I currently have an open question with a bounty on the Stack Exchange website but I feel like I get a lot more inside information in this community due the more people with experience in Magento.
The latest patch SUPEE-6285 does not throw a Access Denied error but produces a 404 Not Found when I am trying to use a Mage_Adminhtml_Controller_Action Controller.
This functionallity did work before the above mentioned patch.
The code where I think the problem lies. Feel free to look inside the whole code.
app/code/community/Icepay/IceAdvanced/Block/Adminhtml/Grid/Paymentmethods.php
class Icepay_IceAdvanced_AjaxController extends Mage_Adminhtml_Controller_Action
{
protected $webservice = null;
public function iceWebservice()
{
if ($this->webservice == null)
$this->webservice = new Icepay_IceAdvanced_Model_Paymentmethods();
return $this->webservice;
}
public function indexAction()
{
$this->loadLayout();
$this->renderLayout();
}
public function get_paymentmethodsAction()
{
$this->getResponse()->setBody(Zend_Json::encode($this->iceWebservice()->retrieveAdminGrid($this->getRequest()->get("store"))));
}
public function save_paymentmethodAction()
{
$adv_sql = Mage::getSingleton('iceadvanced/mysql4_iceAdvanced');
$reference = $this->getRequest()->getPost("reference");
$scopeID = $this->getRequest()->getPost("store");
if (!isset($reference))
return;
$adv_sql->setScope($scopeID);
$settings = Mage::helper("iceadvanced")->getPaymentmethodExtraSettings();
if ($this->getRequest()->getPost("active_issuers")) {
$issuers = explode(",", $this->getRequest()->getPost("active_issuers"));
if (count($issuers) >= 1)
array_push($settings, "active_issuers"); //At least 1 issuer active is required
}
foreach ($settings as $setting) {
$adv_sql->saveConfigValue($reference, $setting, $this->getRequest()->getPost($setting));
}
$this->getResponse()->setBody(sprintf($this->__("%s settings have been saved."), $this->getRequest()->getPost("name")));
}
}
Then a block in Adminhtml gets this function.
app/code/community/Icepay/IceAdvanced/Block/Adminhtml/Grid/Paymentmethods.php
class Icepay_IceAdvanced_Block_Adminhtml_Grid_PaymentMethods extends Mage_Adminhtml_Block_Widget implements Varien_Data_Form_Element_Renderer_Interface {
protected $_element;
protected $_scope;
protected $_ajaxLoadPaymentMethodURL;
protected $_ajaxSavePaymentMethodURL;
protected $_ajaxGetPaymentMethodsURL;
protected $debug;
public function __construct()
{
$this->_scope = Mage::app()->getStore(Mage::helper("icecore")->getStoreFromRequest())->getId();
$this->_ajaxLoadPaymentMethodURL = Mage::helper('adminhtml')->getUrl('icepayadvanced/config/index/paymentmethod/{{pm_code}}', array('_secure' => true, 'scope' => $this->_scope));
$this->_ajaxSavePaymentMethodURL = Mage::helper('adminhtml')->getUrl('icepayadvanced/ajax/save_paymentmethod', array('_secure' => true, 'scope' => $this->_scope));
$this->_ajaxGetPaymentMethodsURL = Mage::helper('adminhtml')->getUrl('icepayadvanced/ajax/get_paymentmethods', array('_secure' => true));
$this->setTemplate('icepayadvanced/grid_paymentmethods.phtml');
}
public function render(Varien_Data_Form_Element_Abstract $element)
{
$this->setElement($element);
return $this->toHtml();
}
public function setElement(Varien_Data_Form_Element_Abstract $element)
{
$this->_element = $element;
return $this;
}
public function getElement()
{
return $this->_element;
}
public function getJS($uri)
{
return Mage::getBaseUrl(Mage_Core_Model_Store::URL_TYPE_JS, true) . $uri;
}
public function getPaymentmethods()
{
return Mage::getSingleton('iceadvanced/mysql4_iceAdvanced')->getAdminPaymentmethodConfigForStore($this->_scope);
}
public function getAddButtonHtml()
{
return $this->getChildHtml('add_button');
}
protected function _prepareLayout()
{
$button = $this->getLayout()->createBlock('adminhtml/widget_button')
->setData(array(
'label' => Mage::helper('icecore')->__('Get paymentmethods'),
'onclick' => 'return ICEPAY.retrieveFromICEPAY()',
'class' => 'add'
));
$button->setName('add_tier_price_item_button');
$this->setChild('add_button', $button);
