Verify Magento User Access to Admin Functionality

When working with Magento, there will inevitably come a time where you need to manually check to see if the currently logged-in user has access to a specific piece of functionality as defined in the ACL settings. Personally, I have come across this situation more often when creating my own custom modules and their custom permissions, but they can be used to check the permissions of any module.

As is so often the case, Alan Storm has documented the exact solution for this scenario. Lets say that your ACL configuration is setup as it is below…

<?xml version="1.0" encoding="UTF-8"?>
<config>
    <acl>
        <resources>
            <admin>
                <children>
                    <permission1>
                        <title>Permission 1</title>
                        <children>
                            <permission1a>
                                <title>Permission 1 a</title>
                                <children>
                                    <permission1a1>
                                        <title>Permission 1 a 1</title>
                                    </permission1a1>
                                </children>
                            </permission1a>
                        </children>
                    </permission1>
                </children>
            </admin>
        </resources>
    </acl>
</config>

If you want to check to see whether the current user has been granted permission1a1, you would write something like the following, which returns a true or false values.

$isAllowed = Mage::getSingleton('admin/session')->isAllowed('permission1/permission1a/permission1a1');

As you can see, you have to put the XML node names in the full path for the isAllowed function call to work properly. If you don’t need to check the leaf node permissions, and only the root node, you could do the following instead.

$isAllowed = Mage::getSingleton('admin/session')->isAllowed('permission1');

Amazingly, this is one of those scenarios where Magento makes things easy in a non-confusing manner.

Tags:
comments powered by Disqus

Related Posts

AddThis Can Cause Your Site To Not Load

Over the last few days, I have run across quite a few websites that seem to never finish loading. After waiting for 20 seconds or more, I give up, realizing that whatever content was on the site wasn’t worth it anymore for me to stare at a blank white browser until it loaded however much longer. Unfortunately for those websites, they are losing traffic that they will never get back.

Read More

Varnish and Magento Performance Mystery

One of the things that you think you will solve when you implement a Varnish caching server in front of a Magento website is performance problems. However, this is not necessarily the case. When I set Varnish up to cache content in front of my Magento website, I get what seems to be much improved performance. If I run a few tests in the developer tools of Chrome, it seems that the waterfall chart makes sense and the data is loaded appropriately and in a timely manner with the main HTML being downloaded in about 300ms.

Read More

Write Bulletproof JavaScript

While display issues have long been the bane of a web developer’s existence, current web development projects tend to have much more client side interactivity, focusing ever more attention on the reliability and resilience of the JavaScript you write to deliver the complete interactive experience. Many things can cause unexpected errors in your carefully crafted code. However, there are a few things that you can do to make sure that your site degrades gracefully and still provides a basic level of functionality when something in the browser goes wrong.

Read More