public function Security::rolePermissions in Security Review 8

Returns the permission strings that a group of roles have.

Parameters

string[] $role_ids: The array of roleIDs to check.

bool $group_by_role_id: Choose whether to group permissions by role ID.

Return value

array An array of the permissions untrusted roles have. If $groupByRoleId is true, the array key is the role ID, the value is the array of permissions the role has.

2 calls to Security::rolePermissions()

Security::trustedPermissions in src/Security.php

Returns the permission strings that trusted roles have.

Security::untrustedPermissions in src/Security.php

Returns the permission strings that untrusted roles have.

File

src/Security.php, line 128

Class

Security

Provides frequently used security-related data.

Namespace

Drupal\security_review

Code

public function rolePermissions(array $role_ids, $group_by_role_id = FALSE) {

  // Get the permissions the given roles have, grouped by roles.
  $permissions_grouped = user_role_permissions($role_ids);

  // Fill up the administrative roles' permissions too.
  foreach ($role_ids as $role_id) {
    $role = Role::load($role_id);

    /** @var Role $role */
    if ($role
      ->isAdmin()) {
      $permissions_grouped[$role_id] = $this
        ->permissions();
    }
  }
  if ($group_by_role_id) {

    // If the result should be grouped, we have nothing else to do.
    return $permissions_grouped;
  }
  else {

    // Merge the grouped permissions into $untrusted_permissions.
    $untrusted_permissions = [];
    foreach ($permissions_grouped as $permissions) {
      $untrusted_permissions = array_merge($untrusted_permissions, $permissions);
    }

    // Remove duplicate elements and fix indexes.
    $untrusted_permissions = array_values(array_unique($untrusted_permissions));
    return $untrusted_permissions;
  }
}