From 988acaee8e27082f5b808d450e1f1230e5fc2035 Mon Sep 17 00:00:00 2001
From: Adam Vessey <adam-vessey@users.noreply.github.com>
Date: Thu, 14 Jul 2022 12:43:54 -0300
Subject: [PATCH 1/3] Check access to files in base template.

---
 openseadragon.module | 45 +++++++++++++++++++++++++++++++++-----------
 1 file changed, 34 insertions(+), 11 deletions(-)

diff --git a/openseadragon.module b/openseadragon.module
index 62d1ff9..595cdc6 100644
--- a/openseadragon.module
+++ b/openseadragon.module
@@ -6,6 +6,7 @@
  */
 
 use Drupal\file\Entity\File;
+use Drupal\Core\Cache\CacheableMetadata;
 use Drupal\Core\Template\Attribute;
 use Drupal\Core\Url;
 use Drupal\Component\Utility\Html;
@@ -40,10 +41,18 @@ function template_preprocess_openseadragon_formatter(&$variables) {
   $config = \Drupal::service('openseadragon.config');
   $fileinfo_service = \Drupal::service('openseadragon.fileinfo');
 
+  // Initialize our attributes.
+  $variables['attributes'] = new Attribute();
+
+  $cache_meta = CacheableMetadata::createFromRenderArray($variables)
+    ->addCacheableDependency($entity)
+    ->addCacheableDependency($config);
+
   $classes_array = ['openseadragon-viewer'];
   $viewer_settings = $config->getSettings(TRUE);
   $iiif_address = $config->getIiifAddress();
   if (is_null($iiif_address) || empty($iiif_address)) {
+    $cache_meta->applyTo($variables);
     return;
   }
 
@@ -59,6 +68,14 @@ function template_preprocess_openseadragon_formatter(&$variables) {
     if (isset($value['target_id'])) {
       $fid = $value['target_id'];
       $file = File::load($fid);
+      $access_result = $file->access('access', NULL, TRUE);
+      $cache_meta->addCacheableDependency($file)
+        ->addCacheableDependency($access_result);
+
+      if (!$access_result->isAllowed()) {
+        continue;
+      }
+
       $resource = $fileinfo_service->getFileData($file);
       if (isset($resource['full_path'])) {
         $tile_sources[] = rtrim($iiif_address, '/') . '/' . urlencode($resource['full_path']);
@@ -67,7 +84,6 @@ function template_preprocess_openseadragon_formatter(&$variables) {
   }
 
   if (!empty($tile_sources)) {
-
     $viewer_settings['sequenceMode'] = count($tile_sources) > 1 && !$viewer_settings['collectionMode'];
     $variables['#attached']['library'] = [
       'openseadragon/init',
@@ -82,18 +98,31 @@ function template_preprocess_openseadragon_formatter(&$variables) {
       ] + $viewer_settings,
     ];
 
-    $variables['attributes'] = new Attribute();
     $variables['attributes']['class'] = $classes_array;
     $variables['attributes']['id'] = $openseadragon_viewer_id;
   }
+
+  $cache_meta->applyTo($variables);
 }
 
 /**
  * Implements template_preprocess_HOOK().
  */
 function template_preprocess_openseadragon_iiif_manifest_block(&$variables) {
+  $cache_meta = CacheableMetadata::createFromRenderArray($variables);
+
+  // Get the tile sources from the manifest.
+  $parser = \Drupal::service('openseadragon.manifest_parser');
+  $tile_sources = $parser->getTileSources($variables['iiif_manifest_url']);
+
+  if (empty($tile_sources)) {
+    $cache_meta->applyTo($variables);
+    return;
+  }
+
   // Load the global settings.
   $config = \Drupal::service('openseadragon.config');
+  $cache_meta->addCacheableDependency($config);
 
