Issue #3331242 by webflo: Fix permission check for message bulk delete

d603a57a · Florian Weber · Jonathan Hedstrom · b4649a47 · d603a57a · d603a57a
Unverified Commit d603a57a authored Jan 23, 2023 by Florian Weber Committed by Jonathan Hedstrom Jan 23, 2023
--- a/config/install/system.action.message_delete_action.yml
+++ b/config/install/system.action.message_delete_action.yml
@@ -3,7 +3,7 @@ label: 'Delete selected messages'
 status: true
 langcode: en
 type: message
-plugin: message_delete_action
+plugin: entity:delete_action:message
 dependencies:
  module:
    - message
--- a/config/schema/message.schema.yml
+++ b/config/schema/message.schema.yml
@@ -75,10 +75,6 @@ message.template.*:
              weight:
                type: integer

-action.configuration.message_delete_action:
-  type: action_configuration_default
-  label: 'Delete message configuration'
-
 message.message:
  type: mapping
  label: 'Message settings'

--- a/message.install
+++ b/message.install
@@ -27,3 +27,20 @@ function message_update_8100() {
    }
  }
 }
+
+/**
+ * Update message_delete_action plugin.
+ */
+function message_update_8102() {
+  $ids = \Drupal::entityQuery('action')
+    ->accessCheck(FALSE)
+    ->condition('plugin', 'message_delete_action')
+    ->execute();
+
+  foreach ($ids as $id) {
+    \Drupal::configFactory()
+      ->getEditable('system.action.' . $id)
+      ->set('plugin', 'entity:delete_action:message')
+      ->save();
+  }
+}
--- a/message.routing.yml
+++ b/message.routing.yml
@@ -55,10 +55,3 @@ message.settings:
    _form: 'Drupal\message\Form\MessageSettingsForm'
  requirements:
    _permission: 'administer message templates'
-
-message.multiple_delete_confirm:
-  path: '/admin/content/message/delete'
-  defaults:
-    _form: '\Drupal\message\Form\DeleteMultiple'
-  requirements:
-    _permission: 'administer message templates'
--- a/src/Entity/Message.php
+++ b/src/Entity/Message.php
@@ -49,9 +49,17 @@ use Drupal\user\UserInterface;
 *     "views_data" = "Drupal\message\MessageViewsData",
 *     "form" = {
 *       "default" = "Drupal\Core\Entity\ContentEntityForm",
+ *       "delete-multiple-confirm" = "Drupal\Core\Entity\Form\DeleteMultipleForm",
 *     },
+ *     "route_provider" = {
+ *       "html" = "\Drupal\Core\Entity\Routing\DefaultHtmlRouteProvider",
 *     },
- *   field_ui_base_route = "entity.message_template.edit_form"
+ *   },
+ *   field_ui_base_route = "entity.message_template.edit_form",
+ *   admin_permission = "administer messages",
+ *   links = {
+ *     "delete-multiple-form" = "/admin/content/message/delete",
+ *   }
 * )
 */
 class Message extends ContentEntityBase implements MessageInterface {
@@ -414,4 +422,15 @@ class Message extends ContentEntityBase implements MessageInterface {
    return [\Drupal::currentUser()->id()];
  }

