5 * Contains \Drupal\security_review\Controller\ToggleController.
8 namespace Drupal\security_review\Controller;
10 use Drupal\Core\Access\CsrfTokenGenerator;
11 use Drupal\Core\Controller\ControllerBase;
13 use Drupal\security_review\Checklist;
14 use Symfony\Component\DependencyInjection\ContainerInterface;
15 use Symfony\Component\HttpFoundation\JsonResponse;
16 use Symfony\Component\HttpFoundation\RequestStack;
19 * Responsible for handling the toggle links on the Run & Review page.
21 class ToggleController extends ControllerBase {
24 * The security_review.checklist service.
26 * @var \Drupal\security_review\Checklist
31 * The CSRF Token generator.
33 * @var \Drupal\Core\Access\CsrfTokenGenerator $csrfToken
40 * @var \Symfony\Component\HttpFoundation\Request $request
45 * Constructs a ToggleController.
47 * @param \Drupal\Core\Access\CsrfTokenGenerator $csrf_token_generator
48 * The CSRF Token generator.
49 * @param \Symfony\Component\HttpFoundation\RequestStack $request
51 * @param \Drupal\security_review\Checklist $checklist
52 * The security_review.checklist service.
54 public function __construct(CsrfTokenGenerator $csrf_token_generator, RequestStack $request, Checklist $checklist) {
55 $this->checklist = $checklist;
56 $this->csrfToken = $csrf_token_generator;
57 $this->request = $request->getCurrentRequest();
63 public static function create(ContainerInterface $container) {
65 $container->get('csrf_token'),
66 $container->get('request_stack'),
67 $container->get('security_review.checklist')
72 * Handles check toggling.
74 * @param string $check_id
75 * The ID of the check.
77 * @return \Symfony\Component\HttpFoundation\JsonResponse|\Symfony\Component\HttpFoundation\RedirectResponse
80 public function index($check_id) {
81 // Determine access type.
82 $ajax = $this->request->query->get('js') == 1;
85 $token = $this->request->query->get('token');
86 if ($this->csrfToken->validate($token, $check_id)) {
88 $check = $this->checklist->getCheckById($check_id);
90 if ($check->isSkipped()) {
100 return new JsonResponse([
101 'skipped' => $check->isSkipped(),
102 'toggle_text' => $check->isSkipped() ? $this->t('Enable') : $this->t('Skip'),
103 'toggle_href' => Url::fromRoute(
104 'security_review.toggle',
105 ['check_id' => $check->id()],
108 'token' => $this->csrfToken->get($check->id()),
117 if ($check->isSkipped()) {
118 drupal_set_message($this->t(
119 '@name check skipped.',
120 ['@name' => $check->getTitle()]
124 drupal_set_message($this->t(
125 '@name check no longer skipped.',
126 ['@name' => $check->getTitle()]
130 // Redirect back to Run & Review.
131 return $this->redirect('security_review');
135 // Go back to Run & Review if the access was wrong.
136 return $this->redirect('security_review');