-
- 118 Posts
I`tried to make member pages, but it`a little confusing.
Make everything like in manual. And it seems working, to view a page you have to log in, ok so far.
Sometimes hidden link is showing and sometimes no in menu. No depend are you logged in or not. I tested browsing few pages (all have same template and WF call.), sometimes theres a link and sometimes not, no matter if you`re logged in or not.
I can`t see link when logged in as admin too!
Start to think about caching, and turned my top bar wayfinder call to noncached (! before call), menu is damn slow, but seems to render what it should, logged in or not.
So my opinion is that there`s issue with caching in this situation.
Tassu, webmaster of Valokammi
-
- 24,544 Posts
If it were an issue with caching, you'd expect to see the same menu every time.
If you're viewing in the same browser where you're logged in to the Manager, it will give you unusual results. Make sure you're testing from another browser where you're not logged in to the Manager.
[ed. note: BobRay last edited this post 9 years, 11 months ago.]
-
- 3 Posts
Hello!
I`ve bumped into a problem with this guide. I`ve gone through all the steps, made a resource group, attached a resource to it, made a user group, attached a user to it, made context ACL and resource ACL for that resource group, just like in tutorial. The problem is the resource is still viewable for anonymous users. I`ve flushed all permissions, cleared site cache, viewed page from different browsers (erased all cookies just in case), but nothing helps, the page is still accessible. I`ve checked the anonymous user group, just in case - it has no access to that resource group. Even tryed to restart Apache...
Any ideas what could be the problem?
P.S. I`m running MODX 2.2.13-pl
P.P.S. Oh, and one more thing, I`m runing this site on localhost, and sometime ago I had an error which erased my php.ini file, I`ve downloaded new one from PHP package, and enabled this extensions:
php_curl.dll
php_mbstring.dll
php_mysqli.dll
php_pdo_mysql.dll
Could the problem be caused by php.ini configuration? Did I miss some required extensions?
P.P.P.S. Tryed the tutorial from MODX: The official Guide book, didn`t work either, though it`s basically the same as in this tutorial, no wonder it didnt work, must be something with my setup.
[ed. note: orbryy last edited this post 9 years, 11 months ago.]
-
- 24,544 Posts
The php.ini setup should have nothing to do with the permissions.
Often, you need to flush all sessions as well as permissions. Also, if you're viewing from the Manager, it can confuse MODX about who you are and your login status.
I can't think of anything else that would cause your problem as long as the User Group is connected to the Resource Group with a Resource Group Access ACL entry and the (anonymous) user is not a member of the Resource Group.
Unless the Resource also belongs to another Resource group that the (anonymous) user has access to.
-
- 3 Posts
Well, let me tell my whole setup, just in case i got my vision dimmed and miss something. I got a resource group called 'Profile', and 5 resources that belong to it. I also have a user group called 'Users', and a user with name 'User' attached to it. The 'User' role is 'Member - 9999'. 'Users' group has context ACL attached:
context = web
policy = Load, List and View
min role = Member-9999
and a resource ACL attached:
context = web
resource group = Profile
policy = Resource
min role = Member-9999
The only two other user groups I have are (anonymous) and Administrator. The (anonymous) group has nothing in resource ACL tab, and has a context ACL:
context = web
policy = Load only
min role = Member-9999
The administrator group has only one default admin in it, two default context ACL, and a resource ACL:
context = web
resource group = Profile
policy = Resource
min role = Member-9999
That's it, now, all the test I was doing in differnet browser, after flushing permissions, sessions, clearing modx cache and deleting old session cookies in that browser. And I could access any page within Profile resource group without logging in. I tryed removing resource ACL from administrator group, didn't help. I tryed making a new role, with authority 1000, and making it as minimum role in resource ACL for that resource group, didn't help. I really have no idea, in your book you say that as soon as we add ACL which connects resource group and user group, that resource group becomes private, but it feels like in my case it doesn't happen. The last thing I might try is move the site to real hosting and see if the problems remains...
-
- 3 Posts
After all, it turned out that the problem was in server configuration, because when I moved the site to hosting service, resources became private as they are supposed to be, and are only accessible to logined users.
-
- 24,544 Posts
I don't see how that could be, but I'm glad you got it sorted.
[ed. note: BobRay last edited this post 9 years, 4 months ago.]
-
- 22 Posts
I am having a similar issue in that if the user goes directly to the URL, they can bypass the Login feature. I am able to get it to work properly on our UNIX server, but it's not working for our client's Windows server. I did notice all of their permissions were set to 777 for both folders and files and was wondering if that could be the cause - similar to what orbryy experienced above?
Any thoughts or suggestions on what may be causing this issue would be appreciated.
-
- 1 Posts
Seems the Access Wizard has changed in 2.5. Are Resource Groups still available or is this condensed within the User Group Wizard?
-
- 24,544 Posts
Quote from: mcwu07 at Dec 09, 2014, 02:58 AMI am having a similar issue in that if the user goes directly to the URL, they can bypass the Login feature. I am able to get it to work properly on our UNIX server, but it's not working for our client's Windows server. I did notice all of their permissions were set to 777 for both folders and files and was wondering if that could be the cause - similar to what orbryy experienced above?
Any thoughts or suggestions on what may be causing this issue would be appreciated.
File permissions shouldn't affect this. Did you flush permissions and sessions (log everyone out), on the Main menu after making your changes?
You might also try deleting all files in the core/cache directory. Also, make sure you're logged out of the Manager when you test.
Since you've been testing, it may be that the pages are still in the browser cache.
As a kind of belt and suspenders method, you can also create a snippet with the following code and put a tag for it on the protected pages. It will redirect any users who are not logged in to the Login page:
<?php
/* LoginCheck snippet */
$loginId=12; /* Set this to the id of the login page */
if (! $modx->user->hasSessionContext('web') ) {
$url = $modx->makeUrl($loginId, "", "", "full");
$modx-sendRedirect($url);
}
This assumes that the protected pages are in the 'web' context. If you have multiple front-end contexts, use this:
if (! $modx->user->hasSessionContext($modx->context->get('key')) ) {
