/**
* Explain your records in the {node_access} table.
*
* In order to help developers and administrators understand the forces
* that control access to any given node, the DNA module provides the
* Devel Node Access block, which lists all the grant records in the
* {node_access} table for that node.
*
* However, every Node Access module is free in how it defines and uses the
* 'realm' and 'gid' fields in its records in the {node_access} table, and
* it's often difficult to interpret them. This hook passes each record
* that DNA wants to display, and the owning module is expected to return
* an explanation of that record.
*
* The explanation should not be localized (not be passed through t()), so
* that administrators seeking help can present English explanations.
*
* @param $row
* The record from the {node_access} table, as object. The member fields are:
* nid, gid, realm, grant_view, grant_update, grant_delete.
*
* @return
* A string with a (short!) explanation of the given {node_access} row,
* to be displayed in DNA's 'Devel Node Access' block. It will be displayed
* as HTML; any variable parts must already be sanitized.
*
* @see hook_node_access_records()
* @see devel_node_access_node_access_explain()
*
* @ingroup node_access
*/
function hook_node_access_explain($row)
{
if ($row->realm == 'mymodule_myrealm') {
if ($row->grant_view) {
$role = user_role_load($row->gid);
return 'Role ' . \Drupal\Component\Utility\SafeMarkup::placeholder($role->name) . ' may view this node.';
} else {
return 'No access.';
}
}
}
/**
* {@inheritdoc}
*/
public function validate($items, Constraint $constraint)
{
/** @var \Drupal\Core\Field\FieldItemListInterface $items */
/** @var \Drupal\user\UserInterface $account */
$account = $items->getEntity();
$existing_value = NULL;
if ($account->id()) {
$account_unchanged = \Drupal::entityManager()->getStorage('user')->loadUnchanged($account->id());
$existing_value = $account_unchanged->getEmail();
}
$required = !(!$existing_value && \Drupal::currentUser()->hasPermission('administer users'));
if ($required && (!isset($items) || $items->isEmpty())) {
$this->context->addViolation($this->message, array('!name' => SafeMarkup::placeholder($account->getFieldDefinition('mail')->getLabel())));
}
}
/**
* Returns an array of filter permissions.
*
* @return array
*/
public function permissions()
{
$permissions = [];
// Generate permissions for each text format. Warn the administrator that any
// of them are potentially unsafe.
/** @var \Drupal\filter\FilterFormatInterface[] $formats */
$formats = $this->entityManager->getStorage('filter_format')->loadByProperties(['status' => TRUE]);
uasort($formats, 'Drupal\\Core\\Config\\Entity\\ConfigEntityBase::sort');
foreach ($formats as $format) {
if ($permission = $format->getPermissionName()) {
$permissions[$permission] = ['title' => $this->t('Use the <a href="@url">@label</a> text format', ['@url' => $format->url(), '@label' => $format->label()]), 'description' => SafeMarkup::placeholder($this->t('Warning: This permission may have security implications depending on how the text format is configured.'))];
}
}
return $permissions;
}
/**
* Generates an overview table of older revisions of a node.
*
* @param \Drupal\node\NodeInterface $node
* A node object.
*
* @return array
* An array as expected by drupal_render().
*/
public function revisionOverview(NodeInterface $node)
{
$account = $this->currentUser();
$node_storage = $this->entityManager()->getStorage('node');
$type = $node->getType();
$build = array();
$build['#title'] = $this->t('Revisions for %title', array('%title' => $node->label()));
$header = array($this->t('Revision'), $this->t('Operations'));
$revert_permission = ($account->hasPermission("revert {$type} revisions") || $account->hasPermission('revert all revisions') || $account->hasPermission('administer nodes')) && $node->access('update');
$delete_permission = ($account->hasPermission("delete {$type} revisions") || $account->hasPermission('delete all revisions') || $account->hasPermission('administer nodes')) && $node->access('delete');
$rows = array();
$vids = $node_storage->revisionIds($node);
foreach (array_reverse($vids) as $vid) {
if ($revision = $node_storage->loadRevision($vid)) {
$row = array();
$revision_author = $revision->uid->entity;
if ($vid == $node->getRevisionId()) {
$username = array('#theme' => 'username', '#account' => $revision_author);
$row[] = array('data' => $this->t('!date by !username', array('!date' => $node->link($this->dateFormatter->format($revision->revision_timestamp->value, 'short')), '!username' => drupal_render($username))) . ($revision->revision_log->value != '' ? '<p class="revision-log">' . Xss::filter($revision->revision_log->value) . '</p>' : ''), 'class' => array('revision-current'));
$row[] = array('data' => SafeMarkup::placeholder($this->t('current revision')), 'class' => array('revision-current'));
} else {
$username = array('#theme' => 'username', '#account' => $revision_author);
$row[] = $this->t('!date by !username', array('!date' => $this->l($this->dateFormatter->format($revision->revision_timestamp->value, 'short'), new Url('entity.node.revision', array('node' => $node->id(), 'node_revision' => $vid))), '!username' => drupal_render($username))) . ($revision->revision_log->value != '' ? '<p class="revision-log">' . Xss::filter($revision->revision_log->value) . '</p>' : '');
if ($revert_permission) {
$links['revert'] = array('title' => $this->t('Revert'), 'url' => Url::fromRoute('node.revision_revert_confirm', ['node' => $node->id(), 'node_revision' => $vid]));
}
if ($delete_permission) {
$links['delete'] = array('title' => $this->t('Delete'), 'url' => Url::fromRoute('node.revision_delete_confirm', ['node' => $node->id(), 'node_revision' => $vid]));
}
$row[] = array('data' => array('#type' => 'operations', '#links' => $links));
}
$rows[] = $row;
}
}
$build['node_revisions_table'] = array('#theme' => 'table', '#rows' => $rows, '#header' => $header, '#attached' => array('library' => array('node/drupal.node.admin')));
return $build;
}
/**
* Generates an overview table of older revisions of a node.
