Aufrufe von rex::getUser() optimiert (#5501)

redaxo · Jan 9, 2023 · c2432c2 · c2432c2
1 parent 084b79c
commit c2432c2
Show file tree

Hide file tree

Showing 62 changed files with 141 additions and 386 deletions.
diff --git a/.tools/psalm/baseline.xml b/.tools/psalm/baseline.xml
diff --git a/redaxo/src/addons/debug/boot.php b/redaxo/src/addons/debug/boot.php
@@ -4,7 +4,7 @@
     return;
 }
 
-if (rex::isBackend() && 'debug' === rex_request::get('page') && rex::getUser() && rex::getUser()->isAdmin()) {
+if (rex::isBackend() && 'debug' === rex_request::get('page') && rex::getUser()?->isAdmin()) {
     $index = file_get_contents(rex_addon::get('debug')->getAssetsPath('clockwork/index.html'));
 
     $editor = rex_editor::factory();

diff --git a/redaxo/src/addons/debug/lib/api_debug.php b/redaxo/src/addons/debug/lib/api_debug.php
@@ -9,7 +9,7 @@ class rex_api_debug extends rex_api_function
 {
     public function execute()
     {
-        if (!rex::isDebugMode() || !(rex::getUser() && rex::getUser()->isAdmin())) {
+        if (!rex::isDebugMode() || !rex::getUser()?->isAdmin()) {
             return new rex_api_result(false);
         }
 

diff --git a/redaxo/src/addons/install/lib/api/api_core_update.php b/redaxo/src/addons/install/lib/api/api_core_update.php
@@ -17,7 +17,7 @@ public static function getVersions()
 
     public function execute()
     {
-        if (!rex::getUser()->isAdmin()) {
+        if (!rex::getUser()?->isAdmin()) {
             throw new rex_api_exception('You do not have the permission!');
         }
         $installAddon = rex_addon::get('install');

diff --git a/redaxo/src/addons/install/lib/api/api_package_add.php b/redaxo/src/addons/install/lib/api/api_package_add.php
@@ -9,7 +9,7 @@ class rex_api_install_package_add extends rex_api_function
 {
     public function execute()
     {
-        if (!rex::getUser()->isAdmin()) {
+        if (!rex::getUser()?->isAdmin()) {
             throw new rex_api_exception('You do not have the permission!');
         }
         $addonkey = rex_request('addonkey', 'string');

diff --git a/redaxo/src/addons/install/lib/api/api_package_delete.php b/redaxo/src/addons/install/lib/api/api_package_delete.php
@@ -9,7 +9,7 @@ class rex_api_install_package_delete extends rex_api_function
 {
     public function execute()
     {
-        if (!rex::getUser()->isAdmin()) {
+        if (!rex::getUser()?->isAdmin()) {
             throw new rex_api_exception('You do not have the permission!');
         }
         $addonkey = rex_request('addonkey', 'string');

diff --git a/redaxo/src/addons/install/lib/api/api_package_update.php b/redaxo/src/addons/install/lib/api/api_package_update.php
@@ -9,7 +9,7 @@ class rex_api_install_package_update extends rex_api_function
 {
     public function execute()
     {
-        if (!rex::getUser()->isAdmin()) {
+        if (!rex::getUser()?->isAdmin()) {
             throw new rex_api_exception('You do not have the permission!');
         }
         $addonkey = rex_request('addonkey', 'string');

diff --git a/redaxo/src/addons/install/lib/api/api_package_upload.php b/redaxo/src/addons/install/lib/api/api_package_upload.php
@@ -9,7 +9,7 @@ class rex_api_install_package_upload extends rex_api_function
 {
     public function execute()
     {
-        if (!rex::getUser()->isAdmin()) {
+        if (!rex::getUser()?->isAdmin()) {
             throw new rex_api_exception('You do not have the permission!');
         }
         $addonkey = rex_request('addonkey', 'string');

diff --git a/redaxo/src/addons/media_manager/package.yml b/redaxo/src/addons/media_manager/package.yml
@@ -18,7 +18,7 @@ requires:
     php:
         version: '>=8.1'
         extensions: [gd]
-    redaxo: ^5.10.0
+    redaxo: ^5.13.0
 
