Merge branch 'development'

in dbReturn with params on not matching param the system exited on fail
without printing the query making it hard to find where the error is.
Added debug output in case the params count is not matching.
Same move in the dbExecute call

removed param count check from dbReturnRow/dbReturnArray as this check
is done in the dbExecParams call anyway

publish/last.published

@@ -1 +1 @@
-8.0.4
+8.2.1

publish/publish.sh

@@ -31,6 +31,7 @@ source .env.deploy;
 cd -;
 set +o allexport;
 
+echo "[START]";
 # gitea
 if [ ! -z "${GITEA_USER}" ] && [ ! -z "${GITEA_TOKEN}" ]; then
      curl -LJO \
@@ -56,5 +57,7 @@ if [ ! -z  "${GITLAB_DEPLOY_TOKEN}" ]; then
 else
      echo "Missing GITLAB_DEPLOY_TOKEN environment variable";
 fi;
+echo "";
+echo "[DONE]";
 
 # __END__

src/ACL/Login.php

@@ -69,6 +69,7 @@ declare(strict_types=1);
 namespace CoreLibs\ACL;
 
 use CoreLibs\Check\Password;
+use CoreLibs\Convert\Json;
 
 class Login
 {
@@ -428,7 +429,7 @@ class Login
 
 	/**
 	 * Set options
-	 * Current allowed
+	 * Current allowed:
 	 * target <string>: site target
 	 * debug <bool>
 	 * auto_login <bool>: self start login process
@@ -753,7 +754,10 @@ class Login
 		// we have to get the themes in here too
 		$q = "SELECT eu.edit_user_id, eu.username, eu.password, "
 			. "eu.edit_group_id, "
-			. "eg.name AS edit_group_name, admin, "
+			. "eg.name AS edit_group_name, eu.admin, "
+			// additinal acl lists
+			. "eu.additional_acl AS user_additional_acl, "
+			. "eg.additional_acl AS group_additional_acl, "
 			// login error + locked
 			. "eu.login_error_count, eu.login_error_date_last, "
 			. "eu.login_error_date_first, eu.strict, eu.locked, "
@@ -901,8 +905,10 @@ class Login
 				$_SESSION['GROUP_NAME'] = $res['edit_group_name'];
 				$_SESSION['USER_ACL_LEVEL'] = $res['user_level'];
 				$_SESSION['USER_ACL_TYPE'] = $res['user_type'];
+				$_SESSION['USER_ADDITIONAL_ACL'] = Json::jsonConvertToArray($res['user_additional_acl']);
 				$_SESSION['GROUP_ACL_LEVEL'] = $res['group_level'];
 				$_SESSION['GROUP_ACL_TYPE'] = $res['group_type'];
+				$_SESSION['GROUP_ADDITIONAL_ACL'] = Json::jsonConvertToArray($res['group_additional_acl']);
 				// deprecated TEMPLATE setting
 				$_SESSION['TEMPLATE'] = $res['template'] ? $res['template'] : '';
 				$_SESSION['HEADER_COLOR'] = !empty($res['second_header_color']) ?
@@ -1021,7 +1027,8 @@ class Login
 				$_SESSION['PAGES'] = $pages;
 				$_SESSION['PAGES_ACL_LEVEL'] = $pages_acl;
 				// load the edit_access user rights
-				$q = "SELECT ea.edit_access_id, level, type, ea.name, ea.color, ea.uid, edit_default "
+				$q = "SELECT ea.edit_access_id, level, type, ea.name, "
+					. "ea.color, ea.uid, edit_default, ea.additional_acl "
 					. "FROM edit_access_user eau, edit_access_right ear, edit_access ea "
 					. "WHERE eau.edit_access_id = ea.edit_access_id "
 					. "AND eau.edit_access_right_id = ear.edit_access_right_id "
@@ -1048,6 +1055,7 @@ class Login
 						'uid' => $res['uid'],
 						'color' => $res['color'],
 						'default' => $res['edit_default'],
+						'additional_acl' => Json::jsonConvertToArray($res['additional_acl']),
 						'data' => $ea_data
 					];
 					// set the default unit
@@ -1122,6 +1130,11 @@ class Login
 		// username (login), group name
 		$this->acl['user_name'] = $_SESSION['USER_NAME'];
 		$this->acl['group_name'] = $_SESSION['GROUP_NAME'];
+		// set additional acl
+		$this->acl['additional_acl'] = [
+			'user' => $_SESSION['USER_ADDITIONAL_ACL'],
+			'group' => $_SESSION['GROUP_ADDITIONAL_ACL'],
+		];
 		// we start with the default acl
 		$this->acl['base'] = $this->default_acl_level;
 
