From 72005bde95a71f563dd8e935a6ef695c9b07665c Mon Sep 17 00:00:00 2001
From: Marton Kiss <marton.kiss@gmail.com>
Date: Fri, 22 Jul 2016 12:24:05 +0200
Subject: [PATCH] Token based access for organizer contact report

Provide a public token based access for the organizer contact report.
Usage: https://<base-url>/reports/group-contact-report/csv?token=<token>

The token must match the value stored in the groups_contact_report_key
variable. The module also provides an admin inteface to set the
token value at Configuration > System Settings > Groups report settings
page.

Change-Id: I8742ff26fd78e8baae6743d8ca15c92a13d86bdc
---
 .../groups_reports/groups_reports.admin.inc   | 16 ++++++++++++++
 .../groups_reports/groups_reports.module      | 22 ++++++++++++++++++-
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 modules/groups/groups_reports/groups_reports.admin.inc

diff --git a/modules/groups/groups_reports/groups_reports.admin.inc b/modules/groups/groups_reports/groups_reports.admin.inc
new file mode 100644
index 0000000..cc149a6
--- /dev/null
+++ b/modules/groups/groups_reports/groups_reports.admin.inc
@@ -0,0 +1,16 @@
+<?php
+
+/**
+ * Menu callback: displays the groups_reports module settings page.
+ *
+ * @ingroup forms
+ */
+function groups_reports_admin_settings($form) {
+  $form['groups_contact_report_key'] = array(
+    '#type' => 'textfield',
+    '#title' => t('Organizer contact report token'),
+    '#default_value' => variable_get('groups_contact_report_key', 'dummytoken'),
+    '#required' => TRUE,
+  );
+  return system_settings_form($form);
+}
\ No newline at end of file
diff --git a/modules/groups/groups_reports/groups_reports.module b/modules/groups/groups_reports/groups_reports.module
index eb0c35c..1eb9df4 100644
--- a/modules/groups/groups_reports/groups_reports.module
+++ b/modules/groups/groups_reports/groups_reports.module
@@ -35,9 +35,17 @@ function groups_reports_menu() {
     'title' => 'Group contact report CSV export',
     'description' => 'Export group organizers in CSV format',
     'page callback' => 'groups_reports_groups_contact_report_csv_export',
-    'access callback' => array('groups_reports_access'),
+    'access callback' => TRUE,
     'weight' => -1,
   );
+  $items['admin/config/system/reports'] = array(
+    'title' => 'Groups report Settings',
+    'description' => 'Groups report settings',
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('groups_reports_admin_settings'),
+    'access arguments' => array('administer site configuration'),
+    'file' => 'groups_reports.admin.inc',
+  );
   return $items;
 }
 
@@ -605,8 +613,20 @@ function _groups_report_contact_csv_row($row, $organizer, $source, &$seen) {
 
 /**
  * Export group organizer contacts in CSV format.
+ *
+ * The groups_contact_report_key variable contains the token required for
+ * public access.
  */
 function groups_reports_groups_contact_report_csv_export() {
+  $access = groups_reports_access();
+  // check for token if not authenticated
+  if (($access == FALSE) && (isset($_GET['token']))) {
+    $access = (variable_get('groups_contact_report_key', 'dummytoken') == $_GET['token']);
+  }
+  if ($access == FALSE) {
+    drupal_access_denied();
+    return;
+  }
   drupal_add_http_header('Content-Type', 'text/csv; utf-8');
   drupal_add_http_header('Content-Disposition', 'attachment; filename="groups-contacts.csv"');
   $rows = groups_reports_group_status_report();