diff --git a/config/install/restrict_ip.settings.yml b/config/install/restrict_ip.settings.yml
index 0ff4dd7..e101aae 100644
--- a/config/install/restrict_ip.settings.yml
+++ b/config/install/restrict_ip.settings.yml
@@ -33,3 +33,12 @@ country_white_black_list: 0
# A string indicating which countries should be white/black listed
country_list: ''
+
+# String displaying when acess is denied.
+access_denied_message: 'The page you are trying to access cannot be accessed from your IP address.'
+
+# Enable or disable access denied message
+access_denied_message_status: 1
+
+# Default access page.
+default_access_page: 1
diff --git a/config/schema/restrict_ip.schema.yml b/config/schema/restrict_ip.schema.yml
index 8a0928e..bc77e1e 100644
--- a/config/schema/restrict_ip.schema.yml
+++ b/config/schema/restrict_ip.schema.yml
@@ -26,3 +26,12 @@ restrict_ip.settings:
country_list:
type: string
label: 'A colon separated list of countries that should be white/black listed'
+ access_denied_message:
+ type: string
+ label: 'String displaying when acess is denied'
+ access_denied_message_status:
+ type: integer
+ label: 'Enable or disable access denied message'
+ default_access_page:
+ type: integer
+ label: 'Redirect to default access denied page'
diff --git a/restrict_ip.services.yml b/restrict_ip.services.yml
index 6f45044..f8a7045 100644
--- a/restrict_ip.services.yml
+++ b/restrict_ip.services.yml
@@ -28,5 +28,6 @@ services:
- '@logger.factory'
- '@module_handler'
- '@url_generator'
+ - '@messenger'
tags:
- {name: event_subscriber}
diff --git a/src/Controller/PageController.php b/src/Controller/PageController.php
index 11d1356..0c5c29e 100644
--- a/src/Controller/PageController.php
+++ b/src/Controller/PageController.php
@@ -12,6 +12,7 @@ use Drupal\Core\Session\AccountProxyInterface;
use Drupal\Core\Url;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
class PageController extends ControllerBase implements PageControllerInterface
{
@@ -102,8 +103,13 @@ class PageController extends ControllerBase implements PageControllerInterface
}
$config = $this->configFactory->get('restrict_ip.settings');
+
+ if($config->get('default_access_page')) {
+ throw new AccessDeniedHttpException();
+ }
+
$page['access_denied'] = [
- '#markup' => $this->t('The page you are trying to access cannot be accessed from your IP address.'),
+ '#markup' => $config->get('access_denied_message'),
'#prefix' => '',
'#suffix' => '
',
];
diff --git a/src/EventSubscriber/RestrictIpEventSubscriber.php b/src/EventSubscriber/RestrictIpEventSubscriber.php
index 84ae14a..1711a1c 100644
--- a/src/EventSubscriber/RestrictIpEventSubscriber.php
+++ b/src/EventSubscriber/RestrictIpEventSubscriber.php
@@ -5,6 +5,7 @@ namespace Drupal\restrict_ip\EventSubscriber;
use Drupal\Core\Config\ConfigFactoryInterface;
use Drupal\Core\Extension\ModuleHandlerInterface;
use Drupal\Core\Logger\LoggerChannelFactoryInterface;
+use Drupal\Core\Messenger\Messenger;
use Drupal\Core\Routing\UrlGeneratorInterface;
use Drupal\Core\Url;
use Drupal\restrict_ip\Service\RestrictIpServiceInterface;
@@ -30,25 +31,32 @@ class RestrictIpEventSubscriber implements EventSubscriberInterface
protected $loggerFactory;
/**
- * The Module Handler service
+ * The Module Handler service.
*
* @var \Drupal\Core\Extension\ModuleHandlerInterface
*/
protected $moduleHandler;
/**
- * The Url Generator service
+ * The Url Generator service.
*
* @var \Drupal\Core\Routing\UrlGeneratorInterface
*/
protected $urlGenerator;
- /**
- * The Restrict IP configuration settings
- *
- * @var \Drupal\Core\Config\ImmutableConfig
- */
- protected $config;
+ /**
+ * The config factory service.
+ *
+ * @var \Drupal\Core\Config\ConfigFactoryInterface
+ */
+ protected $configFactory;
+
+ /**
+ * The messenger service.
