Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 Sep 2006, at 17:39, Martijn Faassen wrote: Andrew Sawyers wrote: Yeah, definitely. And if we go with that tool I volunteer to be hooked up as a secondary. As do I . All this DNS volunteering is great! Unfortunately, I'm a bit at a loss on how to proceed, as I'm not very familiar with DNS issues. The way it works is this: - - the owner/admin for the domain changes the domain name servers assigned for this domain through the registrar that holds the domain. This can normally be done using a web interface at the registrar. Someone at ZC must do this, and he needs a IP/hostname for the primary DNS server and IPs/hostnames for secondaries - - The zone data is pulled from the old servers and entered into the new primary. This zone data must reflect the new DNS primary/ secondaries. Whenever the primary is updated, it will contact all the secondaries it knows about automatically and ask them to reload the data. - - The secondaries need to have their configuration changed so that they know they are secondaries for zope.org. They also need to know the IP of the primary. They will then automatically fetch zone data from the primary. Apart from the first step this is quick and easy to do. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFFGUs7RAx5nvEhZLIRAqnXAJ9DEh9Xwu0lOWz1bnN7wZsfa3YnrACgs7mQ ShgewVqAuoT7G+RE+JFy+UY= =ECBK -END PGP SIGNATURE- ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
On 9/26/06, Jens Vagelpohl [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I believe a single DNS query over UDP can handle around 20-25 entries, depending on their size. Should be no problem for an 'NS' query for zope.org to point at ten or more hosts which run slave. The question is, does this tool allow that? I imagine so. I know that we set up a local slave in the convention center for SIGGRAPH in Boston this year from our cheapo DNS provider. I'm not sure what you're trying to explain or ask here. Do you think there would be any problem in propagating updates? Well, there won't. And I don't see any need for more than 3 DNS servers (including the master). DNS is not resource-intensive in any way. Well, since I don't know about the suggested provider, here's my concern - let's say I manage your DNS on my servers, and you want to provide your own local servers. How do you get a copy of the latest zone? Your IP must be listed in my server so that it is allowd to perform AXFR queries. All I'm saying is, I assume, hopefully, that this provider will allow us to specify hosts which are allowed to perform AXFR. They will also probably provide us with 3-4 hosts which we can use for DNS. If You, me, and one other person each contribute two IP addresses on different network, that puts the zope.org zone in pretty good shape, because various caching nameservers will handle the trouble of determining which authoritative record is best for them to use. DNS may seem like a low-load service, but if you were to run a DNS provider yourself on a single machine, I challenge you to maintain 90% uptime. The last time I worked on a large DNS implementation we had twelve machines in each of two geographic locations - dual xeon machines with lots of RAM that did nothing but handle round-robin DNS queries. IIRC, we had about 100,000 zones, but still, let's think about this for a moment. Imagine: * I have www.stupidwebsiteforjerks.com * Someone hates my stupid website, because it's for jerks * My DNS records are in the same server as yours * Someone decides to launch an 8MB/s or so DDoS against my NS records and my webserver IP. * Your site starts failing to load for 30-60% of visitors after a few hours. ;) -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] Apache, anyone?
