Update 4. Utilize ACL to set menu items and permissions.md

ralbin · web-flow · commit fe36cb3a43c4 · 2019-03-16T06:32:45.000-05:00
diff --git a/6. Developing with Adminhtml/4. Utilize ACL to set menu items and permissions.md b/6. Developing with Adminhtml/4. Utilize ACL to set menu items and permissions.md
@@ -29,3 +29,66 @@ menu.xml - `urn:magento:module:Magento_Backend:/etc/menu.xsd` - flat structure
 - System > Permissions > All Users to view and create new users and associate to a role.  There are two tabs 1 is user info the other is User Role where you define the Role for this user.  You can only select 1 role per user.
     
 *How can you do that programmatically?*
+- You can leverage \Magento\Authorization\Model\Acl\AclRetriever.  That as a few methods that will help
+
+```php
+    /**
+     * Get a list of available resources using user details
+     *
+     * @param string $userType
+     * @param int $userId
+     * @return string[]
+     * @throws AuthorizationException
+     * @throws LocalizedException
+     */
+    public function getAllowedResourcesByUser($userType, $userId)
+    {
+        if ($userType == UserContextInterface::USER_TYPE_GUEST) {
+            return [self::PERMISSION_ANONYMOUS];
+        } elseif ($userType == UserContextInterface::USER_TYPE_CUSTOMER) {
+            return [self::PERMISSION_SELF];
+        }
+        try {
+            $role = $this->_getUserRole($userType, $userId);
+            if (!$role) {
+                throw new AuthorizationException(
+                    __('We can\'t find the role for the user you wanted.')
+                );
+            }
+            $allowedResources = $this->getAllowedResourcesByRole($role->getId());
+        } catch (AuthorizationException $e) {
+            throw $e;
+        } catch (\Exception $e) {
+            $this->logger->critical($e);
+            throw new LocalizedException(
+                __(
+                    'Something went wrong while compiling a list of allowed resources. '
+                    . 'You can find out more in the exceptions log.'
+                )
+            );
+        }
+        return $allowedResources;
+    }
+
+    /**
+     * Get a list of available resource using user role id
+     *
+     * @param string $roleId
+     * @return string[]
+     */
+    public function getAllowedResourcesByRole($roleId)
+    {
+        $allowedResources = [];
+        $rulesCollection = $this->rulesCollectionFactory->create();
+        $rulesCollection->getByRoles($roleId)->load();
+        $acl = $this->aclBuilder->getAcl();
+        /** @var \Magento\Authorization\Model\Rules $ruleItem */
+        foreach ($rulesCollection->getItems() as $ruleItem) {
+            $resourceId = $ruleItem->getResourceId();
+            if ($acl->has($resourceId) && $acl->isAllowed($roleId, $resourceId)) {
+                $allowedResources[] = $resourceId;
+            }
+        }
+        return $allowedResources;
+    } 
+```
