Permissions being ignored
Permalink
I have two groups, A and B.
A page has Read permissions for both groups A and B.
Users in A can see the page, but users in B cannot and get the log in page.
Any ideas anyone?
Also, where would I start to debug this within the C5 core?
Thanks
A page has Read permissions for both groups A and B.
Users in A can see the page, but users in B cannot and get the log in page.
Any ideas anyone?
Also, where would I start to debug this within the C5 core?
Thanks
Are you using basic permissions or advanced permissions?
Advanced.
I think the core code regarding permissions have been nailed down pretty well. I would double-check your settings again before touching the core code. How many levels down is the page? Could one of it's parent pages be kicking the B group to the login page?
The page is 2 levels deep. Its parent seems OK as user B can see it. The grand parent is the home page and this can also be viewed by user B too.
Damn-fool computers!
I tell a lie, it still fails. The tab I thought was with user B, was in fact user A.
The issue remains.
Digging into the code shows me that error 12 is thrown in the dispatcher (COLLECTION_FORBIDDEN).
Does this mean the collection is completely FORBIDDEN or that the collection is just FORBIDDEN for the current user.
There is certainly something wrong here, even adding a user in group B to group A too, it fails.
The issue remains.
Digging into the code shows me that error 12 is thrown in the dispatcher (COLLECTION_FORBIDDEN).
Does this mean the collection is completely FORBIDDEN or that the collection is just FORBIDDEN for the current user.
There is certainly something wrong here, even adding a user in group B to group A too, it fails.
Dispatcher.php doesn't usually crash and burn in a PHP error if someone doesn't have access to a page/block/area.
Something is more fundamentally wrong.
Something is more fundamentally wrong.
Its not a crash and burn error. Its handling an error of its own, in this code
Thanks for your time!
if ($cp->isError()) { // if we've gotten an error getting information about this particular collection // than we load up the Content class, and get prepared to fire away switch($cp->getError()) { case COLLECTION_FORBIDDEN: $v = View::getInstance(); $v->setCollectionObject($c); $v->render('/page_forbidden'); break; } }
Thanks for your time!
That makes more sense.
The $cp is the 'page permission' object so it's reporting that User B does not have permission to read that page.
Does the page show any 'Unapproved Versions' - a green bar across the top. Admins only see the most recent page version but the permission object will be looking at the 'public' version of the page.
The $cp is the 'page permission' object so it's reporting that User B does not have permission to read that page.
Does the page show any 'Unapproved Versions' - a green bar across the top. Admins only see the most recent page version but the permission object will be looking at the 'public' version of the page.
It has no Unapproved versions. The latest version is approved.
I'd create a new page with the permissions you want and see if it acts the same way. Once in a blue moon I get pages that just don't act right like the db was screwed up