Chris Withers wrote: Lennart Regebro wrote: Personally, I don't care where www.zope.org is currently located, and I also think we should replace it part by part with microsites, like wiki.zope.org, bugs.zope.org, news.zope.org, products.zope.org and so on, Be careful the multiple domain names, it prevents sensible cookie-based auth. For that reason alone, I'd prefer to see zope.org/wiki, zope.org/bugs, zope.org/news, etc instead. Good point, though it depends on whether we want authentication. I imagine we do want that in case with the wiki. It really feels like we need a foundation-admin'ed Apache in front of everything somewhere, just to handle rewriting/static content/etc. Is that a possiblity? I want to move in that direction, but it's not a near-term possibility. We can rewire things inside of Squid though if we asked overworked ZC admins nicely.. Regards, Martijn ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
On 9/26/06, Martijn Faassen [EMAIL PROTECTED] wrote: Andrew Sawyers wrote: Yeah, definitely. And if we go with that tool I volunteer to be hooked up as a secondary. As do I . All this DNS volunteering is great! Unfortunately, I'm a bit at a loss on how to proceed, as I'm not very familiar with DNS issues. So, what I need: * a single contact person for DNS issues that I can contact whenever something DNS related is needed, can advise me on these issues should I have questions, and who will arrange DNS matters among the three of you. I propose it's one of you three (Justizin, Jens, Andrew). Anyone volunteering for that? I'm glad to be the lead, and I'm glad for either of the other guys to be the lead. ;d Whoever you decide to nag, I think the three of us can hammer this out. * A plan of action worked out between the three of you. I basically need to know what needs to be done bureaucratically from the side of Zope Corporation and the Foundation to get this arranged. I'll leave the actual work to you all - I intend to only be there when stuff needs to be expedited somehow. Okay. We will need: * A copy of the existing zope.org zone files * Cooperation from [EMAIL PROTECTED] to change the NS record pointers * A list of people who need access in ZoneEdit -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] http://namespaces.zope.org/zope
Justizin wrote: So.. I was talking to Philipp the other day on IRC, wondering why http://namespaces.zope.org/zope Doesn't actually exist on on the intarweb. At first I wondered if it was a requirement, like for a DTD, and P says no, so I believe him. We did agree that it would be nice if something lived here talking about ZCML, which is what the w3c does for their namespaces, like: http://www.w3.org/1999/xhtml Of course, I volunteer. First, thank you for volunteering! Right, it's indeed not a requirement, the namespace URL is just a way to get uniqueness, but it'd indeed be nice if something lived there. We're currently investigating mechanisms by which we (as the community) can manage the nameserver for zope.org - a requirement to bring namespaces.zope.org into being. We're also trying to figure out what could be listening on the other end. What I would propose if you write the documents you want to sit on the other end for the various ZCML namespaces, and put them up somewhere for us to review. Once we're happy with them, we'll work on putting them online. Regards, Martijn ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] Re: [Zope] Re: Protocol question about ZopeBook typos
Current ZopeBook version is at http://www.plope.com/Books/2_7Edition Please check http://www.plope.com/Books/zb_signup for contact information. It'd be ral nice to bring the Zope Book back into one place under the zope.org banner somewhere... Following that, has there been any continued interest / development? It still says the pending version is the Zope 2.7 version. With all of what's out in the wild and around the corner now, it seems like there ought to be work in creating accurate documentation for as much of Zope 2.7 - 3.3 as possible. Some people will be tied to these older versions of Zope for a while, whether we like it or not, and may be low on midichlorians[0]. And as much as I enjoy Philipp's book, it would be nice if there were some effort at providing straight up z3 documentation, perhaps with less pizzazz. ;) [0] i.e. don't like hearing UTSL vs. RTFM ;) -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
