public function ViewsAccess::run in Security Review 8
The actual procedure of carrying out the check.
Return value
\Drupal\security_review\CheckResult The result of running the check.
Overrides Check::run
File
- src/
Checks/ ViewsAccess.php, line 32
Class
- ViewsAccess
- Checks for Views that do not check access.
Namespace
Drupal\security_review\ChecksCode
public function run() {
// If views is not enabled return with INFO.
if (!$this
->moduleHandler()
->moduleExists('views')) {
return $this
->createResult(CheckResult::INFO);
}
$result = CheckResult::SUCCESS;
$findings = [];
$views = View::loadMultiple();
/** @var View[] $views */
// Iterate through views and their displays.
foreach ($views as $view) {
if ($view
->status()) {
foreach ($view
->get('display') as $display_name => $display) {
$access =& $display['display_options']['access'];
if (isset($access) && $access['type'] == 'none') {
// Access is not controlled for this display.
$findings[$view
->id()][] = $display_name;
}
}
}
}
if (!empty($findings)) {
$result = CheckResult::FAIL;
}
return $this
->createResult($result, $findings);
}