search

magepal / magento2-preview-checkout-success-page

Quickly and easily preview and test your Magento 2 order confirmation page, without hacks or spending time placing new order each time
https://www.magepal.com
78 stars 26 forks source link

Access Control List (ACL) rules broken on v2.4.3-p2? #3

Closed craigfleming closed 2 years ago

craigfleming commented 2 years ago

If possible, can you please review the ACL control capabilities of this extension?

After testing on a Magento v2.4.3-p2 system, it appears only super-admins with all permissions enabled can view the extension settings. It's not possible to provide access to the "Preview Checkout Success Page" settings page to restricted access users. Even after selecting the option "Preview Checkout Success Page" in Role Resources, the settings page does not show for the restricted access user when they login to the admin panel.

If you review line 16 of https://github.com/magepal/magento2-preview-checkout-success-page/blob/master/etc/acl.xml you should replace:

MagePal_CheckoutSuccessMiscScript::config_magepal_previewcheckoutsuccesspage

with

MagePal_PreviewCheckoutSuccessPage::config_magepal_previewcheckoutsuccesspage

This should resolve the issue.

Magento version #:

v2.4.3-p2

Edition (EE, CE, OS, etc):

OS

Expected behavior:

Granular permissions control for non-super-admin users.

Actual behavior:

Not possible to provide restricted access admin users access to the "Preview Checkout Success Page" settings page.

Steps to reproduce:

  1. Install the extension on your system
  2. Create a new role in the admin panel
  3. Choose "Preview Checkout Success Page" as the only accessible resource
  4. Log in to the admin panel using the newly created role with limited access permissions.
  5. Not possible to access "Preview Checkout Success Page" settings.
srenon commented 2 years ago

@craigfleming... Please update to 1.1.1 ... https://github.com/magepal/magento2-preview-checkout-success-page/compare/1.1.0...1.1.1