User with custom role cannot access custom menu item in Magento admin interface

Asked 4/10, 2012 at 19:29 Answered 5/10, 2012 at 11:19

I've defined a custom menu item for the Magento admin interface with several sub items.

This works quite well as expected when a user with an admin role is logged into the admin interface. The admin sees all the sub items and can also access the pages the items link to. Each of these pages shows the content of a database table in a grid.

But the problems occur when I try to use a custom role. The custom role has access to the menu item and its sub items. Now, when I log into the admin interface with an user with this custom role the user sees all the menu items as expected, but for two sub items the user gets an access denied message when he clicks on the sub item.

Here is the acl and menu entry from the config.xml.

...
    <adminhtml>
        <acl>
            <resources>
                <admin>
                    <children>                      
                        <deliveryservice translate="title">
                            <title>Deliveryservice</title>
                            <sort_order>300</sort_order>
                            <children>
                                <holiday translate="title" module="deliveryservice">
                                    <title>Holidays</title>
                                    <sort_order>5</sort_order>
                                </holiday>
                                <holidayset translate="title" module="deliveryservice">
                                    <title>Holidaysets</title>
                                    <sort_order>10</sort_order>
                                </holidayset>
                                <openinghour translate="title" module="deliveryservice">
                                    <title>Openinghours</title>
                                    <sort_order>20</sort_order>
                                </openinghour>
                                <delivery_address translate="title" module="deliveryservice">
                                    <title>Delivery Areas</title>
                                    <sort_order>30</sort_order>
                                </delivery_address>
                                <minimum_order_value translate="title" module="deliveryservice">
                                    <title>Minimum order value</title>
                                    <sort_order>40</sort_order>
                                </minimum_order_value>
                                <key_value_store  translate="title" module="deliveryservice">
                                    <title>Key Value Store</title>
                                    <sort_order>50</sort_order>
                                </key_value_store>
                                 <ratings  translate="title" module="deliveryservice">
                                    <title>Bewertungen</title>
                                    <sort_order>60</sort_order>
                                </ratings>
                            </children>
                        </deliveryservice>
                    </children>
                </admin>
            </resources>
        </acl>
        <menu>
            <deliveryservice translate="title">
                <title>Deliveryservice</title>
                <sort_order>300</sort_order>
                <children>
                    <holiday translate="title" module="deliveryservice">
                        <title>Holidays</title>
                        <sort_order>5</sort_order>
                        <action>adminhtml/holiday/</action>
                    </holiday>
                    <holidayset translate="title" module="deliveryservice">
                        <title>Holidaysets</title>
                        <sort_order>10</sort_order>
                        <action>adminhtml/holidayset/</action>
                    </holidayset>
                    <openinghour translate="title" module="deliveryservice">
                        <title>Openinghours</title>
                        <sort_order>20</sort_order>
                        <action>adminhtml/openinghour/</action>
                    </openinghour>
                    <delivery_address translate="title" module="deliveryservice">
                        <title>Delivery Areas</title>
                        <sort_order>30</sort_order>
                        <action>adminhtml/deliveryaddress/</action>
                    </delivery_address>
                    <minimum_order_value translate="title" module="deliveryservice">
                        <title>Minimum Order Values</title>
                        <sort_order>40</sort_order>
                        <action>adminhtml/minimumordervalue/</action>
                    </minimum_order_value>
                    <key_value_store  translate="title" module="deliveryservice">
                        <title>Key Value Store</title>
                        <sort_order>50</sort_order>
                        <action>adminhtml/keyvaluestore/</action>
                    </key_value_store>
                    <ratings  translate="title" module="deliveryservice">
                        <title>Bewertungen</title>
                        <sort_order>60</sort_order>
                        <action>adminhtml/ratings/</action>
                    </ratings>
                </children>
            </deliveryservice>
        </menu>
    </adminhtml>
      ...

The problem occurs for the menu items minimum_order_value and key_value_store.

I don't understand why an admin can access all pages but a different role can not. Any ideas what might the problem here?

Spile answered 4/10, 2012 at 19:29 Comment(0)

Ok I solved the problem.

It was related to the controller classes associated with the sub menu items and the sub menu items tag's name.

Each controller has an _isAllowed() method for checking the user's permission to view a page.

E.g.

protected function _isAllowed(){
    return Mage::getSingleton('admin/session')->isAllowed('deliveryservice/holidayset');
}

In this method the last part of the parameter (behind the slash) used to call the isAllowed() method has to be equal to the tag's name of the sub menu item for the acl and menu entries in the config.xml.

So for this example the sub menu tag's name must be <holidayset ...

For two of my controllers the tag name and the parameter were not equal.

Spile answered 5/10, 2012 at 11:19 Comment(0)

There's too many factors at play to say for sure — the quickest resolution will be to debug this yourself.

Take a look at the _buildMenuArray' inapp/code/core/Mage/Adminhtml/Block/Page/Menu.php`. Somewhere in there you should see a foreach loops that starts out something like this

    foreach ($parent->children() as $childName => $child) {
        if (1 == $child->disabled) {
            continue;
        }

        $aclResource = 'admin/' . ($child->resource ? (string)$child->resource : $path . $childName);
        if (!$this->_checkAcl($aclResource)) {
            continue;
        }

        if ($child->depends && !$this->_checkDepends($child->depends)) {
            continue;
        }

This is the loop that builds the array of menu information for the block that builds the admin navigation. If any of those continue guard clauses are triggered, Magento will skip rendering the particular menu. I'd suggested checking why the _checkAcl method is failing for this particular menu. My guess (based on a skimming of your post) is you're missing ACL roles for the child menus that aren't rendering.

Good luck!

Flotsam answered 4/10, 2012 at 20:37 Comment(2)

Thanks for your response, but the problem is not that the menu itmes don't get rendered. All menu entries that should be visible to the that custom are rendered. 5 out of 7 sub menu items work as expected, when the user clicks on them, the related page is rendered. But for 2 of the them the related page is not rendered, instead an "Access denied" message is shown. Never the less I debugged the method you told me to and I can say that none of my menu items get skipped. – Spile 5/10, 2012 at 9:50

Ok I found out one more think, the problem is not related to a wrong acl or menu entry in the xml I posted above. I replaced the action element form one of the not working sub menu items with one of a working one. Then the access denied message disappear and the page gets rendered. So it must have something to do with the rendering of the page. There must be a place where Magento checks the acl before rendering the page. Any idea where this happens? – Spile 5/10, 2012 at 10:17

Recommended topics

Hot tags