modxbot
commented
11 years ago felonius submitted:
Environment update:
Sorry, forgot to include the SERVER environment (you probably don't care about the end user environment) =)
MySQL 5.1.56 Gentoo 2.6.34 r6 PHP 5.3.27 Apache 2.2
felonius created Redmine issue ID 10242
So I noticed in today in Revo 2.2.8-pl traditional that the "Quick Edit File" action in the file manager has some strange behaviors when users aren't a "sudo" user.
I was attempting to work on some CSS for a Discuss add-on installation, with this file in the file manager:
components/discuss/themes/default/css/redo/forums-styles.css
My login was as an administrator ACL with all permissions assigned to the policy template, and all permissions enabled, but I was not a "sudo" user. Folder permissions for the folder were set to 775.
Because our organization has the default Media Source set to a custom source, editing this file in the standard MODX editor was causing the file tree view to reset every time I clicked to edit a file. This is a pain, having to go back through the directory structure to get back to where you were. So in the past, using a "sudo" account, I would use the "quick edit file" option.
However, without the "sudo" user option enabled, "quick edit file" would immediately throw an "Access Denied" error, even though my ACL permission set seemed to allow the ability to edit this file.
I immediately confirmed that I could still click the CSS file, edit it normally, and save changes in the standard MODX text editing window, I simply couldn't "quick edit" the file.
The permissions weren't preventing me from actually modifying the file, but as a non-sudo user I couldn't conveniently quick edit the file.
I think the "quick edit file" behavior should be consistent with the applied ACL permissions for the media source and user---if I'm allowed to modify a file using the standard MODX editing page, I should be able to modify it using "quick edit."