404 instead of "not authorized" - My Forums

404 instead of "not authorized"

doggystyle — May 22, 2015, 07:22 AM

Hi,

i did setup a multilingual page with babel where i have 2 other contexts beside web. There is a protected area for members in every context. When a non logged in user tries to load a member page of the web context the "not_authorized" system setting redirects to the specified resource, fine.

When i do the same in another context a 404 appears. I followd a post which says you can set for every context a "not_authorized" which did not worked. Then i followed "Unauthorized Versus Error Page" from http://bobsguides.com/revolution-permissions.html but still the 404. Error logs says

[2015-05-22 14:00:28] (INFO @ /index.php) Principal 0 does not have permission to load object of class modDocument with primary key: 492

Cache and permissions flushed like 1000 times. I don't know what to check else. Im on revo 2.2.15

Any ideas?

btw. when im adding screenshots, i just get redirected to an empty "new post" page

Mike

Re: 404 instead of "not authorized"

gadgetto — Nov 21, 2015, 09:51 AM

Same problem here!

I have a single context web and a resource group Customers Area which is accessible by logged in users which belongs to group Customers.
If an anonymous user tries to access the protected resources he's redirected to the 404 page instead of the not_authorized resource.

I already added the load only ACL to the resource group for anonymous users but this doesn't help. Still redirected to 404.

Any other ideas?

Solved: I just had to kill all sessions and now it works as expected!

Re: 404 instead of "not authorized"

BobRay — May 23, 2015, 12:02 PM

Looking at the code, it looks like that error message is due to a problem with the Resource Group permissions, not the Context Access permissions.

You've probably already done this, but double-check to make sure the resource in question is in a Resource Group that the anonymous user has access to.

If that doesn't work, try changing the *Resource Group* Access ACL policy to Resource.

BTW, if you're logged into the Manager when testing, MODX may consider you the admin, even in the front end, in which case the anonymous permissions wouldn't apply to you, so unless you're a member of the anonymous group, you wouldn't have access to the resource.

Re: 404 instead of "not authorized"

doggystyle — May 23, 2015, 03:46 AM

Re: 404 instead of "not authorized"

BobRay — May 22, 2015, 04:52 PM

That message is saying that members of the anonymous user group don't have load permission for that resource.

This is just a guess, but if you update the (anonymous) user group in Security -> Access Controls and look on the Context Access tab, you'll see an ACL entry for the web context. You'll need one just like it for each front-end context.