+  /**
+   * {@inheritdoc}
+   */
+  public function label() {
+    $params = [
+      '@id' => $this->id(),
+      '@template' => $this->getTemplate()->label(),
+    ];
+    return t('Message ID @id (template: @template)', $params);
+  }
+
 }
--- a/src/Form/DeleteMultiple.php
+++ b/src/Form/DeleteMultiple.php
-<?php
-
-namespace Drupal\message\Form;
-
-use Drupal\Core\Entity\EntityTypeManagerInterface;
-use Drupal\Core\Form\ConfirmFormBase;
-use Drupal\Core\Form\FormStateInterface;
-use Drupal\Core\Url;
-use Drupal\message\Entity\Message;
-use Drupal\Core\TempStore\PrivateTempStoreFactory;
-use Symfony\Component\HttpFoundation\RedirectResponse;
-use Symfony\Component\DependencyInjection\ContainerInterface;
-
-/**
- * Provides a message deletion confirmation form.
- */
-class DeleteMultiple extends ConfirmFormBase {
-  /**
-   * The array of messages to delete.
-   *
-   * @var array
-   */
-  protected $messages = [];
-
-  /**
-   * The tempstore factory.
-   *
-   * @var \Drupal\Core\TempStore\PrivateTempStoreFactory
-   */
-  protected $tempStoreFactory;
-
-  /**
-   * Constructs a DeleteMultiple form object.
-   *
-   * @param \Drupal\Core\TempStore\PrivateTempStoreFactory $temp_store_factory
-   *   The tempstore factory.
-   * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
-   *   The entity type manager.
-   */
-  public function __construct(PrivateTempStoreFactory $temp_store_factory, EntityTypeManagerInterface $entity_type_manager) {
-    $this->tempStoreFactory = $temp_store_factory;
-    $this->storage = $entity_type_manager->getStorage('message');
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  public static function create(ContainerInterface $container) {
-    return new static(
-      $container->get('tempstore.private'),
-      $container->get('entity_type.manager')
-    );
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  public function getFormId() {
-    return 'message_multiple_delete_confirm';
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  public function getQuestion() {
-    return \Drupal::translation()->formatPlural(count($this->messages), 'Are you sure you want to delete this item?', 'Are you sure you want to delete these items?');
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  public function getCancelRoute() {
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  public function getConfirmText() {
-    return t('Delete');
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  public function buildForm(array $form, FormStateInterface $form_state) {
-    $this->messages = $this->tempStoreFactory->get('message_multiple_delete_confirm')->get(\Drupal::currentUser()->id());
-    if (empty($this->messages)) {
-      return new RedirectResponse($this->getCancelUrl()->setAbsolute()->toString());
-    }
-
-    $form['messages'] = [
-      '#theme' => 'item_list',
-      '#items' => array_map(function (Message $message) {
-        $params = [
-          '@id' => $message->id(),
-          '@template' => $message->getTemplate()->label(),
-        ];
-        return t('Delete message ID @id for template @template', $params);
-      }, $this->messages),
-    ];
-    $form = parent::buildForm($form, $form_state);
-
-    $form['actions']['cancel']['#href'] = $this->getCancelRoute();
-    $form['actions']['submit']['#submit'] = ['::submitForm'];
-    return $form;
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  public function submitForm(array &$form, FormStateInterface $form_state) {
-    if ($form_state->getValue('confirm') && !empty($this->messages)) {
-      $this->storage->delete($this->messages);
-      $this->tempStoreFactory->get('message_multiple_delete_confirm')->delete(\Drupal::currentUser()->id());
-      $count = count($this->messages);
-      $this->logger('message')->notice('Deleted @count messages.', ['@count' => $count]);
-      $this->messenger()->addMessage(\Drupal::translation()->formatPlural($count, 'Deleted 1 message.', 'Deleted @count messages.'));
-    }
-    $form_state->setRedirect('message.messages');
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  public function getCancelUrl() {
-    return new Url('message.messages');
-  }
-
-}
--- a/src/Plugin/Action/DeleteMessage.php
+++ b/src/Plugin/Action/DeleteMessage.php
-<?php
-
-namespace Drupal\message\Plugin\Action;
-
-use Drupal\Core\Action\ActionBase;
-use Drupal\Core\Plugin\ContainerFactoryPluginInterface;
-use Drupal\Core\Session\AccountInterface;
-use Drupal\Core\TempStore\PrivateTempStoreFactory;
-use Symfony\Component\DependencyInjection\ContainerInterface;
-
-/**
- * Redirects to a message deletion form.
- *
- * @Action(
- *   id = "message_delete_action",
- *   label = @Translation("Delete selected content"),
- *   type = "message",
- *   confirm_form_route_name = "message.multiple_delete_confirm"
- * )
- */
-class DeleteMessage extends ActionBase implements ContainerFactoryPluginInterface {
-
-  /**
-   * The tempstore object.
-   *
-   * @var \Drupal\Core\TempStore\PrivateTempStore
-   */
-  protected $tempStore;
-
-  /**
-   * The current user.
-   *
-   * @var \Drupal\Core\Session\AccountInterface
-   */
-  protected $currentUser;
-
-  /**
-   * Constructs a new DeleteMessage object.
-   *
-   * @param array $configuration
-   *   A configuration array containing information about the plugin instance.
-   * @param string $plugin_id
-   *   The plugin ID for the plugin instance.
-   * @param mixed $plugin_definition
-   *   The plugin implementation definition.
-   * @param \Drupal\Core\TempStore\PrivateTempStoreFactory $temp_store_factory
-   *   The tempstore factory.
-   * @param \Drupal\Core\Session\AccountInterface $current_user
-   *   Current user.
-   */
-  public function __construct(array $configuration, $plugin_id, $plugin_definition, PrivateTempStoreFactory $temp_store_factory, AccountInterface $current_user) {
-    $this->currentUser = $current_user;
-    $this->tempStore = $temp_store_factory->get('message_multiple_delete_confirm');
-
-    parent::__construct($configuration, $plugin_id, $plugin_definition);
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
-    return new static(
-      $configuration,
-      $plugin_id,
-      $plugin_definition,
-      $container->get('tempstore.private'),
-      $container->get('current_user')
-    );
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  public function executeMultiple(array $entities) {
-    $this->tempStore->set($this->currentUser->id(), $entities);
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  public function execute($object = NULL) {
-    $this->executeMultiple([$object]);
-  }
-
-  /**
-   * {@inheritdoc}
-   */
-  public function access($object, AccountInterface $account = NULL, $return_as_object = FALSE) {
-    return $account->hasPermission('administer messages');
-  }
-
-}