I have a module with a list of pages that it accesses via AJAX for different tasks
/spower
/spower-geometry
...
. I'm trying to create a single permission that will allow the anonymous user to access everything. If I'm logged in as administrator, everything works the way it's supposed to. However, the anonymous user gets a 403 error. Do I need a different permission hook for each path? This is what I have so far:
function spower_permission() {
return array(
'access intro page' => array(
'title' => t('Access Intro page'),
'description' => t('Allow anonymous users to access spower intro page'),
),
'access SparkerPower app' => array(
'title' => t('Access full page'),
'description' => t('Allow users to access full spower app'),
),
);
}
function spower_menu() {
$items = array();
$items['spower'] = array(
'title' => t('SparkerPOWER'),
'page callback' => 'spower_form',
'access arguments' => array('access SparkerPower app'),
'description' => t('form for SparkerPOWER. Enter your house information, and learn how solar panels can help you.'),
'type' => MENU_CALLBACK,
);
$items['spower_geometry/%'] = array( //send data from Jquery (map areas)
'title' => 'Ajax callback',
'description' => 'Callback for jQuery area AJAX request.',
'page callback' => 'spower_geometry_callback',
'page arguments' => array(1),
'access arguments' => array('access spower geometry'),
'access callback' => 'user_access',
'type' => MENU_CALLBACK,
);
Thanks for the help!
No, you don't need a different hook for each path defined in your HOOK_MENU. Your code is correct by using the access arguments. You don't need to specify the access callback in your second menu item.
Did you also updated the permissions in backend so the anonymous users can access your defined menu paths ? It is under admin/people/permissions.
I tried changing access arguments to TRUE, which didn't work. I then changed access arguments to array('access SparkerPower app'), the one I had defined earlier. That worked, and I was able to access all the url paths I needed to with the anonymous user.
Related
In my CakePHP application, I have applied Url validations so that admin can access only those actions which are defined for admin and same as with users.
In my application, "surveylist" is the action of admin and when any user directly access that action(surveylist), URL validations work(Unauthorized access msg is displayed).
But below that message ctp file of surveylist executes forcefully and show errors because I have validated URL through the try-catch block and it cannot get the set variables of action.
I want that ctp file should not execute if unauthorize error comes.
My code for surveylist is:-
public function surveylist($pg=null){
try{
if($this->checkPageAccess($this->params['controller'] . '/' . $this->params['action'])){
$this->Paginator->settings = array(
'Survey' => array(
'limit' => 5,
'order' => 'created desc',
'conditions'=>array('is_deleted'=> 0),
'page' => $pg
)
);
$numbers = $this->Paginator->paginate('Survey');
$this->set(compact('numbers'));
}else{
$this->Flash->set(__('Unauthorised access'));
}
}catch(Exception $e){
$this->Flash->set(__($e->getMessage()));
}
}
I don't want the ctp file of surveylist to execute if control comes to else.
Plz, help me out......
Thanx in advance...
I suppose you are using prefix to separate admin and users, if not please do that it is great way to handle and restrict methods.
After doing that you have to make condition to check which prefix(admin, user) is currently active and according that load Auth component and allow action in allow() method of Auth.
Example:
$this->loadComponent('Auth',[
/*'authorize' => [
'Acl.Actions' => ['actionPath' => 'controllers/']
],*/
'loginRedirect' => [
'controller' => 'Users',
'action' => 'index'
],
'authenticate' => [
'Form' => [
'fields' => [
'username' => 'email',
'password' => 'password'
]
]
],
'loginAction' => [
'controller' => 'Users',
'action' => 'login'
],
'unauthorizedRedirect' => [
'controller' => 'Users',
'action' => 'login',
'prefix' => false
],
'authError' => 'You are not authorized to access that location.',
]);
if ($this->request->params['prefix']=='admin') {
// Put actions you want to access to admin in allow method's array
$this->Auth->allow(array('add', 'edit', etc...));
} else if ($this->request->params['prefix']=='user') {
// Put actions you want to access to user in allow method's array
$this->Auth->allow(array('login', 'view', etc...));
}
This way you can restrict actions for particular role.
Hope this helps!
I created a new module and I managed to list all the orders from the shop.
I also added a button (with this code).
$link= Mage::helper('adminhtml')->getUrl('adminhtml/order/sync/') .'id/$entity_id';
$this->addColumn('action_edit', array(
'header' => $this->helper('catalog')->__('Action'),
'width' => 15,
'sortable' => false,
'filter' => false,
'type' => 'action',
'actions' => array(
array(
'url' => $link,
'caption' => $this->helper('catalog')->__('Sync'),
),
)
));
I really don't know how to assign an action to this button. What I should create in my custom module ? A new controller?
