I’ve got MODX 3.0.3 installed on a couple of sites and having issues with ACLs. One site I upgraded from 2.8.4, so the ACLs haven’t changed at all. But now it’s like everyone is SUDO; they have access to everything. I also just set up a new MODX 3 site from scratch, created an Editor user group, and created a new access policy based on the Administrator template, with a reduced number of authorized actions. Same story there; people assigned to this group and access level can access everything.
Is there some additional step involved in setting up ACLs in MODX 3? Anyone else having these issues?
Yes, tested with user in a different browser, with all cookies deleted. There are no sudo users in the sites. When I remove ALL access permissions for a user, so they don’t belong to any group, when that use logs in, they have full access to everything.
Also, I can’t view any unpublished pages as an administrator, even though view_unpublished is enabled in the ACLs. It’s like MODX is using some unknown ACL for everybody.