I know i'm refreshing this veeery old topic, but i'm wondering is there still problem with using connectors with other, than mgr context (in MODx Revo 2.3.1)? Is there any danger of using connectors that way? I'm using
and seems to work propertly.
Maybe i'll explain what is my point: I'm using mgr, web and also third context, let's call it "restricted", to create front-end manager-like system based on bootstrap framework. All access for restricted-system users is based on MODx ACLs assigned to "restricted" context and my custom permissions for each usergroup. All operations (getting data, setting data, saving,deleting etc.) are based on AJAX requests. Checking permissions is made in each processor file by
I considered the use of simple resource (gateway), but using processors for this job seemed to be less complicated (cuz i can run processor as AJAX request and by
function).
So, can they be any security problems? Excluding wrong ACLs and permissions settings of course (there are on my head)
P.S.: Better ideas for solving this problem are indicated, but mainly i'm curious is my thinking is right.
P.S.2: and sorry, but english isn't my primary language
Regards
EDIT: This part
is however bad idea - there is possibility to change that into mgr and it can give unexpected security problems. Better idea is to declare
$_REQUEST['ctx']='restricted';
in connector file, so every time it overwrite incoming context into the right one
But what about my question anyway?
[ed. note: jacqbus last edited this post 9 years, 6 months ago.]