/** * Determines if the user specified has access to report the entity. * * @param \Drupal\core\Entity\EntityInterface $entity * The entity to check access for * @param $form_id string * The form that is protected for this entity. * @param \Drupal\Core\Session\AccountInterface $account * The account to use. If null, use the current user. * * @return \Drupal\Core\Access\AccessResultInterface */ public static function accessReport($entity, $form_id, $account = NULL) { // Check if the user has access to this comment. $result = $entity->access('edit', $account, TRUE)->andIf($entity->access('update', $account, TRUE)); if (!$result->isAllowed()) { return $result; } // Check if this entity type is protected. $form_entity = \Drupal::entityManager()->getStorage('mollom_form')->load($form_id); if (empty($form_entity)) { return new AccessResultForbidden(); } // Check any specific report access callbacks. $forms = FormController::getProtectableForms(); $info = $forms[$form_id]; if (empty($info)) { // Orphan form protection. return new AccessResultForbidden(); } $report_access_callbacks = []; $access_permissions = []; // If there is a 'report access callback' add it to the list. if (isset($info['report access callback']) && function_exists($info['report access callback']) && !in_array($info['report access callback'], $report_access_callbacks)) { $report_access_callbacks[] = $info['report access callback']; } else { if (isset($info['report access']) && !in_array($info['report access'], $access_permissions)) { $access_permissions += $info['report access']; } } foreach ($report_access_callbacks as $callback) { if (!$callback($entity->getEntityTypeId(), $entity->id())) { return new AccessResultForbidden(); } } foreach ($access_permissions as $permission) { if (empty($account)) { $account = \Drupal::currentUser(); } if (!$account->hasPermission($permission)) { return new AccessResultForbidden(); } } return new AccessResultAllowed(); }
/** * Configure Mollom protection for a given form. * * @param $form_id * The form id to configure. * @param $mode * The Mollom protection mode for the form. * @param $fields * (optional) A list of form elements to enable for text analysis. If * omitted and the form registers individual elements, all fields are * enabled by default. * @param $edit * (optional) An array of POST data to pass through to drupalPost() when * configuring the form's protection. */ protected function setProtectionUI($form_id, $mode = FormInterface::MOLLOM_MODE_ANALYSIS, $fields = NULL, $edit = []) { // Always start from overview page, also to make debugging easier. $this->drupalGet('admin/config/content/mollom'); // Determine whether the form is already protected. $exists = \Drupal::entityManager()->getStorage('mollom_form')->load($form_id); // Add a new form. if (!$exists) { $this->drupalGet('admin/config/content/mollom/add-form', ['query' => ['form_id' => $form_id]]); $save = t('Create Protected Mollom Form'); } else { $this->assertLinkByHref('admin/config/content/mollom/form/' . $form_id . '/edit'); $this->drupalGet('admin/config/content/mollom/form/' . $form_id . '/edit'); $save = t('Update Protected Mollom Form'); } $edit += ['mode' => $mode]; // Process the enabled fields. $form_list = FormController::getProtectableForms(); $form_info = FormController::getProtectedFormDetails($form_id, $form_list[$form_id]['module']); if (!empty($form_info['elements'])) { $edit += ['checks[spam]' => TRUE]; } foreach (array_keys($form_info['elements']) as $field) { if (!isset($fields) || in_array($field, $fields)) { // If the user specified all fields by default or to include this // field, set its checkbox value to TRUE. $edit['enabled_fields[' . rawurlencode($field) . ']'] = TRUE; } else { // Otherwise set the field's checkbox value to FALSE. $edit['enabled_fields[' . rawurlencode($field) . ']'] = FALSE; } } $this->drupalPostForm(NULL, $edit, $save); if (!$exists) { $this->assertText(t('The form protection has been added.')); } else { $this->assertText(t('The form protection has been updated.')); } }
