Piotr Przybylski a écrit :
Yes, config file has a key 'UserprefsDisallow', which contains names of values that users cannot override. Also, setup script has checkboxes (next to each option) which allow to modify this. Settings in 'UserprefsDisallow' are marked as DISABLED in user preferences (and are listed in Blacklist section of my debug message).
Great!
In addition to disabling options, some are only partially editable by users. Namely:
- MaxDbList, MaxTableList, QueryHistoryMax - users can set values
which are equal to or lower than the one hardcoded in config.*.php
- AllowUserDropDatabase, UseDbSearch, QueryHistoryDB, ShowPhpInfo,
ShowChgPassword - these can be only disabled (changed from true to false), enabling them is impossible for users
Both cases above are marked by an icon with comment in setup script.
I don't find intuitive that for some options, a checkmark means true and that for others, it means false (I know that you displayed "disable" but it requires more reflexion from the users).
The only alternative I can think of, would require a js-enabled browser to block enabling the option.