The following snippets show how to implement ACL (Access-Control-List) for system configuration fields and main menu entries of your own modules.  It is also shown, how to check the ACL’s in the PHP code of your Module.
Implement ACL – Access control for system configuration
If you had configured a system configuration (System→Configuration) like this:
<?xml version="1.0" encoding="utf-8"?>
<config>
<sections>
<asksheldon_friendsandfamily translate="label" module="asksheldon_friendsandfamily">
<label>Friends & Family</label>
<tab>customer</tab>
<frontend_type>text</frontend_type>
<sort_order>1</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>0</show_in_store>
<groups>
<general translate="label" module="asksheldon_friendsandfamily">
<label>General</label>
<frontend_type>text</frontend_type>
<sort_order>1</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>0</show_in_store>
<fields>
<enabled translate="label">
<label>Enable</label>
<frontend_type>select</frontend_type>
<source_model>adminhtml/system_config_source_yesno</source_model>
<sort_order>10</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>0</show_in_store>
</enabled>
<customer_groups translate="label comment">
<label>Customer groups</label>
<frontend_type>multiselect</frontend_type>
<source_model>adminhtml/system_config_source_customer_group</source_model>
<sort_order>11</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>0</show_in_store>
<comment>Groups for Friends & Family discounts.</comment>
</customer_groups>
</fields>
</general>
<welcomeemail>
<label>Editmail</label>
<frontend_type>text</frontend_type>
<sort_order>2</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>0</show_in_store>
<fields>
<identity translate="label">
<label>Welcomemail Sender</label>
<frontend_type>select</frontend_type>
<source_model>adminhtml/system_config_source_email_identity</source_model>
<sort_order>2</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>0</show_in_store>
</identity>
<template translate="label">
<label>Welcomemail-Template</label>
<frontend_type>select</frontend_type>
<source_model>adminhtml/system_config_source_email_template</source_model>
<sort_order>3</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>0</show_in_store>
</template>
<copy_to translate="label comment">
<label>Send Welcome Copy To</label>
<frontend_type>text</frontend_type>
<sort_order>5</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>0</show_in_store>
<comment>Comma-separated.</comment>
</copy_to>
<copy_method translate="label">
<label>Send Welcome Copy Method</label>
<frontend_type>select</frontend_type>
<source_model>adminhtml/system_config_source_email_method</source_model>
<sort_order>6</sort_order>
<show_in_default>1</show_in_default>
<show_in_website>1</show_in_website>
<show_in_store>0</show_in_store>
</copy_method>
</fields>
</welcomeemail>
</groups>
</asksheldon_friendsandfamily>
</sections>
</config>
… you can define ACLs like that:
<?xml version="1.0" encoding="utf-8"?>
<config>
<acl>
<resources>
<admin>
<children>
<system>
<children>
<config>
<children>
<asksheldon_friendsandfamily translate="title" module="asksheldon_friendsandfamily">
<title>Friends & Family</title>
</asksheldon_friendsandfamily>
</children>
</config>
</children>
</system>
</children>
</admin>
</resources>
</acl>
</config>
You can use more <children> <BEZEICHNER> level to refine the access possibilities (f.e.: only access to general tab).
Implement ACL – Access control for menu entries
For main menu entries as described here you have to configure the right ACLs as follows:
<?xml version="1.0"?>
<config>
<acl>
<resources>
<all>
<title>Allow Everything</title>
</all>
<admin>
<children>
<asksheldon_abo>
<children>
<asksheldon_abomanage>
<title>Subscription</title>
<sort_order>10</sort_order>
</asksheldon_abomanage>
<asksheldon_aboexport>
<title>Subscription EAN Export</title>
<sort_order>20</sort_order>
</asksheldon_aboexport>
<asksheldon_aboguestexport>
<title>Subscription Guest Export</title>
<sort_order>30</sort_order>
</asksheldon_aboguestexport>
</children>
</asksheldon_abo>
</children>
</admin>
</resources>
</acl>
</config>
Implement ACL – Check ACLs
If you have the following ACL (not necessarily for system configuration oder menus → can also be for its own):
<config>
<acl>
<resources>
<admin>
<children>
<asksheldon_milesandmore translate="title" module="asksheldon_milesandmore">
<title>Miles & More</title>
<children>
<allow_view>
<title>Backenduser can view the customers cardnumber</title>
</allow_view>
<allow_edit>
<title>Backenduser can view and edit the customers cardnumber</title>
</allow_edit>
</children>
</asksheldon_milesandmore>
</children>
</admin>
</resources>
</acl>
</config>
… you can check if the customer is allowed to access that interface by:
<?php
$bIsAllowed = Mage::getSingleton('admin/session')->isAllowed('admin/asksheldon_milesandmore/allow_view');//path/in/acl/tree
?>
Implement ACL – Own Controller Actions
Since version “I have no idea 😉 ” you have to implement a _isAllowed – function in your controller to grant restricted access for a certain user role.
For example:
if you have a ACL and menu definition like that:
<?xml version="1.0" encoding="UTF-8"?>
<config>
<menu>
<sheldon_wysiwyg module="sheldon_wysiwyg">
<title>WYSIWYG</title>
<sort_order>88</sort_order>
<children>
<test module="sheldon_wysiwyg" translate="title">
<title>Test</title>
<sort_order>0</sort_order>
<action>adminhtml/sheldonwysiwyg_data</action>
</test>
<template_js module="sheldon_wysiwyg" translate="title">
<title>Template</title>
<sort_order>1</sort_order>
<action>adminhtml/sheldonwysiwyg_data/template</action>
</template_js>
</children>
</sheldon_wysiwyg>
</menu>
<acl>
<resources>
<admin>
<children>
<sheldon_wysiwyg module="sheldon_wysiwyg">
<title>WYSIWYG</title>
<sort_order>88</sort_order>
<children>
<test module="sheldon_wysiwyg" translate="title">
<title>Test</title>
<sort_order>0</sort_order>
<action>adminhtml/sheldonwysiwyg_data</action>
</test>
<template_js module="sheldon_wysiwyg" translate="title">
<title>Template</title>
<sort_order>1</sort_order>
<action>adminhtml/sheldonwysiwyg_data/template</action>
</template_js>
</children>
</sheldon_wysiwyg>
</children>
</admin>
</resources>
</acl>
</config>
you have to implement:
<?php
protected function _isAllowed()
{
return Mage::getSingleton('admin/session')->isAllowed('admin/sheldon_wysiwyg');
}
in the corresponding controller (Sheldon_Wysiwyg_Adminhtml_Sheldonwysiwyg_DataController in this case).
1 thoughts on “Implement ACL (Access-Control-List) for own Magento modules”