We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
    • 40016
    • 32 Posts
    The action is:
    action:security/user/getlist

    So I openend:
    ..../core/model/modx/processors/security/user/getlist.class.php

    And cannot find any policy check.
    I do not see why Articles needs to get a list of users?
      • 38237
      • 83 Posts
      There is a list of user on the right side "Created by", so seems your issue is known, you need to give access "view_user".

      try and tell me if it works.
        • 40016
        • 32 Posts
        Jup that's it!
          • 38237
          • 83 Posts
          Glad that i could help smiley

          IMHO, this is a general cosmetic defect in modx, as the message should mention the denied permission.
          • Indeed. There are a number of highly ambiguous error messages that would be much more useful if they were a bit more verbose.
              Studying MODX in the desert - http://sottwell.com
              Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
              Join the Slack Community - http://modx.org
              • 3749
              • 24,544 Posts
              Quote from: mina_gerges at Sep 25, 2014, 02:56 PM
              Glad that i could help smiley

              IMHO, this is a general cosmetic defect in modx, as the message should mention the denied permission.

              I think it doesn't because displaying the permission could aid hackers. The permission denied should probably be written to the Error Log.
                Did I help you? Buy me a beer
                Get my Book: MODX:The Official Guide
                MODX info for everyone: http://bobsguides.com/modx.html
                My MODX Extras
                Bob's Guides is now hosted at A2 MODX Hosting
              • Quote from: boomerang at Jul 31, 2014, 08:20 AM
                I got the:


                Code: 200 OK
                {"success":false,"message":"Permission denied!","total":0,"data":[],"object":[]}

                problem on upgrade from 2.2.14 to 2.3.1 and can confirm it was resolved my checking permission for class_map as suggested by codenator below:

                class_map
                To view a list of classes in the Class Map. role solve issue
                There problem no much info which king of issue I got.

                Did need to Logout All Users to fully flush permissions but it did fix the message smiley

                Same here: Codenator's fix worked for me.
                  Lucy Iannotti
                  Following Sea design & development
                  http://www.following-sea.com
                  New Bedford, MA
                • Now we are getting the same error message when an editor account tries to edit a user account. I had to check a few more permissions just to get the editor account see the User accounts - they could see them just fine before the upgrade from 2.2.* to 2.3.1. Once upgraded to 2.3.1 they did not have the top-level menu item "Manage" in view so could not see User accounts nor clear the cache, even though they had those permissions. But now each time a user account is opened for editing the Code 200 message (*above) pops up.
                    Lucy Iannotti
                    Following Sea design & development
                    http://www.following-sea.com
                    New Bedford, MA
                    • 38237
                    • 83 Posts
                    @lucy Same method applies to fix your issue:

                    - Use browser developing mode (I personally preffer chrome)
                    - on the network tab, find the resource which returned that message (you can check the response on the right side)
                    - check the request, the "action" is the call to the processor which throws the message, add (..../core/model/modx/processors/) before it and this is the path of the file to check
                    - Open that file and see which permission it is checking, then add it to the user group.

                    Can be $permissions = xxxx OR $this->modx->hasPermission('xxxx');
                    • I've found that upgrades sometimes will arbitrarily clear permissions that were originally checked. This is not limited to upgrading to 2.3, either.

                      I never notice anything, since I use an Administrator user that is also a sudo user, but non-Administrator users can have a problem after an upgrade.
                        Studying MODX in the desert - http://sottwell.com
                        Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
                        Join the Slack Community - http://modx.org