EllisLab text mark
Advanced Search
1 of 2
1
   
SafeCracker: Users can only edit their own entries.
Posted: 24 February 2011 05:54 PM
Avatar
Joined: 2007-07-08
327 posts

I have an issue where safecracker will only save entries if the safecracker user ID is equal to that of the user who authored the post. I have two admin users set up, they can edit their own posts, but not each others.

When a user tries to edit a post that is not theirs they get the error “You are not authorized to perform this action”

Here’s my code:

{exp:safecracker 
        datepicker
="no" 
        
url_title="{segment_3}" 
        
include_jquery="no"
        
require_entry="yes"
        
rules:cf_orphan_sponsor_email="required|valid_email|min_length[5]"
    
}
    
<label for="url_title">Your Name</label><br />
    <
input type="text" name="cf_orphan_sponsor_name" id="cf_orphan_sponsor_name" value="{cf_orphan_sponsor_name} - {title}" maxlength="75" size="50" /><br />

    <
label for="url_title">Your Email</label><br />
    <
input type="text" name="cf_orphan_sponsor_email" id="cf_orphan_sponsor_email" value="{cf_orphan_sponsor_email}" maxlength="75" size="50" /><br />

    <
label for="url_title">Your Phone Number</label><br />
    <
input type="text" name="cf_orphan_sponsor_phone" id="cf_orphan_sponsor_phone" value="{cf_orphan_sponsor_phone}" maxlength="75" size="50" /><br />

    
{if captcha}
        
<label for="captcha">Please enter the word you see in the image below:</label><br />
        
{captcha}<br />
        <
input type="text" name="captcha" value="{captcha_word}" maxlength="20" /><br />
    
{/if}

    
<input type="submit" name="submit" value="Submit" />
{/exp:safecracker} 

I’m attaching a screenshot of my settings

 Signature 

philipzaengle.com / @philipzaengle

 
Posted: 25 February 2011 11:09 AM   [ # 1 ]   [ Rating: 0 ]
Avatar
Joined: 2004-05-15
29075 posts

Can the admins edit regular users posts? What version of EE and SafeCracker are you using? Are you using mod_rewrite anywhere on your site?

 
Posted: 25 February 2011 11:44 AM   [ # 2 ]   [ Rating: 0 ]
Avatar
Joined: 2009-06-03
326 posts

Which variety of error message are you getting, the 1st or 2nd attachment?

 Signature 

http://robsanchez.com
http://twitter.com/_rsan
http://github.com/rsanchez

 
Posted: 25 February 2011 11:51 AM   [ # 3 ]   [ Rating: 0 ]
Avatar
Joined: 2009-06-03
326 posts

Just a shot it the dark, but you should try setting channel=“orphans”, it seems to be missing from your form.

 Signature 

http://robsanchez.com
http://twitter.com/_rsan
http://github.com/rsanchez

 
Posted: 25 February 2011 04:11 PM   [ # 4 ]   [ Rating: 0 ]
Avatar
Joined: 2002-04-29
26055 posts

Thanks for the assist, Rob.

Philip - are you also allowing those members to edit other person’s entries?

 
Posted: 01 March 2011 07:41 PM   [ # 5 ]   [ Rating: 0 ]
Avatar
Joined: 2007-07-08
327 posts

Sorry for the slow reply - Yes the admin users have access to edit any and all posts.

The type of error I’m getting is of the grey box kind. Screenshot attached.

I tried adding channel=“orphans” to the tag pair but that didn’t effect the results.

 Signature 

philipzaengle.com / @philipzaengle

 
Posted: 02 March 2011 12:45 PM   [ # 6 ]   [ Rating: 0 ]
Avatar
Joined: 2002-04-29
26055 posts

Philip - is this SafeCracker 2.0 or 1.03? Going to try and reproduce on my install.

 
Posted: 02 March 2011 04:41 PM   [ # 7 ]   [ Rating: 0 ]
Avatar
Joined: 2007-07-08
327 posts

2.0 - thanks!

 Signature 

philipzaengle.com / @philipzaengle

 
Posted: 03 March 2011 03:25 AM   [ # 8 ]   [ Rating: 0 ]
Avatar
Joined: 2004-03-22
12308 posts

Philip,

I made a complete replication of your set-up and wasn’t able to reproduce your error screen
Are you using a htaccess o remove index.php?

