Routes access restriction plugin (as the First & only plugin in the market) allows the store admin to restrict customers of a specific role to access defined routes. Store admins can deny customers to access URLs in any part of the website, especially the admin panel.
You can define restrictions for static URLs, as well as dynamic URLs (defined by Regex patterns).
What does it do?
This plugin, made by the resanehLab team, is the first plugin in the market for blocking the access for different customers efficiently.
The default “Access Control List” functionality (ACL) in nopCommerce allows store admins to grant access to predefined processes and also deny them. Nevertheless, they can restrict customers and other admins to access URLs and actions which aren’t defined in ACL.
With using this plugin, store admins can deny customers to access URLs in any part of the website, especially the admin panel. In addition to static URLs, dynamic URLs can be defined by Regex patterns.
These URLs can also be defined by “Controller” and “Action” of MVC routing. If an URL is limited for a user in panel admin, the plugin removes it from the admin panel menu for them automatically. Also, This plugin can restrict public store routes and if users try to access a restricted URL, the plugin will redirect them to the 404 Not found page.
Main Features
- Block the access to static URLs for specific customer roles
- Block the access to dynamic URLs by Regex patterns (Controller and Action for MVC routing) for specific customer roles
- User-friendly interface in admin panel
- Compatible with different versions of nopcommerce – from 3.8 to 4.30
How To Use
This plugin includes two setting pages in administrator area: Settings and Routes list.
Settings page
In the configure page, admin can specify whether the plugin’s functionality is enabled or not. If the plugin is disabled, defined redirections won’t be applied at all.
Also, you can activate your plugin's license by going to this address and entering the license key:
Administration area > Plugins > Admin routes action restriction > configuration
If you need a guide to install the plugin, please go to the Download & Install tab.
Routes list
You can access this page by going to address:
Administration area > Plugins > Admin routes action restriction > routes list
On this page you can see a list of current restrictions.
To define a new restriction, click on the Add new button.
Route format - To add a new restriction, the first step is to specify the route format:
1. Action/controller name
2.URL
Action/controller name
If you want to restrict access to a specific page in the admin panel, you should enter the action name and controller name separately. Consider this example URL:
http://example.com/admin /controller/action
Action name – specifies the action name of route.
Controller name - specifies the controller name of route.
Customer role – you can choose this restriction for a customer role. (for instance, guests). If you create a new customer role, it will appear in the drop-down menu too.
URL
Use Regex – If you want to use regex, check this box. Then enter the regex pattern in the URL regex field.
URL – If you want to just to restrain a single URL for a specific role, paste your desired URL in this box.
Note: To use this feature, the “use regex” box must be unchecked.
Customer role - you can choose this restriction for a customer role. ( for instance, guests ). If you create a new customer role, It will appear in the drop-down menu too.