search

oroinc / magento-orocrm-bridge

Magento extension, extends SOAP API for OroCRM integration.
http://www.magentocommerce.com/magento-connect/orocrm-bridge.html
16 stars 8 forks source link

Admin Controller _isAllowed method is missing #7

Open zolthan opened 8 years ago

zolthan commented 8 years ago

Since one of the last updates of Magento every admin controller needs an _isAllowed method to check the ACL. Neither these methods nor an ACL definition is contained in the module. So no user without full admin privileges is able to create an order from OroCRM.

For gateway controller

   protected function _isAllowed()
    {
        return Mage::getSingleton('admin/session')->isAllowed('oro/gateway');
    }

And sales controller

   protected function _isAllowed()
    {
        return Mage::getSingleton('admin/session')->isAllowed('oro/sales');
    }

And the corresponding entries in the adminhtml.xml

<?xml version="1.0" encoding="UTF-8"?>
<config>
    <acl>
        <resources>
            <admin>
                <children>
                    <system>
                        <children>
                            <config>
                                <children>
                                    <oro translate="title" module="oro_api">
                                        <title>Oro Section</title>
                                        <sort_order>50</sort_order>
                                    </oro>
                                </children>
                            </config>
                        </children>
                    </system>
                    <oro translate="title" module="oro_api">
                        <title>Oro Bridge</title>
                        <children>
                            <gateway translate="title" module="oro_api">
                                <title>Gateway</title>
                                <sort_order>10</sort_order>
                            </gateway>
                            <sales translate="title" module="oro_api">
                                <title>Sales</title>
                                <sort_order>20</sort_order>
                            </sales>
                        </children>
                    </oro>
                </children>
            </admin>
        </resources>
    </acl>
</config>

I hope the fix will be implemented soon.

Best, Sebastian

mkudelya commented 8 years ago

Hi @zolthan

Thanks you for your suggestion to fix. Bug has been created.

vbyndych commented 7 years ago

Internal ID: CRM-8510