/** * Load roles * * @param Mage_Admin_Model_Acl $acl * @param array $rolesArr * @return Mage_Admin_Model_Resource_Acl */ public function loadRoles(Mage_Admin_Model_Acl $acl, array $rolesArr) { foreach ($rolesArr as $role) { $parent = $role['parent_id'] > 0 ? Mage_Admin_Model_Acl::ROLE_TYPE_GROUP . $role['parent_id'] : null; switch ($role['role_type']) { case Mage_Admin_Model_Acl::ROLE_TYPE_GROUP: $roleId = $role['role_type'] . $role['role_id']; $acl->addRole(Mage::getModel('admin/acl_role_group', $roleId), $parent); break; case Mage_Admin_Model_Acl::ROLE_TYPE_USER: $roleId = $role['role_type'] . $role['user_id']; if (!$acl->hasRole($roleId)) { $acl->addRole(Mage::getModel('admin/acl_role_user', $roleId), $parent); } else { $acl->addRoleParent($roleId, $parent); } break; } } return $this; }
/** * Loads role rules into ACL for admin user * * @param Mage_Admin_Model_User $user * @param Mage_Admin_Model_Acl $acl * @param array $allowedResources * * @return $this */ public function loadRules(Mage_Admin_Model_User $user, Mage_Admin_Model_Acl $acl, array $allowedResources = array()) { $userRole = Mage::getModel('admin/acl_role_user', Mage_Admin_Model_Acl::ROLE_TYPE_USER . $user->getId()); $acl->addRole($userRole); if (empty($allowedResources)) { $acl->allow($userRole); $acl->allow($userRole, $acl->getResources()); return $this; } $aclResources = $acl->getResources(); $allow = array(); foreach ($allowedResources as $resource) { $childResources = array_filter($aclResources, function ($entry) use($resource) { return strpos($entry, 'admin/' . $resource) === 0; }); $allow = array_merge($allow, $childResources); } $deny = array(); foreach ($aclResources as $resource) { if (!in_array($resource, $allow)) { $deny[] = $resource; } } $acl->allow($userRole, $allow); $acl->deny($userRole, $deny); return $this; }