You are here

Home » API reference » Security Review 8 » AdminPermissions.php » AdminPermissions

public function AdminPermissions::run in Security Review 8

The actual procedure of carrying out the check.

Return value

\Drupal\security_review\CheckResult The result of running the check.

Overrides Check::run

File

src/Checks/AdminPermissions.php, line 39

Class

AdminPermissions
Checks whether untrusted roles have restricted permissions.

Namespace

Drupal\security_review\Checks

Code

public function run() {
  $result = CheckResult::SUCCESS;
  $findings = [];

  // Get every permission.
  $all_permissions = $this
    ->security()
    ->permissions(TRUE);
  $all_permission_strings = array_keys($all_permissions);

  // Get permissions for untrusted roles.
  $untrusted_permissions = $this
    ->security()
    ->untrustedPermissions(TRUE);
  foreach ($untrusted_permissions as $rid => $permissions) {
    $intersect = array_intersect($all_permission_strings, $permissions);
    foreach ($intersect as $permission) {
      if (isset($all_permissions[$permission]['restrict access'])) {
        $findings[$rid][] = $permission;
      }
    }
  }
  if (!empty($findings)) {
    $result = CheckResult::FAIL;
  }
  return $this
    ->createResult($result, $findings);
}