Use constant for _isAllowed() check

.github/phpstan-baseline.neon

@@ -510,11 +510,6 @@ parameters:
 			count: 1
 			path: ../app/code/core/Mage/Adminhtml/Block/Notification/Window.php
 
-		-
-			message: "#^PHPDoc tag @param references unknown parameter\\: \\$resourcePath$#"
-			count: 1
-			path: ../app/code/core/Mage/Adminhtml/Block/Notification/Window.php
-
 		-
 			message: "#^Method Mage_Adminhtml_Block_Page\\:\\:getLang\\(\\) has invalid return type unknown\\.$#"
 			count: 1
@@ -1660,26 +1655,6 @@ parameters:
 			count: 1
 			path: ../app/code/core/Mage/Adminhtml/controllers/Cms/PageController.php
 
-		-
-			message: "#^Call to method _saveSessionCurrentPath\\(\\) on an unknown class Mage_Adminhtml_Cms_Page_Wysiwyg_ImagesController\\.$#"
-			count: 1
-			path: ../app/code/core/Mage/Adminhtml/controllers/Cms/Wysiwyg/ImagesController.php
-
-		-
-			message: "#^Call to method loadLayout\\(\\) on an unknown class Mage_Adminhtml_Cms_Page_Wysiwyg_ImagesController\\.$#"
-			count: 1
-			path: ../app/code/core/Mage/Adminhtml/controllers/Cms/Wysiwyg/ImagesController.php
-
-		-
-			message: "#^Method Mage_Adminhtml_Cms_Wysiwyg_ImagesController\\:\\:_initAction\\(\\) has invalid return type Mage_Adminhtml_Cms_Page_Wysiwyg_ImagesController\\.$#"
-			count: 1
-			path: ../app/code/core/Mage/Adminhtml/controllers/Cms/Wysiwyg/ImagesController.php
-
-		-
-			message: "#^Method Mage_Adminhtml_Cms_Wysiwyg_ImagesController\\:\\:_saveSessionCurrentPath\\(\\) has invalid return type Mage_Adminhtml_Cms_Page_Wysiwyg_ImagesController\\.$#"
-			count: 1
-			path: ../app/code/core/Mage/Adminhtml/controllers/Cms/Wysiwyg/ImagesController.php
-
 		-
 			message: "#^Method Mage_Adminhtml_CustomerController\\:\\:cartAction\\(\\) should return string but return statement is missing\\.$#"
 			count: 1
@@ -1695,11 +1670,6 @@ parameters:
 			count: 1
 			path: ../app/code/core/Mage/Adminhtml/controllers/IndexController.php
 
-		-
-			message: "#^Method Mage_Adminhtml_JsonController\\:\\:countryRegionAction\\(\\) should return string but return statement is missing\\.$#"
-			count: 1
-			path: ../app/code/core/Mage/Adminhtml/controllers/JsonController.php
-
 		-
 			message: "#^Variable \\$id in isset\\(\\) always exists and is not nullable\\.$#"
 			count: 1
@@ -2490,11 +2460,6 @@ parameters:
 			count: 1
 			path: ../app/code/core/Mage/Captcha/controllers/Adminhtml/RefreshController.php
 
-		-
-			message: "#^Method Mage_Captcha_Adminhtml_RefreshController\\:\\:refreshAction\\(\\) should return null but return statement is missing\\.$#"
-			count: 1
-			path: ../app/code/core/Mage/Captcha/controllers/Adminhtml/RefreshController.php
-
 		-
 			message: "#^Call to an undefined method Mage_Captcha_Model_Interface\\:\\:getImgSrc\\(\\)\\.$#"
 			count: 1

app/code/core/Mage/Adminhtml/Block/Notification/Window.php

@@ -168,16 +168,14 @@ public function getSeverityText()
     /**
      * Check if current block allowed in ACL
      *
-     * @param string $resourcePath
      * @return bool
      */
     protected function _isAllowed()
     {
         if (!is_null($this->_aclResourcePath)) {
             return Mage::getSingleton('admin/session')
                 ->isAllowed('admin/system/adminnotification/show_toolbar');
-        }
-        else {
+        } else {
             return true;
         }
     }

app/code/core/Mage/Adminhtml/Controller/Action.php

@@ -43,6 +43,12 @@ class Mage_Adminhtml_Controller_Action extends Mage_Core_Controller_Varien_Actio
      */
     const SESSION_NAMESPACE = 'adminhtml';
 
+    /**
+     * ACL resource
+     * @see Mage_Adminhtml_Controller_Action::_isAllowed()
+     */
+    const ADMIN_RESOURCE = 'admin';
+
     /**
      * Array of actions which can be processed without secret key validation
      *
@@ -76,9 +82,14 @@ class Mage_Adminhtml_Controller_Action extends Mage_Core_Controller_Varien_Actio
      */
     protected $_sessionNamespace = self::SESSION_NAMESPACE;
 
