Forums › Forums › OroCRM › OroCRM – Installation/Technical Issues or Problems › Custom menu – hide for roles
This topic contains 7 replies, has 2 voices, and was last updated by 
Viacheslav Bemza 6 years, 3 months ago.
Starting from March 1, 2020 the forum has been switched to the read-only mode. Please head to StackOverflow for support.
- CreatorTopic
- December 22, 2017 at 7:18 am #27855
Hello !
I made a custom menu in my Bundle, but he’s now visible for all the users.
I restricted access to the concerned routes inside “security.yml” and ACCESS_CONTROL rules but the menu and submenu are still displayed in the application_menu.How can I display my custom menu only for ROLE_ADMIN ?
Thanks for your help :) - CreatorTopic
- AuthorReplies
- December 28, 2017 at 7:40 am #27856
Hello, antoinedeferre!
You need to use ACL for control user’s permissions instead of access_control in security.yml. You can use acl_resource_id key to specify acl resource that will be used to checking permissions. Please, take a look at this article https://github.com/oroinc/platform/blob/2.5/src/Oro/Bundle/NavigationBundle/README.md#menu-declaration-in-yaml
And do not forget to set needed permissions for you ACL resource for admin role.Also, I suggest to read this articles to learn more about ACL and creating own menu
How to Protect Entities Using ACLs
How to Create and Customize the Application MenuDecember 29, 2017 at 5:55 am #27857Hi Viacheslav,
I add the @Config annotation inside my entity :
PHP123456789101112131415161718use Doctrine\ORM\Mapping as ORM;use Doctrine\ORM\Mapping\ManyToOne as ManyToOne;use Oro\Bundle\EntityConfigBundle\Metadata\Annotation\Config as Config;/*** @ORM\Entity* @ORM\Table(name="ipad_telechargements")* @Config(* defaultValues={* "security"={* "type"="acl",* "group_name"=""* }* }* )*/class Telechargement{.. but now I get a 500 error and nothing to help in the /app/logs/ folder ! (caches were cleared)
By the way, I don’t understand why I should protect an Entity instead of an action into my controller ?
My navigation.yml doesn’t refer to entities but refers to route.December 29, 2017 at 6:10 am #27858By the way, I don’t understand why I should protect an Entity instead of an action into my controller?
In article How to Protect Entities Using ACLs above please find section that names “Security Actions that Are not Related to an Entity”
Entity – it is just a type of ACL resource. Also you can read more about ACL implementation here https://github.com/oroinc/platform/blob/master/src/Oro/Bundle/SecurityBundle/Resources/doc/implementation.md
but now I get a 500 error
Can you provide a stack trace? I suggest to use dev mode for development (using app_dev.php as index file instead app.php, you can find more about dev mode in symfony official documentation)
December 29, 2017 at 8:24 am #27859Thanks again for your help, I’m a little bit lost with OroCRM.
So, below is what I did :-> Add the ACL annotations above the admin_telechargementAction() :
PHP1234567891011/*** @Route("/admin_telechargement/", name="ipad_admin_telechargement")* @Template("IpadUpdaterBundle::admin_telechargement.html.twig")* @Acl(* id="ipad_admin_telechargement_task",* type="action"* )*/public function admin_telechargementAction(Request $request){-> Edit my navigation.yml and add aclResourceId on the item to hide :
YAML12345oro_menu_config:items:pim_ipad_tab:label: IPADaclResourceId: ipad_admin_telechargement_task.. and that’s all. There is no error but no changes at all.. I still can’t figure out how to configure the menu item “pim_ipad_tab” to be visible for ROLE_ADMIN only .. on your tutorial there is a section with security.authorization_checker instance, do I have to use it ? If Yes, do I have to do :
PHP123456789101112$authorizationChecker = $this->get('security.authorization_checker');if ($authorizationChecker->isGranted('ipad_admin_telechargement_task')) {public function admin_telechargementAction(Request $request){// code inside my action}}?
Many thanks for your help man :) !
December 29, 2017 at 9:08 am #27860Oh, I got it. If you have certain action with configured ACL – forget about ‘aclResourceId’.
What you should do:
1) Leave your changes in Controller without changes. It looks fine.
2) navigation.yml:YAML12345oro_menu_config:items:pim_ipad_tab:label: IPADroute: ipad_admin_telechargementAnd do not forget to add your navigation item to tree.
3) Clear caches and run oro:platform:update –force command. (It is a common command that run all necessary updates)
4) Go to System -> User Management -> Roles. Go to edit Administrator role. Try to find checkbox with ‘ipad_admin_telechargement_task’ label (or add another label in your definition in Controller). It is a permission for your action, it should be checked by default. If you want to turn off – do it for each roles.
Or you can set role permissions using *.yml file format (but it will be used only during fresh install). Please, use this as an example roles.ymlI hope it would be helpful for you :)
January 2, 2018 at 2:13 am #27861Hi !
I don’t have the “oro:platform:update” command, here an extract from my console if I try to execute it :
MS DOS123456789101112> php ../app/console oro:platform:update –force[InvalidArgumentException]There are no commands defined in the "oro:platform" namespace.Did you mean one of these?oro:requirejsoro:translationoro:wsseoro:navigationoro:asseticoroorm:convertormEDIT : I found a temporary solution : using an existing aclResourceId. By the way this fix doesn’t allow any update through System -> User Management -> Roles but let me hide the “pim_ipad_tab” menu item to all no admin users.
January 2, 2018 at 2:27 am #27862I don’t have the “oro:platform:update” command
It’s strange. https://github.com/oroinc/platform/blob/master/src/Oro/Bundle/InstallerBundle/Command/PlatformUpdateCommand.php#L22
This command is not necessary, you can just clear caches.
- AuthorReplies
The forum ‘OroCRM – Installation/Technical Issues or Problems’ is closed to new topics and replies.