Magento admin backend Read Only Access Role

Share

Read Only Access magento admin backend admin users might come handy if you don’t want your employees to mess around with your website content.

Here is how to setup Read Only Access users:

  • create backend permission role with the name ReadOnlyAccess
  • create backend user and assign ReadOnlyAccess role to it
  • overwrite Mage_Adminhtml_Controller_Action class preDispatch function to filter denied actions:
    cp app/code/core/Mage/Adminhtml/Controller/Action.php \
    app/code/local/Mage/Adminhtml/Controller/Action.php

    187 $_acl_user = Mage::getSingleton('admin/session')
    ->getUser();
    188 if($_acl_user && $_acl_user->getId())
    189 $_acl_role_id =
    Mage::getSingleton('admin/session')
    ->getUser()
    ->getRoles();
    190 else
    191 $_acl_role_id = 0;
    192 if($_acl_role_id > 0)
    193 $_acl_role = Mage::getModel('admin/roles')
    ->load($_acl_role_id)->getRoleName();
    194 else
    195 $_acl_role = 'None';
    196 if ($this->getRequest()->isDispatched()
    197         && $this->getRequest()->getActionName()
    !== 'denied'
    198     && (!$this->_isAllowed() ||
    ($_acl_role == 'ReadOnlyAccess'
    && preg_match('/(add|reset|generate|save|update|delete)/'
    ,$this->getRequest()->getActionName())))    ) {
    199 $this->_forward('denied');
    200 $this->setFlag('', self::FLAG_NO_DISPATCH, true);
    201 return $this;
    202  }
  • clear your magento cache and enjoy
    rm -rf var/cache/*

Comments are closed.