[pmwiki-users] Zap Group Site Bocked

The Editor editor at fast.st
Wed Nov 21 12:58:44 CST 2007 

On 11/20/07, Ben Stallings <ben at interdependentweb.com> wrote:
>
> Dan wrote,
> > And any serious security pages left in the site group that haven't been
> > moved to siteadmin?
>
> Well, since you ask, there's Site.ZAPConfig.  :-)  I'm still working on
> my ZAP CMS bundle, and a few very minor items I would put on a wish list
> for ZAP include:
>
> 1) Move the ZAPConfig page from Site to SiteAdmin.


This is simply a question of doing a search and replace of Site.ZAPConfig to
SiteAdmin.ZAPConfig in the ZAPtoolbox. There are a good number of calls to
it in the various functions.


2) Cause the register and login functions to actually use the page
> designated in ZAPConfig as Login: (as the documentation claims they do),
> instead of the one designated as Profiles: (as they actually do).


To get it to use a different group, you have to put something like this in
Site.ZAPConfig:

Profiles: Login

The code is found in the zaptoolbox.php, line 318. Can you verify that this
is not working? Or did you perhaps do something slightly different?  As I
don't have a running copy of ZAP up anywhere, I can't really confirm
this...  But it was working fine when I left ZAP, as I was using it this way
in my own setup.


3) Fix the feature that disables ZAP extensions except on the pages
> specified in ZAPConfig -- this feature does not appear to actually exist
> anywhere in the code in the current version of ZAP, as far as I can
> tell, but it's still promised in the documentation.  I know it used to
> work, but it must have gotten lost in a revision of the recipe.  At any
> rate I can't get it to work and can't find it in the code, which is
> disconcerting.


In beefing up the security of ZAP I changed it from putting everyting in
ZAPConfig, to putting the commands control and the target controls in
separate pages. From your email I'm assuming you are still trying to put
these controls in Site.ZAPConfig... Note these from the comments in the
zap.php code (starting around line 337).

## This function is used to check various kinds of permissions in
ZAP--namely commands and targets
## ZAPauth('edit', 'Test.Main', 'Commands') will verify whether or not the
edit command is allowed for page Test.Main
## ZAPauth('Test.One', 'Test.Two', 'Targets') verifies whether a form on
Test.One can write to Test.Two
## The permissiable values are all set on Site.ZAPCommands or
Site.ZAPTargets as normal PTV's

Note these pages also need to be moved to the SiteAdmin group.  Probably by
just doing a search and replace of $SiteGroup to $SiteAdminGroup. I would
double check both zap and zaptoolbox, just to be safe.

These are extremely minor changes, and if I were willing to go on record
> as maintainer of ZAP I would just find them and fix them, but since I'm
> not it's easier to change my bundle's copy of the documentation for now.


Eh, I'm willing to offer a tip or two but I can't really keep this up
either. Perhaps if you do make these changes to your local copy you could
upload that...


  So thanks for asking, Dan!  ;-)  Hope your other projects are coming
> along well.  --Ben
>

Thanks Ben, you know what is doing great. :) In fact so well, I get kind of
bored at times. Having trouble finding problems to fix! Anyway, miss the
awesome user group around here. Always inspiring.

Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20071121/62fca26b/attachment.html

More information about the pmwiki-users mailing list