X-Git-Url: http://www.aleph1.co.uk/gitweb/?p=yaffs-website;a=blobdiff_plain;f=web%2Fmodules%2Fcontrib%2Fsecurity_review%2Fsrc%2FChecks%2FAdminPermissions.php;fp=web%2Fmodules%2Fcontrib%2Fsecurity_review%2Fsrc%2FChecks%2FAdminPermissions.php;h=0000000000000000000000000000000000000000;hp=5551f328eb9a79ab3f1cd90c77ae5bfb3f10f2df;hb=9424afc6c1f518c301bf87a23c047d1873435d05;hpb=5ca1b61ad2659177690cbde2cf7675f9c0d50491 diff --git a/web/modules/contrib/security_review/src/Checks/AdminPermissions.php b/web/modules/contrib/security_review/src/Checks/AdminPermissions.php deleted file mode 100644 index 5551f328e..000000000 --- a/web/modules/contrib/security_review/src/Checks/AdminPermissions.php +++ /dev/null @@ -1,148 +0,0 @@ -security()->permissions(TRUE); - $all_permission_strings = array_keys($all_permissions); - - // Get permissions for untrusted roles. - $untrusted_permissions = $this->security()->untrustedPermissions(TRUE); - foreach ($untrusted_permissions as $rid => $permissions) { - $intersect = array_intersect($all_permission_strings, $permissions); - foreach ($intersect as $permission) { - if (isset($all_permissions[$permission]['restrict access'])) { - $findings[$rid][] = $permission; - } - } - } - - if (!empty($findings)) { - $result = CheckResult::FAIL; - } - - return $this->createResult($result, $findings); - } - - /** - * {@inheritdoc} - */ - public function help() { - $paragraphs = []; - $paragraphs[] = $this->t("Drupal's permission system is extensive and allows for varying degrees of control. Certain permissions would allow a user total control, or the ability to escalate their control, over your site and should only be granted to trusted users."); - return [ - '#theme' => 'check_help', - '#title' => $this->t('Admin and trusted Drupal permissions'), - '#paragraphs' => $paragraphs, - ]; - } - - /** - * {@inheritdoc} - */ - public function evaluate(CheckResult $result) { - $output = []; - - foreach ($result->findings() as $rid => $permissions) { - $role = Role::load($rid); - /** @var Role $role */ - $paragraphs = []; - $paragraphs[] = $this->t( - "@role has the following restricted permissions:", - [ - '@role' => Link::createFromRoute( - $role->label(), - 'entity.user_role.edit_permissions_form', - ['user_role' => $role->id()] - )->toString(), - ] - ); - - $output[] = [ - '#theme' => 'check_evaluation', - '#paragraphs' => $paragraphs, - '#items' => $permissions, - ]; - } - - return $output; - } - - /** - * {@inheritdoc} - */ - public function evaluatePlain(CheckResult $result) { - $output = ''; - - foreach ($result->findings() as $rid => $permissions) { - $role = Role::load($rid); - /** @var Role $role */ - - $output .= $this->t( - '@role has @permissions', - [ - '@role' => $role->label(), - '@permissions' => implode(', ', $permissions), - ] - ); - $output .= "\n"; - } - - return $output; - } - - /** - * {@inheritdoc} - */ - public function getMessage($result_const) { - switch ($result_const) { - case CheckResult::SUCCESS: - return $this->t('Untrusted roles do not have administrative or trusted Drupal permissions.'); - - case CheckResult::FAIL: - return $this->t('Untrusted roles have been granted administrative or trusted Drupal permissions.'); - - default: - return $this->t("Unexpected result."); - } - } - -}