/** * Adds a cache tag if the 'user.permissions' cache context is present. * * @param \Symfony\Component\HttpKernel\Event\FilterResponseEvent $event * The event to process. */ public function onRespond(FilterResponseEvent $event) { if (!$event->isMasterRequest()) { return; } if (!$this->currentUser->isAnonymous()) { return; } $response = $event->getResponse(); if (!$response instanceof CacheableResponseInterface) { return; } // The 'user.permissions' cache context ensures that if the permissions for // a role are modified, users are not served stale render cache content. // But, when entire responses are cached in reverse proxies, the value for // the cache context is never calculated, causing the stale response to not // be invalidated. Therefore, when varying by permissions and the current // user is the anonymous user, also add the cache tag for the 'anonymous' // role. if (in_array('user.permissions', $response->getCacheableMetadata()->getCacheContexts())) { $per_permissions_response_for_anon = new CacheableMetadata(); $per_permissions_response_for_anon->setCacheTags(['config:user.role.anonymous']); $response->addCacheableDependency($per_permissions_response_for_anon); } }
/** * Determine whether the page is configured to be offline. * * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event * The event to process. */ public function onKernelRequestMaintenance(GetResponseEvent $event) { $request = $event->getRequest(); $route_match = RouteMatch::createFromRequest($request); $path = $request->attributes->get('_system_path'); if ($this->maintenanceMode->applies($route_match)) { // If the site is offline, log out unprivileged users. if ($this->account->isAuthenticated() && !$this->maintenanceMode->exempt($this->account)) { user_logout(); // Redirect to homepage. $event->setResponse(new RedirectResponse($this->url('<front>', [], ['absolute' => TRUE]))); return; } if ($this->account->isAnonymous() && $path == 'user') { // Forward anonymous user to login page. $event->setResponse(new RedirectResponse($this->url('user.login', [], ['absolute' => TRUE]))); return; } } if ($this->account->isAuthenticated()) { if ($path == 'user/login') { // If user is logged in, redirect to 'user' instead of giving 403. $event->setResponse(new RedirectResponse($this->url('user.page', [], ['absolute' => TRUE]))); return; } if ($path == 'user/register') { // Authenticated user should be redirected to user edit page. $event->setResponse(new RedirectResponse($this->url('entity.user.edit_form', ['user' => $this->account->id()], ['absolute' => TRUE]))); return; } } }
/** * Redirects on 403 Access Denied kernel exceptions. * * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event * The Event to process. */ public function onKernelException(GetResponseEvent $event) { $exception = $event->getException(); if (!$exception instanceof AccessDeniedHttpException) { return; } $config = $this->configFactory->get('r4032login.settings'); $options = array(); $options['query'] = $this->redirectDestination->getAsArray(); $options['absolute'] = TRUE; $code = $config->get('default_redirect_code'); if ($this->currentUser->isAnonymous()) { // Show custom access denied message if set. if ($config->get('display_denied_message')) { $message = $config->get('access_denied_message'); $message_type = $config->get('access_denied_message_type'); drupal_set_message(Xss::filterAdmin($message), $message_type); } // Handle redirection to the login form. $login_route = $config->get('user_login_route'); $url = Url::fromRoute($login_route, array(), $options)->toString(); $response = new RedirectResponse($url, $code); $event->setResponse($response); } else { // Check to see if we are to redirect the user. $redirect = $config->get('redirect_authenticated_users_to'); if ($redirect) { // Custom access denied page for logged in users. $url = Url::fromUserInput($redirect, $options)->toString(); $response = new RedirectResponse($url, $code); $event->setResponse($response); } } }
/** * {@inheritdoc}. */ public function buildForm(array $form, FormStateInterface $form_state) { // Start a manual session for anonymous users. if ($this->currentUser->isAnonymous() && !isset($_SESSION['multistep_form_holds_session'])) { $_SESSION['multistep_form_holds_session'] = true; $this->sessionManager->start(); } $form = array(); $form['actions']['#type'] = 'actions'; $form['actions']['submit'] = array('#type' => 'submit', '#value' => $this->t('Submit'), '#button_type' => 'primary', '#weight' => 10); return $form; }
