I'm trying to create a FB tab app. It's supposed to have an Edit Settings page, which is obviously supposed to be accessible only to page admins. If the admin is watching the tab - he's supposed to see a link to that page. I can do something like that with jQuery:
var is_admin = "<?php echo isset( $page['admin'] ) && $page['admin'] == 1 ? true : false; ?>";
if(is_admin)
$("<div id='div_edit_settings'>Edit Settings</div>").appendTo("some_div");
And later I can detect when this link was clicked and present the page (it's supposed to be displayed inside the tab as well, but since it's stored on the server it's also accessible through a browser).
The problem is that JS is visible to Firebug and other browser developer tools, so somebody could just insert a code line and see that link. So what can I do to make sure that only admins can see that Edit page and that only admins are editing the settings? How can I protect the link and the Edit page itself?