move to enum

simonLeary42 · simonLeary42 · commit 1a376690a37e · 2025-12-18T14:05:02.000-05:00
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -22,7 +22,7 @@
   This will enable strict mode and throw an exception rather than returning `false`.
 - `UnityHTTPD`'s user-facing error functionality (ex: `badRequest`) should only be called from `webroot/**/*.php`.
   `resources/**/*.php` should throw exceptions instead.
-- all pages under `webroot/admin/` must check for `$USER->getFlag("admin")` and call `UnityHTTPD::forbidden()` if not admin.
+- all pages under `webroot/admin/` must check for `$USER->getFlag(UserFlag::ADMIN)` and call `UnityHTTPD::forbidden()` if not admin.
 
 This repository will automatically check PRs for linting compliance.
 
diff --git a/resources/init.php b/resources/init.php
@@ -12,6 +12,7 @@
 use UnityWebPortal\lib\UnityWebhook;
 use UnityWebPortal\lib\UnityGithub;
 use UnityWebPortal\lib\UnityHTTPD;
+use UnityWebPortal\lib\UserFlag;
 
 if (CONFIG["site"]["enable_exception_handler"]) {
     set_exception_handler(["UnityWebPortal\lib\UnityHTTPD", "exceptionHandler"]);
@@ -56,7 +57,7 @@
     $_SESSION["SSO"] = $SSO;
 
     $OPERATOR = new UnityUser($SSO["user"], $LDAP, $SQL, $MAILER, $WEBHOOK);
-    $_SESSION["is_admin"] = $OPERATOR->getFlag("admin");
+    $_SESSION["is_admin"] = $OPERATOR->getFlag(UserFlag::ADMIN);
 
     if (isset($_SESSION["viewUser"]) && $_SESSION["is_admin"]) {
         $USER = new UnityUser($_SESSION["viewUser"], $LDAP, $SQL, $MAILER, $WEBHOOK);
diff --git a/resources/lib/UnityGroup.php b/resources/lib/UnityGroup.php
@@ -85,7 +85,7 @@ public function approveGroup(?UnityUser $operator = null, bool $send_mail = true
         if ($send_mail) {
             $this->MAILER->sendMail($this->getOwner()->getMail(), "group_created");
         }
-        $this->getOwner()->setFlag("qualified", true); // having your own group makes you qualified
+        $this->getOwner()->setFlag(UserFlag::QUALIFIED, true); // having your own group makes you qualified
     }
 
     /**
@@ -192,7 +192,7 @@ public function approveUser(UnityUser $new_user, bool $send_mail = true): void
             ]);
         }
         // being in a group makes you qualified
-        $new_user->setFlag("qualified", true, doSendMail: true, doSendMailAdmin: false);
+        $new_user->setFlag(UserFlag::QUALIFIED, true, doSendMail: true, doSendMailAdmin: false);
     }
 
     public function denyUser(UnityUser $new_user, bool $send_mail = true): void
diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php
@@ -7,6 +7,15 @@
 use PHPOpenLDAPer\LDAPEntry;
 use UnityWebPortal\lib\PosixGroup;
 
+enum UserFlag: string
+{
+    case ADMIN = "admin";
+    case GHOST = "ghost";
+    case IDLELOCKED = "idlelocked";
+    case LOCKED = "locked";
+    case QUALIFIED = "qualified";
+}
+
 /**
  * An LDAP connection class which extends LDAPConn tailored for the UnityHPC Platform
  */
@@ -48,8 +57,9 @@ public function __construct()
         $this->pi_groupOU = $this->getEntry(CONFIG["ldap"]["pigroup_ou"]);
         $this->org_groupOU = $this->getEntry(CONFIG["ldap"]["orggroup_ou"]);
         $this->userFlagGroups = [];
-        foreach (CONFIG["ldap"]["user_flag_groups"] as $gid => $dn) {
-            $this->userFlagGroups[$gid] = new PosixGroup(new LDAPEntry($this->conn, $dn));
+        foreach (UserFlag::cases() as $flag) {
+            $dn = CONFIG["ldap"]["user_flag_groups"][$flag->value];
+            $this->userFlagGroups[$flag->value] = new PosixGroup(new LDAPEntry($this->conn, $dn));
         }
     }
 
diff --git a/resources/lib/UnityUser.php b/resources/lib/UnityUser.php
@@ -97,13 +97,13 @@ public function init(
         $this->SQL->addLog($this->uid, $_SERVER["REMOTE_ADDR"], "user_added", $this->uid);
     }
 
