We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

Approach to ACL permissions across contexts and resource groups

    • 36695
    • 47 Posts
    prioritypie Reply #1, 11 years, 5 months ago
    Hi,
    I'm looking for some meta advice about this problem. I've read all the docs on permissions but I'm obviously just being stupid as usual and not getting something.
    My app has multiple contexts, each accessed through a subdomain. Each context includes some generally accessible web pages and some login only pages. I also want some users within each context to be able to log in to the manager and edit some pages within that context.
    i.e.

    Context A
    - Page A1 (public)
    - Page A2 (public) (editable in mgr)
    - Page A3 (private - web login)
    - Page A4 (private - web login) (editable in mgr)

    Context B
    - Page B1 (public) (editable in mgr)
    - Page B2 (public)
    - Page B3 (private - web login)
    - Page B4 (private - web login) (editable in mgr)

    So there are users that can
    - log in to the "front end" of Context A and access pages A3 and A4
    - log in to the "front end" of Context B and access pages B3 and B4
    - log in to the manager, only see/edit A2 and A4
    - log in to the manager, only see/edit B1 and B4

    I've had everything working up to the point of the manager stuff. Whenever I restrict a user group to a particular context in the manager and then try to limit that access to an "Editable" resource group, it just seems to mess things up on the front end.

    I'd really appreciate some input on this. It seems perfectly logical as a model but the realities of implementing it seem less clear.

    Many thanks
    • CharlesMx Reply #2, 11 years, 5 months ago
      If your applying a resource to a restricted ACL group, you need to make sure that new group has the "web" context permission so that it can be viewed by public users (front-end). If you can post screen captures of your groups and permissions for a resource that would help, but that would be my guess that you restricted the "web" context to the resources completely.

        Evo Revo // Ubuntu, CentOS, Win // Apache 2x, Lighttp (Lighty)
        Visit CharlesMx.com for latest news and status updates.
        • 3749
        • 24,544 Posts
        BobRay Reply #3, 11 years, 5 months ago
        To restrict access in the Manager without affecting the front end, specify the 'mgr' context in any Resource Group Access ACL entries rather than the front-end context.
          Did I help you? Buy me a beer
          Get my Book: MODX:The Official Guide
          MODX info for everyone: http://bobsguides.com/modx.html
          My MODX Extras
          Bob's Guides is now hosted at A2 MODX Hosting
        • sottwell Reply #4, 11 years, 5 months ago
          Right. Many of the user group entries require web context access to perform various functions in the manager, but resource group permissions do not.
            Studying MODX in the desert - http://sottwell.com
            Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
            Join the Slack Community - http://modx.org