Optimize-Magento-Authorization-and-Access-Control-ListThe Magento access control list is a list of permissions attached to a file, folder or any other object. Magento provides the facility of making  roles which contain a list of permissions for specific users. The user is like an entity of Magento having  some authority to use the system at the backend side.

Magento provides a set of libraries by which we can create a different roles and its respective users. We have to just add a backend menu item  and ACL resources from that menu to our extension’s XML file.

Suppose that our extension name is XYZ , so the required code for that menu and ACL resources is listed as follows :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
<config>
<menu>
<xyz module="xyz ">
<title>XYZ</title>
<sort_order>71</sort_order>
<children>
<items module="xyz ">
<title>Settings</title>
<sort_order>0</sort_order>
<action>xyz/adminhtml_xyz</action>
</items>
</children>
</xyz>
</menu>
<acl>
<resources>
<all>
<title>Allow Everything</title>
</all>

<admin>
<children>
<system>
<children>
<config>
<children>
<xyz translate="title" module="xyz">
<title>XYZ Section</title>
</xyz>
</children>
</config>
</children>
</system>
</children>
</admin>
</resources>
</acl>
<config>

There are some meaningful tag in the code listed as below :-

<menu> :- It defines the entry of the menu at the backend side.

<title> :- It defines the title of that menu.

<action> :- It defines the link for that menu.

<acl> :- It defines the ACL entry of menu to access it.

<sort_order> :- It decides the order of your menu option.

Now, when adding a role at the admin side to your system , you can see the ACL item(XYZ)in the list and select the checkbox corresponding to the resources which allows the roles to your access

1
In this screenshot you can see the option created XYZ and Settings of your extension.
Now, when a user logs on the backend side using this user details , the backend menu will be shown depending upon the permissions set by the admin for this user. If user fires the action request , the system will check it by the function _isAllowed of the Action class given as below :

1
2
3
4
protected function _isAllowed()
{
return Mage::getSingleton('admin/session')->isAllowed('system/config');
}

Hope all these info and code will help you to create your specific roles and users for your Magento site.

GD Star Rating
loading...

Leave a comment





Last Tweet

  • "Upgrade your magento store to Magento 1.7 http://t.co/dfRDNz4E"
  • Close
    Get our Newsletters

    Receive The Latest Posts Directly To Your Email - It's Free!!


    " Indieswebs Magento Blog talks about learning, relearning and unlearning coding , designing and development of magento stores one blog at a time. "