Answered User Error 200 ok in 2.5.4 in manager when opening resource

@clareoconsulting Thanks for the debugging tip.

It is very helpful to allow the test user to flush his own permissions ( Access Policy: flush_sessions ) and the user has to see the "Manage" menu ( Access Policy: menu_tools ).


I got the same problem on every modx site after updating to 2.5.4 too.

I check the network traffic with the requests with the developer tools as clareoconsulting described.

In my case i had a security problem to get the users list. I added a group of editors without any administrator rights. They only should edit content, pictures and text. So i copied the default Content Editor policy and customized the custom copy.


On every saving action the permission denid message appered:

The dev-tools showed that:
https://URL/connectors/index.phpid=action=security%2Fuser%2Fgetlist
parsed: action:security/user/getlist

I solved it to add the access poliy "view_user".

Why is it necessary? The message appears when my editors got the default "Content Editor" policy.

After adding the "view_user" policy a new menu item appears in the "Manage" menu: "Users". When the editors clicking on it they getting an hard acceess denied.

Link of the "Users" menu:
https://URL/manager/?a=security/user

Hard error message:


I think that is a bug.

btw: Why are the menu names in the acl are different to the real english names?
Example: access policy: menu_tools, description: Show the top menuu item "Tools", real name: "Manage" [ed. note: i-am-neo last edited this post 7 years, 1 month ago.]

Quote from: clareoconsulting at Jan 06, 2017, 04:38 PM

Quote from: valokammi at Jan 05, 2017, 01:42 PM

I`m raised my hands to find what permission caused this.

I just came across this on a new 2.5.4 site using a policy that had worked fine up to and including 2.5.2, so something changed in 2.5.3 or 2.5.4.

Specifically, granting the permission view_template made the error go away.

In case it helps someone investigate similar problems, the way I zeroed-in on this was the following.:

1. Open browser developer toolbar (Chrome in my case)
2. Go to the Network tab therein
3. Take the action in MODX that triggers the error
4. Within the developer toolbar Network window, click on each URL, then select the Response sub-tab of that URL
5. Do so for each URL accessed, looking for the error you saw in the popup in the response. That URL is the likely culprit
6. In the Headers sub-tab for that URL, look for the action field within the Form Data section. This should give a clue as to what access was failing. In this case, the action field was, element/template/getList leading me to try out permissions for templates

This saved my ass today. Thanks for posting.

Quick note for anyone experiencing the the error



Happened to me on a site running 2.6.4 today that has been updated from the original install on the 2.5.x branch.

Administrator user was fine, Content Editor user received the error message when working on Resources (the Uses Template dropdown displayed 1 instead of the Template name).

Checking the default Content Editor ACL showed it already had the view_template permission so I was stumped for a bit.

Turns out my Content Editor users have a custom ACL with a few elevated permissions over the default Content Editor ACL.

Adding view_template to the custom ACL resolves the issue as expected.

Moral of the story - take your time and start at the time when debugging stuff.