function security_review_check_admin_permissions in Security Review 7
Same name and namespace in other branches
- 6 security_review.inc \security_review_check_admin_permissions()
Look for admin permissions granted to untrusted roles.
1 call to security_review_check_admin_permissions()
1 string reference to 'security_review_check_admin_permissions'
- _security_review_security_checks in ./
security_review.inc - Core Security Review's checks.
File
- ./
security_review.inc, line 463 - Stand-alone security checks and review system.
Code
function security_review_check_admin_permissions() {
$result = TRUE;
$check_result_value = array();
$untrusted_roles = security_review_untrusted_roles();
// Collect permissions marked as for trusted users only.
$all_permissions = module_invoke_all('permission');
$all_keys = array_keys($all_permissions);
// Get permissions for untrusted roles.
$untrusted_permissions = user_role_permissions($untrusted_roles);
foreach ($untrusted_permissions as $rid => $permissions) {
$intersect = array_intersect($all_keys, array_keys($permissions));
foreach ($intersect as $permission) {
if (!empty($all_permissions[$permission]['restrict access'])) {
$check_result_value[$rid][] = $permission;
}
}
}
if (!empty($check_result_value)) {
$result = FALSE;
}
return array(
'result' => $result,
'value' => $check_result_value,
);
}