One of our websites seems to have non-functioning Access Control Lists. We don't know if this is a new thing – we have only just recently tried to implement Resource and User Groups. Following all the tutorials on the web still ends up with a 'protected' page that is viewable by the public.
- Created Resource Group with access to Web Context
- Put document in Resource Group
- Create User Group with Load List View access to RG and context
- Add user to UG
- Flush permissions/cache whatever
- Can still view the above document when not logged in
I'm sure this is a malfunction because when I try the above steps on a fresh Revo 2.3.3 install, it works – the protected document returns the Error 404 page instead.
I say 'fresh' because the malfunctioning site started life as Revo 2.2 and has been upgraded steadily to 2.3.3 over time. I've tried re-installing 2.3.3 over the top of it, no luck.
The site malfunctions on both our development server and the live server. Details below.
MODX 2.3.3 pl
Apache 2.2 / Litespeed 6.7.1
PHP 5.3.10 / 5.4.41
MySQL 5.5.43 / 5.6.23
My question is: what recourse do we have when a MODX install seems so fundamentally broken?
On a related note, I can't get user login (via the Login snippet) to work either – no user session seems to be created.