Re: [Zope] Zope2 - pro/contra
Hello Sebastian, I guess the main problem is the future maintenance of Zope. For instance, it is pretty sure that nobody will invest the time needed to move it Python 3, and at some point it will probably be a problem. Eric On Wed, Mar 4, 2015 at 11:30 AM, Sebastian Tänzer s...@taenzer.me wrote: Hello ZOPE community, we're still developing websites using Zope2 + ZMS3 (www.zms-publishing.com) for years now and never ran into any real problems (compared to, let's say, Wordpress, typo3, Drupal etc. which had serious security problems over the years) and our clients are quite happy with ZMS. A few days ago on a barcamp the discussion lead to Zope and the usual comments, i.e. Zope is dead, I would not use that, Too complicated, Too old, Outdated, and so on. My personal opinion is, that Zope2 is still rock-solid and gets the job done. I've never heard of any serious issues compared to the big competitors from the PHP or Java world. I looked into Pyramid and Django for different projects and always came back to Zope2 itself. I did not ask that question for quite some time now as there was no reason. Sure, sometimes we get comments like never heard of it etc., but nothing serious. Still, are there any specific reasons (beside personal favors) not to use Zope2 anymore? Any reason not to use Zope2 + ZODB for new projects? Are other frameworks like flask, Django, pyramid etc. that much better compared to Zope? Best Sebastian ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zopache = ZTK + Grok + ZMI
Hello, Did you have a look to Substance D ? http://substanced.readthedocs.org/en/latest/ It is based on Pyramid, it uses a ZODB for storage, and it provides a ZMI like management interface. And you can use all the good ZCA stuff if you want to. Eric On Wed, Jul 30, 2014 at 12:56 PM, Christopher Lozinski lozin...@freerecruiting.com wrote: I have a basic version of Zopache running internally. It is a zope-2 like ZMI running on top of grok on top of ZTK. ZTK is really very nicely written. Grok makes it so much easier to use the ZTK. I an focused on using it to build my next generation recruiting website, but it would be good to have someone to talk to about this stuff. It is very very hard to find anyone who both appreciates TTW development, and understands the multiple layers of ZTK and Grok. Anyhow if you are curious I am clozinski on skype. Regards Chris ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] How to add existing folder in Zope
Hello, The best way to do it is probably to create a Zope product, and to put your js library into this product. Regards, Eric 2009/3/27 amol kumbhar amol.kumbha...@gmail.com: Actually I want to use SmartClient for my web site and for this I have to add the SmartClient Library folder into zope so using this I can write JS which include these libraries. On Fri, Mar 27, 2009 at 6:33 PM, Andreas Jung li...@zopyx.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 27.03.2009 8:00 Uhr, amol kumbhar wrote: Hi, I want to add existing folder in zope. As we can add files by browsing how could I add existing folder. This question does not make any sense. Anything existing can not be added. What do you mean? Take your time for asking meaningful questions. - -aj -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknMzrQACgkQCJIWIbr9KYzGawCcD/byu3H/0Nc/i8ERV/0Smq95 kYAAoMAtRjPFKDaXAtpDAWlfQi+Gtqyx =Ba7/ -END PGP SIGNATURE- ___ Zope maillist - z...@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Unrestricted threads
yes indeed you can easily extract the mechanism to create a specific security manager and create a request to call the method you want using this security manager the problem with ZEO is not related to this aspect so it should work fine eric On Wed, Jul 23, 2008 at 11:05 AM, Thierry Florac [EMAIL PROTECTED] wrote: Le mardi 22 juillet 2008 à 19:43 +0200, Eric Bréhault a écrit : Hello Thierry, To schedule cron-like tasks on Zope, I use ZpCron: http://www.zope.org/Members/janik/ZpCron It works pretty fine (well, as far as you do not use ZEO) and it allows to define the user you want to use to run such or such task, and the Zope security mechanisms are applied just like if the user had run the task himself. Hi, Thanks for the link... but I use ZEO :-( Anyway, the information was very useful because this product contains all the security related code that I was looking for... Many thanks, Thierry Florac -- Chef de projet intranet/internet Office National des Forêts - Département Informatique 2, Avenue de Saint-Mandé 75570 PARIS Cedex 12 Mél : [EMAIL PROTECTED] Tél. : +33 01.40.19.59.64 Fax. : +33 01.40.19.59.85 ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Unrestricted threads
