Magento: remove admin mass action for specific role

August 15, 2017

Image for Magento: remove admin mass action for specific role from unsplash.com

I had a use case where a Magento admin user was limited to viewing the orders only. They should be able to view orders but not perform any actions on an order. The best way to do this with Magento is to remove admin mass actions for a specific user role.

Firstly I set up a role with the name 'Read Only' and limited access to the Orders list only:

Magento admin roles

Then I created a user and assigned them to that role.

Code changes

To remove the mass action sections you need to override the default sales order grid and override the getExportTypes(), getRssLists(), and _prepareMassaction() methods.

Firstly, set up your module config to override the sales grid:

    // Example/Module/etc/config.xml
    <?xml version="1.0" ?>
    <config>
        ....
        <global>
            <blocks>
                ...
                <adminhtml>
                   <rewrite>
                       <sales_order_grid>Example_Module_Block_Adminhtml_Sales_Order_Grid</sales_order_grid>
                   </rewrite>
                </adminhtml>
            </blocks>
        </global>
    ...
    </config>

Now create your block in Example/Module/Block/Adminhtml/Sales/Order/Grid.php

<?php

// Example/Module/Block/Adminhtml/Sales/Order/Grid.php

class Example_Module_Block_Adminhtml_Sales_Order_Grid
    extends Mage_Adminhtml_Block_Sales_Order_Grid
{

    protected $_showMassAction = false;

    public function __construct()
    {
        parent::__construct();
        $this->_showMassAction = Mage::helper('example_module')->isAdminReadOnly();
        }

        public function getExportTypes()
        {
            if ($this->_showMassAction) {
                return false;
            } else {
                return $this->_exportTypes;
            }
        }

        public function getRssLists()
        {
            if ($this->_showMassAction) {
                return false;
            } else {
                return $this->_rssLists;
            }
        }

        protected function _prepareMassaction()
        {
            if ($this->_showMassAction) {
                return $this;
            } else {
                parent::_prepareMassaction();
            }
        }

    }

Finally, implement a helper in your module to check the admin role:

<?php
// Example/Module/Helper/Data.php

class Example_Module_Helper_Data extends Mage_Core_Helper_Data
{

    public function isAdminReadOnly()
    {
        $roleId = implode('', Mage::getSingleton('admin/session')->getUser()->getRoles());
            $roleName = Mage::getModel('admin/roles')->load($roleId)->getRoleName();

            return $roleName == 'Read Only';
        }
    }

    ...
}