Thread

I have an issue where safecracker will only save entries if the safecracker user ID is equal to that of the user who authored the post. I have two admin users set up, they can edit their own posts, but not each others.

When a user tries to edit a post that is not theirs they get the error “You are not authorized to perform this action”

Here’s my code:

{exp:safecracker 
        datepicker="no" 
        url_title="{segment_3}" 
        include_jquery="no"
        require_entry="yes"
        rules:cf_orphan_sponsor_email="required|valid_email|min_length[5]"
    }
    <label for="url_title">Your Name</label>

    <input type="text" name="cf_orphan_sponsor_name" id="cf_orphan_sponsor_name" value="{cf_orphan_sponsor_name} - {title}" maxlength="75" size="50" /><br >

    <label for="url_title">Your Email</label>

    <input type="text" name="cf_orphan_sponsor_email" id="cf_orphan_sponsor_email" value="{cf_orphan_sponsor_email}" maxlength="75" size="50" /><br >

    <label for="url_title">Your Phone Number</label>

    <input type="text" name="cf_orphan_sponsor_phone" id="cf_orphan_sponsor_phone" value="{cf_orphan_sponsor_phone}" maxlength="75" size="50" /><br >

    {if captcha}
        <label for="captcha">Please enter the word you see in the image below:</label>

        {captcha}

        <input type="text" name="captcha" value="{captcha_word}" maxlength="20" /><br >
    {/if}

    <input type="submit" name="submit" value="Submit" />
{/exp:safecracker}

I’m attaching a screenshot of my settings

Can the admins edit regular users posts? What version of EE and SafeCracker are you using? Are you using mod_rewrite anywhere on your site?

Which variety of error message are you getting, the 1st or 2nd attachment?

Just a shot it the dark, but you should try setting channel=“orphans”, it seems to be missing from your form.

Thanks for the assist, Rob.

Philip - are you also allowing those members to edit other person’s entries?

Sorry for the slow reply - Yes the admin users have access to edit any and all posts.

The type of error I’m getting is of the grey box kind. Screenshot attached.

I tried adding channel=“orphans” to the tag pair but that didn’t effect the results.

Philip - is this SafeCracker 2.0 or 1.03? Going to try and reproduce on my install.

2.0 - thanks!

Philip,

I made a complete replication of your set-up and wasn’t able to reproduce your error screen
Are you using a htaccess o remove index.php?

I applied this fix previously which may has some bearing but I don’t think so

I’m experiencing the same “You are not authorized to perform this action” issue.  I duplicated the safecracker settings on two different sites and I noticed that my MSM site gives me the “You are not authorized to perform this action” error while the non-MSM doesn’t.

Both sites are 2.1.3 with Safecracker2.  I’ve setup the guest post member group to super-admin within the extension to make sure they have the proper privileges.

I can also say that I’m able to post a new post without a problem.

Here is my code:

{exp:safecracker 
    channel="events" 
    return="{segment_1}/{segment_2}/{segment_3}/success"
    url_title="{segment_3}"
    use_live_url="no"
    site="main"
    safecracker_head="no"
    author_only="no"
}
 ... form details ...
{/exp:safecracker}

Can anyone duplicate the same issue on their MSM installs?

nateiler, are you trying this on the initial site of your MSM install, or one of the other sites?

The site I’m working with is the root site (site_id = 1) that I renamed from defailt_site to main.  I haven’t tried on any of the other sites for this install.

I did some more investigating…

With a new copy of EE (w/ some popular addons included) I created a new channel and uploaded MSM files but didn’t enable or add additional sites.  Registered as ‘admin’ username on install.

Added an entry to channel_a.  No settings have been configured for guest posting.
—- Logged out guest didn’t see a form…as expected.

Added the ‘admin’ super-admin to the safecracker extension settings as the guest publisher.
—- Logged out guest posted successfully…as expected.

Registered a new member and assigned them to super-admin group upon creation.  Assigned new member as guest publisher in the safecracker extension settings.
—- Logged out guest could not post…“You are not authorized to perform this action”

Changed guest poster back to original ‘admin’ super-admin in safecracker extension settings.
—- Logged out guest posted successful.

*** Puzzled at this point because they should have the same privs. ***

Created new member_group and assigned channel posting privs.  Added new member to that group and updated safecracker extension settings.
—- Logged out guest could not post…“You are not authorized to perform this action”

Logged in as new member, moved ‘admin’ to the new member group and updated safecracker extension settings.
—- Logged out guest posted successful.

I’ve duplicated this install multiple times locally trying different combinations and everything seems to be tied to a member and not a member_group.  I also find it strange that when a guest author set in the extension settings and they don’t have privs to post to a channel, the safecracker form doesn’t even appear.  I can’t think of any other settings that would cause “You are not authorized to perform this action” errors.

I poked around a bit further and noticed that the error is tied to the author of the entry.  If the author of the entry and guest publisher in the safecracker extension don’t match, it throws the error. 

I changed the author of the entry to match the guest who I define in the safecracker extension settings I can post successfully.  I’m using the author_only=“no” parameter so I assumed this wouldn’t be the case.

I even duplicated this with everyone as super-admin to eliminate any channel posting settings.

Can anyone confirm?

nateiler,

I can replicate this. Can you go ahead and create a bug report please?