3 namespace Drupal\toolbar\Controller;
5 use Drupal\Component\Utility\Crypt;
6 use Drupal\Core\Access\AccessResult;
7 use Drupal\Core\Ajax\AjaxResponse;
8 use Drupal\Core\Controller\ControllerBase;
9 use Drupal\toolbar\Ajax\SetSubtreesCommand;
12 * Defines a controller for the toolbar module.
14 class ToolbarController extends ControllerBase {
17 * Returns an AJAX response to render the toolbar subtrees.
19 * @return \Drupal\Core\Ajax\AjaxResponse
21 public function subtreesAjax() {
22 list($subtrees, $cacheability) = toolbar_get_rendered_subtrees();
23 $response = new AjaxResponse();
24 $response->addCommand(new SetSubtreesCommand($subtrees));
26 // The Expires HTTP header is the heart of the client-side HTTP caching. The
27 // additional server-side page cache only takes effect when the client
28 // accesses the callback URL again (e.g., after clearing the browser cache
29 // or when force-reloading a Drupal page).
30 $max_age = 365 * 24 * 60 * 60;
31 $response->setPrivate();
32 $response->setMaxAge($max_age);
34 $expires = new \DateTime();
35 $expires->setTimestamp(REQUEST_TIME + $max_age);
36 $response->setExpires($expires);
42 * Checks access for the subtree controller.
45 * The hash of the toolbar subtrees.
47 * @return \Drupal\Core\Access\AccessResultInterface
50 public function checkSubTreeAccess($hash) {
51 $expected_hash = _toolbar_get_subtrees_hash()[0];
52 return AccessResult::allowedIf($this->currentUser()->hasPermission('access toolbar') && Crypt::hashEquals($expected_hash, $hash))->cachePerPermissions();