   // Build the gallery id.
   $openseadragon_viewer_id = Html::getUniqueId('openseadragon-viewer-iiif-manifest-block');
@@ -102,16 +131,10 @@ function template_preprocess_openseadragon_iiif_manifest_block(&$variables) {
   $viewer_settings = $config->getSettings(TRUE);
   $iiif_address = $config->getIiifAddress();
 
-  // Get the tile sources from the manifest.
-  $parser = \Drupal::service('openseadragon.manifest_parser');
-  $tile_sources = $parser->getTileSources($variables['iiif_manifest_url']);
-
-  if (empty($tile_sources)) {
-    return;
-  }
-
   $viewer_settings['sequenceMode'] = count($tile_sources) > 1 && !$viewer_settings['collectionMode'];
 
+  $variables['attributes'] = new Attribute();
+
   // Attach the viewer, using the image urls obtained from the manifest.
   if (!is_null($iiif_address) && !empty($iiif_address) && !empty($tile_sources)) {
     $variables['#attached']['library'] = [
@@ -127,11 +150,11 @@ function template_preprocess_openseadragon_iiif_manifest_block(&$variables) {
       ] + $viewer_settings,
     ];
 
-    $variables['attributes'] = new Attribute();
     $variables['attributes']['class'] = $classes_array;
     $variables['attributes']['id'] = $openseadragon_viewer_id;
   }
 
+  $cache_meta->applyTo($variables);
 }
 
 /**

From 94a41d18fbddface1762bcd269b702a6866ea36e Mon Sep 17 00:00:00 2001
From: Adam Vessey <adam-vessey@users.noreply.github.com>
Date: Thu, 14 Jul 2022 12:48:54 -0300
Subject: [PATCH 2/3] Delay unpacking of variables until they are used.

---
 openseadragon.module | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/openseadragon.module b/openseadragon.module
index 595cdc6..8075079 100644
--- a/openseadragon.module
+++ b/openseadragon.module
@@ -35,8 +35,6 @@ function openseadragon_theme() {
  * Implements template_preprocess_HOOK().
  */
 function template_preprocess_openseadragon_formatter(&$variables) {
-  $item = $variables['item'];
-  $entity = $variables['entity'];
   // Load the global settings.
   $config = \Drupal::service('openseadragon.config');
   $fileinfo_service = \Drupal::service('openseadragon.fileinfo');
@@ -45,7 +43,6 @@ function template_preprocess_openseadragon_formatter(&$variables) {
   $variables['attributes'] = new Attribute();
 
   $cache_meta = CacheableMetadata::createFromRenderArray($variables)
-    ->addCacheableDependency($entity)
     ->addCacheableDependency($config);
 
   $classes_array = ['openseadragon-viewer'];
@@ -56,6 +53,10 @@ function template_preprocess_openseadragon_formatter(&$variables) {
     return;
   }
 
+  $item = $variables['item'];
+  $entity = $variables['entity'];
+  $cache_meta->addCacheableDependency($entity);
+
   // Build the gallery id.
   $id = $entity->id();
   $openseadragon_viewer_id = 'openseadragon-viewer-' . $id;

From f7eca915e32e8baa5b174b833ed8f7ba00ab9520 Mon Sep 17 00:00:00 2001
From: Adam Vessey <adam-vessey@users.noreply.github.com>
Date: Mon, 18 Jul 2022 16:13:24 -0300
Subject: [PATCH 3/3] Use the correct permission.

---
 openseadragon.module | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openseadragon.module b/openseadragon.module
index 8075079..161e42d 100644
--- a/openseadragon.module
+++ b/openseadragon.module
@@ -69,7 +69,7 @@ function template_preprocess_openseadragon_formatter(&$variables) {
     if (isset($value['target_id'])) {
       $fid = $value['target_id'];
       $file = File::load($fid);
-      $access_result = $file->access('access', NULL, TRUE);
+      $access_result = $file->access('view', NULL, TRUE);
       $cache_meta->addCacheableDependency($file)
         ->addCacheableDependency($access_result);