Chapter 4. Drupal's User and Permissions System
A first look at Drupal's API and how to use it to control the security of your site
In the last chapter, you looked a bit at how to configure Drupal. That entire configuration is based on the code inside Drupal's core and contributed modules. Now you're going to start looking at that code and how to write code that will impact Drupal's security.
This chapter starts with a quick introduction to key concepts in the Drupal API. Once you've learned the fundamentals of the API, the next step is to understand the code that defines permissions and confirms access. Finally, you'll see some common mistakes and how to exploit or avoid them.
Get Cracking Drupal®: A Drop in the Bucket now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