/** * Tests default configuration, protecting, and unprotecting forms. */ function testFormAdministration() { $form_info = FormController::getProtectableForms(); foreach ($form_info as $form_id => $info) { $form_info[$form_id] += FormController::getProtectedFormDetails($form_id, $info['module']); } // Verify that user registration form is not protected. $this->drupalGet('admin/config/content/mollom'); $this->assertNoText($form_info['user_register_form']['title']); $this->assertFalse($this->loadMollomConfiguredForm('user_register_form'), t('Form configuration does not exist.')); // Re-protect user registration form. $this->drupalGet('admin/config/content/mollom/add-form'); $this->assertNoText(t('All available forms are protected already.')); $this->drupalGet('admin/config/content/mollom/add-form', ['query' => ['form_id' => 'user_register_form']]); $this->assertText($form_info['user_register_form']['title']); $this->drupalPostForm(NULL, array(), t('Create Protected Mollom Form')); // Verify that user registration form was protected. $this->assertText(t('The form protection has been added.')); $this->assertText($form_info['user_register_form']['title']); $this->assertTrue($this->loadMollomConfiguredForm('user_register_form'), t('Form configuration exists.')); // Retrieve a list of all permissions to verify them below. $all_permissions = \Drupal::service('user.permissions')->getPermissions(); // Iterate over all unconfigured forms and protect them. foreach ($form_info as $form_id => $info) { if (!$this->loadMollomConfiguredForm($form_id)) { $this->drupalGet('admin/config/content/mollom/add-form', ['query' => ['form_id' => $form_id]]); $this->assertText($info['title']); // Verify that forms specifying elements have all possible elements // preselected for textual analysis. $edit = array(); if (!empty($info['elements'])) { $edit['checks[spam]'] = TRUE; foreach ($info['elements'] as $field => $label) { $field = rawurlencode($field); $this->assertFieldByName("enabled_fields[{$field}]", TRUE); } } else { $this->assertNoText(t('Analyze text for')); $this->assertNoText(t('Text fields to analyze')); } // Verify that bypass permissions are output. $this->assertRaw($all_permissions['bypass mollom protection']['title']); foreach ($info['bypass access'] as $permission) { $this->assertRaw($all_permissions[$permission]['title']); } $this->drupalPostForm(NULL, $edit, t('Create Protected Mollom Form')); $this->assertText(t('The form protection has been added.')); } } // Verify that trying to add a form redirects to the overview. $this->drupalGet('admin/config/content/mollom/add-form'); $this->assertText(t('All available forms are protected already.')); $this->assertUrl('admin/config/content/mollom'); }
/** * Return registered forms as an array suitable for a 'checkboxes' form element #options property. */ protected function getProtectableFormOptions() { // Retrieve all registered forms. $form_list = FormController::getProtectableForms(); // Remove already configured form ids. $result = $this->entity->loadMultiple(); foreach ($result as $form_id) { unset($form_list[$form_id->id()]); } // If all registered forms are configured already, output a message, and // redirect the user back to overview. if (empty($form_list)) { drupal_set_message(t('All available forms are protected already.')); } // Load module information. $module_info = system_get_info('module'); // Transform form information into an associative array suitable for #options. $options = array(); foreach ($form_list as $form_id => $info) { // system_get_info() only supports enabled modules. Default to the module's // machine name in case it is disabled. $module = $info['module']; if (!isset($module_info[$module])) { $module_info[$module]['name'] = $module; } $options[$form_id] = t('@module: @form-title', array('@form-title' => $info['title'], '@module' => t($module_info[$module]['name']))); } // Sort form options by title. asort($options); return $options; }
/** * {@inheritDoc} * */ public function initialize($form_id = NULL) { $mollom_form = get_object_vars($this); if (empty($form_id) && empty($this->id)) { return $mollom_form; } if ($this->isNew()) { $forms = FormController::getProtectableForms(); if (empty($forms[$form_id])) { return $mollom_form; } $mollom_form += $forms[$form_id]; $this->id = $form_id; $this->label = $forms[$form_id]['title']; foreach ($forms[$form_id] as $name => $value) { if (property_exists($this, $name)) { $this->{$name} = $value; } } $module = $this->module; } else { $form_id = $this->id(); $module = $this->module; $forms = NULL; } // Add all of the configuration information defined in hooks. $form_details = FormController::getProtectedFormDetails($form_id, $module, $forms); if ($this->isNew()) { // Overwrite the element properties with form details when supplied. $mollom_form = array_merge($mollom_form, $form_details); } else { // The entity has already been configured so use it's data over the // configuration details. $mollom_form = array_merge($form_details, $mollom_form); } if ($this->isNew()) { // Enable all fields for textual analysis by default. $this->setChecks(array('spam')); $mollom_form['checks'] = array('spam'); $mollom_form['enabled_fields'] = array_keys($mollom_form['elements']); $this->setEnabledFields(array_keys($mollom_form['elements'])); } return $mollom_form; }