Avoid Exception 'Not allowed to access JQAdm "customer" client'

[rasch]

Hi,
I have logged in with the role administrator in the backend and then assigned the role editor. After saving, the backend will reload according to my new role editor. Then I created a new role via the groups form, which has no admin rights. But when I assign this new role via the user form, I get the following ecxeption: Not allowed to access JQAdm "dashboard" client in ext/ai-admin-jqadm/admin/jqadm/src/Admin/JQAdm.php (line 52)

Code: Select all

if( $view->access( $config->get( 'admin/jqadm/resource/' . $path . '/groups', [] ) ) !== true ) {
            throw new \Aimeos\Admin\JQAdm\Exception( sprintf( 'Not allowed to access JQAdm "%1$s" client', $path ) );
        } 

But in such a case, I would rather be logged out and forwarded to the login page. How can I best implement this behavior in Aimeos?

Thank your for your help.

[aimeos]

The Symfony roles and Aimeos groups are two distinct concepts. Each admin and editor has the role ROLE_ADMIN but to be able to log into the admin interface but they have different Aimeos groups.

If editors remove their own group, they still have the ROLE_ADMIN but don't have access to the panels any more. You could try to remove the ROLE_ADMIN as well but I would rather leave this as is.

[MSchrading]

Hello aimeos.

This isn't a realy satified answer. In symfony (at this monet 4.3) I use to setup an exceptionEventListener in service.yaml. Which leads me to a app/EventLister/ExceptionListener.php where I can catch requests and handle them before running in some trouble. But under aimeos this way doen't work. So please tell me how to catch such "Not allowed Exception" under aimeos!
In a way that I can comprehend this!

Thank you

Michael

[aimeos]

The exception is handled in Aimeos and not propagated to the Symfony host system, so it never reaches your exceptionEventListener. If an admin use removes all groups in the customer panel, you can remove ROLE_ADMIN as well in the fromArray() method of your own customer JQAdm client. Then, the user should be logged out automatically.

[MSchrading]

^Sorry, but maybe I miss something.

I don't want to remove all groups or even remove the admin role. I just want to handle exception with aimeos in the way that aimeos shouldn't throw an exception and stop the system when one page couldn't be found or someone asn't the right to access an url.
So how to customise "Not allowed access" in aimeos??

Thank you
Michael

[aimeos]

The thread creator said he wants to log users out and display the login form again. This should be possible if you remove the ROLE_ADMIN role from the user if there are not more groups assigned to his account.

The exception if the user doesn't have the permission to view the panel is thrown here:
https://github.com/aimeos/ai-admin-jqad ... dm.php#L52

Contrary to my colleague posting the previous answer, Symfony does handle the exception because it's not caught by Aimeos. You can see that in the attached screenshot because the stack trace is from Symfony:

Screenshot_Symfony_Admin_Exception.png (166.82 KiB) Viewed 280526 times

[MSchrading]

Thanks a lot.

That was it. I'm wondering why not using exception from symfony but works except status code. But that's not important.

Michael