ip_range_access/ip_range_access.module at main · Born-Digital-US/ip_range_access · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
<?php

/**
 * @file
 * Contains ip_range_access.module.
 */

use Drupal\Core\Entity\Display\EntityViewDisplayInterface;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Form\FormStateInterface;
use Drupal\ip_range_access\IpUtil;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

/**
 * Implements hook_form_form_id_alter().
 */
function ip_range_acces_form_block_form_alter(&$form, FormStateInterface $form_state, $form_id) {
  unset($form['visibility']['user_ip_address']);
}

/**
 * Implements hook_entity_view().
 */
function ip_range_access_entity_view(array &$build, EntityInterface $entity, EntityViewDisplayInterface $display, $view_mode) {
  $route_match_item = \Drupal::routeMatch()->getParameters()->all();
  // Get the parameter, which might be node, media or taxonomy term.
  $current_entity = reset($route_match_item);
  // Match exactly to ensure they are the same entity type.
  if ($entity === $current_entity) {
    if (\Drupal::moduleHandler()->moduleExists('context')) {
      $context_manager = \Drupal::service('context.manager');
      // If there are multiple contexts that block access, it's OK to use the first one.
      foreach ($context_manager->getActiveReactions('\Drupal\ip_range_access\Plugin\ContextReaction\DenyAccessReaction') as $reaction) {
        $reaction->execute();
      }
    }
  }

  // Disable cache for IP Restricted nodes.
  if ((new IpUtil)->isEntityProtected($entity)) {
    $build['#cache']['max-age'] = 0;
    \Drupal::service('page_cache_kill_switch')->trigger();
  }

  // Check access to /ocr and /pages.
  if (
    ($current_entity === 'display_media' && $route_match_item['display_id'] === 'ocr') ||
    ($current_entity === 'manage_members' && $route_match_item['display_id'] === 'page_3')
  ) {
    $node_id = $route_match_item['node'] ?? NULL;
    $node = \Drupal::entityTypeManager()->getStorage('node')->load($node_id);
    $isAccessGranted = (new IpUtil)->isAccessGranted($node);

    if ((new IpUtil)->isEntityProtected($node)) {
      $build['#cache']['max-age'] = 0;
      \Drupal::service('page_cache_kill_switch')->trigger();
    }

    if (!$isAccessGranted) {
      throw new NotFoundHttpException();
    }
  }
}

/**
 * Implements hook_entity_view_alter().
 */
function ip_range_access_entity_view_alter(array &$build, EntityInterface $entity, EntityViewDisplayInterface $display) {
  $active_contexts = \Drupal::service('context.manager')->getActiveContexts();

  // Disable object navigation links when context is active.
  foreach ($active_contexts as $machine_name => $context_active) {
    if ($machine_name === IpUtil::CONTEXT_ID) {
      $build['object_navigation']['#access'] = FALSE;
    }
  }
}

/**
 * Implements hook_form_form_id_alter().
 */
function ip_range_access_form_block_form_alter(&$form, FormStateInterface $form_state, $form_id) {
  // Remove this condition from the core block placement UI. Use
  // /admin/structure/context instead if you want to use this condition
  // to alter block layout.
  unset($form['visibility']['user_ip_address']);
}

/**
 * Control access to private file downloads and specify HTTP headers.
 *
 * @param $uri
 *   The URI of the file.
 *
 * @return string[]|int
 *   If the user does not have permission to access the file, return -1. If the
 *   user has permission, return an array with the appropriate headers. If the
 *   file is not controlled by the current module, the return value should be
 *   NULL.
 *
 * @see \Drupal\system\FileDownloadController::download()
 */
function ip_range_access_file_download($uri) {

  /** @var \Drupal\file\FileRepositoryInterface $file_repository */
  $file_repository = \Drupal::service('file.repository');
  $file = $file_repository->loadByUri($uri);

  if (!$file) {
    return NULL;
  }

  $usage = \Drupal::service('file.usage')->listUsage($file);
  $entity_type_manager = \Drupal::service('entity_type.manager');

  if (!empty($usage['file']['media'])) {
    foreach ($usage['file']['media'] as $media_id => $usage_count) {
      $media = $entity_type_manager->getStorage('media')->load($media_id);
      $node = \Drupal::service('islandora.utils')->getParentNode($media);
      if (!$node) {
        continue;
      }
      $isAccessGranted = (new IpUtil)->isAccessGranted($node);

      if (!$isAccessGranted) {
        return -1; // Return access denied.
      }
    }
  }

  // Returning nothing so that other modules can handle additional access.
}