Magento 1.9 – Remove delete product access for a specific user role

There may be a situation where you do not want a specific set of users who users the admin panel to have access to delete products which are already added to the site. The following tutorial is a guide to remove delete product access for a specific user role.

Create a custom module. Make the necessary name changes and add the following code to the etc/config.xml. In the following code rewriting adminthtml to remove the delete and mass delete and events are to lock a particular attribute if you don’t want to give the user role to edit that attribute.

<blocks>
   <custom_catalog>
      <class>Custom_Catalog_Block</class>
   </custom_catalog>
   <adminhtml>
      <rewrite>
         <catalog_product_edit>Custom_Catalog_Block_Adminhtml_Product_Edit</catalog_product_edit>
         <catalog_product_grid>Custom_Catalog_Block_Adminhtml_Product_Grid</catalog_product_grid>
      </rewrite>
   </adminhtml>
</blocks>
<events>
   <catalog_product_edit_action>
      <observers>
         <custom_catalog>
            <type>singleton</type>
            <class>custom_catalog/observer</class>
            <method>lockAttributes</method>
         </custom_catalog>
      </observers>
   </catalog_product_edit_action>
   <catalog_product_new_action>
      <observers>
         <custom_catalog>
            <type>singleton</type>
            <class>custom_catalog/observer</class>
            <method>lockAttributes</method>
         </custom_catalog>
      </observers>
   </catalog_product_new_action>
</events>

Block/Adminhtml/Product/Edit.php
(This is to remove the delete button in the product edit page)

<?php 
class Custom_Catalog_Block_Adminhtml_Product_Edit extends Mage_Adminhtml_Block_Catalog_Product_Edit
{
 public function getDeleteButtonHtml()
    {
        $currentUser = Mage::getSingleton('admin/session')->getUser();
        $currentRole = $currentUser->getRole();
        $roleId = $currentRole->getId();
        //hardcoded the user role id for demo purposes
        if($roleId == 1){
            return $this->getChildHtml('delete_button');
        }else{
             return '';
        }

    }
}

Block/Adminhtml/Product/Grid.php
(This is to remove the mass delete from actions in all products page)

<?php 
class Custom_Catalog_Block_Adminhtml_Product_Grid extends Mage_Adminhtml_Block_Catalog_Product_Grid
{
    protected function _prepareMassaction()
    {
        parent::_prepareMassaction();
         $currentUser = Mage::getSingleton('admin/session')->getUser();
        $currentRole = $currentUser->getRole();
        $roleId = $currentRole->getId();
        //hardcoded the user role id for demo purposes
        if($roleId != 1){
            //like this you can remove other actions as well. eg:- status
            $this->getMassactionBlock()->removeItem('delete');               
        }
        return $this;
    }
}

Model/Observer.php
(To lock attributes in product edit page if required)

<?php
class Custom_Catalog_Model_Observer {

    public function lockAttributes($observer) {
        $event = $observer->getEvent();
        $product = $event->getProduct();
        $currentUser = Mage::getSingleton('admin/session')->getUser();
        $currentRole = $currentUser->getRole();
        $roleId = $currentRole->getId();
        //hardcoded the user role id for demo purposes
        if($roleId != 1){
            //like this you can lock any attribute you like in product edit
            $product->lockAttribute('price');
            $product->lockAttribute('status');
        }
    }
}

The user role id is hardcoded for demo purposes in the above example and you may use it accordingly to get the desired result. Also as shown above you have the ability to lock other attributes such as price for a specific user role.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s