/** * Determines if the user specified has access to report the entity. * * @param \Drupal\core\Entity\EntityInterface $entity * The entity to check access for * @param $form_id string * The form that is protected for this entity. * @param \Drupal\Core\Session\AccountInterface $account * The account to use. If null, use the current user. * * @return \Drupal\Core\Access\AccessResultInterface */ public static function accessReport($entity, $form_id, $account = NULL) { // Check if the user has access to this comment. $result = $entity->access('edit', $account, TRUE)->andIf($entity->access('update', $account, TRUE)); if (!$result->isAllowed()) { return $result; } // Check if this entity type is protected. $form_entity = \Drupal::entityManager()->getStorage('mollom_form')->load($form_id); if (empty($form_entity)) { return new AccessResultForbidden(); } // Check any specific report access callbacks. $forms = FormController::getProtectableForms(); $info = $forms[$form_id]; if (empty($info)) { // Orphan form protection. return new AccessResultForbidden(); } $report_access_callbacks = []; $access_permissions = []; // If there is a 'report access callback' add it to the list. if (isset($info['report access callback']) && function_exists($info['report access callback']) && !in_array($info['report access callback'], $report_access_callbacks)) { $report_access_callbacks[] = $info['report access callback']; } else { if (isset($info['report access']) && !in_array($info['report access'], $access_permissions)) { $access_permissions += $info['report access']; } } foreach ($report_access_callbacks as $callback) { if (!$callback($entity->getEntityTypeId(), $entity->id())) { return new AccessResultForbidden(); } } foreach ($access_permissions as $permission) { if (empty($account)) { $account = \Drupal::currentUser(); } if (!$account->hasPermission($permission)) { return new AccessResultForbidden(); } } return new AccessResultAllowed(); }
/** * Submit handler for feedback options. */ public static function addFeedbackOptionsSubmit(&$form, FormStateInterface &$form_state) { $forms = FormController::getProtectedForms(); $mollom_form = Form::load($forms['delete'][$form_state->getFormObject()->getFormId()])->initialize(); $entity_type = $mollom_form['entity']; if (!empty($entity_type)) { $id = $form_state->getFormObject()->getEntity()->id(); } else { $id = $form_state->getValue($mollom_form['mapping']['post_id']); } $feedback = $form_state->getValue(array('mollom', 'feedback')); if (!empty($feedback)) { if (self::sendFeedback($entity_type, $id, $feedback, 'moderate', 'mollom_data_delete_form_submit')) { drupal_set_message(t('The content was successfully reported as inappropriate.')); } } // Remove Mollom session data. ResponseDataStorage::delete($entity_type, $id); }
/** * Configure Mollom protection for a given form. * * @param $form_id * The form id to configure. * @param $mode * The Mollom protection mode for the form. * @param $fields * (optional) A list of form elements to enable for text analysis. If * omitted and the form registers individual elements, all fields are * enabled by default. * @param $edit * (optional) An array of POST data to pass through to drupalPost() when * configuring the form's protection. */ protected function setProtectionUI($form_id, $mode = FormInterface::MOLLOM_MODE_ANALYSIS, $fields = NULL, $edit = []) { // Always start from overview page, also to make debugging easier. $this->drupalGet('admin/config/content/mollom'); // Determine whether the form is already protected. $exists = \Drupal::entityManager()->getStorage('mollom_form')->load($form_id); // Add a new form. if (!$exists) { $this->drupalGet('admin/config/content/mollom/add-form', ['query' => ['form_id' => $form_id]]); $save = t('Create Protected Mollom Form'); } else { $this->assertLinkByHref('admin/config/content/mollom/form/' . $form_id . '/edit'); $this->drupalGet('admin/config/content/mollom/form/' . $form_id . '/edit'); $save = t('Update Protected Mollom Form'); } $edit += ['mode' => $mode]; // Process the enabled fields. $form_list = FormController::getProtectableForms(); $form_info = FormController::getProtectedFormDetails($form_id, $form_list[$form_id]['module']); if (!empty($form_info['elements'])) { $edit += ['checks[spam]' => TRUE]; } foreach (array_keys($form_info['elements']) as $field) { if (!isset($fields) || in_array($field, $fields)) { // If the user specified all fields by default or to include this // field, set its checkbox value to TRUE. $edit['enabled_fields[' . rawurlencode($field) . ']'] = TRUE; } else { // Otherwise set the field's checkbox value to FALSE. $edit['enabled_fields[' . rawurlencode($field) . ']'] = FALSE; } } $this->drupalPostForm(NULL, $edit, $save); if (!$exists) { $this->assertText(t('The form protection has been added.')); } else { $this->assertText(t('The form protection has been updated.')); } }
