Verify Magento User Access to Admin Functionality

When working with Magento, there will inevitably come a time where you need to manually check to see if the currently logged-in user has access to a specific piece of functionality as defined in the ACL settings. Personally, I have come across this situation more often when creating my own custom modules and their custom permissions, but they can be used to check the permissions of any module.

As is so often the case, Alan Storm has documented the exact solution for this scenario. Lets say that your ACL configuration is setup as it is below…

<?xml version="1.0" encoding="UTF-8"?>
<config>
    <acl>
        <resources>
            <admin>
                <children>
                    <permission1>
                        <title>Permission 1</title>
                        <children>
                            <permission1a>
                                <title>Permission 1 a</title>
                                <children>
                                    <permission1a1>
                                        <title>Permission 1 a 1</title>
                                    </permission1a1>
                                </children>
                            </permission1a>
                        </children>
                    </permission1>
                </children>
            </admin>
        </resources>
    </acl>
</config>

If you want to check to see whether the current user has been granted permission1a1, you would write something like the following, which returns a true or false values.

$isAllowed = Mage::getSingleton('admin/session')->isAllowed('permission1/permission1a/permission1a1');

As you can see, you have to put the XML node names in the full path for the isAllowed function call to work properly. If you don’t need to check the leaf node permissions, and only the root node, you could do the following instead.

$isAllowed = Mage::getSingleton('admin/session')->isAllowed('permission1');

Amazingly, this is one of those scenarios where Magento makes things easy in a non-confusing manner.

Tags:

Related Posts

Mar 19, 2015
One minute

Run Multiple Python mod_wsgi Websites With Apache On Windows

Yes, this sounds completely crazy, but there is a semi-valid need to do this, unfortunately. However, when you need to run multiple Python websites on Apache on Windows via mod_wsgi, it quickly becomes apparent that using the typical <VirtualHost> configuration options do not work as expected.

When you try to do it with a <VirtualHost> configuration, you will be unable to setup a separate WSGIPythonPath configuration setting per virtual host, as that configuration directive is not allowed within a <VirtualHost> node. Instead, you have a single WSGIPythonPath for your entire Apache instance.

#windows-7 #microsoft #python
Read More
May 6, 2014
One minute

Unintended Consequences with Magento Observers on Sales Orders

Anyone that uses Magento to place orders will be hard-pressed to consider this process a speedy one. While it takes a while to process the order under the best of circumstances, there are a few things that you can do that actually make it worse.

One of those things that can make it worse is creating an observer that runs in the middle of the saving of the order processes that is always slow-running, or continues to get slower over time as the data that the Magento site grows. While the observer may run well at first, over time as the data grows, some random symptoms may show up, including database deadlocks and even some missing sales orders.

#magento #performance
Read More
Mar 20, 2015
One minute

Google To Begin Rewarding Mobile-Friendly Websites

Google recently announced that beginning April 21, 2015, they would start slightly rewarding websites that are mobile-friendly at the expense of sites that are not. There are several things that Google looks at to determine whether or not a site is easy for a user on a mobile device to view and navigate. Some of the things that Google looks for include the following:

  1. Fonts that are big enough to be legible
  2. Users don’t have to scroll left and right to see content
  3. Links are big enough and have enough space around them to be clickable with a touch of a finger.
  4. Avoids technologies that are not present on mobile devices, like Flash.

If you make sure that you follow the above guidelines, your site will be prepared for the upcoming change in Google’s search results. To find out more, check out Google’s blog post.

#responsive-web-design #javascript #web-development
Read More