You are here

Home » API reference » Security Review 6 » security_review.help.inc

function security_review_check_views_access_help in Security Review 6

Same name and namespace in other branches
  1. 7 security_review.help.inc \security_review_check_views_access_help()

File

./security_review.help.inc, line 404
Main help definition.

Code

function security_review_check_views_access_help($results = NULL) {
  $element['title'] = t('Views access');
  $element['descriptions'][] = t("Views can check if the user is allowed access to the content. It is recommended that all Views implement some amount of access control, at a minimum checking for the permission 'access content'.");
  $last_check = security_review_get_last_check('views', 'access');
  if ($last_check['skip'] == '1') {
    $element['findings']['descriptions'][] = _security_review_check_skipped($last_check);
  }
  elseif ($last_check['result'] == '0') {
    $element['findings']['descriptions'][] = t('The following View displays do not check access.');
    if (is_null($results)) {
      $results = security_review_check_views_access();
    }
    foreach ($results['value'] as $view => $displays) {
      $url = 'admin/build/views/edit/' . $view;
      foreach ($displays as $display) {
        $item = $view . ': ' . $display;
        $element['findings']['items'][] = array(
          'html' => l($item, $url, array(
            'fragment' => $display,
          )),
          'safe' => $item,
          // View names are safe.
          'raw' => $item,
        );
      }
    }
  }
  return $element;
}