+ *
+ * @var \Drupal\Core\Messenger\Messenger
+ */
+ protected $messenger;
/**
* Creates an instance of the RestrictIpEventSubscriber class
@@ -64,14 +72,14 @@ class RestrictIpEventSubscriber implements EventSubscriberInterface
* @param \Drupal\Core\Routing\UrlGeneratorInterface $urlGenerator
* The Url Generator service
*/
- public function __construct(RestrictIpServiceInterface $restrictIpService, ConfigFactoryInterface $configFactory, LoggerChannelFactoryInterface $loggerFactory, ModuleHandlerInterface $moduleHandler, UrlGeneratorInterface $urlGenerator)
+ public function __construct(RestrictIpServiceInterface $restrictIpService, ConfigFactoryInterface $configFactory, LoggerChannelFactoryInterface $loggerFactory, ModuleHandlerInterface $moduleHandler, UrlGeneratorInterface $urlGenerator, Messenger $messenger)
{
$this->restrictIpService = $restrictIpService;
$this->loggerFactory = $loggerFactory;
$this->moduleHandler = $moduleHandler;
$this->urlGenerator = $urlGenerator;
-
- $this->config = $configFactory->get('restrict_ip.settings');
+ $this->messenger = $messenger;
+ $this->configFactory = $configFactory;
}
/**
@@ -88,6 +96,7 @@ class RestrictIpEventSubscriber implements EventSubscriberInterface
public function checkIpRestricted(GetResponseEvent $event)
{
unset($_SESSION['restrict_ip']);
+ $restrict_config = $this->configFactory->get('restrict_ip.settings');
$this->restrictIpService->testForBlock();
@@ -95,36 +104,41 @@ class RestrictIpEventSubscriber implements EventSubscriberInterface
{
if($this->restrictIpService->getCurrentPath() != '/restrict_ip/access_denied')
{
- if($this->moduleHandler->moduleExists('dblog') && $this->config->get('dblog'))
+ if($this->moduleHandler->moduleExists('dblog') && $restrict_config->get('dblog'))
{
$this->loggerFactory->get('Restrict IP')->warning('Access to the path %path was blocked for the IP address %ip_address', ['%path' => $this->restrictIpService->getCurrentPath(), '%ip_address' => $this->restrictIpService->getCurrentUserIp()]);
}
- if($this->config->get('allow_role_bypass') && $this->config->get('bypass_action') === 'redirect_login_page')
+ if($restrict_config->get('allow_role_bypass') && $restrict_config->get('bypass_action') === 'redirect_login_page')
{
// Redirect the user to the change password page
$url = Url::fromRoute('user.login');
$event->setResponse(new RedirectResponse($url->toString()));
}
- elseif(in_array($this->config->get('white_black_list'), [0, 1]))
+ elseif(in_array($restrict_config->get('white_black_list'), [0, 1]))
{
$url = Url::fromRoute('restrict_ip.access_denied_page');
$event->setResponse(new RedirectResponse($url->toString()));
}
- else
+ elseif($restrict_config->get('access_denied_message_status') !== 0)
{
- $this->setMessage(t('The page you are trying to access cannot be accessed from your IP address.'));
- $url = $this->urlGenerator->generateFromRoute('');
+ if($restrict_config->get('default_access_page') === 1) {
+ $access_denied_page = $this->configFactory->get('system.site')->get('page')['403'];
+ $url = Url::fromUserInput($access_denied_page,[])->toString();
+ } else {
+ $url = $this->urlGenerator->generateFromRoute('');
+ }
+
+ $this->messenger->addError($restrict_config->get('access_denied_message'));
$event->setResponse(new RedirectResponse($url));
}
+ else {
+ $url = $this->urlGenerator->generateFromRoute('');
+ $event->setResponse(new RedirectResponse($url));
+ }
}
}
}
-
- private function setMessage($message)
- {
- drupal_set_message($message);
- }
}
diff --git a/src/Form/ConfigForm.php b/src/Form/ConfigForm.php
index acaf1b7..e67d299 100644
--- a/src/Form/ConfigForm.php
+++ b/src/Form/ConfigForm.php
@@ -2,6 +2,7 @@
namespace Drupal\restrict_ip\Form;
+use Drupal\Core\Cache\CacheBackendInterface;
use Drupal\Core\Extension\ModuleHandlerInterface;
use Drupal\Core\Form\ConfigFormBase;
use Drupal\Core\Form\FormStateInterface;
@@ -63,6 +64,13 @@ class ConfigForm extends ConfigFormBase
*/
protected $blacklistedPagePaths;
+ /**
+ * Cache service.
