We had problems with denied access for Staff and realized that we had activated ACL with the old IP address of the old office location. The problem was that it was not giving us access in any way. But bypassing this check in scp/staff_inc.php at row 25 commenting this code
// Enforce ACL (if applicable)
if (!Validator::check_acl('staff'))
die(__('Access Denied'));
I was able to disable ACL and now it works again correctly.
After disable it you have to uncomment again.
I just addedd a suggestion in order to know if ACL will blocks in the future
// Enforce ACL (if applicable)
if (!Validator::check_acl('staff'))
die(__('Access Denied due to ACL restrictions'));
You should just simply disable the setting from the database next time; _config table. Also, we have a generic message so it doesn’t leak a specific reason to potential attackers. They just simply see access denied and they don’t know why. If you change your message they will know it’s due to ACL and try to find a way around it.
Cheers.