*
* @param \Drupal\node\NodeInterface $node
* A node object.
*
* @return array
* An array as expected by drupal_render().
*/
public function revisionOverview(NodeInterface $node)
{
$account = $this->currentUser();
$node_storage = $this->entityManager()->getStorage('node');
$type = $node->getType();
$build = array();
$build['#title'] = $this->t('Revisions for %title', array('%title' => $node->label()));
$header = array($this->t('Revision'), $this->t('Operations'));
$revert_permission = ($account->hasPermission("revert {$type} revisions") || $account->hasPermission('revert all revisions') || $account->hasPermission('administer nodes')) && $node->access('update');
$delete_permission = ($account->hasPermission("delete {$type} revisions") || $account->hasPermission('delete all revisions') || $account->hasPermission('administer nodes')) && $node->access('delete');
$rows = array();
$vids = $node_storage->revisionIds($node);
foreach (array_reverse($vids) as $vid) {
$revision = $node_storage->loadRevision($vid);
$username = ['#theme' => 'username', '#account' => $revision->uid->entity];
// Use revision link to link to revisions that are not active.
$date = $this->dateFormatter->format($revision->revision_timestamp->value, 'short');
if ($vid != $node->getRevisionId()) {
$link = $this->l($date, new Url('entity.node.revision', ['node' => $node->id(), 'node_revision' => $vid]));
} else {
$link = $node->link($date);
}
$row = [];
$column = ['data' => ['#type' => 'inline_template', '#template' => '{% trans %}{{ date }} by {{ username }}{% endtrans %}{% if message %}<p class="revision-log">{{ message }}</p>{% endif %}', '#context' => ['date' => $link, 'username' => $this->renderer->renderPlain($username), 'message' => Xss::filter($revision->revision_log->value)]]];
// @todo Simplify once https://www.drupal.org/node/2334319 lands.
$this->renderer->addCacheableDependency($column['data'], $username);
$row[] = $column;
if ($vid == $node->getRevisionId()) {
$row[0]['class'] = ['revision-current'];
$row[] = ['data' => SafeMarkup::placeholder($this->t('current revision')), 'class' => ['revision-current']];
} else {
$links = [];
if ($revert_permission) {
$links['revert'] = ['title' => $this->t('Revert'), 'url' => Url::fromRoute('node.revision_revert_confirm', ['node' => $node->id(), 'node_revision' => $vid])];
}
if ($delete_permission) {
$links['delete'] = ['title' => $this->t('Delete'), 'url' => Url::fromRoute('node.revision_delete_confirm', ['node' => $node->id(), 'node_revision' => $vid])];
}
$row[] = ['data' => ['#type' => 'operations', '#links' => $links]];
}
$rows[] = $row;
}
$build['node_revisions_table'] = array('#theme' => 'table', '#rows' => $rows, '#header' => $header, '#attached' => array('library' => array('node/drupal.node.admin')));
return $build;
}
/**
* {@inheritdoc}
*/
public function buildRow(EntityInterface $entity)
{
// Check whether this is the fallback text format. This format is available
// to all roles and cannot be disabled via the admin interface.
if ($entity->isFallbackFormat()) {
$row['label'] = SafeMarkup::placeholder($entity->label());
$fallback_choice = $this->configFactory->get('filter.settings')->get('always_show_fallback_choice');
if ($fallback_choice) {
$roles_markup = SafeMarkup::placeholder($this->t('All roles may use this format'));
} else {
$roles_markup = SafeMarkup::placeholder($this->t('This format is shown when no other formats are available'));
}
} else {
$row['label'] = $this->getLabel($entity);
$roles = array_map('\\Drupal\\Component\\Utility\\SafeMarkup::checkPlain', filter_get_roles_by_format($entity));
$roles_markup = $roles ? implode(', ', $roles) : $this->t('No roles may use this format');
}
$row['roles'] = !empty($this->weightKey) ? array('#markup' => $roles_markup) : $roles_markup;
return $row + parent::buildRow($entity);
}
/**
* Provides the Switch user list.
*/
public function switchUserList()
{
$list_size = $this->configuration['list_size'];
$include_anon = $this->configuration['include_anon'];
$anon = new AnonymousUserSession();
$links = array();
if ($this->currentUser->hasPermission('switch users')) {
if ($include_anon) {
--$list_size;
}
$dest = $this->redirectDestination->getAsArray();
// Try to find at least $list_size users that can switch.
// Inactive users are omitted from all of the following db selects.
$roles = user_roles(TRUE, 'switch users');
$query = db_select('users', 'u');
$query->join('users_field_data', 'ufd');
$query->addField('u', 'uid');
$query->addField('ufd', 'access');
$query->distinct();
$query->condition('u.uid', 0, '>');
$query->condition('ufd.status', 0, '>');
$query->orderBy('ufd.access', 'DESC');
$query->range(0, $list_size);
if (!isset($roles[DRUPAL_AUTHENTICATED_RID])) {
$query->leftJoin('users_roles', 'r', 'u.uid = r.uid');
$or_condition = db_or();
$or_condition->condition('u.uid', 1);
if (!empty($roles)) {
$or_condition->condition('r.rid', array_keys($roles), 'IN');
}
$query->condition($or_condition);
}
$uids = $query->execute()->fetchCol();
$accounts = user_load_multiple($uids);
foreach ($accounts as $account) {
$path = 'devel/switch/' . $account->name->value;
$links[$account->id()] = array('title' => user_format_name($account), 'href' => $path, 'query' => $dest + array('token' => $this->csrfTokenGenerator->get($path)), 'attributes' => array('title' => t('This user can switch back.')), 'html' => TRUE, 'last_access' => $account->access->value);
}
$num_links = count($links);
if ($num_links < $list_size) {
// If we don't have enough, add distinct uids until we hit $list_size.
$uids = db_query_range('SELECT u.uid FROM {users} u INNER JOIN {users_field_data} ufd WHERE u.uid > 0 AND u.uid NOT IN (:uids) AND ufd.status > 0 ORDER BY ufd.access DESC', 0, $list_size - $num_links, array(':uids' => array_keys($links)))->fetchCol();
$accounts = user_load_multiple($uids);
foreach ($accounts as $account) {
$path = 'devel/switch/' . $account->name->value;
$links[$account->id()] = array('title' => user_format_name($account), 'href' => $path, 'query' => $dest + array('token' => $this->csrfTokenGenerator->get($path)), 'attributes' => array('title' => t('Caution: this user will be unable to switch back.')), 'last_access' => $account->access->value);
}
uasort($links, '_devel_switch_user_list_cmp');
}
if ($include_anon) {
$path = 'devel/switch';
$link = array('title' => $anon->getUsername(), 'href' => $path, 'query' => $dest + array('token' => $this->csrfTokenGenerator->get($path)), 'attributes' => array('title' => t('Caution: the anonymous user will be unable to switch back.')));
if ($this->currentUser->hasPermission('switch users')) {
$link['title'] = SafeMarkup::placeholder($link['title']);
$link['attributes'] = array('title' => t('This user can switch back.'));
$link['html'] = TRUE;
}
$links[$anon->id()] = $link;
}
}
if (array_key_exists($uid = $this->currentUser->id(), $links)) {
$links[$uid]['title'] = '<strong>' . $links[$uid]['title'] . '</strong>';
}
return $links;
}
/**
* Runs entity validation checks.
*/
function testValidation()
{
$user = User::create(array('name' => 'test', 'mail' => '*****@*****.**'));
$violations = $user->validate();
$this->assertEqual(count($violations), 0, 'No violations when validating a default user.');
// Only test one example invalid name here, the rest is already covered in
// the testUsernames() method in this class.
$name = $this->randomMachineName(61);
$user->set('name', $name);
$violations = $user->validate();
$this->assertEqual(count($violations), 1, 'Violation found when name is too long.');
$this->assertEqual($violations[0]->getPropertyPath(), 'name');
$this->assertEqual($violations[0]->getMessage(), t('The username %name is too long: it must be %max characters or less.', array('%name' => $name, '%max' => 60)));
// Create a second test user to provoke a name collision.
