[pmwiki-devel] zap permissions questions

[The Editor]

The revised zap code is basically finished, but I'm tryng to settle on
a question that is more a useability issue than anything.  In terms of
enabling/disabling certain zap commands, I have a couple options.
Anyone have any preferences or input?

Question 1. Enabling zap commands

Option 1).  Put various kinds of commands in separate modules.
Download them and enable them in local config files.  zap
automatically detects and uses them when they are available.  Probably
the cleanest and simplest approach.

Option 2).  Put most of the commands in zap and require a separate
configuration line before unlocking certain (sets of) commands.
Requires only one download.  Modules can still be added for custom
applications.

Option 3).  Same as above, except use input fields on attribute pages
to enable the various commands.  The advantage of this, is you can
restrict to specific individuals, passwords, or groups.  It also
requires minimal editing of the config files.

Question 2.  Default permission levels

I'm also wondering how I should set the default permissions levels.
If I set them by default for highest security, and then require an
admin to reset them as needed, they may not grasp how to do this at
first, and have problems getting zap to work.  (Seems to be a common
problem).  On the other hand, if I set everything wide open, it will
be easier for them to get their forms working, but they may fail to
tighten their security and have security vulnerabilities.  I did
notice PmWiki is set to be pretty open out of the box, so maybe that
is the way to go.

Any thoughts?

Cheers,
Dan