HPC-9259: Protect sections and all subpages, redirect to exact URL af…

…ter authenticating
UN-OCHA · Nov 22, 2023 · c94c83b · c94c83b
1 parent 4f7a02c
commit c94c83b
Show file tree

Hide file tree

Showing 10 changed files with 341 additions and 88 deletions.
diff --git a/config/views.view.content.yml b/config/views.view.content.yml
@@ -5325,6 +5325,8 @@ display:
           selected_actions:
             - node_publish_action
             - node_unpublish_action
+            - protect_content
+            - unprotect_content
         title:
           id: title
           table: node_field_data
@@ -5558,6 +5560,60 @@ display:
             format: custom
             format_custom_false: Unpublished
             format_custom_true: Published
+        protected_status:
+          id: protected_status
+          table: node
+          field: protected_status
+          relationship: none
+          group_type: group
+          admin_label: ''
+          entity_type: node
+          plugin_id: protected_status
+          label: Protected
+          exclude: false
+          alter:
+            alter_text: false
+            text: ''
+            make_link: false
+            path: ''
+            absolute: false
+            external: false
+            replace_spaces: false
+            path_case: none
+            trim_whitespace: false
+            alt: ''
+            rel: ''
+            link_class: ''
+            prefix: ''
+            suffix: ''
+            target: ''
+            nl2br: false
+            max_length: 0
+            word_boundary: true
+            ellipsis: true
+            more_link: false
+            more_link_text: ''
+            more_link_path: ''
+            strip_tags: false
+            trim: false
+            preserve_tags: ''
+            html: false
+          element_type: ''
+          element_class: ''
+          element_label_type: ''
+          element_label_class: ''
+          element_label_colon: true
+          element_wrapper_type: ''
+          element_wrapper_class: ''
+          element_default_classes: true
+          empty: ''
+          hide_empty: false
+          empty_zero: false
+          hide_alter_empty: true
+          type: yes-no
+          type_custom_true: ''
+          type_custom_false: ''
+          not: 0
         changed:
           id: changed
           table: node_field_data

diff --git a/html/modules/custom/ghi_content/src/Traits/ContentPathTrait.php b/html/modules/custom/ghi_content/src/Traits/ContentPathTrait.php
@@ -93,15 +93,17 @@ protected function getDocumentNodeFromPath($path, $root = FALSE) {
   protected function getSectionNodeFromPath($path) {
     $document_path_pos = strpos($path, '/document/');
     $article_path_pos = strpos($path, '/article/');
-    if ($document_path_pos === FALSE && $article_path_pos == FALSE) {
-      return NULL;
-    }
     if ($document_path_pos !== FALSE) {
       $section_url = substr($path, 0, $document_path_pos);
     }
     elseif ($article_path_pos !== FALSE) {
       $section_url = substr($path, 0, $article_path_pos);
     }
+    elseif (count(explode('/', ltrim($path, '/'))) > 2) {
+      // Also support custom subpages and cluster pages.
+      $url_parts = explode('/', ltrim($path, '/'));
+      $section_url = '/' . implode('/', array_slice($url_parts, 0, 2));
+    }
     $section = $this->getNodeByUrlAlias($section_url);
     return $section instanceof SectionNodeInterface ? $section : NULL;
   }

diff --git a/html/modules/custom/ghi_embargoed_access/ghi_embargoed_access.info.yml b/html/modules/custom/ghi_embargoed_access/ghi_embargoed_access.info.yml
@@ -6,4 +6,5 @@ type: module
 core_version_requirement: ^9 || ^10
 
