first pass at coding standards overhaul

config/install/embargoes.settings.yml

@@ -0,0 +1,4 @@
+---
+embargo_contact_email: null
+add_contact_to_notifications: true
+show_embargo_message: true

config/schema/embargoes.schema.yml

@@ -1,6 +1,19 @@
+---
 condition.plugin.embargoes_embargoed_condition:
   type: condition.plugin
   mapping:
     filter:
       type: text
       label: 'Embargo Filter'
+embargoes.settings:
+  type: config_object
+  mapping:
+    embargo_contact_email:
+      type: email
+      label: 'Contact email for embargo notifications'
+    add_contact_to_notifications:
+      type: boolean
+      label: 'Whether to add contact information to embargo notifications'
+    show_embargo_message:
+      type: boolean
+      label: 'Whether to display an embargo warning on embargoed nodes'

config/schema/embargoes_embargo_entity.schema.yml

@@ -17,6 +17,7 @@ embargoes.embargoes_embargo_entity.*:
     exempt_ips:
       type: string
       label: 'Exempt IP Ranges'
+      nullable: true
     exempt_users:
       type: sequence
       label: 'Exempt Users'
@@ -26,8 +27,13 @@ embargoes.embargoes_embargo_entity.*:
           target_id:
             type: integer
     additional_emails:
-      type: string
+      type: sequence
       label: 'Additional Emails'
+      sequence:
+        type: mapping
+        mapping:
+          additional_email:
+            type: string
     embargoed_node:
       type: integer
       label: 'Embargoed Node'

config/schema/embargoes_ip_range_entity.schema.yml

@@ -8,9 +8,14 @@ embargoes.embargoes_ip_range_entity.*:
     label:
       type: label
       label: 'Label'
-    range:
-      type: string
-      label: 'Range'
+    ranges:
+      type: sequence
+      label: 'Ranges'
+      sequence:
+        type: mapping
+        mapping:
+          range:
+            type: string
     proxy_url:
       type: string
       label: 'Proxy URL'

embargoes.install

@@ -1,15 +1,15 @@
 <?php
 
-use Drupal\Core\Database\Database;
-
 /**
-* @file
-* Install, update and uninstall functions for the embargoes module.
-*/
+ * @file
+ * Install, update and uninstall functions for the embargoes module.
+ */
+
+use Drupal\Core\Database\Database;
 
 /**
-* Implements hook_schema().
-*/
+ * Implements hook_schema().
+ */
 function embargoes_schema() {
   $schema['embargoes_log'] = [
     'description' => 'Embargo log table.',

embargoes.module

@@ -1,167 +1,64 @@
 <?php
 
-use \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
-use Symfony\Component\HttpFoundation\RedirectResponse;
 /**
  * @file
- * Contains embargoes.module.
+ * Hook implementations.
  */
 
+use Drupal\Core\Entity\Display\EntityViewDisplayInterface;
+use Drupal\Core\Entity\EntityInterface;
+use Drupal\Core\Session\AccountInterface;
+use Drupal\node\NodeInterface;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+
 /**
  * Implements hook_node_access().
  */
-function embargoes_node_access(\Drupal\node\NodeInterface $node, $operation, \Drupal\Core\Session\AccountInterface $account) {
-  $nids = array($node->id());
-  $ip = \Drupal::request()->getClientIp();
-  $embargoes = \Drupal::service('embargoes.embargoes')->getActiveNodeEmbargoesByNids($nids, $ip, $account);
-  $ip_allowed_embargoes = \Drupal::service('embargoes.embargoes')->getIpAllowedEmbargoes($embargoes);
-  if (!empty($embargoes) && empty($ip_allowed_embargoes)) {
-    $access = \Drupal\Core\Access\AccessResult::forbidden();
-  }
-  else {
-    $access = \Drupal\Core\Access\AccessResult::neutral();
-  }
-  return $access;
+function embargoes_node_access(NodeInterface $node, $operation, AccountInterface $account) {
+  return \Drupal::service('embargoes.node_access')->isActivelyEmbargoed($node, $account);
 }
 
