Magento – Access Denied for Custom Module for Specific Role

accessaclpermissionsrole

I've created one role and provide rights for my custom module using System->Permissions->Role. When any user from that role logs into system, gets access denied for my custom module. My config.xml looks this

<acl>
            <resources>
                <all>
                    <title>Allow Everything</title>
                </all>
                <admin>
                    <children>
                        <vendor translate="title" module="vendor">
                            <title>Vendor</title>
                            <sort_order>1000</sort_order>
                            <children>
                                <vendor translate="title">
                                    <title>Manage Vendor</title>
                                    <sort_order>0</sort_order>
                                </vendor>
                            </children>
                        </vendor>
                    </children>
                </admin>
            </resources>
        </acl>

And my adminhtml.xml looks like this

<config>
    <acl>
        <resources>
            <admin>
                <children>
                    <system>
                        <children>
                            <config>
                                <children>
                                    <vendor translate="title" module="vendor">
                                        <title>Vendor Section</title>
                                        <sort_order>300</sort_order>
                                    </vendor>
                                </children>
                            </config>
                        </children>
                    </system>
                </children>
            </admin>
        </resources>
    </acl>
</config>

Best Answer

Problem resolved.

By modifying _isAllowed() function like following

protected function _isAllowed() { return true; }

It's a very bad decision. In you case right way is:

protected function _isAllowed() {
    return Mage::getSingleton('admin/session')->isAllowed('system/vendor');
}

Related Solutions

Can’t Save Role Resource for Custom Module – Magento 1 Solution

The problem here is that your resource has to match the menu name. This is a convention in Magento and if you do not do this, then it will show, but you cannot save the values. This is a problem I faced often before.

Here is a simple example of how it should work:

<?xml version="1.0" ?>
<config>
    <menu>
        <mycustom_menu translate="title" module="YOUR_MODULE_NAME">
            <title>My Menu</title>
            <sort_order>100</sort_order>
            <children>
                <!-- children -->
                <subitem translate="title" module="YOUR_MODULE_NAME">
                    <title>Subitem</title>
                    <sort_order>10</sort_order>
                    <action>adminhtml/mycustom_controller/</action>
                </subitem>
            </children>
        </mycustom_menu>
    </menu>
    <acl>
        <resources>
            <admin>
                <children>
                    <mycustom_menu translate="title" module="YOUR_MODULE_NAME">
                        <title>My Menu</title>
                        <sort_order>300</sort_order>
                        <children>
                            <!-- children -->
                            <subitem translate="title" module="YOUR_MODULE_NAME">
                                <title>Subitem</title>
                                <sort_order>10</sort_order>
                            </subitem>
                        </children>
                    </mycustom_menu>
                </children>
            </admin>
        </resources>
    </acl>
</config>

EDIT: Also have a look here for a great tutorial of system configuration and ACL http://alanstorm.com/custom_magento_system_configuration

Magento 1 – Custom Module Access Denied (ACL Problem)

I have a hunch you have in your admin controller a method called _isAllowed.
If that's true, I think it returns the wrong thing.
It should look like this:

protected function _isAllowed()
{
    return Mage::getSingleton('admin/session')->isAllowed('erp/stock_management/firtal_deadstock');  
    //or at least
    //return Mage::getSingleton('admin/session')->isAllowed('erp/stock_management');  

}

Best Answer

Related Solutions

Can’t Save Role Resource for Custom Module – Magento 1 Solution

Magento 1 – Custom Module Access Denied (ACL Problem)

Related Topic