Following on from Modx Revolution Development Part 08 - Membership, we will now implement restrictions on how users may access certain resources on our website. Our emphasis in this section will be on defining permissions for an Editor (who can edit resources in the Manager), and an ordinary registered member (who can only interact with exposed frontend pages).

Modx Revolution Security, for our purposes, involves assigning a resource to a Resource Group. We then create a User Group and use Access Control to grant this group appropriate access to a Resource Group. Finally, we add users to the User Group. That probably sounds convoluted; therefore, let's try it out.

  1. Create Resource Group:
    Security-->Resource Groups
    Create Resource Group
    • With this resource group in place, we can now secure our Members Page. We can do this in two ways: either through the Access Permission tab of the Members Page or, as we will do here, by dragging from the right pane of the Resource Group panel (expand web to see resource) and dropping on top of myrevo resource group.
    • The Resource Group name can be anything, of course, but we are using myrevo simply to differentiate from other contexts, as we will see when we get to look at Contexts in the penultimate part of this series.
  2. Create User Group:
    Security-->Access Controls
    New User Group
    Name: myrevo_members
  3. Define Permission Level:
    • Right-click on myrevo_members-->Update User Group
    • On Resource Group Access tab:
      • Add Resource Group:
        Resource Group: myrevo
        Minimum Role: Member - 9999
        Access Policy: Resource
        Context: web
  4. Add Users to myrevo_members Group:
    • Add User to Group:
      User: tester (or whatever test username, not admin)
      Role: Member
    • Note: During Membership testing in the previous section, we will have created a test user, failing which we create a user under Security --> Manage Users and then come back here via Security-->Access Controls-->Right-Click on myrevo_members-->Update Users-->Users tab. Alternatively, we can add a user to a group through the Access Permissions tab of the User setup screen.
    The permission we have just set up applies to ordinary registered users who will get to see the Members Page.
  5. Flush Permissions
    Security-->Flush Permissions
    Answer Yes to dialog.
  6. Use a different browser to test.

With Editors, we are providing access to the manager to enable them edit resources. Modx Revolution has a Content Editor policy which we shall apply to the editor group. We implement editorship as follow:

  1. Create a new User:
    • Name: myrevoeditor
  2. Create a new User Group - under Administrators User Group:
    • Name: myrevo_editors
  3. Create a New Role: under Roles tab of Access Control:
    • Name: Editor
    • Authority: 10
  4. Right-Click on myrevo_editors-->Update User Group:
    • Context Access tab:
      • Add first Context: mgr
        Minimum Role: Editor
        Access Policy: Content Editor
      • Add second Context: web
        Minimum Role: Editor
        Access Policy: Content Editor
      • Add third Context: web
        Minimum Role: Member - 9999
        Access Policy: Load, List and View
  5. Add users to myrevo_editors User Group:
    • Add User to Group:
      User: myrevoeditor
      Role: Editor
  6. Flush Permissions
    Security-->Flush Permissions
    Answer Yes to dialog.
  7. Use a different browser to test
    login into http://localhost/myrevo/manager/

Note: In some instances, it may be necessary to apply Security-->Flush All Sessions in order for permissions to take full effect. The admin will then need to login again.

We now move on to Modx Revolution Development - Part 10 - Contexts to look at how to run multiple webites from a single install of Modx Revolution.

Comments (0)

Add a new comment:

This thread has been closed from taking new comments.