/** * Build the default links (reply, edit, delete …) for a comment. * * @param \Drupal\comment\CommentInterface $entity * The comment object. * @param \Drupal\Core\Entity\EntityInterface $commented_entity * The entity to which the comment is attached. * * @return array * An array that can be processed by drupal_pre_render_links(). */ protected function buildLinks(CommentInterface $entity, EntityInterface $commented_entity) { $links = array(); $status = $commented_entity->get($entity->getFieldName())->status; if ($status == CommentItemInterface::OPEN) { if ($entity->access('delete')) { $links['comment-delete'] = array('title' => t('Delete'), 'url' => $entity->urlInfo('delete-form')); } if ($entity->access('update')) { $links['comment-edit'] = array('title' => t('Edit'), 'url' => $entity->urlInfo('edit-form')); } if ($entity->access('create')) { $links['comment-reply'] = array('title' => t('Reply'), 'url' => Url::fromRoute('comment.reply', ['entity_type' => $entity->getCommentedEntityTypeId(), 'entity' => $entity->getCommentedEntityId(), 'field_name' => $entity->getFieldName(), 'pid' => $entity->id()])); } if (!$entity->isPublished() && $entity->access('approve')) { $links['comment-approve'] = array('title' => t('Approve'), 'url' => Url::fromRoute('comment.approve', ['comment' => $entity->id()])); } if (empty($links) && $this->currentUser->isAnonymous()) { $links['comment-forbidden']['title'] = $this->commentManager->forbiddenMessage($commented_entity, $entity->getFieldName()); } } // Add translations link for translation-enabled comment bundles. if ($this->moduleHandler->moduleExists('content_translation') && $this->access($entity)->isAllowed()) { $links['comment-translations'] = array('title' => t('Translate'), 'url' => $entity->urlInfo('drupal:content-translation-overview')); } return array('#theme' => 'links__comment__comment', '#links' => $links, '#attributes' => array('class' => array('links', 'inline'))); }
/** * {@inheritdoc} */ protected function blockAccess(AccountInterface $account) { $route_name = $this->routeMatch->getRouteName(); if ($account->isAnonymous() && !in_array($route_name, array('user.login', 'user.logout'))) { return AccessResult::allowed()->addCacheContexts(['route.name', 'user.roles:anonymous']); } return AccessResult::forbidden(); }
/** * {@inheritdoc} */ public function viewElements(FieldItemListInterface $items) { $elements = array(); $output = array(); $field_name = $this->fieldDefinition->getName(); $entity = $items->getEntity(); $status = $items->status; if ($status != CommentItemInterface::HIDDEN && empty($entity->in_preview) && !in_array($this->viewMode, array('search_result', 'search_index'))) { $comment_settings = $this->getFieldSettings(); // Only attempt to render comments if the entity has visible comments. // Unpublished comments are not included in // $entity->get($field_name)->comment_count, but unpublished comments // should display if the user is an administrator. $elements['#cache']['contexts'][] = 'user.roles'; if ($this->currentUser->hasPermission('access comments') || $this->currentUser->hasPermission('administer comments')) { // This is a listing of Comment entities, so associate its list cache // tag for correct invalidation. $output['comments']['#cache']['tags'] = $this->entityManager->getDefinition('comment')->getListCacheTags(); if ($entity->get($field_name)->comment_count || $this->currentUser->hasPermission('administer comments')) { $mode = $comment_settings['default_mode']; $comments_per_page = $comment_settings['per_page']; $comments = $this->storage->loadThread($entity, $field_name, $mode, $comments_per_page, $this->getSetting('pager_id')); if ($comments) { comment_prepare_thread($comments); $build = $this->viewBuilder->viewMultiple($comments); $build['pager']['#type'] = 'pager'; if ($this->getSetting('pager_id')) { $build['pager']['#element'] = $this->getSetting('pager_id'); } $output['comments'] += $build; } } } // Append comment form if the comments are open and the form is set to // display below the entity. Do not show the form for the print view mode. if ($status == CommentItemInterface::OPEN && $comment_settings['form_location'] == CommentItemInterface::FORM_BELOW && $this->viewMode != 'print') { // Only show the add comment form if the user has permission. $elements['#cache']['contexts'][] = 'user.roles'; if ($this->currentUser->hasPermission('post comments')) { // All users in the "anonymous" role can use the same form: it is fine // for this form to be stored in the render cache. if ($this->currentUser->isAnonymous()) { $comment = $this->storage->create(array('entity_type' => $entity->getEntityTypeId(), 'entity_id' => $entity->id(), 'field_name' => $field_name, 'comment_type' => $this->getFieldSetting('comment_type'), 'pid' => NULL)); $output['comment_form'] = $this->entityFormBuilder->getForm($comment); } else { $callback = 'comment.post_render_cache:renderForm'; $context = array('entity_type' => $entity->getEntityTypeId(), 'entity_id' => $entity->id(), 'field_name' => $field_name); $placeholder = drupal_render_cache_generate_placeholder($callback, $context); $output['comment_form'] = array('#post_render_cache' => array($callback => array($context)), '#markup' => $placeholder); } } } $elements[] = $output + array('#comment_type' => $this->getFieldSetting('comment_type'), '#comment_display_mode' => $this->getFieldSetting('default_mode'), 'comments' => array(), 'comment_form' => array()); } return $elements; }
