[pmwiki-users] UserAuth2 : Working with ZAP?
Dean Staub
dean at staub.id.au
Tue Dec 11 17:03:23 CST 2007
ThomasP wrote:
> On Sun, December 9, 2007 2:52 am, Dean Staub wrote:
>
>> First, Thank you Thomas for your work on the new module. It is a huge
>> improvement over the former system - well done.
>>
>> I do however have a few small problems that I need to get to the bottom
>> of. I have for example the latest version of ZAP installed and I can't
>> get it to work.
>> It says "You are not authorized to submit this form." and the test
>> button function does nothing. How do I get around this?
>>
>> Another issue is I can't seem to access the Attribute pages when I am
>> logged in as Admin. I understand this is not usually necessary, but in
>> the case of Zap which adds a privilege to the attributes page I cant set
>> it to no password (or clear it) This may have come from previous
>> settings in the Attributes pages prior to installing your module.
>>
>>
>
> Hi, thanks.
>
> I remember to have scrapped the "attr" level altogether (since no
> attribute pages had sense in my module), but one can simply reintroduce it
> as the the pure editing of the attribute pages will have no adverse effect
> on the functioning of module. One will have to establish some action-level
> mapping like
>
> attr => admin
>
> (if you have a single admin setup), or rather something more elaborate
> otherwise (unless you want every admin to access attribute pages).
>
> The form submitting in ZAP will demand some more effort, as I have not
> used it myself before. A good starting point is to download the debug
> function from my profile page and use the built-in logging calls to look
> at what privilege is actually requested and denied. I can walk you through
> this in case you come across a stumbling stone.
>
> More or less the following:
>
> - download debug.php, put in cookbook dir
> - activate it in the local/config.php
> - set as the event that you want to observe "USAU"
> - go to the TryAccessingPage() in userauth2.php and uncomment every
> logging that might be interesting
> - sprinkle the code (after the append calls) with flushUA2ErrorLog()
> calls. [This would have usually been cared for by an exit handler.]
>
> I'm sure that this will lead us to the right info.
>
> Thomas
>
>
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>
>
Hi Thomas, thanks for your response.
I have found some time to follow your instructions above.
The results of your debug output are as follows for the error accessing
a zap function;
2007-12-12 09:18:56 EST USAU Someone trying to access page
Site.ZAPConfig at level read.
2007-12-12 09:18:56 EST USAU Site.ZAPConfig is a content page: yes
2007-12-12 09:18:56 EST USAU Access to Site.ZAPConfig at level read
granted.
--------------------------------------------------------------------------------
2007-12-12 09:19:22 EST USAU Warning: Someone asking for permission
for unknown level 'zap'. Refused.
and for accessing the attribute page I get;
2007-12-12 09:49:16 EST USAU Someone trying to access page
Site.ZAPConfig at level attr.
2007-12-12 09:49:16 EST USAU Site.ZAPConfig is a content page: yes
2007-12-12 09:49:17 EST USAU Access to Site.ZAPConfig at level attr
NOT granted.
2007-12-12 09:49:17 EST USAU Current cache utilization: 26 perm
queries, 0 user recs, 1 group recs, 0 ip range recs.
2007-12-12 09:49:17 EST USAU In total 1 uncached perm record loads, 1
uncached perm queries.
I'm sorry, I am no expert at php, just a bit of a hacker, otherwise I
would invest some time into trying to solve it myself.
(I have a single admin setup)
If you could lead me in the right direction here, I would be most
greatful to test any ideas you have.
Also just a note about your Debug.php script, I had to also add the line
$EnableDebug = 1; for it to work (I didn't see it mentioned on your
profile page :-) )
Dean
This email and any attachments are confidential. They may contain
legally privileged information or copyright material. You should not
read, copy, use or disclose them without authorization. If you are not
an intended recipient, please contact us at once by return email and
then delete both messages. We do not accept liability in connection with
computer virus, data corruption, delay, interruption, unauthorized
access or unauthorized amendment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20071212/8137744e/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dean.vcf
Type: text/x-vcard
Size: 165 bytes
Desc: not available
Url : /pipermail/pmwiki-users/attachments/20071212/8137744e/attachment.vcf
More information about the pmwiki-users
mailing list