Hello Thierry, To schedule cron-like tasks on Zope, I use ZpCron: http://www.zope.org/Members/janik/ZpCron It works pretty fine (well, as far as you do not use ZEO) and it allows to define the user you want to use to run such or such task, and the Zope security mechanisms are applied just like if the user had run the task himself. Normally, the user is supposed to be in the Zope root acl_users, but a colleague of mine had proposed a patch (which is published in beta 080314) which allows to use a user define the path of the acl_users you want to use. Regards, -- Eric BREHAULT Makina Corpus www.makina-corpus.com Agence de Toulouse - 09 64 36 57 57 On Tue, Jul 22, 2008 at 7:23 PM, Thierry Florac [EMAIL PROTECTED] wrote: Hi, I use Zope-2.9.9. I need to create custom cron like threads in an application to handle administrative tasks. Global setup of these threads is already OK. So my question is : how can I setup these threads so that they can handle database objects in an unrestricted way (eventually throught an authentication mecanism) ? Thanks for any help, Thierry Florac -- Chef de projet intranet/internet Office National des Forêts - Département Informatique 2, Avenue de Saint-Mandé 75570 PARIS Cedex 12 Mél : [EMAIL PROTECTED] Tél. : +33 01.40.19.59.64 Fax. : +33 01.40.19.59.85 ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: [Zope3-Users] is it possible to copy object b/w two zodb Database
Hello, I do not know if you can open 2 ZODB but you can exchange objects between 2 instances: a method on instance A would export an object as zexp and stream it over http and a method on instance B would call this method on instance A, and would import the resulting zexp but there is maybe a smarter way Eric On Wed, Jun 11, 2008 at 4:36 PM, rahul bhaskar [EMAIL PROTECTED] wrote: Hi, I am facing some problem with merging two zodb file. is it possible to open two zodb Database at a time and copy object from one to another. Regards Rahul Bhaskar ___ Zope3-users mailing list [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope3-users ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Progam To Write To PT
Hello, is there any particular reason why you cannot make your program write its output in the ZODB and then access this content from a regular page template to display it properly ? Eric BREHAULT On Dec 5, 2007 8:19 PM, Victor Subervi [EMAIL PROTECTED] wrote: Hi; How do I programmatically write to a page template? That is, I have a program on server and I want to write from that to PT in Zope. Documentation? TIA, Victor ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Frustrated with Python and Frameworks. Zope, Grok, Django, CherryPy
Hello, If you do not have time to program, and you want to build dynamic web sites, maybe you could use Zope2 with Plone, and just use the existing Plone products. Ok, you think Plone is tooo much, but it should cover 99% of any basic dynamic web site features. Regards, Eric BREHAULT On Nov 27, 2007 2:18 AM, Rene B [EMAIL PROTECTED] wrote: I'm frustrated trying to select a python web framework. I've researched quite a few. CherryPy,Karrigell,Zope 2,3,Grok, Gluon,Django,Mod_Python. I've also looked at templating languages like Spyce, and Cheetah. I'm beginning to think there's nothing out there for a newbie python programmer like myself. I'm a Network Admin that likes programming but doesn't have the time to get really proficient at it. I selected Python as a language of choice and that's all I've used. I've written a few scripts . I'm interested in building dynamic web sites but I tell you it's impossible to select a tool. I've researched all the tools mentioned above. The most important thing in my decision is that I know some Python and want to use it to build the dynamic site. I don't want to learn a new language to do that. ZPT is a new language. Its not python. Not even close. Out of all the ones I've researched I like Zope 2 the best. Not sure why. I want some thing easy. I like DTML. It's easy. I know why ZPT has it's advantages but for ease of use it doesn't come close to DTML. Most people like me wont be building complex web sites and I'd be the only working on it meaning I'll do the HTML layout and code the dynamic portions of it. So I don't' need to worry about an HTML editor getting confused with the dynamic languages mixed in blah blah blah. I'm afraid to learn Zope 2 because I have no idea what direction it's going in. Not to mention I don't particularly like ZPT. I've read DTML isn't going anywhere but I don't imagine I'll get much support on it when needed and I'm sure people will be telling me to use ZPT cause DTML is dead. Funny, I read something while reading news about Grok's new plugins for any template language . They used Genshi as an example and talked about template languages and which one is better etc.. The bottom line was use the one that you like. So I wish people would stop putting down DTML or others over the one they prefer and continue to help those regardless of which they choose. Back to trying to choose. I think Django is too hard. I like Mod_python with PSP. PSP seems to be more python like then anything I've seen. Yet Mod_Python has terrible docs for people like me and it doesn't seem to popular. The other frameworks have some good ideas. I like Karrigell but you just don't know how long it will be supported.Gluon is cool but its new. Zope 3 is out of the question. Grok looks to me like another CherryPy. It may be easier the Zope 3 but it's not