/**
* Determines if the user specified has access to report the entity.
*
* @param \Drupal\core\Entity\EntityInterface $entity
* The entity to check access for
* @param $form_id string
* The form that is protected for this entity.
* @param \Drupal\Core\Session\AccountInterface $account
* The account to use. If null, use the current user.
*
* @return \Drupal\Core\Access\AccessResultInterface
*/
public static function accessReport($entity, $form_id, $account = NULL)
{
// Check if the user has access to this comment.
$result = $entity->access('edit', $account, TRUE)->andIf($entity->access('update', $account, TRUE));
if (!$result->isAllowed()) {
return $result;
}
// Check if this entity type is protected.
$form_entity = \Drupal::entityManager()->getStorage('mollom_form')->load($form_id);
if (empty($form_entity)) {
return new AccessResultForbidden();
}
// Check any specific report access callbacks.
$forms = FormController::getProtectableForms();
$info = $forms[$form_id];
if (empty($info)) {
// Orphan form protection.
return new AccessResultForbidden();
}
$report_access_callbacks = [];
$access_permissions = [];
// If there is a 'report access callback' add it to the list.
if (isset($info['report access callback']) && function_exists($info['report access callback']) && !in_array($info['report access callback'], $report_access_callbacks)) {
$report_access_callbacks[] = $info['report access callback'];
} else {
if (isset($info['report access']) && !in_array($info['report access'], $access_permissions)) {
$access_permissions += $info['report access'];
}
}
foreach ($report_access_callbacks as $callback) {
if (!$callback($entity->getEntityTypeId(), $entity->id())) {
return new AccessResultForbidden();
}
}
foreach ($access_permissions as $permission) {
if (empty($account)) {
$account = \Drupal::currentUser();
}
if (!$account->hasPermission($permission)) {
return new AccessResultForbidden();
}
}
return new AccessResultAllowed();
}
/**
* Submit handler for feedback options.
*/
public static function addFeedbackOptionsSubmit(&$form, FormStateInterface &$form_state)
{
$forms = FormController::getProtectedForms();
$mollom_form = Form::load($forms['delete'][$form_state->getFormObject()->getFormId()])->initialize();
$entity_type = $mollom_form['entity'];
if (!empty($entity_type)) {
$id = $form_state->getFormObject()->getEntity()->id();
} else {
$id = $form_state->getValue($mollom_form['mapping']['post_id']);
}
$feedback = $form_state->getValue(array('mollom', 'feedback'));
if (!empty($feedback)) {
if (self::sendFeedback($entity_type, $id, $feedback, 'moderate', 'mollom_data_delete_form_submit')) {
drupal_set_message(t('The content was successfully reported as inappropriate.'));
}
}
// Remove Mollom session data.
ResponseDataStorage::delete($entity_type, $id);
}
/**
* Configure Mollom protection for a given form.
*
* @param $form_id
* The form id to configure.
* @param $mode
* The Mollom protection mode for the form.
* @param $fields
* (optional) A list of form elements to enable for text analysis. If
* omitted and the form registers individual elements, all fields are
* enabled by default.
* @param $edit
* (optional) An array of POST data to pass through to drupalPost() when
* configuring the form's protection.
*/
protected function setProtectionUI($form_id, $mode = FormInterface::MOLLOM_MODE_ANALYSIS, $fields = NULL, $edit = [])
{
// Always start from overview page, also to make debugging easier.
$this->drupalGet('admin/config/content/mollom');
// Determine whether the form is already protected.
$exists = \Drupal::entityManager()->getStorage('mollom_form')->load($form_id);
// Add a new form.
if (!$exists) {
$this->drupalGet('admin/config/content/mollom/add-form', ['query' => ['form_id' => $form_id]]);
$save = t('Create Protected Mollom Form');
} else {
$this->assertLinkByHref('admin/config/content/mollom/form/' . $form_id . '/edit');
$this->drupalGet('admin/config/content/mollom/form/' . $form_id . '/edit');
$save = t('Update Protected Mollom Form');
}
$edit += ['mode' => $mode];
// Process the enabled fields.
$form_list = FormController::getProtectableForms();
$form_info = FormController::getProtectedFormDetails($form_id, $form_list[$form_id]['module']);
if (!empty($form_info['elements'])) {
$edit += ['checks[spam]' => TRUE];
}
foreach (array_keys($form_info['elements']) as $field) {
if (!isset($fields) || in_array($field, $fields)) {
// If the user specified all fields by default or to include this
// field, set its checkbox value to TRUE.
