public function Security::defaultUntrustedRoles in Security Review 8
Returns the default untrusted roles.
The default untrusted roles are: Anonymous : always Authenticated : if visitors are allowed to create accounts.
Return value
string[] Default untrusted roles' IDs.
1 call to Security::defaultUntrustedRoles()
- Security::untrustedRoles in src/
Security.php - Returns the IDs of untrusted roles.
File
- src/
Security.php, line 98
Class
- Security
- Provides frequently used security-related data.
Namespace
Drupal\security_reviewCode
public function defaultUntrustedRoles() {
// Add the Anonymous role to the output array.
$roles = [
AccountInterface::ANONYMOUS_ROLE,
];
// Check whether visitors can create accounts.
$user_register = $this->configFactory
->get('user.settings')
->get('register');
if ($user_register !== UserInterface::REGISTER_ADMINISTRATORS_ONLY) {
// If visitors are allowed to create accounts they are considered
// untrusted.
$roles[] = AccountInterface::AUTHENTICATED_ROLE;
}
// Return the untrusted roles.
return $roles;
}