Re: [Zope-dev] Call for a creation_datetime property!
"Jay, Dylan" wrote: It is really a painful thing to do without. I realize I can add this capability to factories of my own objects but I don't want to have to create my own versions of dtml-document and everything else just to ensure that a creation date is kept. I've tried using transaction logs but this is very dodgy for the following reasons. 1) An object can be created by many different methods. Its guess work working out which created the object. 2) The odb can be packed and then you've just lost your creation date. Can anyone give a good reason not to include this property as a standard for all ZODB objects? A me too here Rik ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Traversal Questions ;-)
Evan Simpson wrote: From: Chris Withers [EMAIL PROTECTED] It looks like REQUEST.steps is the replacement for PARENTS? Is that so? snip REQUEST.steps isn't PARENTS replacement Okay, so given that PARENTS is living in a 'deprecated' list on the Interfaces Wiki, what are we supposed to use instead?! Agreed. Jim pretty much mandated a name that (1) lives in 'other', rather than being an attribute, and therefore (2) is very, very unlikely to clash with other people's REQUEST variable names. I know there's gonna be good reason for this, but could someone explain it to me... "_SUPPRESS_SITEROOT" and/or "_SUPPRESS_ACCESSRULE" into your URL in order to turn off a single SiteAccess object (the one which would have triggered at that point in the URL). Oooo... is that documented anywhere? I didn't spend a whole lot of time fortifying it. It's just meant to be an example, after all. I wasn't expecting so many people to paste it into their applications without understanding what it does. :-) You'd be surprised... ...anyway, I thought you would have remembered given all the fun we had trying to get FTP access to work with SiteAccess ;-) cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Call for a creation_datetime property!
On Wed, 6 Sep 2000 09:58:44 +1100 , "Jay, Dylan" [EMAIL PROTECTED] wrote: It is really a painful thing to do without. I realize I can add this capability to factories of my own objects but I don't want to have to create my own versions of dtml-document and everything else just to ensure that a creation date is kept. I've tried using transaction logs but this is very dodgy for the following reasons. 1) An object can be created by many different methods. Its guess work working out which created the object. 2) The odb can be packed and then you've just lost your creation date. Can anyone give a good reason not to include this property as a standard for all ZODB objects? I wouldnt want to pay the overhead for every ZODB object, but it would be useful for those standard content-storage objects; Files, Images, and DTMLDocuments. I seem to remember a creation date is stored for PTK documents? Toby Dickenson [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZPatterns: DropZone example
Hi Steve, (and any others who might care to comment) I've been sorting through old ZPatterns email looking for inspiration and I came upon this: "Steve" == Steve Alexander [EMAIL PROTECTED] writes: Steve Hi folks, Steve I've been looking at the DropZone example Phillip Eby Steve provided on the ZPatterns Wiki. Steve http://www.zope.org/Members/pje/Wikis/ZPatterns/DropZoneExample Steve I've decided to start implementing it, so as to give myself Steve an educational experience in using ZPatterns. Did you get very far with this? I'm still working out the best way to get EMarket to work with ZPatterns in my copious spare time, and I've hit a question... in the original EMarket design Shopper, MarketItem, ShoppingBasket, and ShoppingBasketItem were all classes defined in Python. With ZPatterns I'm moving in a direction in which these will be replaced at runtime with customized objects that will merely play the *role* of Shopper, etc... I see how the data associated with these objects can be virtually provided using SkinScript etc... but I'm a little confused about the methods of these objects. PJE makes it very clear in his DropZone example (cited above) that when you allow objects to 'role play', they do not subclass from anything in particular, but rather just sort of 'drop in' and 'act like' any sort of object they need to, in order to get the job done. However, without subclassing... how do they get the Shopper methods? e.g., one EMarket method might be: aShopper.insertIntoShoppingBasket( mi=aMarketItem, quantity=qty ) One idea that occured to me was to make the specialists 'do' everything. ShopperManager.InsertItemIntoShoppersBasket(shopper=aShopper, mi=aMarketItem, quantity=qty), but this smells a little bit like the 'controller' paradigm that Coad et. al. are so opposed to... It seems like 'big brother' for the ShopperManager to be meddling with the individual items in a shopper's basket... but maybe that's the best way... Anyway.. just fiddling around and looking for ideas... thanks! -steve ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZPatterns: DropZone example
Hi Steve, "Steve" == Steve Alexander [EMAIL PROTECTED] writes: ShopperManager.InsertItemIntoShoppersBasket(shopper=aShopper, mi=aMarketItem, quantity=qty), Steve Seeing as the context is clearly ShopperManger (or Steve Shoppers), I don't think there's any need for such a long Steve method name. The context clearly involves shoppers and Steve baskets, so perhaps AddToBasket(shopper, item, qty) would Steve be clear enough? Yeah.. the long method name was to help clarify the meaning. ;-) Steve If anything, AddToBasket could be a method of MarketItem. Steve Item.addToBasketOf(Shopper). However, if Items live on Steve Shelves in Isles in a Shop, addToBasketOf could be a method Steve of the Shop, that gets found by acquisition from items in Steve the shop. And, perhaps we know who the Shopper is from the Steve AUTHENTICATED_USER of the REQUEST. Again... it seems to me that these objects aren't allowed to have methods, since that would require sub classing and according to my understanding sub classing is sort of a 'deprecated' approach. Maybe I'm missing something... I like your thought about the 'shop' being the best object responsible for handling the shopping baskets.. it's just a different way to slice the problem.. I could get used to it. ;-) thanks, -steve ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] ZDebug questions
Shane Hathaway wrote: http://www.zope.org/Members/hathawsh/ZDebug/index_html ZDebug is a set of patches to Zope that help in the deciphering of DTML errors and authorization exceptions. Because this is the first release, remember to make a backup before installing. Saw the screenshots and thought "this looks amazingly useful" :-) It was, but, the version from the tarball doesn't seem to match up quite with: http://www.zope.org/Members/hathawsh/ZDebug/example Using your sample 'bad' DTML, I got the same but the 'Contains name?' column didn't show up :-( Any ideas? (yes, I was tracking down a security exception, and that column may have been really useful ;-) ...speaking of which, this is related to the following PTK Tracker Issue: http://www.zope.org/Products/PTK/Tracker/110 while Andy and I were playing with some stuff, we managed to make ZDebug cry by giving the discussion_thread_view DTML method the 'Member' proxy role and then viewing it from a Member's toolbox (what's the new name for that?) on the left: Error Type: TypeError Error Value: not all arguments converted (if any more details would be helpful, please drop either of us a mail, traceback in ps) Well, thanks for the product, it looks like being _extremely_ useful :-)) Keep up the awesome work! Urm, I'm sure it's the community who should be saying that to you :P Chris PS: Traceback (innermost last): File E:\Zope\227194~1.0\lib\python\ZPublisher\Publish.py, line 222, in publish_module File E:\Zope\227194~1.0\lib\python\ZPublisher\Publish.py, line 187, in publish File E:\Zope\227194~1.0\lib\python\Zope\__init__.py, line 221, in zpublisher_exception_hook (Object: index_html) File E:\Zope\227194~1.0\lib\python\ZPublisher\Publish.py, line 171, in publish File E:\Zope\227194~1.0\lib\python\ZPublisher\mapply.py, line 160, in mapply (Object: discussion_thread_view) File E:\Zope\227194~1.0\lib\python\ZPublisher\Publish.py, line 112, in call_object (Object: discussion_thread_view) File E:\Zope\227194~1.0\lib\python\OFS\DTMLMethod.py, line 167, in __call__ (Object: discussion_thread_view) File E:\Zope\2.2.0\lib\python\Products\ZDebug\DTMLLocator.py, line 103, in __call__ (Object: discussion_thread_view) File E:\Zope\227194~1.0\lib\python\DocumentTemplate\DT_String.py, line 502, in __call__ (Object: discussion_thread_view) File E:\Zope\2.2.0\lib\python\Products\ZDebug\DTMLDebug.py, line 259, in debug_render_blocks File E:\Zope\2.2.0\lib\python\Products\ZDebug\DTMLDebug.py, line 179, in debugException (Object: title) File E:\Zope\227194~1.0\lib\python\OFS\DTMLMethod.py, line 189, in validate (Object: discussion_thread_view) File E:\Zope\227194~1.0\lib\python\AccessControl\SecurityManager.py, line 139, in validate File E:\Zope\2.2.0\lib\python\Products\ZDebug\DebugSecurityPolicy.py, line 234, in validate TypeError: (see above) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] TCPWatch How-To
