You are here

function _prod_check_anonymous_rights in Production check & Production monitor 7

Same name and namespace in other branches
  1. 6 prod_check.module \_prod_check_anonymous_rights()

File

./prod_check.module, line 1380

Code

function _prod_check_anonymous_rights($caller = 'internal') {
  $check = array();
  $secure = TRUE;
  $title = 'Anonymous user rights';
  $path = 'admin/people/permissions';
  if ($caller != 'internal') {
    $path = PRODCHECK_BASEURL . $path;
  }
  $perms = db_query('SELECT permission FROM {role_permission} WHERE rid = 1')
    ->fetchCol();
  $perms = implode(', ', $perms);
  if (preg_match('/(\\baccess\\sall\\b|\\badd\\b|\\badminister\\b|\\bchange\\b|\\bclear\\b|\\bcreate\\b|\\bdelete\\b|\\bedit\\b|\\brevert\\b|\\bsave\\b|\\bsend\\smail\\b|\\bset\\svariable\\b|\\bupdate\\b|\\bupload\\b|\\bPHP\\b|\\bdevel\\b)/i', $perms)) {
    $secure = FALSE;
  }
  $check['prod_check_anonymous_rights'] = array(
    '#title' => t($title),
    '#state' => $secure,
    '#severity' => $caller == 'nagios' ? NAGIOS_STATUS_CRITICAL : PROD_CHECK_REQUIREMENT_ERROR,
    '#value_ok' => t('Secure'),
    '#value_nok' => t('Security risk!'),
    '#description_ok' => t('No security risk found.'),
    '#description_nok' => t('The anonymous user seems to have elevated privileges! Please check the !link.', prod_check_link_array('permissions page', $path)),
    '#nagios_key' => 'ANON',
    '#nagios_type' => 'state',
  );
  return prod_check_execute_check($check, $caller);
}