[pmwiki-users] UserAuth2 : Working with ZAP?

Dean Staub dean at staub.id.au
Tue Dec 11 17:03:23 CST 2007


ThomasP wrote:
> On Sun, December 9, 2007 2:52 am, Dean Staub wrote:
>   
>> First, Thank you Thomas for your work on the new module. It is a huge
>> improvement over the former system - well done.
>>
>> I do however have a few small problems that I need to get to the bottom
>> of. I have for example the latest version of ZAP installed and I can't
>> get it to work.
>> It says "You are not authorized to submit this form." and the test
>> button function does nothing. How do I get around this?
>>
>> Another issue is I can't seem to access the Attribute pages when I am
>> logged in as Admin. I understand this is not usually necessary, but in
>> the case of Zap which adds a privilege to the attributes page I cant set
>> it to no password (or clear it) This may have come from previous
>> settings in the Attributes pages prior to installing your module.
>>
>>     
>
> Hi, thanks.
>
> I remember to have scrapped the "attr" level altogether (since no
> attribute pages had sense in my module), but one can simply reintroduce it
> as the the pure editing of the attribute pages will have no adverse effect
> on the functioning of module. One will have to establish some action-level
> mapping like
>
> attr => admin
>
> (if you have a single admin setup), or rather something more elaborate
> otherwise (unless you want every admin to access attribute pages).
>
> The form submitting in ZAP will demand some more effort, as I have not
> used it myself before. A good starting point is to download the debug
> function from my profile page and use the built-in logging calls to look
> at what privilege is actually requested and denied. I can walk you through
> this in case you come across a stumbling stone.
>
> More or less the following:
>
> - download debug.php, put in cookbook dir
> - activate it in the local/config.php
> - set as the event that you want to observe "USAU"
> - go to the TryAccessingPage() in userauth2.php and uncomment every
> logging that might be interesting
> - sprinkle the code (after the append calls) with flushUA2ErrorLog()
> calls. [This would have usually been cared for by an exit handler.]
>
> I'm sure that this will lead us to the right info.
>
> Thomas
>
>
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>
>   
Hi Thomas, thanks for your response.

I have found some time to follow your instructions above.
The results of your debug output are as follows for the error accessing 
a zap function;

2007-12-12 09:18:56 EST  USAU  Someone trying to access page 
Site.ZAPConfig at level read.
2007-12-12 09:18:56 EST  USAU  Site.ZAPConfig is a content page: yes
2007-12-12 09:18:56 EST  USAU  Access to Site.ZAPConfig at level read 
granted.
--------------------------------------------------------------------------------
2007-12-12 09:19:22 EST  USAU  Warning: Someone asking for permission 
for unknown level 'zap'. Refused.

and for accessing the attribute page I get;
2007-12-12 09:49:16 EST  USAU  Someone trying to access page 
Site.ZAPConfig at level attr.
2007-12-12 09:49:16 EST  USAU  Site.ZAPConfig is a content page: yes
2007-12-12 09:49:17 EST  USAU  Access to Site.ZAPConfig at level attr 
NOT granted.
2007-12-12 09:49:17 EST  USAU  Current cache utilization: 26 perm 
queries, 0 user recs, 1 group recs, 0 ip range recs.
2007-12-12 09:49:17 EST  USAU  In total 1 uncached perm record loads, 1 
uncached perm queries.

I'm sorry, I am no expert at php, just a bit of a hacker, otherwise I 
would invest some time into trying to solve it myself.

(I have a single admin setup)

If you could lead me in the right direction here, I would be most 
greatful to test any ideas you have.

Also just a note about your Debug.php script, I had to also add the line 
$EnableDebug = 1; for it to work (I didn't see it mentioned on your 
profile page :-) )

Dean


               


This email and any attachments are confidential. They may contain 
legally privileged information or copyright material. You should not 
read, copy, use or disclose them without authorization. If you are not 
an intended recipient, please contact us at once by return email and 
then delete both messages. We do not accept liability in connection with 
computer virus, data corruption, delay, interruption, unauthorized 
access or unauthorized amendment.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20071212/8137744e/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dean.vcf
Type: text/x-vcard
Size: 165 bytes
Desc: not available
Url : /pipermail/pmwiki-users/attachments/20071212/8137744e/attachment.vcf 


More information about the pmwiki-users mailing list