Merge pull request #19953 from kamil-tekiela/hasNoRightsToDropDatabase

MauricioFauth · web-flow · commit f89ab9ecbf19 · 2025-12-10T19:20:47.000-03:00
Refactor hasNoRightsToDropDatabase
diff --git a/app/services_controllers.php b/app/services_controllers.php
@@ -933,7 +933,6 @@
             'arguments' => [
                 '$response' => '@response',
                 '$sql' => '@sql',
-                '$dbi' => '@dbi',
                 '$pageSettings' => '@' . PageSettings::class,
                 '$bookmarkRepository' => '@bookmarkRepository',
                 '$config' => '@config',
diff --git a/src/Controllers/Import/ImportController.php b/src/Controllers/Import/ImportController.php
@@ -618,13 +618,7 @@ public function __invoke(ServerRequest $request): Response
                 ResponseRenderer::$reload = $reloadNeeded;
 
                 // Check if User is allowed to issue a 'DROP DATABASE' Statement
-                if (
-                    $this->sql->hasNoRightsToDropDatabase(
-                        $statementInfo,
-                        $this->config->settings['AllowUserDropDatabase'],
-                        $this->dbi->isSuperUser(),
-                    )
-                ) {
+                if ($this->sql->hasNoRightsToDropDatabase($statementInfo)) {
                     Generator::mysqlDie(
                         __('"DROP DATABASE" statements are disabled.'),
                         '',
diff --git a/src/Controllers/Sql/SqlController.php b/src/Controllers/Sql/SqlController.php
@@ -10,7 +10,6 @@
 use PhpMyAdmin\Controllers\InvocableController;
 use PhpMyAdmin\Core;
 use PhpMyAdmin\Current;
-use PhpMyAdmin\Dbal\DatabaseInterface;
 use PhpMyAdmin\Html\Generator;
 use PhpMyAdmin\Http\Response;
 use PhpMyAdmin\Http\ServerRequest;
@@ -35,7 +34,6 @@
     public function __construct(
         private ResponseRenderer $response,
         private Sql $sql,
-        private DatabaseInterface $dbi,
         private PageSettings $pageSettings,
         private BookmarkRepository $bookmarkRepository,
         private Config $config,
@@ -134,13 +132,7 @@ public function __invoke(ServerRequest $request): Response
          * but since a malicious user may pass this variable by url/form, we don't take
          * into account this case.
          */
-        if (
-            $this->sql->hasNoRightsToDropDatabase(
-                $statementInfo,
-                $this->config->settings['AllowUserDropDatabase'],
-                $this->dbi->isSuperUser(),
-            )
-        ) {
+        if ($this->sql->hasNoRightsToDropDatabase($statementInfo)) {
             Generator::mysqlDie(
                 __('"DROP DATABASE" statements are disabled.'),
                 '',
diff --git a/src/Sql.php b/src/Sql.php
@@ -414,18 +414,12 @@ private function isDeleteTransformationInfo(StatementInfo $statementInfo): bool
             || $statementInfo->flags->queryType === StatementType::Drop;
     }
 
-    /**
-     * Function to check whether the user has rights to drop the database
-     *
-     * @param bool $allowUserDropDatabase whether the user is allowed to drop db
-     * @param bool $isSuperUser           whether this user is a superuser
-     */
     public function hasNoRightsToDropDatabase(
         StatementInfo $statementInfo,
-        bool $allowUserDropDatabase,
-        bool $isSuperUser,
     ): bool {
-        return ! $allowUserDropDatabase && $statementInfo->flags->dropDatabase && ! $isSuperUser;
+        return ! $this->config->settings['AllowUserDropDatabase']
+            && $statementInfo->flags->dropDatabase
+            && ! $this->dbi->isSuperUser();
     }
 
     /**
diff --git a/tests/unit/Controllers/Table/ReplaceControllerTest.php b/tests/unit/Controllers/Table/ReplaceControllerTest.php
@@ -113,7 +113,6 @@ public function testReplace(): void
                 $bookmarkRepository,
                 $config,
             ),
-            $dbi,
             $pageSettings,
             $bookmarkRepository,
             $config,
diff --git a/tests/unit/SqlTest.php b/tests/unit/SqlTest.php
@@ -197,27 +197,26 @@ public function testIsDeleteTransformationInfo(): void
      */
     public function testHasNoRightsToDropDatabase(): void
     {
+        $this->dummyDbi->addResult(
+            'SELECT 1 FROM mysql.user LIMIT 1',
+            [],
+        );
+
         self::assertTrue(
             $this->sql->hasNoRightsToDropDatabase(
                 ParseAnalyze::sqlQuery('DROP DATABASE db', Current::$database)[0],
-                false,
-                false,
             ),
         );
 
         self::assertFalse(
             $this->sql->hasNoRightsToDropDatabase(
                 ParseAnalyze::sqlQuery('DROP TABLE tbl', Current::$database)[0],
-                false,
-                false,
             ),
         );
 
         self::assertFalse(
             $this->sql->hasNoRightsToDropDatabase(
                 ParseAnalyze::sqlQuery('SELECT * from tbl', Current::$database)[0],
-                false,
-                false,
             ),
         );
     }