/** * {@inheritdoc} */ protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) { // Fields that are not implicitly allowed to administrative users. $explicit_check_fields = array('pass'); // Administrative users are allowed to edit and view all fields. if (!in_array($field_definition->getName(), $explicit_check_fields) && $account->hasPermission('administer users')) { return AccessResult::allowed()->cachePerPermissions(); } // Flag to indicate if this user entity is the own user account. $is_own_account = $items ? $items->getEntity()->id() == $account->id() : FALSE; switch ($field_definition->getName()) { case 'name': // Allow view access to anyone with access to the entity. Anonymous // users should be able to access the username field during the // registration process, otherwise the username and email constraints // are not checked. if ($operation == 'view' || $items && $account->isAnonymous() && $items->getEntity()->isAnonymous()) { return AccessResult::allowed()->cachePerPermissions(); } // Allow edit access for the own user name if the permission is // satisfied. if ($is_own_account && $account->hasPermission('change own username')) { return AccessResult::allowed()->cachePerPermissions()->cachePerUser(); } else { return AccessResult::forbidden(); } case 'preferred_langcode': case 'preferred_admin_langcode': case 'timezone': case 'mail': // Allow view access to own mail address and other personalization // settings. if ($operation == 'view') { return $is_own_account ? AccessResult::allowed()->cachePerUser() : AccessResult::forbidden(); } // Anyone that can edit the user can also edit this field. return AccessResult::allowed()->cachePerPermissions(); case 'pass': // Allow editing the password, but not viewing it. return $operation == 'edit' ? AccessResult::allowed() : AccessResult::forbidden(); case 'created': // Allow viewing the created date, but not editing it. return $operation == 'view' ? AccessResult::allowed() : AccessResult::forbidden(); case 'roles': case 'status': case 'access': case 'login': case 'init': return AccessResult::forbidden(); } return parent::checkFieldAccess($operation, $field_definition, $account, $items); }
/** * {@inheritdoc} */ public function getCache($form_build_id, FormStateInterface $form_state) { if ($form = $this->keyValueExpirableFactory->get('form')->get($form_build_id)) { if (isset($form['#cache_token']) && $this->csrfToken->validate($form['#cache_token']) || !isset($form['#cache_token']) && $this->currentUser->isAnonymous()) { $this->loadCachedFormState($form_build_id, $form_state); // Generate a new #build_id if the cached form was rendered on a // cacheable page. $build_info = $form_state->getBuildInfo(); if (!empty($build_info['immutable'])) { $form['#build_id_old'] = $form['#build_id']; $form['#build_id'] = 'form-' . Crypt::randomBytesBase64(); $form['form_build_id']['#value'] = $form['#build_id']; $form['form_build_id']['#id'] = $form['#build_id']; unset($build_info['immutable']); $form_state->setBuildInfo($build_info); } return $form; } } }
/** * {@inheritdoc} */ public function buildEntity(array $form, FormStateInterface $form_state) { /** @var \Drupal\comment\CommentInterface $comment */ $comment = parent::buildEntity($form, $form_state); if (!$form_state->isValueEmpty('date') && $form_state->getValue('date') instanceof DrupalDateTime) { $comment->setCreatedTime($form_state->getValue('date')->getTimestamp()); } else { $comment->setCreatedTime(REQUEST_TIME); } $author_name = $form_state->getValue('name'); if (!$this->currentUser->isAnonymous()) { // Assign the owner based on the given user name - none means anonymous. $accounts = $this->entityManager->getStorage('user')->loadByProperties(array('name' => $author_name)); $account = reset($accounts); $uid = $account ? $account->id() : 0; $comment->setOwnerId($uid); } // If the comment was posted by an anonymous user and no author name was // required, use "Anonymous" by default. if ($comment->getOwnerId() === 0 && (!isset($author_name) || $author_name === '')) { $comment->setAuthorName($this->config('user.settings')->get('anonymous')); } // Validate the comment's subject. If not specified, extract from comment // body. if (trim($comment->getSubject()) == '') { if ($comment->hasField('comment_body')) { // The body may be in any format, so: // 1) Filter it into HTML // 2) Strip out all HTML tags // 3) Convert entities back to plain-text. $comment_text = $comment->comment_body->processed; $comment->setSubject(Unicode::truncate(trim(Html::decodeEntities(strip_tags($comment_text))), 29, TRUE, TRUE)); } // Edge cases where the comment body is populated only by HTML tags will // require a default subject. if ($comment->getSubject() == '') { $comment->setSubject($this->t('(No subject)')); } } return $comment; }