I applied this fix previously which may has some bearing but I don’t think so

 Signature 

John Henry’s Website | Follow me on Twitter

 
Posted: 27 March 2011 03:29 PM   [ # 9 ]   [ Rating: 0 ]
Joined: 2008-04-29
44 posts

I’m experiencing the same “You are not authorized to perform this action” issue.  I duplicated the safecracker settings on two different sites and I noticed that my MSM site gives me the “You are not authorized to perform this action” error while the non-MSM doesn’t.

Both sites are 2.1.3 with Safecracker2.  I’ve setup the guest post member group to super-admin within the extension to make sure they have the proper privileges.

I can also say that I’m able to post a new post without a problem.

Here is my code:

{exp:safecracker 
    channel
="events" 
    
return="{segment_1}/{segment_2}/{segment_3}/success"
    
url_title="{segment_3}"
    
use_live_url="no"
    
site="main"
    
safecracker_head="no"
    
author_only="no"
}
 
... form details ...
{/exp:safecracker} 

Can anyone duplicate the same issue on their MSM installs?

 
Posted: 28 March 2011 09:32 AM   [ # 10 ]   [ Rating: 0 ]
Avatar
Joined: 2002-04-29
26055 posts

nateiler, are you trying this on the initial site of your MSM install, or one of the other sites?

 
Posted: 28 March 2011 11:47 AM   [ # 11 ]   [ Rating: 0 ]
Joined: 2008-04-29
44 posts

The site I’m working with is the root site (site_id = 1) that I renamed from defailt_site to main.  I haven’t tried on any of the other sites for this install.

 
Posted: 28 March 2011 12:57 PM   [ # 12 ]   [ Rating: 0 ]
Joined: 2008-04-29
44 posts

I did some more investigating…

With a new copy of EE (w/ some popular addons included) I created a new channel and uploaded MSM files but didn’t enable or add additional sites.  Registered as ‘admin’ username on install.

Added an entry to channel_a.  No settings have been configured for guest posting.
—- Logged out guest didn’t see a form…as expected.

Added the ‘admin’ super-admin to the safecracker extension settings as the guest publisher.
—- Logged out guest posted successfully…as expected.

Registered a new member and assigned them to super-admin group upon creation.  Assigned new member as guest publisher in the safecracker extension settings.
—- Logged out guest could not post…“You are not authorized to perform this action”

Changed guest poster back to original ‘admin’ super-admin in safecracker extension settings.
—- Logged out guest posted successful.

*** Puzzled at this point because they should have the same privs. ***

Created new member_group and assigned channel posting privs.  Added new member to that group and updated safecracker extension settings.
—- Logged out guest could not post…“You are not authorized to perform this action”

Logged in as new member, moved ‘admin’ to the new member group and updated safecracker extension settings.
—- Logged out guest posted successful.

I’ve duplicated this install multiple times locally trying different combinations and everything seems to be tied to a member and not a member_group.  I also find it strange that when a guest author set in the extension settings and they don’t have privs to post to a channel, the safecracker form doesn’t even appear.  I can’t think of any other settings that would cause “You are not authorized to perform this action” errors.

 
Posted: 28 March 2011 01:16 PM   [ # 13 ]   [ Rating: 0 ]
Joined: 2008-04-29
44 posts

I poked around a bit further and noticed that the error is tied to the author of the entry.  If the author of the entry and guest publisher in the safecracker extension don’t match, it throws the error. 

I changed the author of the entry to match the guest who I define in the safecracker extension settings I can post successfully.  I’m using the author_only=“no” parameter so I assumed this wouldn’t be the case.

I even duplicated this with everyone as super-admin to eliminate any channel posting settings.

Can anyone confirm?

 
Posted: 29 March 2011 08:03 AM   [ # 14 ]   [ Rating: 0 ]
Avatar
Joined: 2004-03-22
12308 posts

nateiler,

I can replicate this. Can you go ahead and create a bug report please?

 Signature 

John Henry’s Website | Follow me on Twitter

 
Posted: 29 March 2011 12:39 PM   [ # 15 ]   [ Rating: 0 ]
Joined: 2008-04-29
44 posts

Thanks.

In case anyone wants to the follow the status of this bug, it’s reported here: https://support.ellislab.com/bugs/detail/15551/

 
1 of 2
1