[Zope] Zope Calendar Product?
Hello friends, I have been away from Zope for a while. I have a Zope 2.9.3 installation (no CMS or Plone) for which someone has requested a Calendar application. From the Zope sites it is not clear whether any suitable product is available. Could anyone recommend something? Alternatively, might it be an idea to use a stand-alone Calendar application and plug it into an I-frame? Cliff ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope Calendar Product?
Thank you Giampiero, Your answer made me realise I had asked the wrong question. I am really looking for something to coordinate personal diaries for meetings and events. I know this is a big, complicated field that teams work on for years. Do I expect too much? Cliff Giampiero Benvenuti wrote: Hi there, I 'm using Calendar Tag. It does work fine for my needs: http://www.zope.org/Members/teyc/CalendarTag Ciao, Giampiero On Feb 22, 2008, at 6:20 AM, Cliff Ford wrote: Hello friends, I have been away from Zope for a while. I have a Zope 2.9.3 installation (no CMS or Plone) for which someone has requested a Calendar application. From the Zope sites it is not clear whether any suitable product is available. Could anyone recommend something? Alternatively, might it be an idea to use a stand-alone Calendar application and plug it into an I-frame? Cliff ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists -http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] insert_id with MySQL an Z SQL Method
Search the mailing list archives for July - there were several
contributions to this question. Roughly:
insert ...
dtml-var sql_delimiter
select LAST_INSERT_ID() as table_id_seq
Cliff
Ferhat Ayaz wrote:
Hi,
I have a Z SQL Method with an insert expression. To
the inserted row will be assigned an auto_increment
id. How can I get the last inserted id?
I tryed the following both commands in one Z SQL
method. Unfortunatly this produces an error.
insert into categories (parent_id,logo,active) values
(
dtml-sqlvar parent_id type=int,
dtml-sqlvar logo type=string,
dtml-sqlvar active type=int,
);
SELECT currval('table_id_seq');
Thanks for your helps
Greets,
Ferhat
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] autorefresh a web page every x minutes
This is Client-Pull web question, not Zope related. Here is an example of what needs to be in the head of the page: meta HTTP-EQUIV=Refresh CONTENT=5; URL=http://www.foo.com/foo.html; where 5 is seconds, so 300 would be 5 minutes, and the URL is the next url, leave out URL=http://www.foo.com/foo.html to refresh the same page. Cliff Alan wrote: Dears, Is there a way of doing a particular page template (ZPT) keeping reloading/refreshing itself every x minute? I hope so. Any help would be very appreciate. Many thinks in advance. Cheers, Alan ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZSQL Method Question
This is how it works for MySQL:
insert into org (org_name, org_phone) values ('x', 'y')
dtml-var sql_delimiter
select LAST_INSERT_ID() as org_id
You have to have the select LAST_INSERT_ID call in the same query as the
insert, and you have to have the sql_delimiter.
I assume you know that the x and y values should be sql-var ... types.
Cliff
Benjamin Menking wrote:
New to python/Zope, old-timer on PHP
I'm using MySQL and a ZSQL method to insert data into the database. ex:
insert into org (org_name, org_phone) values ('x', 'y')
What I'm trying to figure out is that org_id (also part of the org
table, but not specified in the sql statement) is an auto_increment
primary key field and in PHP I can use mysql_insert_id() to find out
what org_id was set to after the mysql_query() call.
Is there a way to retrieve that value with ZSQL method, or must I use
some other mechanism?
Thanks!
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZSQL Method Question
Comment on Peter's suggestion: I am no expert on these things, but it is
my understanding that for MySQL LAST_INSERT_ID() fetches the last
autoincrement value made by the current insert, so the outcome is not
affected by virtually simultaneous requests. And I don't think MySQL
accepts a value for the autoincrement key. I am a bit surprised that the
code you quote is reliable - surely there is a possibility of an insert
after calling GetNextID and before calling SQLInsert in the python code?
Comment on Tino's suggestion: I think that LAST_INSERT_ID() is MySQL
specific and I guess CURRVAL() is Postgres specific. But the principle
is the same: calling within the same Z SQL Method ought to be safe.
Anyway, I hope John has had is question answered.
Cliff
Tino Wildenhain wrote:
Peter Bengtsson wrote:
What if you have 1,000,000 requests/sec?
What if between the INSERT and the LAST_INSERT_ID() another INSERT is made?
I use PostgreSQL and with postgres you can always ask the sequence what
the next id is going to be. It goes something like this::
next_id = context.GetNextId()[0].next_id
context.SQLInsertUser(uid=next_id, name='Peter')
where 'GetNextId' is a ZSQL method that looks like this::
params/params
SELECT NEXTVAL('users_uid_seq') AS next_id
Its even easier:
one ZSQL Method:
INSERT INTO foo (foo_id,blah,bar) VALUES
(nextval('foo_foo_id_seq'),dtml-sqlvar blah ... );
SELECT CURRVAL('foo_foo_id_seq') as foo_id;
But your above solution is valid too.
Regards
Tino
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] acl_users in MySQL
Suggestion: have a look at exUserFolder. It has a MySQL Authentication Source. The minimum requirement is a table with Username, Password and Roles fields. Cliff Luiz Fernando B. Ribeiro wrote: Hello, I've been searching for a solution on how to integrate my actual database of users (in MySQL) with the Zope authentications machinery. I found some old instructions (2001) using LoginManager and zPatterns but I would like to hear from you about the alternatives. Currently I'm using my own authentication method but with this I'm loosing a lot of Zope features. Zope 2.9 MySQl 4.1 Using reverse proxy with Pound Any suggestions? Thanks in advance. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Internet Explorer does not follows redirect, while Firefox does
I have forgotten the exact details, but some time back I found it
necessary to pad out the body of the redirect page in order to make IE
perform as intended. It may have been for an older version of IE, and
the padding just needed to be a certain number of bytes. I think I came
across a later reference to the problem. Have you googled for info?
Padding follows.
