overhaul the redirect thingy

embargoes.module

@@ -9,10 +9,9 @@ use Drupal\Core\Entity\Display\EntityViewDisplayInterface;
 use Drupal\Core\Entity\EntityInterface;
 use Drupal\Core\Session\AccountInterface;
 use Drupal\node\NodeInterface;
-use Symfony\Component\HttpFoundation\RedirectResponse;
 
 /**
- * Implements hook_node_access().
+ * Implements hook_ENTITY_TYPE_access().
  */
 function embargoes_node_access(NodeInterface $node, $operation, AccountInterface $account) {
   return \Drupal::service('embargoes.node_access')->isActivelyEmbargoed($node, $account);
@@ -32,51 +31,18 @@ function embargoes_file_access(EntityInterface $file, $operation, AccountInterfa
   return \Drupal::service('embargoes.file_access')->isActivelyEmbargoed($file, $account);
 }
 
-/**
- * Implements hook_node_view().
- */
-function embargoes_node_view(array &$build, EntityInterface $entity, EntityViewDisplayInterface $display, $view_mode) {
-  \Drupal::service('embargoes.node_access')->isActivelyEmbargoed($entity, \Drupal::currentUser());
-  $node_embargo = \Drupal::service('embargoes.node_access');
-  $ip_url = $node_embargo->getIpEmbargoedRedirectUrl($entity);
-  if ($ip_url) {
-    $response = new RedirectResponse($ip_url);
-    $response->send();
-  }
-  else {
-    $node_embargo->setEmbargoMessage($entity);
-  }
-}
-
 /**
  * Implements hook_ENTITY_TYPE_view().
  */
-function embargoes_media_view(array &$build, EntityInterface $entity, EntityViewDisplayInterface $display, $view_mode) {
-  $media_embargo = \Drupal::service('embargoes.media_access');
-  $ip_url = $media_embargo->getIpEmbargoedRedirectUrl($entity);
-  if ($ip_url) {
-    $response = new RedirectResponse($ip_url);
-    $response->send();
-  }
-  else {
-    $media_embargo->setEmbargoMessage($entity);
-  }
+function embargoes_node_view(array &$build, EntityInterface $node, EntityViewDisplayInterface $display, $view_mode) {
+  \Drupal::service('embargoes.node_access')->setEmbargoMessage($node);
 }
 
 /**
- * Implements hook_file_download().
+ * Implements hook_ENTITY_TYPE_view().
  */
-function embargoes_file_download($uri) {
-  $files = \Drupal::entityTypeManager()
-    ->getStorage('file')
-    ->loadByProperties(['uri' => $uri]);
-  $file = reset($files);
-  $file_embargo = \Drupal::service('embargoes.file_access');
-  $ip_url = $file_embargo->getIpEmbargoedRedirectUrl($file);
-  if ($ip_url) {
-    $response = new RedirectResponse($ip_url);
-    $response->send();
-  }
+function embargoes_media_view(array &$build, EntityInterface $media, EntityViewDisplayInterface $display, $view_mode) {
+  \Drupal::service('embargoes.media_access')->setEmbargoMessage($media);
 }
 
 /**
@@ -85,14 +51,13 @@ function embargoes_file_download($uri) {
 function embargoes_theme($existing, $type, $theme, $path) {
   return [
     'embargoes_ip_access_denied' => [
-      'render element' => 'children',
       'template' => 'embargoes-ip-access-denied',
       'variables' => [
         'requested_resource' => NULL,
         // Indexed array of ranges containing a 'proxy URL' (NULL if none exist)
         // and a display 'label'.
         'ranges' => [],
-        'contact_email' => '',
+        'contact_email' => NULL,
       ],
     ],
   ];

embargoes.services.yml

@@ -44,3 +44,12 @@ services:
       - '@string_translation'
       - '@url_generator'
       - '@current_user'
+  ip_redirect_attacher:
+    class: '\Drupal\embargoes\EventSubscriber\IpRedirectAttacher'
+    arguments:
+      - '@embargoes.node_access'
+      - '@embargoes.media_access'
+      - '@embargoes.file_access'
+      - '@current_user'
+    tags:
+      - { name: 'event_subscriber' }

src/Access/EmbargoedAccessInterface.php

@@ -3,6 +3,7 @@
 namespace Drupal\embargoes\Access;
 
 use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Session\AccountInterface;
 
 /**
  * Determine whether an item is embargoed and should be accessible.
@@ -14,12 +15,14 @@ interface EmbargoedAccessInterface {
    *
    * @param \Drupal\Core\Entity\EntityInterface $entity
    *   The entity to determine embargo status for.
+   * @param \Drupal\Core\Session\AccountInterface $user
+   *   The user to determine embargo status for.
    *
    * @return bool
    *   TRUE or FALSE depending on if the given entity is actively embargoed
    *   against the current user.
    */
-  public function isActivelyEmbargoed(EntityInterface $entity);
+  public function isActivelyEmbargoed(EntityInterface $entity, AccountInterface $user);
 