+    /**
+     * Check current user permission on resource and privilege
+     *
+     * @return bool
+     */
     protected function _isAllowed()
     {
-        return Mage::getSingleton('admin/session')->isAllowed('admin');
+        return Mage::getSingleton('admin/session')->isAllowed(static::ADMIN_RESOURCE);
     }
 
     /**
@@ -143,7 +154,7 @@ protected function _addJs(Mage_Core_Block_Abstract $block)
     }
 
     /**
-     * Controller predispatch method
+     * Controller pre-dispatch method
      *
      * @return $this
      */

app/code/core/Mage/Adminhtml/Controller/Sales/Creditmemo.php

@@ -31,6 +31,12 @@
  */
 class Mage_Adminhtml_Controller_Sales_Creditmemo extends Mage_Adminhtml_Controller_Action
 {
+    /**
+     * ACL resource
+     * @see Mage_Adminhtml_Controller_Action::_isAllowed()
+     */
+    const ADMIN_RESOURCE = 'sales/creditmemo';
+
     /**
      * Additional initialization
      *
@@ -99,7 +105,8 @@ public function emailAction()
         }
     }
 
-    public function pdfcreditmemosAction(){
+    public function pdfcreditmemosAction()
+    {
         $creditmemosIds = $this->getRequest()->getPost('creditmemo_ids');
         if (!empty($creditmemosIds)) {
             $invoices = Mage::getResourceModel('sales/order_creditmemo_collection')
@@ -123,14 +130,8 @@ public function printAction()
                 $this->_prepareDownloadResponse('creditmemo'.Mage::getSingleton('core/date')->date('Y-m-d_H-i-s').
                     '.pdf', $pdf->render(), 'application/pdf');
             }
-        }
-        else {
+        } else {
             $this->_forward('noRoute');
         }
     }
-
-    protected function _isAllowed()
-    {
-        return Mage::getSingleton('admin/session')->isAllowed('sales/creditmemo');
-    }
 }

app/code/core/Mage/Adminhtml/Controller/Sales/Invoice.php

@@ -31,9 +31,14 @@
  */
 class Mage_Adminhtml_Controller_Sales_Invoice extends Mage_Adminhtml_Controller_Action
 {
+    /**
+     * ACL resource
+     * @see Mage_Adminhtml_Controller_Action::_isAllowed()
+     */
+    const ADMIN_RESOURCE = 'sales/invoice';
+
     /**
      * Additional initialization
-     *
      */
     protected function _construct()
     {
@@ -120,13 +125,13 @@ public function printAction()
                 $this->_prepareDownloadResponse('invoice'.Mage::getSingleton('core/date')->date('Y-m-d_H-i-s').
                     '.pdf', $pdf->render(), 'application/pdf');
             }
-        }
-        else {
+        } else {
             $this->_forward('noRoute');
         }
     }
 
-    public function pdfinvoicesAction(){
+    public function pdfinvoicesAction()
+    {
         $invoicesIds = $this->getRequest()->getPost('invoice_ids');
         if (!empty($invoicesIds)) {
             $invoices = Mage::getResourceModel('sales/order_invoice_collection')
@@ -140,10 +145,4 @@ public function pdfinvoicesAction(){
         }
         $this->_redirect('*/*/');
     }
-
-    protected function _isAllowed()
-    {
-        return Mage::getSingleton('admin/session')->isAllowed('sales/invoice');
-    }
-
 }

app/code/core/Mage/Adminhtml/Controller/Sales/Shipment.php

@@ -31,9 +31,14 @@
  */
 class Mage_Adminhtml_Controller_Sales_Shipment extends Mage_Adminhtml_Controller_Action
 {
+    /**
+     * ACL resource
+     * @see Mage_Adminhtml_Controller_Action::_isAllowed()
+     */
+    const ADMIN_RESOURCE = 'sales/shipment';
+
     /**
      * Additional initialization
-     *
      */
     protected function _construct()
     {
@@ -78,7 +83,8 @@ public function viewAction()
         }
     }
 
-    public function pdfshipmentsAction(){
+    public function pdfshipmentsAction()
+    {
         $shipmentIds = $this->getRequest()->getPost('shipment_ids');
         if (!empty($shipmentIds)) {
             $shipments = Mage::getResourceModel('sales/order_shipment_collection')
@@ -92,7 +98,6 @@ public function pdfshipmentsAction(){
         $this->_redirect('*/*/');
     }
 
