1 files changed, 26 insertions, 25 deletions

diff --git a/modules-available/permissionmanager/inc/permissionutil.inc.php b/modules-available/permissionmanager/inc/permissionutil.inc.php
index 6aa97600..170fd699 100644
--- a/modules-available/permissionmanager/inc/permissionutil.inc.php
+++ b/modules-available/permissionmanager/inc/permissionutil.inc.php
@@ -14,7 +14,7 @@ class PermissionUtil
 	 * @param string|false $wildcard if $permission is a wildcard string this returns the matching variant
 	 * @param int|false $wclen if $permission is a wildcard string, this is the length of the matching variant
 	 */
-	private static function makeComparisonVariants($permission, &$compare, &$wildcard, &$wclen)
+	private static function makeComparisonVariants($permission, ?array &$compare, &$wildcard, &$wclen): void
 	{
 		if (!is_array($permission)) {
 			$permission = explode('.', $permission);
@@ -46,12 +46,12 @@ class PermissionUtil
 	/**
 	 * Check if the user has the given permission (for the given location).
 	 *
-	 * @param string $userid userid to check
+	 * @param int $userid userid to check
 	 * @param string $permissionid permissionid to check
 	 * @param int|null $locationid locationid to check or null if the location should be disregarded
 	 * @return bool true if user has permission, false if not
 	 */
-	public static function userHasPermission($userid, $permissionid, $locationid)
+	public static function userHasPermission(int $userid, string $permissionid, ?int $locationid): bool
 	{
 		$permissionid = strtolower($permissionid);
 		self::validatePermission($permissionid);
@@ -121,10 +121,12 @@ class PermissionUtil
 		// Compare to database result
 		if ($cacheAll) {
 			$allLocs = Location::getLocationsAssoc();
+		} else {
+			$allLocs = [];
 		}
 		self::makeComparisonVariants($parts, $compare, $wildcard, $wclen);
 		$retval = false;
-		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+		foreach ($res as $row) {
 			if (in_array($row['permissionid'], $compare, true)
 					|| ($wildcard !== false && strncmp($row['permissionid'], $wildcard, $wclen) === 0)) {
 				if (!$cacheAll || ($row['locationid'] == $locationid) || $row['locationid'] === null) {
@@ -132,15 +134,13 @@ class PermissionUtil
 					if (!$cacheAll)
 						break;
 				}
-				if ($cacheAll) {
-					$cache[$key][(int)$row['locationid']] = true;
-					$list = ($row['locationid'] === null) ? array_keys($allLocs) : $allLocs[(int)$row['locationid']]['children'];
-					foreach ($list as $lid) {
-						$cache[$key][$lid] = true;
-					}
-					if ($row['locationid'] === null)
-						break;
+				$cache[$key][(int)$row['locationid']] = true;
+				$list = ($row['locationid'] === null) ? array_keys($allLocs) : $allLocs[(int)$row['locationid']]['children'];
+				foreach ($list as $lid) {
+					$cache[$key][$lid] = true;
 				}
+				if ($row['locationid'] === null)
+					break;
 			}
 		}
 		if ($locationid === null) {
@@ -154,11 +154,11 @@ class PermissionUtil
 	/**
 	 * Get all locations where the user has the given permission.
 	 *
-	 * @param string $userid userid to check
+	 * @param int $userid userid to check
 	 * @param string $permissionid permissionid to check
 	 * @return array array of locationids where the user has the given permission
 	 */
-	public static function getAllowedLocations($userid, $permissionid)
+	public static function getAllowedLocations(int $userid, string $permissionid): array
 	{
 		$permissionid = strtolower($permissionid);
 		self::validatePermission($permissionid);
@@ -178,7 +178,7 @@ class PermissionUtil
 			// Gather locationid from relevant rows
 			self::makeComparisonVariants($parts, $compare, $wildcard, $wclen);
 			$allowedLocations = array();
-			while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+			foreach ($res as $row) {
 				if (in_array($row['permissionid'], $compare, true)
 					|| ($wildcard !== false && strncmp($row['permissionid'], $wildcard, $wclen) === 0)) {
 					$allowedLocations[(int)$row['locationid']] = true;
@@ -201,10 +201,10 @@ class PermissionUtil
 	 * Extend an array of locations by adding all sublocations.
