view core/lib/Drupal/Core/Entity/EntityResolverManager.php @ 13:5fb285c0d0e3

Update Drupal core to 8.4.7 via Composer. Security update; I *think* we've been lucky to get away with this so far, as we don't support self-registration which seems to be used by the so-called "drupalgeddon 2" attack that 8.4.5 was vulnerable to.
author Chris Cannam
date Mon, 23 Apr 2018 09:33:26 +0100
parents 4c8ae668cc8c
children af1871eacc83
line wrap: on
line source
<?php

namespace Drupal\Core\Entity;

use Drupal\Core\DependencyInjection\ClassResolverInterface;
use Symfony\Component\Routing\Route;

/**
 * Sets the entity route parameter converter options automatically.
 *
 * If controllers of routes with route parameters, type-hint the parameters with
 * an entity interface, upcasting is done automatically.
 */
class EntityResolverManager {

  /**
   * The entity manager.
   *
   * @var \Drupal\Core\Entity\EntityManagerInterface
   */
  protected $entityManager;

  /**
   * The class resolver.
   *
   * @var \Drupal\Core\DependencyInjection\ClassResolverInterface
   */
  protected $classResolver;

  /**
   * Constructs a new EntityRouteAlterSubscriber.
   *
   * @param \Drupal\Core\Entity\EntityManagerInterface $entity_manager
   *   The entity manager.
   * @param \Drupal\Core\DependencyInjection\ClassResolverInterface $class_resolver
   *   The class resolver.
   */
  public function __construct(EntityManagerInterface $entity_manager, ClassResolverInterface $class_resolver) {
    $this->entityManager = $entity_manager;
    $this->classResolver = $class_resolver;
  }

  /**
   * Gets the controller class using route defaults.
   *
   * By design we cannot support all possible routes, but just the ones which
   * use the defaults provided by core, which are _controller and _form.
   *
   * Rather than creating an instance of every controller determine the class
   * and method that would be used. This is not possible for the service:method
   * notation as the runtime container does not allow static introspection.
   *
   * @see \Drupal\Core\Controller\ControllerResolver::getControllerFromDefinition()
   * @see \Drupal\Core\Controller\ClassResolver::getInstanceFromDefinition()
   *
   * @param array $defaults
   *   The default values provided by the route.
   *
   * @return string|null
   *   Returns the controller class, otherwise NULL.
   */
  protected function getControllerClass(array $defaults) {
    $controller = NULL;
    if (isset($defaults['_controller'])) {
      $controller = $defaults['_controller'];
    }

    if (isset($defaults['_form'])) {
      $controller = $defaults['_form'];
      // Check if the class exists and if so use the buildForm() method from the
      // interface.
      if (class_exists($controller)) {
        return [$controller, 'buildForm'];
      }
    }

    if (strpos($controller, ':') === FALSE) {
      if (method_exists($controller, '__invoke')) {
        return [$controller, '__invoke'];
      }
      if (function_exists($controller)) {
        return $controller;
      }
      return NULL;
    }

    $count = substr_count($controller, ':');
    if ($count == 1) {
      // Controller in the service:method notation. Get the information from the
      // service. This is dangerous as the controller could depend on services
      // that could not exist at this point. There is however no other way to
      // do it, as the container does not allow static introspection.
      list($class_or_service, $method) = explode(':', $controller, 2);
      return [$this->classResolver->getInstanceFromDefinition($class_or_service), $method];
    }
    elseif (strpos($controller, '::') !== FALSE) {
      // Controller in the class::method notation.
      return explode('::', $controller, 2);
    }

    return NULL;
  }

  /**
   * Sets the upcasting information using reflection.
   *
   * @param string|array $controller
   *   A PHP callable representing the controller.
   * @param \Symfony\Component\Routing\Route $route
   *   The route object to populate without upcasting information.
   *
   * @return bool
   *   Returns TRUE if the upcasting parameters could be set, FALSE otherwise.
   */
  protected function setParametersFromReflection($controller, Route $route) {
    $entity_types = $this->getEntityTypes();
    $parameter_definitions = $route->getOption('parameters') ?: [];