 default_config:
     jpg_quality: 80

diff --git a/redaxo/src/addons/media_manager/pages/types.php b/redaxo/src/addons/media_manager/pages/types.php
@@ -53,7 +53,8 @@
     try {
         $sql->setQuery('INSERT INTO '.rex::getTablePrefix() . 'media_manager_type (status, name, description) SELECT 0, CONCAT(name, \' '.rex_i18n::msg('media_manager_type_name_copy').'\'), description FROM '.rex::getTablePrefix() . 'media_manager_type WHERE id = ?', [$typeId]);
         $newTypeId = $sql->getLastId();
-        $sql->setQuery('INSERT INTO '.rex::getTablePrefix() . 'media_manager_type_effect (type_id, effect, parameters, priority, updatedate, updateuser, createdate, createuser) SELECT ?, effect, parameters, priority, ?, ?, ?, ? FROM '.rex::getTablePrefix() . 'media_manager_type_effect WHERE type_id = ?', [$newTypeId, date(rex_sql::FORMAT_DATETIME), rex::getUser()->getLogin(), date(rex_sql::FORMAT_DATETIME), rex::getUser()->getLogin(), $typeId]);
+        $login = rex::requireUser()->getLogin();
+        $sql->setQuery('INSERT INTO '.rex::getTablePrefix() . 'media_manager_type_effect (type_id, effect, parameters, priority, updatedate, updateuser, createdate, createuser) SELECT ?, effect, parameters, priority, ?, ?, ?, ? FROM '.rex::getTablePrefix() . 'media_manager_type_effect WHERE type_id = ?', [$newTypeId, date(rex_sql::FORMAT_DATETIME), $login, date(rex_sql::FORMAT_DATETIME), $login, $typeId]);
 
         $success = rex_i18n::msg('media_manager_type_copied');
     } catch (rex_sql_exception $e) {

diff --git a/redaxo/src/addons/mediapool/functions/function_rex_mediapool.php b/redaxo/src/addons/mediapool/functions/function_rex_mediapool.php
@@ -189,7 +189,7 @@ function rex_mediapool_Mediaform($formTitle, $buttonTitle, $rexFileCategory, $fi
     $catsSel->setAttribute('onchange', 'this.form.submit()');
     $catsSel->setSelected($rexFileCategory);
 
-    if (rex::getUser()->getComplexPerm('media')->hasAll()) {
+    if (rex::requireUser()->getComplexPerm('media')->hasAll()) {
         $catsSel->addOption(rex_i18n::msg('pool_kats_no'), '0');
     }
 

diff --git a/redaxo/src/addons/mediapool/lib/media_category_select.php b/redaxo/src/addons/mediapool/lib/media_category_select.php
@@ -65,7 +65,7 @@ protected function addCatOptions()
      */
     protected function addCatOption(rex_media_category $mediacat, int $parentId = 0)
     {
-        if (!$this->checkPerms || rex::getUser()->getComplexPerm('media')->hasCategoryPerm($mediacat->getId())
+        if (!$this->checkPerms || rex::requireUser()->getComplexPerm('media')->hasCategoryPerm($mediacat->getId())
         ) {
             $mid = $mediacat->getId();
             $mname = $mediacat->getName();

diff --git a/redaxo/src/addons/mediapool/lib/var_media.php b/redaxo/src/addons/mediapool/lib/var_media.php
@@ -79,7 +79,7 @@ public static function getWidget($id, $name, $value, array $args = [])
         $addFunc = '';
         $deleteFunc = '';
         $viewFunc = '';
-        if (rex::getUser()->getComplexPerm('media')->hasMediaPerm()) {
+        if (rex::requireUser()->getComplexPerm('media')->hasMediaPerm()) {
             $disabled = '';
             $quotedId = "'".rex_escape($id, 'js')."'";
             $openFunc = 'openREXMedia(' . $quotedId . ', \'' . $openParams . '\');';

