How to give custom acces permissions for admin users(roles) to an extension magento

Question

I have created a admin user in magento and give certain access permissions, and i have an extension called support ticket, i gave user role access to this extension, when i logged in that particular user i am getting an error called access denied for that support ticket extension, when i login as admin it is working fine, and when i changed user role permission from custom to all, every thing is working as expected, but i need to give only this particular access permission,what can i do ?

adminhtml.xml

<?xml version="1.0"?>
<config>
    <acl>
        <resources>
            <admin>
                <children>
                    <system>
                        <children>
                            <config>
                                <children>
                                    <support_ticket_ultimate translate="title" module="supportticket">
                                        <title>Support Ticket Ultimate Section</title>
                                        <sort_order>0</sort_order>
                                    </support_ticket_ultimate>
                                </children>
                            </config>
                        </children>
                    </system>
                </children>
            </admin>
        </resources>
    </acl>
</config>

score 9 · Accepted Answer · edited Apr 13 '17 at 12:54

I want to explain a bit what @Sander Mangel said in his answer:

make sure the Adminhtml controller of the module has a _isAllowed method

Look for files like this:

/app/code/community/your/module/controllers/Adminhtml/SomeController.php

and make sure there's a method that looks like this inside every admin controller:

protected function _isAllowed()
{
    return Mage::getSingleton('admin/session')->isAllowed('your_module/resource_you_need');
}

A recent security patch makes it so that controllers without the _isAllowed method do not work. That answer also says that this works if the module has implemented ACL in etc/adminhtml.xml and since you say you added the appropiate permission to the user role, it sounds like yours does. In case it doesn't, just return true; from the method, but this allows access to any admin user.

score 5 · Answer 2 · answered Aug 25 '15 at 12:52

5

There are a couple of thinks you can check

make sure the Adminhtml controller of the module has a _isAllowed method
check if the path in the _isAllowed method matches you ACL in the adminhtml.xml file
make sure the cache is cleared after creating the role

answered Aug 25 '15 at 12:52

Sander Mangel

37,528
5
80
148

I have checked in the code but i couldn't identify this, below shows the extension i have used http://www.magentocommerce.com/magento-connect/support-ticket-2.html?utm_campaign=bazaarvoice&utm_medium=SearchVoice&utm_source=AskAndAnswer&utm_content=Default for support ticket, can you help me on this? – Naveenbos Aug 25 '15 at 13:37
I would advice you to contact the module developer for support. They will know what to do – Sander Mangel Aug 25 '15 at 13:43
Already done that, but no response from them, i am checking from my side is there any fixes possible or not with this extension, but frankly i am new to this magento admin Acl – Naveenbos Aug 25 '15 at 13:54
check if the module code has xml part related to ACL. – Oscprofessionals Aug 25 '15 at 16:46

score 2 · Answer 3 · answered Aug 26 '15 at 06:09

2

The only solution is to patch the extensions and add this method to all their admin controllers:

protected function _isAllowed()
{
    return true;
}

answered Aug 26 '15 at 06:09

Naveenbos

1,226
2
17
30

How to give custom acces permissions for admin users(roles) to an extension magento

3 Answers3