   /**
    * Sets the message associated with embargoes for this entity.
@@ -32,17 +35,15 @@ public function setEmbargoMessage(EntityInterface $entity);
   /**
    * Returns an appropriate response URL for an IP embargoed entity.
    *
-   * Returning a response URL here qualifies as an assertion that a redirect
-   * response should be made for this resource to the given URL. Return NULL to
-   * assert that no redirect should be made.
-   *
    * @param \Drupal\Core\Entity\EntityInterface $entity
    *   The entity to get a redirect response for.
+   * @param \Drupal\Core\Session\AccountInterface $user
+   *   The user to get a redirect response for.
    *
    * @return GeneratedUrl|null
    *   An appropriate redirect URL for this object, or NULL if no redirect
    *   should be made.
    */
-  public function getIpEmbargoRedirectUrl(EntityInterface $entity);
+  public function getIpEmbargoRedirectUrl(EntityInterface $entity, AccountInterface $user);
 
 }

src/Access/EmbargoedAccessResult.php

@@ -68,13 +68,6 @@ abstract class EmbargoedAccessResult implements EmbargoedAccessInterface {
    */
   protected $urlGenerator;
 
-  /**
-   * The current user entity.
-   *
-   * @var \Drupal\Core\Session\AccountInterface
-   */
-  protected $currentUser;
-
   /**
    * Constructor for access control managers.
    *
@@ -92,18 +85,15 @@ abstract class EmbargoedAccessResult implements EmbargoedAccessInterface {
    *   A string translation manager.
    * @param \Drupal\Core\Routing\UrlGeneratorInterface $url_generator
    *   A URL generator.
-   * @param \Drupal\Core\Session\AccountInterface $current_user
-   *   The current user.
    */
-  public function __construct(EmbargoesEmbargoesServiceInterface $embargoes, RequestStack $request_stack, EntityTypeManagerInterface $entity_type_manager, ConfigFactoryInterface $config, MessengerInterface $messenger, TranslationInterface $translator, UrlGeneratorInterface $url_generator, AccountInterface $current_user) {
+  public function __construct(EmbargoesEmbargoesServiceInterface $embargoes, RequestStack $request_stack, EntityTypeManagerInterface $entity_type_manager, ConfigFactoryInterface $config, MessengerInterface $messenger, TranslationInterface $translator, UrlGeneratorInterface $url_generator) {
     $this->embargoes = $embargoes;
     $this->request = $request_stack->getCurrentRequest();
     $this->entityTypeManager = $entity_type_manager;
     $this->config = $config;
     $this->messenger = $messenger;
     $this->translator = $translator;
     $this->urlGenerator = $url_generator;
-    $this->currentUser = $current_user;
   }
 
   /**
@@ -117,7 +107,7 @@ abstract public static function entityType();
   /**
    * {@inheritdoc}
    */
-  public function isActivelyEmbargoed(EntityInterface $entity) {
+  public function isActivelyEmbargoed(EntityInterface $entity, AccountInterface $user) {
     $entity_type = $entity->getEntityType()->id();
     $expected = static::entityType();
     if ($entity_type !== $expected) {
@@ -155,7 +145,7 @@ public function setEmbargoMessage(EntityInterface $entity) {
           $expiration_date = $expiration ? $embargo->getExpirationDate() : '';
           $args = [
             '%date' => $expiration_date,
-            '%ip_range' => $ip_range,
+            '%ip_range' => $ip_range->label(),
           ];
           // Determine a message to set.
           if (!$type && is_null($ip_range) && !$expiration) {
@@ -206,7 +196,7 @@ protected function shouldSetEmbargoMessage() {
   /**
    * {@inheritdoc}
    */
-  public function getIpEmbargoRedirectUrl(EntityInterface $entity) {
+  public function getIpEmbargoRedirectUrl(EntityInterface $entity, AccountInterface $user) {
     return $this->urlGenerator->generateFromRoute('embargoes.ip_access_denied', [
       'query' => [
         'path' => $this->request->getRequestUri(),

src/Access/EmbargoedFileAccess.php

@@ -4,6 +4,7 @@
 
 use Drupal\Core\Access\AccessResult;
 use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Session\AccountInterface;
 