diff --git a/redaxo/src/addons/mediapool/lib/var_medialist.php b/redaxo/src/addons/mediapool/lib/var_medialist.php
@@ -78,7 +78,7 @@ public static function getWidget($id, $name, $value, array $args = [])
         $deleteFunc = '';
         $viewFunc = '';
         $quotedId = "'".rex_escape($id, 'js')."'";
-        if (rex::getUser()->getComplexPerm('media')->hasMediaPerm()) {
+        if (rex::requireUser()->getComplexPerm('media')->hasMediaPerm()) {
             $disabled = '';
             $openFunc = 'openREXMedialist(' . $quotedId . ', \'' . $openParams . '\');';
             $addFunc = 'addREXMedialist(' . $quotedId . ', \'' . $openParams . '\');';

diff --git a/redaxo/src/addons/mediapool/pages/index.php b/redaxo/src/addons/mediapool/pages/index.php
@@ -68,7 +68,7 @@
 rex_set_session('media[rex_file_category]', $rexFileCategory);
 
 // -------------- PERMS
-$PERMALL = rex::getUser()->getComplexPerm('media')->hasCategoryPerm(0);
+$PERMALL = rex::requireUser()->getComplexPerm('media')->hasCategoryPerm(0);
 
 // -------------- Header
 $subline = rex_be_controller::getPageObject('mediapool')->getSubpages();

diff --git a/redaxo/src/addons/mediapool/pages/media.detail.php b/redaxo/src/addons/mediapool/pages/media.detail.php
@@ -20,6 +20,8 @@
     $fileId = 0;
 }
 
+$perm = rex::requireUser()->getComplexPerm('media');
+
 if (rex_post('btn_delete', 'string')) {
     if (!$csrf->isValid()) {
         $error = rex_i18n::msg('csrf_token_invalid');
@@ -32,7 +34,7 @@
 
         if ($media) {
             $filename = $media->getFileName();
-            if (rex::getUser()->getComplexPerm('media')->hasCategoryPerm($media->getCategoryId())) {
+            if ($perm->hasCategoryPerm($media->getCategoryId())) {
                 try {
                     rex_media_service::deleteMedia($filename);
                     $success = rex_i18n::msg('pool_file_deleted');
@@ -61,7 +63,7 @@
         if (1 != $gf->getRows()) {
             $error = rex_i18n::msg('pool_file_not_found');
             $fileId = 0;
-        } elseif (!rex::getUser()->getComplexPerm('media')->hasCategoryPerm($gf->getValue('category_id')) || !rex::getUser()->getComplexPerm('media')->hasCategoryPerm($rexFileCategory)) {
+        } elseif (!$perm->hasCategoryPerm($gf->getValue('category_id')) || !$perm->hasCategoryPerm($rexFileCategory)) {
             $error = rex_i18n::msg('no_permission');
         } else {
             $filename = (string) $gf->getValue('filename');
@@ -104,7 +106,7 @@
 }
 
 $TPERM = false;
-if (rex::getUser()->getComplexPerm('media')->hasCategoryPerm($gf->getValue('category_id'))) {
+if ($perm->hasCategoryPerm($gf->getValue('category_id'))) {
     $TPERM = true;
 }
 
@@ -203,7 +205,7 @@
     $catsSel->setAttribute('data-live-search', 'true');
     $catsSel->setSelected($rexFileCategory);
 
-    if (rex::getUser()->getComplexPerm('media')->hasAll()) {
+    if ($perm->hasAll()) {
         $catsSel->addOption(rex_i18n::msg('pool_kats_no'), '0');
     }
 

diff --git a/redaxo/src/addons/mediapool/pages/media.list.php b/redaxo/src/addons/mediapool/pages/media.list.php
@@ -23,7 +23,8 @@
 
 $mediaMethod = rex_request('media_method', 'string');
 
-$hasCategoryPerm = rex::getUser()->getComplexPerm('media')->hasCategoryPerm($rexFileCategory);
+$perm = rex::requireUser()->getComplexPerm('media');
+$hasCategoryPerm = $perm->hasCategoryPerm($rexFileCategory);
 
 if ($hasCategoryPerm && 'updatecat_selectedmedia' == $mediaMethod) {
     if (!$csrf->isValid()) {
@@ -70,7 +71,7 @@
             foreach ($selectedmedia as $filename) {
                 $media = rex_media::get($filename);
                 if ($media) {
-                    if (rex::getUser()->getComplexPerm('media')->hasCategoryPerm($media->getCategoryId())) {
+                    if ($perm->hasCategoryPerm($media->getCategoryId())) {
                         try {
                             rex_media_service::deleteMedia($filename);
                             ++$countDeleted;
@@ -102,7 +103,7 @@
 $catsSel->setAttribute('data-live-search', 'true');
 $catsSel->setSelected($rexFileCategory);
 
-if (rex::getUser()->getComplexPerm('media')->hasAll()) {
+if ($perm->hasAll()) {
     $catsSel->addOption(rex_i18n::msg('pool_kats_no'), '0');
 }
 

diff --git a/redaxo/src/addons/mediapool/pages/media.php b/redaxo/src/addons/mediapool/pages/media.php
@@ -20,7 +20,7 @@
 $selMedia->setAttribute('class', 'selectpicker');
 $selMedia->setAttribute('data-live-search', 'true');
 
-if (rex::getUser()->getComplexPerm('media')->hasAll()) {
+if (rex::requireUser()->getComplexPerm('media')->hasAll()) {
     $selMedia->addOption(rex_i18n::msg('pool_kats_no'), '0');
 }
 

diff --git a/redaxo/src/addons/mediapool/pages/upload.php b/redaxo/src/addons/mediapool/pages/upload.php
@@ -7,7 +7,7 @@
     $rexFileCategory = 0;
 }
 
-if (!$PERMALL && !rex::getUser()->getComplexPerm('media')->hasCategoryPerm($rexFileCategory)) {
+if (!$PERMALL && !rex::requireUser()->getComplexPerm('media')->hasCategoryPerm($rexFileCategory)) {
     $rexFileCategory = 0;
 }
 

diff --git a/redaxo/src/addons/metainfo/lib/handler/api_default_fields.php b/redaxo/src/addons/metainfo/lib/handler/api_default_fields.php
@@ -9,7 +9,7 @@ class rex_api_metainfo_default_fields_create extends rex_api_function
 {
     public function execute()
     {
-        if (!rex::getUser()->isAdmin()) {
+        if (!rex::getUser()?->isAdmin()) {
             throw new rex_api_exception('user has no permission for this operation!');
         }
 

diff --git a/redaxo/src/addons/metainfo/lib/handler/handler.php b/redaxo/src/addons/metainfo/lib/handler/handler.php
@@ -43,7 +43,7 @@ public function renderMetaFields(rex_sql $sqlFields, array $epParams)
 
             $attrArray = rex_string::split($attr);
             if (isset($attrArray['perm'])) {
-                if (!rex::getUser()->hasPerm($attrArray['perm'])) {
+                if (!rex::requireUser()->hasPerm($attrArray['perm'])) {
                     continue;
                 }
                 unset($attrArray['perm']);
@@ -553,7 +553,7 @@ public static function fetchRequestValues(&$params, &$sqlSave, $sqlFields)
             // dont save restricted fields
             $attrArray = rex_string::split($fieldAttributes);
             if (isset($attrArray['perm'])) {
-                if (!rex::getUser()->hasPerm($attrArray['perm'])) {
+                if (!rex::requireUser()->hasPerm($attrArray['perm'])) {
                     continue;
                 }
                 unset($attrArray['perm']);

diff --git a/redaxo/src/addons/metainfo/lib/handler/media_handler.php b/redaxo/src/addons/metainfo/lib/handler/media_handler.php
@@ -99,7 +99,7 @@ public static function isMediaInUse(rex_extension_point $ep)
             $items = $sql->getArray('SELECT id, name FROM ' . rex::getTablePrefix() . 'clang WHERE ' . implode(' OR ', $where['clangs']));
             foreach ($items as $clangArr) {
                 $name = (string) $clangArr['name'];
-                if (rex::getUser() && rex::getUser()->isAdmin()) {
+                if (rex::getUser()?->isAdmin()) {
                     $clangs .= '<li><a href="javascript:openPage(\'' . rex_url::backendPage('system/lang', ['clang_id' => $clangArr['id'], 'func' => 'editclang']) . '\')">' . $name . '</a></li>';
                 } else {
                     $clangs .= '<li>' . $name . '</li>';

