We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
    • 36491
    • 36 Posts
    Hi!

    Can anyone help me with NewsPublisher and ACLs? I get »You do not have permission to view this document« when I try to edit an existing resource that I created as the same user.

    From the start:

    Goal: A list of users should be able to create and edit their own pages via Newspublisher (without manager access). These pages should be protected from the public.

    I set up a new User group "VeranstalterGruppe" and a new Role "VeranstalterRolle" (authority 50). The respective users are in this group and have this role.

    I created the resource group "Veranstalterseiten" and put all relevant pages along with the Newspublisher page in it.

    I set up a new access policy "Veranstalter" using the policy template "NewsPublisherPolicyTemplate" so that it is basically identical to NewsPublisherEditor provided with NewsPublisher.

    For the user group "Veranstalter" I setup context access for mgr and web each with minimal role "VeranstalterRolle - 50" and access policy "Veranstalter". They also have resource group access to the resource group "Veranstalterseiten", minimum role "VeranstalterRolle - 50" and access policy "Resource" for both contexts web and mgr. (No other permissions were set)

    I also created a new template with [[!NpEditThisButton? &debug=`1` &np_id=`1099`]]. The Newspublisher page (id 1099) has this snippet call:

    [[!NewsPublisher?
        &templateid=`26`
        &show=`pagetitle`
        &initrte=`0`
        &initdatepicker=`1`
        &groups=`Veranstalterseiten`
        &parentid=`1099`
        &published=`1`
        &required=`pagetitle`
        &cssfile=`0`
        &hoverhelp=`1`
    ]]
    


    What works: I can login as a user from the group "VeranstalterGruppe" and create new subpages with the Newspublisher page. They are put in the resource group "Veranstalterseiten" as expected and are indeed not visible to the public. As the creator of the page I can view the page and see the little "Edit this page" button in the bottom corner. So far so good.

    But when I press this edit-button and I get to the Newspublisher page, I get the error message "You do not have permission to view this document" and the form is not displayed, which to me is counterintuitive. I CAN open the Newspublisher page (and thus create new pages) and I CAN view the page I just created. I just cannot edit it. Why is that?

    When logged in as administrator super user, editing existing pages works.

    So where did I make a mistake?

    Any help helps!
    Jörg

    This question has been answered by frischnetz. See the first response.

      • 3749
      • 24,544 Posts
      I'm guessing here, but your Veranstalter policy is not a Manager policy and it sounds like you've used it in your Context Access ACL policy. For that policy, you want a stripped-down version of the Administrator policy. Start with a duplicate of the full Administrator policy and see if that solves your problem. If it does, start eliminating unwanted permissions on it a few at time, checking to make sure that things are still working.
        Did I help you? Buy me a beer
        Get my Book: MODX:The Official Guide
        MODX info for everyone: http://bobsguides.com/modx.html
        My MODX Extras
        Bob's Guides is now hosted at A2 MODX Hosting
      • discuss.answer
        • 36491
        • 36 Posts
        It was indeed a missing/wrong permission in the policy. "save_context" was set instead of "save_document". As most times just a typo …