I have installed following security patchs in my site of magento: 4291,6237,7616,5344,5994,6285,6482,6788,7405. But now whenever I try to run any ajax request in admin of magento (logging in as a user). I tried setting permissions of app folder to even 777 but then also it is not working. My site is blocked, please help. I think this is because of 6788 patch but I am not sure. There is new section of "Block" and "Variable" in permissions. Do I need to add any blocks or variables in this? Thanks in advance.
Asked
Active
Viewed 564 times
1
-
Are you using a custom module for this? Can you post your xml config of the admin routers? – Gerard de Visser Jan 28 '16 at 08:08
-
1It worked after adding _isAllowed() in controller of custom module, as mentioned here: http://magento.stackexchange.com/questions/73646/access-denied-errors-after-installing-supee-6285 – user0509 Jan 28 '16 at 08:28
-
This is why I was asking if you were using a custom module. I already had an answer in concept. I will post this anyway for others with the same problem. – Gerard de Visser Jan 28 '16 at 08:55
-
Welcome. Maybe you can mark this as correct anwer for others with same question? – Gerard de Visser Jan 28 '16 at 09:20
1 Answers
0
This can be caused by patch SUPEE-6285.
This patch changes the default return value of Mage_Adminhtml_Controller_Action::_isAllowed() from true to Mage::getSingleton('admin/session')->isAllowed('admin').
This can restrict permission to modules for restricted admin accounts.
You can solve this by adding following function to the admin controller of your module:
protected function _isAllowed()
{
return true;
}
Gerard de Visser
- 7,590
- 9
- 50
- 58
-
now it has started throwing 404 error (after some time). Do you know the reason for this? – user0509 Jan 28 '16 at 13:40