@@ -1184,7 +1197,8 @@ class Login
 				'uid' => $unit['uid'],
 				'level' => $this->default_acl_list[$this->acl['unit'][$ea_id]]['name'] ?? -1,
 				'default' => $unit['default'],
-				'data' => $unit['data']
+				'data' => $unit['data'],
+				'additional_acl' => $unit['additional_acl']
 			];
 			// set default
 			if (!empty($unit['default'])) {

src/DB/SQL/Interface/SqlFunctions.php

@@ -42,6 +42,15 @@ interface SqlFunctions
 	 */
 	public function __dbSendQuery(string $query): bool;
 
+	/**
+	 * Undocumented function
+	 *
+	 * @param  string $query
+	 * @param  array<mixed> $params
+	 * @return bool
+	 */
+	public function __dbSendQueryParams(string $query, array $params): bool;
+
 	/**
 	 * Undocumented function
 	 *
@@ -74,6 +83,24 @@ interface SqlFunctions
 	 */
 	public function __dbExecute(string $name, array $data): \PgSql\Result|false;
 
+	/**
+	 * Undocumented function
+	 *
+	 * @param  string $name
+	 * @param  string $query
+	 * @return bool
+	 */
+	public function __dbSendPrepare(string $name, string $query): bool;
+
+	/**
+	 * Undocumented function
+	 *
+	 * @param  string $name
+	 * @param  array<mixed> $params
+	 * @return bool
+	 */
+	public function __dbSendExecute(string $name, array $params): bool;
+
 	/**
 	 * Undocumented function
 	 *
@@ -99,6 +126,15 @@ interface SqlFunctions
 	 */
 	public function __dbFieldName(\PgSql\Result|false $cursor, int $i): string|false;
 
+	/**
+	 * Undocumented function
+	 *
+	 * @param  \PgSql\Result|false $cursor
+	 * @param  int $i
+	 * @return string|false
+	 */
+	public function __dbFieldType(\PgSql\Result|false $cursor, int $i): string|false;
+
 	/**
 	 * Undocumented function
 	 *

src/DB/SQL/PgSQL.php

@@ -33,7 +33,11 @@
 * pg_affected_rows (*)
 * pg_fetch_array
 * pg_query
+* pg_query_params
 * pg_send_query
+* pg_send_query_params
+* pg_send_prepare
+* pg_send_execute
 * pg_get_result
 * pg_connection_busy
 * pg_close
@@ -50,6 +54,7 @@ namespace CoreLibs\DB\SQL;
 // below no ignore is needed if we want to use PgSql interface checks with PHP 8.0
 // as main system. Currently all @var sets are written as object
 /** @#phan-file-suppress PhanUndeclaredTypeProperty,PhanUndeclaredTypeParameter,PhanUndeclaredTypeReturnType */
+/** @phan-file-suppress PhanTypeMismatchArgumentInternal, PhanTypeMismatchReturn */
 
 class PgSQL implements Interface\SqlFunctions
 {
@@ -93,8 +98,7 @@ class PgSQL implements Interface\SqlFunctions
 	}
 
 	/**
-	 * Proposed
+	 * wrapper for pg_query_params for queries in the style of
-	 * wrapperf or pg_query_params for queries in the style of
 	 * SELECT foo FROM bar WHERE foobar = $1
 	 *
 	 * @param  string       $query  Query string with placeholders $1, ..
@@ -132,6 +136,22 @@ class PgSQL implements Interface\SqlFunctions
 		return $result ? true : false;
 	}
 
+	/**
+	 * sends an async query to the server with params
+	 *
+	 * @param  string       $query  Query string with placeholders $1, ..
+	 * @param  array<mixed> $params Matching parameters for each placerhold
+	 * @return bool         true/false Query sent successful status
+	 */
+	public function __dbSendQueryParams(string $query, array $params): bool
+	{
+		if (is_bool($this->dbh)) {
+			return false;
+		}
+		$result = pg_send_query_params($this->dbh, $query, $params);
+		return $result ? true : false;
+	}
+
 	/**
 	 * wrapper for pg_get_result
 	 *
@@ -208,6 +228,38 @@ class PgSQL implements Interface\SqlFunctions
 		return $result;
 	}
 
