I am really battling to get ACLs working in MODX 2.7.3
I am trying to put together a PoC where there will be around 60 users who will each need access to edit their own profiles (and not each others) and then some of the users will be granted extra permissions to edit other pages.
So I have started small with just two users.
I have created the Resource Groups (now under the Content menu) and dragged the pages I want the test users to have access to.
Ideally, I would like to show only the pages the user has edit rights to the left hand tree view.
I cloned the Admin Page Policy and reduced its access, created a Page Editors Group, gave Admin SU access, and gave my two users Page Editor (level 15) Context Access of Page Editor role and access Page Editor.
This allows the users to log into the manager screen and has disabled all the admin stuff I do not want them to do (which is a good start) but they do not see any of the resources.
Next, I create a User Group matching my test username, add my user (role 15) and give them Resource Group access (15) with an access policy of Resource.
I also create a Resource Group called AllPages to hide all of them
My issues are:
Depending on where I am through the steps, I either get a 200 error (permission died) or the page completely disappears from view. Enabling sudo for the user gives them full access.
Should policies for Context be set to Context and Resources to Resources?
Where ever I set a role, should it be the same value (15) for all users (other than the admin) in all places (I only have one role with that value)
Is there a way to log what is going on with ACLs?
It looks so powerful that its confusing.