Getting Access Denied for module
https://magento.stackexchange.com/questions/107840
-
29-09-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Issue
I have a module that allows users to login as the customer (Spadar_Login). This modules uses user permissions. It works for admin roles and it prevents access to roles without permission. The issue is roles that are given permission do not work. It receives "Access denied" as though it did not have permission.
Troubleshooting
Cache has been cleared and disabled, compilation disabled, logged out and in.
The message is displayed on the admin side, for an admin route calling an admin controller. I removed any isAllowed() check in controllers. The controller being called has had all code removed and the issue still occurs, which tells me the access is denied before it reaches the controller. I tried removing the acl tag in the config.xml but the issue still persists. I have triple checked the the user is in the right role, and that the role has permission to the user.
Code
Here is the acl in the etc/config.xml
<acl>
<resources>
<admin>
<children>
<customer>
<children>
<login>
<title>Login as Customer</title>
</login>
</children>
</customer>
</children>
</admin>
</resources>
</acl>
Here is the route
<admin>
<routers>
<spadarloginadmin>
<use>admin</use>
<args>
<module>Spadar_Login_Adminhtml</module>
<frontName>spadarloginadmin</frontName>
</args>
</spadarloginadmin>
</routers>
</admin>
What is causing this user role not to be able to access this controller?
Solution
Complete credits for @fschmengler for this link
add this method in admin controllers:
if you have an ACL resource defined in etc/adminhtml.xml , than
protected function _isAllowed()
{
return Mage::getSingleton('admin/session')->isAllowed('ENTER RESOURCE IDENTIFIER HERE');
}
