Merge branch 'development'

in dbReturn with params on not matching param the system exited on fail
without printing the query making it hard to find where the error is.
Added debug output in case the params count is not matching.
Same move in the dbExecute call

removed param count check from dbReturnRow/dbReturnArray as this check
is done in the dbExecParams call anyway

publish/last.published

@@ -1 +1 @@
-8.0.2
+8.2.1

publish/publish.sh

@@ -31,6 +31,7 @@ source .env.deploy;
 cd -;
 set +o allexport;
 
+echo "[START]";
 # gitea
 if [ ! -z "${GITEA_USER}" ] && [ ! -z "${GITEA_TOKEN}" ]; then
      curl -LJO \
@@ -56,5 +57,7 @@ if [ ! -z  "${GITLAB_DEPLOY_TOKEN}" ]; then
 else
      echo "Missing GITLAB_DEPLOY_TOKEN environment variable";
 fi;
+echo "";
+echo "[DONE]";
 
 # __END__

src/ACL/Login.php

@@ -69,6 +69,7 @@ declare(strict_types=1);
 namespace CoreLibs\ACL;
 
 use CoreLibs\Check\Password;
+use CoreLibs\Convert\Json;
 
 class Login
 {
@@ -428,7 +429,7 @@ class Login
 
 	/**
 	 * Set options
-	 * Current allowed
+	 * Current allowed:
 	 * target <string>: site target
 	 * debug <bool>
 	 * auto_login <bool>: self start login process
@@ -753,7 +754,10 @@ class Login
 		// we have to get the themes in here too
 		$q = "SELECT eu.edit_user_id, eu.username, eu.password, "
 			. "eu.edit_group_id, "
-			. "eg.name AS edit_group_name, admin, "
+			. "eg.name AS edit_group_name, eu.admin, "
+			// additinal acl lists
+			. "eu.additional_acl AS user_additional_acl, "
+			. "eg.additional_acl AS group_additional_acl, "
 			// login error + locked
 			. "eu.login_error_count, eu.login_error_date_last, "
 			. "eu.login_error_date_first, eu.strict, eu.locked, "
@@ -901,8 +905,10 @@ class Login
 				$_SESSION['GROUP_NAME'] = $res['edit_group_name'];
 				$_SESSION['USER_ACL_LEVEL'] = $res['user_level'];
 				$_SESSION['USER_ACL_TYPE'] = $res['user_type'];
+				$_SESSION['USER_ADDITIONAL_ACL'] = Json::jsonConvertToArray($res['user_additional_acl']);
 				$_SESSION['GROUP_ACL_LEVEL'] = $res['group_level'];
 				$_SESSION['GROUP_ACL_TYPE'] = $res['group_type'];
+				$_SESSION['GROUP_ADDITIONAL_ACL'] = Json::jsonConvertToArray($res['group_additional_acl']);
 				// deprecated TEMPLATE setting
 				$_SESSION['TEMPLATE'] = $res['template'] ? $res['template'] : '';
 				$_SESSION['HEADER_COLOR'] = !empty($res['second_header_color']) ?
@@ -1021,7 +1027,8 @@ class Login
 				$_SESSION['PAGES'] = $pages;
 				$_SESSION['PAGES_ACL_LEVEL'] = $pages_acl;
 				// load the edit_access user rights
-				$q = "SELECT ea.edit_access_id, level, type, ea.name, ea.color, ea.uid, edit_default "
+				$q = "SELECT ea.edit_access_id, level, type, ea.name, "
+					. "ea.color, ea.uid, edit_default, ea.additional_acl "
 					. "FROM edit_access_user eau, edit_access_right ear, edit_access ea "
 					. "WHERE eau.edit_access_id = ea.edit_access_id "
 					. "AND eau.edit_access_right_id = ear.edit_access_right_id "
@@ -1048,6 +1055,7 @@ class Login
 						'uid' => $res['uid'],
 						'color' => $res['color'],
 						'default' => $res['edit_default'],
+						'additional_acl' => Json::jsonConvertToArray($res['additional_acl']),
 						'data' => $ea_data
 					];
 					// set the default unit
@@ -1122,6 +1130,11 @@ class Login
 		// username (login), group name
 		$this->acl['user_name'] = $_SESSION['USER_NAME'];
 		$this->acl['group_name'] = $_SESSION['GROUP_NAME'];
+		// set additional acl
+		$this->acl['additional_acl'] = [
+			'user' => $_SESSION['USER_ADDITIONAL_ACL'],
+			'group' => $_SESSION['GROUP_ADDITIONAL_ACL'],
+		];
 		// we start with the default acl
 		$this->acl['base'] = $this->default_acl_level;
 