easier then Zope 2. Plus I've yet to get it installed on my windows XP to play. I like cheetah as a tool. There docs are not that great and not many examples. Plus no auto generated content like you get in Zope 2. Yes some magic is good. The CRUD is what made Rails over rated to start out with.People like some magic. saves time. Combining Cheetah and Zope sounds interesting to me. So what do I do. I like Zope 2. I can't find any books on it released after 2002. Plone is tooo much. There aren't any new products out for Zope 2 and the ones that are there haven't been touched for years. Zope 2 wiki seems dead. I was looking the other day for some type of auto CRUD for Zope 2. couldn't find anyting. No one seems to be adding anything new to Zope 2 which scares me the most. If I take the time to learn a tool I want to make sure it's going to be around for awhile and have good support and new addons being added all of the time to help me. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] ZCatalog indexes and unit testing
Hello, I have created a ZCatalog object where I declare the following index: self.addIndex('featureType','FieldIndex') which works fine in my application But when I run it in my unit tests, I get the following error: self.addIndex('featureType','FieldIndex') File /opt/Plone3/lib/python/Products/ZCatalog/ZCatalog.py, line 971, in addIndex raise ValueError, Index of type %s not found % type ValueError: Index of type FieldIndex not found I am using the unitest package, I have declare a lot of stuff in configurationSetUp, but something is probably missing: (is there something to import from PluginIndexes ?) import unittest from zope.component.testing import setUp, tearDown from zope.configuration.xmlconfig import XMLConfig from zope.testing import doctest from zope.testing.doctestunit import DocFileSuite def configurationSetUp(self): setUp() import Products.zgeo import zope.component import zope.annotation import zope.app.publisher.browser import Products.Five import Products.Archetypes import Products.CMFCore import Products.GenericSetup XMLConfig('meta.zcml', zope.component)() XMLConfig('meta.zcml', zope.app.publisher.browser)() XMLConfig('meta.zcml', Products.Five)() XMLConfig('meta.zcml', Products.GenericSetup)() XMLConfig('meta.zcml', Products.CMFCore)() XMLConfig('configure.zcml', zope.annotation)() XMLConfig('configure.zcml', Products.Five)() XMLConfig('configure.zcml', Products.GenericSetup)() XMLConfig('configure.zcml', Products.Archetypes)() XMLConfig('configure.zcml', Products.zgeo)() Thanks, Eric ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] smart development debugging
Hello, Marco's recommendations are very good, I would just add the following: - each developer works on his own instance, and commits his work in SVN or CVS, then everything must be regularly delivered in an integration instance where the latest current versions of all the developers can be tested together - each developer writes unit tests when working on his instance, then he must run them on the integration instance once he has delivered his changes. Eric BREHAULT On 3/25/07, Marco Bizzarri [EMAIL PROTECTED] wrote: On 3/25/07, Roberto Scelzo [EMAIL PROTECTED] wrote: Hi all, we are developing a couple of zope apps which now are becoming pretty complex and, unfortunately, up to now we're developing TTW since we haven't yet find a smart fast way to do our job avoiding the ZMI. We've searched a lot around but never found a nice guidence or howto... It'll be nice to develop by eclipse... Anyways, since the last upgrade (zope 2.9) even the external editor doesn't work anymore. (sob...) Someone suggested us to use a FS dump product, another one instead pointed us to zope FS products, but, is there any article/howto on how to make group development/debugging of middle/large sized zope apps a nice and confortable experience? Thank you! Roberto It depends a lot on what you're looking for. You have a number of different challenges, when you have a team working on a medium to complex Zope application. I can provide some suggestions based on our experience with PAFlow, which is the largest application we've developed so far. 1) develop your application as one or more file system based product; 2) once your application is a file system based product, set up an svn/cvs for your team; 3) give one or more instance to each of your developer, where he/she can deploy the application and test it without interfering with the work of the others; deploy your products inside the Products directory of the instance, not inside the general Products directory; 4) use Eclipse + PyDev as a development environment; 5) keep in mind that while you're developing your application it will happen that you will have to test with different releases of Zope, and you should be able to do so in a simple way. Hope this can help. I can provide more details on our working enviroment, if you're interested. Regards Marco -- Marco Bizzarri http://iliveinpisa.blogspot.com/ ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] What is the best way to debug a Zope 2.62 application.
