Problems in my site private pages after upgrading Grav 1.3.3+ and Login plugin 2.4.1+

[masetto]

In my site I have groups and users. Each user belongs to one or more groups. Access section is in group definition and not in user account.
From Grav 1.3.3 and Login plugin 2.4.1 in every private pages, after login, I see Welcome page!
I'm not be able to view private pages and I have to add "access" section in account configuration.

I have a group named “jury”. This is the user/config/groups.yaml file:

jury:
  groupname: jury
  readableName: Members of the Jury
  description: 'The group of Jury Members'
  icon: users
  access:
    site:
      login: true
      voting: true

In user account file I have:

groups:
  - jury

Now, adding in user account file this:

access:
  site:
    voting: true

I’m be able to view private page!

So, why do I have to add user access without using the group access rights?

[rhukster]

I tried to recreate this with my test setup.

What i did was i already had a page where access required site.login: true, but a i had another sub page that required site.restricted: true.

I created a groups.yaml file with:

restricted:
  access:
    site:
      restricted: true

Then i set the user's yaml to have this Group:

email: foo@foo.media
access:
  admin:
    login: true
    super: true
  site:
    login: true
groups:
  - restricted

Then ensured my page had the right permissions:

---
protect_protected_page_media: true
access:
    site.restricted: true
---

# Restricted page for site.restricted

And everything works as expected. If i remove the Group entry, I cannot access the restricted page, but when I add the group entry back to the user yaml and re-login, I can access it. I don't require that site.restricted: true in the access section, as the group membership is taking care of it.

[masetto]

Why is it necessary to have access section in user's yaml?

access:
  site:
    login: true

Does it shoud be the same if your groups.yaml file was:

admin:
  access:
    admin:
      login: true
      super: true
    site:
      login: true
restricted:
  access:
    site:
      restricted: true
      login: true

and you user's yaml:

email: foo@foo.media
groups:
  - restricted
  - admin

?
I assure you that before 1.3.3 grav release and 2.4.1 login plugin release it works perfectly.

[rhukster]

Ok I see what you mean. You can in fact put the site.login: true in the group and remove it from the user, but it seems a check was added that is looking for 'something' in user's access. I will track this down and ensure that either access or groups is check, not just access.

[mahagr]

BTW, I noticed the same a few days ago -- only dot notation worked for me. I think the code for groups is different to the ACL, but I didn't really bother to look into it as I got it working.

[rhukster]

Ok should be sorted with last commit.