+ *
+ * @var \Drupal\Core\Cache\CacheBackendInterface
+ */
+ protected $cacheService;
+
/**
* Constructs a Restrict IP ConfigForm object
*
@@ -75,7 +83,7 @@ class ConfigForm extends ConfigFormBase
* @param \Drupal\restrict_ip\Service\RestrictIpServiceInterface $restrictIpService
* The Restrict IP service object
*/
- public function __construct(AccountProxyInterface $currentUser, ModuleHandlerInterface $moduleHandler, CountryManagerInterface $countryManager, RestrictIpServiceInterface $restrictIpService)
+ public function __construct(AccountProxyInterface $currentUser, ModuleHandlerInterface $moduleHandler, CountryManagerInterface $countryManager, RestrictIpServiceInterface $restrictIpService, CacheBackendInterface $cacheService)
{
$this->currentUser = $currentUser;
$this->moduleHandler = $moduleHandler;
@@ -85,6 +93,7 @@ class ConfigForm extends ConfigFormBase
$this->whitelistedIpAddresses = $this->restrictIpService->getWhitelistedIpAddresses();
$this->whitelistedPagePaths = $this->restrictIpService->getWhitelistedPagePaths();
$this->blacklistedPagePaths = $this->restrictIpService->getBlacklistedPagePaths();
+ $this->cacheService = $cacheService;
}
/**
@@ -96,7 +105,8 @@ class ConfigForm extends ConfigFormBase
$container->get('current_user'),
$container->get('module_handler'),
$container->get('country_manager'),
- $container->get('restrict_ip.service')
+ $container->get('restrict_ip.service'),
+ $container->get('cache.default')
);
}
@@ -288,6 +298,27 @@ class ConfigForm extends ConfigFormBase
];
}
+ $form['access_denied_message'] = [
+ '#title' => $this->t('Text to display when access is restricted.'),
+ '#type' => 'textarea',
+ '#default_value' => $config->get('access_denied_message'),
+ '#description' => $this->t('Text that will be shown when access is denied.'),
+ ];
+
+ $form['default_access_page'] = [
+ '#title' => $this->t('Default access denied page'),
+ '#type' => 'checkbox',
+ '#default_value' => $config->get('default_access_page'),
+ '#description' => $this->t('When this box is checked, default Drupal access denied page is shown. You can modify it in basic site settings.'),
+ ];
+
+ $form['access_denied_message_status'] = [
+ '#title' => $this->t('Enables or disables access denied notification.'),
+ '#type' => 'checkbox',
+ '#default_value' => $config->get('access_denied_message_status'),
+ '#description' => $this->t('When this box is checked, access denied notification will show.'),
+ ];
+
return parent::buildForm($form, $form_state);
}
@@ -429,7 +460,7 @@ class ConfigForm extends ConfigFormBase
$form_state->setValue('page_blacklist', []);
}
}
-
+
public function submitForm(array &$form, FormStateInterface $form_state)
{
if($this->moduleHandler->moduleExists('ip2country'))
@@ -457,6 +488,9 @@ class ConfigForm extends ConfigFormBase
->set('bypass_action', (string) $form_state->getValue('bypass_action'))
->set('white_black_list', (int) $form_state->getValue('white_black_list'))
->set('country_white_black_list', (int) $form_state->getValue('country_white_black_list'))
+ ->set('default_access_page', (int) $form_state->getValue('default_access_page'))
+ ->set('access_denied_message', (string) $form_state->getValue('access_denied_message'))
+ ->set('access_denied_message_status', (int) $form_state->getValue('access_denied_message_status'))
->set('country_list', $country_list)
->save();
@@ -464,6 +498,24 @@ class ConfigForm extends ConfigFormBase
$this->restrictIpService->saveWhitelistedPagePaths($form_state->getValue('page_whitelist'));
$this->restrictIpService->saveBlacklistedPagePaths($form_state->getValue('page_blacklist'));
+ $this->invalidateCaches();
parent::submitForm($form, $form_state);
}
+
+ /**
+ * Invalidating tags for settings.
+ */
+ protected function invalidateCaches() {
+
+ $config = $this->config('restrict_ip.settings')->getRawData();
+ // Unset _core tag.
+ if(key_exists('_core', $config)){
+ unset($config['_core']);
+ }
+ foreach ($config as $key => $value) {
+ $cids[] = 'restrict_ip.settings.' . $key;
+ }
+
+ $this->cacheService->invalidateMultiple($cids);
+ }
}