diff --git a/core/modules/overlay/lib/Drupal/overlay/Access/DismissMessageAccessCheck.php b/core/modules/overlay/lib/Drupal/overlay/Access/DismissMessageAccessCheck.php new file mode 100644 index 0000000000000000000000000000000000000000..3c74bab0f9236b5f9a2ca297b1c5edaba18dc32b --- /dev/null +++ b/core/modules/overlay/lib/Drupal/overlay/Access/DismissMessageAccessCheck.php @@ -0,0 +1,43 @@ +getRequirements()); + } + + /** + * {@inheritdoc} + */ + public function access(Route $route, Request $request) { + $account = $request->attributes->get('account'); + if (!user_access('access overlay', $account)) { + return static::DENY; + } + // It's unlikely, but possible that "access overlay" permission is granted + // to the anonymous role. In this case, we do not display the message to + // disable the overlay, so there is nothing to dismiss. + if (!$account->id()) { + return static::DENY; + } + return static::ALLOW; + } + +} diff --git a/core/modules/overlay/lib/Drupal/overlay/Controller/OverlayController.php b/core/modules/overlay/lib/Drupal/overlay/Controller/OverlayController.php new file mode 100644 index 0000000000000000000000000000000000000000..b8347685348dc50718a216ead5d43cf294a56200 --- /dev/null +++ b/core/modules/overlay/lib/Drupal/overlay/Controller/OverlayController.php @@ -0,0 +1,44 @@ +attributes->get('account'); + + // @todo Integrate CSRF link token directly into routing system: http://drupal.org/node/1798296. + $token = $request->attributes->get('token'); + if (!isset($token) || !drupal_valid_token($token, 'overlay')) { + throw new AccessDeniedHttpException(); + } + $request->attributes->get('user.data')->set('overlay', $account->id(), 'message_dismissed', 1); + drupal_set_message(t('The message has been dismissed. You can change your overlay settings at any time by visiting your profile page.')); + // Destination is normally given. Go to the user profile as a fallback. + return new RedirectResponse(url('user/' . $account->id() . '/edit', array('absolute' => TRUE))); + } + +} diff --git a/core/modules/overlay/overlay.module b/core/modules/overlay/overlay.module index 40a0c76a65aa917272585d46fc47f6a4fa644dc2..0a316e501b0f71e0648368857bf3ad95052d9444 100644 --- a/core/modules/overlay/overlay.module +++ b/core/modules/overlay/overlay.module @@ -35,12 +35,6 @@ function overlay_menu() { 'access arguments' => array('access overlay'), 'type' => MENU_CALLBACK, ); - $items['overlay/dismiss-message'] = array( - 'title' => '', - 'page callback' => 'overlay_user_dismiss_message', - 'access callback' => 'overlay_user_dismiss_message_access', - 'type' => MENU_CALLBACK, - ); return $items; } @@ -219,56 +213,6 @@ function overlay_page_alter(&$page) { } } -/** - * Access callback: Determines access to dismiss the accessibility message. - * - * @return - * TRUE if the user has permission to dismiss the accessibility message or if - * the user is anonymous. FALSE if otherwise. - * - * @see overlay_user_dismiss_message() - * @see overlay_menu() - */ -function overlay_user_dismiss_message_access() { - global $user; - if (!user_access('access overlay')) { - return FALSE; - } - // It's unlikely, but possible that "access overlay" permission is granted to - // the anonymous role. In this case, we do not display the message to disable - // the overlay, so there is nothing to dismiss. - if (empty($user->uid)) { - return FALSE; - } - return TRUE; -} - -/** - * Page callback: Dismisses the overlay accessibility message for this user. - * - * @return - * A render array for a page containing a list of content. - * - * @see overlay_user_dismiss_message_access() - * @see overlay_menu() - */ -function overlay_user_dismiss_message() { - global $user; - - // @todo CSRF tokens are validated in page callbacks rather than access - // callbacks, because access callbacks are also invoked during menu link - // generation. Add token support to routing: http://drupal.org/node/755584. - $token = Drupal::request()->query->get('token'); - if (!isset($token) || !drupal_valid_token($token, 'overlay')) { - throw new AccessDeniedHttpException(); - } - - Drupal::service('user.data')->set('overlay', $user->uid, 'message_dismissed', 1); - drupal_set_message(t('The message has been dismissed. You can change your overlay settings at any time by visiting your profile page.')); - // Destination is normally given. Go to the user profile as a fallback. - return new RedirectResponse(url('user/' . $user->uid . '/edit', array('absolute' => TRUE))); -} - /** * Returns a renderable array representing a message for disabling the overlay. * diff --git a/core/modules/overlay/overlay.routing.yml b/core/modules/overlay/overlay.routing.yml new file mode 100644 index 0000000000000000000000000000000000000000..9f22f5617ab9ca444ac6b56cf62700643eac9507 --- /dev/null +++ b/core/modules/overlay/overlay.routing.yml @@ -0,0 +1,7 @@ +overlay_message: + pattern: '/overlay/dismiss-message' + defaults: + _controller: '\Drupal\overlay\Controller\OverlayController::overlayMessage' + requirements: + _access_overlay_dismiss_message: 'TRUE' + diff --git a/core/modules/overlay/overlay.services.yml b/core/modules/overlay/overlay.services.yml index b15e6cda7ed39d143425570033acd52c9c99bc1a..aed4378f0d7ef66102d552318d0bfc64866b3806 100644 --- a/core/modules/overlay/overlay.services.yml +++ b/core/modules/overlay/overlay.services.yml @@ -4,3 +4,8 @@ services: tags: - { name: event_subscriber } arguments: ['@content_negotiation', '@user.data', '@url_generator'] + + access_check.overlay.dismiss_message: + class: Drupal\overlay\Access\DismissMessageAccessCheck + tags: + - { name: access_check }