[1.0.x] Prevent entity unpublished

Thank you for applying!

Please read Review process for security advisory coverage: What to expect for more details and Security advisory coverage application checklist to understand what reviewers look for. Tips for ensuring a smooth review gives some hints for a smoother review.

The important notes are the following.

• If you have not done it yet, you should run phpcs --standard=Drupal,DrupalPractice on the project, which alone fixes most of what reviewers would report.
• For the time this application is open, only your commits are allowed.
• The purpose of this application is giving you a new drupal.org role that allows you to opt projects into security advisory coverage, either projects you already created, or projects you will create. The project status won't be changed by this application and no other user will be able to opt projects into security advisory policy.
• We only accept an application per user. If you change your mind about the project to use for this application, or it is necessary to use a different project for the application, please update the issue summary with the link to the correct project and the issue title with the project name and the branch to review.

To the reviewers

Please read How to review security advisory coverage applications, Application workflow, What to cover in an application review, and Tools to use for reviews.

The important notes are the following.

• It is preferable to wait for a Code Review Administrator before commenting on newly created applications. Code Review Administrators will do some preliminary checks that are necessary before any change on the project files is suggested.
• Reviewers should show the output of a CLI tool only once per application.
• It may be best to have the applicant fix things before further review.

For new reviewers, I would also suggest to first read In which way the issue queue for coverage applications is different from other project queues.

Thank you for applying! At first, the master branch needs to be removed.
Drupal.org repositories do not use that branch. In future, it will be possible to use main as branch name, but for the moment, drupal.org is not able to handle that branch correctly.

Fix phpcs issues.

phpcs --standard=Drupal,DrupalPractice --extensions=php,module,inc,install,test,profile,theme,css,info,txt,md,yml prevent_entity
_unpublished/

FILE: prevent_entity_unpublished/prevent_entity_unpublish.module
--------------------------------------------------------------------------------
FOUND 2 ERRORS AFFECTING 2 LINES
--------------------------------------------------------------------------------
 10 | ERROR | [x] Use statements should be sorted alphabetically. The first wrong one is Drupal\Core\Entity\EntityFormInterface.
 47 | ERROR | [ ] All functions defined in a module file must be prefixed with the module's name, found "form_validation_published_content" but expected
    |       |     "prevent_entity_unpublish_form_validation_published_content"
--------------------------------------------------------------------------------
PHPCBF CAN FIX THE 1 MARKED SNIFF VIOLATIONS AUTOMATICALLY
--------------------------------------------------------------------------------


FILE: prevent_entity_unpublished/prevent_entity_unpublish.info.yml
--------------------------------------------------------------------------------
FOUND 1 ERROR AND 2 WARNINGS AFFECTING 3 LINES
--------------------------------------------------------------------------------
  8 | WARNING | [ ] All dependencies must be prefixed with the project name, for example "drupal:"
  9 | WARNING | [ ] All dependencies must be prefixed with the project name, for example "drupal:"
 11 | ERROR   | [x] Expected 1 newline at end of file; 0 found
--------------------------------------------------------------------------------
PHPCBF CAN FIX THE 1 MARKED SNIFF VIOLATIONS AUTOMATICALLY
--------------------------------------------------------------------------------


FILE: prevent_entity_unpublished/src/EntityPreupdate.php
--------------------------------------------------------------------------------
FOUND 1 ERROR AND 3 WARNINGS AFFECTING 4 LINES
--------------------------------------------------------------------------------
  8 | WARNING | [x] Unused use statement
 10 | ERROR   | [x] Use statements should be sorted alphabetically. The first wrong one is Drupal\Core\Form\FormStateInterface.
 56 | WARNING | [ ] t() calls should be avoided in classes, use \Drupal\Core\StringTranslation\StringTranslationTrait and $this->t() instead
 89 | WARNING | [ ] \Drupal calls should be avoided in classes, use dependency injection instead
--------------------------------------------------------------------------------
PHPCBF CAN FIX THE 2 MARKED SNIFF VIOLATIONS AUTOMATICALLY
--------------------------------------------------------------------------------

Rest looks fine to me.

Let’s wait for other reviewers to take a look and if everything goes fine, you will get the role.

I checked and everything seems fine for me.

Some notes:

1. Declare dependencies on custom modules in info file as entity_reference_integrity:entity_reference_integrity and entity_reference_integrity_enforce:entity_reference_integrity_enforce.
2. Maybe this could move into package: Entity or package: Other.
3. The function prevent_entity_unpublish_form_validation_published_content() calls getformObject() on the form state multiple times. The method is getFormObject() though.
4. The conditional if (($type == 'node' || $type == 'user' || $type == 'taxonomy_term') ... should either be simplified or split to make it more readable.
5. The brackets in the statement $status = ($type == 'user') ? $status : $status['value']; are not necessary.
6. In SettingsForm the definition of $form['intro'] does not need prefix and suffix. This already is a markup element. You can use '#markup' => '<p>' . $this->t('...') . '</p>'.
7. In SettingsForm the tertiary operator in the default value of $form['enabled_entity_type_ids'] can be abbreviated as '#default_value' => $this->config('prevent_entity_unpublish.settings')->get('enabled_entity_type_ids') ?: [].
8. The EntityPreupdate maybe can be renamed. What this service does is validation.
9. The dependency injection in EntityPreupdate is done in an unusual way. It probably would be better to inject and use the config factory. Then the service does not need to implement the ContainerInjectionInterface and does not need to define the method create(). Also, the first argument of the constructor should be called $dependencyManager or better entityReferenceDependencyManager. Therefore, the property may needs to be renamed.
10. In my opinion, it is unusual to use the renderer to format a error message. Feels like shooting a fly with a cannon.
11. The variable $output in getEntityList() is redundant. Just return $this->renderer->render($build);.
12. The PHPDoc of the service states "Hook into entity update and throw an exception to prevent them disappearing." but the service does not throw an exception.
13. The PHPDoc for the constructor of the EntityPreupdate service is not correct.
14. The PHPDoc the renderer property in EntityPreupdate can be rewritten to match the style of the other properties.
15. The typehint for the renderer property should be @var \Drupal\Core\Render\RendererInterface. Notice the leading slash.

In general, I think it would be nicer to generalize this module to work with any kind of entity. At the moment, only node, taxonomy and user entities are supported. But especially for entity types such as paragraphs or commerce products this could be interesting.

Thank you for your contribution!
I updated your account so you can now opt into security advisory coverage for any project you created and every project you will create.

These are some recommended readings to help you with maintainership:

• Dries' post on Responsible maintainers
• Maintainership
• Git version control system
• Issue procedures and etiquette
• Maintaining and responding to issues for a project
• Release naming conventions.

You can find more contributors chatting on Slack or IRC in #drupal-contribute. So, come hang out and stay involved!

Thank you for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

I thank also the dedicated reviewers as well.