Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Roles & Permissions - Role/Edit Error [RESOLVED]

edited July 2018 in Vanilla 2.0 - 2.8

I have this issue, and i'm unsure of how to fix it. Whenever I try and update any roles/permissions, and hit the "save" button, it says I don't have permission. I'm logged in using the admin account (if that even matters). Maybe I have to change directory permissions (chmod)? Below is the exact error:

Forbidden

You don't have permission to access /*******/role/edit/16 on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Thanks!

Comments

  • R_JR_J Ex-Fanboy Munich Admin

    Try to make this changes as the forums admin. Make sure you are the admin by looking at the GDN_User table and see if the user account you are using has a 1 in the Admin column.
    If you still get the same error when you make this changes with the forum superadmin (that's what the 1 in the Admin column is all about), please post the content of your database tables GDN_Role and GDN_Permission.

  • Thanks R_J,

    My permission table looks like this:

    As for my GDN_User, it shows "1", under admin, for my username.

    And GDN_Role, it looks like this:

    RoleID----Name----Description----Sort
    --2------Guest-------------------1
    --4------Applicant----------------3
    --8------Member-----------------4
    --32----Moderator----------------5
    --16----Administrator-------------6
    --3-----unconfirmed--------------2

  • R_JR_J Ex-Fanboy Munich Admin

    Please run your forum.com/utility/structure
    Your Role table is missing at least one column

  • @R_J

    I ran utility/structure, and attempted to save roles & permissions again, but no luck, still get the same error.

    When I run utility/structure, I get this:

    alter table `GDN_UserAuthenticationNonce`
    -- [Existing: `Timestamp` timestamp not null default CURRENT_TIMESTAMP, New: `Timestamp` timestamp not null]
    change `Timestamp` `Timestamp` timestamp not null;
    
    alter table `GDN_UserAuthenticationToken`
    -- [Existing: `Timestamp` timestamp not null default CURRENT_TIMESTAMP, New: `Timestamp` timestamp not null]
    change `Timestamp` `Timestamp` timestamp not null;
    
    alter table `GDN_AccessToken`
    -- [Existing: `DateInserted` timestamp not null default CURRENT_TIMESTAMP, New: `DateInserted` timestamp not null default current_timestamp]
    change `DateInserted` `DateInserted` timestamp not null default current_timestamp,
    -- [Existing: `DateExpires` timestamp not null default CURRENT_TIMESTAMP, New: `DateExpires` timestamp not null default current_timestamp]
    change `DateExpires` `DateExpires` timestamp not null default current_timestamp;
    
    update GDN_User `User`
    set Permissions = ''
    where Permissions <> '';
    
    insert GDN_UserMeta 
    (`UserID`, `Name`, `Value`) 
    values ('0', 'stubcontent.record.locale', 'en');
    

    then when I hit "run structure and data scripts", it says "The structure was successfully executed." But if I hit "rescan" that code comes up again. Any idea?

  • R_JR_J Ex-Fanboy Munich Admin

    That messages are no problem. If your Role table has still no more columns you might need to import a table. Either by doing a clean install or by searching this forum. A user table dump has been posted before

  • Whoops, I was confused by what you said earlier, and now I realized it. I didn't type out the extra columns, because I didn't think they were needed, that's my mistake. Here's an image so you can see the extra ones:

  • R_JR_J Ex-Fanboy Munich Admin

    I don't see a cause for that behaviour. If it comes with a 403 http error, you might try it with the private session of your browser, but I do not really think that this will work.
    Some plugins were creating a corrupted column in the permission table in the past and that would be a column titled "1". But I also don't think that this is the problem.

    As the super admin you should never see a permission error. Have you assigned more roles to this admin account? That might be an explanation: an admin account with an additional role that is not allowed to edit roles. But if it is not this constellation, I'm out of ideas...

  • @R_J

    Darn, this isn't looking good. I tried a private session; same error. I have not assigned more roles since I installed 2.6. Except that I transferred in my old db, so maybe the permissions are saved there? I did however, take GDN_Permission and GDN_Role, from a fresh install, and replaced the tables of my old db, with them, because that was the only way I could get the migration to work properly.

    As of now, I have my "old" vanilla, and 2.6, both running on my server while I try to work out the issues with 2.6. And if I go to my old forum, and try and edit roles and permissions there, I actually get the same error (Version 2.0.18.1). I never got this error when I had 2.0.18.1 on my old host. Maybe it has something to do with my current hosting provider, is that possible? Thanks either way!

  • how did you transfer the db?

    grep is your friend.

  • @x00

    1. I exported my old db using Navicat
    2. created a new mysql database on new server
    3. Imported the db onto my new server using navicat again
    4. created another mysql database
    5. installed a fresh copy of 2.6
    6. dropped GDN_Permission and GDN_Role using phpmyadmin, from my old db
    7. grabbed GDN_Permission and GDN_Role from the fresh 2.6 install, and imported them into my old db
    8. changed config.php in 2.6 to point towards my old db
    9. ran /utility/update and /utility/structure
    10. completed.
  • x00x00 MVP
    edited July 2018

    @StaticCory said:
    I have this issue, and i'm unsure of how to fix it. Whenever I try and update any roles/permissions, and hit the "save" button, it says I don't have permission. I'm logged in using the admin account (if that even matters). Maybe I have to change directory permissions (chmod)? Below is the exact error:

    Forbidden

    You don't have permission to access /*******/role/edit/16 on this server.

    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

    Thanks!

    This is likely a server level error. rather than a vanilla. (framework) level. That url is restricted by your server rule for whatever reason

    Either you are overriding the page served for that status code in the server rule or it has nothign to do with vanilla.

    the phrase "on this server" does not occur in the core files. Unless you are using something with that catchphrase. You can a string search your forum (e.g. with grep) for that phase case insensitively.

    It seems more of coincidence it has to to do with role, except some server security modules have stop words which are considered suspicious.

    grep is your friend.

  • x00x00 MVP
    edited July 2018

    the typical permission error is "You don't have permission to do that" or" You need the x permission to do that."

    grep is your friend.

  • x00x00 MVP
    edited July 2018

    first step to figure out what error handling or status code overrides are on your server. You want the framework to handle thing if it is involved at all, then lookign at Apache security modules

    grep is your friend.

  • @x00

    Thanks for the responses. I have no idea how to check any of that, or what to actually look for. If these overrides had to be input manually, then I definitely didn't do it, because this is a brand new server, and I haven't touched anything yet, other than installing vanilla.

    Since you seem to think it has nothing to do with Vanilla, maybe I can just ask my host, and see what they can tell me (although, they'll probably tell me it has something to do with vanilla) :(

  • @x00

    There issue has been resolved. There was а mod_security rule which resulted in a blockage for my ip. So it was in fact an apache module.

  • Great stuff. You did exactly what you should under these circumstances.

    grep is your friend.

Sign In or Register to comment.