On Sat, 2011-02-05 at 20:31 +0100, Eric Schaefer wrote: > Hi List, > > I was just wondering. Now that there are separate hooks for the node > API, is it necessary to check for permissions in every hook? E.g. The > scheduler module has a permission for scheduling nodes. Do I need to > check for that permission in lets say scheduler_node_update()?
No, don't. The full access check is menu based. Implementation of your hooks are pure API therefore shouldn't care about right (except for the view related stuff). Higher level API should take care of the user rights, not the low level API IMHO. Pierre.
