Magento: Access Denied errors after installing SUPEE-6285 or since Magento 1.9.2.1 – ACL Error – Solution

13. August 2015 at 15:06

If you use restricted admin accounts, some menus of third party extensions might not work anymore for them. The reason is that the default return value of Mage_Adminhtml_Controller_Action::_isAllowed() has been changed from true to Mage::getSingleton(‚admin/session‘)->isAllowed(‚admin‘). Extensions that do not override this method in their admin controllers because they don’t use the ACL, now need the „ALL“ privilege.

The only solution is to patch the extensions and add this method to all their admin controllers:

protected function _isAllowed()
{
  return true;
}

Or if they actually have an ACL resource defined in etc/adminhtml.xml:

protected function _isAllowed()
{
  return Mage::getSingleton('admin/session')->isAllowed('ENTER RESOURCE IDENTIFIER HERE'); //e.g. 'admin/sales/productreturn'</pre>
} 

 

Please share this article von facebook & google plus or where you want, thank you!