[5.x]: Unable to modify structure due to permission-error as admin

[sqp-alpaca]

What happened?

Description

Hello,

I'm currently experiencing a strange issue in the control panel. When I try to modify the structure in my sectio (for example, by nesting entries or changing their order) I receive the following error message in the bottom left-hand corner:

"User is not authorized to perform this action."

Here’s a screenshot of the error:

The strange part is that I'm logged in as an admin, so I shouldn’t have any restrictions.

Additionally, while reporting this issue, I noticed that the language setting I selected in the user settings is not being applied - although saving the setting does seem to work.

Overall, this behavior seems quite odd, and I’m not sure what might be causing it. I’d really appreciate any support in troubleshooting this issue.

Thanks in advance!

Best regards

Steps to reproduce

1. Go to a structure-Section
2. Try to change the order of entries or nesting the entries.

Expected behavior

1. Nesting entries or changing their order is possible

Actual behavior

1. Getting the error above

Craft CMS version

5.6.9.1

PHP version

8.3

Operating system and version

Linux (Cyon-Hosting)

Database type and version

MariaDB 10.6

Image driver and version

No response

Installed plugins and versions

Snippet from the composer.json:

"craftcms/ckeditor": "4.5.0",
"craftcms/cms": "5.6.9.1",
"mmikkel/cp-field-inspect": "2.0.4",
"nystudio107/craft-retour": "5.0.6",
"nystudio107/craft-seomatic": "^5.1",
"putyourlightson/craft-blitz": "5.9.10",
"putyourlightson/craft-sprig": "3.5.2",
"verbb/formie": "3.0.20",
"verbb/user-group-field": "4.0.0",
"vlucas/phpdotenv": "^5.4.0",

[i-just]

Hi, thanks for getting in touch! Could you please share the full stack trace for this error? Also, could you turn on the safeMode and check if the issue persists?

[sqp-alpaca]

Hi, I tried it with the safeMode activated but I'm still not able to modify the structure. Here is the full stack trace:

web.ERROR] [yii\web\HttpException:403] yii\web\ForbiddenHttpException: User is not authorized to perform this action in /var/www/html/vendor/craftcms/cms/src/web/Controller.php:523
Stack trace:
#0 /var/www/html/vendor/craftcms/cms/src/controllers/StructuresController.php(61): craft\web\Controller->requireAuthorization()
#1 /var/www/html/vendor/yiisoft/yii2/base/Controller.php(176): craft\controllers\StructuresController->beforeAction()
#2 /var/www/html/vendor/yiisoft/yii2/base/Module.php(552): yii\base\Controller->runAction()
#3 /var/www/html/vendor/craftcms/cms/src/web/Application.php(361): yii\base\Module->runAction()
#4 /var/www/html/vendor/craftcms/cms/src/web/Application.php(660): craft\web\Application->runAction()
#5 /var/www/html/vendor/craftcms/cms/src/web/Application.php(323): craft\web\Application->_processActionRequest()
#6 /var/www/html/vendor/yiisoft/yii2/base/Application.php(384): craft\web\Application->handleRequest()
#7 /var/www/html/web/index.php(46): yii\base\Application->run()
#8 {main} {"memory":2474968,"exception":"[object] (yii\\web\\ForbiddenHttpException(code: 0): User is not authorized to perform this action at /var/www/html/vendor/craftcms/cms/src/web/Controller.php:523)"} 

[i-just]

Thanks! Is this happening consistently in all environments? Do you have any custom app configuration (config/app.php)?

[sqp-alpaca]

Yes, unfortunately this happens in all environments. Yes I do, here is the app.php file:

return [
    'id' => App::env('CRAFT_APP_ID') ?: 'CraftCMS',
    'modules' => [
        'my-module' => \modules\Module::class,
    ],
    //'bootstrap' => ['my-module'],
    '*' => [
        'components' => [
            'mailer' => function () {
                /**
                 * Check the .env file for settings
                 */
                // Get the stored email settings
                $settings = App::mailSettings();

                // Override the transport adapter class
                $settings->transportType = craft\mail\transportadapters\Smtp::class;

                // Override the transport adapter settings
                $settings->transportSettings = [
                    'host' => APP::env('SMTP_HOST'),
                    'port' => APP::env('SMTP_PORT'),
                    'useAuthentication' => APP::env('SMTP_USE_AUTHENTICATION'),
                    'encryptionMethod' => APP::env('ENCRYPTION_METHOD'),
                    'username' => APP::env('SMTP_USER'),
                    'password' => APP::env('SMTP_PW'),
                ];

                $config = App::mailerConfig($settings);
                return Craft::createObject($config);
            },
            'deprecator' => [
                // Throw exceptions on deprecation warnings
                'throwExceptions' => App::env('CRAFT_ENVIRONMENT') === 'local',
            ],
        ]
    ],
];

[i-just]

Could you please send your composer.json, composer.lock and database export to support@craftcms.com and point out which entry you’re moving when this happens and which user you’re logged in as so we can try to reproduce and dig deeper?

[sqp-alpaca]

I’ve just sent it to support@craftcms.com. Let me know if you need any additional details! Thanks for looking into this.