5 * Contains \Drupal\security_review\Controller\ChecklistController.
8 namespace Drupal\security_review\Controller;
10 use Drupal\Core\Access\CsrfTokenGenerator;
11 use Drupal\Core\Controller\ControllerBase;
13 use Drupal\security_review\Checklist;
14 use Drupal\security_review\CheckResult;
15 use Drupal\security_review\SecurityReview;
16 use Symfony\Component\DependencyInjection\ContainerInterface;
19 * The class of the 'Run & Review' page's controller.
21 class ChecklistController extends ControllerBase {
24 * The CSRF Token generator.
26 * @var \Drupal\Core\Access\CsrfTokenGenerator $csrfToken
31 * The security_review.checklist service.
33 * @var \Drupal\security_review\Checklist
38 * The security_review service.
40 * @var \Drupal\security_review\SecurityReview
42 protected $securityReview;
46 * Constructs a ChecklistController.
48 * @param \Drupal\Core\Access\CsrfTokenGenerator $csrf_token_generator
49 * The CSRF Token generator.
50 * @param \Drupal\security_review\SecurityReview $security_review
51 * The security_review service.
52 * @param \Drupal\security_review\Checklist $checklist
53 * The security_review.checklist service.
55 public function __construct(CsrfTokenGenerator $csrf_token_generator, SecurityReview $security_review, Checklist $checklist) {
56 $this->csrfToken = $csrf_token_generator;
57 $this->checklist = $checklist;
58 $this->securityReview = $security_review;
64 public static function create(ContainerInterface $container) {
66 $container->get('csrf_token'),
67 $container->get('security_review'),
68 $container->get('security_review.checklist')
73 * Creates the Run & Review page.
76 * The 'Run & Review' page's render array.
78 public function index() {
81 // If the user has the required permissions, show the RunForm.
82 if ($this->currentUser()->hasPermission('run security checks')) {
84 $run_form = $this->formBuilder()
85 ->getForm('Drupal\security_review\Form\RunForm');
87 // Close the Run form if there are results.
88 if ($this->securityReview->getLastRun() > 0) {
89 $run_form['run_form']['#open'] = FALSE;
93 // Print the results if any.
94 if ($this->securityReview->getLastRun() <= 0) {
95 // If they haven't configured the site, prompt them to do so.
96 if (!$this->securityReview->isConfigured()) {
97 drupal_set_message($this->t('It appears this is your first time using the Security Review checklist. Before running the checklist please review the settings page at <a href=":url">admin/reports/security-review/settings</a> to set which roles are untrusted.',
98 [':url' => Url::fromRoute('security_review.settings')->toString()]
103 return [$run_form, $this->results()];
107 * Creates the results' table.
110 * The render array for the result table.
112 public function results() {
113 // If there are no results return.
114 if ($this->securityReview->getLastRun() <= 0) {
119 foreach ($this->checklist->getChecks() as $check) {
120 // Initialize with defaults.
122 'message' => $this->t(
123 'The check "@name" hasn\'t been run yet.',
124 ['@name' => $check->getTitle()]
126 'skipped' => $check->isSkipped(),
130 $last_result = $check->lastResult();
131 if ($last_result != NULL) {
132 if (!$last_result->isVisible()) {
135 $check_info['result'] = $last_result->result();
136 $check_info['message'] = $last_result->resultMessage();
139 // Determine help link.
140 $check_info['help_link'] = $this->l(
143 'security_review.help',
145 'namespace' => $check->getMachineNamespace(),
146 'title' => $check->getMachineTitle(),
151 // Add toggle button.
152 $toggle_text = $check->isSkipped() ? 'Enable' : 'Skip';
153 $check_info['toggle_link'] = $this->l($toggle_text,
155 'security_review.toggle',
156 ['check_id' => $check->id()],
157 ['query' => ['token' => $this->csrfToken->get($check->id())]]
161 // Add to array of completed checks.
162 $checks[] = $check_info;
166 '#theme' => 'run_and_review',
167 '#date' => $this->securityReview->getLastRun(),
168 '#checks' => $checks,
170 'library' => ['security_review/run_and_review'],