@@ -1184,7 +1197,8 @@ class Login
 				'uid' => $unit['uid'],
 				'level' => $this->default_acl_list[$this->acl['unit'][$ea_id]]['name'] ?? -1,
 				'default' => $unit['default'],
-				'data' => $unit['data']
+				'data' => $unit['data'],
+				'additional_acl' => $unit['additional_acl']
 			];
 			// set default
 			if (!empty($unit['default'])) {

src/DB/SQL/Interface/SqlFunctions.php

@@ -42,6 +42,15 @@ interface SqlFunctions
 	 */
 	public function __dbSendQuery(string $query): bool;
 
+	/**
+	 * Undocumented function
+	 *
+	 * @param  string $query
+	 * @param  array<mixed> $params
+	 * @return bool
+	 */
+	public function __dbSendQueryParams(string $query, array $params): bool;
+
 	/**
 	 * Undocumented function
 	 *
@@ -74,6 +83,24 @@ interface SqlFunctions
 	 */
 	public function __dbExecute(string $name, array $data): \PgSql\Result|false;
 
+	/**
+	 * Undocumented function
+	 *
+	 * @param  string $name
+	 * @param  string $query
+	 * @return bool
+	 */
+	public function __dbSendPrepare(string $name, string $query): bool;
+
+	/**
+	 * Undocumented function
+	 *
+	 * @param  string $name
+	 * @param  array<mixed> $params
+	 * @return bool
+	 */
+	public function __dbSendExecute(string $name, array $params): bool;
+
 	/**
 	 * Undocumented function
 	 *
@@ -99,6 +126,15 @@ interface SqlFunctions
 	 */
 	public function __dbFieldName(\PgSql\Result|false $cursor, int $i): string|false;
 
+	/**
+	 * Undocumented function
+	 *
+	 * @param  \PgSql\Result|false $cursor
+	 * @param  int $i
+	 * @return string|false
+	 */
+	public function __dbFieldType(\PgSql\Result|false $cursor, int $i): string|false;
+
 	/**
 	 * Undocumented function
 	 *

src/DB/SQL/PgSQL.php

@@ -33,7 +33,11 @@
 * pg_affected_rows (*)
 * pg_fetch_array
 * pg_query
+* pg_query_params
 * pg_send_query
+* pg_send_query_params
+* pg_send_prepare
+* pg_send_execute
 * pg_get_result
 * pg_connection_busy
 * pg_close
@@ -50,6 +54,7 @@ namespace CoreLibs\DB\SQL;
 // below no ignore is needed if we want to use PgSql interface checks with PHP 8.0
 // as main system. Currently all @var sets are written as object
 /** @#phan-file-suppress PhanUndeclaredTypeProperty,PhanUndeclaredTypeParameter,PhanUndeclaredTypeReturnType */
+/** @phan-file-suppress PhanTypeMismatchArgumentInternal, PhanTypeMismatchReturn */
 
 class PgSQL implements Interface\SqlFunctions
 {
@@ -93,8 +98,7 @@ class PgSQL implements Interface\SqlFunctions
 	}
 
 	/**
-	 * Proposed
-	 * wrapperf or pg_query_params for queries in the style of
+	 * wrapper for pg_query_params for queries in the style of
 	 * SELECT foo FROM bar WHERE foobar = $1
 	 *
 	 * @param  string       $query  Query string with placeholders $1, ..
@@ -132,6 +136,22 @@ class PgSQL implements Interface\SqlFunctions
 		return $result ? true : false;
 	}
 
