function _paranoia_remove_risky_permissions in Paranoia 8
Same name and namespace in other branches
- 7 paranoia.module \_paranoia_remove_risky_permissions()
Helper function to remove all risky permissions from any role.
Separated out from paranoia_permissions_submit so that there is clearly no dependency on a form or form state.
3 calls to _paranoia_remove_risky_permissions()
- paranoia_install in ./
paranoia.install - Implements hook_install().
- paranoia_modules_enabled in ./
paranoia.install - Implements hook_modules_enabled().
- paranoia_permissions_submit in ./
paranoia.module - Remove extremely-risky permissions from any role.
File
- ./
paranoia.module, line 163 - Disables PHP block visibility permission and gives status error if a role has this permission. Disables the PHP module. Hides the PHP and paranoia modules from the modules page. Prevents user/1 editing which could give access to abitrary contrib…
Code
function _paranoia_remove_risky_permissions() {
$banned_permissions = \Drupal::moduleHandler()
->invokeAll('paranoia_hide_permissions');
$roles = Role::loadMultiple();
foreach ($roles as $role) {
foreach ($banned_permissions as $permission) {
$role
->revokePermission($permission);
}
$role
->save();
}
}