[pmwiki-users] ZAP default settings question...

The Editor editor at fast.st
Thu Mar 15 05:40:32 CDT 2007


On 3/15/07, Jiri Hladůvka / OBUTEX <admin at obutex.com> wrote:
> Maybe some (:zap config:) would be useful
> which lists:
> *installed modules & versions
> *settings of ZAP variables in local/config.php
>
> All such info I use to place into a special page Site.TechInfo
>
> Regards,
> Jiri


Jiri, your idea suggests a kind of cool answer to my question.  That
is, use this same Site.ZAPconfig page to control where zap commands
are enabled and to define all zap config variables.

Files
:ZAP: {$ZAPversion} // returns release date if enabled on this page
:ZAPextend: {$ZAPextendversion} // can compare with the release dates at zapsite

Commands
:create: Main.Help,Test*,Snippets // specific page, hierarchical
groups, specific group
:delete: Test*,Snippets
:rename:   // if blank, means everywhere
(Negation might be useful in a hg situation, but not planned at this point....)

Groups
:ZAPlogin: Login // notes after slashes will be allowed on function of variable
:ZAPprofiles: Profiles
:ZAPnewslist: NewsList

If the config page does not exist or a setting is not found on it, the
functions would use default values for the group variables, and
extension commands would be enabled everywhere (assuming the script is
enabled and permissions are set).

If the Site.ZAPconfig page is read and edit protected it should be
safe enough.  It sure beats having to rifle through a bunch of config
files to turn things on and off, and it gives you an instant
perspective on how your site is set up.  I would have a page at
ZAPsite that could simply be cut and pasted into your site.  Any
thoughts?

Cheers,
Dan

PS.  Note that the commands parameter only tells where the command can
be used in a form, not where the files it creates, deletes, or renames
must be. I'm inclined to add such a target parameter like the above to
further restrict ZAP, but not sure this will be easy to implement, or
that it is a good idea anyway.  I recognize ZAP has some powerful
functions and security is a first concern, but I also want it to be
easy to use and I hesitate to tie an admin's hands. The primary
security premise is--you protect your site by only allowing trusted
users to edit pages where ZAP is enabled. Fail to do that, and all
bets are off.


More information about the pmwiki-users mailing list