/** * Overrides Drupal\Core\Entity\EntityForm::save(). */ public function save(array $form, array &$form_state) { $comment = $this->entity; $entity = $comment->getCommentedEntity(); $field_name = $comment->getFieldName(); $uri = $entity->urlInfo(); if ($this->currentUser->hasPermission('post comments') && ($this->currentUser->hasPermission('administer comments') || $entity->{$field_name}->status == CommentItemInterface::OPEN)) { // Save the anonymous user information to a cookie for reuse. if ($this->currentUser->isAnonymous()) { user_cookie_save(array_intersect_key($form_state['values'], array_flip(array('name', 'mail', 'homepage')))); } $comment->save(); $form_state['values']['cid'] = $comment->id(); // Add an entry to the watchdog log. watchdog('content', 'Comment posted: %subject.', array('%subject' => $comment->getSubject()), WATCHDOG_NOTICE, l(t('View'), 'comment/' . $comment->id(), array('fragment' => 'comment-' . $comment->id()))); // Explain the approval queue if necessary. if (!$comment->isPublished()) { if (!$this->currentUser->hasPermission('administer comments')) { drupal_set_message($this->t('Your comment has been queued for review by site administrators and will be published after approval.')); } } else { drupal_set_message($this->t('Your comment has been posted.')); } $query = array(); // Find the current display page for this comment. $field_definition = $this->entityManager->getFieldDefinitions($entity->getEntityTypeId(), $entity->bundle())[$field_name]; $page = $this->entityManager->getStorage('comment')->getDisplayOrdinal($comment, $field_definition->getSetting('default_mode'), $field_definition->getSetting('per_page')); if ($page > 0) { $query['page'] = $page; } // Redirect to the newly posted comment. $uri->setOption('query', $query); $uri->setOption('fragment', 'comment-' . $comment->id()); } else { watchdog('content', 'Comment: unauthorized comment submitted or comment submitted to a closed post %subject.', array('%subject' => $comment->getSubject()), WATCHDOG_WARNING); drupal_set_message($this->t('Comment: unauthorized comment submitted or comment submitted to a closed post %subject.', array('%subject' => $comment->getSubject())), 'error'); // Redirect the user to the entity they are commenting on. } $form_state['redirect_route'] = $uri; }
/** * Checks access. * * @param \Symfony\Component\HttpFoundation\Request $request * The request object. * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * * @return string * A \Drupal\Core\Access\AccessInterface constant value. */ public function access(Request $request, AccountInterface $account) { return ($request->attributes->get('_menu_admin') || $account->isAnonymous()) && \Drupal::config('user.settings')->get('register') != USER_REGISTER_ADMINISTRATORS_ONLY ? static::ALLOW : static::DENY; }
/** * {@inheritdoc} */ public function buildCommentedEntityLinks(FieldableEntityInterface $entity, array &$context) { $entity_links = array(); $view_mode = $context['view_mode']; if ($view_mode == 'search_index' || $view_mode == 'search_result' || $view_mode == 'print' || $view_mode == 'rss') { // Do not add any links if the entity is displayed for: // - search indexing. // - constructing a search result excerpt. // - print. // - rss. return array(); } $fields = $this->commentManager->getFields($entity->getEntityTypeId()); foreach ($fields as $field_name => $detail) { // Skip fields that the entity does not have. if (!$entity->hasField($field_name)) { continue; } $links = array(); $commenting_status = $entity->get($field_name)->status; if ($commenting_status != CommentItemInterface::HIDDEN) { // Entity has commenting status open or closed. $field_definition = $entity->getFieldDefinition($field_name); if ($view_mode == 'teaser') { // Teaser view: display the number of comments that have been posted, // or a link to add new comments if the user has permission, the // entity is open to new comments, and there currently are none. if ($this->currentUser->hasPermission('access comments')) { if (!empty($entity->get($field_name)->comment_count)) { $links['comment-comments'] = array('title' => $this->formatPlural($entity->get($field_name)->comment_count, '1 comment', '@count comments'), 'attributes' => array('title' => $this->t('Jump to the first comment.')), 'fragment' => 'comments', 'url' => $entity->urlInfo()); if ($this->moduleHandler->moduleExists('history')) { $links['comment-new-comments'] = array('title' => '', 'url' => Url::fromRoute('<current>'), 'attributes' => array('class' => 'hidden', 'title' => $this->t('Jump to the first new comment.'), 'data-history-node-last-comment-timestamp' => $entity->get($field_name)->last_comment_timestamp, 'data-history-node-field-name' => $field_name)); } } } // Provide a link to new comment form. if ($commenting_status == CommentItemInterface::OPEN) { $comment_form_location = $field_definition->getSetting('form_location'); if ($this->currentUser->hasPermission('post comments')) { $links['comment-add'] = array('title' => $this->t('Add new comments'), 'language' => $entity->language(), 'attributes' => array('title' => $this->t('Share your thoughts and opinions.')), 'fragment' => 'comment-form'); if ($comment_form_location == CommentItemInterface::FORM_SEPARATE_PAGE) { $links['comment-add']['url'] = Url::fromRoute('comment.reply', ['entity_type' => $entity->getEntityTypeId(), 'entity' => $entity->id(), 'field_name' => $field_name]); } else { $links['comment-add'] += ['url' => $entity->urlInfo()]; } } elseif ($this->currentUser->isAnonymous()) { $links['comment-forbidden'] = array('title' => $this->commentManager->forbiddenMessage($entity, $field_name)); } } } else { // Entity in other view modes: add a "post comment" link if the user // is allowed to post comments and if this entity is allowing new // comments. if ($commenting_status == CommentItemInterface::OPEN) { $comment_form_location = $field_definition->getSetting('form_location'); if ($this->currentUser->hasPermission('post comments')) { // Show the "post comment" link if the form is on another page, or // if there are existing comments that the link will skip past. if ($comment_form_location == CommentItemInterface::FORM_SEPARATE_PAGE || !empty($entity->get($field_name)->comment_count) && $this->currentUser->hasPermission('access comments')) { $links['comment-add'] = array('title' => $this->t('Add new comment'), 'attributes' => array('title' => $this->t('Share your thoughts and opinions.')), 'fragment' => 'comment-form'); if ($comment_form_location == CommentItemInterface::FORM_SEPARATE_PAGE) { $links['comment-add']['url'] = Url::fromRoute('comment.reply', ['entity_type' => $entity->getEntityTypeId(), 'entity' => $entity->id(), 'field_name' => $field_name]); } else { $links['comment-add']['url'] = $entity->urlInfo(); } } } elseif ($this->currentUser->isAnonymous()) { $links['comment-forbidden'] = array('title' => $this->commentManager->forbiddenMessage($entity, $field_name)); } } } } if (!empty($links)) { $entity_links['comment__' . $field_name] = array('#theme' => 'links__entity__comment__' . $field_name, '#links' => $links, '#attributes' => array('class' => array('links', 'inline'))); if ($view_mode == 'teaser' && $this->moduleHandler->moduleExists('history') && $this->currentUser->isAuthenticated()) { $entity_links['comment__' . $field_name]['#cache']['contexts'][] = 'user'; $entity_links['comment__' . $field_name]['#attached']['library'][] = 'comment/drupal.node-new-comments-link'; // Embed the metadata for the "X new comments" link (if any) on this // entity. $entity_links['comment__' . $field_name]['#attached']['drupalSettings']['history']['lastReadTimestamps'][$entity->id()] = (int) history_read($entity->id()); $new_comments = $this->commentManager->getCountNewComments($entity); if ($new_comments > 0) { $page_number = $this->entityManager->getStorage('comment')->getNewCommentPageNumber($entity->{$field_name}->comment_count, $new_comments, $entity, $field_name); $query = $page_number ? ['page' => $page_number] : NULL; $value = ['new_comment_count' => (int) $new_comments, 'first_new_comment_link' => $entity->url('canonical', ['query' => $query, 'fragment' => 'new'])]; $parents = ['comment', 'newCommentsLinks', $entity->getEntityTypeId(), $field_name, $entity->id()]; NestedArray::setValue($entity_links['comment__' . $field_name]['#attached']['drupalSettings'], $parents, $value); } } } } return $entity_links; }
/** * {@inheritdoc} */ protected function blockAccess(AccountInterface $account) { $route_name = \Drupal::request()->attributes->get(RouteObjectInterface::ROUTE_NAME); return $account->isAnonymous() && !in_array($route_name, array('user.register', 'user.login', 'user.logout')); }
/** * {@inheritdoc} */ public function form(array $form, FormStateInterface $form_state) { /** @var \Drupal\comment\CommentInterface $comment */ $comment = $this->entity; $entity = $this->entityManager->getStorage($comment->getCommentedEntityTypeId())->load($comment->getCommentedEntityId()); $field_name = $comment->getFieldName(); $field_definition = $this->entityManager->getFieldDefinitions($entity->getEntityTypeId(), $entity->bundle())[$comment->getFieldName()]; $config = $this->config('user.settings'); // In several places within this function, we vary $form on: // - The current user's permissions. // - Whether the current user is authenticated or anonymous. // - The 'user.settings' configuration. // - The comment field's definition. $form['#cache']['contexts'][] = 'user.permissions'; $form['#cache']['contexts'][] = 'user.roles:authenticated'; $this->renderer->addCacheableDependency($form, $config); $this->renderer->addCacheableDependency($form, $field_definition->getConfig($entity->bundle())); // Use #comment-form as unique jump target, regardless of entity type. $form['#id'] = Html::getUniqueId('comment_form'); $form['#theme'] = array('comment_form__' . $entity->getEntityTypeId() . '__' . $entity->bundle() . '__' . $field_name, 'comment_form'); $anonymous_contact = $field_definition->getSetting('anonymous'); $is_admin = $comment->id() && $this->currentUser->hasPermission('administer comments'); if (!