 	 *
 	 * @param array $tree tree of all locations (structured like Location::getTree())
-	 * @param array $allowedLocations the array of locationids to extend
+	 * @param int[] $allowedLocations the array of locationids to extend
 	 * @return array extended array of locationids
 	 */
-	public static function getSublocations($tree, $allowedLocations)
+	public static function getSublocations(array $tree, array $allowedLocations): array
 	{
 		$result = $allowedLocations;
 		foreach ($tree as $location) {
@@ -226,7 +226,7 @@ class PermissionUtil
 	 *
 	 * @param string $permissionId permission to check
 	 */
-	private static function validatePermission($permissionId)
+	private static function validatePermission(string $permissionId): void
 	{
 		if (!CONFIG_DEBUG || $permissionId === '*')
 			return;
@@ -255,7 +255,7 @@ class PermissionUtil
 	 *
 	 * @return array permission tree as a multidimensional array
 	 */
-	public static function getPermissions()
+	public static function getPermissions(): array
 	{
 		$permissions = array();
 		foreach (glob("modules/*/permissions/permissions.json", GLOB_NOSORT) as $file) {
@@ -268,7 +268,8 @@ class PermissionUtil
 				continue;
 			foreach ($data as $perm => $permissionFlags) {
 				$description = Dictionary::translateFileModule($moduleId, "permissions", $perm);
-				self::putInPermissionTree($moduleId . "." . $perm, $permissionFlags['location-aware'], $description, $permissions);
+				self::putInPermissionTree($moduleId . "." . $perm, $permissionFlags['location-aware'] ?? false,
+					$description, $permissions);
 			}
 		}
 		ksort($permissions);
@@ -277,6 +278,7 @@ class PermissionUtil
 		foreach ($permissions as $module => $v) {
 			$sortingOrder[Module::get($module)->getCategory()][] = $module;
 		}
+		$sortingOrder = array_values($sortingOrder);
 		$permissions = array_replace(array_flip(call_user_func_array('array_merge', $sortingOrder)), $permissions);
 		foreach ($permissions as $module => $v) {
 			if (is_int($v)) {
@@ -291,18 +293,17 @@ class PermissionUtil
 	/**
 	 * Get all existing roles.
 	 *
-	 * @param int|false $userid Which user to consider, false = none
-	 * @param bool $onlyMatching true = filter roles the user doesn't have
+	 * @param ?int $userid Which user to consider, false = none (list all)
 	 * @return array list of roles
 	 */
-	public static function getRoles($userid = false, $onlyMatching = true)
+	public static function getRoles(?int $userid = null): array
 	{
 		if ($userid === false) {
 			return Database::queryAll('SELECT roleid, rolename FROM role ORDER BY rolename ASC');
 		}
 		$ret = Database::queryAll('SELECT r.roleid, r.rolename, u.userid AS hasRole FROM role r
 				LEFT JOIN role_x_user u ON (r.roleid = u.roleid AND u.userid = :userid)
-				GROUP BY r.roleid
+				GROUP BY r.roleid, r.rolename
 				ORDER BY rolename ASC', ['userid' => $userid]);
 		foreach ($ret as &$role) {
 			settype($role['hasRole'], 'bool');
@@ -318,7 +319,7 @@ class PermissionUtil
 	 * @param string $description the description of the permission
 	 * @param array $tree the permission tree to modify
 	 */
-	private static function putInPermissionTree($permission, $locationAware, $description, &$tree)
+	private static function putInPermissionTree(string $permission, bool $locationAware, string $description, array &$tree): void
 	{
 		$subPermissions = explode('.', $permission);
 		foreach ($subPermissions as $subPermission) {