+	/**
+	 * sends an async query to the server with params
+	 *
+	 * @param  string       $query  Query string with placeholders $1, ..
+	 * @param  array<mixed> $params Matching parameters for each placerhold
+	 * @return bool         true/false Query sent successful status
+	 */
+	public function __dbSendQueryParams(string $query, array $params): bool
+	{
+		if (is_bool($this->dbh)) {
+			return false;
+		}
+		$result = pg_send_query_params($this->dbh, $query, $params);
+		return $result ? true : false;
+	}
+
 	/**
 	 * wrapper for pg_get_result
 	 *
@@ -208,6 +228,38 @@ class PgSQL implements Interface\SqlFunctions
 		return $result;
 	}
 
+	/**
+	 * Asnyc send for a prepared statement
+	 *
+	 * @param  string $name
+	 * @param  string $query
+	 * @return bool
+	 */
+	public function __dbSendPrepare(string $name, string $query): bool
+	{
+		if (is_bool($this->dbh)) {
+			return false;
+		}
+		$result = pg_send_prepare($this->dbh, $name, $query);
+		return $result ? true : false;
+	}
+
+	/**
+	 * Asnyc ssend for a prepared statement execution
+	 *
+	 * @param  string $name
+	 * @param  array<mixed> $params
+	 * @return bool
+	 */
+	public function __dbSendExecute(string $name, array $params): bool
+	{
+		if (is_bool($this->dbh)) {
+			return false;
+		}
+		$result = pg_send_execute($this->dbh, $name, $params);
+		return $result ? true : false;
+	}
+
 	/**
 	 * wrapper for pg_num_rows
 	 *
@@ -251,6 +303,21 @@ class PgSQL implements Interface\SqlFunctions
 		return pg_field_name($cursor, $i);
 	}
 
+	/**
+	 * wrapper for pg_field_name
+	 *
+	 * @param  \PgSql\Result|false $cursor cursor
+	 * @param  int                 $i      field position
+	 * @return string|false                field type name or false
+	 */
+	public function __dbFieldType(\PgSql\Result|false $cursor, int $i): string|false
+	{
+		if (is_bool($cursor)) {
+			return false;
+		}
+		return pg_field_type($cursor, $i);
+	}
+
 	/**
 	 * wrapper for pg_fetch_array
 	 * if through/true false, use __dbResultType(true)

