Restrict user access to viewing prices in the admin panel (acl)
-
14-04-2021 - |
Soluzione
great question. The acl in Magento allows any customisation (if not coming out of the box) but indeed we have to do it directly interacting with the code as below:
I have added a plugin and an acl resource, it is straightforward as you will see but quite deep in the code. good luck with this.
acl.xml
<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Acl/etc/acl.xsd">
<acl>
<resources>
<resource id="Magento_Backend::admin">
<resource id="Magento_Catalog::catalog">
<resource id="Magento_Catalog::catalog_inventory">
<resource id="Magento_Catalog::products">
<resource id="Magento_Catalog::update_attributes">
<resource id="Mbs_HidePrice::AccessPrice" title="Access Price" translate="title" sortOrder="10" />
</resource>
</resource>
</resource>
</resource>
</resource>
</resources>
</acl>
</config>
di.xml
<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
<type name="Magento\Catalog\Ui\DataProvider\Product\Form\Modifier\Eav">
<plugin name="product_form_modifier" type="Mbs\HidePrice\Plugin\ProductAttributeModifier" />
</type>
</config>
and finally, the plugin
<?php
namespace Mbs\HidePrice\Plugin;
use Magento\Catalog\Ui\DataProvider\Product\Form\Modifier\AbstractModifier;
class ProductAttributeModifier
{
/**
* @var \Magento\Framework\AuthorizationInterface
*/
private $authorization;
public function __construct(
\Magento\Framework\AuthorizationInterface $authorization
) {
$this->authorization = $authorization;
}
public function afterModifyMeta(
\Magento\Catalog\Ui\DataProvider\Product\Form\Modifier\Eav $subject,
array $meta
) {
$parsedMeta = [];
foreach ($meta as $groupCode => $group) {
if ($groupCode === AbstractModifier::DEFAULT_GENERAL_PANEL) {
$attributes = $group['children'];
$newAttributes = [];
foreach ($attributes as $key => $attribute) {
if (preg_match('%'. AbstractModifier::CONTAINER_PREFIX .'(.+)%', $key, $m)) {
$attributeCode = $m[1];
if ($attributeCode !== 'price') {
$newAttributes[] = $attribute;
} else if ($this->canShowPriceInBackend()) {
$newAttributes[] = $attribute;
}
}
}
$group['children'] = $newAttributes;
$parsedMeta[$groupCode] = $group;
} else {
$parsedMeta[$groupCode] = $group;
}
}
return $parsedMeta;
}
/**
* @return bool
*/
private function canShowPriceInBackend(): bool
{
return $this->authorization->isAllowed('Mbs_AdminScreen::Mbs_HidePrice::AccessPrice');
}
}
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a magento.stackexchange