    $result = FALSE;

    if (is_array($controller)) {
      list($instance, $method) = $controller;
      $reflection = new \ReflectionMethod($instance, $method);
    }
    else {
      $reflection = new \ReflectionFunction($controller);
    }

    $parameters = $reflection->getParameters();
    foreach ($parameters as $parameter) {
      $parameter_name = $parameter->getName();
      // If the parameter name matches with an entity type try to set the
      // upcasting information automatically. Therefore take into account that
      // the user has specified some interface, so the upcasting is intended.
      if (isset($entity_types[$parameter_name])) {
        $entity_type = $entity_types[$parameter_name];
        $entity_class = $entity_type->getClass();
        if (($reflection_class = $parameter->getClass()) && (is_subclass_of($entity_class, $reflection_class->name) || $entity_class == $reflection_class->name)) {
          $parameter_definitions += [$parameter_name => []];
          $parameter_definitions[$parameter_name] += [
            'type' => 'entity:' . $parameter_name,
          ];
          $result = TRUE;
        }
      }
    }
    if (!empty($parameter_definitions)) {
      $route->setOption('parameters', $parameter_definitions);
    }
    return $result;
  }

  /**
   * Sets the upcasting information using the _entity_* route defaults.
   *
   * Supports the '_entity_view' and '_entity_form' route defaults.
   *
   * @param \Symfony\Component\Routing\Route $route
   *   The route object.
   */
  protected function setParametersFromEntityInformation(Route $route) {
    if ($entity_view = $route->getDefault('_entity_view')) {
      list($entity_type) = explode('.', $entity_view, 2);
    }
    elseif ($entity_form = $route->getDefault('_entity_form')) {
      list($entity_type) = explode('.', $entity_form, 2);
    }

    // Do not add parameter information if the route does not declare a
    // parameter in the first place. This is the case for add forms, for
    // example.
    if (isset($entity_type) && isset($this->getEntityTypes()[$entity_type]) && (strpos($route->getPath(), '{' . $entity_type . '}') !== FALSE)) {
      $parameter_definitions = $route->getOption('parameters') ?: [];

      // First try to figure out whether there is already a parameter upcasting
      // the same entity type already.
      foreach ($parameter_definitions as $info) {
        if (isset($info['type']) && (strpos($info['type'], 'entity:') === 0)) {
          // The parameter types are in the form 'entity:$entity_type'.
          list(, $parameter_entity_type) = explode(':', $info['type'], 2);
          if ($parameter_entity_type == $entity_type) {
            return;
          }
        }
      }

      if (!isset($parameter_definitions[$entity_type])) {
        $parameter_definitions[$entity_type] = [];
      }
      $parameter_definitions[$entity_type] += [
        'type' => 'entity:' . $entity_type,
      ];
      if (!empty($parameter_definitions)) {
        $route->setOption('parameters', $parameter_definitions);
      }
    }
  }

  /**
   * Set the upcasting route objects.
   *
   * @param \Symfony\Component\Routing\Route $route
   *   The route object to add the upcasting information onto.
   */
  public function setRouteOptions(Route $route) {
    if ($controller = $this->getControllerClass($route->getDefaults())) {
      // Try to use reflection.
      if ($this->setParametersFromReflection($controller, $route)) {
        return;
      }
    }

    // Try to use _entity_* information on the route.
    $this->setParametersFromEntityInformation($route);
  }

  /**
   * Gets the list of all entity types.
   *
   * @return \Drupal\Core\Entity\EntityTypeInterface[]
   */
  protected function getEntityTypes() {
    if (!isset($this->entityTypes)) {
      $this->entityTypes = $this->entityManager->getDefinitions();
    }
    return $this->entityTypes;
  }

}