 dependencies:
-  - protected_pages:protected_pages
+  - protected_pages:protected_pages
+  - ghi_content:ghi_content
diff --git a/html/modules/custom/ghi_embargoed_access/ghi_embargoed_access.services.yml b/html/modules/custom/ghi_embargoed_access/ghi_embargoed_access.services.yml
@@ -0,0 +1,4 @@
+services:
+  ghi_embargoed_access.manager:
+    class: Drupal\ghi_embargoed_access\EmbargoedAccessManager
+    arguments: ['@entity_type.manager', '@protected_pages.storage', '@password']
diff --git a/html/modules/custom/ghi_embargoed_access/src/EmbargoedAccessManager.php b/html/modules/custom/ghi_embargoed_access/src/EmbargoedAccessManager.php
@@ -0,0 +1,124 @@
+<?php
+
+namespace Drupal\ghi_embargoed_access;
+
+use Drupal\Component\Utility\Html;
+use Drupal\Component\Utility\Random;
+use Drupal\Core\Cache\Cache;
+use Drupal\Core\Entity\EntityTypeManagerInterface;
+use Drupal\Core\Password\PasswordInterface;
+use Drupal\node\NodeInterface;
+use Drupal\protected_pages\ProtectedPagesStorage;
+
+/**
+ * Embargoed access manager service class.
+ */
+class EmbargoedAccessManager {
+
+  /**
+   * The entity type manager service.
+   *
+   * @var \Drupal\Core\Entity\EntityTypeManagerInterface
+   */
+  protected $entityTypeManager;
+
+  /**
+   * The protected pages storage service.
+   *
+   * @var \Drupal\protected_pages\ProtectedPagesStorage
+   */
+  protected $protectedPagesStorage;
+
+  /**
+   * Provides the password hashing service object.
+   *
+   * @var \Drupal\Core\Password\PasswordInterface
+   */
+  protected $password;
+
+  /**
+   * Constructs an embargoed access manager class.
+   */
+  public function __construct(EntityTypeManagerInterface $entity_type_manager, ProtectedPagesStorage $protected_pages_storage, PasswordInterface $password) {
+    $this->entityTypeManager = $entity_type_manager;
+    $this->protectedPagesStorage = $protected_pages_storage;
+    $this->password = $password;
+  }
+
+  /**
+   * Load the id of a protected page item for the given node.
+   *
+   * @param \Drupal\node\NodeInterface $node
+   *   The node for which to load the id.
+   *
+   * @return int|null
+   *   The if of the protected page item or NULL if not found.
+   */
+  public function loadProtectedPageIdForNode(NodeInterface $node) {
+    if (!$node) {
+      return;
+    }
+    $path = '/node/' . $node->id();
+    $fields = ['pid'];
+    $conditions = [
+      'general' => [],
+    ];
+    $conditions['general'][] = [
+      'field' => 'path',
+      'value' => $path,
+      'operator' => '=',
+    ];
+    return $this->protectedPagesStorage->loadProtectedPage($fields, $conditions, TRUE);
+  }
+
+  /**
+   * Check if the given node is protected.
+   *
+   * @param \Drupal\node\NodeInterface $node
+   *   The node to check.
+   *
+   * @return bool
+   *   TRUE if the node is currently protected, FALSE otherwise.
+   */
+  public function isProtected(NodeInterface $node) {
+    $pid = $this->loadProtectedPageIdForNode($node);
+    return !empty($pid);
+  }
+
+  /**
+   * Protect the given node.
+   *
+   * @param \Drupal\node\NodeInterface $node
+   *   The node to protect.
+   */
+  public function protectNode(NodeInterface $node) {
+    if ($this->isProtected($node)) {
+      // Already done.
+      return;
+    }
+    $random = new Random();
+    $page_data = [
+      'password' => $this->password->hash(Html::escape($random->string(32))),
+      'path' => '/node/' . $node->id(),
+    ];
+    $this->protectedPagesStorage->insertProtectedPage($page_data);
+    Cache::invalidateTags($node->getCacheTags());
+  }
+
+  /**
+   * Unprotect the given node.
+   *
+   * @param \Drupal\node\NodeInterface $node
+   *   The node to unprotect.
+   */
+  public function unprotectNode(NodeInterface $node) {
+    $pid = $this->loadProtectedPageIdForNode($node);
+    if (!$pid) {
+      // Already done.
+      return;
+    }
+    $this->protectedPagesStorage->deleteProtectedPage($pid);
+    Cache::invalidateTags($node->getCacheTags());
+  }
+
+}