-
- 24,544 Posts
You might try giving anonymous users (maybe all user groups)'load' permission for the web context and/or mgr context if they don't have it already.
Here's the relevant code in connectors/index.php:
/* initialize the proper context */
$ctx = isset($_REQUEST['ctx']) && !empty($_REQUEST['ctx']) ? $_REQUEST['ctx'] : 'mgr';
$modx->initialize($ctx);
if (defined('MODX_REQP') && MODX_REQP === false) {
} else if (!is_object($modx->context) || !$modx->context->checkPolicy('load')) {
header("Content-Type: application/json; charset=UTF-8");
header('HTTP/1.1 401 Not Authorized');
echo $modx->toJSON(array(
'success' => false,
'code' => 401,
));
@session_write_close();
die();
}
You could also try just removing this piece of code from the index.php file:
|| !$modx->context->checkPolicy('load')
It might be useful to put this code as the third line and see what context is being initialized when the 401 occurs:
-
- 44 Posts
Thanks for the input, Bob. I was hoping to avoid hacking the core, but it may yet come to that. I believe that it's the "mgr" context that's being initialized on AJAX requests, because when I log into the manager, the solution Shawn proposed in the above-referenced thread works. (I haven't pursued "echo"-ing the context yet to confirm this, beyond finding out there was no obvious way to extract it from the JSON output.) The odd thing is, if I'm correct about the manager context being initialized, it doesn't help for the logged-in user to be authorized for the manager; the user must be actually logged into the manager for it to work.
In any case, you've given me some ideas for testing, which I'll follow up on tomorrow.
-
- 24,544 Posts
I'm glad you're making progress. BTW, I wasn't suggesting permanently hacking the core -- just temporarily putting in some diagnostic code that might help find another way to solve it.
I agree that it's probably the 'mgr' context (that's the default), but it would be nice to know for sure. The fact that the user has to be logged in for it to work is why I suggested giving load permission to the Anonymous group in a Context Access ACL entry. Anyone who is not logged in is automatically a member of that group, so most permission checks will work whether they are logged in or not.
-
- 24,544 Posts
I'm glad you got it sorted. Thanks for reporting back.