 /**
  * Implements hook_ENTITY_TYPE_access().
  */
-function embargoes_media_access(\Drupal\Core\Entity\EntityInterface $entity, $operation, \Drupal\Core\Session\AccountInterface $account){
-  $nids = \Drupal::service('embargoes.embargoes')->getMediaParentNids($entity->id());
-  $ip = \Drupal::request()->getClientIp();
-  $active_embargoes = \Drupal::service('embargoes.embargoes')->getActiveEmbargoesByNids($nids, $ip, $account);
-  $ip_allowed_embargoes = \Drupal::service('embargoes.embargoes')->getIpAllowedEmbargoes($active_embargoes);
-  if (!empty($active_embargoes) && empty($ip_allowed_embargoes)) {
-    $access = \Drupal\Core\Access\AccessResult::forbidden();
-  }
-  else {
-    $access = \Drupal\Core\Access\AccessResult::neutral();
-  }
-  return $access;
+function embargoes_media_access(EntityInterface $media, $operation, AccountInterface $account) {
+  return \Drupal::service('embargoes.media_access')->isActivelyEmbargoed($media, $account);
 }
 
 /**
  * Implements hook_ENTITY_TYPE_access().
  */
-function embargoes_file_access(\Drupal\Core\Entity\EntityInterface $entity, $operation, \Drupal\Core\Session\AccountInterface $account){
-  $nids = \Drupal::service('embargoes.embargoes')->getParentNidsOfFileEntity($entity);
-  $ip = \Drupal::request()->getClientIp();
-  $active_embargoes = \Drupal::service('embargoes.embargoes')->getActiveEmbargoesByNids($nids, $ip, $account);
-  $ip_allowed_embargoes = \Drupal::service('embargoes.embargoes')->getIpAllowedEmbargoes($active_embargoes);
-  if (!empty($active_embargoes) && empty($ip_allowed_embargoes)) {
-    $access = \Drupal\Core\Access\AccessResult::forbidden();
-  }
-  else {
-    $access = \Drupal\Core\Access\AccessResult::neutral();
-  }
-  return $access;
+function embargoes_file_access(EntityInterface $file, $operation, AccountInterface $account) {
+  return \Drupal::service('embargoes.file_access')->isActivelyEmbargoed($file, $account);
 }
 
 /**
  * Implements hook_node_view().
  */
-function embargoes_node_view(array &$build, \Drupal\Core\Entity\EntityInterface $entity, \Drupal\Core\Entity\Display\EntityViewDisplayInterface $display, $view_mode) {
-  $ip = \Drupal::request()->getClientIp();
-  $user = \Drupal::currentUser();
-  $path = \Drupal::request()->getRequestUri();
-  $active_embargoes = \Drupal::service('embargoes.embargoes')->getActiveEmbargoesByNids(array($entity->id()), $ip, $user);
-  $active_node_embargoes = \Drupal::service('embargoes.embargoes')->getActiveNodeEmbargoesByNids(array($entity->id()), $ip, $user);
-  $ip_allowed_embargoes = \Drupal::service('embargoes.embargoes')->getIpAllowedEmbargoes($active_node_embargoes);
-  if (!empty($active_node_embargoes)) {
-    $build['#attached']['library'][] = 'embargoes/embargoes-file-embargoes';
-  }
-  if (!empty($active_node_embargoes) && !empty($ip_allowed_embargoes)) {
-    $imploded_ranges = implode('.', array_unique($ip_allowed_embargoes));
-    $response = new RedirectResponse("/embargoes/ip-access-denied?path={$path}&ranges={$imploded_ranges}");
+function embargoes_node_view(array &$build, EntityInterface $entity, EntityViewDisplayInterface $display, $view_mode) {
+  $node_embargo = \Drupal::service('embargoes.node_access');
+  $ip_url = $node_embargo->getIpEmbargoedRedirectUrl($entity);
+  if ($ip_url) {
+    $response = new RedirectResponse($ip_url);
     $response->send();
   }
-  else if ((\Drupal::config('embargoes.settings')->get('show_embargo_message') == FALSE || is_null(\Drupal::config('embargoes.settings')->get('show_embargo_message'))) && $view_mode != 'teaser') {;
-    $embargoes = \Drupal::service('embargoes.embargoes')->getCurrentEmbargoesByNids(array($entity->id()));
-    if (!empty($embargoes)) {
-      $build['#cache']['max-age'] = 0;
-      $embargo_count = count($embargoes);
-      $embargo_word = ($embargo_count > 1 ? "embargoes" : "embargo" );
-      drupal_set_message("This resource is under {$embargo_count} {$embargo_word}:", 'warning');
-      foreach ($embargoes as $embargo_id) {
-        $embargo = \Drupal::entityTypeManager()->getStorage('embargoes_embargo_entity')->load($embargo_id);
-        $embargo_message = "- Access to ";
-        if ($embargo->getEmbargoTypeAsInt() == 0) {
-          $embargo_message .= " all associated files of this resource";
-        }
-        else {
-          $embargo_message .= " this resource and all associated files";
-        }
-        $embargo_message .= " is restricted";
-        if ($embargo->getExemptIps() != 'none') {
-          $ip_range = \Drupal::entityTypeManager()->getStorage('embargoes_ip_range_entity')->load($embargo->getExemptIps());
-          $embargo_message .= " to the {$ip_range->label()} network";
-        }
-        else {
-        }
-        if ($embargo->getExpirationTypeAsInt() == 0) {
-          $embargo_message .= " indefinitely.";
-        }
-        else {
-          $embargo_message .= " until {$embargo->getExpirationDate()}.";
-        }
-        drupal_set_message($embargo_message, 'warning');
-      }
-    }
+  else {
+    $node_embargo->setEmbargoMessage($entity);
   }
 }
 