/** * Tests invalid (stale) form configurations. */ function testInvalidForms() { $forms = ['nonexisting' => 'nonexisting_form', 'user' => 'user_nonexisting_form', 'node' => 'nonexisting_node_form', 'comment' => 'comment_node_nonexisting_form']; $mode = 0; foreach ($forms as $module => $form_id) { $mollom_form = FormController::getProtectedFormDetails($form_id, $module, []); $mollom_form['mode'] = $mode++; $form = Form::create($mollom_form); $form->id = $form_id; $form->save(); } // Just visiting the form administration page is sufficient; it will throw // fatal errors, warnings, and notices. $this->drupalLogin($this->adminUser); $this->drupalGet('admin/config/content/mollom'); // Ensure that unprotecting the forms does not throw any notices either. foreach ($forms as $form_id) { $this->assertNoLinkByHref('admin/config/content/mollom/form/' . $form_id . '/edit'); $this->assertLinkByHref('admin/config/content/mollom/form/' . $form_id . '/delete'); $this->drupalPostForm('admin/config/content/mollom/form/' . $form_id . '/delete', array(), t('Remove Mollom Protection')); $this->assertNoLinkByHref('admin/config/content/mollom/form/' . $form_id . '/delete'); } // Confirm deletion. $configured = \Drupal::entityManager()->getStorage('mollom_form')->loadMultiple(); $this->assertFalse($configured, 'No forms found.'); }
/** * Return registered forms as an array suitable for a 'checkboxes' form element #options property. */ protected function getProtectableFormOptions() { // Retrieve all registered forms. $form_list = FormController::getProtectableForms(); // Remove already configured form ids. $result = $this->entity->loadMultiple(); foreach ($result as $form_id) { unset($form_list[$form_id->id()]); } // If all registered forms are configured already, output a message, and // redirect the user back to overview. if (empty($form_list)) { drupal_set_message(t('All available forms are protected already.')); } // Load module information. $module_info = system_get_info('module'); // Transform form information into an associative array suitable for #options. $options = array(); foreach ($form_list as $form_id => $info) { // system_get_info() only supports enabled modules. Default to the module's // machine name in case it is disabled. $module = $info['module']; if (!isset($module_info[$module])) { $module_info[$module]['name'] = $module; } $options[$form_id] = t('@module: @form-title', array('@form-title' => $info['title'], '@module' => t($module_info[$module]['name']))); } // Sort form options by title. asort($options); return $options; }
/** * {@inheritDoc} * */ public function initialize($form_id = NULL) { $mollom_form = get_object_vars($this); if (empty($form_id) && empty($this->id)) { return $mollom_form; } if ($this->isNew()) { $forms = FormController::getProtectableForms(); if (empty($forms[$form_id])) { return $mollom_form; } $mollom_form += $forms[$form_id]; $this->id = $form_id; $this->label = $forms[$form_id]['title']; foreach ($forms[$form_id] as $name => $value) { if (property_exists($this, $name)) { $this->{$name} = $value; } } $module = $this->module; } else { $form_id = $this->id(); $module = $this->module; $forms = NULL; } // Add all of the configuration information defined in hooks. $form_details = FormController::getProtectedFormDetails($form_id, $module, $forms); if ($this->isNew()) { // Overwrite the element properties with form details when supplied. $mollom_form = array_merge($mollom_form, $form_details); } else { // The entity has already been configured so use it's data over the // configuration details. $mollom_form = array_merge($form_details, $mollom_form); } if ($this->isNew()) { // Enable all fields for textual analysis by default. $this->setChecks(array('spam')); $mollom_form['checks'] = array('spam'); $mollom_form['enabled_fields'] = array_keys($mollom_form['elements']); $this->setEnabledFields(array_keys($mollom_form['elements'])); } return $mollom_form; }