On 11/20/07, <b class="gmail_sendername">Ben Stallings</b> <<a href="mailto:ben@interdependentweb.com">ben@interdependentweb.com</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Dan wrote,<br>> And any serious security pages left in the site group that haven't been<br>> moved to siteadmin?<br><br>Well, since you ask, there's Site.ZAPConfig. :-) I'm still working on<br>my ZAP CMS bundle, and a few very minor items I would put on a wish list
<br>for ZAP include:<br><br>1) Move the ZAPConfig page from Site to SiteAdmin.</blockquote><div><br>
This is simply a question of doing a search and replace of
Site.ZAPConfig to SiteAdmin.ZAPConfig in the ZAPtoolbox. There are a
good number of calls to it in the various functions.<br>
<br>
</div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">2) Cause the register and login functions to actually use the page<br>designated in ZAPConfig as Login: (as the documentation claims they do),
<br>instead of the one designated as Profiles: (as they actually do).</blockquote><div><br>
To get it to use a different group, you have to put something like this in Site.ZAPConfig:<br>
<br>
Profiles: Login<br>
<br>
The code is found in the zaptoolbox.php, line 318. Can you verify that
this is not working? Or did you perhaps do something slightly
different? As I don't have a running copy of ZAP up anywhere, I
can't really confirm this... But it was working fine when I left
ZAP, as I was using it this way in my own setup.<br>
</div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">3) Fix the feature that disables ZAP extensions except on the pages<br>specified in ZAPConfig -- this feature does not appear to actually exist
<br>anywhere in the code in the current version of ZAP, as far as I can<br>tell, but it's still promised in the documentation. I know it used to<br>work, but it must have gotten lost in a revision of the recipe. At any
<br>rate I can't get it to work and can't find it in the code, which is<br>disconcerting.</blockquote><div><br>
In beefing up the security of ZAP I changed it from putting everyting
in ZAPConfig, to putting the commands control and the target controls
in separate pages. From your email I'm assuming you are still trying to
put these controls in Site.ZAPConfig... Note these from the comments in
the zap.php code (starting around line 337). <br>
<br>
## This function is used to check various kinds of permissions in ZAP--namely commands and targets<br>
## ZAPauth('edit', 'Test.Main', 'Commands') will verify whether or not the edit command is allowed for page Test.Main<br>
## ZAPauth('Test.One', 'Test.Two', 'Targets') verifies whether a form on Test.One can write to Test.Two<br>
## The permissiable values are all set on Site.ZAPCommands or Site.ZAPTargets as normal PTV's<br>
<br>
Note these pages also need to be moved to the SiteAdmin group.
Probably by just doing a search and replace of $SiteGroup to
$SiteAdminGroup. I would double check both zap and zaptoolbox, just to
be safe.<br>
</div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">These are extremely minor changes, and if I were willing to go on record<br>as maintainer of ZAP I would just find them and fix them, but since I'm
<br>not it's easier to change my bundle's copy of the documentation for now.</blockquote><div><br>
Eh, I'm willing to offer a tip or two but I can't really keep this up
either. Perhaps if you do make these changes to your local copy you
could upload that... <br>
<br>
</div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> So thanks for asking, Dan! ;-) Hope your other projects are coming<br>along well. --Ben
<br></blockquote></div><br>
Thanks Ben, you know what is doing great. :) In fact so well, I get
kind of bored at times. Having trouble finding problems to fix! Anyway,
miss the awesome user group around here. Always inspiring.<br>
<br>
Dan <br>