 /**
  * Implements hook_ENTITY_TYPE_view().
  */
-function embargoes_media_view(array &$build, \Drupal\Core\Entity\EntityInterface $entity, \Drupal\Core\Entity\Display\EntityViewDisplayInterface $display, $view_mode) {
-  $ip = \Drupal::request()->getClientIp();
-  $user = \Drupal::currentUser();
-  $path = \Drupal::request()->getRequestUri();
-  $nids = \Drupal::service('embargoes.embargoes')->getMediaParentNids($entity->id());
-  $active_embargoes = \Drupal::service('embargoes.embargoes')->getActiveEmbargoesByNids($nids, $ip, $user);
-  $active_node_embargoes = \Drupal::service('embargoes.embargoes')->getActiveNodeEmbargoesByNids(array($entity->id()), $ip, $user);
-  $ip_allowed_embargoes = \Drupal::service('embargoes.embargoes')->getIpAllowedEmbargoes($active_embargoes);
-  if (!empty($active_embargoes)) {
-    $build['#attached']['library'][] = 'embargoes/embargoes-file-embargoes';
-  }
-  if (!empty($active_node_embargoes) && !empty($ip_allowed_embargoes)) {
-    $imploded_ranges = implode('.', array_unique($ip_allowed_embargoes));
-    $response = new RedirectResponse("/embargoes/ip-access-denied?path={$path}&ranges={$imploded_ranges}");
+function embargoes_media_view(array &$build, EntityInterface $entity, EntityViewDisplayInterface $display, $view_mode) {
+  $media_embargo = \Drupal::service('embargoes.media_access');
+  $ip_url = $media_embargo->getIpEmbargoedRedirectUrl($entity);
+  if ($ip_url) {
+    $response = new RedirectResponse($ip_url);
     $response->send();
   }
-  else if ((\Drupal::config('embargoes.settings')->get('show_embargo_message') == FALSE) || is_null(\Drupal::config('embargoes.settings')->get('show_embargo_message')) && $view_mode != 'teaser') {;
-    $embargoes = \Drupal::service('embargoes.embargoes')->getCurrentEmbargoesByNids(array($entity->id()));
-    if (!empty($embargoes)) {
-      $build['#cache']['max-age'] = 0;
-      $embargo_count = count($embargoes);
-      $embargo_word = ($embargo_count > 1 ? "embargoes" : "embargo" );
-      drupal_set_message("This resource is under {$embargo_count} {$embargo_word}:", 'warning');
-      foreach ($embargoes as $embargo_id) {
-        $embargo = \Drupal::entityTypeManager()->getStorage('embargoes_embargo_entity')->load($embargo_id);
-        $embargo_message = "- Access to ";
-        if ($embargo->getEmbargoTypeAsInt() == 0) {
-          $embargo_message .= " all associated files of this resource";
-        }
-        else {
-          $embargo_message .= " this resource and all associated files";
-        }
-        $embargo_message .= " is restricted";
-        if ($embargo->getExemptIps() != 'none') {
-          $ip_range = \Drupal::entityTypeManager()->getStorage('embargoes_ip_range_entity')->load($embargo->getExemptIps());
-          $embargo_message .= " to the {$ip_range->label()} network";
-        }
-        else {
-        }
-        if ($embargo->getExpirationTypeAsInt() == 0) {
-          $embargo_message .= " indefinitely.";
-        }
-        else {
-          $embargo_message .= " until {$embargo->getExpirationDate()}.";
-        }
-        drupal_set_message($embargo_message, 'warning');
-      }
-    }
+  else {
+    $media_embargo->setEmbargoMessage($entity);
   }
 }
 