diff --git a/redaxo/src/addons/structure/functions/function_rex_category.php b/redaxo/src/addons/structure/functions/function_rex_category.php
@@ -27,7 +27,7 @@
     }
     foreach ($tree as $parent) {
         $id = $parent->getId();
-        if (rex::getUser()->getComplexPerm('structure')->hasCategoryPerm($id)) {
+        if (rex::requireUser()->getComplexPerm('structure')->hasCategoryPerm($id)) {
             $n = [];
             $n['title'] = str_replace(' ', '&nbsp;', rex_escape($parent->getName()));
             if ($parent->isStartarticle()) {

diff --git a/redaxo/src/addons/structure/lib/api_functions/api_article2category.php b/redaxo/src/addons/structure/lib/api_functions/api_article2category.php
@@ -10,7 +10,7 @@ public function execute()
     {
         $articleId = rex_request('article_id', 'int');
         $categoryId = rex_article::get($articleId)->getCategoryId();
-        $user = rex::getUser();
+        $user = rex::requireUser();
 
         // Check permissions
         if ($user->hasPerm('article2category[]') && $user->getComplexPerm('structure')->hasCategoryPerm($categoryId)) {

diff --git a/redaxo/src/addons/structure/lib/api_functions/api_article2startarticle.php b/redaxo/src/addons/structure/lib/api_functions/api_article2startarticle.php
@@ -10,7 +10,7 @@ public function execute()
     {
         $articleId = rex_request('article_id', 'int');
         $categoryId = rex_article::get($articleId)->getCategoryId();
-        $user = rex::getUser();
+        $user = rex::requireUser();
 
         // Check permissions
         if ($user->hasPerm('article2startarticle[]') && $user->getComplexPerm('structure')->hasCategoryPerm($categoryId)) {

diff --git a/redaxo/src/addons/structure/lib/api_functions/api_article_add.php b/redaxo/src/addons/structure/lib/api_functions/api_article_add.php
@@ -8,14 +8,14 @@ class rex_api_article_add extends rex_api_function
 {
     public function execute()
     {
-        if (!rex::getUser()->hasPerm('addArticle[]')) {
+        if (!rex::requireUser()->hasPerm('addArticle[]')) {
             throw new rex_api_exception('User has no permission to add articles!');
         }
 
         $categoryId = rex_request('category_id', 'int');
 
         // check permissions
-        if (!rex::getUser()->getComplexPerm('structure')->hasCategoryPerm($categoryId)) {
+        if (!rex::requireUser()->getComplexPerm('structure')->hasCategoryPerm($categoryId)) {
             throw new rex_api_exception('user has no permission for this category!');
         }
 

diff --git a/redaxo/src/addons/structure/lib/api_functions/api_article_copy.php b/redaxo/src/addons/structure/lib/api_functions/api_article_copy.php
@@ -12,7 +12,7 @@ public function execute()
         $clang = rex_request('clang', 'int', 1);
         // The destination category in which the given article will be copied
         $categoryCopyIdNew = rex_request('category_copy_id_new', 'int');
-        $user = rex::getUser();
+        $user = rex::requireUser();
 
         $context = new rex_context([
             'page' => rex_be_controller::getCurrentPage(),

diff --git a/redaxo/src/addons/structure/lib/api_functions/api_article_delete.php b/redaxo/src/addons/structure/lib/api_functions/api_article_delete.php
@@ -8,15 +8,15 @@ class rex_api_article_delete extends rex_api_function
 {
     public function execute()
     {
-        if (!rex::getUser()->hasPerm('deleteArticle[]')) {
+        if (!rex::requireUser()->hasPerm('deleteArticle[]')) {
             throw new rex_api_exception('User has no permission to delete articles!');
         }
 
