Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
On a recent project we discovered a completely undocumented hook in your module:
hook_flag_validate()
It is extremely useful in our case. Users could not flag content after a particular time, and while hiding the link largely took care of the problem, security through obscurity is bad practice.
Definitely document with an example such as:
function example_flag_validate($action, $flag, $entity_id, $account, $skip_permission_check, $flagging) {
if($entity_id >= 20){
return array('access-denied' => 'Content is too new to flag');
}else{
return;
}
}
Second, document the structure of the returned array to deliver an error, or if just returning anything at all will trigger the error. Your code specifically seems to call for the array key to be "access-denied" to return a 403 error.
Comments
Comment #1
joachim CreditAttribution: joachim commentedIt's in the api.php file: