I am having trouble getting this working correctly. I have created an order form module for Drupal and I need to control access to it. I noticed that this order form was accessible without being logged in if I browse directly to http://example.com/orders/order-form I have been looking around and I think I am on the right track but missing something simple. I have created the function below in my order-form module:
function order_form_permission() {
return array(
'order form permission' => array(
'title' => t('Order Form Permissions'),
'description' => t('Deny access to certain users.'),
),
);
}
Then in the same file to create the page I use this function:
function order_form_menu() {
$items = array();
$items['orders/order-form'] = array(
'title' => 'Order Form',
'descriptions' => 'A form for ordering products',
'page callback' => 'drupal_get_form',
'page arguments' => array('order_form_form'),
'access arguments' => array('order_form_permission')
);
return $items;
}
The page arguments array contains the call to the form that is generated.
I have set permissions for certain user roles already in admin/people/permissions It shows access denied when I am not logged in which is what I want. But when I browse to the page logged in as the main administrator I can see it, which is what I want.
The problem is when I try to log in as another user or account that has the role assigned to it I want to be able to access the order form it will say Access Denied. I must be missing something simple here hopefully someone can help me out.
Actually you don't need to define the access callback, it defaults to the user_access() function which is powered by the hook_permissions from drupal.
The access arguments in the hook menu should be the same as the array key in the hook permission. So try removing the underscores from the
'access arguments' => array('order_form_permission')