2

I've created one role and provide rights for my custom module using System->Permissions->Role. When any user from that role logs into system, gets access denied for my custom module. My config.xml looks this 

<acl>
            <resources>
                <all>
                    <title>Allow Everything</title>
                </all>
                <admin>
                    <children>
                        <vendor translate="title" module="vendor">
                            <title>Vendor</title>
                            <sort_order>1000</sort_order>
                            <children>
                                <vendor translate="title">
                                    <title>Manage Vendor</title>
                                    <sort_order>0</sort_order>
                                </vendor>
                            </children>
                        </vendor>
                    </children>
                </admin>
            </resources>
        </acl>

And my adminhtml.xml looks like this

<config>
    <acl>
        <resources>
            <admin>
                <children>
                    <system>
                        <children>
                            <config>
                                <children>
                                    <vendor translate="title" module="vendor">
                                        <title>Vendor Section</title>
                                        <sort_order>300</sort_order>
                                    </vendor>
                                </children>
                            </config>
                        </children>
                    </system>
                </children>
            </admin>
        </resources>
    </acl>
</config>
Amit Bera
  • 77,456
  • 20
  • 123
  • 237
Vaidehi
  • 71
  • 8
  • Did you installed any security patch in the site? – Baby in Magento Feb 14 '16 at 06:02
  • If you recently installed any security patch , please look at this : http://magento.stackexchange.com/questions/73646/access-denied-errors-after-installing-supee-6285 – Baby in Magento Feb 14 '16 at 06:08
  • I've not installed any security patch. And my controller has isAllowed function also. protected function _isAllowed() { return Mage::getSingleton('admin/session')->isAllowed('vendor/kitchoff_vendor_vendor'); } – Vaidehi Feb 14 '16 at 07:58
  • remove the acl from config.xml use one acl only.. – Qaisar Satti Feb 15 '16 at 06:58
  • If I remove acl from config.xml, then also I get Access denied when I login from role defined. In my controller, I've written code for method _isAllowed like this protected function _isAllowed() { return Mage::getSingleton('admin/session')->isAllowed('vendor/kitchoff_vendor_vendor'); } – Vaidehi Feb 15 '16 at 17:38

3 Answers3

3

Problem resolved.

By modifying _isAllowed() function like following

protected function _isAllowed() { return true; }

It's a very bad decision. In you case right way is:

protected function _isAllowed() {
    return Mage::getSingleton('admin/session')->isAllowed('system/vendor');
}
Александр Резниченко
  • 31
  • 2
0

Your adminhtml.xml/config.xml(don't specify in both file) file may contains wrong xml element hierarchy. it must be match with current hierarchy of menu. In your case it should be like this

<config>
    <acl>
        <resources>
            <all>
                <title>Allow Everything</title>
            </all>
            <admin>
                <children>
                    <vendor translate="title" module="vendor">
                        <title>Vendor</title>
                        <sort_order>1000</sort_order>
                        <children>
                            <kitchoff_vendor_vendor translate="title">
                                <title>Manage Vendor</title>
                                <sort_order>0</sort_order>
                            </kitchoff_vendor_vendor>
                        </children>
                    </vendor>
                </children>
            </admin>
        </resources>
    </acl>
</config>
Rahil Patel
  • 369
  • 2
  • 6
-1

Problem resolved.

By modifying _isAllowed() function like following

protected function _isAllowed() { return true; }

Rohit Kundale
  • 3,492
  • 1
  • 21
  • 28
Vaidehi
  • 71
  • 8