You can launch Zope 2.6.2 from Python prompt: you set your PYTHONPATH to target zope/lib/python, then you launch python, then you just do this: from Zope import app root=app() (have a look here: http://www.zopelabs.com/cookbook/1054240694 ) Note: it works with 2.6, but if you want to to it with 2.7+, you'll have to load zope.conf, have a look here: http://www.brehault.net/plomino/documentations/how-tos/launch-zope-from-python-command-line Eric BREHAULT On 3/19/07, robert rottermann [EMAIL PROTECTED] wrote: Mark, Jonathan (Integic) wrote: I have a properly running instance of Zope 2.62 but no zopectl file. What is the best way to debug this version of Zope? Should I install zopectl? ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) i believe zopectl was only introduced with 2.7. there was a precursor to zopectl which still can be found somewhere in the cvs. however its layout was quiet a bit different to the one used with the actual one. so I doupt very much that this would be worth your efforts. robert ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] build a safe proxy
What I am trying to do is to build a Lotus Domino-like toolkit under Zope/Plone, so basically my product allows people to build their own groupware-oriented business applications directly from the Plone user interface (by designing forms, views, etc...). One important aspect is the ability to create custom action buttons or custom scheduled agents to automate some basic processes over the managed content. As I do not plan to develop my own script language to do it, I thought I could use directly Python, and run it using exec. And yes, it would be insane if it was not controlled and restricted. That is precisely what I am working on. Eric BREHAULT http://www.brehault.net/plomino/ On 3/15/07, Jens Vagelpohl [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 15 Mar 2007, at 21:19, Eric Bréhault wrote: What would you recommend ? What is the 'official' way to run an untrusted python code with exec and control what this code can do or not ? There is no official way because running untrusted code with exec is an insane proposition. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFF+bmzRAx5nvEhZLIRArJQAJ9pyWSElVLIzfJJrA1V95gAem7+FwCgthjU KIBdb/VcWDlWfC0Tzc4dJ2g= =gVBx -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] build a safe proxy
My understanding of PythonScripts is it is a way to allow the import of such or such module, and the use of such or such method in those modules, but it doesn't prevent the access to such or such attributes on existing objects, does it ? Eric BREHAULT On 3/16/07, Andrew Milton [EMAIL PROTECTED] wrote: +---[ Eric Br?hault ]-- | [snip] | As I do not plan to develop my own script language to do it, I thought I could | use directly Python, and run it using exec. Why not just use Python Scripts? Or a custom subclass of Python Scripts with the added security options you want? -- Andrew Milton [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] build a safe proxy
oh, cool ! I was not aware of that, so that's exactly what I need. Thanks, Eric BREHAULT On 3/16/07, Martijn Pieters [EMAIL PROTECTED] wrote: On 3/16/07, Eric Bréhault [EMAIL PROTECTED] wrote: My understanding of PythonScripts is it is a way to allow the import of such or such module, and the use of such or such method in those modules, but it doesn't prevent the access to such or such attributes on existing objects, does it ? It uses the Zope security machinery to determine what access the code has. So the code in a script cannot access any attributes that the user running the code has access to through the web in the first place. -- Martijn Pieters ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] build a safe proxy
Hello, I am trying to build a safe proxy to wrap the Plone portal object in order to control what is allowed or not. Here is my code: class SafeProxy: def __init__(self, obj): self.__dict__['_obj'] = obj def __getattr__(self, attr): attributes_whitelist=['portal_membership', 'MailHost'] if attr in attributes_whitelist: return getattr(self._obj, attr) else: raise AttributeError, attr+ not allowed in Plomino formula context def __setattr__(self, attr, val): raise AttributeError, attr+ not allowed in Plomino formula context Then I use it that way: safeportal=SafeProxy(portal) safeportal.portal_membership MembershipTool at /myportal/portal_membership safeportal.portal_catalog AttributeError: portal_catalog not allowed in Plomino formula context which is perfect. But my problem is: safeportal._obj.portal_catalog CatalogTool at /concerteau/portal_catalog How can I hide completely the SafeProxy _obj ? How can I make sure it can only be used from the SafeProxy class code itself and nowhere else ? How can I turn it private ? (in Python private attributes are supposed to start with 2 underscores: __obj, but it just mangles with the classname: _SafeProxy__obj, so it just guarantees it will not be overwrite by another class, it does not physically protect it) OR (if totally impossible in Python): how can I do it another way ? maybe using zope.proxy.ProxyBase, but i do not find any documentation about it... Thanks in advance, Eric BREHAULT ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] problem with manage_importObject