On 9/26/06 11:10 AM, Jens Vagelpohl [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 Sep 2006, at 17:02, Andrew Sawyers wrote: We can use someone like zoneedit.com for the primary, and then have a bunch of secondaries.I'm sure there's lots of us who could do secondary dns for this. I've used zoneedit for several years now - flawlessly. First 5 domains are free - so that shouldn't be a problem. Hey Andrew, learn bottom-posting please! I haven't worked with zoneedit, but would volunteer a secondary DNS setup on one of my boxes. DNS changes should be very tightly regulated and the group of people who can make them should be very small since DNS is a very important wheel in the machinery which can break all other services if not handled correctly. I don't think it is important to have some newbie- friendly tool. jens This has nothing to do with a newbie friendly tool - but a third party to be the primary, so that a single person isn't the 'owner' of this - so those with appropriate access can manage this. I'm sure all of us on the list understand the importance of DNS and it's reliability. Since it's free and been around for years, I thought it was worthy of looking at for the group. Andrew ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 Sep 2006, at 17:48, Justizin wrote: Well, since I don't know about the suggested provider, here's my concern - let's say I manage your DNS on my servers, and you want to provide your own local servers. How do you get a copy of the latest zone? Your IP must be listed in my server so that it is allowd to perform AXFR queries. Do you know how DNS works? Slaves don't just ask for a transfer willy- nilly. Slaves are known to the primary and they get told when to ask. They will also probably provide us with 3-4 hosts which we can use for DNS. If You, me, and one other person each contribute two IP addresses on different network, that puts the zope.org zone in pretty good shape, because various caching nameservers will handle the trouble of determining which authoritative record is best for them to use. DNS may seem like a low-load service, but if you were to run a DNS provider yourself on a single machine, I challenge you to maintain 90% uptime. The last time I worked on a large DNS implementation we had twelve machines in each of two geographic locations - dual xeon machines with lots of RAM that did nothing but handle round-robin DNS queries. I have no idea what you are talking about. This is not some huge DNS service that we need. We need to serve exactly one zone. This can be done from a Palm Pilot, to be honest. I have run DNS services for years and years and don't share any of your doubts. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFFGU16RAx5nvEhZLIRAgXmAKCJ9Ll0OvlJoLZ5v6NlblOzDP2VQACgnpwr sIHCUp37OQhySlIiXvke1yU= =qUDs -END PGP SIGNATURE- ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
On 9/26/06, Jens Vagelpohl [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 Sep 2006, at 17:48, Justizin wrote: Well, since I don't know about the suggested provider, here's my concern - let's say I manage your DNS on my servers, and you want to provide your own local servers. How do you get a copy of the latest zone? Your IP must be listed in my server so that it is allowd to perform AXFR queries. Do you know how DNS works? Slaves don't just ask for a transfer willy- nilly. Slaves are known to the primary and they get told when to ask. I'm not sure this is correct. We should investigate before insulting each other's intelligence. I know a great deal about how DNS works, thank you very much. ;) They will also probably provide us with 3-4 hosts which we can use for DNS. If You, me, and one other person each contribute two IP addresses on different network, that puts the zope.org zone in pretty good shape, because various caching nameservers will handle the trouble of determining which authoritative record is best for them to use. DNS may seem like a low-load service, but if you were to run a DNS provider yourself on a single machine, I challenge you to maintain 90% uptime. The last time I worked on a large DNS implementation we had twelve machines in each of two geographic locations - dual xeon machines with lots of RAM that did nothing but handle round-robin DNS queries. I have no idea what you are talking about. This is not some huge DNS service that we need. We need to serve exactly one zone. This can be done from a Palm Pilot, to be honest. I have run DNS services for years and years and don't share any of your doubts. Okay, let's please not make this an argument. *we* do not have large-scale DNS needs. However, if we use someone like ZoneEdit.com, their nameservers are highly loaded. So, as I said, if someone decides to launch a DNS attack on ns1.zoneedit.com or whatever, it can affect the availability of zope.org, unless there are alternates, which is what we all propose. It's a sad logical fallacy for you to state that because you have never seen this problem, it does not exist. I spent nearly three years as an engineer at one of the world's largest provider of managed internet services, and I can tell you that NS.RACKSPACE.COM and NS2.RACKSPACE.COM are hit multiple times a year by 8MB/s or greater DDoS attack. This was in a datacenter with 9GB/s of bandwidth via multiple OC-48 connections. It's important. -- Justizin, Independent Interactivity Architect ACM SIGGRAPH SysMgr, Reporter http://www.siggraph.org/ ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 Sep 2006, at 18:17, Lennart Regebro wrote: I don't understand what you are debating, really. Could you clarify? This is about propagating data from the primary DNS server (which would be that service Andrew suggested) to the databases held on the secondary DNS servers. It is a fully automatic process, under normal circumstances. There's also the question how many secondary servers we need, or how much DNS serving capacity. Most normal domains have one primary and one secondary server. I suggest one primary and two secondaries. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFFGVOVRAx5nvEhZLIRAhWPAJ9R9WrFAiNEcgK3u3F9c+IwnN2tnwCguQ+7 oA/+CTShfimLvPbwaKLMT0s= =V798 -END PGP SIGNATURE- ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 Sep 2006, at 18:20, Justizin wrote: (a) ZoneEdit probably has more zones than Rackspace, which is classified in Texas as a Small Business. ZoneEdit is well known enough that a handful of people on this small mailing list know of it. People don't quite always target Rackspace, they often targetted specific Rackspace customers. Someone might target ZoneEdit. I meant specifically zope.org as the target for attack, not ZoneEdit. Even if ZoneEdit is targeted, two secondaries is still enough. (b) None of this matters because three of us offered to host slaves! Why are you arguing against doing something you volunteered to do? I'm not. I'm arguing against the higher number of secondaries that you suggested earlier. Two secondaries is enough. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFFGVShRAx5nvEhZLIRAv1zAJ4hD5Q9btzrcAlWeBvLm5g8i+5/3QCgkZRD icsUHJw7pgxNqBFmgZu/+5U= =Z6RD -END PGP SIGNATURE- ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: [ZWeb] Re: [Zope] Re: Protocol question about ZopeBook typos
Chris Withers wrote: It'd be ral nice to bring the Zope Book back into one place under the zope.org banner somewhere... +1! ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 Sep 2006, at 18:51, Lennart Regebro wrote: On 9/26/06, Jens Vagelpohl [EMAIL PROTECTED] wrote: I'm not. I'm arguing against the higher number of secondaries that you suggested earlier. Two secondaries is enough. I'm guessing that's fine too. I haven't had any problems for four years, as mentioned, and i don't have secondaries, cuz I'm too lazy. :-) Now I know where to point *my* DNS DOS scripts ;) jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFFGVuMRAx5nvEhZLIRAp7lAJ9eU6engpGy0UBg3ede2WUIkcr3MQCfSgSb M+1zd0VvYZ6vX4dTWiINsMA= =WKBe -END PGP SIGNATURE- ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
Re: Zope.org DNS ( was Re: [ZWeb] http://namespaces.zope.org/zope )
Justizin wrote: On 9/26/06, Martijn Faassen [EMAIL PROTECTED] wrote: [snip] I'm glad to be the lead, and I'm glad for either of the other guys to be the lead. ;d You're the only one volunteering for this right now, as far as I can see, so if you think you and Jens can get along after this DNS initiation rite or whatever you two were having just now, you're now the official lead. :) Great, thanks! Whoever you decide to nag, I think the three of us can hammer this out. Excellent. By the way, are you a Zope Foundation member in any way? I'm not sure whether it matters at this stage, just checking. * A plan of action worked out between the three of you. I basically need to know what needs to be done bureaucratically from the side of Zope Corporation and the Foundation to get this arranged. I'll leave the actual work to you all - I intend to only be there when stuff needs to be expedited somehow. Okay. We will need: * A copy of the existing zope.org zone files * Cooperation from [EMAIL PROTECTED] to change the NS record pointers * A list of people who need access in ZoneEdit I will contact Rob and try to get the ball rolling. I'll pass it back to you guys as soon as possible. Regards, Martijn ___ Zope-web maillist - Zope-web@zope.org http://mail.zope.org/mailman/listinfo/zope-web
[Zope] A Quick Event-based Cataloging How-to for Zope 2
Hi All, Just been playing with this and found it remarkably easy, so thought I'd pass it on. If anyone can think of a better place than the mailing list archives for this, please let me know! Anyway, so I'm building a Zope 2 app where I need to index objects that are not catalog aware when they're added, modified or removed. To make things harder, this also needs to work via WebDAV. OK, so here's the solution: 1. Create yourself a python module called subscribers.py and put it on your python path, containing the following: from Acquisition import aq_base from zope.interface import Interface class ICatalogAware(Interface): pass def catalog(object,event): if aq_base(object) is object: # ObjectModified can get emitted during creation, # before the object has any acquisition context return object.getPhysicalRoot().unrestrictedTraverse( '/catalog' ).catalog_object(object) def uncatalog(object,event): object.getPhysicalRoot().unrestrictedTraverse( '/catalog' ).uncatalog_object('/'.join(object.getPhysicalPath())) 2. Slap the ICatalogAware marker interface on any classes you want to have indexed. Here's an example for the good old File object. Put the following in your site.zcml: class class=OFS.Image.File implements interface=subscribers.ICatalogAware/ /class 3. Finally, wire up the events so that files get indexed when they're created, modified or removed, again by adding the following to site.zcml: subscriber handler=subscribers.catalog for=ICatalogAware zope.app.container.contained.ObjectAddedEvent / subscriber handler=subscribers.catalog for=ICatalogAware zope.app.container.contained.ObjectModifiedEvent / subscriber handler=subscribers.uncatalog for=ICatalogAware zope.app.container.contained.ObjectRemovedEvent / 4. Okay, sadly you do need to get do some patching if you want changes to the file to result in recataloging :-/ Here's a diff: --- Image.py.original 2006-09-26 16:32:20.759375000 +0100 +++ Image.py2006-09-26 16:33:11.384375000 +0100 @@ -33,6 +33,8 @@ from ZPublisher.HTTPRequest import FileUpload from ZPublisher.Iterators import filestream_iterator from zExceptions import Redirect +from zope.event import notify +from zope.app.container.contained import ObjectModifiedEvent from cgi import escape import transaction @@ -437,6 +439,7 @@ self.ZCacheable_invalidate() self.ZCacheable_set(None) self.http__refreshEtag() +notify(ObjectModifiedEvent(self)) def manage_edit(self, title, content_type, precondition='', filedata=None, REQUEST=None): Okay, well, hope this helps someone :-) Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] User management messed up?
What version of XUF are you using? a pretty old one: exUserFolder-0-10-10 I'm using XUF under 2.9.x without any problems. well, I'm not even sure if XUF is causing the problems or maybe something else, that is the main reason for my post Also how did you add rights for Anonymous? Did you accidently remove permissions for Authenticated or other Roles? well in the security tab of folder 'y' I explicitly added a permission for role Anonymous. When I undo this change again (via the undo tab), the users defined in the XUF can access folder 'y' again. Ciao, Fabian ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] User management messed up?
- Original Message - From: Fabian Scheler [EMAIL PROTECTED] To: zope@zope.org Sent: Tuesday, September 26, 2006 7:23 AM Subject: Re: [Zope] User management messed up? What version of XUF are you using? a pretty old one: exUserFolder-0-10-10 I'm using XUF under 2.9.x without any problems. well, I'm not even sure if XUF is causing the problems or maybe something else, that is the main reason for my post Also how did you add rights for Anonymous? Did you accidently remove permissions for Authenticated or other Roles? well in the security tab of folder 'y' I explicitly added a permission for role Anonymous. When I undo this change again (via the undo tab), the users defined in the XUF can access folder 'y' again. Turning on verbose-security (and setting the associated security-policy-implementation python) in zope.conf may provide some clues. Jonathan ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] User management messed up?
