All geek questions in one place

A user with a custom role cannot access a custom menu item in the Magento admin interface

I have defined a custom menu item for the Magento admin interface with several sub-items.

This works very well as expected when a user with an administrator role logs in to the admin interface. The administrator sees all the auxiliary elements and can also access the pages to which the elements link. Each of these pages shows the contents of the database table in the grid.

But problems arise when I try to use a user role. The user role has access to the menu item and its items. Now, when I enter the admin interface with the user with this custom role, the user sees all the menu items as expected, but for two sub-items the user receives an access denied message when he clicks on the sub-item.

Here is the acl and menu element from config.xml.

... <adminhtml> <acl> <resources> <admin> <children> <deliveryservice translate="title"> <title>Deliveryservice</title> <sort_order>300</sort_order> <children> <holiday translate="title" module="deliveryservice"> <title>Holidays</title> <sort_order>5</sort_order> </holiday> <holidayset translate="title" module="deliveryservice"> <title>Holidaysets</title> <sort_order>10</sort_order> </holidayset> <openinghour translate="title" module="deliveryservice"> <title>Openinghours</title> <sort_order>20</sort_order> </openinghour> <delivery_address translate="title" module="deliveryservice"> <title>Delivery Areas</title> <sort_order>30</sort_order> </delivery_address> <minimum_order_value translate="title" module="deliveryservice"> <title>Minimum order value</title> <sort_order>40</sort_order> </minimum_order_value> <key_value_store translate="title" module="deliveryservice"> <title>Key Value Store</title> <sort_order>50</sort_order> </key_value_store> <ratings translate="title" module="deliveryservice"> <title>Bewertungen</title> <sort_order>60</sort_order> </ratings> </children> </deliveryservice> </children> </admin> </resources> </acl> <menu> <deliveryservice translate="title"> <title>Deliveryservice</title> <sort_order>300</sort_order> <children> <holiday translate="title" module="deliveryservice"> <title>Holidays</title> <sort_order>5</sort_order> <action>adminhtml/holiday/</action> </holiday> <holidayset translate="title" module="deliveryservice"> <title>Holidaysets</title> <sort_order>10</sort_order> <action>adminhtml/holidayset/</action> </holidayset> <openinghour translate="title" module="deliveryservice"> <title>Openinghours</title> <sort_order>20</sort_order> <action>adminhtml/openinghour/</action> </openinghour> <delivery_address translate="title" module="deliveryservice"> <title>Delivery Areas</title> <sort_order>30</sort_order> <action>adminhtml/deliveryaddress/</action> </delivery_address> <minimum_order_value translate="title" module="deliveryservice"> <title>Minimum Order Values</title> <sort_order>40</sort_order> <action>adminhtml/minimumordervalue/</action> </minimum_order_value> <key_value_store translate="title" module="deliveryservice"> <title>Key Value Store</title> <sort_order>50</sort_order> <action>adminhtml/keyvaluestore/</action> </key_value_store> <ratings translate="title" module="deliveryservice"> <title>Bewertungen</title> <sort_order>60</sort_order> <action>adminhtml/ratings/</action> </ratings> </children> </deliveryservice> </menu> </adminhtml> ...

The problem occurs for the menu items minimum_order_value and key_value_store.

I don’t understand why the administrator can access all pages, but the other role cannot. Any ideas what could be the problem here?

+4
source share
2 answers

Ok, I solved the problem.

It has been associated with controller classes associated with submenu items and a submenu tag tag.

Each controller has a _isAllowed() method to verify user rights to view the page.

eg.

 protected function _isAllowed(){ return Mage::getSingleton('admin/session')->isAllowed('deliveryservice/holidayset'); }

In this method, the last part of the parameter (behind the slash) used to call the isAllowed () method must be equal to the tag name of the submenu item for acl and the menu items in the config.xml file.

So, for this example, the submenu tag name should be <holidayset ...

For my two controllers, the tag name and parameter are not equal.

+12
source

There are too many factors in the game to say for sure - the fastest solution is to debug it yourself.

Take a look at _buildMenuArray' in app / code / core / Mage / Adminhtml / Block / Page / Menu.php`. Somewhere there you should see foreach loops that start with something like this

  foreach ($parent->children() as $childName => $child) { if (1 == $child->disabled) { continue; } $aclResource = 'admin/' . ($child->resource ? (string)$child->resource : $path . $childName); if (!$this->_checkAcl($aclResource)) { continue; } if ($child->depends && !$this->_checkDepends($child->depends)) { continue; }

This is a loop that builds an array of menu information for the block that creates the administrator’s navigation. If any of these continue defensive offers is running, Magento will skip displaying the specific menu. I suggested checking why the _checkAcl method _checkAcl not work for this particular menu. My guess (based on the abbreviation of your post) is that you lack the role of an ACL for child menus that are not displayed.

Good luck

+4
source

Source: https://habr.com/ru/post/1437870/

More articles:


All Articles