src/Template/SmartyExtend.php

@@ -452,92 +452,95 @@ class SmartyExtend extends \Smarty
 	 * wrapper call for setSmartyVars
 	 * this is for frontend type and will not set any only admin needed variables
 	 *
-	 * @param  string|null $compile_dir          BASE . TEMPLATES_C
-	 * @param  string|null $cache_dir            BASE . CACHE
-	 * @param  string|null $set_js               JS
-	 * @param  string|null $set_css              CSS
-	 * @param  string|null $set_font             FONT
-	 * @param  string|null $set_default_encoding DEFAULT_ENCODING
-	 * @param  string|null $set_g_title          G_TITLE
-	 * @param  string|null $set_stylesheet       STYLESHEET
-	 * @param  string|null $set_javascript       JAVASCRIPT
-	 * @param  \CoreLibs\Admin\Backend|null $cms Optinal Admin Backend for
-	 *                                           smarty variables merge
+	 * @param  array<string,string> $options list with the following value:
+	 *                              compile_dir      :BASE . TEMPLATES_C
+	 *                              cache_dir        :BASE . CACHE
+	 *                              js               :JS
+	 *                              css              :CSS
+	 *                              font             :FONT
+	 *                              default_encoding :DEFAULT_ENCODING
+	 *                              g_title          :G_TITLE
+	 *                              stylesheet       :STYLESHEET
+	 *                              javascript       :JAVASCRIPT
+	 * @param  array<string,mixed>  $smarty_data     array of three keys
+	 *                                               that hold smarty set strings
+	 *                                               HEADER, DATA, DEBUG_DATA
 	 * @return void
 	 */
 	public function setSmartyVarsFrontend(
-		?string $compile_dir = null,
-		?string $cache_dir = null,
-		?string $set_js = null,
-		?string $set_css = null,
-		?string $set_font = null,
-		?string $set_default_encoding = null,
-		?string $set_g_title = null,
-		?string $set_stylesheet = null,
-		?string $set_javascript = null,
-		?\CoreLibs\Admin\Backend $cms = null
+		array $options,
+		array $smarty_data
 	): void {
 		$this->setSmartyVars(
 			false,
-			$cms,
-			$compile_dir,
-			$cache_dir,
-			$set_js,
-			$set_css,
-			$set_font,
-			$set_default_encoding,
-			$set_g_title,
+			$smarty_data,
+			null,
+			$options['compile_dir'] ?? null,
+			$options['cache_dir'] ?? null,
+			$options['js'] ?? null,
+			$options['css'] ?? null,
+			$options['font'] ?? null,
+			$options['default_encoding'] ?? null,
+			$options['g_title'] ?? null,
 			null,
 			null,
 			null,
-			$set_stylesheet,
-			$set_javascript
+			null,
+			null,
+			$options['stylesheet'] ?? null,
+			$options['javascript'] ?? null
 		);
 	}
 