+	/**
+	 * Asnyc send for a prepared statement
+	 *
+	 * @param  string $name
+	 * @param  string $query
+	 * @return bool
+	 */
+	public function __dbSendPrepare(string $name, string $query): bool
+	{
+		if (is_bool($this->dbh)) {
+			return false;
+		}
+		$result = pg_send_prepare($this->dbh, $name, $query);
+		return $result ? true : false;
+	}
+
+	/**
+	 * Asnyc ssend for a prepared statement execution
+	 *
+	 * @param  string $name
+	 * @param  array<mixed> $params
+	 * @return bool
+	 */
+	public function __dbSendExecute(string $name, array $params): bool
+	{
+		if (is_bool($this->dbh)) {
+			return false;
+		}
+		$result = pg_send_execute($this->dbh, $name, $params);
+		return $result ? true : false;
+	}
+
 	/**
 	 * wrapper for pg_num_rows
 	 *
@@ -251,6 +303,21 @@ class PgSQL implements Interface\SqlFunctions
 		return pg_field_name($cursor, $i);
 	}
 
+	/**
+	 * wrapper for pg_field_name
+	 *
+	 * @param  \PgSql\Result|false $cursor cursor
+	 * @param  int                 $i      field position
+	 * @return string|false                field type name or false
+	 */
+	public function __dbFieldType(\PgSql\Result|false $cursor, int $i): string|false
+	{
+		if (is_bool($cursor)) {
+			return false;
+		}
+		return pg_field_type($cursor, $i);
+	}
+
 	/**
 	 * wrapper for pg_fetch_array
 	 * if through/true false, use __dbResultType(true)

