3 namespace Drupal\security_review\Controller;
5 use Drupal\Core\Access\CsrfTokenGenerator;
6 use Drupal\Core\Controller\ControllerBase;
9 use Drupal\security_review\Checklist;
10 use Drupal\security_review\SecurityReview;
11 use Symfony\Component\DependencyInjection\ContainerInterface;
14 * The class of the 'Run & Review' page's controller.
16 class ChecklistController extends ControllerBase {
19 * The CSRF Token generator.
21 * @var \Drupal\Core\Access\CsrfTokenGenerator $csrfToken
26 * The security_review.checklist service.
28 * @var \Drupal\security_review\Checklist
33 * The security_review service.
35 * @var \Drupal\security_review\SecurityReview
37 protected $securityReview;
41 * Constructs a ChecklistController.
43 * @param \Drupal\Core\Access\CsrfTokenGenerator $csrf_token_generator
44 * The CSRF Token generator.
45 * @param \Drupal\security_review\SecurityReview $security_review
46 * The security_review service.
47 * @param \Drupal\security_review\Checklist $checklist
48 * The security_review.checklist service.
50 public function __construct(CsrfTokenGenerator $csrf_token_generator, SecurityReview $security_review, Checklist $checklist) {
51 $this->csrfToken = $csrf_token_generator;
52 $this->checklist = $checklist;
53 $this->securityReview = $security_review;
59 public static function create(ContainerInterface $container) {
61 $container->get('csrf_token'),
62 $container->get('security_review'),
63 $container->get('security_review.checklist')
68 * Creates the Run & Review page.
71 * The 'Run & Review' page's render array.
73 public function index() {
76 // If the user has the required permissions, show the RunForm.
77 if ($this->currentUser()->hasPermission('run security checks')) {
79 $run_form = $this->formBuilder()
80 ->getForm('Drupal\security_review\Form\RunForm');
82 // Close the Run form if there are results.
83 if ($this->securityReview->getLastRun() > 0) {
84 $run_form['run_form']['#open'] = FALSE;
88 // Print the results if any.
89 if ($this->securityReview->getLastRun() <= 0) {
90 // If they haven't configured the site, prompt them to do so.
91 if (!$this->securityReview->isConfigured()) {
92 drupal_set_message($this->t('It appears this is your first time using the Security Review checklist. Before running the checklist please review the settings page at <a href=":url">admin/reports/security-review/settings</a> to set which roles are untrusted.',
93 [':url' => Url::fromRoute('security_review.settings')->toString()]
98 return [$run_form, $this->results()];
102 * Creates the results' table.
105 * The render array for the result table.
107 public function results() {
108 // If there are no results return.
109 if ($this->securityReview->getLastRun() <= 0) {
114 foreach ($this->checklist->getChecks() as $check) {
115 // Initialize with defaults.
117 'message' => $this->t(
118 'The check "@name" hasn\'t been run yet.',
119 ['@name' => $check->getTitle()]
121 'skipped' => $check->isSkipped(),
125 $last_result = $check->lastResult();
126 if ($last_result != NULL) {
127 if (!$last_result->isVisible()) {
130 $check_info['result'] = $last_result->result();
131 $check_info['message'] = $last_result->resultMessage();
134 // Determine help link.
135 $check_info['help_link'] = Link::createFromRoute(
137 'security_review.help',
139 'namespace' => $check->getMachineNamespace(),
140 'title' => $check->getMachineTitle(),
144 // Add toggle button.
145 $toggle_text = $check->isSkipped() ? 'Enable' : 'Skip';
146 $check_info['toggle_link'] = Link::createFromRoute($toggle_text,
147 'security_review.toggle',
148 ['check_id' => $check->id()],
149 ['query' => ['token' => $this->csrfToken->get($check->id())]]
152 // Add to array of completed checks.
153 $checks[] = $check_info;
157 '#theme' => 'run_and_review',
158 '#date' => $this->securityReview->getLastRun(),
159 '#checks' => $checks,
161 'library' => ['security_review/run_and_review'],