/**
* Check if admin is logged in and authorized to access resource by specified ACL path
*
* If not authenticated, will try to do it using credentials from HTTP-request
*
* @param Mage_Core_Controller_Front_Action $controller
* @param string $aclResource
* @return bool
*/
public static function authenticateAndAuthorizeAdmin(Mage_Core_Controller_Front_Action $controller, $aclResource)
{
/** @var $auth Mage_Backend_Model_Auth */
$auth = Mage::getModel('Mage_Backend_Model_Auth');
$session = $auth->getAuthStorage();
// try to login using HTTP-authentication
if (!$session->isLoggedIn()) {
list($login, $password) = Mage::helper('Mage_Core_Helper_Http')->getHttpAuthCredentials($controller->getRequest());
try {
$auth->login($login, $password);
} catch (Mage_Backend_Model_Auth_Exception $e) {
Mage::logException($e);
}
}
// verify if logged in and authorized
if (!$session->isLoggedIn() || !Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed($aclResource)) {
Mage::helper('Mage_Core_Helper_Http')->failHttpAuthentication($controller->getResponse(), 'RSS Feeds');
$controller->setFlag('', self::FLAG_NO_DISPATCH, true);
return false;
}
return true;
}