-
     public function printAction()
     {
         /** @see Mage_Adminhtml_Sales_Order_InvoiceController */
@@ -101,14 +106,8 @@ public function printAction()
                 $pdf = Mage::getModel('sales/order_pdf_shipment')->getPdf(array($shipment));
                 $this->_prepareDownloadResponse('packingslip'.Mage::getSingleton('core/date')->date('Y-m-d_H-i-s').'.pdf', $pdf->render(), 'application/pdf');
             }
-        }
-        else {
+        } else {
             $this->_forward('noRoute');
         }
     }
-
-    protected function _isAllowed()
-    {
-        return Mage::getSingleton('admin/session')->isAllowed('sales/shipment');
-    }
 }

app/code/core/Mage/Adminhtml/controllers/AjaxController.php

@@ -56,7 +56,7 @@ public function translateAction()
     /**
      * Check is allowed access to action
      *
-     * @return bool
+     * @return true
      */
     protected function _isAllowed()
     {

app/code/core/Mage/Adminhtml/controllers/Api/RoleController.php

@@ -34,7 +34,13 @@
 class Mage_Adminhtml_Api_RoleController extends Mage_Adminhtml_Controller_Action
 {
     /**
-     * Controller predispatch method
+     * ACL resource
+     * @see Mage_Adminhtml_Controller_Action::_isAllowed()
+     */
+    const ADMIN_RESOURCE = 'system/api/roles';
+
+    /**
+     * Controller pre-dispatch method
      *
      * @return Mage_Adminhtml_Controller_Action
      */
@@ -205,7 +211,6 @@ public function saveRoleAction()
             Mage::getSingleton('adminhtml/session')->addError($this->__('An error occurred while saving this role.'));
         }
 
-        //$this->getResponse()->setRedirect($this->getUrl("*/*/editrole/rid/$rid"));
         $this->_redirect('*/*/editrole', array('rid' => $rid));
         return;
     }
@@ -241,9 +246,4 @@ protected function _addUserToRole($userId, $roleId)
             return true;
         }
     }
-
-    protected function _isAllowed()
-    {
-        return Mage::getSingleton('admin/session')->isAllowed('system/api/roles');
-    }
 }

app/code/core/Mage/Adminhtml/controllers/Api/UserController.php

@@ -26,7 +26,13 @@
 class Mage_Adminhtml_Api_UserController extends Mage_Adminhtml_Controller_Action
 {
     /**
-     * Controller predispatch method
+     * ACL resource
+     * @see Mage_Adminhtml_Controller_Action::_isAllowed()
+     */
+    const ADMIN_RESOURCE = 'system/api/users';
+
+    /**
+     * Controller pre-dispatch method
      *
      * @return Mage_Adminhtml_Controller_Action
      */
@@ -233,13 +239,6 @@ public function roleGridAction()
         $this->getResponse()
             ->setBody($this->getLayout()
             ->createBlock('adminhtml/api_user_grid')
-            ->toHtml()
-        );
+            ->toHtml());
     }
-
-    protected function _isAllowed()
-    {
-        return Mage::getSingleton('admin/session')->isAllowed('system/api/users');
-    }
-
 }

app/code/core/Mage/Adminhtml/controllers/CacheController.php

@@ -26,6 +26,12 @@
 
 class Mage_Adminhtml_CacheController extends Mage_Adminhtml_Controller_Action
 {
+    /**
+     * ACL resource
+     * @see Mage_Adminhtml_Controller_Action::_isAllowed()
+     */
+    const ADMIN_RESOURCE = 'system/cache';
+
     /**
      * Retrieve session model
      *
@@ -206,14 +212,4 @@ public function cleanSwatchesAction()
         }
         $this->_redirect('*/*');
     }
-
-    /**
-     * Check if cache management is allowed
-     *
-     * @return bool
-     */
-    protected function _isAllowed()
-    {
-        return Mage::getSingleton('admin/session')->isAllowed('system/cache');
-    }
 }

app/code/core/Mage/Adminhtml/controllers/Catalog/Category/WidgetController.php

@@ -34,6 +34,12 @@
  */
 class Mage_Adminhtml_Catalog_Category_WidgetController extends Mage_Adminhtml_Controller_Action
 {
+    /**
+     * ACL resource
+     * @see Mage_Adminhtml_Controller_Action::_isAllowed()
+     */
+    const ADMIN_RESOURCE = 'cms/widget_instance';
+
     /**
      * Chooser Source action
      */
@@ -69,14 +75,4 @@ protected function _getCategoryTreeBlock()
             'use_massaction' => $this->getRequest()->getParam('use_massaction', false)
         ));
     }
-
-    /**
-     * Check is allowed access to action
-     *
-     * @return bool
-     */
-    protected function _isAllowed()
-    {
-        return Mage::getSingleton('admin/session')->isAllowed('cms/widget_instance');
-    }
 }