The changes that you need to make are:
1. Register the module with the security system.
This requires to you modify the Version.php file and add a line describing the rules. For the Stats module, I added
$modversion['securityschema'] = array('Stats::' => '::');
Stats is there or it isn't. I'm not stopping certain functions although you could.
2. Modify the module's index.php file to make the security check. This takes the form of
if (!authorised(0, 'Stats::', '::', ACCESS_READ)) {
include 'header.php';
echo _VIEWSTATSNOAUTH;
include 'footer.php';
return;
}
You might need to move the header.php and footer.php includes around depending on what else is in the file. This code snippet is placed towards the top of the file before any other output is produced. Note the format matches what we just put into the Version.php file. It also includes a new language define. In this case _VIEWSTATSNOAUTH.
3. Add the error message to the modules local language files. In lang/eng/global.php add
define("_VIEWSTATSNOAUTH", "You are not authorised to view stastics.");
4. Create a permission restriction for whatever groups are necessary. In my case, I set
Unregistered | Stats:: | :: | None
5. Modify the menu and other links to hide the link from site.
The menu can be done through the permissions system by adding Stats to the entry already there.
3930