-    public function getFlag(string $flag): bool
+    public function getFlag(UserFlag $flag): bool
     {
-        return $this->LDAP->userFlagGroups[$flag]->memberUIDExists($this->uid);
+        return $this->LDAP->userFlagGroups[$flag->value]->memberUIDExists($this->uid);
     }
 
     public function setFlag(
-        string $flag,
+        UserFlag $flag,
         bool $newValue,
         bool $doSendMail = true,
         bool $doSendMailAdmin = true,
@@ -113,7 +113,7 @@ public function setFlag(
             return;
         }
         if ($newValue) {
-            $this->LDAP->userFlagGroups[$flag]->addMemberUID($this->uid);
+            $this->LDAP->userFlagGroups[$flag->value]->addMemberUID($this->uid);
             if ($doSendMail) {
                 $this->MAILER->sendMail($this->getMail(), "user_flag_added", [
                     "user" => $this->uid,
@@ -129,7 +129,7 @@ public function setFlag(
                 ]);
             }
         } else {
-            $this->LDAP->userFlagGroups[$flag]->removeMemberUID($this->uid);
+            $this->LDAP->userFlagGroups[$flag->value]->removeMemberUID($this->uid);
             if ($doSendMail) {
                 $this->MAILER->sendMail($this->getMail(), "user_flag_removed", [
                     "user" => $this->uid,
diff --git a/resources/mail/user_flag_added.php b/resources/mail/user_flag_added.php
@@ -1,5 +1,6 @@
+<?php use UnityWebPortal\lib\UserFlag; ?>
 <?php switch ($data["flag"]):
-case "qualified": ?>
+case UserFlag::QUALIFIED: ?>
 <?php $this->Subject = "User Activated"; ?>
 <p>Hello,</p>
 <p>Your account on the UnityHPC Platform has been activated. Your account details are below:</p>
@@ -17,31 +18,31 @@
 <?php break; ?>
 
 <?php /////////////////////////////////////////////////////////////////////////////////////////// ?>
-<?php case "ghost": ?>
+<?php case UserFlag::GHOST: ?>
 <?php $this->Subject = "User Deleted"; ?>
 <p>Hello,</p>
 <p>Your account on the UnityHPC Platform has been deleted.</p>
 <p>If you believe this to be a mistake, please reply to this email as soon as possible.</p>
 <?php break; ?>
 
 <?php /////////////////////////////////////////////////////////////////////////////////////////// ?>
-<?php case "locked": ?>
+<?php case UserFlag::LOCKED: ?>
 <?php $this->Subject = "User Locked"; ?>
 <p>Hello,</p>
 <p>Your account on the UnityHPC Platform has been locked.</p>
 <p>If you believe this to be a mistake, please reply to this email as soon as possible.</p>
 <?php break; ?>
 
 <?php /////////////////////////////////////////////////////////////////////////////////////////// ?>
-<?php case "idlelocked": ?>
+<?php case UserFlag::IDLELOCKED: ?>
 <?php $this->Subject = "User Locked"; ?>
 <p>Hello,</p>
 <p>Your account on the UnityHPC Platform has been locked due to inactivity.</p>
 <p>If you believe this to be a mistake, please reply to this email as soon as possible.</p>
 <?php break; ?>
 
 <?php /////////////////////////////////////////////////////////////////////////////////////////// ?>
-<?php case "admin": ?>
+<?php case UserFlag::ADMIN: ?>
 <?php $this->Subject = "User Promoted"; ?>
 <p>Hello,</p>
 <p>Your account on the UnityHPC Platform has been promoted to admin.</p>
diff --git a/resources/mail/user_flag_added_admin.php b/resources/mail/user_flag_added_admin.php
@@ -1,33 +1,34 @@
+<?php use UnityWebPortal\lib\UserFlag; ?>
 <?php switch ($data["flag"]):
-case "qualified": ?>
+case UserFlag::QUALIFIED: ?>
 <?php $this->Subject = "User Qualified"; ?>
 <p>Hello,</p>
 <p>User "<?php echo $data["user"] ?>" has been qualified. </p>
 <?php break; ?>
 
 <?php /////////////////////////////////////////////////////////////////////////////////////////// ?>
-<?php case "ghost": ?>
+<?php case UserFlag::GHOST: ?>
 <?php $this->Subject = "User Ghosted"; ?>
 <p>Hello,</p>
 <p>User "<?php echo $data["user"] ?>" has been marked as ghost. </p>
 <?php break; ?>
 
 <?php /////////////////////////////////////////////////////////////////////////////////////////// ?>
-<?php case "locked": ?>
+<?php case UserFlag::LOCKED: ?>
 <?php $this->Subject = "User Locked"; ?>
 <p>Hello,</p>
 <p>User "<?php echo $data["user"] ?>" has been locked. </p>
 <?php break; ?>
 
 <?php /////////////////////////////////////////////////////////////////////////////////////////// ?>
-<?php case "idlelocked": ?>
+<?php case UserFlag::IDLELOCKED: ?>
 <?php $this->Subject = "User Idle Locked"; ?>
 <p>Hello,</p>
 <p>User "<?php echo $data["user"] ?>" has been idle locked. </p>
 <?php break; ?>
 
 <?php /////////////////////////////////////////////////////////////////////////////////////////// ?>
-<?php case "admin": ?>
+<?php case UserFlag::ADMIN: ?>
 <?php $this->Subject = "User Promoted"; ?>
 <p>Hello,</p>
 <p>User "<?php echo $data["user"] ?>" has been promoted to admin. </p>
diff --git a/resources/mail/user_flag_removed.php b/resources/mail/user_flag_removed.php
@@ -1,37 +1,38 @@
+<?php use UnityWebPortal\lib\UserFlag; ?>
 <?php switch ($data["flag"]):
-case "qualified": ?>
+case UserFlag::QUALIFIED: ?>
 <?php $this->Subject = "User Deactivated"; ?>
 <p>Hello,</p>
 <p>Your account on the UnityHPC Platform has been deactivated.</p>
 <p>If you believe this to be a mistake, please reply to this email as soon as possible.</p>
 <?php break; ?>
 
 <?php /////////////////////////////////////////////////////////////////////////////////////////// ?>
-<?php case "ghost": ?>
+<?php case UserFlag::GHOST: ?>
 <?php $this->Subject = "User Resurrected"; ?>
 <p>Hello,</p>
 <p>Your account on the UnityHPC Platform has been resurrected.</p>
 <p>If you believe this to be a mistake, please reply to this email as soon as possible.</p>
 <?php break; ?>
 
 <?php /////////////////////////////////////////////////////////////////////////////////////////// ?>
-<?php case "locked": ?>
+<?php case UserFlag::LOCKED: ?>
 <?php $this->Subject = "User Unlocked"; ?>
 <p>Hello,</p>
 <p>Your account on the UnityHPC Platform has been unlocked.</p>
 <p>If you believe this to be a mistake, please reply to this email as soon as possible.</p>
 <?php break; ?>
 
 <?php /////////////////////////////////////////////////////////////////////////////////////////// ?>
-<?php case "idlelocked": ?>
+<?php case UserFlag::IDLELOCKED: ?>
 <?php $this->Subject = "User Unlocked"; ?>
 <p>Hello,</p>
 <p>Your account on the UnityHPC Platform has been unlocked.</p>
 <p>If you believe this to be a mistake, please reply to this email as soon as possible.</p>
 <?php break; ?>
 
 <?php /////////////////////////////////////////////////////////////////////////////////////////// ?>
-<?php case "admin": ?>
+<?php case UserFlag::ADMIN: ?>
 <?php $this->Subject = "User Demoted"; ?>
 <p>Hello,</p>
 <p>Your account on the UnityHPC Platform has been demoted from admin.</p>
diff --git a/resources/mail/user_flag_removed_admin.php b/resources/mail/user_flag_removed_admin.php
@@ -1,33 +1,34 @@
+<?php use UnityWebPortal\lib\UserFlag; ?>
 <?php switch ($data["flag"]):
-case "qualified": ?>
+case UserFlag::QUALIFIED: ?>
 <?php $this->Subject = "User Dequalified"; ?>
 <p>Hello,</p>
 <p>User "<?php echo $data["user"] ?>" has been dequalified. </p>
 <?php break; ?>
 
