View source
<?php
namespace Drupal\security_review\Controller;
use Drupal\Core\Access\CsrfTokenGenerator;
use Drupal\Core\Controller\ControllerBase;
use Drupal\Core\Link;
use Drupal\Core\Messenger\MessengerInterface;
use Drupal\Core\Url;
use Drupal\security_review\Checklist;
use Drupal\security_review\SecurityReview;
use Symfony\Component\DependencyInjection\ContainerInterface;
class ChecklistController extends ControllerBase {
protected $csrfToken;
protected $checklist;
protected $securityReview;
protected $messenger;
public function __construct(CsrfTokenGenerator $csrf_token_generator, SecurityReview $security_review, Checklist $checklist, MessengerInterface $messenger) {
$this->csrfToken = $csrf_token_generator;
$this->checklist = $checklist;
$this->securityReview = $security_review;
$this->messenger = $messenger;
}
public static function create(ContainerInterface $container) {
return new static($container
->get('csrf_token'), $container
->get('security_review'), $container
->get('security_review.checklist'), $container
->get('messenger'));
}
public function index() {
$run_form = [];
if ($this
->currentUser()
->hasPermission('run security checks')) {
$run_form = $this
->formBuilder()
->getForm('Drupal\\security_review\\Form\\RunForm');
if ($this->securityReview
->getLastRun() > 0) {
$run_form['run_form']['#open'] = FALSE;
}
}
if ($this->securityReview
->getLastRun() <= 0) {
if (!$this->securityReview
->isConfigured()) {
$this->messenger
->addWarning($this
->t('It appears this is your first time using the Security Review checklist. Before running the checklist please review the settings page at <a href=":url">admin/reports/security-review/settings</a> to set which roles are untrusted.', [
':url' => Url::fromRoute('security_review.settings')
->toString(),
]), 'warning');
}
}
return [
$run_form,
$this
->results(),
];
}
public function results() {
if ($this->securityReview
->getLastRun() <= 0) {
return [];
}
$checks = [];
foreach ($this->checklist
->getChecks() as $check) {
$check_info = [
'message' => $this
->t('The check "@name" hasn\'t been run yet.', [
'@name' => $check
->getTitle(),
]),
'skipped' => $check
->isSkipped(),
];
$last_result = $check
->lastResult();
if ($last_result != NULL) {
if (!$last_result
->isVisible()) {
continue;
}
$check_info['result'] = $last_result
->result();
$check_info['message'] = $last_result
->resultMessage();
}
$check_info['help_link'] = Link::createFromRoute('Details', 'security_review.help', [
'namespace' => $check
->getMachineNamespace(),
'title' => $check
->getMachineTitle(),
]);
$toggle_text = $check
->isSkipped() ? 'Enable' : 'Skip';
$check_info['toggle_link'] = Link::createFromRoute($toggle_text, 'security_review.toggle', [
'check_id' => $check
->id(),
], [
'query' => [
'token' => $this->csrfToken
->get($check
->id()),
],
]);
$checks[] = $check_info;
}
return [
'#theme' => 'run_and_review',
'#date' => $this->securityReview
->getLastRun(),
'#checks' => $checks,
'#attached' => [
'library' => [
'security_review/run_and_review',
],
],
];
}
}