+---[ Fabian Scheler ]-- | Hello everybody, | | a few days we migrated from Zope 2.7.0 to Zope 2.9.0 (ok, the | up-to-date version is 2.9.4, but we had this version compiled some | time ago and now finaly migrated the DB), and now we are experiencing | problems with our user management. To migrate the DB I just exported | everything from the old zope instance and importet it again into the | new Zope Instance, Products and Extensions were just copied from the | old to the new instance. Everything, except user management, works | quite fine, only the Localizer-Product had to be replaced by a newer | version. | | We have a subfolder 'z' where we have an exUserFolder that imports | users from a MySQL DB, below this subfolder 'z' there is anotherfolder | 'y' (t.m. root/z/y), and the users in the exUserFolder in 'z' have | the rights to access the folder 'y'. When I now give an additional | right to 'Anonymous' within folder 'y', folder 'y' cannot be accessed | anymore by the users defined in the exUserFolder. | | Another problem is that creating User Folders and users within these | folders does not work properly any more, t.m. such folders and users | can be created but the particular user cannot login although they | should have proper permissions. | | I have no clue by what these problems are caused. I would be very | grateful if someone could give me a hint. Could this problem be | related to a wrong apache configuration? Is it possible that the DB | got messed up when I imported it into 2.9.0? Or may incompatibilities | of a special Product with 2.9.0 cause these troubles? What version of XUF are you using? I'm using XUF under 2.9.x without any problems. Also how did you add rights for Anonymous? Did you accidently remove permissions for Authenticated or other Roles? -- Andrew Milton [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] User management messed up?
Hello everybody, a few days we migrated from Zope 2.7.0 to Zope 2.9.0 (ok, the up-to-date version is 2.9.4, but we had this version compiled some time ago and now finaly migrated the DB), and now we are experiencing problems with our user management. To migrate the DB I just exported everything from the old zope instance and importet it again into the new Zope Instance, Products and Extensions were just copied from the old to the new instance. Everything, except user management, works quite fine, only the Localizer-Product had to be replaced by a newer version. We have a subfolder 'z' where we have an exUserFolder that imports users from a MySQL DB, below this subfolder 'z' there is anotherfolder 'y' (t.m. root/z/y), and the users in the exUserFolder in 'z' have the rights to access the folder 'y'. When I now give an additional right to 'Anonymous' within folder 'y', folder 'y' cannot be accessed anymore by the users defined in the exUserFolder. Another problem is that creating User Folders and users within these folders does not work properly any more, t.m. such folders and users can be created but the particular user cannot login although they should have proper permissions. I have no clue by what these problems are caused. I would be very grateful if someone could give me a hint. Could this problem be related to a wrong apache configuration? Is it possible that the DB got messed up when I imported it into 2.9.0? Or may incompatibilities of a special Product with 2.9.0 cause these troubles? Thanks in advance, Fabian ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Monkey Patching Grief with Zope 2.9.4
Hello Zope Listers We've been working on a Zope web app which has been built and running on Zope 2.7.0 for over 2 years now. Recently I've been trying to move it to Zope 2.9.4 but have encountered some severe difficulties with a couple (at least) of monkey patches that are essential to our app and which worked fine with the earlier version. Here's a synopsis of what I'm doing (PF2 is the code name of the app) # from AccessControl.User import SpecialUser class PF2SpecialUser( SpecialUser ): a pretend subclass of SpecialUser def PF2SpecialUser_allowed( self, object, object_roles=None ): reimplementation of allowed() for PF2 # if we're not anon, we must be superuser, so do the # normal SpecialUser.allowed() stuff (see patching below) if self.getUserName() != 'Anonymous User': return self.PF2Superuser_allowed( object, object_roles ) # else we're anonymous - do our special handling which #basically allows the anonymous role to be assigned #arbitrary perms at any point in the folder hierarchy # more code here - return True if anon user can access object # now the monkey patching - ooh ooh k ooh # save original method for use by superuser #(see PF2SpecialUser.PF2SpecialUser_allowed) PF2SpecialUser.PF2Superuser_allowed = SpecialUser.allowed # replace with our custom method SpecialUser.allowed = PF2SpecialUser.PF2SpecialUser_allowed # As I said, with 2.7.0 this