From cf2001acfb750e2c332494591b57fdb5827b1f2c Mon Sep 17 00:00:00 2001
From: Jean-Christian Denis <contact@jcdenis.fr>
Date: Wed, 30 Nov 2022 21:54:56 +0100
Subject: [PATCH] fix permissions

---
 _admin.php            | 23 +++++++++++++++--------
 _define.php           | 12 +++++++-----
 inc/lib.zcfs.list.php |  2 +-
 index.php             |  4 +++-
 4 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/_admin.php b/_admin.php
index 7aa2e27..607304b 100644
--- a/_admin.php
+++ b/_admin.php
@@ -18,6 +18,10 @@ dcCore::app()->blog->settings->addNamespace('zoneclearFeedServer');
 
 require_once __DIR__ . '/_widgets.php';
 
+$perm = dcCore::app()->auth->check(dcCore::app()->auth->makePermissions([
+    dcAuth::PERMISSION_CONTENT_ADMIN,
+]), dcCore::app()->blog->id);
+
 if (dcCore::app()->blog->settings->zoneclearFeedServer->zoneclearFeedServer_active
     && '' != dcCore::app()->blog->settings->zoneclearFeedServer->zoneclearFeedServer_user
 ) {
@@ -29,10 +33,10 @@ if (dcCore::app()->blog->settings->zoneclearFeedServer->zoneclearFeedServer_acti
             '/' . preg_quote(dcCore::app()->adminurl->get('admin.plugin.zoneclearFeedServer')) . '(&.*)?$/',
             $_SERVER['REQUEST_URI']
         ),
-        dcCore::app()->auth->check(dcAuth::PERMISSION_CONTENT_ADMIN, dcCore::app()->blog->id)
+        $perm
     );
 
-    if (dcCore::app()->auth->check(dcAuth::PERMISSION_CONTENT_ADMIN, dcCore::app()->blog->id)) {
+    if ($perm) {
         # Dashboard icon
         dcCore::app()->addBehavior('adminDashboardFavoritesV2', ['zcfsAdminBehaviors', 'adminDashboardFavoritesV2']);
         # User pref
@@ -89,11 +93,14 @@ class zcfsAdminBehaviors
     public static function adminDashboardFavoritesV2(dcFavorites $favs)
     {
         $favs->register('zcfs', [
-            'title'        => __('Feeds server'),
-            'url'          => dcCore::app()->adminurl->get('admin.plugin.zoneclearFeedServer'),
-            'small-icon'   => dcPage::getPF('zoneclearFeedServer/icon.svg'),
-            'large-icon'   => dcPage::getPF('zoneclearFeedServer/icon.svg'),
-            'permissions'  => 'usage,contentadmin',
+            'title'       => __('Feeds server'),
+            'url'         => dcCore::app()->adminurl->get('admin.plugin.zoneclearFeedServer'),
+            'small-icon'  => dcPage::getPF('zoneclearFeedServer/icon.svg'),
+            'large-icon'  => dcPage::getPF('zoneclearFeedServer/icon.svg'),
+            'permissions' => dcCore::app()->auth->makePermissions([
+                dcAuth::PERMISSION_USAGE,
+                dcAuth::PERMISSION_CONTENT_ADMIN,
+            ]),
             'dashboard_cb' => ['zcfsAdminBehaviors', 'adminDashboardFavoritesCallback'],
         ]);
     }
@@ -224,7 +231,7 @@ class zcfsAdminBehaviors
         $sitename = $sitename->isEmpty() ? '' : $sitename->meta_id;
 
         $edit = '';
-        if (dcCore::app()->auth->check(dcAuth::PERMISSION_CONTENT_ADMIN, dcCore::app()->blog->id)) {
+        if (dcCore::app()->auth->check(dcCore::app()->auth->makePermissions([dcAuth::PERMISSION_CONTENT_ADMIN]), dcCore::app()->blog->id)) {
             $fid = dcCore::app()->meta->getMetadata([
                 'post_id'   => $post->post_id,
                 'meta_type' => 'zoneclearfeed_id',
diff --git a/_define.php b/_define.php
index c476c1d..6c399e3 100644
--- a/_define.php
+++ b/_define.php
@@ -21,10 +21,12 @@ $this->registerModule(
     '2022.11.26',
     [
         'requires'    => [['core', '2.24']],
-        'permissions' => dcAuth::PERMISSION_CONTENT_ADMIN,
-        'type'        => 'plugin',
-        'support'     => 'https://github.com/JcDenis/zoneclearFeedServer',
-        'details'     => 'https://plugins.dotaddict.org/dc2/details/pacKman',
-        'repository'  => 'https://raw.githubusercontent.com/JcDenis/zoneclearFeedServer/master/dcstore.xml',
+        'permissions' => dcCore::app()->auth->makePermissions([
+            dcAuth::PERMISSION_CONTENT_ADMIN,
+        ]),
+        'type'       => 'plugin',
+        'support'    => 'https://github.com/JcDenis/zoneclearFeedServer',
+        'details'    => 'https://plugins.dotaddict.org/dc2/details/pacKman',
+        'repository' => 'https://raw.githubusercontent.com/JcDenis/zoneclearFeedServer/master/dcstore.xml',
     ]
 );
diff --git a/inc/lib.zcfs.list.php b/inc/lib.zcfs.list.php
index d916805..e5f5e3e 100644
--- a/inc/lib.zcfs.list.php
+++ b/inc/lib.zcfs.list.php
@@ -211,7 +211,7 @@ class zcfsEntriesList extends adminGenericList
 
     private function postLine()
     {
-        $cat_link = dcCore::app()->auth->check(dcAuth::PERMISSION_CATEGORIES, dcCore::app()->blog->id) ?
+        $cat_link = dcCore::app()->auth->check(dcCore::app()->auth->makePermissions([dcAuth::PERMISSION_CATEGORIES]), dcCore::app()->blog->id) ?
             '<a href="category.php?id=%s" title="' . __('Edit category') . '">%s</a>'
             : '%2$s';
 
diff --git a/index.php b/index.php
index 6981136..3cd8014 100644
--- a/index.php
+++ b/index.php
@@ -19,7 +19,9 @@ if (dcCore::app()->getVersion('zoneclearFeedServer') != dcCore::app()->plugins->
     return null;
 }
 
-dcPage::check(dcAuth::PERMISSION_CONTENT_ADMIN);
+dcPage::check(dcCore::app()->auth->makePermissions([
+    dcAuth::PERMISSION_CONTENT_ADMIN,
+]));
 
 $zcfs = new zoneclearFeedServer();