Cliff
!--
Testing an unusual feature of IE
xx xx xxx xx xx x xx
xx xx xxx xx xx x xx
xx xx xxx xx xx x xx
xx xx xxx xx xx x xx
xx xx xxx xx xx x xx
xx xx xxx xx xx x xx
xx xx xxx xx xx x xx
xx xx xxx xx xx x xx
xx xx xxx xx xx x xx
xx xx xxx xx xx x xx
xx xx xxx xx xx x xx
--
Marco Bizzarri wrote:
Ok, I've been able to experiment. All my pages have the following in
the head section:
meta http-equiv=Cache-Control content=no-cache
meta http-equiv=Pragma content=no-cache
meta http-equiv=Expires content=Date.Now
meta http-equiv=Pragma-directive content=no-cache
meta http-equiv=cache-directive content=no-cache
Also, I added, before every redirect, the following:
request.get('RESPONSE').setHeader('pragma', 'no-cache')
Any suggestion?
On 5/31/06, Kees de Brabander [EMAIL PROTECTED] wrote:
Either
dtml-call RESPONSE.setHeader('pragma','no-cache')
or
dtml-call RESPONSE.setHeader('Expires',(_.DateTime()-1).rfc822())
or both in the head section of your page will do the trick.
cb
- Original Message -
From: Marco Bizzarri [EMAIL PROTECTED]
To: Zope Users Mailing List zope@zope.org
Sent: Wednesday, May 31, 2006 7:33 AM
Subject: [Zope] Internet Explorer does not follows redirect,while Firefox
does
Hi all.
I don't think this is a specific Zope problem. However, I'm
experiencing it in a Zope context, and this is why I'm here asking.
In a custom Zope application, we have a problem with Internet Explorer.
The application follows a page - submit - redirect - page cycle.
To state more clearly: the page presented to the user can have a link.
When the user clicks on the link, something is done, and eventually
the user is redirected to the same page which will display different
data based on the results of its previous click.
The problem is that when IE sees that the result page has the same URL
as the first page it does not reload the page and instead shows me
the cached version.
The problem is not shown with Firefox.
As far as I can understand, this is an HTTP header issue, but I would
like to know if anyone already has experienced this problem, and has
some solution about it.
Regards
Marco
--
Marco Bizzarri
http://notenotturne.blogspot.com/
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] REMOTE_USER Security Issue
This is just to report that this issue is resolved (for me). Tres Seaver
kindly provided a patch for HTTPRequest.py that makes the environ
dictionary immutable (appended below for those in a similar position).
This may have adverse consequences for applications that rely on
existing behaviour and Tres has recommended that it would be better to
harden the User Folder code. In our case we might also be able to
encrypt the remote Username. Once again, thanks to Tres and other list
members, who are a wonderful resource.
Cliff
Cliff Ford wrote:
My people want to adopt a single sign-on system for web applications
that is based on the REMOTE_USER environment variable. I have tried out
RemoteUserFolder and also adapted exUserFolder to work similarly.
My problem is that I figured out how a user who has permission to create
python scripts (might work with dtml and page templates too) could
access otherwise forbidden content by making calls that pretend to come
from another user. Has any one else come across this problem and devised
a solution, either in software or organisation?
Problem verified with Zope 2.9.2 and latest RemoteUserFolder.
Cliff
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
The Patch:
Index: lib/python/ZPublisher/HTTPRequest.py
===
--- lib/python/ZPublisher/HTTPRequest.py(revision 68139)
+++ lib/python/ZPublisher/HTTPRequest.py(working copy)
@@ -63,6 +63,16 @@
class NestedLoopExit( Exception ):
pass
+class ReadOnlyDict(dict):
+def __setitem__(self, key, value):
+raise TypeError, 'Immutable'
+def __delitem__(self, key):
+raise TypeError, 'Immutable'
+def update(self, other):
+raise TypeError, 'Immutable'
+def clear(self):
+raise TypeError, 'Immutable'
+
class HTTPRequest(BaseRequest):
\
Model HTTP request data.
@@ -252,7 +262,7 @@
del environ['HTTP_AUTHORIZATION']
self.stdin=stdin
-self.environ=environ
+self.environ=ReadOnlyDict(environ)
have_env=environ.has_key
get_env=environ.get
self.response=response
Index: lib/python/ZPublisher/tests/testHTTPRequest.py
===
--- lib/python/ZPublisher/tests/testHTTPRequest.py (revision 68139)
+++ lib/python/ZPublisher/tests/testHTTPRequest.py (working copy)
@@ -684,7 +684,23 @@
req.close()
self.assertEqual(start_count, sys.getrefcount(s)) # The test
+def test_environ_is_immutable(self):
+from StringIO import StringIO
+s = StringIO(TEST_FILE_DATA)
+env = TEST_ENVIRON.copy()
+env['to_replace'] = 'to_replace'
+env['to_remove'] = 'to_remove'
+from ZPublisher.HTTPRequest import HTTPRequest
+req = HTTPRequest(s, env, None)
+self.assertRaises(TypeError, req.environ.__setitem__,
+'hacked', 'hacked')
+self.assertRaises(TypeError, req.environ.__setitem__,
+'to_replace', 'replaced')
+self.assertRaises(TypeError, req.environ.__delitem__, 'to_remove')
+self.assertRaises(TypeError, req.environ.update, {'hacked':
'hacked'})
+self.assertRaises(TypeError, req.environ.clear)
+
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(AuthCredentialsTestsa, 'test'))
Index: lib/python/OFS/tests/testRanges.py
===
--- lib/python/OFS/tests/testRanges.py (revision 68139)
+++ lib/python/OFS/tests/testRanges.py (working copy)
@@ -59,6 +59,9 @@
r['Application'] = a
self.root = a
self.app = makerequest(self.root, stdout=self.responseOut)
+# 'environ' is now immutable, so replace it to allow scribbling
+# in tests
+self.app.REQUEST.environ = dict(self.app.REQUEST.environ)
try: self.app._delObject(TESTFOLDER_NAME)
except AttributeError: pass
manage_addFolder(self.app, TESTFOLDER_NAME)
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: REMOTE_USER Security Issue
I have done some more testing, and despite being told that request.environ['REMOTE_USER'] is not hackable I have hacked it and can use the hack to get at otherwise forbidden content. For testing I have set REMOTE_USER in the zope.conf cgi-environment variable, so I can quickly change from being one user to another. I have read the RemoteUserFolder source code - that is what led me to the hack. The hack allows a user who can write a python script in his own folder to use it to hack the entire site. So I still wonder if anyone who is ising the REMOTE_USER environment variable is aware of a problem and has a solution. Cliff Tres Seaver wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cliff Ford wrote: My people want to adopt a single sign-on system for web applications that is based on the REMOTE_USER environment variable. I have tried out RemoteUserFolder and also adapted exUserFolder to work similarly. My problem is that I figured out how a user who has permission to create python scripts (might work with dtml and page templates too) could access otherwise forbidden content by making calls that pretend to come from another user. Has any one else come across this problem and devised a solution, either in software or organisation? Problem verified with Zope 2.9.2 and latest RemoteUserFolder User folders who care need to look at the request's 'environ' dict, e.g.:: remote_user = request.environ['REMOTE_USER'] # not hackable rather than the default one where untrusted code can scribble:: remote_user = request['REMOTE_USER'] # hackable Tres. - -- === Tres Seaver +1 202-558-7113 [EMAIL PROTECTED] Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEaMVi+gerLs4ltQ4RAqUIAJsHpcPQTX7jv+db+DRG9TApaIImVQCgqCZn lPXu2KJoCLtTOSTyUJTIJ24= =3r0r -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: REMOTE_USER Security Issue
Hmmm, it was request.environ['REMOTE_USER'] that I found a way to hack. However, your comment has caused me to realise that when not logged in, Apache is not setting the REMOTE_USER environment variable, so a script can set it (in environ). So if I get the Apache boss to set REMOTE_USER to None that should fix it? Subtle. Thanks for making me think. Cliff Tres Seaver wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cliff Ford wrote: My people want to adopt a single sign-on system for web applications that is based on the REMOTE_USER environment variable. I have tried out RemoteUserFolder and also adapted exUserFolder to work similarly. My problem is that I figured out how a user who has permission to create python scripts (might work with dtml and page templates too) could access otherwise forbidden content by making calls that pretend to come from another user. Has any one else come across this problem and devised a solution, either in software or organisation? Problem verified with Zope 2.9.2 and latest RemoteUserFolder User folders who care need to look at the request's 'environ' dict, e.g.:: remote_user = request.environ['REMOTE_USER'] # not hackable rather than the default one where untrusted code can scribble:: remote_user = request['REMOTE_USER'] # hackable Tres. - -- === Tres Seaver +1 202-558-7113 [EMAIL PROTECTED] Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEaMVi+gerLs4ltQ4RAqUIAJsHpcPQTX7jv+db+DRG9TApaIImVQCgqCZn lPXu2KJoCLtTOSTyUJTIJ24= =3r0r -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] [ANN] Zope 2.9.3 released
Not so long ago I installed Zope-2.9.2 and as I remember it all worked fine. This morning, with Zope-2.9.3 I get this: bash Zope-2.9.3: make /usr/local/bin/python install.py -q build Dependencies/AccessControl-Zope-2.9.3/AccessControl/cAccessControl.c: In function ‘module_aq_validate’: Dependencies/AccessControl-Zope-2.9.3/AccessControl/cAccessControl.c:2155: warning: ‘obj’ may be used uninitialized in this function Dependencies/AccessControl-Zope-2.9.3/AccessControl/cAccessControl.c:2155: warning: ‘name’ may be used uninitialized in this function Dependencies/AccessControl-Zope-2.9.3/AccessControl/cAccessControl.c:2155: warning: ‘v’ may be used uninitialized in this function Dependencies/AccessControl-Zope-2.9.3/AccessControl/cAccessControl.c:2155: warning: ‘inst’ may be used uninitialized in this function Dependencies/AccessControl-Zope-2.9.3/AccessControl/cAccessControl.c:2155: warning: ‘validate’ may be used uninitialized in this function bash Zope-2.9.3: Which I thought meant it did not work. This is with Fedora Core 5 and Python 2.4.3. I went through the whole process again (this time specifying the install folder) and did not get any warnings or OK messages: bash Zope-2.9.3: ./configure /usr/local/Zope-2.9.3 bash Zope-2.9.3: make /usr/local/bin/python install.py -q build bash Zope-2.9.3: make install /usr/local/bin/python install.py -q build /usr/local/bin/python install.py -q install --skip-build --home /usr/local/Zope-2.9.3 bash Zope-2.9.3: The installation seems to work? Should I worry about the Dependencies messages? Cliff Andreas Jung wrote: From: Andreas Jung [EMAIL PROTECTED] Hi all, on behalf of Zope Corporation and the Zope community I am pleased to announce the release of Zope 2.9.3. You can download it from http://www.zope.org/Products/Zope/2.9.3/ Some new features of Zope 2.9: - ZODB 3.6 - Five 1.3 - integration for Zope 3 events for object creation and deletion - Zope 3 i18n integration for page templates For more information on what is new in this release, see the CHANGES.txt files for the release: http://www.zope.org/Products/Zope/2.9.3/CHANGES.txt Please bring all the bugs you have found to the Zope bugtracker: http://collector.zope.org/Zope:http://collector.zope.org/Zope For more information on the available Zope releases, guidance for selecting the right distribution and installation instructions, please see: http://www.plope.com/Books/2_7Edition/InstallingZope.stx Support Python versions: Zope 2.9 requires Python 2.4.3 (Python 2.4.1, 2.4.2 are still acceptable). Older Python versions are no longer supported. Thanks to all being involved in this release. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] REMOTE_USER Security Issue