src/Template/SmartyExtend.php

@@ -453,8 +453,8 @@ class SmartyExtend extends \Smarty
 	 * this is for frontend type and will not set any only admin needed variables
 	 *
 	 * @param  array<string,string> $options list with the following value:
-	 *                              compile_dir          :BASE . TEMPLATES_C
+	 *                              compile_dir      :BASE . TEMPLATES_C
-	 *                              cache_dir            :BASE . CACHE
+	 *                              cache_dir        :BASE . CACHE
 	 *                              js               :JS
 	 *                              css              :CSS
 	 *                              font             :FONT
@@ -462,17 +462,19 @@ class SmartyExtend extends \Smarty
 	 *                              g_title          :G_TITLE
 	 *                              stylesheet       :STYLESHEET
 	 *                              javascript       :JAVASCRIPT
-	 * @param  \CoreLibs\Admin\Backend|null $cms Optinal Admin Backend for
+	 * @param  array<string,mixed>  $smarty_data     array of three keys
-	 *                                           smarty variables merge
+	 *                                               that hold smarty set strings
+	 *                                               HEADER, DATA, DEBUG_DATA
 	 * @return void
 	 */
 	public function setSmartyVarsFrontend(
 		array $options,
-		?\CoreLibs\Admin\Backend $cms
+		array $smarty_data
 	): void {
 		$this->setSmartyVars(
 			false,
-			$cms,
+			$smarty_data,
+			null,
 			$options['compile_dir'] ?? null,
 			$options['cache_dir'] ?? null,
 			$options['js'] ?? null,
@@ -484,6 +486,7 @@ class SmartyExtend extends \Smarty
 			null,
 			null,
 			null,
+			null,
 			$options['stylesheet'] ?? null,
 			$options['javascript'] ?? null
 		);
@@ -493,8 +496,8 @@ class SmartyExtend extends \Smarty
 	 * wrapper call for setSmartyVars
 	 * this is only for admin interface and will set additional variables
 	 * @param  array<string,string> $options list with the following value:
-	 *                              compile_dir          :BASE . TEMPLATES_C
+	 *                              compile_dir      :BASE . TEMPLATES_C
-	 *                              cache_dir            :BASE . CACHE
+	 *                              cache_dir        :BASE . CACHE
 	 *                              js               :JS
 	 *                              css              :CSS
 	 *                              font             :FONT
@@ -503,6 +506,7 @@ class SmartyExtend extends \Smarty
 	 *                              admin_stylesheet :ADMIN_STYLESHEET
 	 *                              admin_javascript :ADMIN_JAVASCRIPT
 	 *                              page_width       :PAGE_WIDTH
+	 *                              content_path     :CONTENT_PATH
 	 *                              user_name        :_SESSION['USER_NAME']
 	 * @param  \CoreLibs\Admin\Backend|null $cms Optinal Admin Backend for
 	 *                                           smarty variables merge
@@ -512,8 +516,18 @@ class SmartyExtend extends \Smarty
 		array $options,
 		?\CoreLibs\Admin\Backend $cms = null
 	): void {
+		// if we have cms data, check for array blocks and build
+		$smarty_data = [];
+		if ($cms !== null) {
+			$smarty_data = [
+				'HEADER' => $cms->HEADER,
+				'DATA' => $cms->DATA,
+				'DEBUG_DATA' => $cms->DEBUG_DATA
+			];
+		}
 		$this->setSmartyVars(
 			true,
+			$smarty_data,
 			$cms,
 			$options['compile_dir'] ?? null,
 			$options['cache_dir'] ?? null,
@@ -525,6 +539,7 @@ class SmartyExtend extends \Smarty
 			$options['admin_stylesheet'] ?? null,
 			$options['admin_javascript'] ?? null,
 			$options['page_width'] ?? null,
+			$options['content_path'] ?? null,
 			$options['user_name'] ?? null,
 			null,
 			null
@@ -537,6 +552,7 @@ class SmartyExtend extends \Smarty
 	 *
 	 * @param  bool        $admin_call           default false
 	 *                                           will set admin only variables
+	 * @param  array<string,mixed> $smarty_data  smarty data to merge
 	 * @param  \CoreLibs\Admin\Backend|null $cms Optinal Admin Backend for
 	 *                                           smarty variables merge
 	 * @param  string|null $compile_dir          BASE . TEMPLATES_C
@@ -549,6 +565,7 @@ class SmartyExtend extends \Smarty
 	 * @param  string|null $set_admin_stylesheet ADMIN_STYLESHEET
 	 * @param  string|null $set_admin_javascript ADMIN_JAVASCRIPT
 	 * @param  string|null $set_page_width       PAGE_WIDTH
+	 * @param  string|null $set_content_path     CONTENT_PATH  (only if $cms set and admin)
 	 * @param  string|null $set_user_name        _SESSION['USER_NAME']
 	 * @param  string|null $set_stylesheet       STYLESHEET
 	 * @param  string|null $set_javascript       JAVASCRIPT
@@ -556,6 +573,7 @@ class SmartyExtend extends \Smarty
 	 */
 	private function setSmartyVars(
 		bool $admin_call,
+		array $smarty_data = [],
 		?\CoreLibs\Admin\Backend $cms = null,
 		?string $compile_dir = null,
 		?string $cache_dir = null,
@@ -567,6 +585,7 @@ class SmartyExtend extends \Smarty
 		?string $set_admin_stylesheet = null,
 		?string $set_admin_javascript = null,
 		?string $set_page_width = null,
+		?string $set_content_path = null,
 		?string $set_user_name = null,
 		?string $set_stylesheet = null,
 		?string $set_javascript = null,
@@ -593,6 +612,9 @@ class SmartyExtend extends \Smarty
 					$set_stylesheet === null ||
 					$set_javascript === null
 				)
+			) ||
+			(
+				$admin_call === true && $cms !== null && $set_content_path === null
 			)
 		) {
 			/** @deprecated setSmartyVars call without parameters */
@@ -612,25 +634,12 @@ class SmartyExtend extends \Smarty
 		$set_admin_stylesheet = $set_admin_stylesheet ?? ADMIN_STYLESHEET;
 		$set_admin_javascript = $set_admin_javascript ?? ADMIN_JAVASCRIPT;
 		$set_page_width = $set_page_width ?? PAGE_WIDTH;
+		$set_content_path = $set_content_path ?? CONTENT_PATH;
 		$set_stylesheet = $set_stylesheet ?? STYLESHEET;
 		$set_javascript = $set_javascript ?? JAVASCRIPT;
 		$set_user_name = $set_user_name ?? $_SESSION['USER_NAME'] ?? '';
-		// depreacte call globals cms on null 4mcs
+		// merge additional smarty data
-		if (
+		$this->mergeCmsSmartyVars($smarty_data);
-			$cms === null &&
-			isset($GLOBALS['cms'])
-		) {
-			/** @deprecated setSmartyVars globals cms is deprecated */
-			trigger_error(
-				'Calling setSmartyVars without cms parameter when needed is deprecated',
-				E_USER_DEPRECATED
-			);
-		}
-		// this is ugly
-		$cms = $cms ?? $GLOBALS['cms'] ?? null;
-		if ($cms instanceof \CoreLibs\Admin\Backend) {
-			$this->mergeCmsSmartyVars($cms);
-		}
 
