Avoid Exception 'Not allowed to access JQAdm "customer" client'

Questions around the Aimeos bundle for the Symfony framework
Forum rules
Always add your Symfony, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
rasch
Posts: 17
Joined: 02 Sep 2019, 11:51

Avoid Exception 'Not allowed to access JQAdm "customer" client'

Post by rasch » 12 Sep 2019, 12:04

Hi,
I have logged in with the role administrator in the backend and then assigned the role editor. After saving, the backend will reload according to my new role editor. Then I created a new role via the groups form, which has no admin rights. But when I assign this new role via the user form, I get the following ecxeption: Not allowed to access JQAdm "dashboard" client in ext/ai-admin-jqadm/admin/jqadm/src/Admin/JQAdm.php (line 52)

Code: Select all

if( $view->access( $config->get( 'admin/jqadm/resource/' . $path . '/groups', [] ) ) !== true ) {
            throw new \Aimeos\Admin\JQAdm\Exception( sprintf( 'Not allowed to access JQAdm "%1$s" client', $path ) );
        } 
But in such a case, I would rather be logged out and forwarded to the login page. How can I best implement this behavior in Aimeos?

Thank your for your help.

User avatar
aimeos
Administrator
Posts: 3696
Joined: 01 Jan 1970, 00:00

Re: Avoid Exception 'Not allowed to access JQAdm "customer" client'

Post by aimeos » 13 Sep 2019, 09:13

The Symfony roles and Aimeos groups are two distinct concepts. Each admin and editor has the role ROLE_ADMIN but to be able to log into the admin interface but they have different Aimeos groups.

If editors remove their own group, they still have the ROLE_ADMIN but don't have access to the panels any more. You could try to remove the ROLE_ADMIN as well but I would rather leave this as is.
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos, Image give us a star

MSchrading
Posts: 19
Joined: 14 Aug 2019, 08:13

Re: Avoid Exception 'Not allowed to access JQAdm "customer" client'

Post by MSchrading » 07 Feb 2020, 07:43

Hello aimeos.

This isn't a realy satified answer. In symfony (at this monet 4.3) I use to setup an exceptionEventListener in service.yaml. Which leads me to a app/EventLister/ExceptionListener.php where I can catch requests and handle them before running in some trouble. But under aimeos this way doen't work. So please tell me how to catch such "Not allowed Exception" under aimeos!
In a way that I can comprehend this!

Thank you

Michael

User avatar
aimeos
Administrator
Posts: 3696
Joined: 01 Jan 1970, 00:00

Re: Avoid Exception 'Not allowed to access JQAdm "customer" client'

Post by aimeos » 10 Feb 2020, 12:24

The exception is handled in Aimeos and not propagated to the Symfony host system, so it never reaches your exceptionEventListener. If an admin use removes all groups in the customer panel, you can remove ROLE_ADMIN as well in the fromArray() method of your own customer JQAdm client. Then, the user should be logged out automatically.
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos, Image give us a star

MSchrading
Posts: 19
Joined: 14 Aug 2019, 08:13

Re: Avoid Exception 'Not allowed to access JQAdm "customer" client'

Post by MSchrading » 10 Feb 2020, 13:02

^Sorry, but maybe I miss something.

I don't want to remove all groups or even remove the admin role. I just want to handle exception with aimeos in the way that aimeos shouldn't throw an exception and stop the system when one page couldn't be found or someone asn't the right to access an url.
So how to customise "Not allowed access" in aimeos??

Thank you
Michael

User avatar
aimeos
Administrator
Posts: 3696
Joined: 01 Jan 1970, 00:00

Re: Avoid Exception 'Not allowed to access JQAdm "customer" client'

Post by aimeos » 11 Feb 2020, 17:51

The thread creator said he wants to log users out and display the login form again. This should be possible if you remove the ROLE_ADMIN role from the user if there are not more groups assigned to his account.

The exception if the user doesn't have the permission to view the panel is thrown here:
https://github.com/aimeos/ai-admin-jqad ... dm.php#L52

Contrary to my colleague posting the previous answer, Symfony does handle the exception because it's not caught by Aimeos. You can see that in the attached screenshot because the stack trace is from Symfony:
Screenshot_Symfony_Admin_Exception.png
Screenshot_Symfony_Admin_Exception.png (166.82 KiB) Viewed 91 times
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos, Image give us a star

MSchrading
Posts: 19
Joined: 14 Aug 2019, 08:13

Re: Avoid Exception 'Not allowed to access JQAdm "customer" client'

Post by MSchrading » 12 Feb 2020, 12:01

Thanks a lot.

That was it. I'm wondering why not using exception from symfony but works except status code. But that's not important.

Michael

Post Reply