[SOLVED] [BUG #6934] ACLs - How to give remove permission to a user group to delete only specific resources?

Doh ... I should have realized that was what was going on.

On your last point, if "save" permission is not granted, you should probably also take away "edit" permission, since there's no point in editing a resource you can't save.


---------------------------------------------------------------------------------------------------------------
PLEASE, PLEASE specify the version of MODX you are using . . . PLEASE!
MODx info for everyone: http://bobsguides.com/modx.html

Good point on the edit permission!

I looked in all the policies templates but there's no 'edit' permission. The Admin template is the only one to offer specific ones such as edit_chunk, edit_snippet, etc. It also has save, save_chunk, etc.

Based on your point, and since there are only 'save' permissions in all the other policy templates, I guess it would make sense to merge edit and save permissions in the Admin Template.

I generally hide resources the user can't edit/save altogether. It makes the Manager more convenient (and faster), and it prevents the somewhat impolite "Access Denied" messages.


---------------------------------------------------------------------------------------------------------------
PLEASE, PLEASE specify the version of MODX you are using . . . PLEASE!
MODx info for everyone: http://bobsguides.com/modx.html

Yep, I'm doing that too but it's not a fit-all-case solution. When the container shouldn't be editable and it's children resources need to, we get right into this issue. The example in your book is a great example of it.

I'm facing this on a website currently under development and users are clearly confused about being able to edit the form and not save it or being able to click the delete button and be denied the action only at the end of the process.

I updated the bug report. [ed. note: yogooo last edited this post 12 years, 3 months ago.]

I'm probably misunderstanding you, but can't you just give "list and view" permissions on the parent? In theory, that should keep them from being able to reach the Create/Edit Resource panel for them but still leave the children editable.


---------------------------------------------------------------------------------------------------------------
PLEASE, PLEASE specify the version of MODX you are using . . . PLEASE!
MODx info for everyone: http://bobsguides.com/modx.html

Bob, thanks for the time and effort you put into this. I'll try to clarify.

If I give only 'list' and 'view' permissions on the parent, it doesn't show up in the resource tree.
After adding the 'load' permission: the parent shows up again in the tree, the Edit Resource panel is reachable, there's no save button, the delete button is present but an alert 'permission denied' is displayed after confirming the deletion of the resource. The children are editable.

And since a few pictures are worth a thousand words http://www.haiku.hk/modx-acl-load-list/

Well explained. That does sound like a bug.


---------------------------------------------------------------------------------------------------------------
PLEASE, PLEASE specify the version of MODX you are using . . . PLEASE!
MODx info for everyone: http://bobsguides.com/modx.html

So here I am 3 year and 3 months latter running MODx 2.3.3-pl and I'm having the same problem you guys are describing. If I give List, Load, View permissions the "delete" button remains though it doesn't work, as well as the editable forms there to confuse users. If this was a bug wouldn't it have been fixed by now? Is there some other solution to having a container resource in an editors tree but not allowing them to open or view it?