Post by » Sun Oct 09, 2022 12:34 pm

I am new to Opencart and PHP. So maybe my proposal is a little off...
I have just recently built my 1st extension. And upon inspection of the Core code. I found that it does not allow for extension subdirectories even though the
framework finds them and feeds them into the user group access form.

The AdminControllerStartupPermisssion Class breaks down the requested route into an array($part) and does some value checks. Then puts only part of the array back together as $route to send out to check for user access permission. This current design does not allow for extension subdirectories. I believe that whole class could be cleaned up and only check for the $ignore array and pass the incoming route directly to the user permission checker. I am still investigating if those extension array checks really need to be done at all. It seems as though the user permission checker controls the permissions.

But either way my proposal is to send the requested route straight to the user permission checker, and not the array of partially requested route..


Tue Sep 13, 2022 10:33 am

Post by » Sun Oct 09, 2022 8:58 pm

Long story, short.
My original suggestion is insufficient. So I went back to the drawing board and have a new code change suggestion. And funny enough, v4 does exactly what i am proposing here for v3.x.
The only problem is, I am still horrible at git, and the user voice feature doesn't work.
So I am proposing my code change here. And this allows for custom extensions to have subdirectories.
And since you guys are seasoned developers you will probably touch this up a bit.

Here is my new Admin/Controller/Startup/Permission

Code: Select all

class ControllerStartupPermission extends Controller {
	public function index() {
		if (isset($this->request->get['route'])) {
			$route = '';

			$part = explode('/', $this->request->get['route']);

			// New Code - Check if route is File or Function call.
			$i = 0;
			$arrayLength = count($part);
			$filename = DIR_APPLICATION . "controller/" . $this->request->get['route'] . ".php";
			if (!file_exists($filename)) {
				$arrayLength = $arrayLength - 1;
			$permission_check_route = $part[0];;
			for ($i = 1; $i < $arrayLength; $i++) {
				$permission_check_route .= "/" . $part[$i] ;
			// End New Code.

			if (isset($part[0])) {
				$route .= $part[0];

			if (isset($part[1])) {
				$route .= '/' . $part[1];

			// If a 3rd part is found we need to check if its under one of the extension folders.
			$extension = array(

			if (isset($part[2]) && in_array($route, $extension)) {
				$route .= '/' . $part[2];

			// We want to ingore some pages from having its permission checked.
			$ignore = array(

			if (!in_array($route, $ignore) && !$this->user->hasPermission('access', $permission_check_route ) {
				return new Action('error/permission');


Tue Sep 13, 2022 10:33 am
Who is online

Users browsing this forum: Ahrefs [Bot] and 6 guests