$this->currentUser->isAuthenticated() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT) { $form['#attached']['library'][] = 'core/drupal.form'; $form['#attributes']['data-user-info-from-browser'] = TRUE; } // If not replying to a comment, use our dedicated page callback for new // Comments on entities. if (!$comment->id() && !$comment->hasParentComment()) { $form['#action'] = $this->url('comment.reply', array('entity_type' => $entity->getEntityTypeId(), 'entity' => $entity->id(), 'field_name' => $field_name)); } $comment_preview = $form_state->get('comment_preview'); if (isset($comment_preview)) { $form += $comment_preview; } $form['author'] = array(); // Display author information in a details element for comment moderators. if ($is_admin) { $form['author'] += array('#type' => 'details', '#title' => $this->t('Administration')); } // Prepare default values for form elements. $author = ''; if ($is_admin) { if (!$comment->getOwnerId()) { $author = $comment->getAuthorName(); } $status = $comment->getStatus(); if (empty($comment_preview)) { $form['#title'] = $this->t('Edit comment %title', array('%title' => $comment->getSubject())); } } else { $status = $this->currentUser->hasPermission('skip comment approval') ? CommentInterface::PUBLISHED : CommentInterface::NOT_PUBLISHED; } $date = ''; if ($comment->id()) { $date = !empty($comment->date) ? $comment->date : DrupalDateTime::createFromTimestamp($comment->getCreatedTime()); } // The uid field is only displayed when a user with the permission // 'administer comments' is editing an existing comment from an // authenticated user. $owner = $comment->getOwner(); $form['author']['uid'] = ['#type' => 'entity_autocomplete', '#target_type' => 'user', '#default_value' => $owner->isAnonymous() ? NULL : $owner, '#selection_settings' => ['include_anonymous' => FALSE], '#title' => $this->t('Authored by'), '#description' => $this->t('Leave blank for %anonymous.', ['%anonymous' => $config->get('anonymous')]), '#access' => $is_admin]; // The name field is displayed when an anonymous user is adding a comment or // when a user with the permission 'administer comments' is editing an // existing comment from an anonymous user. $form['author']['name'] = array('#type' => 'textfield', '#title' => $is_admin ? $this->t('Name for @anonymous', ['@anonymous' => $config->get('anonymous')]) : $this->t('Your name'), '#default_value' => $author, '#required' => $this->currentUser->isAnonymous() && $anonymous_contact == COMMENT_ANONYMOUS_MUST_CONTACT, '#maxlength' => 60, '#access' => $this->currentUser->isAnonymous() || $is_admin, '#size' => 30, '#attributes' => ['data-drupal-default-value' => $config->get('anonymous')]); if ($is_admin) { // When editing a comment only display the name textfield if the uid field // is empty. $form['author']['name']['#states'] = ['visible' => [':input[name="uid"]' => array('empty' => TRUE)]]; } // Add author email and homepage fields depending on the current user. $form['author']['mail'] = array('#type' => 'email', '#title' => $this->t('Email'), '#default_value' => $comment->getAuthorEmail(), '#required' => $this->currentUser->isAnonymous() && $anonymous_contact == COMMENT_ANONYMOUS_MUST_CONTACT, '#maxlength' => 64, '#size' => 30, '#description' => $this->t('The content of this field is kept private and will not be shown publicly.'), '#access' => $comment->getOwner()->isAnonymous() && $is_admin || $this->currentUser->isAnonymous() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT); $form['author']['homepage'] = array('#type' => 'url', '#title' => $this->t('Homepage'), '#default_value' => $comment->getHomepage(), '#maxlength' => 255, '#size' => 30, '#access' => $is_admin || $this->currentUser->isAnonymous() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT); // Add administrative comment publishing options. $form['author']['date'] = array('#type' => 'datetime', '#title' => $this->t('Authored on'), '#default_value' => $date, '#size' => 20, '#access' => $is_admin); $form['author']['status'] = array('#type' => 'radios', '#title' => $this->t('Status'), '#default_value' => $status, '#options' => array(CommentInterface::PUBLISHED => $this->t('Published'), CommentInterface::NOT_PUBLISHED => $this->t('Not published')), '#access' => $is_admin); return parent::form($form, $form_state, $comment); }
/** * {@inheritdoc} */ public function blockAccess(AccountInterface $account) { return AccessResult::allowedIf($account->isAnonymous()); }
/** * Checks access. * * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ public function access(AccountInterface $account) { $user_settings = \Drupal::config('user.settings'); return AccessResult::allowedIf($account->isAnonymous() && $user_settings->get('register') != USER_REGISTER_ADMINISTRATORS_ONLY)->cacheUntilConfigurationChanges($user_settings); }
/** * {@inheritdoc} */ protected function blockAccess(AccountInterface $account) { $route_name = $this->routeMatch->getRouteName(); return $account->isAnonymous() && !in_array($route_name, array('user.register', 'user.login', 'user.logout')); }
