csrfToken = $csrf_token_generator; $this->checklist = $checklist; $this->securityReview = $security_review; } /** * {@inheritdoc} */ public static function create(ContainerInterface $container) { return new static( $container->get('csrf_token'), $container->get('security_review'), $container->get('security_review.checklist') ); } /** * Creates the Run & Review page. * * @return array * The 'Run & Review' page's render array. */ public function index() { $run_form = []; // If the user has the required permissions, show the RunForm. if ($this->currentUser()->hasPermission('run security checks')) { // Get the Run form. $run_form = $this->formBuilder() ->getForm('Drupal\security_review\Form\RunForm'); // Close the Run form if there are results. if ($this->securityReview->getLastRun() > 0) { $run_form['run_form']['#open'] = FALSE; } } // Print the results if any. if ($this->securityReview->getLastRun() <= 0) { // If they haven't configured the site, prompt them to do so. if (!$this->securityReview->isConfigured()) { drupal_set_message($this->t('It appears this is your first time using the Security Review checklist. Before running the checklist please review the settings page at admin/reports/security-review/settings to set which roles are untrusted.', [':url' => Url::fromRoute('security_review.settings')->toString()] ), 'warning'); } } return [$run_form, $this->results()]; } /** * Creates the results' table. * * @return array * The render array for the result table. */ public function results() { // If there are no results return. if ($this->securityReview->getLastRun() <= 0) { return []; } $checks = []; foreach ($this->checklist->getChecks() as $check) { // Initialize with defaults. $check_info = [ 'message' => $this->t( 'The check "@name" hasn\'t been run yet.', ['@name' => $check->getTitle()] ), 'skipped' => $check->isSkipped(), ]; // Get last result. $last_result = $check->lastResult(); if ($last_result != NULL) { if (!$last_result->isVisible()) { continue; } $check_info['result'] = $last_result->result(); $check_info['message'] = $last_result->resultMessage(); } // Determine help link. $check_info['help_link'] = Link::createFromRoute( 'Details', 'security_review.help', [ 'namespace' => $check->getMachineNamespace(), 'title' => $check->getMachineTitle(), ] ); // Add toggle button. $toggle_text = $check->isSkipped() ? 'Enable' : 'Skip'; $check_info['toggle_link'] = Link::createFromRoute($toggle_text, 'security_review.toggle', ['check_id' => $check->id()], ['query' => ['token' => $this->csrfToken->get($check->id())]] ); // Add to array of completed checks. $checks[] = $check_info; } return [ '#theme' => 'run_and_review', '#date' => $this->securityReview->getLastRun(), '#checks' => $checks, '#attached' => [ 'library' => ['security_review/run_and_review'], ], ]; } }