Okay, I'll be the first to add a few of my development related thoughts, and some of the procedures I (usually)
follow, in no particular order1. Templates
Any templates that will be presented on the front end (not the admin section) should be stored in the databse, with some reasonable default values attached. This will allow admins to adjust front end layout without having to edit files. As well, as I have done in (most of)
my modules, there should be a button to reset the template to default values.
The Module API methods I am referring to are:
Tabs should be used to organize the functionality of a module logically, and particularly for template editing, this allows for better permissions management, and improved usability3. Permissions
As I've learned over recent weeks, it may not always be necessary to create a new permission for a module, many of the existing permissions work well. For example, recent modifications to the News Module allows for more modular control, and although it does still add the permission "Modify News" it also uses some of the standard permissions.
"Modify Layout" or some other similar permission is used to determine wether the template tabs should be displayed at all, "Modify News" is strictly used now for adding/editing and deleting news articles, as well the "Modify Site Preferences" permission is used to determine wether the preferences tab is displayed.
As well, the permissions should be checked not only when displaying the form, but also when processing the form results, this increases security one more little bit, and ensures nobody can do anything malicious without actually being logged in.Conclusion
Does anybody have any suggestions, comments, or questions about these ideas?