MODX3, permissions and permission templates

Hey everyone,

I have a problem with permissions and templates in MODX3. We created a boilerplate for MODX 2.x back in the day and we set up most of the stuff needed for a standard installation automatically. And here’s the kicker. We injected our standard templates and it all looks consistent.

access_permissions table looks almost identical, frames is active, policy templates look fine policies look fine as wel. The only thing that seems to have changed is the pricinple_class, that now has the full object path to modUserGroup in it, and some description texts seem to have been switched to lexicon placeholders.

However, when I assign a user to an administrator group (even the one that comes with a standard installation) access to manager is denied.

I can provide access to anybody who wants to take a look. I have no idea why this is happening. The only way to log on to the system is switching a user to sudo. That’s the only option I have.

Handing this to a client however is not an option for us, because we like to lock down our installations as much as possible

I’d be really happy about any input, I really have no idea why the system seems to ignore all of our permission settings. I can’t get them to apply at all and I don’t kinow why that is.

Andreas

Hi Andreas, maybe I can help you out? If you could provide me access I can have a look. Cheers!

It would be really good if we could identify the issues and post them back here as this sounds familiar.

First, are you resolving the principal_class value to be the fully-qualified classname? If you are, and it still is not working after clearing all caches and sessions, then we will need to look elsewhere.

Have you tried injecting the 2.x boilerplate into a 2.x installation and then running an upgrade to 3.x to see what other differences might be involved? The upgrade process would have fixed the fully-qualified classname issue, for what it is worth.

1 Like

Hey guys,

Of course I did. I noticed the difference and switched to the fully qualified object name. I cleared the entire directory of course.

What else can I clear? It’s a fresh user that doesn’t have any existing session information. Am I missing something?

Andreas

Hey Arjen,

Sure. I can provide you with credentials to our development instance. The rest is locked up in a docker container.

Andreas

Thanks to Arjen this will be resolved soon. Here’s what happened:

The principal class for access permissions is set in system settings. Apparently we imported our settings from our MODX 2.8.x boilerplate. On MODX3 however the fully qualified class name is being used and in MODX 2 it’s the same object path connected by dots though.

That’s what happened. And to make it official: I owe @arjentrouwborst several drinks on the next MODX Meetup :slightly_smiling_face:

3 Likes