$user2 = entity_create('user', array('name' => 'existing', 'mail' => '*****@*****.**'));
$user2->save();
$user->set('name', 'existing');
$violations = $user->validate();
$this->assertEqual(count($violations), 1, 'Violation found on name collision.');
$this->assertEqual($violations[0]->getPropertyPath(), 'name');
$this->assertEqual($violations[0]->getMessage(), t('The username %name is already taken.', array('%name' => 'existing')));
// Make the name valid.
$user->set('name', $this->randomMachineName());
$user->set('mail', 'invalid');
$violations = $user->validate();
$this->assertEqual(count($violations), 1, 'Violation found when email is invalid');
$this->assertEqual($violations[0]->getPropertyPath(), 'mail.0.value');
$this->assertEqual($violations[0]->getMessage(), t('This value is not a valid email address.'));
$mail = $this->randomMachineName(Email::EMAIL_MAX_LENGTH - 11) . '@example.com';
$user->set('mail', $mail);
$violations = $user->validate();
// @todo There are two violations because EmailItem::getConstraints()
// overlaps with the implicit constraint of the 'email' property type used
// in EmailItem::propertyDefinitions(). Resolve this in
// https://www.drupal.org/node/2023465.
$this->assertEqual(count($violations), 2, 'Violations found when email is too long');
$this->assertEqual($violations[0]->getPropertyPath(), 'mail.0.value');
$this->assertEqual($violations[0]->getMessage(), t('%name: the email address can not be longer than @max characters.', array('%name' => $user->get('mail')->getFieldDefinition()->getLabel(), '@max' => Email::EMAIL_MAX_LENGTH)));
$this->assertEqual($violations[1]->getPropertyPath(), 'mail.0.value');
$this->assertEqual($violations[1]->getMessage(), t('This value is not a valid email address.'));
// Provoke an email collision with an existing user.
$user->set('mail', '*****@*****.**');
$violations = $user->validate();
$this->assertEqual(count($violations), 1, 'Violation found when email already exists.');
$this->assertEqual($violations[0]->getPropertyPath(), 'mail');
$this->assertEqual($violations[0]->getMessage(), t('The email address %mail is already taken.', array('%mail' => '*****@*****.**')));
$user->set('mail', NULL);
$violations = $user->validate();
$this->assertEqual(count($violations), 1, 'E-mail addresses may not be removed');
$this->assertEqual($violations[0]->getPropertyPath(), 'mail');
$this->assertEqual($violations[0]->getMessage(), t('!name field is required.', array('!name' => SafeMarkup::placeholder($user->getFieldDefinition('mail')->getLabel()))));
$user->set('mail', '*****@*****.**');
$user->set('timezone', $this->randomString(33));
$this->assertLengthViolation($user, 'timezone', 32, 2, 1);
$user->set('timezone', 'invalid zone');
$this->assertAllowedValuesViolation($user, 'timezone');
$user->set('timezone', NULL);
$user->set('init', 'invalid');
$violations = $user->validate();
$this->assertEqual(count($violations), 1, 'Violation found when init email is invalid');
$user->set('init', NULL);
$user->set('langcode', 'invalid');
$this->assertAllowedValuesViolation($user, 'langcode');
$user->set('langcode', NULL);
// Only configurable langcodes are allowed for preferred languages.
$user->set('preferred_langcode', Language::LANGCODE_NOT_SPECIFIED);
$this->assertAllowedValuesViolation($user, 'preferred_langcode');
$user->set('preferred_langcode', NULL);
$user->set('preferred_admin_langcode', Language::LANGCODE_NOT_SPECIFIED);
$this->assertAllowedValuesViolation($user, 'preferred_admin_langcode');
$user->set('preferred_admin_langcode', NULL);
Role::create(array('id' => 'role1'))->save();
Role::create(array('id' => 'role2'))->save();
// Test cardinality of user roles.
$user = entity_create('user', array('name' => 'role_test', 'mail' => '*****@*****.**', 'roles' => array('role1', 'role2')));
$violations = $user->validate();
$this->assertEqual(count($violations), 0);
$user->roles[1]->target_id = 'unknown_role';
$violations = $user->validate();
$this->assertEqual(count($violations), 1);
$this->assertEqual($violations[0]->getPropertyPath(), 'roles.1');
$this->assertEqual($violations[0]->getMessage(), t('The referenced entity (%entity_type: %name) does not exist.', array('%entity_type' => 'user_role', '%name' => 'unknown_role')));
}