My people want to adopt a single sign-on system for web applications that is based on the REMOTE_USER environment variable. I have tried out RemoteUserFolder and also adapted exUserFolder to work similarly. My problem is that I figured out how a user who has permission to create python scripts (might work with dtml and page templates too) could access otherwise forbidden content by making calls that pretend to come from another user. Has any one else come across this problem and devised a solution, either in software or organisation? Problem verified with Zope 2.9.2 and latest RemoteUserFolder. Cliff ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] strange behaviour:can not access source-view.gif but a copy of it
Your second example below never terminates for me, and neither does http://www.ersigen.ch/garbage/view-source.gif I have seen hanging with malformed apache rewrite rules involving http/https protocols. I would check the Apache rewrite rules. Cliff robert rottermann wrote: thanks for the answer. what I meant is that I only can access the trough its normal url (using apache) www.ersigen.ch/view-source.gif never terminates, whereas www.ersigen.ch/ersiweb/ersiweb/view-source.gif immediately returns correctly (/ersiweb/ersiweb is where apache redirects to). www.ersigen.ch/copy_of_view-source.gif works fine also. this is using a copy of the same image. This Problem we do have on a number of sites (running different versions of plone, on different machines). thanks again robert Dieter Maurer wrote: robert rottermann wrote at 2006-5-2 07:18 +0200: ... in a plone site (but I see nothing plone related with my problem) I can not access an image with the id view-source.gif (it is used by kupu). What does cannot access mean precisely? Try wget -S url_to_view-source.gif and see (report) what happens. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] LAST INSERT ID driving me crazy
This is how it works for MySQL: insert into table_name ( ItemID, ItemDate, etc ) values ( dtml-sqlvar ItemID type=int, dtml-sqlvar ItemDate type=string, etc ) dtml-var sql_delimiter select LAST_INSERT_ID() as BaptismID You have to have the select LAST_INSERT_ID call in the same query as the insert, and you have to have the sql_delimiter. I have a vague recollection that LAST_INSERT_ID is MySQL specific. Cliff Alric Aneron wrote: Hi guys, HOW HOW HOW HOW!!! Do I get at the last_insert_id() function, this is driving me absolutely crazy!! Zope docs say use select last_insert_id() but it doesn't work, gives me an error about bad SQL syntax around LIMIT 1000. I tried googling it, I tried searching through other docs. And it just won't do it! I would like to make a separate ZSQL Method that will return to me the last insert id. Any help would be appreciated. Thank you. - Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] filtering results
This is my implementation of an external method that calls HTML Tidy. I
hope it is of some use.
This is a fragment of a form processing script that calls an External
Method, passing the body content of a html page:
if request.submit == 'Tidy':
(messages, buffer) = context.calltidy(body)
request.set('messages', messages)
request.set('body', buffer)
return
The body and any HTML Tidy messages are passed back to the form for
display. The external method module name is caltidy and the function
name is tidy.
This is the external method that calls HTML Tidy. It prepends a suitable
head and appends a suitable tail to the body (shich happens to be part
of a table) to make a valid html document, then chops them off the
result for return to the caller:
# call htmltidy
import os
import string
# path to executable
#exe = '/usr/local/zopeinst/Extensions/htmltidy/tidy'
exe = '/disk/home/www/zopeinst/Extensions/htmltidy/tidy'
# path to HTML Tidy configuration file
#config = '/usr/local/zopeinst/Extensions/htmltidy/config.txt'
config = '/disk/home/www/zopeinst/Extensions/htmltidy/config.txt'
errors = ''
#
dummyhead =
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN
http://www.w3.org/TR/html4/loose.dtd;
html lang=en
head
meta http-equiv=Content-Type content=text/html; charset=iso-8859-1
titleTesting/title
/head
body
table summary=dummy tabletrtd
!-- dummyhead --
dummytail =
!-- dummytail --
/td/tr/table
/body
/html
.
parsefailed =
Tidy has not changed the source. This will happen if the input
contains any tags not recognised by the html specification. Do
not use Tidy on pages containing dtml! Correct only the errors
listed below and then run Tidy again. Tidy will convert font tags
to style classes, which will be ignored unless you create a local
style sheet. Tidy will also correct many other faults that lead
to the warnings below. The first line of your text is line 11.
def tidy(input):
combo = dummyhead + input + dummytail
command = %s -config %s 21 .\n%s % (exe, config, combo)
buffer = ''
# get results from tidy into buffer
for line in os.popen(command).readlines():
buffer += line
# if anything goes wrong with the tidy call the line count is zero
try:
# chop the dummy head
(head, buffer) = string.split(buffer, '!-- dummyhead --')
# keep the warnings part of the head
(head, tail) = string.split(head, '!DOCTYPE')
# and chop the dummy tail
(buffer, tail) = string.split(buffer, '!-- dummytail --')
return (head, buffer)
except:
return (parsefailed + buffer, input)
Cliff
gf wrote:
Hi,
I am a Zope newbie. I apologize if the terminology I use below is not
correct, but I hope that you get the gist of what I am about to ask.
I would like to be able to 'filter' results before returning them to
the user. In other words, if a user requests a given object, it is
passed through a filter before being passed on to him or her. As a
simple example, I may want to tidy the html before the user sees it,
or eliminate or add certain tags or words.
I have put together a simple 'html tidy' external method that takes
raw html and produces a tidied version, but I don't know how I can
apply it.
Thank you for any comments, suggestions, or simple examples you may be
able to provide.
Best Regards,
gyro
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] newbie Simple WebSite Construction Using Zope and Search
Hello Matt, I did something similar a few years ago when we had to merge a number of web-sites, and needed to enable content providers who could not be expected to cope with much more than heading and paragraph tags. The users are very pleased with the site functionality - but the implementation displays my then inexperience with Python and Zope, so could not be packaged for others to use. So I have been working on a Zope 3 implementation, which I hope to make available within a couple of weeks. You can have a look at the Zope 2 site I created (for whatever reason I did not what to use CMS or Plone): http://www.geos.ed.ac.uk/ And this is a screen grab of the Zope 3 package with similar functionality as it stands at the moment: http://www.geos.ed.ac.uk/homes/ceford/zope3/ So I can't answer your questions directly, but: My Zope 2 site used a lot of dtml documents as page components. In Zope 3 I have only used Page Templates. In my Zope 2 site searches also find dtml documents, so I provide a custom display that puts in links to the pages that put the dtml in the right context. E.g. if a search finds a dtml document called page.bdy the link displayed is page.html. Best regards Cliff Ford Matt Slavin wrote: Hi, I am trying to use Zope to create a very simple company website (about 40 pages, or so) with the intention of having the flexibility to expand functionality etc in due course. I have very little Python / DTML experience, but have managed to set up the site using includes on the main index page and then use aquisition to provide the content within each section. I'm not sure if this is a safe - or correct way of going about it, but it seems ideal for our purposes. The navigational menus dynamically include a link to each sub folder - ie website/services/ - and navigating to a section, index_html is automatically shown. The mainContent variable is then dynamically placed into index_html. (So there are separate mainContent dtmlDocuments in About Us, Services etc..) This means we can keep the content completely separate, and do not have to include headers, footers and other includes within the mainContent variable. Brilliant. However, when using the search script - http://www.zope.org/Members/Ioan/SiteSearch - results return a link back to the dtml_Document file mainContent, which gets displayed without any of the header of footer information. Is there any way to render the page with header and footer info? (By, I guess, redirecting the page to the containing folder, so that it pulls out index_html instead...) Any thoughts on this would be gratefully received - as I'm not sure this is the best way of using Zope, but it seems so much better than using plain old included variables. kind regards, Matt - Yahoo! Cars NEW - sell your car and browse thousands of new and used cars online search now - ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope-DB] Retrieving Data from Z SQL in Python
Christer Fernstrom wrote: Hello, I have a very simple Z SQL method that works fine when I test run it. But when I call it from a Python script (see below) and attempt to print the result, I get the following error: Error Type: TypeError Error Value: cannot concatenate 'str' and 'ImplicitAcquirerWrapper' objects -- Python script - # Import a standard function, and get the HTML request and response objects. ##from Products.PythonScripts.standard import html_quote request = container.REQUEST RESPONSE = request.RESPONSE data = context.getChunk1() for data_row in data: print data-row=+data_row return printed You need to iterate over the columns in the row: data = context.getChunk1() for data_row in data: print data-row= for item in data_row: print item + ' ' return printed It is more normal to fetch one result row at a time: for data_row in context.getChunk1(): # and handle the results by column name print data_row.FirstName print ' ' print data_row.Surname ... return printed HTH Cliff ___ Zope-DB mailing list Zope-DB@zope.org http://mail.zope.org/mailman/listinfo/zope-db
Re: [Zope] Adding zclass inside folder with python
A couple of lines at the bottom show one way to create a folder and an
object inside that folder...
Anthu Nguyen wrote:
Hi,
I've tried everything I can think of and am probably missing something
obvious - help...
I'm trying to (1) Create a folder, then (2) Add a new zclass inside that
folder.
Instead, the zclass is being added in the same space as the folder:
- What I want:
New Folder
New ZClass
- What's happening:
New Folder
New ZClass
===
The code that doesn't work:
request = context.REQUEST
pbuildid = request.pbuildid
# Add a new folder with id=pbuildid
context.manage_addFolder(id=pbuildid)
# Add a new instance of the ZClass inside new folder
instance = context.pbuild.createInObjectManager(request['id'], request)
instance.propertysheets.pbuild_properties.manage_editProperties(request)
context.manage_addProduct['OFSP'].manage_addFolder(REQUEST.Filename,
REQUEST.Title)
# create an index_html DTML document
context[REQUEST.Filename].manage_addProduct['OFSP'].manage_addDTMLMethod('index_html',
title=, file=Initial content)
HTH
Cliff
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] problems rendering objects stored in the local file system
You have at least two choices: 1. Use apache and don't fetch index.html and the images through zope. Most installations use apache in front of zope, so this is just a matter of rewrite rules. 2. Use an External Method and make each image src attribute a function call, passing the image url as a paramter, for example: img src=fetchimage?from=some/place/in/your/file/system... If you do that, make sure you include code to check that a malicious user cannot fetch any file from your file system. There have been some recent (this year) posts of example code you can google for. Cliff Dennis Allison wrote: I am having trouble figuring out how to get Zope to access and render html and images files properly in the following context: In the local file system (that is, the Linux file system to be explicit) I have a collection of directories each containing an index.html file consisting of HTML and a collection of image files (*.jpg, *.gif, *.swf) referenced by the HTML. From a DTML object in the ZODB, I want to render the index.html and have it properly access the local image files. Calling the file index.html may be a bad name choice because it may be interpreted especially. In fact, what I really would like to be able to do is to reference all files relatively and allow internal directories and the like. We've been using the LocalFS product, mostly with great success, but this has got me stumped. Any suggestions? hints? pointers? ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Adding Carriage return/line feed to a text field
If you are using a textarea field for input you could also use a text area field for display, useful if the input might contain html tags. Therwise wrap the display in pre tags. Cliff MCDONNELL, LARRY wrote: Hi, I have a form that the field length for that element is set to 65k in the database. Using a textbox, the person can enter their information. I now want to view the text. I can again use a text box but what I want to do is this - dtml-var mytext If I use this format, the text is one line. Are there arguments or a script that will add carriage return/line feed after you set the parameters? Thanks, Larry McDonnell Coordinator of Educational Technology New Haven Public Schools 54 Meadow Street New Haven, CT 06519 [EMAIL PROTECTED] (203) 946-2440 ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] [Zope/DTML] accessing PARENTS url with dtml tag ???
