DGI9-610: Prevent page_cache caching where an ip cache context is relevant.

[adam-vessey]

Summary by CodeRabbit

• New Features

  • Added a page-cache policy to prevent caching when IP-based embargo contexts are present, improving cache correctness for IP-dependent embargoes.

• Chores

  • Made request handling and parameter nullability more flexible across migration, controller, and search components for improved robustness.

[coderabbitai]

Walkthrough

Adds a page-cache response policy service and class that denies caching when IP-related embargo cache contexts are present; updates several method signatures to accept nullable types and refactors a controller to read Request from the action parameter instead of from an injected property.

Changes

Cohort / File(s)	Summary
Page Cache Response Policy embargo.services.yml, src/PageCache/DenyIpDependentResponse.php	Adds service embargo.page_cache_request_policy.deny_ip_dependent_response (class Drupal\embargo\PageCache\DenyIpDependentResponse, tag page_cache_response_policy). New class inspects an access result on the request, verifies it is cacheable, checks cache contexts for ip.embargo_range/ip, returns DENY when present, otherwise NULL.
Controller request handling src/Controller/IpRangeAccessExemptionController.php	Removes the controller constructor and static create() factory that injected/stored the Request. The response() method now accepts Request $request and reads query data from that parameter instead of an injected property.
Nullable Migration parameter modules/migrate_embargoes_to_embargo/src/Plugin/migrate/source/Entity.php	Updates static create() signature to accept ?MigrationInterface $migration = NULL (nullable migration parameter).
Nullable Datasource parameters src/Plugin/search_api/processor/EmbargoJoinProcessor.php, src/Plugin/search_api/processor/EmbargoProcessor.php	Narrowed getPropertyDefinitions() signatures to ?DatasourceInterface $datasource = NULL (explicit nullable type). No behavioral changes.

Sequence Diagram

sequenceDiagram
    participant Req as Request
    participant PC as Page Cache System
    participant Policy as DenyIpDependentResponse
    participant AR as Access Result

    Req->>PC: Incoming request + response
    PC->>Policy: check(response, request)
    Policy->>Req: Read access result from request
    alt access result exists
        Policy->>AR: ensure AR is RefinableCacheableDependencyInterface
        alt AR is cacheable
            Policy->>Policy: collect cache contexts
            alt has ip.embargo_range or ip
                Policy-->>PC: Return "DENY"
                PC-->>Req: Do not cache
            else
                Policy-->>PC: Return NULL
                PC-->>Req: Normal caching flow
            end
        else
            Policy-->>PC: Return NULL (non-cacheable)
            PC-->>Req: Normal caching flow
        end
    else
        Policy-->>PC: Return NULL (no access result)
        PC-->>Req: Normal caching flow
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 I hop through lines with whiskered cheer,

If IPs hide, I whisper "not here."
I check the contexts, then gently cry "deny,"
So secret pages softly flutter by.
A floppy-eared watcher — quick and spry.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The PR title "DGI9-610: Prevent page_cache caching where an ip cache context is relevant." directly reflects the main changes in the changeset. The core addition is the new DenyIpDependentResponse class that implements a page cache response policy to deny caching when IP-related contexts are present, which aligns precisely with what the title describes. The title is specific and clear—a developer scanning PR history would immediately understand that this change addresses page cache handling for IP-dependent responses. While the changeset includes supporting refactoring changes (nullable parameter updates and controller refactoring), these are complementary to the main objective, and the title appropriately captures the primary purpose without noise or vagueness.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/add_page_cache_policy

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 742bbd3 and d683061.

📒 Files selected for processing (1)

• src/Controller/IpRangeAccessExemptionController.php (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• src/Controller/IpRangeAccessExemptionController.php

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: PHPUnit / Drupal 10.3 | PHP 8.2
• GitHub Check: PHPUnit / Drupal 11.1 | PHP 8.3
• GitHub Check: PHPUnit / Drupal 10.5 | PHP 8.4
• GitHub Check: PHPUnit / Drupal 10.4 | PHP 8.4
• GitHub Check: PHPUnit / Drupal 10.4 | PHP 8.3

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• JIRA integration encountered authorization issues. Please disconnect and reconnect the integration in the CodeRabbit UI.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

modules/migrate_embargoes_to_embargo/src/Plugin/migrate/source/Entity.php (1)

59-68: Fix type mismatch: nullable parameter passed to non-nullable constructor.

Line 59 accepts a nullable ?MigrationInterface $migration = NULL, but line 65 passes it to the constructor, which expects a non-nullable MigrationInterface $migration (line 42). This will cause a type error if $migration is NULL.

Apply this diff to make the constructor parameter nullable:

   public function __construct(
     array $configuration,
     $plugin_id,
     $plugin_definition,
-    MigrationInterface $migration,
+    ?MigrationInterface $migration,
     EntityTypeManagerInterface $entity_type_manager,
   ) {

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a481d32 and 6facd09.

📒 Files selected for processing (6)

• embargo.services.yml (1 hunks)
• modules/migrate_embargoes_to_embargo/src/Plugin/migrate/source/Entity.php (1 hunks)
• src/Controller/IpRangeAccessExemptionController.php (1 hunks)
• src/PageCache/DenyIpDependentResponse.php (1 hunks)
• src/Plugin/search_api/processor/EmbargoJoinProcessor.php (1 hunks)
• src/Plugin/search_api/processor/EmbargoProcessor.php (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (3)

src/Plugin/search_api/processor/EmbargoJoinProcessor.php (1)

src/Plugin/search_api/processor/EmbargoProcessor.php (1)

• getPropertyDefinitions (91-103)

src/Plugin/search_api/processor/EmbargoProcessor.php (1)

src/Plugin/search_api/processor/EmbargoJoinProcessor.php (1)

• getPropertyDefinitions (107-132)

src/PageCache/DenyIpDependentResponse.php (1)

src/Controller/IpRangeAccessExemptionController.php (1)

• response (46-73)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: PHPUnit / Drupal 10.3 | PHP 8.2
• GitHub Check: PHPUnit / Drupal 10.5 | PHP 8.4
• GitHub Check: PHPUnit / Drupal 10.5 | PHP 8.3
• GitHub Check: PHPUnit / Drupal 10.4 | PHP 8.3
• GitHub Check: PHPUnit / Drupal 10.4 | PHP 8.4

🔇 Additional comments (3)

src/Plugin/search_api/processor/EmbargoJoinProcessor.php (1)

107-107: LGTM: Explicit nullable type hint improves clarity.

The addition of the explicit nullable type hint (?DatasourceInterface) improves code clarity and aligns with modern PHP type safety practices. The method correctly handles NULL by returning an empty array.

src/Plugin/search_api/processor/EmbargoProcessor.php (1)

91-91: LGTM: Explicit nullable type hint improves clarity.

The addition of the explicit nullable type hint (?DatasourceInterface) improves code clarity and aligns with modern PHP type safety practices, matching the pattern used in EmbargoJoinProcessor.

src/PageCache/DenyIpDependentResponse.php (1)

34-57: LGTM: Correct implementation of IP-dependent page cache bypass.

The logic correctly implements the PR objective by:

1. Extracting the access result from the request
2. Checking if it's cacheable
3. Denying page caching when IP-related cache contexts (ip.embargo_range or ip) are present

This properly prevents anonymous page caching when IP embargoes are in effect, addressing the core requirement.