Skip to content

In M2.4.7, what is the correct way to implement an Admin Controller that checks ACL and User Login status?

With MagentoBackendAppAbstractAction and MagentoFrameworkAppActionAction being deprecated and advising in the scripts to use MagentoFrameworkAppActionInterface, what is the correct way to implement an admin Controller that will check the users ACL rights to view the page and also if the user is logged in?

Magento Devdocs show no use of an extended Action controller class, only HttpGetActionInterface, HttpPostActionInterface etc.

I currently use MagentoFrameworkAppActionHttpGetActionInterface, and HttpPostActionInterface in my controllers but this does not do the checks and the page just goes blank if the user is not logged in or authorized..

I require the system to redirect the user to the login page if not logged in, then return to the requested page after login.

If the user is not authorized to access the page, redirect them to the last page or the admin start up page.

I currently use a Core module to handle all repetitive tasks across modules and have a CoreAdminController to extend from. If there isn’t a generic Magento solution, this abstract core controller will have the checks and redirects in it to extend from.

Vendor_Core

<?php /* php8.2 */

namespace VendorCoreControllerAdminhtml;

use MagentoBackendAppAction;
use MagentoBackendAppActionContext;
use MagentoFrameworkAppActionInterface;

abstract class CoreAdminController
{
    /* Default admin resource */
    const ADMIN_RESOURCE = 'Vendor_Core::view';

    public function __construct(
        protected MagentoBackendAppActionContext $context
    ) {}

    /* My thought was to add checks in dispatch and redirect if not authorized or logged in */
    public function dispatch(MagentoFrameworkAppRequestInterface $request)
    {
        /* Add checks here maybe */
        return parent::dispatch($request);
    }
}

Vendor_Module

use MagentoFrameworkAppActionHttpGetActionInterface;
use MagentoFrameworkControllerResultRedirect;
use MagentoFrameworkViewResultPage;

use VendorCoreControllerAdminhtmlCoreAdminController;

class Index extends CoreAdminController implements HttpGetActionInterface
{
        public function __construct(
        Context $context

        protected PageFactory $pageFactory
    ) {
        parent::__construct($context);
    }

    public function execute(): Page|Redirect
    {
        /* simplified for demo purposes */
        return $this->pageFactory->create();
    }
}