperm_name, $id = 0)
217			{
218			$_cachedPerms = $this->loadPermData($gperm_name);
219			$groups = empty($_cachedPerms[$id]) ? [] : \array_unique($_cachedPerms[$id]);
220			unset($_cachedPerms);
221
222			return $groups;
223			}
224
225			/**
226			* @param string $perm_name
227			* @return array
228			*/
229			public function createPermData($perm_name = 'forum_all')
230			{
231			global $xoopsModule;
232			/** @var \XoopsModuleHandler $moduleHandler */
233			$perms = [];
234
235			if (\is_object($xoopsModule) && 'newbb' === $xoopsModule->getVar('dirname')) {
236			$modid = $xoopsModule->getVar('mid');
237			} else {
238			$moduleHandler = \xoops_getHandler('module');
239			$module = $moduleHandler->getByDirname('newbb');
240			$modid = $module->getVar('mid');
241			unset($module);
242			}
243
244			if (\in_array($perm_name, ['forum_all', 'category_all'])) {
245			/** @var \XoopsMemberHandler $memberHandler */
246			$memberHandler = \xoops_getHandler('member');
247			$groups = \array_keys($memberHandler->getGroupList());
248
249			$type = ('category_all' === $perm_name) ? 'category' : 'forum';
250			$objectHandler = \XoopsModules\Newbb\Helper::getInstance()->getHandler($type);
251			$object_ids = $objectHandler->getIds();
252			foreach ($object_ids as $item_id) {
253			$perms[$perm_name][$item_id] = $groups;
254			}
255			} else {
256			$grouppermHandler = \xoops_getHandler('groupperm');
257			$criteria = new \CriteriaCompo(new \Criteria('gperm_modid', $modid));
258			if (!empty($perm_name) && 'forum_all' !== $perm_name && 'category_all' !== $perm_name) {
259			$criteria->add(new \Criteria('gperm_name', $perm_name));
260			}
261			$permissions = $this->getObjects($criteria);
262
263			foreach ($permissions as $gperm) {
264			$item_id = $gperm->getVar('gperm_itemid');
265			$group_id = (int)$gperm->getVar('gperm_groupid');
266			$perms[$gperm->getVar('gperm_name')][$item_id][] = $group_id;
267			}
268			}
269			if (\count($perms) > 0) {
270			foreach (\array_keys($perms) as $perm) {
271			$this->cacheHelper->write("permission_{$perm}", $perms[$perm]);
272			}
273			}
274			$ret = !empty($perm_name) ? @$perms[$perm_name] : $perms;
275
276			return $ret;
277			}
278
279			/**
280			* @param string $perm_name
281			* @return array\|mixed\|null
282			*/
283			public function &loadPermData($perm_name = 'forum_access')
284			{
285			if (!$perms = $this->cacheHelper->read("permission_{$perm_name}")) {
286			$perms = $this->createPermData($perm_name);
287			}
288
289			return $perms;
290			}
291
292			/**
293			* @param $perm
294			* @param $itemid
295			* @param $groupid
296			* @param null $mid
297			* @return bool
298			*/
299			public function validateRight($perm, $itemid, $groupid, $mid = null)
300			{
301			if (empty($mid)) {
302			if (\is_object($GLOBALS['xoopsModule']) && 'newbb' === $GLOBALS['xoopsModule']->getVar('dirname')) {
303			$mid = $GLOBALS['xoopsModule']->getVar('mid');
304			} else {
305			/** @var \XoopsModuleHandler $moduleHandler */
306			$moduleHandler = \xoops_getHandler('module');
307			$mod = $moduleHandler->getByDirname('newbb');
308			$mid = $mod->getVar('mid');
309			unset($mod);
310			}
311			}
312			if ($this->myCheckRight($perm, $itemid, $groupid, $mid)) {
313			return true;
314			}
315			$this->cacheHelper->delete('permission');
316			$this->addRight($perm, $itemid, $groupid, $mid);
317
318			return true;
319			}
320
321			/**
322			* Check permission (directly)
323			*
324			* @param string $gperm_name Name of permission