 /**
  * Access control for files attached to embargoed nodes.
@@ -20,10 +21,10 @@ public static function entityType() {
   /**
    * {@inheritdoc}
    */
-  public function isActivelyEmbargoed(EntityInterface $file) {
-    $state = parent::isActivelyEmbargoed($file, $this->currentUser);
+  public function isActivelyEmbargoed(EntityInterface $file, AccountInterface $user) {
+    $state = parent::isActivelyEmbargoed($file, $user);
     $parent_nodes = $this->embargoes->getParentNidsOfFileEntity($file);
-    $embargoes = $this->embargoes->getActiveNodeEmbargoesByNids($parent_nodes, $this->request->getClientIp(), $this->currentUser);
+    $embargoes = $this->embargoes->getActiveNodeEmbargoesByNids($parent_nodes, $this->request->getClientIp(), $user);
     if (!empty($embargoes) && empty($this->embargoes->getIpAllowedEmbargoes($embargoes))) {
       $state = AccessResult::forbidden();
     }
@@ -33,16 +34,14 @@ public function isActivelyEmbargoed(EntityInterface $file) {
   /**
    * {@inheritdoc}
    */
-  public function getIpEmbargoedRedirectUrl(EntityInterface $file) {
+  public function getIpEmbargoedRedirectUrl(EntityInterface $file, AccountInterface $user) {
     $parent_nodes = $this->embargoes->getParentNidsOfFileEntity($file);
-    $embargoes = $this->embargoes->getActiveNodeEmbargoesByNids($parent_nodes, $this->request->getClientIp(), $this->currentUser);
+    $embargoes = $this->embargoes->getActiveNodeEmbargoesByNids($parent_nodes, $this->request->getClientIp(), $user);
     $ip_allowed_embargoes = $this->embargoes->getIpAllowedEmbargoes($embargoes);
     if (!empty($embargoes) && !empty($ip_allowed_embargoes)) {
       return $this->urlGenerator->generateFromRoute('embargoes.ip_access_denied', [
-        'query' => [
-          'path' => $this->request->getRequestUri(),
-          'ranges' => $ip_allowed_embargoes,
-        ],
+        'label' => $file->label(),
+        'ranges' => $ip_allowed_embargoes,
       ]);
     }
     return NULL;

src/Access/EmbargoedMediaAccess.php

@@ -4,6 +4,7 @@
 
 use Drupal\Core\Access\AccessResult;
 use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Session\AccountInterface;
 
 /**
  * Access control for embargoed media.
@@ -20,10 +21,10 @@ public static function entityType() {
   /**
    * {@inheritdoc}
    */
-  public function isActivelyEmbargoed(EntityInterface $media) {
-    $state = parent::isActivelyEmbargoed($media, $this->currentUser);
+  public function isActivelyEmbargoed(EntityInterface $media, AccountInterface $user) {
+    $state = parent::isActivelyEmbargoed($media, $user);
     $parent_nodes = $this->embargoes->getMediaParentNids($media->id());
-    $embargoes = $this->embargoes->getActiveNodeEmbargoesByNids($parent_nodes, $this->request->getClientIp(), $this->currentUser);
+    $embargoes = $this->embargoes->getActiveNodeEmbargoesByNids($parent_nodes, $this->request->getClientIp(), $user);
     if (!empty($embargoes) && empty($this->embargoes->getIpAllowedEmbargoes($embargoes))) {
       $state = AccessResult::forbidden();
     }
@@ -33,16 +34,14 @@ public function isActivelyEmbargoed(EntityInterface $media) {
   /**
    * {@inheritdoc}
    */
-  public function getIpEmbargoedRedirectUrl(EntityInterface $media) {
+  public function getIpEmbargoedRedirectUrl(EntityInterface $media, AccountInterface $user) {
     $parent_nodes = $this->embargoes->getMediaParentNids($media->id());
-    $embargoes = $this->embargoes->getActiveNodeEmbargoesByNids($parent_nodes, $this->request->getClientIp(), $this->currentUser);
+    $embargoes = $this->embargoes->getActiveNodeEmbargoesByNids($parent_nodes, $this->request->getClientIp(), $user);
     $ip_allowed_embargoes = $this->embargoes->getIpAllowedEmbargoes($embargoes);
     if (!empty($embargoes) && !empty($ip_allowed_embargoes)) {
       return $this->urlGenerator->generateFromRoute('embargoes.ip_access_denied', [
-        'query' => [
-          'path' => $this->request->getRequestUri(),
-          'ranges' => $ip_allowed_embargoes,
-        ],
+        'label' => $media->label(),
+        'ranges' => $ip_allowed_embargoes,
       ]);
     }
     return NULL;

src/Access/EmbargoedNodeAccess.php

@@ -4,6 +4,7 @@
 
 use Drupal\Core\Access\AccessResult;
 use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Session\AccountInterface;
 
 /**
  * Access control for embargoed nodes.
@@ -20,9 +21,9 @@ public static function entityType() {
   /**
    * {@inheritdoc}
    */
-  public function isActivelyEmbargoed(EntityInterface $node) {
-    $state = parent::isActivelyEmbargoed($node, $this->currentUser);
-    $embargoes = $this->embargoes->getActiveNodeEmbargoesByNids([$node->id()], $this->request->getClientIp(), $this->currentUser);
+  public function isActivelyEmbargoed(EntityInterface $node, AccountInterface $user) {
+    $state = parent::isActivelyEmbargoed($node, $user);
+    $embargoes = $this->embargoes->getActiveNodeEmbargoesByNids([$node->id()], $this->request->getClientIp(), $user);
     if (!empty($embargoes) && empty($this->embargoes->getIpAllowedEmbargoes($embargoes))) {
       $state = AccessResult::forbidden();
     }
@@ -32,15 +33,13 @@ public function isActivelyEmbargoed(EntityInterface $node) {
   /**
    * {@inheritdoc}
    */
-  public function getIpEmbargoedRedirectUrl(EntityInterface $node) {
-    $embargoes = $this->embargoes->getActiveNodeEmbargoesByNids([$node->id()], $this->request->getClientIp(), $this->currentUser);
+  public function getIpEmbargoedRedirectUrl(EntityInterface $node, AccountInterface $user) {
+    $embargoes = $this->embargoes->getActiveNodeEmbargoesByNids([$node->id()], $this->request->getClientIp(), $user);
     $ip_allowed_embargoes = $this->embargoes->getIpAllowedEmbargoes($embargoes);
     if (!empty($embargoes) && !empty($ip_allowed_embargoes)) {
       return $this->urlGenerator->generateFromRoute('embargoes.ip_access_denied', [
-        'query' => [
-          'path' => $this->request->getRequestUri(),
-          'ranges' => $ip_allowed_embargoes,
-        ],
+        'label' => $node->label(),
+        'ranges' => $ip_allowed_embargoes,
       ]);
     }
     return NULL;

src/Controller/EmbargoesIpAccessDeniedController.php

@@ -36,34 +36,18 @@ public static function create(ContainerInterface $container) {
       $container->get('request_stack')->getCurrentRequest());
   }
 
-  /**
-   * Helper function to attempt to get the current request.
-   *
-   * @return string|null
-   *   The requested resource, or NULL if there is no current request.
-   */
-  protected function getRequestedResource() {
-    if (!is_null($this->request)) {
-      $path = $this->request->query->get('path');
-      $host = $this->request->getSchemeAndHttpHost();
-      return "{$host}{$path}";
-    }
-  }
-
   /**
    * Formats a response for an IP access denied page.
    *
    * @return array
    *   Renderable array of markup for IP access denied.
    */
   public function response() {
-    $requested_resource = $this->getRequestedResource();
-    $contact_email = $this->config('embargoes.settings')->get('embargo_contact_email');
     $ranges = [];
-    foreach ($this->request->query->get('ranges', []) as $allowed_range) {
+    foreach ((array) $this->request->query->get('ranges', []) as $allowed_range) {
       $allowed_range_entity = $this->entityTypeManager()->getStorage('embargoes_ip_range_entity')->load($allowed_range);
-      $proxy_url = $allowed_range_entity->getProxyUrl() != '' ? $allowed_range_entity->getProxyUrl() : NULL;
-      if ($allowed_range_entity->getProxyUrl() != '') {
+      if ($allowed_range_entity) {
+        $proxy_url = $allowed_range_entity->getProxyUrl() != '' ? $allowed_range_entity->getProxyUrl() : NULL;
         $ranges[] = [
           'proxy_url' => $proxy_url,
           'label' => $allowed_range_entity->label(),
@@ -73,11 +57,9 @@ public function response() {
 
     return [
       '#theme' => 'embargoes_ip_access_denied',
-      '#variables' => [
-        'requested_resource' => $requested_resource,
-        'ranges' => $ranges,
-        'contact_email' => $contact_email,
-      ],
+      '#requested_resource' => $this->request->query->get('label', ''),
+      '#ranges' => $ranges,
+      '#contact_email' => $this->config('embargoes.settings')->get('embargo_contact_email'),
     ];
   }
 

src/Controller/EmbargoesNodeEmbargoesController.php

@@ -92,8 +92,8 @@ public function showEmbargoes(NodeInterface $node = NULL) {
               'data' => [
                 '#type' => 'link',
                 '#title' => $ip_range->label(),
-                '#url' => Url::fromRoute('entity.embargoes_ip_range.edit_form', [
-                  'embargoes_embargo_entity' => $embargo->getExemptIps(),
+                '#url' => Url::fromRoute('entity.embargoes_ip_range_entity.edit_form', [
+                  'embargoes_ip_range_entity' => $embargo->getExemptIps(),
                 ]),
               ],
             ];