If the user doesn't have permission to view templates, they will get an error they don't have permission to access a template when for example listing templates. While the error is not very descriptive, this does not seem like a bug?

If it returns a mystery error message it's a UX bug. If it's showing that old dialogue with 200 and the okay button, that's not just obtuse it gives the impression of something being broken or that the user may have done something wrong.

It should have error state microcopy associated with it. Whenever someone attempts to access something they are not permitted to access. Something like "You do not have permissions to access this [OBJECTNAME], please contact your site administrator"

In previous versions of Modx (< 2.5.4) there were no problems. After upgrading to 2.5.4. the error 200 OK message is back when the user is going to a resource to update. See the forum for more info about this error, many had this problem in the past, I also. When checking 'view_template' the error is gone. To me that seems like a bug.

Are you suggesting that the Admin or SUDO user doesn't have View Template access by default or is this after creating a new user with a specific set of user permissions?

It sounds more like you restricted the user account in the past, but never logged out and back in to update the permissions cached in the session. Then along comes 2.5.4, which wipes the session table, and now a simple configuration issue is a bug in a new version? :P

Improving the error message is tracked in #12568.

For the Admin or SUDO everything is fine. It's after creating a new user who has a set of user permissions. Or in the case of Modx 2.5.4. after upgrading to 2.5.4. the existing user permissions of that policy.

Right, @Mark-H, and thanks for sharing the error message task. @funkyduke, I think we need to understand the nature of the user in question for sure.

I'd say if we fail to give users the appropriate permissions, only the error message is the problem, then. The proper message would lead you, the site builder, to be able to associate the problem with the lack of permission on the user account. I am not sure if this is a bug either at this point.

I have updated more than 50 sites to 2.5.4 and all of them have the error-message. I am now logging in one by one to check view_template. I don't know how to fix this in another way.

Sorry if I'm being too dismissive of this issue @funkyduke, I'll gladly be proven wrong that this is an actual bug in 2.5.4, but it just sounds like "I didn't give my user the right permission and they got a pop-up telling them they didn't have the right permission".

If you can provide further information that this is an actual bug, and not just a configuration issue you've copy/pasted into those 50 sites, that would be most welcome.

What version of MODX are the sites needing upgrade on currently @funkyduke?

@Mark-H I know it's a very annoying issue, but like you can see in the forum many had this problem in the past. And I also had this problem in the past and then we had to give certain permission not to have this error and everything did go fine until now this upgrade to 2.5.4. Most of my sites were on 2.5.2 before upgrade, some had an earlier version (but never very old). So if the user shouldn't have the right permissions, why did it work in the past without 'error 200 OK'-message, and now with the upgrade the error is back? On all of my websites? When upgrading nobody was logged in and I cleared the cache before upgrade.

for info: If you click away the error you can normally update the resource.

@Mark-H any chance #13174 could have affected this? I don't have any clue, though. There really aren't that many changes between 2.5.2 and 2.5.4 so I am a little unsure of why this would show up.

The full message is this:

Code: 200 OK {"success":false,"message":"Toegang geweigerd!","total":0,"data":[],"object":[]}

Actually, yes, that could be related Jay. Good find, didn't realise that had been merged in.

Iirc that permission would've been checked already though, so older releases wouldn't have been able of viewing the list of templates. The pop-up would be new, but it wouldn't have worked properly before.

If it can help, I can always send you my editor.policy.xml file.

Ugh, looks like it only checked the list permission on the object before (I think that's the category permission it checks there), not view_template.

Not sure if I'd call it a bug because of what's in #13174 but that does explain why the popup only started showing in 2.5.4.

@funkyduke How would that help? You already identified the permission in your first post.

@Mark-H No problem. Maybe you needed a full list of all permissions checked. But I see you have found the issue in mean time. Thx for the help.

for info: Other reports: https://forums.modx.com/thread/101563/user-error-200-ok-in-2-5-4-in-manager-when-opening-resource

In consideration, I think the UI should not throw an error when viewing a Resource if you don't have view_template permissions but just not display the field or disable the field. It should only throw an error if someone were to somehow try to access templates in the Elements tree or via a direct link.

@Mark-H, @jaygilmore - One other thing beyond the popup error comes from this change of perm. check from list object to view_template: if view_template isn't selected in the policy, you can't view the list of templates and thus can't change the template for a resource.

You're right. It's not really a bug, but it is a change in how the permissions are used, and thus something that worked before might not on upgrade (depending on the access policies in use), without a change in impacted access policies.

That's a good summary @ckburnett. Oversight on my part when adding the permission to that processor.

Another consideration is that the default content editor policy that ships with MODX doesn't have the view_template permission, meaning the defaults result in an error, so this'll need to get fixed one way or another.

Thanks funkyduke. I try to keep all my sites updated to the latest version. After updating my first site to 2.5.4 today I spent several hours reading old forum solutions, and pulling my hair out to solve the old famous Code: 200 OK error. The only suggestion that solved the problem was to check the permission for view_template. Now I'll try updating all the others. Thank you!

