Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Roles & Permissions - Role/Edit Error [RESOLVED]
I have this issue, and i'm unsure of how to fix it. Whenever I try and update any roles/permissions, and hit the "save" button, it says I don't have permission. I'm logged in using the admin account (if that even matters). Maybe I have to change directory permissions (chmod)? Below is the exact error:
Forbidden
You don't have permission to access /*******/role/edit/16 on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Thanks!
0
Comments
Try to make this changes as the forums admin. Make sure you are the admin by looking at the GDN_User table and see if the user account you are using has a
1in theAdmincolumn.If you still get the same error when you make this changes with the forum superadmin (that's what the 1 in the Admin column is all about), please post the content of your database tables GDN_Role and GDN_Permission.
Thanks R_J,
My permission table looks like this:
As for my GDN_User, it shows "1", under admin, for my username.
And GDN_Role, it looks like this:
RoleID----Name----Description----Sort
--2------Guest-------------------1
--4------Applicant----------------3
--8------Member-----------------4
--32----Moderator----------------5
--16----Administrator-------------6
--3-----unconfirmed--------------2
Please run your forum.com/utility/structure
Your Role table is missing at least one column
@R_J
I ran utility/structure, and attempted to save roles & permissions again, but no luck, still get the same error.
When I run utility/structure, I get this:
alter table `GDN_UserAuthenticationNonce` -- [Existing: `Timestamp` timestamp not null default CURRENT_TIMESTAMP, New: `Timestamp` timestamp not null] change `Timestamp` `Timestamp` timestamp not null; alter table `GDN_UserAuthenticationToken` -- [Existing: `Timestamp` timestamp not null default CURRENT_TIMESTAMP, New: `Timestamp` timestamp not null] change `Timestamp` `Timestamp` timestamp not null; alter table `GDN_AccessToken` -- [Existing: `DateInserted` timestamp not null default CURRENT_TIMESTAMP, New: `DateInserted` timestamp not null default current_timestamp] change `DateInserted` `DateInserted` timestamp not null default current_timestamp, -- [Existing: `DateExpires` timestamp not null default CURRENT_TIMESTAMP, New: `DateExpires` timestamp not null default current_timestamp] change `DateExpires` `DateExpires` timestamp not null default current_timestamp; update GDN_User `User` set Permissions = '' where Permissions <> ''; insert GDN_UserMeta (`UserID`, `Name`, `Value`) values ('0', 'stubcontent.record.locale', 'en');then when I hit "run structure and data scripts", it says "The structure was successfully executed." But if I hit "rescan" that code comes up again. Any idea?
That messages are no problem. If your Role table has still no more columns you might need to import a table. Either by doing a clean install or by searching this forum. A user table dump has been posted before
Whoops, I was confused by what you said earlier, and now I realized it. I didn't type out the extra columns, because I didn't think they were needed, that's my mistake. Here's an image so you can see the extra ones:
I don't see a cause for that behaviour. If it comes with a 403 http error, you might try it with the private session of your browser, but I do not really think that this will work.
Some plugins were creating a corrupted column in the permission table in the past and that would be a column titled "1". But I also don't think that this is the problem.
As the super admin you should never see a permission error. Have you assigned more roles to this admin account? That might be an explanation: an admin account with an additional role that is not allowed to edit roles. But if it is not this constellation, I'm out of ideas...
@R_J
Darn, this isn't looking good. I tried a private session; same error. I have not assigned more roles since I installed 2.6. Except that I transferred in my old db, so maybe the permissions are saved there? I did however, take GDN_Permission and GDN_Role, from a fresh install, and replaced the tables of my old db, with them, because that was the only way I could get the migration to work properly.
As of now, I have my "old" vanilla, and 2.6, both running on my server while I try to work out the issues with 2.6. And if I go to my old forum, and try and edit roles and permissions there, I actually get the same error (Version 2.0.18.1). I never got this error when I had 2.0.18.1 on my old host. Maybe it has something to do with my current hosting provider, is that possible? Thanks either way!
how did you transfer the db?
grep is your friend.
@x00
This is likely a server level error. rather than a vanilla. (framework) level. That url is restricted by your server rule for whatever reason
Either you are overriding the page served for that status code in the server rule or it has nothign to do with vanilla.
the phrase "on this server" does not occur in the core files. Unless you are using something with that catchphrase. You can a string search your forum (e.g. with grep) for that phase case insensitively.
It seems more of coincidence it has to to do with role, except some server security modules have stop words which are considered suspicious.
grep is your friend.
the typical permission error is "You don't have permission to do that" or" You need the x permission to do that."
grep is your friend.
first step to figure out what error handling or status code overrides are on your server. You want the framework to handle thing if it is involved at all, then lookign at Apache security modules
grep is your friend.
@x00
Thanks for the responses. I have no idea how to check any of that, or what to actually look for. If these overrides had to be input manually, then I definitely didn't do it, because this is a brand new server, and I haven't touched anything yet, other than installing vanilla.
Since you seem to think it has nothing to do with Vanilla, maybe I can just ask my host, and see what they can tell me (although, they'll probably tell me it has something to do with vanilla)
@x00
There issue has been resolved. There was а mod_security rule which resulted in a blockage for my ip. So it was in fact an apache module.
Great stuff. You did exactly what you should under these circumstances.
grep is your friend.