all works fine and dandy, but with 2.9.4 I get this error when trying to access (say) a Page Tempplate as the anonymous user: unbound method PF2SpecialUser_allowed() must be called with PF2SpecialUser instance as first argument Investigating in more detail, I switched to the Python security implementation. As an experiment, based on research, I changed line 437 of AccessControl/ImplPython.py from... if self._authenticated and context.user.allowed(value, roles): to... if self._authenticated and \ context.user.allowed.im_func(context.user, value, roles): to sidestep the type checking of the self argument. This does indeed prevent the above error, but its not a good solution at all (its not in C), and I'm sure its incomplete - there are other places where allowed() gets called. Has anyone got any smart ideas as to how I can accomplish my goal with Zope 2.9.4 and with minimal changes to our code? If its necessary I'm happy for us to run with minor modifications to core zope (we already have one or two in place already). Also, if anyone can tell me exactly what it is that's caused this new behaviour then I'd be really grateful since I've not been able to figure it out myself. Thanks in advance for any help anyone can offer. Mark ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Monkey Patching Grief with Zope 2.9.4
Since Zope 2.8 you can no longer borrow methods from other classes like this. You have to borrow the function implementation. SpecialUser.allowed = PF2SpecialUser.PF2SpecialUser_allowed.im_func Stefan On 26. Sep 2006, at 16:33, Mark Wilson wrote: # now the monkey patching - ooh ooh k ooh # save original method for use by superuser #(see PF2SpecialUser.PF2SpecialUser_allowed) PF2SpecialUser.PF2Superuser_allowed = SpecialUser.allowed # replace with our custom method SpecialUser.allowed = PF2SpecialUser.PF2SpecialUser_allowed -- Anything that happens, happens. --Douglas Adams ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] User management messed up?
Fabian Scheler wrote at 2006-9-26 13:02 +0200: ... To migrate the DB I just exported everything from the old zope instance and importet it again into the new Zope Instance Usually, it is easier to just copy the Data.fs (rather than exporting, then importing). -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Monkey Patching Grief with Zope 2.9.4
Mark Wilson wrote at 2006-9-26 15:33 +0100: ... We've been working on a Zope web app which has been built and running on Zope 2.7.0 for over 2 years now. Recently I've been trying to move it to Zope 2.9.4 but have encountered some severe difficulties with a couple (at least) of monkey patches that are essential to our app and which worked fine with the earlier version. PF2SpecialUser.PF2Superuser_allowed = SpecialUser.allowed # replace with our custom method SpecialUser.allowed = PF2SpecialUser.PF2SpecialUser_allowed Add .im_func at the end of these lines. im_func strips the InstanceMethod wrapper and gives you the raw function (which unlike the InstanceMethod does not check the isinstance property for the wrong class). -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] issue with a ZODB database conflict error
I'm getting this error on trying to add a new file to a Plone site. Plone 2.1.3 Zope 2.8.7. The object I was trying to add was a PloneExFile.2006-09-26T19:25:52 INFO ZODB.Conflict database conflict error (oid 0x7b41, class Products.CMFPlone.Portal.PloneSite) at /VirtualHostBase/site/VirtualHostRoot/createObject (1 conflicts, of which 0 were unresolved, since startup at Tue Sep 26 15:15:40 2006)Any ideas? What happens is that on adding the file Zope just egg timers for ages and this appears in the logs. In the end a new file is added but that's only after many many minutes etc -- michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope-DB] Zope database connectivity
Maciej Wisniowski wrote at 2006-9-25 20:09 +0200: It uses a private ZODB extension to prevent _v_ attributes to be lost mid transaction (which can have nasty, partly non deterministic and very difficult to understand effects) and then calls connect. Does this mean that there is a bug in ZODB? Not strictly speaking in ZODB: The _v_ use for database connections is dangerous (and if you want buggy). It can lead to nasty, apparently non-deterministic effects. You may lose your database connection mid transaction and part of what you think is a transaction (i.e. atomical) can be lost. There are too ways to fix this problem: do not use _v_ attributes to maintain the database connection or extend the ZODB to allow more control over the lifetime of _v_ attributes. In our private copy of Zope, I went the second approach as _v_ attributes are essential for several other things (beside database connections) as well that suffer from the same deficiency. -- Dieter ___ Zope-DB mailing list Zope-DB@zope.org http://mail.zope.org/mailman/listinfo/zope-db