Shane Hathaway wrote: TCPWatch is a simple Python script that lets you monitor a TCP connection. ...now this really is extremely useful to me, but not for Zope ;-) However, it did take me a while to wrap my head around it. So here's a little How-To/Example (If anyone thinks I should do this as a How-To on Zope.org, just let me know...) 1. Run up Zope on you local machine on port 8080 2. Set the following off in an appropriate shell: python tcpwatch.py 9080 localhost 8080 3. Point a browser at localhost:9080 Now, the tkinter window that pops up will show you a list of TCP connections that happen and when they started. If you click on them you get shown all the data which was sent to the server (preceded by '==') and to the client (preceded by '==') as well as the times the connections opened and closed (could be very useful for spotting connections that Zope, or anything else, leaves open longer than it should) This is a very cool little tool :-) Many thanks, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Python 1.6, Expected node type 12, got 312
Hi, Clean build of Python 1.6 (downloaded immediately following release notification), clean build of Zope-2.2.1-src; Accessing /manage brings an error in gparse.py, line 293 (ast=sequence2ast) , "Expected node type 12, got 312". Anyone else seeing this? Anyone know what it means? Naturally, everything is just fine when built on Python 1.5.2. And Zope is marvellous. John Hayward-Warburton [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: ZDebug questions
Chris Withers wrote: Using your sample 'bad' DTML, I got the same but the 'Contains name?' column didn't show up :-( Any ideas? (yes, I was tracking down a security exception, and that column may have been really useful ;-) My guess is you're using Zope 2.1.6. ZDebug doesn't have a way to figure out what DTML method is being called in Zope 2.1.6. Strange but true. So it shows what it can. The 2.2.x security context stack is used to figure it out in 2.2.x. (Which is still a hack. :-/ ) ...speaking of which, this is related to the following PTK Tracker Issue: http://www.zope.org/Products/PTK/Tracker/110 while Andy and I were playing with some stuff, we managed to make ZDebug cry by giving the discussion_thread_view DTML method the 'Member' proxy role and then viewing it from a Member's toolbox (what's the new name for that?) on the left: Error Type: TypeError Error Value: not all arguments converted Oops! Try this patch (I left out a "%s"): === RCS file: /cvs-repository/Packages/Products/ZDebug/DebugSecurityPolicy.py,v retrieving revision 1.2 diff -u -r1.2 DebugSecurityPolicy.py --- DebugSecurityPolicy.py 2000/09/04 19:23:58 1.2 +++ DebugSecurityPolicy.py 2000/09/06 14:04:32 @@ -234,8 +234,8 @@ info = 'The proxy roles set for ' \ '%s do not allow access to %s, which is ' \ 'contained in %s. The proxy roles would ' \ - 'have to include one of the following roles:' \ - % ( + 'have to include one of the following ' \ + 'roles: %s' % ( getCleanPath(eo), cleanupName(name, value), getCleanPath(container, value), tuple(roles)) Well, thanks for the product, it looks like being _extremely_ useful :-)) Thank you. I know when I was new to Zope this would have been tremendously useful. Now it's useful because it should help people solve problems on their own rather than having to post to the list. Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] TCPWatch How-To
Chris Withers wrote: Shane Hathaway wrote: TCPWatch is a simple Python script that lets you monitor a TCP connection. ...now this really is extremely useful to me, but not for Zope ;-) However, it did take me a while to wrap my head around it. So here's a little How-To/Example (If anyone thinks I should do this as a How-To on Zope.org, just let me know...) 1. Run up Zope on you local machine on port 8080 2. Set the following off in an appropriate shell: python tcpwatch.py 9080 localhost 8080 I thought about writing a server-starter GUI so that command line wouldn't even be necessary. But I decided I like TCPWatch how it is already. It's simple and to the point. 3. Point a browser at localhost:9080 Now, the tkinter window that pops up will show you a list of TCP connections that happen and when they started. If you click on them you get shown all the data which was sent to the server (preceded by '==') and to the client (preceded by '==') as well as the times the connections opened and closed (could be very useful for spotting connections that Zope, or anything else, leaves open longer than it should) This is a very cool little tool :-) It should work with most TCP protocols including smtp, imap, pop-3, ssh, ZEO, and even that new multi-stream protocol announced recently. It might have troubles with ftp, however. BTW it uses decimal rather than octal to encode control characters, which doesn't follow the "standard" but rather my own preference. :-) It should probably be a command-line option. Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Python 1.6, Expected node type 12, got 312
On Wed, 06 Sep 2000 13:48:09 +, "John Hayward-Warburton (Programming account)" [EMAIL PROTECTED] wrote: Hi, Clean build of Python 1.6 (downloaded immediately following release notification), clean build of Zope-2.2.1-src; Accessing /manage brings an error in gparse.py, line 293 (ast=sequence2ast) , "Expected node type 12, got 312". Anyone else seeing this? Anyone know what it means? Yes, there was a bug in pythons parser module. If you are deperate to use 1.6 then you will need to compile an old copy of parsermodule.c. However, I recommend using the current CVS of python 2.0. This (and other) bugs have been fixed relative to 1.6 Toby Dickenson [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] CalendarTag, year mode image
Hi all, I'd like to release the 0.9.21 version of the CalendarTag soon, but first I want to change the year mode image, currently it's an "Y" which is not very international, I'd like to see a language neutral image. The interface of the CalendarTag is based in the Palm Pilot, but the Palm III I've here lacks the year mode, I think the Palm VII has. Could somebody send me an international image for the CalendarTag year mode? Thanks in advance, david ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] (no subject)
Ok I'm going over most of the ZPatterns stuff again. It seems simple enough. Yet I can't seem to put a specialist and a dataskin based ZClass in a product folder and get them to do anything persistently. I've been through all of the tutorials and can't seem to get anything to click. You know things like do I create and call a trigger or the propertysheet. When I create the methods inside the specialist I can't access the DataSkin ZClass. I have it setup as the storage class. Is it alright to post these kinds of questions here? Also on the note of subjects and Gen-spec. It seems most of the stuff for Zope like the PTK and ZODB stuff I see is class based and not whole/part patterns stuff. How about a simple Diagram from those that understand it in Coad OOA terms. I know that there is one already but how about in terms of the very basic objects like a folder, specialist, and Zclass. Thanks, Jimbo Get your Free E-mail at http://tacoma.zzn.com Get your own Web-Based E-mail Service at http://www.zzn.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Acquisition in a DTML Tag
"Brett" == Brett Carter [EMAIL PROTECTED] writes: Brett I've defined my own dtml tag (i.e. dtml-foo/dtml-foo) Brett and I am trying to look up an object depending on the Brett arguments passed to my tag. The python class that defines Brett the tag inherits from Acquisition.Implicit, but 'self' Brett doesn't contain any of the Acquisition hiarchy. It seems Brett like this must be possible, since the dtml-var tag must Brett have to do an object lookup somewhere for objects passed to Brett it to render. Can anybody shed some light on this? Is it Brett doable? TIA -Brett Ok, So after some *major* hacking, i've realized that the 'md' passed into the render() method of my dtml tag contains the namespace, and is of type 'TemplateDict' which appears to contain a stack of 'MultiMapping's. Weird. Well, anyways, I just used the 'has_key' and 'getitem' methods to lookup my item. The question now is how do I create a new object in the current namespace? It looks like the TemplateDict is a read-only type of data structure. Anybody? TIA -Brett ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] PARENTS
Chris Withers wrote: From http://www.zope.org/Members/michel/Projects/Interfaces/PublisherRequest: Deprecated attributes: - PARENTS What are we supposed to use instead now? Glancing it over .. perhaps: steps: list of names traversed. ?? -- Do not meddle in the affairs of sysadmins, for they are easy to annoy, and have the root password. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope] ANN: want to localize your pages and/or zope?
Hi, last night I realized my finger-trainnig called VaryTag :-) I talkt about it at EuroZope meeting in paris, but lost my old implementation during deleting of old zope instances. So it took me 3.5h to rewrite it from scratch. This time it works according to rfc2616 (HTTP/1.1). Its just one solution for serving multi language documents, but it works very well. I will soon localize the current zope with it as well as our websites will be localized. Its easy to use, just look at http://www.zope.org/Members/tino/Vary%20tag/readme/ Sorry for the ugly url with space, it was deep in the night ;-) Unfortunately zope.org has not installed the product already, so I was not able to give the readme in different languages .-)) Best regards Tino Wildenhain ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] supplemental group ids (Linux)
Kip Rugger wrote: Bill Anderson [EMAIL PROTECTED] wrote: Kip Rugger wrote: Chris McDonough [EMAIL PROTECTED] wrote: Aplogies for the ignorance, but can you maybe explain the concept of supplemental group ids and give an example of how the current unpatched behavior could be subverted? I can try... Supplemental gids are useful for allowing a user to belong to more than one group, or maybe to more than one project in normal parlance. This is normally effected by listing the uid opposite more than one group in /etc/group. The login process issues the initgroups(3) call to install these supplemental groups, which are inherited by all processes forked from the login shell. The problem is comes when you change user ids; for example what I saw with Zope (start -u nobody) was: before change after change = user id root nobody group idroot nobody sup id(s) root root Would you mind describing how you determine this? [/proc] $ cat /proc/90/status Name: junkbuster State: S (sleeping) Pid:90 PPid: 1 Uid:101 101 101 101 Gid:101 101 101 101 Groups: 101 -- supplemental groups On my machine 101 is uid and gid for nobody; as you can see junkbuster is correctly sandboxed. For unmodified Zope, you'll see a zero in the indicated line (or possibly several values if root belongs to several groups like `wheel' on your system). OK, something is not quite right here. On my unmodified zope, it is properly 'sandboxed'. Perhaps it is the use of the explicit '-u nobody'? I don't do that on my system, which causes Zope to run as nobody implicitly. (When started as root, unless told otherwise, zope will switch to nobody). Try running without the 'u nobody switch, and see what happens. Just out of curiousity. -- Do not meddle in the affairs of sysadmins, for they are easy to annoy, and have the root password. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Form Validation
Hi, I see you can let Zope do basic form validation for you by appending ":string" or ":int" to your form name. The error messages that are displayed are not that clear, however. How can I get more control over what happens when an error occurs? (e.g. I'd like to be able to get back a list/ditionary of errors instead of handling them one by one) Where can I get documentation on all the built-in form validation options at my disposal? (e.g. a field may not be required, but if it is filled in it has to be an integer) Is Zope's built-in form validation sufficient for a complex system? Are there better ways to do form validation? I saw a php program on freshmeat.net the other day that supposedly generates forms complete with client and server-side validation. Do we have a similar product in Zope? Thanks, Andreas. -- In a world without fences, who needs gates? ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] re module through the web security
Chris McDonough wrote: There's the perception at DC that 're' isn't appropriate for through-the-web usage because it's possible to write and use regex that sends the Python interpreter thread it's operating within into a neverending loop. Sorry. Am I the only one who thinks this is silly? One of Zope's key strengths is its granular security, right? So why isn't it the reponsibility of the site designer/maintainer/owner/whatever to ensure that only people he trusts have the ability to write DTML? It seems like that perception is hobbling Python Methods, in particular, by removing useful stuff like the re module because the assumption is being made that people editing TTW code will be untrusted. IMH(umble), either you don't have confidence in Zope's security, or you're assuming your users are stupid (that may be fair for a lot of us, but still ;-) Comments? :-) Chris ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Tracker weirdness
Hi everyone :-)
I am trying (desperately) to use a Tracker on my own site. So I checked one out
of CVS and started using it.
I created some users for my website with their very own roles.
Now when one of those users tries to view the issues listed in the Tracker
(like someone would do on www.zope.org) we just get an error:
(sorry about the lenghty posting)
-
Unauthorized
You are not authorized to access issueSummaryRows.
Traceback (innermost last):
File /usr/local/Zope-2.2.0-linux2-x86/lib/python/ZPublisher/Publish.py, line 222,
in publish_module
File /usr/local/Zope-2.2.0-linux2-x86/lib/python/ZPublisher/Publish.py, line 187,
in publish
File /usr/local/Zope-2.2.0-linux2-x86/lib/python/ZPublisher/Publish.py, line 171,
in publish
File /usr/local/Zope-2.2.0-linux2-x86/lib/python/ZPublisher/mapply.py, line 160,
in mapply
(Object: index_html)
File /usr/local/Zope-2.2.0-linux2-x86/lib/python/ZPublisher/Publish.py, line 112,
in call_object
(Object: index_html)
File /usr/local/Zope-2.2.0-linux2-x86/lib/python/OFS/DTMLMethod.py, line 167, in
__call__
(Object: index_html)
File /usr/local/Zope-2.2.0-linux2-x86/lib/python/DocumentTemplate/DT_String.py,
line 502, in __call__
(Object: index_html)
File /usr/local/Zope-2.2.0-linux2-x86/lib/python/DocumentTemplate/DT_Let.py, line
147, in render
(Object: criteria="{'type': 'tracker_issue'}"
default_batch_size="trackerpref(pref='batch_size', default=10,
REQUEST=REQUEST)"
refine_defaults="[('refine_show', 'Close Advanced Search'),
('refine_type', 'strict'),
('any', ''),
('public', 'ON'),
('private', 'ON'),
('requester', []),
('supporter', []),
('priority', []),
('stage', ['pending', 'accepted']),
('batch_size', default_batch_size)]"
init="(not REQUEST.get('refine_mode', ())
or REQUEST.get('refine_vanilla', ()))"
type="(((REQUEST.get('refine_show', ())
== 'Close Advanced Search') and 'simple')
or ((REQUEST.get('refine_show', ())
== 'Open Advanced Search') and 'elaborate')
or REQUEST.get('refine_mode', 'simple'))"
didb="_.has_key('did_basic')"
didt="_.has_key('did_traitvalues')"
topp="REQUEST.get('topprev', 0)"
topn="REQUEST.get('topnext', 0)"
topc="REQUEST.get('topbatchchange', 0)"
topretain="REQUEST.get('topbatchretain', 0)"
top="(topp or topn)"
botp="REQUEST.get('bottomprev', 0)"
botn="REQUEST.get('bottomnext', 0)"
botc="REQUEST.get('bottombatchchange', 0)"
botretain="REQUEST.get('bottombatchretain', 0)"
bot="(botp or botn)"
batch_last_start="REQUEST.get('batch_last_start', 0)"
batch_last_end="REQUEST.get('batch_last_end', 0)"
cur_batch_size="_.max(1,
((top and REQUEST.get('batch_size_top', 0))
or (bot and REQUEST.get('batch_size_bottom', 0))
or (topc and REQUEST.get('batch_size_top', 0))
or (botc and REQUEST.get('batch_size_bottom', 0))
or REQUEST.get('batch_size', default_batch_size)))
or 15"
direction="((topp or botp) and -1)
or ((topn or botn) and 1)
or 0")
File /usr/local/Zope-2.2.0-linux2-x86/lib/python/DocumentTemplate/DT_Let.py, line
147, in render
(Object: got="issuesSearch(this(), criteria, REQUEST=REQUEST)"
currents="got[0]"
numpriors="got[1]"
numafters="got[2]"
totmatches="_.len(currents) + numpriors + numafters"
simple="REQUEST.get('refine_show', ()) == 'Close Advanced Search'")
File /usr/local/Zope-2.2.0-linux2-x86/lib/python/DocumentTemplate/DT_With.py, line
133, in render
(Object: _(isr = currents[0].issueSummaryRows,
elements=currents))
File /usr/local/Zope-2.2.0-linux2-x86/lib/python/DocumentTemplate/DT_Util.py, line
337, in eval
(Object: _(isr = currents[0].issueSummaryRows,
elements=currents))
(Info: currents)
File string, line 0, in ?
File /usr/local/Zope-2.2.0-linux2-x86/lib/python/DocumentTemplate/DT_Util.py, line
140, in careful_getattr
File /usr/local/Zope-2.2.0-linux2-x86/lib/python/OFS/DTMLMethod.py, line 189, in
validate
(Object: index_html)
Re: [Zope] re module through the web security
i for my part think it makes sense. not just from a security standpoint (think of those sites that allow members who are not necessarily hand-picked to write DTML or attempt to do so) but also from a knowledge level standpoint. who wants their site crashed just because the new programmer doesn't know how to use that re functionality correctly? looking back at all the products and projects i have been involved in i did not have to use the re module a single time. as you know, you can still use the whole module in zope code that resides on the filesystem, like in products or in external methods. i'd rather be inconvenienced once every few months than basically invite denial of service attacks. jens Jens Vagelpohl The VW Type 4 on the Web: http://www.type4.org on 9/6/00 5:43, Chris Withers at [EMAIL PROTECTED] wrote: Chris McDonough wrote: There's the perception at DC that 're' isn't appropriate for through-the-web usage because it's possible to write and use regex that sends the Python interpreter thread it's operating within into a neverending loop. Sorry. Am I the only one who thinks this is silly? One of Zope's key strengths is its granular security, right? So why isn't it the reponsibility of the site designer/maintainer/owner/whatever to ensure that only people he trusts have the ability to write DTML? It seems like that perception is hobbling Python Methods, in particular, by removing useful stuff like the re module because the assumption is being made that people editing TTW code will be untrusted. IMH(umble), either you don't have confidence in Zope's security, or you're assuming your users are stupid (that may be fair for a lot of us, but still ;-) Comments? :-) Chris ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] WOWDamn !! ZopeNewbies wakeup
This is for any+all of you new to Zope.. and for those like me who have been struggling with DMTL for too long. I just found a perfect *gemstone* burried in 'Chapter6 - Advanced DTML' of the online sample of the O'Reilly Zope Book at http://www.zope.org/Members/michel/ZB/AdvDTML/view """ The REQUEST namespace is very useful in Zope since it is the primary way that clients (in this case, web browsers) communicate with Zope by providing form data, cookies and other information about themselves. A very simple and enlightening example is to simply print the REQUEST out in an HTML page: dtml-var standard_html_header dtml-var REQUEST dtml-var standard_html_footer Try it...beautiful and yes very enlightening. This should be on www.zope.org PageZero in my opinion I never saw a single line of ZopeDTML which so well demonstrates what it is capable of and why it _is_ cool when you know what to type. Get this book in Print asap please! thanks - Jason PS. Be warned: 8-() if you try put the code above in a DTML methods named 'showREQUEST' or 'show_REQUEST' it will not work = 'Id already in use' Jason CUNLIFFE = NOMADICS.(Interactive Art and Technology).Design Director ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] re module through the web security
Hi, Chris Withers wrote: Chris McDonough wrote: There's the perception at DC that 're' isn't appropriate for through-the-web usage because it's possible to write and use regex that sends the Python interpreter thread it's operating within into a neverending loop. Sorry. Am I the only one who thinks this is silly? One of Zope's key strengths is its granular security, right? So why isn't it the reponsibility of the site designer/maintainer/owner/whatever to ensure that only people he trusts have the ability to write DTML? It seems like that perception is hobbling Python Methods, in particular, by removing useful stuff like the re module because the assumption is being made that people editing TTW code will be untrusted. IMH(umble), either you don't have confidence in Zope's security, or you're assuming your users are stupid (that may be fair for a lot of us, but still ;-) Comments? :-) I think the granularity could be finer. If one could give some users access to more 'riscy' modules and some not, it schould be sufficient. I schould write a proposal for thru the web python products... *g* Greetings Tino ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] 'showREQUEST' or 'show_REQUEST' ?
Jason Cunliffe wrote: PS. Be warned: 8-() if you try put the code above in a DTML methods named 'showREQUEST' or 'show_REQUEST' it will not work = 'Id already in use' That's a little weird... Can anyone shed any light on this? cheers, Chris ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Underscore Caracter
Tino Wildenhain wrote:
Turn "asd_asd" into "asd asd" and output:
dtml-var "_.string.join(_.string.split('asd_asd', '_'))"
I've seen this on plenty lines of digicools code and wondered
about if this is more efficient then using just string.replace()
?
I would say string.replace() should be a bit faster.
I think the reasons may be historical. For a long time the Zope
documentation listed the join and split members of the string
module, but whoever wrote the documentation the first time around
missed out replace. So anyone coming at Zope from the DTML
direction is likely not to spot the replace method.
Calling _.string.replace requires two attribute lookups and one
python method call. replace itself requires zero or one memory
allocation for the result.
Calling join/split requires four attribute lookups, two python method
calls and n+3 memory allocations where n replacements are made
(1 allocation when n is 0).
So I agree, replace should be faster, although given everything else
that is going on, unless you do a lot of them you probably won't
notice.
--
Duncan Booth [EMAIL PROTECTED]
int month(char *p){return(124864/((p[0]+p[1]-p[2]0x1f)+1)%12)["\5\x8\3"
"\6\7\xb\1\x9\xa\2\0\4"];} // Who said my code was obscure?
http://dales.rmplc.co.uk/Duncan
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] [ANN] Whois Tools for Python Zope
Just a small package that some people may find useful. When used with Zope, it creates a dtml-whois tag that does a whois lookup on a variable. For example: pre dtml-whois "'zope.org'" /pre Will result in: Whois Server Version 1.1 Domain names in the .com, .net, and .org domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: ZOPE.ORG Registrar: NETWORK SOLUTIONS, INC. Whois Server: whois.networksolutions.com Referral URL: www.networksolutions.com Name Server: NS02.CODEIT.COM Name Server: NS1.DIGICOOL.COM Updated Date: 22-feb-1999 Last update of whois database: Tue, 5 Sep 00 05:04:09 EDT The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and Registrars. You can also explicitly specify a server to contact. Download it from: http://www.zope.org/Members/Dom2/whoistools/ Please let me know if you find it useful or find bugs. -Dom ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] acl_users mystery
Howdy! I had a strange problem today: I added a Role "User" in the root's security tab and gave it a couple of permissions. But further down the tree in /de/support where in the acl_users folder I added a user with the role 'User' the permissions where not acquired (until set manually in the /de/support security tab I couldn't log in) although 'Acquire permission settings' was turned on all the way down the tree. Very mysterious. Did I misunderstand the whole idea or is there something wrong? (Zope 2.1.6) Ragnar ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Underscore Caracter
On Tue, 5 Sep 2000 20:23:47 -0600, "T.J. Mannos" [EMAIL PROTECTED] wrote: Now, who do I have to beat up to get the 're' module added to the namespace variable??? :) Not a good idea its too easy for a buggy regex to eat up lots of memory and processor time. Toby Dickenson [EMAIL PROTECTED] ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] problem with virtualhosts
Hi all, My server is running with Zope 2.1.6 and SiteAccess 1.0.1. I followed the instructions of the very clear how-to created by Anser. But it there is one problem which I can't solve. I want to serve pages with Apache and with Zope. The url to serve pages with Zope should be: www.myserver.nl/z In the root of Zope I add a subfolder called mysubfolder. This folder should be the siteroot of this site. This is the configuration of my httpd.conf; ServerName www.myserver.nl NameVirtualHost 12.345.67.890 VirtualHost 12.345.67.890 ServerName www.myserver.nl DocumentRoot /home/httpd/html ProxyPass /z http://www.myserver.nl:8080/mysubfolder ProxyPassReverse /z http://www.deeldrie.nl:8080/deeldrie ProxyPass /misc_ http://www.myserver.nl:8080/misc_ ProxyPass /p_ http://www.myserver.nl:8080/p_ /VirtualHost In 'mysubfolder' in Zope I added the following SiteRoot object: title: (ignored) base: http://www.myserver.nl/z path: / Till here everything goes fine. The url www.myserver.nl/z shows the correct pages. But the problem is in the management interface of Zope. The generated url in the main section of the management interface doesn't work anymore: Instead of sending the browser to www.myserver.nl/z/mysubfolder/mysubsubfolder, it is sending the browser to: www.myserver.nl/mysubfolder/mysubsubfolder which can't be found. I spent several days to solve this but I didn't found a solution. Can somebody please help me out with this problem? regards, Wouter ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] correction (problem with virtualhosts)
This is a correction for my last entry at the mailing list: problem with virtualhosts. The line: ProxyPassReverse /z http://www.deeldrie.nl:8080/deeldrie should be in this example: ProxyPassReverse /z http://www.myserver.nl:8080/myserver regards, Wouter ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Lock and Transaction in Zope.
I think I know how to manage transactions in Zope, but I don't
know how to lock Zope resources for multiple requests.
For example :
I have a DTML Method, called "transac1", which looks like this
:
dtml-if "var==0" dtml-call
wait_10_seconds "waiting 10 seconds..." dtml-call
"manage_editProperties({'var':1})"/dtml-if
wait_10_seconds is an External Method that sleeps for 10
seconds.
In the other hand, I have another method, called "transac2"
:
dtml-if "var==0" dtml-call
"manage_editProperties({'var':2})"dtml-else
dtml-call
"manage_editProperties({'var':3})"/dtml-if
In the parent Folder, there's a property called "var" which I
use in these methods. It has an initial value of 0.
The point is : if I call the first method, and while it's
sleeping, I call the second one (from another window, for example), it doesn't
work properly. The first one crashes, and doesn't finish right. The final "var"
value is 2.
I want to know if there is any way to lock the folder, and its
properties, so no one can access to it until my method "transac1" finishes, and
where can I find information about locking resources in
Zope.
Re: [Zope] re module through the web security
On Wed, 6 Sep 2000, Chris Withers wrote: Chris McDonough wrote: There's the perception at DC that 're' isn't appropriate for through-the-web usage because it's possible to write and use regex that sends the Python interpreter thread it's operating within into a neverending loop. Sorry. Am I the only one who thinks this is silly? Probably not. One of Zope's key strengths is its granular security, right? So why isn't it the reponsibility of the site designer/maintainer/owner/whatever to ensure that only people he trusts have the ability to write DTML? It is. It seems like that perception is hobbling Python Methods, in particular, by removing useful stuff like the re module because the assumption is being made that people editing TTW code will be untrusted. TTW people are implicitly untrusted. This is core to the security model. IMH(umble), either you don't have confidence in Zope's security, or you're assuming your users are stupid (that may be fair for a lot of us, but still ;-) I dont think either statement is true. It is because there are restrictions that Zope TTW scripting is "safe." It's designed to be more safe than expressive. Chris McDonough Digital Creations, Publishers of Zope http://www.zope.org ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ANN: Serving PHP/Perl from Zope update
I had to dig a level deeper to support phorum (www.phorum.org), a PHP
message board app. Here's my update to handle cookies, redirection, POST
variables, and relative links. I'm new to python, so if I've done anything
awkwardly, please let me know the more elegant way.
First, a patch to Client.py - first part doesn't die on redirects and
returns (instead of raising 'Redirect') so cookies and base can be set,
second part opens a hole to pass headers into Client (for cookies)
224c224
if ec==200: return (headers,response)
---
if ec==200 or ec==302: return (headers,response)
342,344c342,344
def call(url,username=None, password=None, **kw):
return apply(Function(url,username=username, password=password), (), kw)
---
def call(url,username=None, password=None, headers={}, **kw):
F = apply(Function, (url, (), None, username, password, None), headers)
return apply(F, (), kw)
Then there's the rewrite of the code in the how-to. Here's the whole thing
(I use just one .py)
site = 'http://www.carbonecho.com/zforum'
from string import join
def DirectToPHP( self ):
if self.REQUEST.path:
# Build up a list of what is contained in self.REQUEST.path since
# you are going to redirect the user to /PHPContent/index_html. Start
# by adding the way you can access the PHP tree outside of Zope
originalRequestPath = [site]
# keep the original path to override base when serving
origPath = []
# is the user asking for a php script?
if self.REQUEST.path[0][-4:] == '.php': # I use .php, not .php3
# pop paths of REQUEST.path until its empty
while self.REQUEST.path:
# Remember the path components before you pop them
# hang on to passed in path to set as base when served
originalRequestPath.append( self.REQUEST.path[-1] )
origPath.append( self.REQUEST.path[-1] )
self.REQUEST.path.pop()
# Create a full url to pass to index_html
phpScript = join( originalRequestPath, '/' )
origScript = join( origPath, '/' )
# Is there a query string being passed to the script also?
if self.REQUEST.environ.has_key('QUERY_STRING'):
phpScript = phpScript + '?' + self.REQUEST.environ['QUERY_STRING']
origScript = origScript + '?' + self.REQUEST.environ['QUERY_STRING']
# self.REQUEST.path is now empty so the user is going to be
# directed to /forum/index_html. That method needs to
# know what the original request is, so pass it a REQUEST
# variable
self.REQUEST.set('phpScript', phpScript)
self.REQUEST.set('origScript', origScript)
# you also may want to redirect image requests to the PHP tree
elif self.REQUEST.path[0][-3:] in ['gif', 'png', 'jpg']:
originalRequestPath = [site]
while self.REQUEST.path:
originalRequestPath.append(self.REQUEST.path[-1])
self.REQUEST.path.pop()
# This is an image, so give it to a DTMLMethod that will
# just serve up images
self.REQUEST.path.append('ServeImage')
self.REQUEST.set('imagePath', join(originalRequestPath, '/'))
from ZPublisher import Client
from string import split
def ServePHP(self, username=None, password=None):
req = self.REQUEST
if req.environ.has_key('HTTP_COOKIE'):
headers = {'Cookie' : req.environ['HTTP_COOKIE']}
else:
headers = {}
if req.environ['REQUEST_METHOD'] == 'POST':
rTuple = apply(Client.call, (req['phpScript'], username, password, headers),
req.form)
else:
rTuple = Client.call(req['phpScript'], username, password, headers)
resp = req['RESPONSE']
for cookie in rTuple[0].getallmatchingheaders('Set-Cookie'):
cookie = cookie[:-1]
apply(resp.setHeader, split(cookie, ':', 1))
# not a particularly strong test, maybe Client should pass back status
if rTuple[0].has_key('location'):
# override base so that relative references work
resp.base = rTuple[0]['location']
raise 'Redirect', resp.base
#override base so that relative references work
resp.base = 'http://www.carbonecho.com/forum/' + req['origScript']
return rTuple[1]
from ZPublisher import Client
def ServeImage(self):
return Client.call(self.REQUEST['imagePath'])[1]
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Buying Zope for 139 German Marks - It´s cheap
Hallo all, maybe its old new´s - maybe not: Zope is part of "SuSE Linux 7.0 Profesional Edititon" and this is printed on the box in the categorie "Features and Highlights". It is indeed a Highlight. Regards Harald ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] re module through the web security
From: Chris Withers [EMAIL PROTECTED]
One of Zope's key strengths is its granular security, right?
So why isn't it the reponsibility of the site
designer/maintainer/owner/whatever to ensure that only people he trusts
have the ability to write DTML?
Fear not. In the brand new shiny PythonMethods Product coming soon
(really!) to a Zope near you, you will have the ability to say:
ModuleSecurityInfo('re').protect('compile', 'Use the "re" module')
...and suddenly anyone to whom you grant 'Use the "re" module' permission
will be able to 'from re import compile' in their Python Methods. Anyone
else will be able to 'import re', but not access any of its contents.
Cheers,
Evan @ digicool 4-am
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Form Validation
I can't answer your question but have been looking for similar information. Where can I find out more about ":string" and so forth. I haven't been able to locate any information on validation.. Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andreas Pauley Sent: Wednesday, September 06, 2000 1:25 AM To: Zope Subject: [Zope] Form Validation Hi, I see you can let Zope do basic form validation for you by appending ":string" or ":int" to your form name. The error messages that are displayed are not that clear, however. How can I get more control over what happens when an error occurs? (e.g. I'd like to be able to get back a list/ditionary of errors instead of handling them one by one) Where can I get documentation on all the built-in form validation options at my disposal? (e.g. a field may not be required, but if it is filled in it has to be an integer) Is Zope's built-in form validation sufficient for a complex system? Are there better ways to do form validation? I saw a php program on freshmeat.net the other day that supposedly generates forms complete with client and server-side validation. Do we have a similar product in Zope? Thanks, Andreas. -- In a world without fences, who needs gates? ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] re module through the web security
Chris Withers writes: Chris McDonough wrote: There's the perception at DC that 're' isn't appropriate for through-the-web usage because it's possible to write and use regex that sends the Python interpreter thread it's operating within into a neverending loop. Sorry. [snip] It seems like that perception is hobbling Python Methods, in particular, by removing useful stuff like the re module because the assumption is being made that people editing TTW code will be untrusted. I think the re module is a good example for arguing that DTML and Python Methods should have different criteria for deciding what modules are available (and separate permissions for users, if they don't already). Somehow, the idea of mixing regexps and DTML gives me chills, but I agree that it is a perfectly reasonable tool to want to use in Python Methods. This relates more the crusade to depricate DTML programming as opposed to DTML report writing than it does to security concerns. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: [Zope] Buying Zope for 139 German Marks - It´s cheapp
On Wed, Sep 06, 2000 at 05:01:38PM +0200, Harald Koschinski wrote: maybe its old new´s - maybe not: Zope is part of "SuSE Linux 7.0 Profesional Edititon" and this is printed on the box in the categorie "Features and Highlights". It is indeed a Highlight. Got a better buy: www.lob.de sells Debian 2.2 for 39,90 DM: The description in the online shop also mentions that Zope is included. IIRC, the LinuxLand Debian box also featured Zope. Just to be fair: Zope is also included since a while in Redhat's PowerTools add-on package. I guess SuSE had no choice anymore ;-) Gregor ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] INSTANCE_HOME problems...
Hello all, I have followed 4am's INSTANCE-HOME How-To, and have set up a Zope Instance. I created the var, import, Extensions and Products directories from scratch. I then put a new product in the new instance's Products directory. When I start my new Zope instance, it sees all of the products that are installed in the base Zope installation, but not the new product in the instance's Products directory. If I put the new product in the base Zope installation, then my new instance sees it. Based on my understanding of the INSTANCE_HOME How-To, I should be able to have separate products in the instance's Products directory, right? Any help on this is greatly appreciated! If you could, please cc: any responses to my email address ([EMAIL PROTECTED]) as well as the list, since I am in digest mode. Thanks! BTW, I'm running Zope 2.2.1 on linux2. Thanks again folks, Will Dennis P-Wave, Inc. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Proxy roles don't propagate? - bizzare permissions from ZDChart too
I'm using LoginManager and the loginForm cookie method for security. I want my login form to use the same standard_html_header, stylesheet and so on as my system. My hierarchy is / Strader StyleSheet acl_Users loginForm I've denied anonymous access to Strader and so on, but I want the loginForm to be able to load standard_html_header, which in turn references a few things in Strader Anyway, my loginForm has this: dtml-with Strader dtml-var standard_html_header /dtml-with I've given the loginForm a proxy role called "Customer" Customer has full access to Strader and everything in it. It looks like standard_html_header is rendered, but when standard_html_header calls StyleSheet and other objects in the Strader folder, I get the browser login box. Cancelling that shows "access to StyleSheet denied". Its as if the proxy role assigned to loginForm is discarded by standard_html_header, even though I didn't assign standard_html_header any proxy roles. Is this a bug, or by design? -- Also, I see that I have some very strange permissions in my list, looks like an installed product goofed. I see this single character permissions. A C D G Z a d h r s t Ahh.. Looks like ZGDChart hasn't used a tuple where it should... Brad Clements,[EMAIL PROTECTED] (315)268-1000 http://www.murkworks.com (315)268-9812 Fax netmeeting: ils://ils.murkworks.com AOL-IM: BKClements ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: ZClass Bug (was: Re: [Zope] How to access id and title of document calling standard_html_header)
- Original Message -
From: "Dieter Maurer" [EMAIL PROTECTED]
To: "Tim Hicks" [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, September 05, 2000 9:44 PM
Subject: ZClass Bug (was: Re: [Zope] How to access id and title of
document calling standard_html_header)
snip
The analysis provides a workaround for you.
In your ZClass constructor, add
dtml-call "REQUEST.set('__name__',REQUEST['id'])"
before the
dtml-with
"yourClass.createInObjectManager(REQUEST['id'],REQUEST)"
snip
Dieter,
I tried using the code that you suggested above, but I get the
following error from Zope 2.2.1
snipped traceback
File C:\PROGRA~1\Zope221\lib\python\DocumentTemplate\DT_With.py, line
133, in render
(Object: theatre_class.createInObjectManager(REQUEST['id'],
REQUEST))
File C:\PROGRA~1\Zope221\lib\python\DocumentTemplate\DT_Util.py,
line 337, in eval
(Object: theatre_class.createInObjectManager(REQUEST['id'],
REQUEST))
(Info: REQUEST)
File lt;stringgt;, line 0, in ?
NameError: theatre_class
It would seem that string is still raising its head. Any ideas?
tim
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Cut down on the Available Objects list.
Hi, all. When I create ZClasses I can make the Available Objects shrink to just a couple of available objects via subclasses and so forth. How would I do this with a Python Class in a Python Zope Product? (Let's say an OFS.Folder.Folder class, which would normally could contain all available objects.) Thanks :-) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ANN: Serving PHP/Perl from Zope update
Got authorization to work!
First, another patch to Client.py to raise 'Unauthorized' when 401 is
returned by PHP/Perl:
after line that starts with
if ec==200
add
if ec==401:
raise 'Unauthorized'
Second, numerous changes to the external method that makes the request and
receives the response. Here's the whole thing
def ServePHP(self):
req = self.REQUEST
(username, password) = req._authUserPW()
headers = {}
if req.environ.has_key('HTTP_COOKIE'):
headers = {'Cookie' : req.environ['HTTP_COOKIE']}
if req.environ.has_key('HTTP_USER_AGENT'):
headers = {'User-Agent' : req.environ['HTTP_USER_AGENT']}
if req.environ['REQUEST_METHOD'] == 'POST':
rTuple = apply(Client.call, (req['phpScript'], username, password, headers),
req.form)
else:
rTuple = Client.call(req['phpScript'], username, password, headers)
resp = req['RESPONSE']
# the first element of the return tuple is dervied from rfc822
for cookie in rTuple[0].getallmatchingheaders('Set-Cookie'):
cookie = cookie[:-1] # remove \n - is there an idiom for this?
apply(resp.setHeader, split(cookie, ':', 1))
# not a particularly strong test, maybe Client should pass back status
if rTuple[0].has_key('location'):
# override base so that relative references work
resp.base = rTuple[0]['location']
raise 'Redirect', resp.base
#override base so that relative references work
resp.base = 'http://www.carbonecho.com:10080/forum/' + req['origScript']
return rTuple[1]
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ANN: Serving PHP/Perl from Zope update
oops! that should be username, password = req._authUserPW() ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: [Zope-Perl] Send me your Perl Methods
Or maybe using a perl module that doesnt exist in Python? I was looking at
MP3::Napster the other day but Im stuck on Windows.
- Original Message -
From: "Gisle Aas" [EMAIL PROTECTED]
To: "Michel Pelletier" [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, September 06, 2000 1:33 PM
Subject: Re: [Zope-Perl] Send me your Perl Methods
Michel Pelletier [EMAIL PROTECTED] writes:
Gisle Aas wrote:
I'm also looking for interesting examples :-)
Do you have any interesting PythonMethod examples? I can probably
translate it to perl for you.
Yes, I thought that was a good approach. I don't really have any good
python methods either, but I can come up with some.
Here's an algorithm I did in the Globbing Lexicon component of Zope.
This turns a string into 'digrams' Which is a common wild-card searching
datastructure. So:
bob = ['$b', 'bo', 'ob', 'b$']
python = ['$p', 'py', 'yt', 'th', 'ho', 'on', 'n$']
Dollar signs mark the beginning and ending of the word.
def digram(word):
""" """
digrams = []
digrams.append('$' + word[0]) # mark the beginning
for i in range(len(word)):
digrams.append(word[i:i+2])
digrams[-1] = digrams[-1] + '$' # mark the end
return digrams
There's probably a better way to do it in Python, and this should be
Perl's forte. Can someone come up with a reasonably cool Perl method
that did this?
sub digram {
my $word = shift;
my @digrams;
push(@digrams, '$' . substr($word, 0, 1));
push(@digrams, substr($word, $_, 2)) for 0 .. length($word)-1;
$digrams[-1] .= '$';
return \@digrams;
}
I'm not so sure about this being perl's forte. There was no way to
use regular expressions here :-)
I would actually like to see some methods that interact more with the
Zope environment.
Regards,
Gisle
___
Zope-perl maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-perl
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] INSTANCE_HOME problems...
Thanks for replying so quickly, Evan! Evan Simpson wrote: Some sanity checks: - You're starting Zope from inside the INSTANCE_HOME, right? Yes, just as in the How-To instructions. I can provide you with the start script if necessary. - Can you verify that the Data.fs in the INSTANCE_HOME's var is the one being used? Yes, the Database Management page in Control Panel says the location is my instance path (/home/zope/p-wave/var/Data.fs) whereas the "base" Zope installation is in /usr/local/zope. - Can you import from INSTANCE_HOME/import? Yes, just tried it and it does import products fine (just imported a self-written product we had exported from another Zope installation.) Cheers, Evan @ digicool 4-am Thanks again, Will ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] ZDebug Wizzard interference
Shane wrote http://www.zope.org/Members/hathawsh/ZDebug/index_html ZDebug is a set of patches to Zope that help in the deciphering of DTML errors and authorization exceptions. Because this is the first release, remember to make a backup before installing. Looks like ZDebug does not work to well with wizards -- I suspect because of ZCallable. I am using a PTK snapshot from today, latest Zope. Did a test with and w/o ZDebug. Wizard works fine w/o. By the way I like where ZDebug is going! This is what happens when you ad a portal An exception occurred in a DTML method or document. Error type: exceptions.IndexError Error value: list index out of range Innermost method: /vpatch/PortalWizard/wizard_fillin_fields Namespace Stack (innermost entry at top) ID Type (N/A) mapping with keys: ['document_id', 'document_title'] (N/A) mapping with keys: ['document_id', 'document_title'] PortalWizard InstanceDict REQUEST ZPublisher.HTTPRequest.HTTPRequest Source of /vpatch/PortalWizard/wizard_fillin_fields with fault: dtml-let pagevars="_.getattr(wizard_pages[wizard_index], 'wizard_variables', [])" dtml-in "REQUEST.form.keys()" dtml-let key="_['sequence-item']" dtml-if "key[:7] != 'wizard_' and key not in pagevars" input type="hidden" name="dtml-key;" value="dtml-var "REQUEST.form[key]" html_quote" /dtml-if /dtml-let /dtml-in /dtml-let dtml-if wizard_test input type="hidden" name="wizard_test" value="1" /dtml-if vPatch Home | Products, Services, and Solutions | Testimonials | Investor Relations | Demos | Login/Registration | Learning Center | Contact Us Traceback (innermost last): File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/ZPublisher/Publish.py, line 222, in publish_module File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/ZPublisher/Publish.py, line 187, in publish File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/Zope/__init__.py, line 221, in zpublisher_exception_hook (Object: RoleManager) File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/ZPublisher/Publish.py, line 171, in publish File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/ZPublisher/mapply.py, line 160, in mapply (Object: index_html) File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/ZPublisher/Publish.py, line 112, in call_object (Object: index_html) File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/App/Factory.py, line 178, in index_html (Object: RoleManager) File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/Products/ZCallable/__init__.py, line 101, in __call__ (Object: Traversable) File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/OFS/DTMLMethod.py, line 172, in __call__ (Object: index_html) File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/Products/ZDebug/DTMLLocator.py, line 103, in __call__ (Object: index_html) File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/DocumentTemplate/DT_String.py, line 528, in __call__ (Object: index_html) File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/Products/ZDebug/DTMLDebug.py, line 213, in debug_render_blocks File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/Products/ZDebug/DTMLDebug.py, line 210, in debug_render_blocks File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/OFS/DTMLMethod.py, line 168, in __call__ (Object: wizard_fillin_fields) File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/Products/ZDebug/DTMLLocator.py, line 103, in __call__ (Object: wizard_fillin_fields) File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/DocumentTemplate/DT_String.py, line 528, in __call__ (Object: wizard_fillin_fields) File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/Products/ZDebug/DTMLDebug.py, line 259, in debug_render_blocks File /users/hog/software/zope/Zope-2.2.0-solaris-2.6-sparc/lib/python/Products/ZDebug/DTMLDebug.py, line 192, in debugException (Object:
Re: [Zope] INSTANCE_HOME problems...
Hello all, OK, shoulda tried other products before posting... We just installed two products (LocalFS and ZSMime) in the given instance's Products folder, and they appear in the instance, just as they should! For some reason, however, WorldPilot doesn't show up unless I install it in the base Zope's Products folder... Guess I'll have to email the NH guys (unless they're on this list!) Thanks for your help, anyways... I'll do more testing next time. Will ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Set Access Rule wish
Its nice that the icon for the method, who is the access rule's target, is changed. However, I think also there needs to be some indicator on the folder involved as well. Over the long weekend, I had accidentally set an access rule (for URL-based SQLSession ID) in the proper folder and also a subfolder (to the same method). Took me several days to discover that other access rule had been set in the subfolder. When your you have mistakes with this kind of stuff, I can be madding and any kind of indicators would be useful. Regards, Albert Boulanger [EMAIL PROTECTED] ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] DateTime.now().iso_week
In Zope, I need to get the results of the command in the subject. Unfortunately (and somewhat irritatingly...), Zope doesn't seem to use the mxDateTime package, and thus, _.DateTime does _not_ have it. Anyone know how I would go about getting it? Without using an External method? -- Bill Anderson (ARC)Unix/Linux System Administrator HPSO Engineering Productivity Team Wednesday, September 06, 2000 Random Quote: Why can't women put the toilet seat back up? ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Major problem involving Multiple zopes on one machine
This is happening on an HP-UX 11.0 machine. Setup: Two Zope installs, TWO IP adresses. Each install has the -a xx.xx.xx.xx address option passed via the standard start script. problem: occasionally, while working on one, I wind up actually working on the other. Clarification: While in the manage screen for ServerA, I occasionally see the management screen for ServerB. Even wihtout being logged into ServerB. (IE. clean browser session) This sucks. -- Bill Anderson (ARC)Unix/Linux System Administrator HPSO Engineering Productivity Team Wednesday, September 06, 2000 Random Quote: (A)bort, (R)etry, (S)elf-destruct? ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Major problem involving Multiple zopes on one machine
Bill Anderson wrote: Clarification: While in the manage screen for ServerA, I occasionally see the management screen for ServerB. Even wihtout being logged into ServerB. (IE. clean browser session) I have 5 zopes on the same machine i have never noticed this problem. do the different ip's have different names? what do you get from when you start as far as computing default hoistname goes? ~mindlace ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Major problem involving Multiple zopes on one machine
ethan mindlace fremen wrote: Bill Anderson wrote: Clarification: While in the manage screen for ServerA, I occasionally see the management screen for ServerB. Even wihtout being logged into ServerB. (IE. clean browser session) I have 5 zopes on the same machine i have never noticed this problem. do the different ip's have different names? what do you get from when you start as far as computing default hoistname goes? ~mindlace As I sit here and play with it, it seems to happen when I restart zope from within the Control panel. I'll look up the hostname part in a few minutes ... I can't restart the server just yet. IIRC, they came up with the correct hostnames ... -- Bill Anderson (ARC)Unix/Linux System Administrator HPSO Engineering Productivity Team Wednesday, September 06, 2000 Random Quote: The world is a stage, but the play is badly cast. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] supplemental group ids (Linux)
Kip Rugger wrote: OK, something is not quite right here. On my unmodified zope, it is properly 'sandboxed'. Perhaps it is the use of the explicit '-u nobody'? I don't do that on my system, which causes Zope to run as nobody implicitly. (When started as root, unless told otherwise, zope will switch to nobody). Try running without the 'u nobody switch, and see what happens. Just out of curiousity. No difference. I think the point is that Zope does not make any initgroups(3) calls; this will be a problem if the particular system needs it. I have two such systems: Linux 2.2.16 + glibc-2.1.2 NetBSD 1.4 ... Under this hypothesis, my question is how could _your_ system work? Why is it that you don't have the original primary gid lingering in the supplemental list? Not sure. Here is my setup: glibc 2.1.3 Kernel 2.2.15 heavilly modified Redhat 6.2 base. Perhaps it is the kernel? I also have a 2.2.16 (2.1.3 glibc) kernelled machine which exhibits the behavior you see on yours.. I can try it on a 2.2.4test6 kernel too ... -- Do not meddle in the affairs of sysadmins, for they are easy to annoy, and have the root password. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] re module through the web security
Evan Simpson wrote:
From: Chris Withers [EMAIL PROTECTED]
One of Zope's key strengths is its granular security, right?
So why isn't it the reponsibility of the site
designer/maintainer/owner/whatever to ensure that only people he trusts
have the ability to write DTML?
Fear not. In the brand new shiny PythonMethods Product coming soon
(really!) to a Zope near you, you will have the ability to say:
ModuleSecurityInfo('re').protect('compile', 'Use the "re" module')
...and suddenly anyone to whom you grant 'Use the "re" module' permission
will be able to 'from re import compile' in their Python Methods. Anyone
else will be able to 'import re', but not access any of its contents.
Now THAT! Rocks!
--
Do not meddle in the affairs of sysadmins, for they are easy to annoy,
and have the root password.
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Whitespace in lines property
Can anyone tell me why when I edit a lines property I get leading whitespace inserted? The first line gets seven each one after that gets 10 spaces. I tried stripping it out but this didn't seem to have any effect. ... textarea name="alt_names:lines" rows="10" cols="50" dtml-in alt_names dtml-let cur_item=sequence-item dtml-var "_.string.strip(cur_item)" /dtml-let /dtml-in /textarea ... Thanks, -- Tim Cook -- FreePM Project Coordinator http://www.freepm.org OS Health Care Alliance Supporter http://www.oshca.org ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ANN: Serving PHP/Perl from Zope update
oops, again :-(
headers = {}
if req.environ.has_key('HTTP_COOKIE'):
headers['Cookie'] = req.environ['HTTP_COOKIE']
if req.environ.has_key('HTTP_USER_AGENT'):
headers['User-Agent'] = req.environ['HTTP_USER_AGENT']
Also on my member page - http://zope.org/Members/billw/morePHP
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Whitespace in lines property
Hi Tim, Tim Cook wrote: Can anyone tell me why when I edit a lines property I get leading whitespace inserted? The first line gets seven each one after that gets 10 spaces. I tried stripping it out but this didn't seem to have any effect. ... textarea name="alt_names:lines" rows="10" cols="50" dtml-in alt_names dtml-let cur_item=sequence-item ^^^ here^here dtml-var "_.string.strip(cur_item)" ^ here^here /dtml-let ^^^here ^ here /dtml-in /textarea here marks your whitespaces. try: textarea name="alt_names:lines" rows="10" cols="50" dtml-in alt_namesdtml-let cur_item=sequence-itemdtml-var "_.string.strip(cur_item)" /dtml-let/dtml-in/textarea Ugly code, but... HTH Tino ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Whitespace in lines property
Tino Wildenhain wrote: Hi Tim, Tim Cook wrote: Can anyone tell me why when I edit a lines property I get leading whitespace inserted? The first line gets seven each one after that gets 10 spaces. I tried stripping it out but this didn't seem to have any effect. ... textarea name="alt_names:lines" rows="10" cols="50" dtml-in alt_names dtml-let cur_item=sequence-item ^^^ here^here dtml-var "_.string.strip(cur_item)" ^ here^here /dtml-let ^^^here ^ here /dtml-in /textarea here marks your whitespaces. try: textarea name="alt_names:lines" rows="10" cols="50" dtml-in alt_namesdtml-let cur_item=sequence-itemdtml-var "_.string.strip(cur_item)" /dtml-let/dtml-in/textarea Ugly code, but... Well, "realize something NEW everyday!" It never crossed my mind that the space between my code elements would be rendered. DUH! Thanks, -- Tim Cook -- FreePM Project Coordinator http://www.freepm.org OS Health Care Alliance Supporter http://www.oshca.org ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
