/** * Check if admin is logged in and authorized to access resource by specified ACL path * * If not authenticated, will try to do it using credentials from HTTP-request * * @param Mage_Core_Controller_Front_Action $controller * @param string $aclResource * @return bool */ public static function authenticateAndAuthorizeAdmin(Mage_Core_Controller_Front_Action $controller, $aclResource) { /** @var $auth Mage_Backend_Model_Auth */ $auth = Mage::getModel('Mage_Backend_Model_Auth'); $session = $auth->getAuthStorage(); // try to login using HTTP-authentication if (!$session->isLoggedIn()) { list($login, $password) = Mage::helper('Mage_Core_Helper_Http')->getHttpAuthCredentials($controller->getRequest()); try { $auth->login($login, $password); } catch (Mage_Backend_Model_Auth_Exception $e) { Mage::logException($e); } } // verify if logged in and authorized if (!$session->isLoggedIn() || !Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed($aclResource)) { Mage::helper('Mage_Core_Helper_Http')->failHttpAuthentication($controller->getResponse(), 'RSS Feeds'); $controller->setFlag('', self::FLAG_NO_DISPATCH, true); return false; } return true; }