if (version_compare(Mage::getVersion(), '1.7.0.0', '<')) {
$this->getLayout()->getBlock('head')->addItem('js_css', 'prototype/windows/themes/magento.css');
} else {
$this->getLayout()->getBlock('head')->addItem('skin_css', 'lib/prototype/windows/themes/magento.css');
}
$this->getLayout()
->getBlock('head')
->addItem('js_css', 'prototype/windows/themes/default.css');
return parent::_prepareLayout();
}
}
And the configuration file:
app/code/community/Icepay/IceAdvanced/etc/config.xml
<?xml version="1.0"?>
<config>
<modules>
<Icepay_IceAdvanced>
<version>1.1.9</version>
</Icepay_IceAdvanced>
</modules>
<frontend>
<routers>
<iceadvanced>
<use>standard</use>
<args>
<module>Icepay_IceAdvanced</module>
<frontName>icepayadvanced</frontName>
</args>
</iceadvanced>
</routers>
<layout>
<updates>
<iceadvanced>
<file>iceadvanced.xml</file>
</iceadvanced>
</updates>
</layout>
<translate>
<modules>
<Icepay_IceAdvanced>
<files>
<default>Icepay_IceAdvanced.csv</default>
</files>
</Icepay_IceAdvanced>
</modules>
</translate>
<events>
<sales_order_place_before>
<observers>
<iceadvanced>
<type>singleton</type>
<class>iceadvanced/observer</class>
<method>sales_order_place_before</method>
</iceadvanced>
</observers>
</sales_order_place_before>
<custom_quote_process>
<observers>
<iceadvanced>
<type>singleton</type>
<class>iceadvanced/observer</class>
<method>custom_quote_process</method>
</iceadvanced>
</observers>
</custom_quote_process>
</events>
</frontend>
<global>
<models>
<iceadvanced>
<class>Icepay_IceAdvanced_Model</class>
<resourceModel>iceadvanced_mysql4</resourceModel>
</iceadvanced>
<iceadvanced_mysql4>
<class>Icepay_IceAdvanced_Model_Mysql4</class>
<entities>
<icepay_issuerdata>
<table>icepay_issuerdata</table>
</icepay_issuerdata>
<icepay_pmdata>
<table>icepay_pmdata</table>
</icepay_pmdata>
</entities>
</iceadvanced_mysql4>
</models>
<resources>
<icepayadvanced_setup>
<setup>
<module>Icepay_IceAdvanced</module>
</setup>
<connection>
<use>core_setup</use>
</connection>
</icepayadvanced_setup>
<iceadvanced_write>
<connection>
<use>core_write</use>
</connection>
</iceadvanced_write>
<iceadvanced_read>
<connection>
<use>core_read</use>
</connection>
</iceadvanced_read>
</resources>
<blocks>
<iceadvanced>
<class>Icepay_IceAdvanced_Block</class>
</iceadvanced>
</blocks>
<helpers>
<iceadvanced>
<class>Icepay_IceAdvanced_Helper</class>
</iceadvanced>
</helpers>
<events>
<model_save_before>
<observers>
<iceadvanced>
<type>singleton</type>
<class>iceadvanced/observer</class>
<method>model_save_before</method>
</iceadvanced>
</observers>
</model_save_before>
<model_save_after>
<observers>
<iceadvanced>
<type>singleton</type>
<class>iceadvanced/observer</class>
<method>model_save_after</method>
</iceadvanced>
</observers>
</model_save_after>
<sales_order_payment_place_end>
<observers>
<iceadvanced>
<type>singleton</type>
<class>iceadvanced/observer</class>
<method>sales_order_payment_place_end</method>
</iceadvanced>
</observers>
</sales_order_payment_place_end>
</events>
</global>
<adminhtml>
<translate>
<modules>
<Icepay_IceAdvanced>
<files>
<default>Icepay_IceAdvanced.csv</default>
</files>
</Icepay_IceAdvanced>
</modules>
</translate>
<acl>
<resources>
<admin>
<children>
<system>
<children>
<config>
<children>
<iceadvanced translate="title" module="iceadvanced">
<title>iceadvanced Settings</title>
</iceadvanced>
</children>
</config>
</children>
</system>
</children>
</admin>
</resources>
</acl>
</adminhtml>
</config>
Hopefully somebody could explain me what I am doing wrong. Before you blame me on the code, I did not create it in the first place.
Edit: After following BJ Hoffpauir guide; this is the output of the error.log
192.168.137.1 - - [17/Jul/2015:23:03:56 +0000] "POST /index.php/icepayadvanced/ajax/get_paymentmethods/key/21e4f55bb33ad6a323c50140bc5ef585/?isAjax=true HTTP/1.1" 404 16910 "http://192.168.137.124/index.php/admin/system_config/edit/section/icecore/key/e96d9f50648cad8168ebf376470196ad/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36"
