I added a custom permission on “admin/commerce/config” to disable access for certain user roles.
class RouteSubscriber extends RouteSubscriberBase {
/**
* {@inheritdoc}
*/
public static function getSubscribedEvents() {
$events(RoutingEvents::ALTER) = 'onAlterRoutes';
return $events;
}
/**
* {@inheritdoc}
*/
protected function alterRoutes(RouteCollection $collection) {
if ($route = $collection->get('commerce.configuration')) {
$route->setRequirements(('_permission' => 'administer commerce configuration'));
}
}
}
The page can now only be accessed when user has the permissions ‘administer commerce configuration’. But it is still visible on the “admin/commerce” page.
The page url’s are build by the systemAdminMenuBlockPage callback. The function getAdminBlock (core/modules/system/src/SystemManager.php) builds the menu and has a $element->access->isAllowed function,but this keep returning 1. And so its still printed on the overview page.
Any suggestions for fixing this issue?