/** * {@inheritdoc} */ public function viewElements(FieldItemListInterface $items) { $elements = array(); $output = array(); $field_name = $this->fieldDefinition->getName(); $entity = $items->getEntity(); $status = $items->status; if ($status != CommentItemInterface::HIDDEN && empty($entity->in_preview) && !in_array($this->viewMode, array('search_result', 'search_index'))) { $comment_settings = $this->getFieldSettings(); // Only attempt to render comments if the entity has visible comments. // Unpublished comments are not included in // $entity->get($field_name)->comment_count, but unpublished comments // should display if the user is an administrator. if ($entity->get($field_name)->comment_count && $this->currentUser->hasPermission('access comments') || $this->currentUser->hasPermission('administer comments')) { $mode = $comment_settings['default_mode']; $comments_per_page = $comment_settings['per_page']; $comments = $this->storage->loadThread($entity, $field_name, $mode, $comments_per_page, $this->getSetting('pager_id')); if ($comments) { comment_prepare_thread($comments); $build = $this->viewBuilder->viewMultiple($comments); $build['pager']['#theme'] = 'pager'; if ($this->getSetting('pager_id')) { $build['pager']['#element'] = $this->getSetting('pager_id'); } // The viewElements() method of entity field formatters is run // during the #pre_render phase of rendering an entity. A formatter // builds the content of the field in preparation for theming. // All entity cache tags must be available after the #pre_render phase. // This field formatter is highly exceptional: it renders *another* // entity and this referenced entity has its own #pre_render // callbacks. In order collect the cache tags associated with the // referenced entity it must be passed to drupal_render() so that its // #pre_render callbacks are invoked and its full build array is // assembled. Rendering the referenced entity in place here will allow // its cache tags to be bubbled up and included with those of the // main entity when cache tags are collected for a renderable array // in drupal_render(). drupal_render($build, TRUE); $output['comments'] = $build; } } // Append comment form if the comments are open and the form is set to // display below the entity. Do not show the form for the print view mode. if ($status == CommentItemInterface::OPEN && $comment_settings['form_location'] == COMMENT_FORM_BELOW && $this->viewMode != 'print') { // Only show the add comment form if the user has permission. if ($this->currentUser->hasPermission('post comments')) { // All users in the "anonymous" role can use the same form: it is fine // for this form to be stored in the render cache. if ($this->currentUser->isAnonymous()) { $comment = $this->storage->create(array('entity_type' => $entity->getEntityTypeId(), 'entity_id' => $entity->id(), 'field_name' => $field_name, 'comment_type' => $this->getFieldSetting('comment_type'), 'pid' => NULL)); $output['comment_form'] = $this->entityFormBuilder->getForm($comment); } else { $callback = 'comment.post_render_cache:renderForm'; $context = array('entity_type' => $entity->getEntityTypeId(), 'entity_id' => $entity->id(), 'field_name' => $field_name); $placeholder = drupal_render_cache_generate_placeholder($callback, $context); $output['comment_form'] = array('#post_render_cache' => array($callback => array($context)), '#markup' => $placeholder); } } } $elements[] = $output + array('#comment_type' => $this->getFieldSetting('comment_type'), '#comment_display_mode' => $this->getFieldSetting('default_mode'), 'comments' => array(), 'comment_form' => array()); } return $elements; }
/** * Overrides Drupal\Core\Entity\EntityForm::form(). */ public function form(array $form, FormStateInterface $form_state) { /** @var \Drupal\comment\CommentInterface $comment */ $comment = $this->entity; $entity = $this->entityManager->getStorage($comment->getCommentedEntityTypeId())->load($comment->getCommentedEntityId()); $field_name = $comment->getFieldName(); $field_definition = $this->entityManager->getFieldDefinitions($entity->getEntityTypeId(), $entity->bundle())[$comment->getFieldName()]; // Use #comment-form as unique jump target, regardless of entity type. $form['#id'] = drupal_html_id('comment_form'); $form['#theme'] = array('comment_form__' . $entity->getEntityTypeId() . '__' . $entity->bundle() . '__' . $field_name, 'comment_form'); $anonymous_contact = $field_definition->getSetting('anonymous'); $is_admin = $comment->id() && $this->currentUser->hasPermission('administer comments'); if (!$this->currentUser->isAuthenticated() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT) { $form['#attached']['library'][] = 'core/drupal.form'; $form['#attributes']['data-user-info-from-browser'] = TRUE; } // If not replying to a comment, use our dedicated page callback for new // Comments on entities. if (!$comment->id() && !