芳草苑

Day: February 5, 2011

  • Living in the UK

    今天得到感想都是来自生活中的琐事。

    • 因为按揭,我在新的银行开了户。以前没接触,初次合作就发现她能提供一堆比汇丰好很多的服务,比较之下,过去的一个月,汇丰让我损失了 £200 左右(包括多收费和少收益)。
    • Phones4u 还在卖 HTC Wildfire,£129.99 including VAT。隔壁 Carphone Warehouse 在卖 £229.99。大牌就需要这么标价吗?
    • 从 Debenhams 买了件休闲服,was £50, now £25,我花了一分钟试了一下就决定买了。用的是三年前的 gift voucher,刚好面值 £25,付款也很顺利。Gift voucher 给我的印象这玩意一不留神就过期了,虽然三年前我用第一张 gift voucher 时,我就问过 counter 这玩意什么时候过期,她说永不过期。三年后我把第二张 gift voucher 递给 counter 时,我心里还在想,“你敢说过期俺就找经理”?因为咱们吃过很多多变政策的苦了。事实是,counter 拿起 barcode scanner 一扫,就开始 print receipt,中间没多一句话,我很满意。
    • 从 Sainsbury’s 买的便当里的白饭竟然是夹生的。机器化大生产出来的食品连生熟都控制不好,让我实在怀疑 Sainsbury’s 的整体水平。

  • Create a Magento admin panel user with read only privilege

    A third party Adwords professional requested a read only access to Magento admin panel, which raised the question to me: how to create a Magento admin panel user with read only privilege?

    I am keen to do this job via ACL. Magento ACL role resources start from module to controller to action, I can not differentiate read/write privilege at the root level of role resources. It means it involves a lot of hassle coding up ACL in adminhtml.xml when creating a role with read access to all modules, because I have to code for every action, for example, indexAction is a read role resource, saveAction is a write role resource, editAction can be a write role resource if it actually saves data itself, or be a read role resource if post data are posted to saveAction.

    Luckily, in my case, the Adwords professional only requested access to two modules – Catalog and Reports. As for Reports module, I treat the whole module as read only, so I simple check “Reports” node in the role resources tree.

    As for Catalog module, the Adwords professional only requested to view product list, so I create several children of “Manage Products” node. The children map to all actions in Mage_Adminhtml_Catalog_ProductController, for example, product list maps to indexAction, product detail maps to editAction, product add and update maps to saveAction. I check indexAction node. I could check editAction (because it is read only process) as well but the Adwords professional did not see its necessity.

    The last thing left to do is differentiating privilege by role resources node. It is a very simple change – override Mage_Adminhtml_Catalog_ProductController’s _isAllowed() method from

    protected function _isAllowed()
{
	return Mage::getSingleton('admin/session')->isAllowed('catalog/products');
}

    to

    protected function _isAllowed()
{
	$action = $this->getRequest()->getRequestedActionName();
	return Mage::getSingleton('admin/session')->isAllowed('catalog/products/'.$action);
}

    I think there may be another to differentiate read and write role resource using ACL, because when I look at a sample adminhtml.xml file, it says

    	<acl>
		<resources>
			<all>
				<title>Allow Everything</title>
			</all>
		</resources>
	</acl>

    What does it means? Does it imply I can do something like

    	<acl>
		<resources>
			<read>
				<title>Read only</title>
			</read>
			<write>
				<title>Read and write</title>
			</write>
		</resources>
	</acl>

    ?