Handling Permissions for custom drush modules
Posted by frob on December 26, 2011 at 4:10am
Hello anyone who has built custom drush modules.
I am writing drush integration into my event tracking module in the form of admin controls and I have a question about user permissions. I want to allow the creation of event tracking code to be added through a drush command. However, because this would be the equivalent of javascript injection, this would have the potential for a xss attack to be injected into the ga code. I want to limit this with the use of user level permissions, just as I would if this where a web based admin section.
Read more