Where does Magento's Admin Panel Navigation Rendering Hook into the ACL?

Question

When you log into the Magento Admin Panel, you're only shown menu items that your role allows you to. Where in the Core does Magento check the user's role to determine which Navigation items should be shown? (I'm not interested in the _isAllowed method on Admin controllers, I'm interested in the Navigation rendering).

Also, as along as I'm here, outside of the aforementioned _isAllowed, navigation rendering, and SOAP/RPC API methods, what other parts of the Magento system rely on ACL?

Answer 1

Found what I was looking for, but I'm still interested in other areas of the admin that use ACL resources.

Mage_Adminhtml_Block_Page_Menu::_checkAcl

Answer 2

Looks like Mage_Api_Model_Config and Mage_Admin_Model_Config are involved in the API and admin permissions respecively, they both have the methods

• loadAclResources()
• getAclAssert()
• getAclPrivilegeSet()

Cheers, JD