NewsPublisher: access denied with same permission#

Hi All,

a strange behavior with NewsPublisher.

I have the snippet call in one resource.
Resource is in a Resource Group (called "HR").
I have a user group "HR" to access the resource group "HR".
In this user group I have members (9999) and 2 users with role Super User, access policy Resource.
One of the 2 (incidentally the manager super user) can access the NewsPublisher form, the other user can't.

I'm using Revo 2.1.2, NewsPublisher 1.2.0

Any help will be very welcome.
Tnx & bye

I'm not positive, but I think NewsPublisher checks to make sure the user is logged in and has an authority level less than 9999. Otherwise, anyone who visits can edit pages at will.

If that's not the problem, it would almost have to be an incorrect minimum role in one or more ACL entries.

Hey Bob, thanks for your reply.
I realize that I missed some important specs in my first post.
Mainly a clear permission status and the fact that I login to the site using Login snippet.

Permission status:

Resource: "HR Page" belonging to resource Group "HR"


User Group: "HR" with 2 users:

"Gianni", role Super User 0
"Master", role Super User 0

The UG has the following Resource Group Access:
Resource group:"HR", Minimum role: Member 9999, Policy: Load, List, View, Context: web
Resource group:"HR", Minimum role: "Editor" 100, Policy: Resource, Context: web
(I think the issue is here...)

With this configuration, users logged in and not belonging to UG HR cannot see HR Page, even in menus.
When I login (using Login snippet) with users Gianni and Master I get different results.

When user Master goes to HR Page, he can see the NewsPublisher form and he can create resources.
When user Gianni goes to HR Page, he gets an error:

Sorry . . . There were one or more problems in producing the form:
You do not have permission to create a document

Last one: the website is on localhost and I use to login in the back-end (manager) with Chrome, and to access the website with Firefox, just not to have conflicts.

Any suggestion is appreciated.
Thanks

gianni

With this configuration, users logged in and not belonging to UG HR cannot see HR Page, even in menus.

As you probably realize, this doesn't have anything to do with NewsPublisher, which is not around when the menus are created.

Is there also a Context Access ACL entry for the HR user group giving access to the 'web' context? They would need that to perform Manager actions like creating docs.

Does 'Master' belong to another group that might have one? That would explain the difference.


Is Gaul still divided into three parts? I thought they fixed that.

Hi Bob,

it's a permission matter, for sure, no bugs in NewsPublisher.
I would like to limit HR resource group to HR user group users.
One (or more) HR users should be able to create/edit resources for HR RG.
It's ok that HR resources are restricted.

Just to sempify things, do you have a permission/access scheme or template for using NewsPublisher to get the effect I need ? I think it is the most common one...

Ah, yes Gauls fixed it. But there are still Belgian and Swiss Gauls walking around...
Greetings from Italy

gianni

Bob, I found a recent post, where you contributed, that was enlighting
http://modxcms.com/forums/index.php?topic=64586.0
Now I'm managing to create the permission scheme suitable for my project (a Company intranet).
If I succeed in elaborating a comprehensive scheme of user templates, maybe I will share it under the Security discussions.

Thanks

gianni

I'm glad to hear you're making progress. When I have a little more time, I'll try to put together a short permissions tutorial for NP.