![]() In admin controllers: Magento provides an abstract type Magento\Framework\AuthorizationInterface which you can use to validate the currently logged in user against a specific Access Control List.System configuration: You should also put the resource to limit access to this section page.Admin menu: Put the resource to hide the menu if it’s not allowed by the store owner.Because of creating a Web API configuration file (etc/webapi.xml), the rules defined in acl.xml can restrict access to API endpoints.įinally, there are some places where we put the Access Control List resource to make it limit access: Then, we can restrict users from accessing API endpoints by using the Magento ACL rule. ![]() As a result, one of them is accessible only to users with Magento ACL Vendor_MyModule::view_additional permissions.Īs a result, when the resource for Vendor_ModuleName::view_additional is enabled, the result is:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |