This is trickier than it sounds because for users that are not authorized to see a page, the page doesn't exist. They'll be redirected to the page designated as the Error ("page not found") page per the MODX error_page System Setting - but so will anyone who tries to visit a non-existent page.
There's a method described here (
http://bobsguides.com/revolution-permissions.html) that will send them to the unauthorized page instead, where you could have the message, and the Login snippet with &redirectToPrior=`1` to send them back after they successfully log in. See the "Unauthorized Versus Error Page" section near the end.
As for the permission settings, I think this is what you want:
Neither Group should have a Context Access ACL entry with a context of 'mgr' (unless you want them in the Manager).
All ACL entries for this should have a context of 'web' and a minimum role of whatever role the users have in the respective User Group. The Policy should always be "Load, List, and View" (unless the users will be going into the Manager to edit resources). "Load Only" would probably work -- you can try it later after everything is working.
Connect the "Members Only" Resource Group to the Members User Group with a Resource Group Access ACL entry.
Connect the "Paid Members" Resource Group to the Paid Members User Group with a Resource Group Access ACL entry.
Connect the "Members Only Resource Group to the Paid Members User Group with a Resource Group Access ACL entry.
Flush permissions and Flush all Sessions. Test from a browser where you're not logged in to the Manager.
If it all works, consider a donation to the site in my sig.
------------------------------------------------------------------------------------------
PLEASE, PLEASE specify the version of MODX you are using.
MODX info for everyone:
http://bobsguides.com/modx.html
[ed. note: BobRay last edited this post 11 years, 10 months ago.]