@Mark-H Adding this permission to the default policies would be a viable solution for this problem?

@OptimusCrime I don't think so. I think there is a legitimate reason that you'd want to prevent the error from displaying on the resource create/update view yet still prevent the access to the templates from the tree. I am also not sure if changing the default ACL for the built-in perms will update on upgrade.

That is true. However, the error box has always been there and has more "problems" than just this one incident.

To me, it comes down to if view_template is strictly for viewing the actual contents of the template _(not to be confused with edit_template)_, vs. fetching a list of available Templates.

Based on how load, list, view works in other areas throughout the system, to me this seems like a valid bug. Fetching a list should probably only require listing permissions _(likely why it was list before #13174)_, especially since we don't have list_template, etc for finer control.

It's tricky, where do you draw the line? Should all /getlist processors only require one single list permission?

Basic permission to "list" any object. List means to get a collection of objects.

Example:

...
- element/tv/getlist        set to view_tv
- element/template/getlist  set to view_template
- element/plugin/getlist    set to view_plugin
- element/chunk/getlist     set to view_chunk
- element/category/getlist  set to view_category
- element/snippet/getlist   set to view_snippet

vs.

...
- element/tv/getlist        set to list
- element/template/getlist  set to list
- element/plugin/getlist    set to list
- element/chunk/getlist     set to list
- element/category/getlist  set to list
- element/snippet/getlist   set to list

Had the same issue. Upgraded sites to 2.5.4 and all manager users with a custom policy received 'error 200 OK' popup when trying to edit any resource. The console showed it was the getList action returning the error.

The 'uses template' drop down showed zero and the list was blank. I ticked the 'view_template' option in their access policy and problem solved.

No issue in ver 2.5.2. This is very confusing because of the access policy labels and the non-descriptive error. For example 'view_tv' is not selected for these users but no errors or issues viewing or editing resource tv's.

Our team is having this issue as well. Glad to know there is a fix!

actual for me too, forgot to create issue but always someone is faster :)

I had the same message but another access policy was necessary to solve it ""view_user". I posted a the problem here:
https://forums.modx.com/thread/?thread=101563&page=2

The solution did not seem to work for me until I logged out the concerning user before changing the view_template permission.
Before I found this out, I was setting the permission, refreshing permissions, logging out and logging in the concerning user and the 200 error still appeared.
So it seems to be important to log the user out first, then set the permission.

You need to flush the user permissions (I think) as these are cached in the database. This has always been the case with MODX permissions.

@OptimusCrime I did that, although my translation from the Dutch version isn't correct. I said refresh permissions, where I meant flush. But that was not enough. The user needs to be logged out before setting the permission.

That's weird, I thought flushing all the permissions would do the same as logging in and out?

This issue (that boils down to a missing view_template permission for users with the default "Content Editor" access policy assigned when updating to more recent Revo versions starting from 2.5.4 and up) has been fixed with closing of #13505 at #modxbughunt

Indeed, #13508 should solve this, so closing

modxbughunt #1point to @gernotebenlechner

In version 2.6.1 the issue is back! view_template is checked though...

It's not view_template, it's view_user that needs to be checked.

@gerbenb there are different options that need to be checked, view_template is one of them. View_user is indeed another one.

It always worked fine, until 2.6.1.

Why does MODX not give clear instructions on this? Or a better user/role management structure...

Would be nice if the error included the permission that's missing. :)

If you have VersionX installed, that can also be a reason for the view_user to be triggered. https://github.com/Mark-H/VersionX2/issues/96

Yes, a proper error message would help.

VersionX is installed. Still strange the error message just pops up after updating to 2.6.1.

It's back in 2.6.5! view_template, view_user and all other permissions mentioned are checked.

I'm finding this error message on 2.7.2 and have all the permissions checked as previously discussed. It is annoying when this happens because clients find this off putting. Would be useful if it could be easily figured out as to which permission is causing the problem. Mine is for a client who when she goes to view the users gets the error message and she has all the necessary User related permissions checked.

Related with https://github.com/modxcms/revolution/issues/14506 (Error Message)

It is not very productive to fix errors of this kind. The problem is that the access control needs a global cleanup:

• it's full of outdated permissions
• many conflicting or illogical permissions
• many permissions that depend on others (although configured separately)
• a bunch of ui / ux bugs
• and other...

I have the view_templates checked as it was part of the forum thread that I was a part of here https://forums.modx.com/thread/?thread=92206&page=3.

The error message started to appear after I upgraded a site from 2.6.5 to 2.7.2 It appears when going to update a user. The error message did not appear before the upgrade and I have checked all the relevant permissions for viewing, updating, saving, amending users and usergroups.

The error message only started to appear again after upgrade. I wonder whether it has something to do with the introduction of the Trash Manager as I am also having issues with some users being able to fully purge resources from the Trash Manager and others not being able to remove anything!! And I appreciate Trash Manager issues is separate from this ;)

Improved in #15402