[pmwiki-users] UserAuth2 : Working with ZAP?

ThomasP pmwikidev at sigproc.de
Sat Dec 22 22:35:22 CST 2007


On Mon, December 17, 2007 1:33 pm, ThomasP wrote:
> ...
>
> For the level 'attr', I just noticed that at the moment it's "hardwired"
> denied, but it's sufficient to uncomment the line in userauth2.php
> containing the word "frequently" to get this part already resolved. (This
> will just grant 'attr' queries exactly to the admin only.)
>
> For the zap level, looking into zap.php shows the "guilty" line as
>
> if(!CondAuth($pagename, "zap")) ZAPabort('submit', "You are not authorized
> to submit this form. ");
>
> As to what Dan said, it can obviously be allowed to anyone without
> problems, so if you set
>
> $UA2AlwaysAllowedLevels[] = 'zap';
> $HandleAuth['zap'] = 'zap'; // this line currently only
>
> in your local/config.php, it should be fine.
>

As actually all additional settings are generally useful, I have put them
directly in the UA2 distribution.

In particular I have introcuced a new variable

$UA2DenyAttrLevel

which when set to false will allow the "attr" level (and thus access to
the attr pages) to the wiki admin. (Default is true, which denies "attr"
to anyone.)

The previous config recommendations will thus be replacable by

$UA2DenyAttrLevel = false;

starting from version 2.1-beta1.

ThomasP







More information about the pmwiki-users mailing list