function security_review_check_admin_permissions_help in Security Review 6
Same name and namespace in other branches
- 7 security_review.help.inc \security_review_check_admin_permissions_help()
File
- ./security_review.help.inc, line 245
- Main help definition.
Code
function security_review_check_admin_permissions_help($results = NULL) {
$element['title'] = t('Admin permissions');
$element['descriptions'][] = t("Drupal's permission system is extensive and allows for varying degrees of control. Certain permissions would allow a user total control, or the ability to escalate their control, over your site and should only be granted to trusted users.");
$element['descriptions'][] = t('<a href="!link">Read more about trusted vs. untrusted roles and permissions on DrupalScout.com.</a>', array(
'!link' => url('http://drupalscout.com/knowledge-base/importance-user-roles-and-permissions-site-security'),
));
$last_check = security_review_get_last_check('security_review', 'admin_permissions');
if ($last_check['skip'] == '1') {
$element['findings']['descriptions'][] = _security_review_check_skipped($last_check);
}
elseif ($last_check['result'] == '0') {
if (is_null($results)) {
$results = security_review_check_admin_permissions();
}
$element['findings']['descriptions'][] = t('You have granted untrusted roles the following administrative permissions that you should revoke.');
foreach ($results['value'] as $rid => $permissions) {
$role = db_fetch_array(db_query("SELECT name FROM {role} WHERE rid = %d", $rid));
$permissions = implode(', ', $permissions);
$item = t('<a href="!link">@name</a> has %permissions', array(
'!link' => url('admin/user/permissions/' . $rid),
'@name' => $role['name'],
'%permissions' => $permissions,
));
$safe = t('@name has %permissions', array(
'@name' => $role['name'],
$permissions,
));
$element['findings']['items'][] = array(
'html' => $item,
'safe' => $safe,
'raw' => $role['name'] . ':' . $permissions,
);
}
}
return $element;
}
