unpublished resources visible?

My bad, sorry. The current user is assumed, so it should be:



I’ve amended the code above.

They are only visible when you have a manager session action with view_unpublished permission.

Bob, thank you for fixing the Snippet-Code!
Included in unpublished resources it returns "Yes"
I think we will have to debug our modx-settings...

See OpenGeek’s post above. If you are previewing from the Manager, or using another window in the browser where you’re logged in to the Manager, you’ll always have access to unpublished docs.

Try it from another browser where you’re not logged in in the Manager or the front end.

Ups... you are so right! I really forgot to log out - how stupid

So we’re trying now to find out, why on unpublished resources (user being logged out...)
the snippet returns "NO -- User does not have view_unpublished permission" even though the resouce
shouldn’t be visible in this case.

It would be very kind if you might suggest which parts of our system should be inspected
in order to find the mistake?

Settings - config-file - htaccess?

Many thanks!
Inka

Do (anonymous) users have permissions in that context (via a Context Access ACL entry)?

We have the following settings for anonymous users:

Going to: Security -> Access Controls
-> anonymous (update user group)
-> "context access web" shows
"Minimum Role": Member - 9999" and "Access Policy: Load only".

Are these settings all right?

Wouldn’t just removing the snippet get things working the way you want?

I’m afraid I need further help:
I don’t understand how removing the snippet could solve the problem,
that unpublished resources are visible for users which aren’t logged in?

Thanks again,
Inka

Sorry, I misunderstood you.

How are the users accessing the unpublished pages (e.g., Menu, direct entry of the URL in the browser, MODX link tag on the page, raw link code on a page)?

If I’m getting you,

1. The unpublished resources are in a context other than ’web’ or ’mgr’ and there is no Context Access ACL entry at all for that other context.
2. When you look at those resources in the Create/Edit Resource panel in the Manager, the published checkbox is unchecked.
3. (anonymous) users, not logged in in either the front end or back end, can see the content of those resources in a separate browser and no one is logged in to the Manager in that browser at the time.

First, try deleting all the files in the core/cache directory. Then clear the browser cache and cookies in the other browser (the one you’ll be accessing the pages in). If you still see the resource content of those unpublished resources, it really sounds like a bug and should be reported here: http://bugs.modx.com/.