As promised, after my Python bragging we're going to resume and wrap-up everything on our dfacebox module. If you still remember, our test page is accessible to anonymous users (users that are not registered). You don't normally exposed module settings or test pages like this so instead, we're going to apply some restriction so only those that have permission to access it will be able to view except for the root account which pretty much can do everything.

If you're wondering who's the root account, its the very first account you create when you where installing Drupal; the one with uid = 1. Handle it with care.

Lets start by examining what was the last form of our hook_menu since it is there where we can add restriction for displaying the test page.

/**
 * Implementation of hook_menu()
 */
function dfacebox_menu() {
  $items = array();
  $items['admin/settings/dfacebox'] = array(
    'title'            => t('Facebox for Drupal'),
    'description'      => t('Sample usage of Facebox for Drupal'),
    'page callback'    => 'dfacebox_test_form',
    'access callback'  => TRUE,
    'type'             => MENU_NORMAL_ITEM,
  );
  return $items;
}

The access callback is what makes this menu accessible to anonymous users because it is set to TRUE which means anybody who knows the path and tries to access it should be able to view the test page. Lets modify it a bit:

/**
 * Implementation of hook_menu()
 */
function dfacebox_menu() {
  $items = array();
  $items['admin/settings/dfacebox'] = array(
    'title'            => t('Facebox for Drupal'),
    'description'      => t('Sample usage of Facebox for Drupal'),
    'page callback'    => 'dfacebox_test_form',
    'access callback'  => 'user_access',
    'access arguments' => array('access dfacebox tests'),
    'type'             => MENU_NORMAL_ITEM,
  );
  return $items;
}

The only difference here is that we changed the access callback from TRUE to 'user_access' and we added a new key access arguments which can accept an array of permission in which the user_access tries to check to. Here the array contains only one element, the string 'access dfacebox test'. What will happen now is that everytime a user tries to access our test page, the user_access function will be called and passed with array from our access arguments. Each element will then be checked against the user's permission, if the user has our permission then user will be able to view our test page.

But how do we assign permission to each user? Permissions are assigned by role, by default Drupal has 2 roles available. Anonymous and Authenticated User. If you try to visit admin/user/permissions, you'll see a list of permissions arrange by module with each column corresponding to each role. The next question is how do we add our module's own permission in there? Thats when hook_perm comes to play. Hook perm defines any permission our module wants to exposed, it does so by returning an array of permissions:

/**
 * Implementation of hook_perm()
 */
function dfacebox_perm() {
  return array('access dfacebox tests');
}

Now if you try to visit admin/user/permissions again, you'll see our module listed with the permission we just defined. Tick the one for Authenticated User and save our settings. Now we explicitly defined that only those that got our permissions will be able to access our test page.

I was planning to cover theming hooks and an intro to templates but this is getting long, I don't like long posts, it makes them unreadable atleast for me so we'll end it here for now. Hope you learned something, questions are always welcome. Happy Holidays everyone!