 <?php /////////////////////////////////////////////////////////////////////////////////////////// ?>
-<?php case "ghost": ?>
+<?php case UserFlag::GHOST: ?>
 <?php $this->Subject = "User Resurrected"; ?>
 <p>Hello,</p>
 <p>User "<?php echo $data["user"] ?>" has been resurrected (no longer marked as ghost). </p>
 <?php break; ?>
 
 <?php /////////////////////////////////////////////////////////////////////////////////////////// ?>
-<?php case "locked": ?>
+<?php case UserFlag::LOCKED: ?>
 <?php $this->Subject = "User Unlocked"; ?>
 <p>Hello,</p>
 <p>User "<?php echo $data["user"] ?>" has been unlocked. </p>
 <?php break; ?>
 
 <?php /////////////////////////////////////////////////////////////////////////////////////////// ?>
-<?php case "idlelocked": ?>
+<?php case UserFlag::IDLELOCKED: ?>
 <?php $this->Subject = "User Idle Unlocked"; ?>
 <p>Hello,</p>
 <p>User "<?php echo $data["user"] ?>" has been idle unlocked. </p>
 <?php break; ?>
 
 <?php /////////////////////////////////////////////////////////////////////////////////////////// ?>
-<?php case "admin": ?>
+<?php case UserFlag::ADMIN: ?>
 <?php $this->Subject = "User Demoted"; ?>
 <p>Hello,</p>
 <p>User "<?php echo $data["user"] ?>" has been demoted from admin. </p>
diff --git a/test/functional/PIBecomeApproveTest.php b/test/functional/PIBecomeApproveTest.php
@@ -1,7 +1,6 @@
 <?php
 
-use UnityWebPortal\lib\UnityOrg;
-use UnityWebPortal\lib\UnitySQL;
+use UnityWebPortal\lib\UserFlag;
 
 class PIBecomeApproveTest extends UnityWebPortalTestCase
 {
@@ -64,7 +63,7 @@ public function testApprovePI()
 
             $this->assertRequestedPIGroup(false);
             $this->assertTrue($pi_group->exists());
-            $this->assertTrue($USER->getFlag("qualified"));
+            $this->assertTrue($USER->getFlag(UserFlag::QUALIFIED));
 
             // $third_request_failed = false;
             // try {
diff --git a/test/functional/PiMemberApproveTest.php b/test/functional/PiMemberApproveTest.php
@@ -1,7 +1,6 @@
 <?php
 
-use UnityWebPortal\lib\UnitySQL;
-use UnityWebPortal\lib\UnityGroup;
+use UnityWebPortal\lib\UserFlag;
 
 class PIMemberApproveTest extends UnityWebPortalTestCase
 {
@@ -107,7 +106,7 @@ public function testApproveMemberByPI()
             $this->assertTrue(!$pi_group->requestExists($USER));
             $this->assertRequestedMembership(false, $gid);
             $this->assertTrue($pi_group->memberUIDExists($USER->uid));
-            $this->assertTrue($USER->getFlag("qualified"));
+            $this->assertTrue($USER->getFlag(UserFlag::QUALIFIED));
 
             // $third_request_failed = false;
             // try {
@@ -167,7 +166,7 @@ public function testApproveMemberByAdmin()
             $this->assertTrue(!$pi_group->requestExists($USER));
             $this->assertRequestedMembership(false, $gid);
             $this->assertTrue($pi_group->memberUIDExists($USER->uid));
-            $this->assertTrue($USER->getFlag("qualified"));
+            $this->assertTrue($USER->getFlag(UserFlag::QUALIFIED));
 
             // $third_request_failed = false;
             // try {
diff --git a/test/functional/ViewAsUserTest.php b/test/functional/ViewAsUserTest.php
@@ -1,6 +1,6 @@
 <?php
 
-use UnityWebPortal\lib\UnityHTTPD;
+use UnityWebPortal\lib\UserFlag;
 
