When I create a backend user who isn't full admin and has some ACL restrictions (not necessarily on this blog module, can be anywhere apparently), then that user cannot view the blog posts listing grid (gets Access Denied).
In the ancestor (\Magento\Backend\App\AbstractAction) that field is used in _isAllowed() to check the ACL, but there it is called with self::ADMIN_RESOURCE which will always be Magento_Backend::admin, your child class cannot override that if I understand it correctly (it would be possible if the abstract class used static::ADMIN_RESOURCE instead.
So you need to delete your constant and instead properly override the _isAllowed() method like you do in other controllers.
When I create a backend user who isn't full admin and has some ACL restrictions (not necessarily on this blog module, can be anywhere apparently), then that user cannot view the blog posts listing grid (gets Access Denied).
This is because in class https://github.com/ashsmith/magento2-blog-module-tutorial/blob/master/Controller/Adminhtml/Post/Index.php the const field
ADMIN_RESOURCE
doesn't have the effect that you think it does.In the ancestor (
\Magento\Backend\App\AbstractAction
) that field is used in_isAllowed()
to check the ACL, but there it is called withself::ADMIN_RESOURCE
which will always beMagento_Backend::admin
, your child class cannot override that if I understand it correctly (it would be possible if the abstract class usedstatic::ADMIN_RESOURCE
instead.So you need to delete your constant and instead properly override the
_isAllowed()
method like you do in other controllers.