/Mage_Adminhtml_Controller_Action_Acl.php
Last active Nov 9, 2015
Improved controller action class handling menus acl's for Magento stores with SUPEE-6285 applied
| <?php | |
| class Mage_Adminhtml_Controller_Action_Acl extends Mage_Adminhtml_Controller_Action | |
| { | |
| /** | |
| * If an action is not found in the menu node the mapping can be manually set in this array. | |
| * It currently accepts 3 types of values, the key is always the action to be executed: | |
| * 1 - true - allow everyone to perform the action | |
| * 2 - existing "action name" with menu & acl entries | |
| * 3 - existing acl resource, using the following template: | |
| * "resource:<resource name>" | |
| * | |
| * @var array | |
| */ | |
| protected $_actionAclEquivalences = array(); | |
| /** | |
| * @return bool | |
| */ | |
| protected function _isAllowed() | |
| { | |
| if ($resource = $this->_getAclResource($this->getFullActionName('/'))) { | |
| return Mage::getSingleton('admin/session')->isAllowed($resource); | |
| } | |
| $action = $this->getRequest()->getActionName(); | |
| if (is_array($this->_actionAclEquivalences) && count($this->_actionAclEquivalences) && isset($this->_actionAclEquivalences[$action])) { | |
| if (true === $this->_actionAclEquivalences[$action]) { | |
| return true; | |
| } elseif (0 === strpos($this->_actionAclEquivalences[$action], 'resource:')) { | |
| $resource = str_replace('resource:', '', $this->_actionAclEquivalences[$action]); | |
| return Mage::getSingleton('admin/session')->isAllowed($resource); | |
| } | |
| $fullAction = preg_replace("/\/{$action}$/", '/' . $this->_actionAclEquivalences[$action], $this->getFullActionName('/')); | |
| if ($resource = $this->_getAclResource($fullAction)) { | |
| return Mage::getSingleton('admin/session')->isAllowed($resource); | |
| } | |
| } | |
| return parent::_isAllowed(); | |
| } | |
| /** | |
| * Get acl resource identifier based on the current request | |
| * | |
| * @param string $currentAction | |
| * @return bool|string | |
| */ | |
| protected function _getAclResource($currentAction) | |
| { | |
| /** @var Varien_Simplexml_Element $menu */ | |
| $menu = Mage::getSingleton('admin/config')->getAdminhtmlConfig()->getNode('menu'); | |
| //get all action nodes and match them with the current request | |
| $actions = $menu->xpath('//action'); | |
| foreach ($actions as $action) { | |
| /** @var Varien_Simplexml_Element $action */ | |
| if ($currentAction == (string)$action) { | |
| $resource = array(); | |
| try { | |
| while($action = $action->getParent()) { | |
| array_unshift($resource, $action->getName()); | |
| } | |
| } catch (Exception $e) {} | |
| if (count($resource) && 'config' == $resource[0]) { | |
| array_shift($resource); | |
| for($k = 0, $n = count($resource); $k < $n; $k++) { | |
| if ($k % 2 == 0) { | |
| unset($resource[$k]); | |
| } | |
| } | |
| } | |
| return count($resource) ? implode('/', $resource) : false; | |
| } | |
| } | |
| return false; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment