ssossossosso

Forums

Covering OroCRM topics, including community updates and company announcements.  Subscribe

Forums OroCRM OroCRM – Installation/Technical Issues or Problems Custom menu – hide for roles

This topic contains 7 replies, has 2 voices, and was last updated by  Viacheslav Bemza 6 months, 2 weeks ago.

  • Creator
    Topic
  • #56766

    Hello !

    I made a custom menu in my Bundle, but he’s now visible for all the users.
    I restricted access to the concerned routes inside “security.yml” and ACCESS_CONTROL rules but the menu and submenu are still displayed in the application_menu.

    How can I display my custom menu only for ROLE_ADMIN ?
    Thanks for your help :)

Viewing 7 replies - 1 through 7 (of 7 total)
  • Author
    Replies
  • #56767

    Viacheslav Bemza
    Moderator

    Hello, antoinedeferre!

    You need to use ACL for control user’s permissions instead of access_control in security.yml. You can use acl_resource_id key to specify acl resource that will be used to checking permissions. Please, take a look at this article https://github.com/oroinc/platform/blob/2.5/src/Oro/Bundle/NavigationBundle/README.md#menu-declaration-in-yaml
    And do not forget to set needed permissions for you ACL resource for admin role.

    Also, I suggest to read this articles to learn more about ACL and creating own menu
    How to Protect Entities Using ACLs
    How to Create and Customize the Application Menu

    #56769

    Hi Viacheslav,

    I add the @Config annotation inside my entity :

    .. but now I get a 500 error and nothing to help in the /app/logs/ folder ! (caches were cleared)
    By the way, I don’t understand why I should protect an Entity instead of an action into my controller ?
    My navigation.yml doesn’t refer to entities but refers to route.

    #56771

    Viacheslav Bemza
    Moderator

    By the way, I don’t understand why I should protect an Entity instead of an action into my controller?

    In article How to Protect Entities Using ACLs above please find section that names “Security Actions that Are not Related to an Entity”

    Entity – it is just a type of ACL resource. Also you can read more about ACL implementation here https://github.com/oroinc/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/implementation.md

    but now I get a 500 error

    Can you provide a stack trace? I suggest to use dev mode for development (using app_dev.php as index file instead app.php, you can find more about dev mode in symfony official documentation)

    #56772

    Thanks again for your help, I’m a little bit lost with OroCRM.
    So, below is what I did :

    -> Add the ACL annotations above the admin_telechargementAction() :

    -> Edit my navigation.yml and add aclResourceId on the item to hide :

    .. and that’s all. There is no error but no changes at all.. I still can’t figure out how to configure the menu item “pim_ipad_tab” to be visible for ROLE_ADMIN only .. on your tutorial there is a section with security.authorization_checker instance, do I have to use it ? If Yes, do I have to do :

    ?

    Many thanks for your help man :) !

    #56774

    Viacheslav Bemza
    Moderator

    Oh, I got it. If you have certain action with configured ACL – forget about ‘aclResourceId’.

    What you should do:
    1) Leave your changes in Controller without changes. It looks fine.
    2) navigation.yml:

    And do not forget to add your navigation item to tree.
    3) Clear caches and run oro:platform:update –force command. (It is a common command that run all necessary updates)
    4) Go to System -> User Management -> Roles. Go to edit Administrator role. Try to find checkbox with ‘ipad_admin_telechargement_task’ label (or add another label in your definition in Controller). It is a permission for your action, it should be checked by default. If you want to turn off – do it for each roles.
    Or you can set role permissions using *.yml file format (but it will be used only during fresh install). Please, use this as an example roles.yml

    I hope it would be helpful for you :)

    #56776

    Hi !

    I don’t have the “oro:platform:update” command, here an extract from my console if I try to execute it :

    EDIT : I found a temporary solution : using an existing aclResourceId. By the way this fix doesn’t allow any update through System -> User Management -> Roles but let me hide the “pim_ipad_tab” menu item to all no admin users.

    #56777

    Viacheslav Bemza
    Moderator

    I don’t have the “oro:platform:update” command

    It’s strange. https://github.com/oroinc/platform/blob/master/src/Oro/Bundle/InstallerBundle/Command/PlatformUpdateCommand.php#L22

    This command is not necessary, you can just clear caches.

Viewing 7 replies - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

You will be redirected to [title]. Would you like to continue?

Yes No
ssossossosso