Magento 404 admin module 1.9.2.2

1
votes

I migrated for the magento 1.9.2.2 and several modules stopped working within the admin, showing 404 error. I realized that the URL is not showing the path of the admin.

In place of (www.site.com/index.php/shop/module). Is showing this (www.site.com/index.php/module.)

The setup like this:

app/code/co ... config.xml

<admin>
    <routers>
        <Src_Core>
            <use>admin</use>
            <args>
                <module>Src_Core</module>
                <frontName>srccore</frontName>
            </args>
        </Src_Core>
    </routers>
</admin>

app/code/local/... config.xml

<admin>
    <routers>
        <Query_Src>
            <use>admin</use>
            <args>
                <module>Query_Src</module>
                <frontName>querysrcadmin</frontName>
            </args>
        </Query_Src>
    </routers>
</admin>
1
magentomodulehttp-status-code-404admin

1 Answers

0
votes

If this issue is relating to a Magento upgrade, the issue is due to a security patch that recently made many modules unusable. This being said, it has to do with ACL or permissions restrictions that were updated in the Magento admin.

When accessing a controller inside of the admin panel such as /shop/module that does not contain the core controller path i.e. /admin/shop/module it will not be able to access that route without modifications to the extension. Most extension providers updated their extension to correct for this issue.. However, if this is custom code, I will explain the fix below.

The reason is that the default return value of Mage_Adminhtml_Controller_Action::_isAllowed() has been changed from true to Mage::getSingleton('admin/session')->isAllowed('admin'). Extensions that do not override this method in their admin controllers because they don't use the ACL, now need the "ALL" privilege.

The only solution is to patch the extensions and add this method to all their admin controllers: This first option will fix the issue, but will not work if restricted admin permissions are a requirement of this module. 

protected function _isAllowed()
{
    return true;
}

This is if they have an ACL resource defined in etc/adminhtml.xml or etc/system.xml:

protected function _isAllowed()
{
    return Mage::getSingleton('admin/session')->isAllowed('ENTER RESOURCE IDENTIFIER HERE');
}

So what you need to go to is /app/code/local/Src/Core/controllers/Adminhtml/and any php files need to have this new function added. Hope this helps.

Robert