Hello, What about just doing the import yourself: container._importObjectFromFile(f) (rather than using the ZMI's manage_importObject method through a zope client connection) ? Eric BREHAULT On 3/12/07, Fabio Marcone [EMAIL PROTECTED] wrote: Jens Vagelpohl wrote: I have a problem using manage_importObject?file=... with zope2.9. In particular: object is successfully imported but if I shutdown and then reboot the server, I don't see anymore imported object. If I import the same object using web form Import/Export I have not this strange behavior. Are you calling manage_importObject from Python code? Are you sure the transaction is committed? If you're calling this in some external script (such as a script run via zopectl run) without starting a normal web request you may have to explicitly commit the transaction. jens perhaps this is the problem... in fact /var/lib/zope2.9/instance/myinstance/var is empty after importObject operation using python script. but the commit has been introduced in zope 2.9? I use the same code in zope2.7 without problem. in a python script I use: zopeClient(' http://localhost:9673/manage_importObject?file=app.zexp',myuser,mypassword ) where zopeClient is: def zopeClient(url,username,passwd): f = Function(url) f.username = username f.password = passwd apply(f,(),{}) How I can do commit? Thanks, Fabio ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists -http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) -- Dott. Fabio Marcone 2T srl Telefono+39 - 0871- 540154 Fax +39 - 0871- 571594 Email fabio.marcone(AT)duet.it Indirizzo Viale B. Croce 573 66013 Chieti Scalo (CH) GNU/Linux registered user #400424 ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] safe read-only access to acquisition parent objects
Hello, Thank you for your answer Dieter. Indeed, I have been looking in all the restricted interpreter things. I have been reading zope\security\untristedinterpreter.txt, and I think it is probably what I need. The thing is I don't know how to produce a security proxy which would allow any 'get' access and forbide any 'set' access. I understand I have to use ProxyFactory, but I don't understand how I can configure my own Checker that would grant the access policy I want. If anybody have some knowledge about it, any help would be appreciated. Thanks On 3/6/07, Dieter Maurer [EMAIL PROTECTED] wrote: Eric Bréhault wrote at 2007-3-5 13:14 +0100: I have build a Plone product which allows users to enter a piece of Python code. This way, users can easily define their own actions without changing the product source code. Those pieces of code are executed using the exec Python command. I would instead use TALES expressions of type python. There are restricted -- which is very essential if you cannot fully trust your users. -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] safe read-only access to acquisition parent objects
Hello, I have build a Plone product which allows users to enter a piece of Python code. This way, users can easily define their own actions without changing the product source code. Those pieces of code are executed using the exec Python command. The problem is that nothing prevents the user to access any other object in the ZODB (using getParentNode, or traverse) and to modify it (as far as the user is allowed to use the method which runs his piece of code, AccessControl will not check his permission during the execution itself). So my first idea was to cut all the acquisition chain: I replace self with aq_base(self) just before running the piece of code, and there is no way to access anything outside the current object itself. It is OK, but my product contains some methods which use Plone portal tools (like MailHost, portal_membership), and I would like to offer the ability to use those methods in the user defined pieces of code. Of course, as I remove the acquisition chain, those methods doesn't work. So my question is: is there a way to provide a read-only access to the current object's acquisition parents ? I thought about different ways: - can we lock an object in the ZODB ? - can we build a read-only proxy to an object ? - can we make a temporary copy of an object that will be stored in the ZODB ? (regarding that point, I know how to do it, but I am not sure about the performances...) Any suggestion ? Regards, Eric BREHAULT ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )