User Group cannot delete Static Resources

Hi all,

My editors group seem to be unable to delete Static Resources:


That appears when right-clicking a static resource in the tree and clicking Delete.

If I edit a static resource and check the Settings / Deleted box, then save - the resource saves but the Deleted box returns to unchecked. No error appears in that case.

My editors group uses a custom ACL with permissions granted for remove, delete_document and delete_static_resource

Administrators can delete Static Resources OK and the editors group can delete Document Resources and Weblink Resources OK.

What am I missing?

MODX 2.8.4-pl

Do the editors have basic delete and save permissions?

Hey @halftrainedharry

They have save permission.

I don’t see a basic delete permission - they do have remove though.

There is one in the “Resource” access policy.
I only saw that there is some check in the resource/delete processor.

Hmm … all permissions, including delete are enabled in the Resource policy.

I tried switching the Editors group over to using the Administrator ACL policy instead of the custom one.

Flushed permissions, logged the Editor out and in again, and the result was the same.

That would appear to rule out the custom ACL policy - I think?

What else could cause this?

You could (temporarily) add some code to the processor I linked above (on line 55) to check and log the permissions individually. Maybe this gives some insight.

if (!$this->modx->hasPermission('delete_document')) {
	$this->modx->log(modX::LOG_LEVEL_ERROR, "user " . $this->modx->user->get('username') . " doesn't have permission 'delete_document'");
if (!$this->modx->hasPermission('delete_static_resource')) {
	$this->modx->log(modX::LOG_LEVEL_ERROR, "user " . $this->modx->user->get('username') . " doesn't have permission 'delete_static_resource'");
if (!$this->resource->checkPolicy('save')) {
	$this->modx->log(modX::LOG_LEVEL_ERROR, "user " . $this->modx->user->get('username') . " doesn't have permission 'save'");
if (!$this->resource->checkPolicy('delete')) {
	$this->modx->log(modX::LOG_LEVEL_ERROR, "user " . $this->modx->user->get('username') . " doesn't have permission 'delete'");

This site is on MODX 2.8.4-pl - I think the above is MODX3 … ?

I tried adding your code to: core/model/modx/processors/resource/delete.class.php

But nothing appears in the Modx Error Log when I get the Permission Denied error.

It seems, that in MODX 2.8.4, the code checks the permissions delete_document and delete_resource (instead of delete_document and delete_static_resource like in MODX 3).

Aye - that’s getting us somewhere …

[2023-03-21 16:22:02] (ERROR @ /home/xyz/public_html/core/model/modx/processors/resource/delete.class.php : 51) user xxyyzz doesn't have permission 'delete_resource'

But there is no delete_resource permission in either my Administrator or custom Editor policies.

This seems to be a bug in MODX 2.8.4.

It’s probably fixed in 2.8.5.

1 Like

That’s it :+1:

Thanks @halftrainedharry

In core/model/modx/processors/resource/delete.class.php I changed:

'modStaticResource' => 'delete_resource',


'modStaticResource' => 'delete_static_resource',

and all is well!

It has indeed been fixed in 2.8.5.

Thanks for your help as always!

This topic was automatically closed 2 days after discussion ended and a solution was marked. New replies are no longer allowed. You can open a new topic by clicking the link icon below the original post or solution and selecting “+ New Topic”.