Magento Adminside Access Denied errors for all custom modules after installing Security Patches SUPEE-6285


If your Admin account is restricted and some menus of third party extensions or your custom modules might not work any more.

The reason behind this is that the default return value of Mage_Adminhtml_Controller_Action::_isAllowed() has been changed from 'true' to Mage::getSingleton('admin/session')->isAllowed('admin').

Extensions or custom modules that do not override this method in their custom modules or extensions admin controllers because they don't use the ACL, now need the "ALL" privilege.

The solution for this is to patch the extensions or custom modules and add this method to all their admin controllers, please note admin controller not the front-end:

protected function _isAllowed()
{
    return true;
}

Or if they actually have an ACL resource defined in etc/adminhtml.xml:

protected function _isAllowed()
{
    return Mage::getSingleton('admin/session')->isAllowed('ENTER RESOURCE IDENTIFIER HERE');
}


For more detail you can refer post of stackexchange http://magento.stackexchange.com/questions/73646/access-denied-errors-after-installing-supee-6285
Magento Adminside Access Denied errors for all custom modules after installing Security Patches SUPEE-6285 Magento Adminside Access Denied errors for all custom modules after installing Security Patches SUPEE-6285 Reviewed by Pranay Gondane on 1:40:00 AM Rating: 5

No comments

Free! Free!Free! Subscribe to Get Free PHP (Magento) tutorial Update in Your Inbox!!! Hurry Up!!!