$comment->hasParentComment()) { $form['#action'] = $this->url('comment.reply', array('entity_type' => $entity->getEntityTypeId(), 'entity' => $entity->id(), 'field_name' => $field_name)); } $comment_preview = $form_state->get('comment_preview'); if (isset($comment_preview)) { $form += $comment_preview; } $form['author'] = array(); // Display author information in a details element for comment moderators. if ($is_admin) { $form['author'] += array('#type' => 'details', '#title' => $this->t('Administration')); } // Prepare default values for form elements. if ($is_admin) { $author = $comment->getAuthorName(); $status = $comment->getStatus(); if (empty($comment_preview)) { $form['#title'] = $this->t('Edit comment %title', array('%title' => $comment->getSubject())); } } else { if ($this->currentUser->isAuthenticated()) { $author = $this->currentUser->getUsername(); } else { $author = $comment->getAuthorName() ? $comment->getAuthorName() : ''; } $status = $this->currentUser->hasPermission('skip comment approval') ? CommentInterface::PUBLISHED : CommentInterface::NOT_PUBLISHED; } $date = ''; if ($comment->id()) { $date = !empty($comment->date) ? $comment->date : DrupalDateTime::createFromTimestamp($comment->getCreatedTime()); } // Add the author name field depending on the current user. $form['author']['name'] = array('#type' => 'textfield', '#title' => $this->t('Your name'), '#default_value' => $author, '#required' => $this->currentUser->isAnonymous() && $anonymous_contact == COMMENT_ANONYMOUS_MUST_CONTACT, '#maxlength' => 60, '#size' => 30); if ($is_admin) { $form['author']['name']['#title'] = $this->t('Authored by'); $form['author']['name']['#description'] = $this->t('Leave blank for %anonymous.', array('%anonymous' => $this->config('user.settings')->get('anonymous'))); $form['author']['name']['#autocomplete_route_name'] = 'user.autocomplete'; } elseif ($this->currentUser->isAuthenticated()) { $form['author']['name']['#type'] = 'item'; $form['author']['name']['#value'] = $form['author']['name']['#default_value']; $form['author']['name']['#theme'] = 'username'; $form['author']['name']['#account'] = $this->currentUser; } elseif ($this->currentUser->isAnonymous()) { $form['author']['name']['#attributes']['data-drupal-default-value'] = $this->config('user.settings')->get('anonymous'); } $language_configuration = \Drupal::moduleHandler()->invoke('language', 'get_default_configuration', array('comment', $comment->getTypeId())); $form['langcode'] = array('#title' => t('Language'), '#type' => 'language_select', '#default_value' => $comment->getUntranslated()->language()->getId(), '#languages' => Language::STATE_ALL, '#access' => isset($language_configuration['language_show']) && $language_configuration['language_show']); // Add author email and homepage fields depending on the current user. $form['author']['mail'] = array('#type' => 'email', '#title' => $this->t('Email'), '#default_value' => $comment->getAuthorEmail(), '#required' => $this->currentUser->isAnonymous() && $anonymous_contact == COMMENT_ANONYMOUS_MUST_CONTACT, '#maxlength' => 64, '#size' => 30, '#description' => $this->t('The content of this field is kept private and will not be shown publicly.'), '#access' => $is_admin || $this->currentUser->isAnonymous() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT); $form['author']['homepage'] = array('#type' => 'url', '#title' => $this->t('Homepage'), '#default_value' => $comment->getHomepage(), '#maxlength' => 255, '#size' => 30, '#access' => $is_admin || $this->currentUser->isAnonymous() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT); // Add administrative comment publishing options. $form['author']['date'] = array('#type' => 'datetime', '#title' => $this->t('Authored on'), '#default_value' => $date, '#size' => 20, '#access' => $is_admin); $form['author']['status'] = array('#type' => 'radios', '#title' => $this->t('Status'), '#default_value' => $status, '#options' => array(CommentInterface::PUBLISHED => $this->t('Published'), CommentInterface::NOT_PUBLISHED => $this->t('Not published')), '#access' => $is_admin); // Used for conditional validation of author fields. $form['is_anonymous'] = array('#type' => 'value', '#value' => $comment->id() ? !$comment->getOwnerId() : $this->currentUser->isAnonymous()); return parent::form($form, $form_state, $comment); }
/** *Implements \Drupal\block\BlockBase::blockAccess(). */ public function blockAccess(AccountInterface $account) { return $account->isAnonymous() && \Drupal::config('user.settings')->get('register') != USER_REGISTER_ADMINISTRATORS_ONLY; }
/** * Checks access. * * @param \Drupal\Core\Session\AccountInterface $account * The currently logged in account. * * @return \Drupal\Core\Access\AccessResultInterface * The access result. */ public function access(AccountInterface $account) { // @todo cacheable per role once https://www.drupal.org/node/2040135 lands. return AccessResult::allowedIf($account->isAnonymous() && \Drupal::config('user.settings')->get('register') != USER_REGISTER_ADMINISTRATORS_ONLY)->setCacheable(FALSE); }