Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Improved controller action class handling menus acl's for Magento stores with SUPEE-6285 applied
<?php
class Mage_Adminhtml_Controller_Action_Acl extends Mage_Adminhtml_Controller_Action
{
/**
* If an action is not found in the menu node the mapping can be manually set in this array.
* It currently accepts 3 types of values, the key is always the action to be executed:
* 1 - true - allow everyone to perform the action
* 2 - existing "action name" with menu & acl entries
* 3 - existing acl resource, using the following template:
* "resource:<resource name>"
*
* @var array
*/
protected $_actionAclEquivalences = array();
/**
* @return bool
*/
protected function _isAllowed()
{
if ($resource = $this->_getAclResource($this->getFullActionName('/'))) {
return Mage::getSingleton('admin/session')->isAllowed($resource);
}
$action = $this->getRequest()->getActionName();
if (is_array($this->_actionAclEquivalences) && count($this->_actionAclEquivalences) && isset($this->_actionAclEquivalences[$action])) {
if (true === $this->_actionAclEquivalences[$action]) {
return true;
} elseif (0 === strpos($this->_actionAclEquivalences[$action], 'resource:')) {
$resource = str_replace('resource:', '', $this->_actionAclEquivalences[$action]);
return Mage::getSingleton('admin/session')->isAllowed($resource);
}
$fullAction = preg_replace("/\/{$action}$/", '/' . $this->_actionAclEquivalences[$action], $this->getFullActionName('/'));
if ($resource = $this->_getAclResource($fullAction)) {
return Mage::getSingleton('admin/session')->isAllowed($resource);
}
}
return parent::_isAllowed();
}
/**
* Get acl resource identifier based on the current request
*
* @param string $currentAction
* @return bool|string
*/
protected function _getAclResource($currentAction)
{
/** @var Varien_Simplexml_Element $menu */
$menu = Mage::getSingleton('admin/config')->getAdminhtmlConfig()->getNode('menu');
//get all action nodes and match them with the current request
$actions = $menu->xpath('//action');
foreach ($actions as $action) {
/** @var Varien_Simplexml_Element $action */
if ($currentAction == (string)$action) {
$resource = array();
try {
while($action = $action->getParent()) {
array_unshift($resource, $action->getName());
}
} catch (Exception $e) {}
if (count($resource) && 'config' == $resource[0]) {
array_shift($resource);
for($k = 0, $n = count($resource); $k < $n; $k++) {
if ($k % 2 == 0) {
unset($resource[$k]);
}
}
}
return count($resource) ? implode('/', $resource) : false;
}
}
return false;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.