Try this construction: dtml-with expr=aq_parentObject: dtml-var title_or_id url: dtml-var absolute_url/dtml-with Cliff [EMAIL PROTECTED] wrote: I have found a similar problem at this url: http://mail.zope.org/pipermail/zope/2000-August/115809.html I want to do the same a Kapil, but in DTML. I tried different solutions: 1)dtml-with PARENTS[0]dtml-var absolute_url/dtml-with 2)dtml-var PARENTS[0].absolute_url() but I still have the problem. I wannt to display (in DTML) the absolute URL of the parent, but it doesn't work: it displays the absolute url of the CURRENT object. could you help me to find the solution please? thanks (and excuse for my lack in english) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] newbie:cookie expiry problem
prabuddha ray wrote:
This may be very silly plz help
I gave this cookie expiry statement in a python script:
RESPONSE.expireCookie('login')
return context.REQUEST.RESPONSE.redirect('index_html')
but when i checked the cookie values in request page, it wasn't removed.
the last redirect still worked.
when i put an if like this :
if (RESPONSE.expireCookie('login'))
return context.REQUEST.RESPONSE.redirect('index_html')
redirect didn't work. where am i wrong?
all the files are in same folder
I set a cookie to indicate a user is in Edit mode. The script that
unsets Edit mode looks like this:
RESPONSE.expireCookie('editMode', path='/')
RESPONSE.redirect(REQUEST.HTTP_REFERER)
Logout is different in my case because the cookie is set by
exUserFolder. I put this in the logout script:
context.acl_users.logout(context.REQUEST)
I have no idea (now) why it works.
HTH
Cliff
Nice short question!
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZPT list is dead... zpt nav question
Your code works OK for me - I see a list of links: URL URL URL URL URL and each one links to a folder only. You did not say what was wrong with your output. Were you forgetting to set tal:content to the title of the listed folder to appear in place of URL: span tal:repeat=item here/objectValues a href= tal:content=item/title_or_id tal:condition=python:item.meta_type=='Folder' tal:attributes=href item/absolute_urlURL/a /span Cliff Norbert Ray-Goldman wrote: so I am posting this here. I would like my zpt to list only folders in a director - essentially filtering out all other meta_type(s)... can you tell me where I am going wrong with the filtering here ? html head title tal:content=template/titleThe title/title /head body span a href=HOME_URL tal:attributes=href container/absolute_url tal:content=container/title_or_idTITLE OR ID/a span tal:repeat=item here/objectValues a href= tal:attributes=href item/absolute_url tal:condition=python:item.meta_type=='Folder'URL/a /span /span /body /html ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] developer docs
Milos Prudek wrote: What are the best documents for creating Zope products? I know Zope Book very well and I write TTW scripts. I need to convert a bunch of ZClasses into Products. ZDG seems very outdated. Should I start with mxmEasyProduct and then read ZDG? Is there a book available in bookshops that is better than ZDG and contains all required information for building products? I don't know about best documents! There is a minimal Product How To: http://www.zope.org/Members/maxm/HowTo/minimal_01/ Faced with the same problem (conversion of ZClasses to file system Products), I decided to have a look at Zope3X. There are a couple of good new books with worked examples - but as soon as I stepped off the guided path I found myself struggling. Still, I think I can see how to go from 2.7 to 3 and not bother with ZClasses. Cliff ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope/python: downloading images from the web and add them to Zope]
[EMAIL PROTECTED] wrote: I would like to know how to add image file from an URL. I created a form with to pissibilities: add an image from a local file , and a image from an url You can get an image from a url with an External Method: # Get an image using the original url. import urllib def getImage(url): f = urllib.urlopen(url) data = f.read() f.close() return data Hope this is enough to put you on track. Cliff here is my form: input type=radio name=sourcePicture checked onClick=lock_option() value=file get from disk: input type=file name=pict_file size=40 accept=image maxlength=50 br input type=radio name=sourcePicture onClick=lock_option() value=internet get from the internetinput type=text name=pict_internet size=40 value=http://www.monsite.fr/monimage.jpg; disabled=disabled This form call a python script: if REQUEST.sourcePict==file: pathImgs.manage_addProduct['OFSP'].manage_addImage(pict_+id, REQUEST.pict_file, title=pictogramme metier, precondition=, content_type=) else: pathImgs.manage_addProduct['OFSP'].manage_addImage(pict_+id, REQUEST.pict_internet, title=pictogramme metier, precondition=, content_type=) With a locl file it works (case sourcePict=file), but when I want to add images from an url, it doesn't work. I suppose that the second parameter of manage_addImage must be a file type.In the first case, it works , but in the second, the parameter passed is a string (complete url of the image). so how to do? thanks for your answers and excuse me for the lack in English (I'm french) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Set MIME type using ZPT
srikanth wrote:
Hi,
I tried this one. But the html page takes the parameter as a string
but doenst
Execute the pyhton function. I got all the functions (External methods)
all set.
The img tag I used is:
span tal:define=imagename result/filenameImg
src=loadImage?filename=imagename/span
Have a look at the generated html source. You have not said wither the
probem is a mal-formed image tag, or the image tag failing to fetch the
image.
Also, pay attention to Tino's comments on seurity. I only ever use a
Serial Number, not Filename - that comes from a database.
Don't forget that image tags should have width, height and alt attributes.
Cliff
Because I am getting the filename from the resultset.
Once again thanks for all your time and patience.
Any help would be gr8.
Ta.
Srikanth.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Cliff Ford
Sent: Monday, April 04, 2005 11:15 PM
Cc: zope@zope.org
Subject: Re: [Zope] Set MIME type using ZPT
srikanth wrote:
Hi,
I am using an external method to load an Image from the harddrive.
The external method is as follows:
from email.MIMEImage import MIMEImage
##parameters=filename
def getDocument(filename):
fname = '/mnt/'+filename;
input = open(fname,'r')
content = MIMEImage( input.read( ) )
input.close( )
return content
When I try to display the content in the webpage what I actually got
is all raw data of the file rather the image. So how can I convert the
raw data to be dispalyed as image in the webpage. I am using ZPT to
display the web page (image). If its dtml I could have used
dtml-mime tag is there any equivalent to that in ZPT.