 	/**
 	 * wrapper call for setSmartyVars
 	 * this is only for admin interface and will set additional variables
-	 * @param  string|null $compile_dir          BASE . TEMPLATES_C
-	 * @param  string|null $cache_dir            BASE . CACHE
-	 * @param  string|null $set_js               JS
-	 * @param  string|null $set_css              CSS
-	 * @param  string|null $set_font             FONT
-	 * @param  string|null $set_default_encoding DEFAULT_ENCODING
-	 * @param  string|null $set_g_title          G_TITLE
-	 * @param  string|null $set_admin_stylesheet ADMIN_STYLESHEET
-	 * @param  string|null $set_admin_javascript ADMIN_JAVASCRIPT
-	 * @param  string|null $set_page_width       PAGE_WIDTH
+	 * @param  array<string,string> $options list with the following value:
+	 *                              compile_dir      :BASE . TEMPLATES_C
+	 *                              cache_dir        :BASE . CACHE
+	 *                              js               :JS
+	 *                              css              :CSS
+	 *                              font             :FONT
+	 *                              default_encoding :DEFAULT_ENCODING
+	 *                              g_title          :G_TITLE
+	 *                              admin_stylesheet :ADMIN_STYLESHEET
+	 *                              admin_javascript :ADMIN_JAVASCRIPT
+	 *                              page_width       :PAGE_WIDTH
+	 *                              content_path     :CONTENT_PATH
+	 *                              user_name        :_SESSION['USER_NAME']
 	 * @param  \CoreLibs\Admin\Backend|null $cms Optinal Admin Backend for
 	 *                                           smarty variables merge
 	 * @return void
 	 */
 	public function setSmartyVarsAdmin(
-		?string $compile_dir = null,
-		?string $cache_dir = null,
-		?string $set_js = null,
-		?string $set_css = null,
-		?string $set_font = null,
-		?string $set_default_encoding = null,
-		?string $set_g_title = null,
-		?string $set_admin_stylesheet = null,
-		?string $set_admin_javascript = null,
-		?string $set_page_width = null,
+		array $options,
 		?\CoreLibs\Admin\Backend $cms = null
 	): void {
+		// if we have cms data, check for array blocks and build
+		$smarty_data = [];
+		if ($cms !== null) {
+			$smarty_data = [
+				'HEADER' => $cms->HEADER,
+				'DATA' => $cms->DATA,
+				'DEBUG_DATA' => $cms->DEBUG_DATA
+			];
+		}
 		$this->setSmartyVars(
 			true,
+			$smarty_data,
 			$cms,
-			$compile_dir,
-			$cache_dir,
-			$set_js,
-			$set_css,
-			$set_font,
-			$set_g_title,
-			$set_default_encoding,
-			$set_admin_stylesheet,
-			$set_admin_javascript,
-			$set_page_width,
+			$options['compile_dir'] ?? null,
+			$options['cache_dir'] ?? null,
+			$options['js'] ?? null,
+			$options['css'] ?? null,
+			$options['font'] ?? null,
+			$options['g_title'] ?? null,
+			$options['default_encoding'] ?? null,
+			$options['admin_stylesheet'] ?? null,
+			$options['admin_javascript'] ?? null,
+			$options['page_width'] ?? null,
+			$options['content_path'] ?? null,
+			$options['user_name'] ?? null,
 			null,
 			null
 		);
@@ -549,6 +552,7 @@ class SmartyExtend extends \Smarty
 	 *
 	 * @param  bool        $admin_call           default false
 	 *                                           will set admin only variables
+	 * @param  array<string,mixed> $smarty_data  smarty data to merge
 	 * @param  \CoreLibs\Admin\Backend|null $cms Optinal Admin Backend for
 	 *                                           smarty variables merge
 	 * @param  string|null $compile_dir          BASE . TEMPLATES_C
@@ -561,13 +565,15 @@ class SmartyExtend extends \Smarty
 	 * @param  string|null $set_admin_stylesheet ADMIN_STYLESHEET
 	 * @param  string|null $set_admin_javascript ADMIN_JAVASCRIPT
 	 * @param  string|null $set_page_width       PAGE_WIDTH
+	 * @param  string|null $set_content_path     CONTENT_PATH  (only if $cms set and admin)
+	 * @param  string|null $set_user_name        _SESSION['USER_NAME']
 	 * @param  string|null $set_stylesheet       STYLESHEET
 	 * @param  string|null $set_javascript       JAVASCRIPT
-	 * @param  string|null $set_user_name        _SESSION['USER_NAME']
 	 * @return void
 	 */
 	private function setSmartyVars(
 		bool $admin_call,
+		array $smarty_data = [],
 		?\CoreLibs\Admin\Backend $cms = null,
 		?string $compile_dir = null,
 		?string $cache_dir = null,
@@ -579,9 +585,10 @@ class SmartyExtend extends \Smarty
 		?string $set_admin_stylesheet = null,
 		?string $set_admin_javascript = null,
 		?string $set_page_width = null,
+		?string $set_content_path = null,
+		?string $set_user_name = null,
 		?string $set_stylesheet = null,
 		?string $set_javascript = null,
-		?string $set_user_name = null,
 	): void {
 		// trigger deprecation
 		if (
@@ -605,6 +612,9 @@ class SmartyExtend extends \Smarty
 					$set_stylesheet === null ||
 					$set_javascript === null
 				)
+			) ||
+			(
+				$admin_call === true && $cms !== null && $set_content_path === null
 			)
 		) {
 			/** @deprecated setSmartyVars call without parameters */
@@ -624,25 +634,12 @@ class SmartyExtend extends \Smarty
 		$set_admin_stylesheet = $set_admin_stylesheet ?? ADMIN_STYLESHEET;
 		$set_admin_javascript = $set_admin_javascript ?? ADMIN_JAVASCRIPT;
 		$set_page_width = $set_page_width ?? PAGE_WIDTH;
+		$set_content_path = $set_content_path ?? CONTENT_PATH;
 		$set_stylesheet = $set_stylesheet ?? STYLESHEET;
 		$set_javascript = $set_javascript ?? JAVASCRIPT;
 		$set_user_name = $set_user_name ?? $_SESSION['USER_NAME'] ?? '';
-		// depreacte call globals cms on null 4mcs
-		if (
-			$cms === null &&
-			isset($GLOBALS['cms'])
-		) {
-			/** @deprecated setSmartyVars globals cms is deprecated */
-			trigger_error(
-				'Calling setSmartyVars without cms parameter when needed is deprecated',
-				E_USER_DEPRECATED
-			);
-		}
-		// this is ugly
-		$cms = $cms ?? $GLOBALS['cms'] ?? null;
-		if ($cms instanceof \CoreLibs\Admin\Backend) {
-			$this->mergeCmsSmartyVars($cms);
-		}
+		// merge additional smarty data
+		$this->mergeCmsSmartyVars($smarty_data);
 