I need to display something or get some data when I click this button...
thank you very much
I think you should write
public function YourActionNameAction()
{
}
in your Module controller file
I am already using a number of Google API services, such as Calendar and Google+ profiles, but using the Directory services is proving difficult.
Here is the scope I'm declaring in my local_config - everything has been working until I added the final line...
// Definition of service specific values like scopes, oauth token URLs, etc
'services' => array(
'analytics' => array('scope' => 'https://www.googleapis.com/auth/analytics.readonly'),
'calendar' => array(
'scope' => array(
"https://www.googleapis.com/auth/calendar",
"https://www.googleapis.com/auth/calendar.readonly",
)
),
'books' => array('scope' => 'https://www.googleapis.com/auth/books'),
'latitude' => array(
'scope' => array(
'https://www.googleapis.com/auth/latitude.all.best',
'https://www.googleapis.com/auth/latitude.all.city',
)
),
'moderator' => array('scope' => 'https://www.googleapis.com/auth/moderator'),
'oauth2' => array(
'scope' => array(
'https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/userinfo.email',
)
),
'plus' => array('scope' => 'https://www.googleapis.com/auth/plus.login'),
'siteVerification' => array('scope' => 'https://www.googleapis.com/auth/siteverification'),
'tasks' => array('scope' => 'https://www.googleapis.com/auth/tasks'),
'urlshortener' => array('scope' => 'https://www.googleapis.com/auth/urlshortener'),
'directory' => array('scope' => 'https://www.googleapis.com/auth/admin')
I have tried a few different combos, but nothing seems to work - here is the error I'm getting...
Some requested scopes were invalid.
{valid=[https://www.googleapis.com/auth/tasks,
https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/userinfo.profile,
https://www.googleapis.com/auth/userinfo.email], invalid=[https://www.googleapis.com/auth/admin]}
I'm trying to pull Group listings at the moment, but I'll need other Admin sdk features later.
Thanks! Let me know if I need to add any more details.
Admin SDK scopes are listed at:
https://developers.google.com/admin-sdk/directory/v1/guides/authorizing
I am using the following code to include a custom tab for my node types:
function mymodule_menu(){
$items['node/%node/register'] = array(
'page arguments' => array(1),
'access arguments' => array('access content'),
'type' => MENU_LOCAL_TASK,
'title' => 'Register',
);
return $items;
}
This has the effect of including a register tab for every node type. However, I need to include that tab for only page types and exclude it on all other type like article types etc.
What other directions can I consider?
The easiest way would be to provide your own access callback that checks the node type, e.g.
function mymodule_menu(){
$items['node/%node/register'] = array(
'page arguments' => array(1),
'access callback' => 'mymodule_node_register_tab_access',
'access arguments' => array(1),
'type' => MENU_LOCAL_TASK,
'title' => 'Register',
);
return $items;
}
function mymodule_node_register_tab_access($node) {
$valid_types = array('page');
return in_array($node->type, $valid_types);
}
I'm trying to write a custom action to run off of an admin grid that I have built. Is it possible to send a value from a column in the grid to the controller via either get or post?
I've tried googling, but I cannot find a proper explanation for this anywhere. A link to an explanation of the column settings ('getter', 'type' etc.) would also be useful if this is available.
Add this code to your Grid.php:
$this->addColumn('action',
array(
'header' => Mage::helper('yourmodulename')->__('Action'),
'width' => '100',
'type' => 'action',
'getter' => 'getId',
'actions' => array(
array(
'caption' => Mage::helper('yourmodulename')->__('Edit'),
'url' => array('base'=> '*/*/edit'),
'field' => 'id'
)
),
'filter' => false,
'sortable' => false,
'index' => 'stores',
'is_system' => true,
));
That will build an "Edit" URL with the Id of the selected row as part of the URL. It will look something like <frontname>/<controllername>/edit/id/<value> where value is returned by the getter getId().
The getter field will execute any of the standard Magento magic getters, ie any attribute is gettable. So you could have getName or getProductUrl or getIsLeftHanded if you wanted and your controller can parse the attribute.
The controller can then retrieve that passed value using Mage::app()->getRequest()->getParam('attributename');
In terms of documentation/tutorials, have a read of this article on the website of #AlanStorm as it might help.
HTH,
JD