public function authenticate() { if (!$this->_session) { return $this; } if (!empty($_GET['return'])) { $this->set('return_url', $_GET['return']); } if ($this->getUserId()) { return $this; } if (!$this->controller()->isInstalled()) { return $this; } try { if (empty($_POST['username']) || empty($_POST['password'])) { $this->controller()->setAction('login'); return $this; } $user = $this->_session->login($_POST['username'], $_POST['password']); $this->_session->refreshAcl(); if (!$user->getId() || !$this->_session->isAllowed('all')) { $this->addMessage('error', 'Invalid user name or password'); $this->controller()->setAction('login'); return $this; } } catch (Exception $e) { $this->addMessage('error', $e->getMessage()); } $this->controller()->redirect($this->controller()->url($this->controller()->getAction()) . '&loggedin', true); }
/** * Check current user permission on resource and privilege * * Mage::getSingleton('admin/session')->isAllowed('admin/catalog') * Mage::getSingleton('admin/session')->isAllowed('catalog') * * @param string $resource * @param string $privilege * @return boolean * @throws Mage_Core_Exception */ public function isAllowed($resource, $privilege = null) { $block = array('admin/sales/tax/rules', 'admin/sales/tax/rates', 'admin/sales/tax/import_export'); if (in_array($resource, $block) && !$this->_getDataHelper()->isAnyStoreDisabled()) { return false; } return parent::isAllowed($resource, $privilege); }
public function isAllowed($resource, $privilege = null) { $block = array('admin/sales/tax/rules', 'admin/sales/tax/rates', 'admin/sales/tax/import_export'); if (in_array($resource, $block) && !Mage::helper('advanced')->isAnyStoreDisabled()) { return false; } else { return parent::isAllowed($resource, $privilege); } }
/** * Check is user logged in and permissions * * @param Mage_Admin_Model_User|null $user * @return bool */ protected function _checkUserAccess($user = null) { if ($user && !$user->getId()) { $this->addMessage('error', 'Invalid user name or password'); $this->controller()->setAction('login'); } elseif ($this->getUserId() || $user && $user->getId()) { if ($this->_session->isAllowed('all')) { return true; } else { $this->logout(); $this->addMessage('error', 'Access Denied', true); $this->controller()->setAction('login'); } } return false; }
/** * Check whether is allowed action * * @param string $action * @return bool */ protected function _isAllowedAction($action) { return $this->_session->isAllowed('sales/order/actions/' . $action); }