So on my site, I have several client users, who have restricted access to create/edit/save resources, but can’t see the element tree and cannot install extras etc.
All working fine, but a user contacted me to say that on certain resources, there is a lock icon in place of where the save button should be.
I can see the same when i login as an adminLite user.
But as a full admin, it’s fine.
What is more strange, is that if I login as the full admin, and select a resource, and then come out of it without actually doing anything - the AdminLite user then sees a lock on the same button of that resource!
I’ve gone through the access control list but cannot figure out what it could be?
Yes I thought the same - but the resource itself doesn’t have a lock - just the same button.
And when i Delete Locks (it is MODX3) the save button is still locked on multiple resources.
So to clarify - if another user is in a resource, the lock icon appear in the resource tree and the save button says ‘Locked by Username’ - but this isn’t happening.
The lock is only on the save button - with no user name - and no lock on the resource tree icon. Which i haven’t seen before.
The only way i can ‘unlock’ the resource save button is to change the user to ‘sudo’.
So it must be some strange permissions issue - but it’s been fine for days, and has suddenly happened.
It’s as if there’s been a security issue and the server has locked down the resources somehow?
Sounds stupid, but I can’t think what could cause this
I’ve been searching Google all evening and cannot find anything similar.
What I’ve finally realised while playing around is that it’s a problem with Root level resources only.
The users cannot edit anything at root level.
I was able to create a resource at root level - and it’s in the resource tree - but if I try and edit it, the save button has a lock - even though I created it with this editor user.
Also, I cannot create a child of this page - (due to me not having permission to edit/save this resource).
So the User Groups is Administrator (same as the top level superuser)
But the role is Editor - 10 which has the AdminLite Access policy (which has the save permission for the context ‘mgr’.
One thing I just noticed - Under Access Permission within the Administrator Access Control list, the second tab down ‘Resource Groups’, it contains my user group minimum role - Editor 10, Access Policy ‘Load, List and View’.
But under the Contexts tab, mgr, it has the Access policy of AdminLite.
I tried to change the access policy within the Resource Group, but the only options are:
(No policy)
Load only
Load, List and View
Object
Resource
Thank for the steer - got there in the end.
This has driven me crazy all night - I just cannot get my head round permissions.
I think what was causing this issue was when I wanted to hide certain resources from certain users (which I created a topic about the other day).
So unfortunately now that side of things aren’t work - everyone has access to all the resources.
But I will tackle that after a good nights sleep - as I’m too tired to go there now
Thanks again for all your input - you’re a star.
See you for part two tomorrow (only joking - I hope…)
This topic was automatically closed 2 days after discussion ended and a solution was marked. New replies are no longer allowed. You can open a new topic by clicking the link icon below the original post or solution and selecting “+ New Topic”.
(only joking - I hope…)