         $categoryId = rex_request('category_id', 'int');
         $articleId = rex_request('article_id', 'int');
 
         // Check permissions
-        if (!rex::getUser()->getComplexPerm('structure')->hasCategoryPerm($categoryId)) {
+        if (!rex::requireUser()->getComplexPerm('structure')->hasCategoryPerm($categoryId)) {
             throw new rex_api_exception('user has no permission for this category!');
         }
         return new rex_api_result(true, rex_article_service::deleteArticle($articleId));

diff --git a/redaxo/src/addons/structure/lib/api_functions/api_article_edit.php b/redaxo/src/addons/structure/lib/api_functions/api_article_edit.php
@@ -8,7 +8,7 @@ class rex_api_article_edit extends rex_api_function
 {
     public function execute()
     {
-        if (!rex::getUser()->hasPerm('editArticle[]')) {
+        if (!rex::requireUser()->hasPerm('editArticle[]')) {
             throw new rex_api_exception('User has no permission to edit articles!');
         }
 
@@ -17,7 +17,7 @@ public function execute()
         $clang = rex_request('clang', 'int');
 
         // check permissions
-        if (!rex::getUser()->getComplexPerm('structure')->hasCategoryPerm($categoryId)) {
+        if (!rex::requireUser()->getComplexPerm('structure')->hasCategoryPerm($categoryId)) {
             throw new rex_api_exception('user has no permission for this category!');
         }
 

diff --git a/redaxo/src/addons/structure/lib/api_functions/api_article_move.php b/redaxo/src/addons/structure/lib/api_functions/api_article_move.php
@@ -17,7 +17,7 @@ public function execute()
         // The destination category in which the given category will be moved
         $categoryIdNew = rex_request('category_id_new', 'int');
 
-        $user = rex::getUser();
+        $user = rex::requireUser();
 
         // Check permissions
         if ($user->hasPerm('moveArticle[]') &&

diff --git a/redaxo/src/addons/structure/lib/api_functions/api_article_status.php b/redaxo/src/addons/structure/lib/api_functions/api_article_status.php
@@ -12,7 +12,7 @@ public function execute()
         $articleId = rex_request('article_id', 'int');
         $clang = rex_request('clang', 'int');
         $status = rex_request('art_status', 'int', null);
-        $user = rex::getUser();
+        $user = rex::requireUser();
 
         // check permissions
         if ($user->getComplexPerm('structure')->hasCategoryPerm($categoryId) && $user->hasPerm('publishArticle[]')) {

diff --git a/redaxo/src/addons/structure/lib/api_functions/api_category2article.php b/redaxo/src/addons/structure/lib/api_functions/api_category2article.php
@@ -10,7 +10,7 @@ public function execute()
     {
         $articleId = rex_request('article_id', 'int');
         $categoryId = rex_article::get($articleId)->getCategoryId();
-        $user = rex::getUser();
+        $user = rex::requireUser();
 
         // Check permissions: article2category and category2article share the same permission: article2category
         if ($user->hasPerm('article2category[]') && $user->getComplexPerm('structure')->hasCategoryPerm($categoryId)) {

diff --git a/redaxo/src/addons/structure/lib/api_functions/api_category_add.php b/redaxo/src/addons/structure/lib/api_functions/api_category_add.php
@@ -8,14 +8,14 @@ class rex_api_category_add extends rex_api_function
 {
     public function execute()
     {
-        if (!rex::getUser()->hasPerm('addCategory[]')) {
+        if (!rex::requireUser()->hasPerm('addCategory[]')) {
             throw new rex_api_exception('User has no permission to add categories!');
         }
 
         $parentId = rex_request('parent-category-id', 'int');
 
         // check permissions
-        if (!rex::getUser()->getComplexPerm('structure')->hasCategoryPerm($parentId)) {
+        if (!rex::requireUser()->getComplexPerm('structure')->hasCategoryPerm($parentId)) {
             throw new rex_api_exception('user has no permission for this category!');
         }