Magento 2 allows you to customize and add new items to the backend menu. You can also regulate the access rights to them using the appropriate access control list (ACL) rules and create new ACL rules. Here is how you do it.
This menu consists of several levels:
You can add a new menu using the app/code/Vendor/Module/etc/adminhtml/menu.xml file:
|
1 2 3 4 5 6 7 |
<?xml version="1.0"?> <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Backend:etc/menu.xsd"> <menu> <add id="Vendor_Module::first_level" title="First Level Menu" module="Vendor_Module" sortOrder="51" resource="Magento_Backend::content"/> <add id="Vendor_Module::second_level" title="SEcond Level Menu" module="Vendor_Module" sortOrder="10" action="Vendor_Module/action_path" resource="Magento_Backend::content" parent="Vendor_Module::first_level"/> </menu> </config> |
where,
- id is a record identifier (must be unique). {Vendor_Module}::{menu_description};
- title is a displayed name;
- module determines the module which the menu item belongs to in the Vendor_Module format;
- sortOrder determines the position of the menu item. Items with a lower value of sortOrder will be displayed higher;
- parent — id of other menu items. Defines this menu as nested;
- action — page url referenced by the menu item;
- resource defines the ACL rule necessary to see this menu item.
Magento 2 ACL
Magento 2 allows you to separate the rights of admin users and create groups of admin users with different access rights.
Defining ACL
You can create a new ACL rule using the app/code/Vendor/Module/etc/acl.xml file:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
<?xml version="1.0"?> <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Acl/etc/acl.xsd"> <acl> <resources> <resource id="Magento_Backend::admin"> <resource id="Vendor_Module::acl1" title="ACL Parent Rule" sortOrder="51"> <resource id="Vendor_Module::acl2" title="ACL Child Rule" sortOrder="10"/> </resource> </resource> </resources> </acl> </config> |
where,
- id is a resource identifier. It is used in the menu configuration and controllers to specify the resource. Must be unique and specified in the format: Vendor_Module :: resource_name.
- title — the name of the resource;
- sortOrder — the position of the resources in the resource tree;
ACL for menu
In order to restrict the access to a menu section by a certain ACL rule, you should specify it in the resource parameter when configuring the menu:
app/code/Vendor/Module/etc/adminhtml/menu.xml
|
1 2 3 4 5 6 7 |
<?xml version="1.0"?> <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Backend:etc/menu.xsd"> <menu> <add id="Vendor_Module::first_level" title="First Level Menu" module="Vendor_Module" sortOrder="51" resource="Vendor_Module::acl1"/> <add id="Vendor_Module::second_level" title="SEcond Level Menu" module="Vendor_Module" sortOrder="10" action="Vendor_Module/action_path" resource="Vendor_Module::acl2" parent="Vendor_Module::first_level"/> </menu> </config> |
ACL for action
In order to restrict the access to an action using the ACL, the controller of this action must override the _isAllowed method.
protected function _isAllowed()
|
1 2 3 |
{ return $this->_authorization->isAllowed(‘Vendor_Module::acl2'); } |
Hope everything makes sense. If not, I’ll be glad to answer your questions, please leave them in the comment section below.
Want to improve catalog visibility in your Magento 2 store? Check out our Groups Catalog for Magento 2 extension.
Partner With Us
Looking for a partner to grow your business? We are the right company to bring your webstore to success.
Talk to Andrey
After you’ve defined the ACL layer for any menu item you need to modify admin user role if you want to restrict it’s access.
More information on how to do that can be found here: https://devdocs.magento.com/guides/v2.4/ext-best-practices/tutorials/create-access-control-list-rule.html
I implemented the code as you have written in this blog but am still able to access the restricted configuration in admin.Is the isallowed method written completely or i need to add my code for restrriction
Hi, Rafael
Thanks for reading me!
Thanks for sharing Gennadiy!