www.aleph1.co.uk Git - yaffs-website/blob - web/modules/contrib/security_review/src/Controller/ChecklistController.php

   1 <?php
   2
   3 /**
   4  * @file
   5  * Contains \Drupal\security_review\Controller\ChecklistController.
   6  */
   7
   8 namespace Drupal\security_review\Controller;
   9
  10 use Drupal\Core\Access\CsrfTokenGenerator;
  11 use Drupal\Core\Controller\ControllerBase;
  12 use Drupal\Core\Url;
  13 use Drupal\security_review\Checklist;
  14 use Drupal\security_review\CheckResult;
  15 use Drupal\security_review\SecurityReview;
  16 use Symfony\Component\DependencyInjection\ContainerInterface;
  17
  18 /**
  19  * The class of the 'Run & Review' page's controller.
  20  */
  21 class ChecklistController extends ControllerBase {
  22
  23   /**
  24    * The CSRF Token generator.
  25    *
  26    * @var \Drupal\Core\Access\CsrfTokenGenerator $csrfToken
  27    */
  28   protected $csrfToken;
  29
  30   /**
  31    * The security_review.checklist service.
  32    *
  33    * @var \Drupal\security_review\Checklist
  34    */
  35   protected $checklist;
  36
  37   /**
  38    * The security_review service.
  39    *
  40    * @var \Drupal\security_review\SecurityReview
  41    */
  42   protected $securityReview;
  43
  44
  45   /**
  46    * Constructs a ChecklistController.
  47    *
  48    * @param \Drupal\Core\Access\CsrfTokenGenerator $csrf_token_generator
  49    *   The CSRF Token generator.
  50    * @param \Drupal\security_review\SecurityReview $security_review
  51    *   The security_review service.
  52    * @param \Drupal\security_review\Checklist $checklist
  53    *   The security_review.checklist service.
  54    */
  55   public function __construct(CsrfTokenGenerator $csrf_token_generator, SecurityReview $security_review, Checklist $checklist) {
  56     $this->csrfToken = $csrf_token_generator;
  57     $this->checklist = $checklist;
  58     $this->securityReview = $security_review;
  59   }
  60
  61   /**
  62    * {@inheritdoc}
  63    */
  64   public static function create(ContainerInterface $container) {
  65     return new static(
  66       $container->get('csrf_token'),
  67       $container->get('security_review'),
  68       $container->get('security_review.checklist')
  69     );
  70   }
  71
  72   /**
  73    * Creates the Run & Review page.
  74    *
  75    * @return array
  76    *   The 'Run & Review' page's render array.
  77    */
  78   public function index() {
  79     $run_form = [];
  80
  81     // If the user has the required permissions, show the RunForm.
  82     if ($this->currentUser()->hasPermission('run security checks')) {
  83       // Get the Run form.
  84       $run_form = $this->formBuilder()
  85         ->getForm('Drupal\security_review\Form\RunForm');
  86
  87       // Close the Run form if there are results.
  88       if ($this->securityReview->getLastRun() > 0) {
  89         $run_form['run_form']['#open'] = FALSE;
  90       }
  91     }
  92
  93     // Print the results if any.
  94     if ($this->securityReview->getLastRun() <= 0) {
  95       // If they haven't configured the site, prompt them to do so.
  96       if (!$this->securityReview->isConfigured()) {
  97         drupal_set_message($this->t('It appears this is your first time using the Security Review checklist. Before running the checklist please review the settings page at <a href=":url">admin/reports/security-review/settings</a> to set which roles are untrusted.',
  98           [':url' => Url::fromRoute('security_review.settings')->toString()]
  99         ), 'warning');
 100       }
 101     }
 102
 103     return [$run_form, $this->results()];
 104   }
 105
 106   /**
 107    * Creates the results' table.
 108    *
 109    * @return array
 110    *   The render array for the result table.
 111    */
 112   public function results() {
 113     // If there are no results return.
 114     if ($this->securityReview->getLastRun() <= 0) {
 115       return [];
 116     }
 117
 118     $checks = [];
 119     foreach ($this->checklist->getChecks() as $check) {
 120       // Initialize with defaults.
 121       $check_info = [
 122         'message' => $this->t(
 123           'The check "@name" hasn\'t been run yet.',
 124           ['@name' => $check->getTitle()]
 125         ),
 126         'skipped' => $check->isSkipped(),
 127       ];
 128
 129       // Get last result.
 130       $last_result = $check->lastResult();
 131       if ($last_result != NULL) {
 132         if (!$last_result->isVisible()) {
 133           continue;
 134         }
 135         $check_info['result'] = $last_result->result();
 136         $check_info['message'] = $last_result->resultMessage();
 137       }
 138
 139       // Determine help link.
 140       $check_info['help_link'] = $this->l(
 141         'Details',
 142         Url::fromRoute(
 143           'security_review.help',
 144           [
 145             'namespace' => $check->getMachineNamespace(),
 146             'title' => $check->getMachineTitle(),
 147           ]
 148         )
 149       );
 150
 151       // Add toggle button.
 152       $toggle_text = $check->isSkipped() ? 'Enable' : 'Skip';
 153       $check_info['toggle_link'] = $this->l($toggle_text,
 154         Url::fromRoute(
 155           'security_review.toggle',
 156           ['check_id' => $check->id()],
 157           ['query' => ['token' => $this->csrfToken->get($check->id())]]
 158         )
 159       );
 160
 161       // Add to array of completed checks.
 162       $checks[] = $check_info;
 163     }
 164
 165     return [
 166       '#theme' => 'run_and_review',
 167       '#date' => $this->securityReview->getLastRun(),
 168       '#checks' => $checks,
 169       '#attached' => [
 170         'library' => ['security_review/run_and_review'],
 171       ],
 172     ];
 173   }
 174
 175 }