[BUGS-5488] Do not accept debug option unless user has permission for…

… it. (#155) * Use new permission to set debug TRUE for guzzle. * Fix coding standards.
pantheon-systems · Nov 23, 2022 · baca1e8 · baca1e8
1 parent c749cc2
commit baca1e8
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -229,7 +229,7 @@ with the concept usage in a Solr context:
   and throw errors on the pieces that are not working. This command will develop further as the module nears general availability.
 
 * `drush search-api-pantheon:select` (`saps`) This command will run the given query against Solr server. It's recommended to use
-  `?debug=true` in any Solr page to get a good query to pass to this command to debug results.
+  `?debug=true` in any Solr page (having the right permissions) to get a good query to pass to this command to debug results.
 
 
 * `drush search-api-pantheon:force-cleanup` (`sapfc`) This command will delete all of the contents for the given

diff --git a/search_api_pantheon.permissions.yml b/search_api_pantheon.permissions.yml
@@ -0,0 +1,4 @@
+access search_api_pantheon debug information:
+  title: 'Access Search API Pantheon debug information'
+  description: 'Provides access to debug information.'
+  restrict access: true
diff --git a/search_api_pantheon.services.yml b/search_api_pantheon.services.yml
@@ -7,7 +7,7 @@ services:
     arguments: [[], '@entity_type.manager']
   search_api_pantheon.pantheon_guzzle:
     class: Drupal\search_api_pantheon\Services\PantheonGuzzle
-    arguments: ['@search_api_pantheon.endpoint', '@logger.factory']
+    arguments: ['@search_api_pantheon.endpoint', '@logger.factory', '@current_user']
   search_api_pantheon.solarium_client:
     class: Drupal\search_api_pantheon\Services\SolariumClient
     arguments: ['@search_api_pantheon.pantheon_guzzle', '@search_api_pantheon.endpoint', '@logger.factory', '@event_dispatcher']
diff --git a/src/Services/PantheonGuzzle.php b/src/Services/PantheonGuzzle.php
@@ -17,6 +17,7 @@
 use Solarium\Core\Client\Adapter\AdapterInterface;
 use Solarium\Core\Client\Adapter\Psr18Adapter;
 use Drupal\Core\Logger\LoggerChannelFactoryInterface;
+use Drupal\Core\Session\AccountProxyInterface;
 
 /**
  * Pantheon-specific extension of the Guzzle http query class.
@@ -39,7 +40,7 @@ class PantheonGuzzle extends Client implements
   /**
    * Class Constructor.
    */
-  public function __construct(Endpoint $endpoint, LoggerChannelFactoryInterface $logger_factory) {
+  public function __construct(Endpoint $endpoint, LoggerChannelFactoryInterface $logger_factory, AccountProxyInterface $current_user) {
     $stack = new HandlerStack();
     $stack->setHandler(new CurlHandler());
     $stack->push(
@@ -59,13 +60,15 @@ public function __construct(Endpoint $endpoint, LoggerChannelFactoryInterface $l
     $config = [
           'base_uri' => $endpoint->getBaseUri(),
           'http_errors' => FALSE,
-          // Putting `?debug=true` at the end of any Solr url will show you the low-level debugging from guzzle.
-          // @codingStandardsIgnoreLine
-          'debug' => (php_sapi_name() === 'cli' || isset($_GET['debug'])),
+          'debug' => FALSE,
           'verify' => FALSE,
           'handler' => $stack,
           'allow_redirects' => FALSE,
       ];
+    // Putting `?debug=true` at the end of any Solr url will show you the low-level debugging from guzzle.
+    if ((php_sapi_name() === 'cli' || isset($_GET['debug'])) && $current_user->hasPermission('access search_api_pantheon debug information')) {
+      $config['debug'] = TRUE;
+    }
     if (is_file($cert)) {
       $config['cert'] = $cert;
     }