cancel
Showing results for 
Search instead for 
Did you mean: 

Stop Product Delete at user level

Stop Product Delete at user level

Hi,

 

Is there any way can we stop user other than admin  to delete the products in magento 1.9.2.3?

 

thanks

 

 

 

6 REPLIES 6

Re: Stop Product Delete at user level

Hi muneeb434, you need to set up a user role and its permissions. Check out the guide here: https://www.sieverscreative.com/setting-up-users-and-access-levels-in-magento/

---
I'm a Magento Developer living in Melbourne, Australia with 4 x Magento certifications Smiley Happy

Re: Stop Product Delete at user level

hi Francis Kim,

 

thanks for reply i know the user role and its permission but in the user role only one check box "manage products" if i enable it user can also delete the product. if i disable it than manage product section is not show to user.

 

is there any thing that can user products permission in details like ADD, EDIT, DELETE products etc.

 

thanks

Re: Stop Product Delete at user level

For your purpose you will need to create a little module with an observer and new acl rule.
adminhtml.xml file:

<?xml version="1.0"?>
<config>
    <acl>
        <resources>
            <admin>
                <children>
                    <catalog>
                        <children>
                            <products>
                                <children>
                                    <delete translate="title">
                                        <title>Delete Products</title>
                                    </delete>
                                </children>
                            </products>
                        </children>
                    </catalog>
                </children>
            </admin>
        </resources>
    </acl>
</config>

Here we add a new acl section inside `manage products` with the `Delete Products` title.

ea99016ba355fe0ef9a0bff8f49b3779.png

You can do this with the other actions that you want to limit.

Then, we need the observer where we can check if the action is permitted or redirect the admin back if not. As in the previous case, you can exapnd this functionality.

Declare the observers in the modules' config.xml file in the adminhtml section:

<adminhtml>
    <events>
        <controller_action_predispatch_adminhtml_catalog_product_delete>
            <observers>
                <delete_product_acl>
                    <type>singleton</type>
                    <class>test/observer</class>
                    <method>isDeletionAllowed</method>
                </delete_product_acl>
            </observers>
        </controller_action_predispatch_adminhtml_catalog_product_delete>
        <controller_action_predispatch_adminhtml_catalog_product_massDelete>
            <observers>
                <massdelete_product_acl>
                    <type>singleton</type>
                    <class>test/observer</class>
                    <method>isDeletionAllowed</method>
                </massdelete_product_acl>
            </observers>
        </controller_action_predispatch_adminhtml_catalog_product_massDelete>
    </events>
</adminhtml>

We used two known actions to delete products: simple delete and delete and mass clearance that is available in the products grid. The same observer and its method is used because there are no differences between the checks and result. When you expanding functionality, don't forget that observer's name should be unique (delete_product_acl and massdelete_product_acl in our case).

Now, we need to complete the method in the observer.

Observer.php file:

 

<?php

class Test_Module_Model_Observer
{

    public function isDeletionAllowed($observer)
    {
        $isAllowed = Mage::getSingleton('admin/session')->isAllowed('catalog/products/delete');
        if (!$isAllowed) {
            /** @var $controller Mage_Core_Controller_Varien_Action */
            $controller = $observer->getData('controller_action');
            $controller->setFlag(
                $controller->getRequest()->getActionName(),
                Mage_Core_Controller_Varien_Action::FLAG_NO_DISPATCH,
                true
            );
            Mage::getSingleton('adminhtml/session')->addError(Mage::helper('test')->__('Delete action is not allowed'));
            Mage::app()->getResponse()->setRedirect($controller->getUrl('*/*/'));
            Mage::app()->getResponse()->sendResponse();
        }
    }
}
?>

Let's look through the method line by line.

 

<?php
$isAllowed = Mage::getSingleton('admin/session')->isAllowed('catalog/products/delete');
?>

Here we get the validation result for the current admin using our acl for delete. In case of superadmin the check is ignored and always returns true, that's why it is required to create a new admin (not superadmin!) for the check.

Then, it goes the if (!$isAllowed) check. If it successfully passed and the rule is not available to the current admin, then we need to reset the following execution of the current action of the current controller and give the redirect in the response back to the index action of the current controller with the 'Delete action is not allowed' error display. You can change the redirect page by replacing the path $controller->getUrl('*/*/') to any other where first * is route, and second * is controller. Third and missed * is controller's action, when we miss value like in the example it is indexAction.

bf57cef437f93e819aed8c092dd73768.png
674a8944128e5d4486ceafa3e8a49b5d.png

You can change the result and show 404 page for example or send an email to the superadmin about the actions of the current admin with name and time.

Additionally, you can add the same check for drawing of some default blocks in the admin panel and hide buttons from it. If you are interested in this – let us know and we will write about it.

Hence, the basics of such a module should be clear and the following development is limited only to your fantasy. We hope this information will be useful for you.

We'd like to thank users Raphael at Digital Pianism and Andreas von Studnitz at magento.stackexchange.com for useful question and answer that were used for this answer. Link: http://magento.stackexchange.com/questions/107208/magento-1-how-to-properly-redirect-from-an-admin-c...

Re: Stop Product Delete at user level

hi MageWorxCom,

 

thanks for reply.

 

Can you please let me know the file name and path where i need to upload the files or directory/

 

thanks

Re: Stop Product Delete at user level

You need to create a separate module where you can add this functionality. There are plenty of information about it and ready templates in the Internet. After you create the module, complete it with the code above.

Re: Stop Product Delete at user level

Thank you for the details answer. However, it didn't seem to work for me.
The event's just don't fire and the Observer isn't called.