Verify Magento User Access to Admin Functionality

When working with Magento, there will inevitably come a time where you need to manually check to see if the currently logged-in user has access to a specific piece of functionality as defined in the ACL settings. Personally, I have come across this situation more often when creating my own custom modules and their custom permissions, but they can be used to check the permissions of any module.

As is so often the case, Alan Storm has documented the exact solution for this scenario. Lets say that your ACL configuration is setup as it is below…

<?xml version="1.0" encoding="UTF-8"?>
<config>
    <acl>
        <resources>
            <admin>
                <children>
                    <permission1>
                        <title>Permission 1</title>
                        <children>
                            <permission1a>
                                <title>Permission 1 a</title>
                                <children>
                                    <permission1a1>
                                        <title>Permission 1 a 1</title>
                                    </permission1a1>
                                </children>
                            </permission1a>
                        </children>
                    </permission1>
                </children>
            </admin>
        </resources>
    </acl>
</config>

If you want to check to see whether the current user has been granted permission1a1, you would write something like the following, which returns a true or false values.

$isAllowed = Mage::getSingleton('admin/session')->isAllowed('permission1/permission1a/permission1a1');

As you can see, you have to put the XML node names in the full path for the isAllowed function call to work properly. If you don’t need to check the leaf node permissions, and only the root node, you could do the following instead.

$isAllowed = Mage::getSingleton('admin/session')->isAllowed('permission1');

Amazingly, this is one of those scenarios where Magento makes things easy in a non-confusing manner.

Tags:

Related Posts

May 2, 2014
2 minutes

Magento Version 2, is it just Microsoft Windows Longhorn AKA Vista?

Magento version 2 was first introduced in 2010. It is now almost halfway through 2014, and the public has not seen any alpha or beta release of Magento version 2 as of yet. The new version of Magento promised to replace PrototypeJS and Scriptaculus with jQuery as well as reorganize the database schema to remove the slow EAV tables and migrate to a bit of a flatter table structure. However, it seems that the latest updates on the direction for Magento 2 show that the database schema will not be changed much after all.

#magento #rant #windows-vista
Read More
Jan 8, 2015
3 minutes

Write Bulletproof JavaScript

While display issues have long been the bane of a web developer’s existence, current web development projects tend to have much more client side interactivity, focusing ever more attention on the reliability and resilience of the JavaScript you write to deliver the complete interactive experience. Many things can cause unexpected errors in your carefully crafted code.

However, there are a few things that you can do to make sure that your site degrades gracefully and still provides a basic level of functionality when something in the browser goes wrong. The following snippet of code illustrates a few best-practices for defining your JavaScript namespaced modules.

#jquery #javascript #web-development
Read More
Jun 2, 2014
2 minutes

Defensive Development - Fail Fast or Go Home

Defensive Development is a programming practice that is frequently misunderstood, but is nevertheless a critical practice to follow when working in many environments. I have seen articles written that argue that defensive development simply causes nonsensical null checks to be written, and as a result of seeing people writing bad code defensively, argues that no one should practice defensive development. There are other articles that, like many things in software development, argue that you should always use defensive development for everything.

#magento #javascript #design-patterns
Read More