Bug #23468 Accepted

Template Access Restriction Redirection not working

Version: 4.0.9 Reporter: chunkitchris

I am not sure if this is a bug or if I missing something as the EE doc is very brief, only one sentence.

I am trying to set up a member-only presentation area. The template is “site/presentation” and in the setting, under “Access,” the template is limited to Member, Manager, Admin and Author. Under “No Access redirect” i set it none. And then I logout and then access the page, “domainName.localhost/site/presentation” as a guest, i should not be able to see the template; but i still can see it.

Another scenario: instead of choosing “None” under “No Access redirect,” I chose “site/sign-up” template and i tested that this template works and is not empty. However, once i access the presentation template as a guest, it returns an empty page. Does it suppose to display “site/signup” template?

Thanks, Chris

  • Hi Chris,

    I can confirm the first issue. The ‘None’ option is a new addition, and we need to add a default behavior when that’s selected. That’s being worked on now.

    I can’t replicate the second issue. I created a test template with just a static ‘You have no access’ message. If I select that, my no access people are properly redirected.

    If you try that, does it work? I’m thinking that there may be something on site/sign-up that would prevent it showing for the person you’re testing as. Trying it with a simplified page will give us a good idea of whether that’s the case.

    Robin Sowell
    12th February, 2018 at 2:21pm
  • Hi Robin, the setup is a brand new ee4.0.9 on my local environment. Here is the test: I have three templates, and each template it has only one sentence or a phrase: 1. site/index (homepage) 2. site/login (please login to view the restricted contents) 3. site/restrict (here is the restricted content)

    Here is the test A: 1. In the setting of “restrict” template, i set it limited to members only 2. under “No access direct” i redirect it to site/index 3. it works.

    Here is the test B” 1. In the setting of “restrict” template, i set it limited to members only 2. under “No access direct” i redirect it to site/login 3. it returns to “restrict” template 4. Fail

    I see that the results are random sometimes it simply displays an empty page.

    Chris

    chunkitchris
    12th February, 2018 at 2:29pm
  • OK, I appreciate the additional testing. It looks like something quirky may be going on, and I’ll double check the code while fixing the default redirect issues.

    Just stay subscribed here and I’ll get you a fix as soon as we have one- and we’ll make sure that it resolves the intermittent white page issue as well.

    Robin Sowell
    12th February, 2018 at 2:38pm
  • Hi Robin, I just tested it again. this time, after i completely logout, the “Restrict” template did not redirect to any template, it simply displays the restricted content this time. However, if i select “site/index” and then logout and go to “restrict” template, this time it can redirect to “site/index” Please note that “site/login” only has one phrase “please sign in to view the content” nothing special.

    chunkitchris
    12th February, 2018 at 2:39pm
  • Hi Robin, another test. very interesting.

    Another test: i created one more template “site/sign-in-2.” I go back to “Site/restrict” and then select “site/sign-in-2” under “No access direct”; and then i logout and then go to the restrict template. This time it works! But once i change it back t o “site/login” it does not work again.

    chunkitchris
    12th February, 2018 at 2:41pm
  • OK, sounds like something about ‘site/login’ it doesn’t like.

    I just create a template group/template site/login and it works for me. So- I’m thinking it could be some weird htaccess rule, a template route, pages or structure- really anything that affects the typical behavior of the URLS. Could be an extension- try disabling extensions and seeing if that works.

    Oh- and if that still doesn’t help- in ‘Settings- Output and Debug’ try turning on debugging. Then while still a superadmin, go login as some member that doesn’t have permission to access the page and should be redirected to site/login.

    If you’re a superadmin logged in as a different user group, you should still see the debug. That debug will hopefully give us an idea as to why you’re ending up there.

    Robin Sowell
    12th February, 2018 at 2:45pm
  • hey Robin, but this is a brand new ee install with no modified config or .htaccess.

    chunkitchris
    12th February, 2018 at 2:51pm
  • Hi Robin, i install this ee on my local dev according to the ee installation guideline and i also placed the system above the webroot. This is a totally brand new install with nothing modified nor add-ons or plugins installed. I have tried it for more than an hour with different combinations and the result is still random. All templates are static with a sentence or a phrase. When i test them i often logout as i just want to create a template for member-only.

    chunkitchris
    12th February, 2018 at 3:04pm
  • Hey Robin, don’t mean to bombard you but i did another test. I simply deleted all the templates and started over. again 3 templates: home, member-only, and log-in member-only is limited to members and “no access redirect” is log-in; this time it returns an empty page.

    The results are random. I have two more production sites have the same problem. :(

    chunkitchris
    12th February, 2018 at 3:15pm
  • Let’s try two things- I’ve attached a fix for the ‘none’ selection for the no access bounce template. It’s in the ‘Solution’ tab above.

    Backup and replace system/ee/legacy/libraries/Template.php with the one from the attached zip.

    Second- let’s be sure PHP errors are showing, even to non-logged in folks. You can do that in ‘Settings- Output and Debug’. Sometimes a whitescreen is a hidden error.

    Robin Sowell
    12th February, 2018 at 3:16pm
  • After i replaced the template.php and the select “None” under” No access redirect” and then logout and then go to “member-only” template, it displays a message: “Error! The page you requested was not found.” Am i supposed to see this message?

    chunkitchris
    12th February, 2018 at 3:21pm
  • For the second issue. 1. Set to “site/homepage,” it displays “homepage”. So it always works.

    1. Set to “site/login”, it displays a complete empty page without any error message. In the backend, i have already enabled debugging and the errors are visible to everyone.
    chunkitchris
    12th February, 2018 at 3:27pm
  • i just created one more template “hello” and assigned this template as “no access redirect” for “member-only” template. This time it simply redirects to the homepage.

    chunkitchris
    12th February, 2018 at 3:37pm
  • > “Error! The page you requested was not found.”

    That bit’s correct- it’s giving you the default 404 behavior. I won’t swear that’s what we’ll do in the release, but if it’s showing the 404 to users with no access when the no auth template is ‘none’, that’s correct.

    For the random redirects- is it possible for me to get superadmin access to one of the sites? Can you send an email to support@expressionengine.com. I can give you a secure way to share login.

    Robin Sowell
    12th February, 2018 at 3:56pm
  • sent you an email 5 minutes ago

    chunkitchris
    12th February, 2018 at 4:11pm

You must be signed in to comment on a bug report.

  • Backup and replace system/ee/legacy/libraries/Template.php with the one from the attached zip.

    If no access ‘bounce’ template is specified, it will trigger the standard 404 behavior.

ExpressionEngine News

#eecms, #events, #releases