On March 26, 2019 we launched new MODX Forums. Please join us at the new MODX Community Forums.
Subscribe: RSS
  • I can't clearly understand user-groups-based access to boards.

    After install I have "Forum Members" group that have access to all globally accessible boards. I've added here a "test" user (not admin user, now it is member of "Forum Members" group only).

    My "test" user have access all over the forum.
    Good, but I want to have some boards that will be accessible to selected user groups only.

    First, I have created a new group "OXC":
    give it one context "web" "Member - 9999" "Load, List and View"
    and a "test" user as "Member - 9999" ("test" user now is member of "Forum Members" & "OXC" groups).

    Question: Should I add second context "web" "Member - 9999" "Discuss Member Policy" to my "OXC" group? Seems that is not necessary, but I have to ask to be sure smiley

    Then, I have created a standard board "OXC members only".

    As I understand there are two ways to edit access to boards:

    #1. Components -> Discuss -> Boards -> "OXC members only" -> Edit Board -> User Group Access
    And add here "OXC" group.

    #2. Components -> Discuss -> User Groups -> "OXC" -> Update User Group -> Boards
    And check here boards to access.

    Adding "OXC" group to "OXC members only" board settings causes changes in "OXC"'s checked boards - (#1) causes changes of (#2).
    But checking "OXC members only" board in "OXC" group settings not causes changes in "OXC members only" board settings - (#2) not causes changes of (#1).
    And it not take effect at all - even after value have been saved, when update-user-group-page reloaded it takes value of board settings (#1), not its own new (allegedly "saved") value. Seems that mechanism (#2) is not working?..

    Alright.. let's simply add a group to our board (#1). Save, clear the cache, flush permissions - new settings displays successfully on both pages. But "test" user still do not have access to "OXC members only" board. While Admin and Guest do have! Smiling through tears))) Exactly the opposite result)) What I'm doing wrong?

    This question has been answered by rethrash. See the first response.

    • Update


      When I'm assigning access to "OXC members only" board for "Forum Members" group it works fine. Guests do not have access to "OXC members only" board; logged-in users ("Forum Members") do have access.

      Hmm.. It makes me think, that it is something wrong with my newly created group. I tried to add a second context "web" "Member - 9999" "Discuss Member Policy" to my "OXC" group, and to change the only "web" context of "OXC" group to "Discuss Member Policy"/"Discuss Moderator Policy"/"Discuss Administrator Policy", and even to remove all contexts from "OXC" group - no effect. Other settings of "OXC" group are the same as in "Forum Members" group. I don't understand... [ed. note: Alexus last edited this post 8 years, 7 months ago.]
      • Did anyone else tried user groups access? Nobody? Indeed??
        • discuss.answer
          We use it on these MODX boards. When testing, make sure you're using another browser that is not logged into the Manager. I've been frustrated to no ends by that one myself!
            Ryan Thrash, MODX Co-Founder
            Follow me on Twitter at @rthrash or catch my occasional unofficial thoughts at thrash.me
          • Thanks a lot!

            Sooth to say, it was not the answer, but it pushed me in the right direction smiley Yes, I'm always works with test user in another browser, that is not logged into the Manager. But there is one thing that confused me and led me to conflicting conclusions.

            When I'm adding a "test" user into "OXC" group - everything works fine, "OXC members only" board appears and "test" have access to it.
            But when I'm deleting "test" user from "OXC" group - "OXC members only" board do not disapears, "test" user still have access to board that should be closed for him now. Even "flush permissions" does not help. Only logout and login "test" user. Seems that it is some kind of small bug? Is it related to user sessions, and related to Modx core, not Discuss addon?

            Upd^
            I want to try modified sessions as described below and learn more about this user group access mechanism:
            http://develop.modx.com/blog/2012/04/05/new-for-2.2.1-session-less-contexts/ [not what I need]
            http://habrahabr.ru/sandbox/43175/
            Some kind of deleting user groups from user session will suit most of my projects, but it will be fine to have improved session mechanism to achieve correct and instant work with user-group-access in further. [ed. note: Alexus last edited this post 8 years, 7 months ago.]
            • You often need to also Flush All Sessions when changing security permissions.
                Did I help you? Buy me a beer
                Get my Book: MODX:The Official Guide
                MODX info for everyone: http://bobsguides.com/modx.html
                My MODX Extras
                Bob's Guides is now hosted at A2 MODX Hosting
              • As a variant, yes. But is not very convenient. User logged into the site, make some quest to get membership. Ok, I'm adding him to new privileged group. And then should I say him to re-login? Personaly to every new member? Or should I "Flush All Sessions" - but it will logout all innocent users too)) No, it is not convenient for active communities that have frequent transitions of users from group to group.
                • I'm pretty sure you can add the user to a group in code without flushing anything as long as the permissions are already set up:

                  $modx->user->joinGroup('groupName');


                  You should only need to flush sessions when you alter the ACL entries. I could be wrong.
                    Did I help you? Buy me a beer
                    Get my Book: MODX:The Official Guide
                    MODX info for everyone: http://bobsguides.com/modx.html
                    My MODX Extras
                    Bob's Guides is now hosted at A2 MODX Hosting
                  • Yes, I was thiking about creating front-end admin page where I can manage users groups. I did not try yet, but I think I should add a few more code:
                    $modx->user->joinGroup('groupName'); // or leaveGroup()
                    $modx->user->save(); // I don't sure... sould I use it or not?
                    unset($_SESSION["modx.user.{$id}.userGroupNames"]); // $id of the edited user
                    

                    • You shouldn't need to save the user (though that might refresh the user's permissions - not sure). joinGroup() and leaveGroup modify and saves the user group member intersect object, which is the only place the membership info is stored in the DB.

                        Did I help you? Buy me a beer
                        Get my Book: MODX:The Official Guide
                        MODX info for everyone: http://bobsguides.com/modx.html
                        My MODX Extras
                        Bob's Guides is now hosted at A2 MODX Hosting