@@ -172,17 +69,30 @@ function embargoes_file_download($uri) {
   $files = \Drupal::entityTypeManager()
     ->getStorage('file')
     ->loadByProperties(['uri' => $uri]);
-  $file = array_values($files)[0];
-  $nids = \Drupal::service('embargoes.embargoes')->getParentNidsOfFileEntity($file);
-  $ip = \Drupal::request()->getClientIp();
-  $user = \Drupal::currentUser();
-  $path = \Drupal::request()->getRequestUri();
-  $embargoes = \Drupal::service('embargoes.embargoes')->getActiveEmbargoesByNids($nids, $ip, $user);
-  $ip_allowed_embargoes = \Drupal::service('embargoes.embargoes')->getIpAllowedEmbargoes($embargoes);
-  if (!empty($embargoes) && !empty($ip_allowed_embargoes)) {
-    $imploded_ranges = implode('.', array_unique($ip_allowed_embargoes));
-    $response = new RedirectResponse("/embargoes/ip-access-denied?path={$path}&ranges={$imploded_ranges}");
+  $file = reset($files);
+  $file_embargo = \Drupal::service('embargoes.file_access');
+  $ip_url = $file_embargo->getIpEmbargoedRedirectUrl($file);
+  if ($ip_url) {
+    $response = new RedirectResponse($ip_url);
     $response->send();
   }
-  return NULL;
+}
+
+/**
+ * Implements hook_theme().
+ */
+function embargoes_theme($existing, $type, $theme, $path) {
+  return [
+    'embargoes_ip_access_denied' => [
+      'render element' => 'children',
+      'template' => 'embargoes-ip-access-denied',
+      'variables' => [
+        'requested_resource' => NULL,
+        // Indexed array of ranges containing a 'proxy URL' (NULL if none exist)
+        // and a display 'label'.
+        'ranges' => [],
+        'contact_email' => '',
+      ],
+    ],
+  ];
 }

embargoes.services.yml

@@ -7,7 +7,40 @@ services:
     arguments: ['@database']
   embargoes.embargoes:
     class: Drupal\embargoes\EmbargoesEmbargoesService
-    arguments: []
+    arguments: ['@entity_type.manager', '@entity_field.manager', '@embargoes.ips']
   embargoes.ips:
     class: Drupal\embargoes\EmbargoesIpRangesService
-    arguments: []
+    arguments: ['@entity_type.manager']
+  embargoes.node_access:
+    class: Drupal\embargoes\Access\EmbargoedNodeAccess
+    arguments:
+      - '@embargoes.embargoes'
+      - '@request_stack'
+      - '@entity_type.manager'
+      - '@config.factory'
+      - '@messenger'
+      - '@string_translation'
+      - '@url_generator'
+      - '@current_user'
+  embargoes.media_access:
+    class: Drupal\embargoes\Access\EmbargoedMediaAccess
+    arguments:
+      - '@embargoes.embargoes'
+      - '@request_stack'
+      - '@entity_type.manager'
+      - '@config.factory'
+      - '@messenger'
+      - '@string_translation'
+      - '@url_generator'
+      - '@current_user'
+  embargoes.file_access:
+    class: Drupal\embargoes\Access\EmbargoedFileAccess
+    arguments:
+      - '@embargoes.embargoes'
+      - '@request_stack'
+      - '@entity_type.manager'
+      - '@config.factory'
+      - '@messenger'
+      - '@string_translation'
+      - '@url_generator'
+      - '@current_user'