We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

Problem with Media Source Policy

    • 38329
    • 2 Posts
    suetti Reply #1, 12 years, 3 months ago
    I developed a TV Input Type to Upload serveral Files depending to a Resource.
    Everything works fine for the Administrator User Group.

    I created another User Group Editor with restricted rights. The Policies 'create', 'file_upload' ... are checked. Then I created a Media Source which is assigned to the TV.

    Now, when I try to Upload a file the Ajax Response from the Upload Processor in (core/model/ modx/processors/browser/file/upload.class.php) is permission_denied.

    I checked the file and found the Code Line where it stops:

    36    if (!$this->source->checkPolicy('create')) {
37       return $this->failure($this->modx->lexicon('permission_denied'));
38    }


    When I comment this line it works for the Editor Group.

    Then I assigned the Media Source to the User Group with the Policy Media Source Admin. But it doesn't work either.

    Next Problem:
    When the Media Source is assigned to a User Group I can't see (edit) it any more in Tools/Media Sources.

    Hope you can help me.
      • 3749
      • 24,544 Posts
      BobRay Reply #2, 12 years, 3 months ago
      I'm not sure I understand your problem. If it's just you (as admin) that can't see the the resource, be sure you've added yourself to the Editor Group.

      If the Editors still can't create a new one, remember that there are two permissions that affect most actions for protected resources and elements. One is in the "administrator"-style policy used in the Context Access ACL entry. The other is in the Resource- or element-style policy used in the Resource Group or Element Category ACL entry. The user needs to have both permissions to perform the action.

      If it's not that, it could be a bug in the implementation of Media Sources.
        Did I help you? Buy me a beer
        Get my Book: MODX:The Official Guide
        MODX info for everyone: http://bobsguides.com/modx.html
        My MODX Extras
        Bob's Guides is now hosted at A2 MODX Hosting
      • opengeek Reply #3, 12 years, 3 months ago
        Check the important note near the top here — http://rtfm.modx.com/display/revolution20/Securing+a+Media+Source and see if your principal_targets include the proper value.
          Jason Coward
          Chief Architect @ MODX
          http://www.jasoncoward.com | http://twitter.com/drumshaman | https://github.com/opengeek
          • 38329
          • 2 Posts
          suetti Reply #4, 12 years, 3 months ago
          Ok,

          thanks fpr your help, but I found the mistake myself. I have to pass the "source" parameter to the file processor with the actuall Media Source id and not only the path.

          But the Problem with the Media Source Policy still exists:
          The principal_targets value exists in the system settings.

          I can not assign both Policies to the Usergroup, because when i choose the Admin Policy the Media Source doesn't exist any more in the Media Source List (See the attachement)
          • opengeek Reply #5, 12 years, 3 months ago
            Oh, I think I understand now...can you please file a bug for this in our bug-tracker so it gets addressed?
              Jason Coward
              Chief Architect @ MODX
              http://www.jasoncoward.com | http://twitter.com/drumshaman | https://github.com/opengeek