I have created three user groups (Customer, Market and Research) and three matching resource groups.
The groups' resources are collected into a container resource (ids 10, 11 and 12) for each group.
I set up the Login extra according to
https://docs.modx.com/extras/revo/login, and
https://docs.modx.com/extras/revo/login/login.tutorials/login.basic-setup,
the only difference being that I have converted the tutorial's Members Home Page in to a redirect page. This redirects each logged-in user to the homepage of their group, using the redirectUsergroups extra:
[[!redirectUsergroups? &redirs=`Customer:10,Market:11,Research:12`]]
All pages use the same Template, and I have a simple wayfinder menu with several calls to it in that template, one for public pages, and one for each user group:
[[!Wayfinder? &startId=`0` &outerTpl=`outerTpl` &rowTpl=`rowTpl` ]]
[[!Wayfinder? &startId=`10` &level=`2` &outerTpl=`outerTpl` &rowTpl=`rowTpl` ]]
[[!Wayfinder? &startId=`11` &level=`2` &outerTpl=`outerTpl` &rowTpl=`rowTpl` ]]
[[!Wayfinder? &startId=`12` &level=`2` &outerTpl=`outerTpl` &rowTpl=`rowTpl` ]]
The result is that each logged-in user sees a menu with the public pages and their own user group pages, on the same menu.
This all works fine (though I don't know how secure it is).
However, if I am logged into the manager with the default admin in the same browser, this automatically logs the admin user into the front end too, and shows every page from each user group on the menu. And I cannot log the admin user out from the front end using Login.
I remembered that when creating the resource groups, I ticked the "Automatically give administrator group access". So I tried removing access this for one group. But this made no difference and the admin still shows all groups on the menu.
So my questions are:
1. How can I develop and test in the same browser without interference from the admin user?
2. How can I remove admin user access to any resource group?
(3. Does my security structure look ok for preventing cross-group access?)