Issue
I have a module that allows users to login as the customer (Spadar_Login). This modules uses user permissions. It works for admin roles and it prevents access to roles without permission. The issue is roles that are given permission do not work. It receives "Access denied" as though it did not have permission.
Troubleshooting
Cache has been cleared and disabled, compilation disabled, logged out and in.
The message is displayed on the admin side, for an admin route calling an admin controller. I removed any isAllowed()
check in controllers. The controller being called has had all code removed and the issue still occurs, which tells me the access is denied before it reaches the controller. I tried removing the acl
tag in the config.xml but the issue still persists. I have triple checked the the user is in the right role, and that the role has permission to the user.
Code
Here is the acl
in the etc/config.xml
<acl>
<resources>
<admin>
<children>
<customer>
<children>
<login>
<title>Login as Customer</title>
</login>
</children>
</customer>
</children>
</admin>
</resources>
</acl>
Here is the route
<admin>
<routers>
<spadarloginadmin>
<use>admin</use>
<args>
<module>Spadar_Login_Adminhtml</module>
<frontName>spadarloginadmin</frontName>
</args>
</spadarloginadmin>
</routers>
</admin>
What is causing this user role not to be able to access this controller?
Best Answer
Complete credits for @fschmengler for this link
add this method in admin controllers:
if you have an ACL resource defined in
etc/adminhtml.xml
, than