Facebook API tab settings security

I am working on a Facebook App that adds a tab to fan pages. Admins of those pages should be able to edit some settings for the tab. So I created a settings script for that. If an admin wants to edit something, he or she is sent to http://mydomain/settings.php?fb_page_id=theirpageid

How can I verify that the person loading that page is actually authorized to change those settings? For example, if I knew the page ID for some other page that uses my tab (and the id of a page is right in the URL of the page) I could get in to their settings.

The only thing in the request array is the page id.

Thanks in advance,

Tim

UPDATE:

The only solution I've come up with is asking the user to sign in with facebook and then checkin开发者_开发问答g the rights, but this is something I'd like to avoid, as it's another step for the user.

The best practice for this would be to authorise user to your admin page with the manage_pages permission.

With this permission you can see what Apps / Fan Pages which that particular user is admin of by making a request to:

https://graph.facebook.com/me/accounts?access_token=VALID_ACCESS_TOKEN

So you can easily judge if the user has valid admin access rights to a page with your application tab installed.