325			* @param int $gperm_itemid ID of an item
326			* @param int /array $gperm_groupid A group ID or an array of group IDs
327			* @param int $gperm_modid ID of a module
328			*
329			* @return bool TRUE if permission is enabled
330			*/
331			public function myCheckRight($gperm_name, $gperm_itemid, $gperm_groupid, $gperm_modid = 1)
332			{
333			$ret = false;
334			$criteria = new \CriteriaCompo(new \Criteria('gperm_modid', $gperm_modid));
335			$criteria->add(new \Criteria('gperm_name', $gperm_name));
336			$gperm_itemid = (int)$gperm_itemid;
337			if ($gperm_itemid > 0) {
338			$criteria->add(new \Criteria('gperm_itemid', $gperm_itemid));
339			}
340			if (\is_array($gperm_groupid)) {
341			$criteria2 = new \CriteriaCompo();
342			foreach ($gperm_groupid as $gid) {
343			$criteria2->add(new \Criteria('gperm_groupid', $gid), 'OR');
344			}
345			$criteria->add($criteria2);
346			} else {
347			$criteria->add(new \Criteria('gperm_groupid', $gperm_groupid));
348			}
349			if ($this->getCount($criteria) > 0) {
350			$ret = true;
351			}
352
353			return $ret;
354			}
355
356			/**
357			* @param $perm
358			* @param $itemid
359			* @param $groupid
360			* @param null $mid
361			* @return bool
362			*/
363			public function deleteRight($perm, $itemid, $groupid, $mid = null)
364			{
365			$this->cacheHelper->delete('permission');
366			if (null === $mid) {
			0 ignored issues – show introduced 2018-12-03 12:44 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `null === $mid` is always `true`. Loading history...
367			if (\is_object($GLOBALS['xoopsModule']) && 'newbb' === $GLOBALS['xoopsModule']->getVar('dirname')) {
368			$mid = $GLOBALS['xoopsModule']->getVar('mid');
369			} else {
370			/** @var \XoopsModuleHandler $moduleHandler */
371			$moduleHandler = \xoops_getHandler('module');
372			$mod = $moduleHandler->getByDirname('newbb');
373			$mid = $mod->getVar('mid');
374			unset($mod);
375			}
376			}
377			if (\is_callable('parent::deleteRight')) {
378			return parent::deleteRight($perm, $itemid, $groupid, $mid);
379			}
380			$criteria = new \CriteriaCompo(new \Criteria('gperm_name', $perm));
381			$criteria->add(new \Criteria('gperm_groupid', $groupid));
382			$criteria->add(new \Criteria('gperm_itemid', $itemid));
383			$criteria->add(new \Criteria('gperm_modid', $mid));
384			$permsObject = $this->getObjects($criteria);
385			if (!empty($permsObject)) {
386			foreach ($permsObject as $permObject) {
387			$this->delete($permObject);
388			}
389			}
390			unset($criteria, $permsObject);
391
392			return true;
393			}
394
395			/**
396			* @param $forum
397			* @param int $mid
398			* @return mixed
399			*/
400			public function applyTemplate($forum, $mid = 0)
401			{
402			$this->cacheHelper->delete('permission_forum');
403			$handler = $this->loadHandler('Forum');
404
405			return $handler->applyTemplate($forum, $mid);
406			}
407
408			/**
409			* @return mixed
410			*/
411			public function getTemplate()
412			{
413			$handler = $this->loadHandler('Forum');
414			$template = $handler->getTemplate();
415
416			return $template;
417			}
418
419			/**
420			* @param $perms
421			* @return mixed
422			*/
423			public function setTemplate($perms)
424			{
425			$handler = $this->loadHandler('Forum');
426
427			return $handler->setTemplate($perms);
428			}
429			}
430

mambax7 / newbb5

Issues (380)

Security Analysis not enabled

class/PermissionHandler.php (1 issue)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like