Any suggestion would be a gr8 help.
It is not clear exactly how you are using the Page Template. Typically
the page would have an img tag that calls a python script that calls the
External Method. Remember the web browser fetches the image separately
after the html has been received - so your img tag might look like this:
img src=getImage?filename=whatever ... and your getImage python
script would look like this:
(type, encoding) = context.getMimeType(context.REQUEST.filename)
context.REQUEST.RESPONSE.setHeader('Content-Type', type)
context.REQUEST.RESPONSE.setHeader('Content-Disposition', 'inline;
return context.getDocumentCall(context.REQUEST.filename)
where getDocumentCall is the name of your External Method that calls the
getDocument External Method and getMimeType is another External Method
that looks like this:
import mimetypes
def getMimeType(filename):
return mimetypes.guess_type(filename)
and your own external method would look like this:
##parameters=filename
def getDocument(filename):
fname = '/mnt/'+filename;
input = open(fname,'r')
content = input.read( )
input.close( )
return content
At the moment you seem to have skipped a step.
HTH
Cliff
Ta.
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] segregated users
It is possible, I have done something similar. My solution involves giving users a Local Role in a folder to which access is to be granted. I built a small utility (with ZClasses - doh) to make it easy for the Administrators to add users from a database. Cliff Tim Evans wrote: I apologize if this issue is something that has been discussed before, but I searched the archives to no avail. I'm evaluating zope for a project, and I have some questions regarding the extensibility of the user security model. The company I work for would like to provide documents to clients via the web, and only allow one particular client (or group of users from the same client) access to those documents. I don't want any user to be able to detect the presence of any other user. I essentially want several sites, one for each client, with a group of administrative users responsible for maintaining these sites and publishing content to all of them. What this would require is a group of administrators that can see all sites, as well as restricted users with privileges to exactly one site. I'd also like to avoid having a role for each site, as that could get ugly for almost 1000 clients. It would also be great if we could designate a user to administer only one site, so that they could only publish data to one client. I guess I want zope-level users and application-level users. Is this something that sane people do? I don't really need a step-by-step, just a yes, that is possible or a no, you're an idiot before I start digging in to try and do it. Tim ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: login page problem
I am not sure I have much to add. I have been concerned about your product architecture and unusual login procedure, but that is really non of my business. Some of what you say below is inconsistent: One problem that concerns next query is that it took only one table for user details whereas i had one more table for district. ... userdetail table is linked using this district code. From this, and what you said previously, I presume you have login working but for only the half of the users in one of the two User tables. I already suggested alternative ways of handling this. If your folders are going to be Districts consider giving users who need to fill out forms in one District a Local Role in that District, and users who need access to many districts a Local Role in the Districts parent folder. This correspondence is too long for anyone else to follow. Next time, may I suggest come back to the list with a new question in a new thread. Cliff prabuddha ray wrote: HI Cliff, I was hoping another reply eagerly. hope you dint give up on me. I've got some clarifications given below. On Mon, 04 Apr 2005 16:08:50 +0100, Cliff Ford [EMAIL PROTECTED] wrote: I am abstracting bits of your email below in case anyone else wants to join in. If you are going to use Plone I can't offer advice - I have looked at Plone on three separate occasions, and recently read The Definitive Guide to Plone, and have stil decided not to use it. I only say this to make it clear that many applications are built without CMS and Plone. I had no idea about this. i knew that zope acts as a app server and plone is the front end tool. In fact I'm building the store's site as a plone site in zope. As a matter of fact i've not done much specific in plone . just built 2 tabpanes. I configured the exUserFolder using the mysql database and as expected it built up a seperate login system. so i believe it'll work on itself without plone. One problem that concerns next query is that it took only one table for user details whereas i had one more table for district. Two separate tables with User information is awkward! The user folders I know of expect user information to come from one source. So you either have to create two folders, each with its own acl_users (provided by one of the User Folder Products), or you have to hack the User Folder product to put in a Union select statement in place of a simple Select. d quarters. let me explain the login page flow. a dropdown list of districts is available on load. on selecting a district the page reloads and the available users are listed in 2nd dropdown list. after selecting the user the password is to be given. So that way i need both the 'district' and the 'userdetail' table. actually the district table has district code ,name and other stores related nfo. userdetail table is linked using this district code. You have not said whether the people in the different districts do completely different things with different forms, or identical things but specifying the district. If the former then it is no big deal to create the folders manually, although it can be done programmtically. You could set a Local Role equal to the district name and get that role for users from the database. That way, users can only enter their own district folder. If the latter, then you could retrieve the Username and District from the User object for use in the forms (include the District as a role). users are of different level like store-in-charge, sys mgmt group, vendors and normal users. they are in all the districts. so depending on the user level diffrent set of menu page are to be generated ie. users of same level in diferent districts do same thing. In earlier ASP version I handled this in the login page handler ASP page and wanted to use the same logic here. district shouldn't be the user role , 'userlevel' will act as user role here. but the folders would be districtwise, I suppose. honestly I'm little bogged out by the exuserFolder feature, its using Dtml all the way and I'm sticking to ZPTs and script pythons. Try working on the rest of your application to build up ZPT and Python experience. As I said, managing users is tricky. Also, be aware that Zope experts advise developers to produce file system based Products. There are lots of simple Products that you can use and browse the code to see how they work. Cliff I completely understand this. but the problem remains the same . how do i customise these products acccording to my needs. hope this helps you in helping me. waiting for your reply. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: login page problem
I have been trying to think of ways of providing specific pointers, So,
assuming you have a custom login page and a custom python script that
processes that page:
In the Python script you could set a cookie for the District:
context.REQUEST.RESPONSE.setCookie('District', district)
where district is the name of the District field in the form. The
District parameter is then always available to your page templates and
scripts in the REQUEST object.