 		// trigger flags
 		$this->HEADER['USE_PROTOTYPE'] = $this->USE_PROTOTYPE;
@@ -684,12 +681,27 @@ class SmartyExtend extends \Smarty
 		$this->DATA['FORM_ACTION'] = $this->FORM_ACTION;
 		// special for admin
 		if ($admin_call === true) {
+			// depreacte call globals cms on null 4mcs
+			if (
+				$cms === null &&
+				isset($GLOBALS['cms'])
+			) {
+				/** @deprecated setSmartyVars globals cms is deprecated */
+				trigger_error(
+					'Calling setSmartyVars without cms parameter when needed is deprecated',
+					E_USER_DEPRECATED
+				);
+			}
+			// this is ugly
+			$cms = $cms ?? $GLOBALS['cms'] ?? null;
 			// set ACL extra show
 			if ($cms instanceof \CoreLibs\Admin\Backend) {
 				$this->DATA['show_ea_extra'] = $cms->acl['show_ea_extra'] ?? false;
 				$this->DATA['ADMIN'] = $cms->acl['admin'] ?? 0;
 				// top menu
-				$this->DATA['nav_menu'] = $cms->adbTopMenu();
+				$this->DATA['nav_menu'] = $cms->adbTopMenu(
+					$set_content_path
+				);
 				$this->DATA['nav_menu_count'] = count($this->DATA['nav_menu']);
 				// messages = ['msg' =>, 'class' => 'error/warning/...']
 				$this->DATA['messages'] = $cms->messages;
@@ -749,18 +761,18 @@ class SmartyExtend extends \Smarty
 	/**
 	 * merge outside object HEADER/DATA/DEBUG_DATA vars into the smarty class
 	 *
-	 * @param  \CoreLibs\Admin\Backend $cms object that has header/data/debug_data
+	 * @param  array<string,mixed> $smarty_data array that has header/data/debug_data
 	 * @return void
 	 */
-	public function mergeCmsSmartyVars(\CoreLibs\Admin\Backend $cms): void
+	public function mergeCmsSmartyVars(array $smarty_data): void
 	{
 		// array merge HEADER, DATA, DEBUG DATA
 		foreach (['HEADER', 'DATA', 'DEBUG_DATA'] as $ext_smarty) {
 			if (
-				isset($cms->{$ext_smarty}) &&
-				is_array($cms->{$ext_smarty})
+				isset($smarty_data[$ext_smarty]) &&
+				is_array($smarty_data[$ext_smarty])
 			) {
-				$this->{$ext_smarty} = array_merge($this->{$ext_smarty}, $cms->{$ext_smarty});
+				$this->{$ext_smarty} = array_merge($this->{$ext_smarty}, $smarty_data[$ext_smarty]);
 			}
 		}
 	}

test/phpunit/ACL/CoreLibsACLLoginTest.php

@@ -267,6 +267,8 @@ final class CoreLibsACLLoginTest extends TestCase
 					'GROUP_ACL_LEVEL' => -1,
 					'PAGES_ACL_LEVEL' => [],
 					'USER_ACL_LEVEL' => -1,
+					'USER_ADDITIONAL_ACL' => [],
+					'GROUP_ADDITIONAL_ACL' => [],
 					'UNIT_UID' => [
 						'AdminAccess' => 1,
 					],
@@ -280,6 +282,7 @@ final class CoreLibsACLLoginTest extends TestCase
 							'data' => [
 								'test' => 'value',
 							],
+							'additional_acl' => []
 						],
 					],
 					// 'UNIT_DEFAULT' => '',