$edit['enabled_fields[' . rawurlencode($field) . ']'] = TRUE;
} else {
// Otherwise set the field's checkbox value to FALSE.
$edit['enabled_fields[' . rawurlencode($field) . ']'] = FALSE;
}
}
$this->drupalPostForm(NULL, $edit, $save);
if (!$exists) {
$this->assertText(t('The form protection has been added.'));
} else {
$this->assertText(t('The form protection has been updated.'));
}
}
/**
* Tests invalid (stale) form configurations.
*/
function testInvalidForms()
{
$forms = ['nonexisting' => 'nonexisting_form', 'user' => 'user_nonexisting_form', 'node' => 'nonexisting_node_form', 'comment' => 'comment_node_nonexisting_form'];
$mode = 0;
foreach ($forms as $module => $form_id) {
$mollom_form = FormController::getProtectedFormDetails($form_id, $module, []);
$mollom_form['mode'] = $mode++;
$form = Form::create($mollom_form);
$form->id = $form_id;
$form->save();
}
// Just visiting the form administration page is sufficient; it will throw
// fatal errors, warnings, and notices.
$this->drupalLogin($this->adminUser);
$this->drupalGet('admin/config/content/mollom');
// Ensure that unprotecting the forms does not throw any notices either.
foreach ($forms as $form_id) {
$this->assertNoLinkByHref('admin/config/content/mollom/form/' . $form_id . '/edit');
$this->assertLinkByHref('admin/config/content/mollom/form/' . $form_id . '/delete');
$this->drupalPostForm('admin/config/content/mollom/form/' . $form_id . '/delete', array(), t('Remove Mollom Protection'));
$this->assertNoLinkByHref('admin/config/content/mollom/form/' . $form_id . '/delete');
}
// Confirm deletion.
$configured = \Drupal::entityManager()->getStorage('mollom_form')->loadMultiple();
$this->assertFalse($configured, 'No forms found.');
}
/**
* Return registered forms as an array suitable for a 'checkboxes' form element #options property.
*/
protected function getProtectableFormOptions()
{
// Retrieve all registered forms.
$form_list = FormController::getProtectableForms();
// Remove already configured form ids.
$result = $this->entity->loadMultiple();
foreach ($result as $form_id) {
unset($form_list[$form_id->id()]);
}
// If all registered forms are configured already, output a message, and
// redirect the user back to overview.
if (empty($form_list)) {
drupal_set_message(t('All available forms are protected already.'));
}
// Load module information.
$module_info = system_get_info('module');
// Transform form information into an associative array suitable for #options.
$options = array();
foreach ($form_list as $form_id => $info) {
// system_get_info() only supports enabled modules. Default to the module's
// machine name in case it is disabled.
$module = $info['module'];
if (!isset($module_info[$module])) {
$module_info[$module]['name'] = $module;
}
$options[$form_id] = t('@module: @form-title', array('@form-title' => $info['title'], '@module' => t($module_info[$module]['name'])));
}
// Sort form options by title.
asort($options);
return $options;
}
/**
* {@inheritDoc}
*
*/
public function initialize($form_id = NULL)
{
$mollom_form = get_object_vars($this);
if (empty($form_id) && empty($this->id)) {
return $mollom_form;
}
if ($this->isNew()) {
$forms = FormController::getProtectableForms();
if (empty($forms[$form_id])) {
return $mollom_form;
}
$mollom_form += $forms[$form_id];
$this->id = $form_id;
$this->label = $forms[$form_id]['title'];
foreach ($forms[$form_id] as $name => $value) {
if (property_exists($this, $name)) {
$this->{$name} = $value;
}
}
$module = $this->module;
} else {
$form_id = $this->id();
$module = $this->module;
$forms = NULL;
}
// Add all of the configuration information defined in hooks.
$form_details = FormController::getProtectedFormDetails($form_id, $module, $forms);
if ($this->isNew()) {
// Overwrite the element properties with form details when supplied.
$mollom_form = array_merge($mollom_form, $form_details);
} else {
// The entity has already been configured so use it's data over the
// configuration details.
$mollom_form = array_merge($form_details, $mollom_form);
}
if ($this->isNew()) {
// Enable all fields for textual analysis by default.
$this->setChecks(array('spam'));
$mollom_form['checks'] = array('spam');
$mollom_form['enabled_fields'] = array_keys($mollom_form['elements']);
$this->setEnabledFields(array_keys($mollom_form['elements']));
}
return $mollom_form;
}