At the end of your login script you would typically redirect to some
specific page like this:
return context.REQUEST.RESPONSE.redirect('aURL')
in exUserFolder you don't have to do anything else - the login works by
magic, which is very confusing.
Now for the problems:
If the login is wrong the system will call /standard_error_message, so
you have to customise that to send the user back to the login form with
a Login failed message.
If the user bookmarks a protected page and tries to jump to it without
being logged in, the system will call the login sequence starting in
acl_users, so you have to customise that to call your own login page.
After the user has logged in, whenever you need to get the Username you
would typically use a python script like this:
from AccessControl import getSecurityManager
return getSecurityManager().getUser().getUserName()
HTH
Cliff
prabuddha ray wrote:
Its been very kind of u all to be critical about a newbie like me.
I'll definitely lookout for those ettiquetes.
My python script error got solved as i missed the silly ' ' in the
response.redirect statemnet.
I set the user and pwd request vars in sesson var.
Tried cookie crumbler and MysqlUserFolder and UserFolder also but they
all need to changed much and my requirements are diffrent.
I'm building a trial govt. site for stores management which was built
previously in ASP.
The login page takes the districtname , username and passwd .
according to the type of user different menus are displayed.
For this i need to have the districtname , username and passwd
carried on throughout the session.
my current requirement is to pass the session vars through the python
script which is the action of the login form.
I've gone through the zopebook but dint find much help there.
can u plz tell me where do i get to know about pythopn scripting done
in zope n ZPT examples.
i'm really sorry for my erronous language. please dont overlook theese
humble requests.
On Fri, 1 Apr 2005 23:07:38 +0200, Dieter Maurer [EMAIL PROTECTED] wrote:
prabuddha ray wrote at 2005-3-30 23:50 -0800:
...
now my problem how n where do i check d pwd n redirect to the next zpt
or the previous one if its wrong.
Apparently, you need some background reading...
Especially, you need to understand that HTTP is a stateless
protocol and *EACH* request must somehow perform its own
authentication. That's why usually login information is
(somehow) coded in a cookie.
You really should follow the advice to look at an existing
UserFolder (they are responsible for authentication).
You may need to adapt/extend an existing UserFolder.
--
Dieter
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: login page problem
Customisation of the login sequence is quite difficult for Newbies because there are lots of different ways to approach the problem - you have already tried some. I suspect that trying to match what was done in PHP may be part of your problem. It would be helpful to know if your lists of users are coming from one source, like a database table, or multiple sources, like multiple tables or different databases, and whether users are unique in each district. From there you decide your zope folder structure. It could be like this: site_home |__acl_users |__district1 |__district2 or like this: site_home |__district1 ||__acl_users |__district2 ||__acl_users In the second case you would not have to worry about asking the user for the district name. In the first case you would get a district name or a user defined role for that district from a supplementary data source, like a database. A combination of exUserFolder and MySQL would do. You can get information on the logged in user (Username and Roles) from the User object, so you don't need to expicitly use sessions at this stage. You should certainly not store passwords - that would be a serious breach of confidentiality. Maybe you should say what you do with the District parameter after the user has logged in. Giving advice or examples on ZPT and Python for an approach that is probably wrong is just too time-consuming. Cliff prabuddha ray wrote: Its been very kind of u all to be critical about a newbie like me. I'll definitely lookout for those ettiquetes. My python script error got solved as i missed the silly ' ' in the response.redirect statemnet. I set the user and pwd request vars in sesson var. Tried cookie crumbler and MysqlUserFolder and UserFolder also but they all need to changed much and my requirements are diffrent. I'm building a trial govt. site for stores management which was built previously in ASP. The login page takes the districtname , username and passwd . according to the type of user different menus are displayed. For this i need to have the districtname , username and passwd carried on throughout the session. my current requirement is to pass the session vars through the python script which is the action of the login form. I've gone through the zopebook but dint find much help there. can u plz tell me where do i get to know about pythopn scripting done in zope n ZPT examples. i'm really sorry for my erronous language. please dont overlook theese humble requests. On Fri, 1 Apr 2005 23:07:38 +0200, Dieter Maurer [EMAIL PROTECTED] wrote: prabuddha ray wrote at 2005-3-30 23:50 -0800: ... now my problem how n where do i check d pwd n redirect to the next zpt or the previous one if its wrong. Apparently, you need some background reading... Especially, you need to understand that HTTP is a stateless protocol and *EACH* request must somehow perform its own authentication. That's why usually login information is (somehow) coded in a cookie. You really should follow the advice to look at an existing UserFolder (they are responsible for authentication). You may need to adapt/extend an existing UserFolder. -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] role, user defined roles, and inclusion
Dieter Maurer wrote: robert wrote at 2005-3-31 07:22 +0200: Is my assumption that granting a permission to Anonymous means granting it to anybody correct? Correct. Actually, I don't think that is strictly true! And it reminds me of a period of confusion I went through a few months ago, when I was convinced that either I did not understand how roles were supposed to work or that there were bugs in the implementation. It turned out that I had cut and paste a folder with its own own View permissions into another folder with incompatible View permissions. I have forgotten the exact details but I think I had the Manager role in the outer folder but only the Authenticated role in the inner folder. I had totally forgotten that I had been fiddling with the View permissions days or weeks before. So for the original questioner: check that you have not shot yourself in the foot too! Cliff ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: login page problem
Use SimpleUserFolder and CookieCrumbler, and cut out the cute abbreviations like n and d while you're at it. I second that! I have started hitting the delete button rather than engage in the mental translation. Cliff Chris Withers wrote: prabuddha ray wrote: now my problem how n where do i check d pwd n redirect to the next zpt or the previous one if its wrong. i've a zsql method giving me the pwd for the user param passed. i wanted to kno if i can call this method on d onsubmit event? kindly gimme solns u've in mind. Use SimpleUserFolder and CookieCrumbler, and cut out the cute abbreviations like n and d while you're at it. Chris ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
