[RESOLVED] Users cannot post, You do not have enough privs

Solved Technical Support
  • As an administrator (only admin) I am able to post to my categories no problem. I only have administrators and registered-users in the ACP; however I have a verified test user and I am attempting to post and receive the "Error - You do not have enough privileges for this action." dialog whenever I try to create a topic that I know has read/write for registered-users, or reply.

    I have double, triple checked the perms. The following is the output of what redis-cli commands I could find to try and troubleshoot.

    Do I have duplicate groups within redis and need to clean them up some how?

    root@forum:~# redis-cli> hgetall groupslug:groupname
     1) "cid-1-privileges-groups-find"
     2) "cid:1:privileges:groups:find"
     3) "cid-1-privileges-groups-read"
     4) "cid:1:privileges:groups:read"
     5) "cid-1-privileges-groups-topics-create"
     6) "cid:1:privileges:groups:topics:create"
     7) "cid-1-privileges-groups-topics-reply"
     8) "cid:1:privileges:groups:topics:reply"
     9) "cid-2-privileges-groups-find"
    10) "cid:2:privileges:groups:find"
    11) "cid-2-privileges-groups-read"
    12) "cid:2:privileges:groups:read"
    13) "cid-2-privileges-groups-topics-create"
    14) "cid:2:privileges:groups:topics:create"
    15) "cid-2-privileges-groups-topics-reply"
    16) "cid:2:privileges:groups:topics:reply"
    17) "cid-3-privileges-groups-find"
    18) "cid:3:privileges:groups:find"
    19) "cid-3-privileges-groups-read"
    20) "cid:3:privileges:groups:read"
    21) "cid-3-privileges-groups-topics-create"
    22) "cid:3:privileges:groups:topics:create"
    23) "cid-3-privileges-groups-topics-reply"
    24) "cid:3:privileges:groups:topics:reply"
    25) "cid-4-privileges-groups-find"
    26) "cid:4:privileges:groups:find"
    27) "cid-4-privileges-groups-read"
    28) "cid:4:privileges:groups:read"
    29) "cid-4-privileges-groups-topics-create"
    30) "cid:4:privileges:groups:topics:create"
    31) "cid-4-privileges-groups-topics-reply"
    32) "cid:4:privileges:groups:topics:reply"
    33) "registered-users"
    34) "registered-users"
    35) "administrators"
    36) "administrators"
    37) "cid-5-privileges-groups-find"
    38) "cid:5:privileges:groups:find"
    39) "cid-5-privileges-groups-read"
    40) "cid:5:privileges:groups:read"
    41) "cid-5-privileges-groups-topics-create"
    42) "cid:5:privileges:groups:topics:create"
    43) "cid-5-privileges-groups-topics-reply"
    44) "cid:5:privileges:groups:topics:reply"> hgetall groups:administrators
    (empty list or set)> smembers groups
    (empty list or set)> zrange groups:createtime 0 -1
     1) "cid:1:privileges:groups:find"
     2) "cid:1:privileges:groups:read"
     3) "cid:1:privileges:groups:topics:create"
     4) "cid:1:privileges:groups:topics:reply"
     5) "cid:2:privileges:groups:find"
     6) "cid:2:privileges:groups:read"
     7) "cid:2:privileges:groups:topics:create"
     8) "cid:2:privileges:groups:topics:reply"
     9) "cid:3:privileges:groups:find"
    10) "cid:3:privileges:groups:read"
    11) "cid:3:privileges:groups:topics:create"
    12) "cid:3:privileges:groups:topics:reply"
    13) "cid:4:privileges:groups:find"
    14) "cid:4:privileges:groups:read"
    15) "cid:4:privileges:groups:topics:create"
    16) "cid:4:privileges:groups:topics:reply"
    17) "registered-users"
    18) "administrators"
    19) "cid:5:privileges:groups:find"
    20) "cid:5:privileges:groups:read"
    21) "cid:5:privileges:groups:topics:create"
    22) "cid:5:privileges:groups:topics:reply"
  • Get the category id and then run the following query to see if registered-users group is in there.

    zrange group:cid:<cid>:privileges:groups:topics:reply:members 0 -1
  • @baris said:

    zrange group:cid:<cid>:privileges:groups:topics:reply:members 0 -1

    I have verified that the registered-users group is in fact added to every category, which matches what I see in the ACP:

    root@forum:~# redis-cli> zrange group:cid:1:privileges:groups:topics:reply:members 0 -1
    1) "administrators"
    2) "registered-users"> zrange group:cid:2:privileges:groups:topics:reply:members 0 -1
    1) "administrators"
    2) "registered-users"> zrange group:cid:3:privileges:groups:topics:reply:members 0 -1
    1) "administrators"
    2) "registered-users"> zrange group:cid:4:privileges:groups:topics:reply:members 0 -1
    1) "administrators"
    2) "registered-users"> zrange group:cid:5:privileges:groups:topics:reply:members 0 -1
    1) "administrators"
    2) "registered-users"
  • What about topics:create is that set as well?

  • Yes, it is set as well:

    root@forum:~# redis-cli> zrange group:cid:1:privileges:groups:topics:create:members 0 -1
    1) "administrators"
    2) "registered-users"> zrange group:cid:2:privileges:groups:topics:create:members 0 -1
    1) "administrators"
    2) "registered-users"> zrange group:cid:3:privileges:groups:topics:create:members 0 -1
    1) "administrators"
    2) "registered-users"> zrange group:cid:4:privileges:groups:topics:create:members 0 -1
    1) "administrators"
    2) "registered-users"> zrange group:cid:5:privileges:groups:topics:create:members 0 -1
    1) "administrators"
    2) "registered-users"
  • Do registered-users see the New Topic button when they go in a category? And only get the error when they try to submit?

    We hide the new topic button if they don't have privileges to post I think.

  • I am logged in as a test user, which is a registered-users user and validated via email. I can see the "New Topic" button as well as the reply. I get the error when I try to post a reply and I also see it, now that I explored a bit more; when I go back (cmd left arrow on mac) to the previous page/category parent from an individual post.

  • Is your forum public? Post a link if you can. What git revision are you on?

  • It is publicly accessible, but not public, so I will send you a message with a link to it...

    nodebb@forum:~/nodebb$ git branch
    * v0.9.x
    nodebb@forum:~/nodebb$ git status
    On branch v0.9.x
    Your branch is up-to-date with 'origin/v0.9.x'.
    nothing to commit, working directory clean
  • Resolved after talking to baris. I have the mailgun emailer plugin, and also had the db_search and MFA plugin. Disabled db_search and MFA and permissions are working as expected.

    If you experience this, try disabling/uninstalling plugins.

  • MFA plugin I can see possibly doing that, but db search? 😕

    Care to explain what happened?

  • @BDHarrington7 going to reinstall search and see if everything is working. I ended up removing all but mailgun and now going to see about enabling one by one to identify the culprit.

Suggested Topics