 		// trigger flags
 		$this->HEADER['USE_PROTOTYPE'] = $this->USE_PROTOTYPE;
@@ -672,12 +681,27 @@ class SmartyExtend extends \Smarty
 		$this->DATA['FORM_ACTION'] = $this->FORM_ACTION;
 		// special for admin
 		if ($admin_call === true) {
+			// depreacte call globals cms on null 4mcs
+			if (
+				$cms === null &&
+				isset($GLOBALS['cms'])
+			) {
+				/** @deprecated setSmartyVars globals cms is deprecated */
+				trigger_error(
+					'Calling setSmartyVars without cms parameter when needed is deprecated',
+					E_USER_DEPRECATED
+				);
+			}
+			// this is ugly
+			$cms = $cms ?? $GLOBALS['cms'] ?? null;
 			// set ACL extra show
 			if ($cms instanceof \CoreLibs\Admin\Backend) {
 				$this->DATA['show_ea_extra'] = $cms->acl['show_ea_extra'] ?? false;
 				$this->DATA['ADMIN'] = $cms->acl['admin'] ?? 0;
 				// top menu
-				$this->DATA['nav_menu'] = $cms->adbTopMenu();
+				$this->DATA['nav_menu'] = $cms->adbTopMenu(
+					$set_content_path
+				);
 				$this->DATA['nav_menu_count'] = count($this->DATA['nav_menu']);
 				// messages = ['msg' =>, 'class' => 'error/warning/...']
 				$this->DATA['messages'] = $cms->messages;
@@ -737,18 +761,18 @@ class SmartyExtend extends \Smarty
 	/**
 	 * merge outside object HEADER/DATA/DEBUG_DATA vars into the smarty class
 	 *
-	 * @param  \CoreLibs\Admin\Backend $cms object that has header/data/debug_data
+	 * @param  array<string,mixed> $smarty_data array that has header/data/debug_data
 	 * @return void
 	 */
-	public function mergeCmsSmartyVars(\CoreLibs\Admin\Backend $cms): void
+	public function mergeCmsSmartyVars(array $smarty_data): void
 	{
 		// array merge HEADER, DATA, DEBUG DATA
 		foreach (['HEADER', 'DATA', 'DEBUG_DATA'] as $ext_smarty) {
 			if (
-				isset($cms->{$ext_smarty}) &&
+				isset($smarty_data[$ext_smarty]) &&
-				is_array($cms->{$ext_smarty})
+				is_array($smarty_data[$ext_smarty])
 			) {
-				$this->{$ext_smarty} = array_merge($this->{$ext_smarty}, $cms->{$ext_smarty});
+				$this->{$ext_smarty} = array_merge($this->{$ext_smarty}, $smarty_data[$ext_smarty]);
 			}
 		}
 	}

test/phpunit/ACL/CoreLibsACLLoginTest.php

@@ -267,6 +267,8 @@ final class CoreLibsACLLoginTest extends TestCase
 					'GROUP_ACL_LEVEL' => -1,
 					'PAGES_ACL_LEVEL' => [],
 					'USER_ACL_LEVEL' => -1,
+					'USER_ADDITIONAL_ACL' => [],
+					'GROUP_ADDITIONAL_ACL' => [],
 					'UNIT_UID' => [
 						'AdminAccess' => 1,
 					],
@@ -280,6 +282,7 @@ final class CoreLibsACLLoginTest extends TestCase
 							'data' => [
 								'test' => 'value',
 							],
+							'additional_acl' => []
 						],
 					],
 					// 'UNIT_DEFAULT' => '',