[Bug] No access to restricted resources (by resource group) in frontend

[JHG-media]

Summary

I tried to set up every way possible, but I do not think it's working out of the box right now.

I created a resource group.

Created a user group and linked it to a resource group.

I assigned a page to this resouce group. Little lock appears... Page is not visible/can't be accessed in frontend anymore, even for admin users.

Sorry if I am misunderstanding the new system, but before it worked like a charm. Can you replicate this?

Steps to reproduce.

Set up resource group and assign it to a page. Try to preview/view the page restricted with the resource group in frontend.

Observed behavior

Resource group is not accessible from frontend anymore, even if users are in user groups linked to the resource group.

Expected behavior

Frontend visitors who are logged in should see the (restricted) page, if they are in the user group linked to the resource group.

Related issue(s)/PR(s)

No response

EvoCMS version

3.1.29

Apache/nginx version

Linux ae840 4.19.0-18-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64

PHP version

8.2.22

MySQL version

8.0.33 - MySQL Community Server - GPL

Any relevant information

No response

[Pathologic]

Did you add user to the testgroup?

[JHG-media]

Yes, I don't think there are any other options...(?)

Besides that: Even with the main admin I can't open the page in frontend anymore... Seems bugged to me. The moment there is this little "lock", the page becomes inaccessible.

This discussion might be related: https://forum.evo.im/d/92-login-for-web-users-with-error-no-table-web-user-attributes/21

But I am not fully aware of the problem or lets say what should work and what does not. The discussion drifted more into a direction to log in with formlister, so I don't think I will get an answer there.

My goal is to set up users that have to log in to view "private" pages (as mentioned in the forum, for downloads for example).

[Pathologic]

I've tried to reproduce but it works as it should. Send manager login and pass to m@xim.name to investigate.

[Pathologic]

I've checked your site and see no problems. I've installed userAuth plugin, so you can authorize users at the frontend from the manager and check it by yourself.

Managers are not authorized at the frontend, that's why you cannot see the restricted page. You can make a plugin on OnUserLogin event to auth managers at the frontend automatically, that's similar to the old behaviour:

if(($uid = evo()->getLoginUserID('mgr')) && evo()->getContext() == 'mgr') {
      $user = new Pathologic\EvolutionCMS\MODxAPI\modUsers(evo());
      $user->authUser($uid);
}

[JHG-media]

Hm, I think I understood the issue now. Thanks for your very fast help again!

Some questions (which I am sure will come up for other users as well): Why was it changed, that managers are not automatically authed in frontend anymore? Makes no sense to me, that when I (as admin) hit the "Preview" Button, the page is not visible to me. And even if the admin is in the user group that has access to the resource group, it's not working without a separate frontend login, correct?

There is no default login form/core functionality to login for frontend users, right? I probably have to take the formlister examples out of the forum then.

[Pathologic]

And even if the admin is in the user group that has access to the resource group, it's not working without a separate frontend login, correct?

Yes, backend and frontend are separate now.

There is no default login form/core functionality to login for frontend users, right? I probably have to take the formlister examples out of the forum then.

Right, you should use FormLister, at least if you are not programmer.

[JHG-media]

Okay, thanks for the help. To be honest... I think this should be changed in the core. An admin with full rights should see every resource in the frontend as well, it is just confusing (and was different before, so people coming back to the new version are irritated) ;-)

[Pathologic]

Okay, thanks for the help. To be honest... I think this should be changed in the core. An admin with full rights should see every resource in the frontend as well, it is just confusing (and was different before, so people coming back to the new version are irritated) ;-)

I'll think what can be done.