Permissions problem using resource groups in MODX 3.0


Use of Resource Groups is creating a problem in 3.0. An editor assigned to a “full editors” resource group can access and edit resources assigned to that group, but then can’t view that page on the website. My test site was converted from 2.8.4, where the permissions are working without a problem.

Step to reproduce

Here is the ACL setting for the Editors group:

Screen Shot 2024-02-06 at 12.41.01 PM

And the Resource group for Editors:

Screen Shot 2024-02-06 at 12.41.12 PM

Observed behavior

Once a user logs into the manager as a Full Editor, they can edit pages but can’t view them on the website until they log out.


MODX 3.0.4

Just to make sure: You have only one context (= “web”) and the resources are in that context.

What permissions does the “(anonymous)” group have in the “web” context, that the “Editors” group doesn’t?

Yes, just one context

None. Anonymous ONLY has “load privilege”, nothing else for “web”. Editors have that and lots more for “web”.

In the screenshot for the “Resource Groups” access permissions, what is the selected context? (The value is cut off.)

If the value is “mgr”, then maybe try adding another entry for the “web” context with “Load, List and View” permission.

What I just noticed is that the context name is missing in the Resource Group setting for Editors. Something must have gotten corrupted during the upgrade.

More and more odd problems are cropping up on this site. I just started from scratch in a new test installation, and discovered that if I install the 2.8.6 site, then manually upload and unpack the 3.0.4 package, then all the problems disappear. So some kind of corruption happened using the first method I tried (twice): using UpgradeModx, I upgraded first to 3.0.0, then to 3.0.4. Maybe 3.0.0 did something weird?