Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

SafeCracker: Users can only edit their own entries.

February 24, 2011 5:54pm

Subscribe [7]
  • #1 / Feb 24, 2011 5:54pm

    Philip Zaengle's avatar

    Philip Zaengle

    293 posts

    I have an issue where safecracker will only save entries if the safecracker user ID is equal to that of the user who authored the post. I have two admin users set up, they can edit their own posts, but not each others.

    When a user tries to edit a post that is not theirs they get the error “You are not authorized to perform this action”

    Here’s my code:

    {exp:safecracker 
            datepicker="no" 
            url_title="{segment_3}" 
            include_jquery="no"
            require_entry="yes"
            rules:cf_orphan_sponsor_email="required|valid_email|min_length[5]"
        }
        <label for="url_title">Your Name</label>
    
        <input type="text" name="cf_orphan_sponsor_name" id="cf_orphan_sponsor_name" value="{cf_orphan_sponsor_name} - {title}" maxlength="75" size="50" /><br >
    
        <label for="url_title">Your Email</label>
    
        <input type="text" name="cf_orphan_sponsor_email" id="cf_orphan_sponsor_email" value="{cf_orphan_sponsor_email}" maxlength="75" size="50" /><br >
    
        <label for="url_title">Your Phone Number</label>
    
        <input type="text" name="cf_orphan_sponsor_phone" id="cf_orphan_sponsor_phone" value="{cf_orphan_sponsor_phone}" maxlength="75" size="50" /><br >
    
        {if captcha}
            <label for="captcha">Please enter the word you see in the image below:</label>
    
            {captcha}
    
            <input type="text" name="captcha" value="{captcha_word}" maxlength="20" /><br >
        {/if}
    
        <input type="submit" name="submit" value="Submit" />
    {/exp:safecracker}

    I’m attaching a screenshot of my settings

  • #2 / Feb 25, 2011 11:09am

    Ingmar Greil's avatar

    Ingmar Greil

    29243 posts

    Can the admins edit regular users posts? What version of EE and SafeCracker are you using? Are you using mod_rewrite anywhere on your site?

  • #3 / Feb 25, 2011 11:44am

    Rob Sanchez's avatar

    Rob Sanchez

    335 posts

    Which variety of error message are you getting, the 1st or 2nd attachment?

  • #4 / Feb 25, 2011 11:51am

    Rob Sanchez's avatar

    Rob Sanchez

    335 posts

    Just a shot it the dark, but you should try setting channel=“orphans”, it seems to be missing from your form.

  • #5 / Feb 25, 2011 4:11pm

    Sue Crocker's avatar

    Sue Crocker

    26052 posts

    Thanks for the assist, Rob.

    Philip - are you also allowing those members to edit other person’s entries?

  • #6 / Mar 01, 2011 7:41pm

    Philip Zaengle's avatar

    Philip Zaengle

    293 posts

    Sorry for the slow reply - Yes the admin users have access to edit any and all posts.

    The type of error I’m getting is of the grey box kind. Screenshot attached.

    I tried adding channel=“orphans” to the tag pair but that didn’t effect the results.

  • #7 / Mar 02, 2011 12:45pm

    Sue Crocker's avatar

    Sue Crocker

    26052 posts

    Philip - is this SafeCracker 2.0 or 1.03? Going to try and reproduce on my install.

  • #8 / Mar 02, 2011 4:41pm

    Philip Zaengle's avatar

    Philip Zaengle

    293 posts

    2.0 - thanks!

  • #9 / Mar 03, 2011 3:25am

    John Henry Donovan's avatar

    John Henry Donovan

    12340 posts

    Philip,

    I made a complete replication of your set-up and wasn’t able to reproduce your error screen
    Are you using a htaccess o remove index.php?

    I applied this fix previously which may has some bearing but I don’t think so

  • #10 / Mar 27, 2011 3:29pm

    Nate Iler

    29 posts

    I’m experiencing the same “You are not authorized to perform this action” issue.  I duplicated the safecracker settings on two different sites and I noticed that my MSM site gives me the “You are not authorized to perform this action” error while the non-MSM doesn’t.

    Both sites are 2.1.3 with Safecracker2.  I’ve setup the guest post member group to super-admin within the extension to make sure they have the proper privileges.

    I can also say that I’m able to post a new post without a problem.

    Here is my code:

    {exp:safecracker 
        channel="events" 
        return="{segment_1}/{segment_2}/{segment_3}/success"
        url_title="{segment_3}"
        use_live_url="no"
        site="main"
        safecracker_head="no"
        author_only="no"
    }
     ... form details ...
    {/exp:safecracker}

    Can anyone duplicate the same issue on their MSM installs?

  • #11 / Mar 28, 2011 9:32am

    Sue Crocker's avatar

    Sue Crocker

    26052 posts

    nateiler, are you trying this on the initial site of your MSM install, or one of the other sites?

  • #12 / Mar 28, 2011 11:47am

    Nate Iler

    29 posts

    The site I’m working with is the root site (site_id = 1) that I renamed from defailt_site to main.  I haven’t tried on any of the other sites for this install.

  • #13 / Mar 28, 2011 12:57pm

    Nate Iler

    29 posts

    I did some more investigating…

    With a new copy of EE (w/ some popular addons included) I created a new channel and uploaded MSM files but didn’t enable or add additional sites.  Registered as ‘admin’ username on install.

    Added an entry to channel_a.  No settings have been configured for guest posting.
    —- Logged out guest didn’t see a form…as expected.

    Added the ‘admin’ super-admin to the safecracker extension settings as the guest publisher.
    —- Logged out guest posted successfully…as expected.

    Registered a new member and assigned them to super-admin group upon creation.  Assigned new member as guest publisher in the safecracker extension settings.
    —- Logged out guest could not post…“You are not authorized to perform this action”

    Changed guest poster back to original ‘admin’ super-admin in safecracker extension settings.
    —- Logged out guest posted successful.

    *** Puzzled at this point because they should have the same privs. ***

    Created new member_group and assigned channel posting privs.  Added new member to that group and updated safecracker extension settings.
    —- Logged out guest could not post…“You are not authorized to perform this action”

    Logged in as new member, moved ‘admin’ to the new member group and updated safecracker extension settings.
    —- Logged out guest posted successful.

    I’ve duplicated this install multiple times locally trying different combinations and everything seems to be tied to a member and not a member_group.  I also find it strange that when a guest author set in the extension settings and they don’t have privs to post to a channel, the safecracker form doesn’t even appear.  I can’t think of any other settings that would cause “You are not authorized to perform this action” errors.

  • #14 / Mar 28, 2011 1:16pm

    Nate Iler

    29 posts

    I poked around a bit further and noticed that the error is tied to the author of the entry.  If the author of the entry and guest publisher in the safecracker extension don’t match, it throws the error. 

    I changed the author of the entry to match the guest who I define in the safecracker extension settings I can post successfully.  I’m using the author_only=“no” parameter so I assumed this wouldn’t be the case.

    I even duplicated this with everyone as super-admin to eliminate any channel posting settings.

    Can anyone confirm?

  • #15 / Mar 29, 2011 8:03am

    John Henry Donovan's avatar

    John Henry Donovan

    12340 posts

    nateiler,

    I can replicate this. Can you go ahead and create a bug report please?

ExpressionEngine News

#eecms, #events, #releases