We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

Setting up context access

    • 30912
    • 463 Posts
    Tyreal2012 Reply #1, 13 years ago
    Well,

    I’ve finally decided to look into Revo, mainyl becuase it will quite possibly sort out an upcoming project. however one of the things i dont get is how to assign context only manager access, ive looked at BobRays guides and spittingreds video and im still no wiser...

    I’ve set up my context - called test.

    ive setup a user, set a role from the adminsitrator template and removed all access to anything to do with contexts.

    i added the said user to a usergroup.

    I edits the user group, set the contexts in contxt access to mgr and test (thats the name of my context) and hit save.

    but when i logged in as that user, they can still see the web and test context...so now im confused as to what ive missed.

    im using Revo 2.1.0 rc3 traditional and im not very very lost...especially as the site were considering could have 14 contexts...

    help smiley
    • Everett Reply #2, 13 years ago
      I’ve avoided contexts... I can’t think of a use-case for them.... yet. Are you wanting to use contexts as containers for user permissions? My understanding of them is that they are yet another wrapper around users and resources, in addition to the existing "wrappers" of "user groups" and "resource groups".
        Hosting stuff: http://fireproofsocks.com/
        Coding stuff: http://craftsmancoding.com/
        Blog stuff: http://tipsfor.us/
        • 30912
        • 463 Posts
        Tyreal2012 Reply #3, 13 years ago
        Each context will be a sub site - for dealers, with its own domain and content
          • 3749
          • 24,544 Posts
          BobRay Reply #4, 13 years ago
          Did you flush permissions and sessions before testing your changes?

          What you describe sounds like the correct process (as long as the user isn’t a member of the Administrators group).

            Did I help you? Buy me a beer
            Get my Book: MODX:The Official Guide
            MODX info for everyone: http://bobsguides.com/modx.html
            My MODX Extras
            Bob's Guides is now hosted at A2 MODX Hosting
            • 30912
            • 463 Posts
            Tyreal2012 Reply #5, 13 years ago
            I flushed it yet, the member is not in the administrator group either..

            my user group has the authority of 1 though, maybe it should be less?
            • opengeek Reply #6, 13 years ago
              To be clear, UserGroups do not have an Authority. Authority is assigned by the Role a User has within a UserGroup. The Authority on the Access Control Entry that attaches a Policy to a UserGroup simply defines the minimum Role a User must have for the Policy to apply. The higher the number, the less Authority needed—this is why a basic Role of "Member" has an Authority of 9999 and "Super User" an Authority of 1. So creating an Access Control Entry for the Context with an Authority of 1 will ONLY apply the selected Policy to users with a "Super User" Role (or any Role you define with an Authority of 1) in the UserGroup you assign it to.
                Jason Coward
                Chief Architect @ MODX
                http://www.jasoncoward.com | http://twitter.com/drumshaman | https://github.com/opengeek
                • 30912
                • 463 Posts
                Tyreal2012 Reply #7, 13 years ago
                Thanks,

                Makes sense, still havent cracked it yet though, but ill keep trying smiley
                  • 3749
                  • 24,544 Posts
                  BobRay Reply #8, 13 years ago
                  It sounds like you might be doing it backwards. You want to protect the context by linking the *Administrator* group to it. You do that by creating a Context Access ACL entry for the Administrator group naming the "test" context.

                  That will protect the context. If the other user group *doesn’t* have a Context Access ACL entry for that context, they won’t be able to see it.
                    Did I help you? Buy me a beer
                    Get my Book: MODX:The Official Guide
                    MODX info for everyone: http://bobsguides.com/modx.html
                    My MODX Extras
                    Bob's Guides is now hosted at A2 MODX Hosting
                    • 38730
                    • 5 Posts
                    krills Reply #9, 11 years, 2 months ago
                    Hi,

                    I'm having the same problem in 2.2.6. We have some contexts that should not be accessible to anyone but admins. So for that context i have given only Admins access, and the "anonymous" group only has access to load the other contexts. Still, after flushing permissions and sessions 10 times, the anonymous group still sees the context and can surf it.

                    What am i missing?

                    Edit:
                    I solved it temporarily by creating a little snippet and putting it in the header chunk:
                    [[!contextProtect? &contexts=`context1,context2...`]]


                    <?php
$contexts = (isset($contexts) ? array_filter(explode(',',$contexts)) : array());
foreach ($contexts as $context) {
	if ($modx->context->get('key') == trim($context) && $modx->user->get('username') == '(anonymous)') {
		$modx->sendUnauthorizedPage();
	}
}
                    [ed. note: krills last edited this post 11 years, 2 months ago.]