From 20c2c665d49ece1ac889b6f4381c767aad8a7391 Mon Sep 17 00:00:00 2001
From: Clemens Schwaighofer <clemens.schwaighofer@egplusww.com>
Date: Thu, 15 May 2025 18:58:36 +0900
Subject: [PATCH] Set the AJAX PAGE global setting via an option intead of
 using the global variable

Also update the ACL list read updates. We shift this to on demand reads and not before it is needed. This avoids DB access if there is no need for this data
---
 www/lib/CoreLibs/ACL/Login.php | 66 +++++++++++++++++++++++++++++-----
 1 file changed, 57 insertions(+), 9 deletions(-)

diff --git a/www/lib/CoreLibs/ACL/Login.php b/www/lib/CoreLibs/ACL/Login.php
index e9d3dc97..e5414049 100644
--- a/www/lib/CoreLibs/ACL/Login.php
+++ b/www/lib/CoreLibs/ACL/Login.php
@@ -197,8 +197,10 @@ class Login
 	// login html, if we are on an ajax page
 	/** @var string|null */
 	private ?string $login_html = '';
-	/** @var bool */
+	/** @var bool flag set on run */
 	private bool $login_is_ajax_page = false;
+	/** @var bool flag set on load */
+	private bool $login_is_ajax_page_option = false;
 
 	// logging
 	/** @var array<string> list of allowed types for edit log write */
@@ -268,8 +270,6 @@ class Login
 		}
 		// init error array
 		$this->loginInitErrorMessages();
-		// acess right list
-		$this->loginLoadAccessRightList();
 		// log allowed write flags
 		$this->loginSetEditLogWriteTypeAvailable();
 
@@ -342,6 +342,7 @@ class Login
 	 * locale_path <string>: absolue path to the locale folder
 	 * site_locale <string>: what locale to load
 	 * site_domain <string>: what domain (locale file name) to use
+	 * ajax_page <bool>: if we are loading from an AJAX page (eg backend)
 	 *
 	 * @param  array<string,mixed> $options Options array from class load
 	 * @return bool                         True on ok, False on failure
@@ -361,6 +362,15 @@ class Login
 			$options['debug'] = false;
 		}
 
+		// AUTO LOGIN
+		if (
+			!isset($options['ajax_page']) ||
+			!is_bool($options['ajax_page'])
+		) {
+			$options['ajax_page'] = false;
+		}
+		$this->login_is_ajax_page_option = $options['ajax_page'];
+
 		// AUTO LOGIN
 		if (
 			!isset($options['auto_login']) ||
@@ -691,6 +701,34 @@ class Login
 		]);
 	}
 
+	/**
+	 * get the default ACL list type
+	 * if not set loads it from DB
+	 *
+	 * @return array<string,int>
+	 */
+	private function loginGetAccessRightListType(): array
+	{
+		if (empty($this->default_acl_list_type)) {
+			$this->loginLoadAccessRightList();
+		}
+		return $this->default_acl_list_type;
+	}
+
+	/**
+	 * get the default ACL list
+	 * if not set loads from DB
+	 *
+	 * @return array<string|int, mixed>
+	 */
+	private function loginGetAccessRightList(): array
+	{
+		if (empty($this->default_acl_list)) {
+			$this->loginLoadAccessRightList();
+		}
+		return $this->default_acl_list;
+	}
+
 	/**
 	 * Improves the application's security over HTTP(S) by setting specific headers
 	 *
@@ -1540,6 +1578,10 @@ class Login
 		$this->acl['unit'] = [];
 		$this->acl['unit_legacy'] = [];
 		$this->acl['unit_detail'] = [];
+		// integrate the type acl list, but only for the keyword -> level
+		$this->acl['min'] = $this->loginGetAccessRightListType();
+		// set the full acl list too (lookup level number and get level data)
+		$this->acl['acl_list'] = $this->loginGetAccessRightList();
 
 		// PER ACCOUNT (UNIT/edit access)->
 		foreach ($_SESSION['LOGIN_UNIT'] as $ea_cuid => $unit) {
@@ -1561,7 +1603,7 @@ class Login
 				'name' => $unit['name'],
 				'uid' => $unit['uid'],
 				'cuuid' => $unit['cuuid'],
-				'level' => $this->default_acl_list[$this->acl['unit'][$ea_cuid]]['name'] ?? -1,
+				'level' => $this->acl['acl_list'][$this->acl['unit'][$ea_cuid]]['name'] ?? -1,
 				'level_number' => $this->acl['unit'][$ea_cuid],
 				'default' => $unit['default'],
 				'data' => $unit['data'],
@@ -1582,10 +1624,6 @@ class Login
 		}
 		// set the default edit access
 		$this->acl['default_edit_access'] = $_SESSION['LOGIN_UNIT_DEFAULT_EACUID'];
-		// integrate the type acl list, but only for the keyword -> level
-		$this->acl['min'] = $this->default_acl_list_type;
-		// set the full acl list too (lookup level number and get level data)
-		$this->acl['acl_list'] = $this->default_acl_list;
 		// debug
 		// $this->debug('ACL', $this->print_ar($this->acl));
 	}
@@ -2519,7 +2557,12 @@ HTML;
 		// or need to pass it back
 		// to the continue AJAX class for output back to the user
 		$this->login_is_ajax_page = false;
-		if ($ajax_page === true || !empty($GLOBALS['AJAX_PAGE'])) {
+		if (
+			$ajax_page === true ||
+			$this->login_is_ajax_page_option == true ||
+			// this is deprecated
+			!empty($GLOBALS['AJAX_PAGE'])
+		) {
 			$this->login_is_ajax_page = true;
 		}
 
@@ -3147,6 +3190,8 @@ HTML;
 	 */
 	public function loginGetAclList(?int $level = null): array
 	{
+		// make sure it is loaded
+		$this->loginGetAccessRightList();
 		// if no level given, return full list
 		if (empty($level)) {
 			return $this->default_acl_list;
@@ -3169,6 +3214,9 @@ HTML;
 	 */
 	public function loginGetAclListFromType(string $type): int|bool
 	{
+		// make sure it is loaded
+		$this->loginGetAccessRightListType();
+		// if not et return false
 		if (!isset($this->default_acl_list_type[$type])) {
 			return false;
 		}