pierre.rineau at makina-corpus.com
Sun Feb 6 01:55:18 UTC 2011
On Sat, 2011-02-05 at 20:31 +0100, Eric Schaefer wrote:
> Hi List,
> I was just wondering. Now that there are separate hooks for the node
> API, is it necessary to check for permissions in every hook? E.g. The
> scheduler module has a permission for scheduling nodes. Do I need to
> check for that permission in lets say scheduler_node_update()?
No, don't. The full access check is menu based. Implementation of your
hooks are pure API therefore shouldn't care about right (except for the
view related stuff).
Higher level API should take care of the user rights, not the low level
More information about the development