Sorry, I misunderstood you.
How are the users accessing the unpublished pages (e.g., Menu, direct entry of the URL in the browser, MODX link tag on the page, raw link code on a page)?
OK. I will try it and post the results later.
If I’m getting you,
Quote from: BobRay at May 04, 2011, 03:10 AMThese pages are in the subfolder of "web" in the resource-tree on the left part of the Backend as all our documents.
1. The unpublished resources are in a context other than ’web’ or ’mgr’ and there is no Context Access ACL entry at all for that other context.
Quote from: BobRay at May 04, 2011, 03:10 AMYes
2. When you look at those resources in the Create/Edit Resource panel in the Manager, the published checkbox is unchecked.
Quote from: BobRay at May 04, 2011, 03:10 AMYes
3. (anonymous) users, not logged in in either the front end or back end, can see the content of those resources in a separate browser and no one is logged in to the Manager in that browser at the time.
First, try deleting all the files in the core/cache directory. Then clear the browser cache and cookies in the other browser (the one you’ll be accessing the pages in). If you still see the resource content of those unpublished resources, it really sounds like a bug and should be reported here: http://bugs.modx.com/.
Ah . . . There are some serious problems with that tutorial.
What are the policies assigned to the Members user group in your ACLf entries?
The problem is a plugin which enables single ssl-pages. Do you know what we have to correct in this plugin to hide unpublished resources for users not logged in?<?php
if ($modx->event->name == 'OnWebPageInit') {
//CONFIGURATION
// server paths - no trailing slash!
$secureserver = "https://www.ourdomainname.com";
$insecureserver = "http://www.ourdomainname.com";
$resourceId = $modx->resourceIdentifier;
if ( intval($resourceId) ){ //exclude if not an id
$encryption = FALSE;
$urlType = 'http';
$doc = $modx->getObject('modResource', $resourceId);
$secure = $doc->getTVValue('encryption');
if($secure=='1') {
$encryption = TRUE;
$urlType = 'https';
}
$modx->setPlaceholder('urlType',$urlType);
$url = $_SERVER['REQUEST_URI'];
$ssl = FALSE;
if($_SERVER['HTTPS'] == 1) {
$ssl = TRUE;
} elseif ($_SERVER['HTTPS'] == 'on'){
$ssl = TRUE;
} elseif ($_SERVER['SERVER_PORT'] == 443) {
$ssl = TRUE;
}
// switch between http / https if necessary
// if $secureserver === $insecureserver (eg you are testing locally)
// then comment out this code block to avoid infinite recursion
if($encryption && !$ssl) {
// if SSL off and we are about to access a secure page then redirect
$modx->sendRedirect($secureserver.$url);
} else if ($ssl && !$encryption) {
// if SSL is on and we are about to acccess an unsecure page then redirect
$modx->sendRedirect($insecureserver.$url);
}
}//exclude if not an id
}
// switch between http / https if necessary
if ($resource->get('published') == false || $resource->get('deleted')) {
$modx->sendErrorPage();
}