/** * Populate ACL with roles from external storage. * * @param Magento_Acl $acl */ public function populateAcl(Magento_Acl $acl) { $roleList = $this->_roleResource->getRolesIds(); foreach ($roleList as $roleId) { /** @var $aclRole Mage_Webapi_Model_Authorization_Role */ $aclRole = $this->_roleFactory->createRole(array($roleId)); $acl->addRole($aclRole); //Deny all privileges to Role. Some of them could be allowed later by whitelist $acl->deny($aclRole); } }
/** * Populate ACL with rules from external storage * * @param Magento_Acl $acl */ public function populateAcl(Magento_Acl $acl) { $ruleTable = $this->_resource->getTableName("admin_rule"); $adapter = $this->_resource->getConnection('read'); $select = $adapter->select()->from(array('r' => $ruleTable)); $rulesArr = $adapter->fetchAll($select); foreach ($rulesArr as $rule) { $role = $rule['role_type'] . $rule['role_id']; $resource = $rule['resource_id']; $privileges = !empty($rule['privileges']) ? explode(',', $rule['privileges']) : null; if ($rule['permission'] == 'allow') { if ($resource === Mage_Backend_Model_Acl_Config::ACL_RESOURCE_ALL) { $acl->allow($role, null, $privileges); } $acl->allow($role, $resource, $privileges); } else { if ($rule['permission'] == 'deny') { $acl->deny($role, $resource, $privileges); } } } }
/** * Deny each resource for all roles. * * @param Magento_Acl $acl */ protected function _denyResources(Magento_Acl $acl) { foreach ($acl->getResources() as $aclResource) { $acl->deny(null, $aclResource); } }