[pmwiki-users] Zap Group Site Bocked
Ben Stallings
ben at interdependentweb.com
Thu Nov 22 09:39:27 CST 2007
The Editor wrote:
>> 2) Cause the register and login functions to actually use the page
>> designated in ZAPConfig as Login: (as the documentation claims they
>> do),
>> instead of the one designated as Profiles: (as they actually do).
>
> To get it to use a different group, you have to put something like this
> in Site.ZAPConfig:
>
> Profiles: Login
>
> The code is found in the zaptoolbox.php, line 318. Can you verify that
> this is not working? Or did you perhaps do something slightly
> different?
No, what you say above works fine. It's just that the documentation
says you should write
Login: Login
and that does nothing, because the program doesn't check a Login
variable, only Profiles.
> In beefing up the security of ZAP I changed it from putting everyting in
> ZAPConfig, to putting the commands control and the target controls in
> separate pages. From your email I'm assuming you are still trying to put
> these controls in Site.ZAPConfig... Note these from the comments in the
> zap.php code (starting around line 337).
>
> ## This function is used to check various kinds of permissions in
> ZAP--namely commands and targets
> ## ZAPauth('edit', 'Test.Main', 'Commands') will verify whether or not
> the edit command is allowed for page Test.Main
> ## ZAPauth('Test.One', 'Test.Two', 'Targets') verifies whether a form on
> Test.One can write to Test.Two
> ## The permissiable values are all set on Site.ZAPCommands or
> Site.ZAPTargets as normal PTV's
You know that, and I used to know that, and now I know it again (thank
you) but the documentation doesn't know that, and so nobody who reads
the documentation knows that. The docs still say that all that info
goes in ZAPConfig, and if you do what it says it doesn't work. I'll
change it.
> Eh, I'm willing to offer a tip or two but I can't really keep this up
> either. Perhaps if you do make these changes to your local copy you
> could upload that...
I will change the program, eventually, but in the meantime I'll stick to
correcting the documentation in the ZAP CMS bundle I'm working on, so
that at least the documentation will match the code.
Thanks for the feedback, Dan. --Ben S.
More information about the pmwiki-users
mailing list