 class ViewAsUserTest extends UnityWebPortalTestCase
 {
@@ -10,7 +10,7 @@ public function _testViewAsUser(array $beforeUser, array $afterUser)
         switchUser(...$afterUser);
         $afterUid = $USER->uid;
         switchUser(...$beforeUser);
-        // $this->assertTrue($USER->getFlag("admin"));
+        // $this->assertTrue($USER->getFlag(UserFlag::ADMIN));
         $beforeUid = $USER->uid;
         // $this->assertNotEquals($afterUid, $beforeUid);
         http_post(__DIR__ . "/../../webroot/admin/user-mgmt.php", [
@@ -57,7 +57,7 @@ public function testNonAdminViewAsAdmin()
         global $USER;
         switchUser(...getAdminUser());
         $adminUid = $USER->uid;
-        $this->assertTrue($USER->getFlag("admin"));
+        $this->assertTrue($USER->getFlag(UserFlag::ADMIN));
         switchUser(...getNormalUser());
         http_post(__DIR__ . "/../../webroot/admin/user-mgmt.php", [
             "form_type" => "viewAsUser",
diff --git a/test/phpunit-bootstrap.php b/test/phpunit-bootstrap.php
@@ -30,6 +30,7 @@
 use UnityWebPortal\lib\CSRFToken;
 use UnityWebPortal\lib\UnityGroup;
 use UnityWebPortal\lib\UnityHTTPD;
+use UnityWebPortal\lib\UserFlag;
 use UnityWebPortal\lib\UnitySQL;
 use UnityWebPortal\lib\UnityHTTPDMessageLevel;
 use PHPUnit\Framework\TestCase;
@@ -195,7 +196,7 @@ function ensureUserDoesNotExist()
         $USER->getGroupEntry()->delete();
         ensure(!$USER->getGroupEntry()->exists());
     }
-    $USER->setFlag("qualified", false);
+    $USER->setFlag(UserFlag::QUALIFIED, false);
     ensure(!$LDAP->userFlagGroups["qualified"]->memberUIDExists($USER->uid));
 }
 
diff --git a/webroot/admin/ajax/get_group_members.php b/webroot/admin/ajax/get_group_members.php
@@ -5,7 +5,7 @@
 use UnityWebPortal\lib\UnityGroup;
 use UnityWebPortal\lib\UnityHTTPD;
 
-if (!$USER->getFlag("admin")) {
+if (!$USER->getFlag(UserFlag::ADMIN)) {
     UnityHTTPD::forbidden("not an admin");
 }
 
diff --git a/webroot/admin/ajax/get_page_contents.php b/webroot/admin/ajax/get_page_contents.php
@@ -4,7 +4,7 @@
 
 use UnityWebPortal\lib\UnityHTTPD;
 
-if (!$USER->getFlag("admin")) {
+if (!$USER->getFlag(UserFlag::ADMIN)) {
     UnityHTTPD::forbidden("not an admin");
 }
 
diff --git a/webroot/admin/content.php b/webroot/admin/content.php
@@ -3,8 +3,9 @@
 require_once __DIR__ . "/../../resources/autoload.php";
 
 use UnityWebPortal\lib\UnityHTTPD;
+use UnityWebPortal\lib\UserFlag;
 
-if (!$USER->getFlag("admin")) {
+if (!$USER->getFlag(UserFlag::ADMIN)) {
     UnityHTTPD::forbidden("not an admin");
 }
 
diff --git a/webroot/admin/notices.php b/webroot/admin/notices.php
diff --git a/webroot/admin/pi-mgmt.php b/webroot/admin/pi-mgmt.php
diff --git a/webroot/admin/user-mgmt.php b/webroot/admin/user-mgmt.php
diff --git a/webroot/panel/account.php b/webroot/panel/account.php

Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ public function approveGroup(?UnityUser $operator = null, bool $send_mail = true`
`85`	`85`	`if ($send_mail) {`
`86`	`86`	`$this->MAILER->sendMail($this->getOwner()->getMail(), "group_created");`
`87`	`87`	`}`
`88`		`- $this->getOwner()->setFlag("qualified", true); // having your own group makes you qualified`
	`88`	`+ $this->getOwner()->setFlag(UserFlag::QUALIFIED, true); // having your own group makes you qualified`
`89`	`89`	`}`
`90`	`90`
`91`	`91`	`/**`
`@@ -192,7 +192,7 @@ public function approveUser(UnityUser $new_user, bool $send_mail = true): void`
`192`	`192`	`]);`
`193`	`193`	`}`
`194`	`194`	`// being in a group makes you qualified`
`195`		`- $new_user->setFlag("qualified", true, doSendMail: true, doSendMailAdmin: false);`
	`195`	`+ $new_user->setFlag(UserFlag::QUALIFIED, true, doSendMail: true, doSendMailAdmin: false);`
`196`	`196`	`}`
`197`	`197`
`198`	`198`	`public function denyUser(UnityUser $new_user, bool $send_mail = true): void`