RE: [gbd-dev] Global and local settings
Status: Beta
Brought to you by:
mccabe
From: Aaron M. <wmc...@ho...> - 2005-06-27 00:40:35
|
I think you covered everything and I think that the host and port override options should be separate. But will the user's localsettings file need to reside in the ServerScripts directory or could it exist elsewhere? Here are a couple of ideas. >* localsettings_{$user}.ini where $user is specified on http request and user overriding is enabled in global settings. I'm thinking that the regular user wouldn't typically have permission to write to the ServerScripts directory which might be owned by a more privileged user, for example, on a Linux server. I propose a /home/user/.gubed directory in which a user would place localsettings.ini. >* localsettings_{$user}.ini where $user is $_SERVER["REMOTE_USER"]. The HTTP authenticated user may not have an account on the server and so the sysadmin would likely have to create the localsettings file for the user in say a subdirectory of ServerScripts. The search would then be: * file specified on http request - if this is allowed in global settings * /home/$user/.gubed/localsettings.ini where $user is specified on http request and user overriding is enabled in global settings. * ServerScripts/localsettings/localsettings_{$user}.ini where $user is $_SERVER["REMOTE_USER"]. Thanks, Aaron McDonald ------------------------------------------------------------------------------------------------------------------------ Hello Here's an attempt to summarize the discussions on security, global and user settings, and temporary overriding of settings: 1) New setting items are added, * allow remote clients * enable developer help * allow user override on http request * allow settingsfile override on http request * allow host and port override on http request (or do we need separate settings for these?) These items will reside in a file 'globalsettings.php' which will work similar to how localsettings does today. This file will have the required comments to make sure the user understand what s/he enabling. 2) After this file is read, Gubed will optionally look for a user settings file but this file is not a php file but a config file (parse_ini_file helps here) so that only allowed settings can be changed. To find the correct user config file, Gubed will search in the following locations and take the first one it finds: * file specified on http request - if this is allowed in global settings * localsettings_{$user}.ini where $user is specified on http request and user overriding is enabled in global settings. * localsettings_{$user}.ini where $user is $_SERVER["REMOTE_USER"]. * localsettings.ini - is this really needed? 3) After the user settings is read, optionally host and port may be changed by the http request if this is allowed by the global settings. 4) The developer helper scripts are updated to only work if they are enabled. 5) We will have to remember that this must all work also when not using StartSession Did I forget anything? /Linus |