Re: [Zope-dev] ZPatterns design question
"Phillip J. Eby" wrote: At 11:09 PM 7/30/00 +0100, Steve Alexander wrote: Let's say I have an AddressBook specialist. Why? :) Seriously, what is the function of "address book" in your application? Is it to find people in general? Or...? As in your example later, the Addresses specialist is at a different level of abstraction than other specialists. The domain expert tells me that he want to keep particular information about Suppliers: what they supply, and their address details. However, he also wants to store the address details of any other contacts he wishes. He'll sometimes need to search through all of the contacts and suppliers (and in future, anyone that has an address) by phone number or name or address. The domain expert calls the thing that allows him to do the searching (and also browsing) of addresses his "address book", and it reflects a real paper-based artifact. I'm sure I could rename it "Contacts" or "Addresses" without causing too much confusion, though. From the way I just described it, there is no requirement for the addresses to be stored all in one place. There is a requirement that you can search and browse through all addresses, and return the appropriate object. So, I guess a good way to go is to add an "address" propertysheet to Contact and Supplier, and have triggers that add the address details of both to an Address catalogue. Bunch of questions: Is this the ZPatterns ideomatic way to do this? Dunno. Explain the problem you're trying to solve, and I'll tell you the simplest way I know to do it. Aha... the missing link :-) What kind of propertysheet should I be using? Depends on what your application needs. I can see circumstances where the best place for that sheet could be LDAP, SQL, or the ZODB. I wasn't being very clear there. What kind of propertysheet should I be adding to my DataSkin-derived ZClasses? There are two kinds: "Common instance" and "DataSkin attribute". It looks to me like at present the "DataSkin attribute" flavour will work better with SkinScript. In which case, I think your confusion comes from terminology. I would expect to store "Contacts" or "Entries" in an addressbook, and these would have address sheets, as would "Suppliers" or whatever else. That makes sense. Suppliers are sored in the Suppliers specialist, and general Contacts are stored in the Contacts specialist. The contacts specialist provides searching appropriate to the domain of addresses and contacts. Anyway, to answer your question - I think that your getItem() for an address specialist wants to return some object with an address sheet. But not an address object. Contact, Entry, Supplier, TennisBuddy... whatever the heck kind of object it is. This is starting to make much more sense. Many thanks. -- Steve Alexander Software Engineer Cat-Box limited http://www.cat-box.net ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Ids starting with _
On Sun, 30 Jul 2000 10:38:44 +0100, Chris Withers [EMAIL PROTECTED] wrote: Dieter Maurer wrote: I wonder why starting folders with _ is so bad in Zope? In the time, when everything was allowed what was not explicitely forbidden, an easy way was necessary to forbid access. Jim (and, therefore, Zope) used: anything starting with "_" is private: no DTML access, no Web access. Now, with the change to a security policy "Everything is forbidden when not explicitely allowed", the need for such a rule based on naming dwindles. Maybe, it will disappear sometime in the future. That rules applies at a lower level. It removes the need to have special-case handling for the many low-level objects that should never be web-accessible. Almost all zope-manageable classes (and certainly Folders, that Dieter mentioned) use the old rule. This happens because they derive from SimpleItem.Item, which has __allow_access_to_unprotected_subobjects__. Toby Dickenson [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] RE: Additional Quoting; Exposing Auxiliary Tag Functions via _
Dieter Maurer writes: The existing "quote features" name the context for which quoting is needed. The context determines what needs to be quoted and how quoting has to be done. Your proposal does not state the context but only the how. Otherwise, I would think such an extension would be good. You are right here. I just came up with "slash_quote" off the top of my head. "string_quote" is a good language-neutral name I think that is similar in spirit to the present format options. Thus, I propose: 1. new quoting directive "string_quote" quoting Python strings i.e. ", ' and \ are quoted. This would work for Javascript (and other languages with C-like quotation and string literals), too. 2. all auxiliary functions for DTML tags, especially quoting, should be available via the namespace. To avaid namespace pollution, they may go into a separate module, say 'aux'. E.g. I would like to use quoting, formatting etc. inside DTML embedded Python expressions in a form like that: dtml-var "... _.aux.fmt(x,'%m/%d/%Y')..." and dtml-var " _.aux.sql_quote(x)..." This idea has merit, and extends the usefulness of these options to parts of an expression rather than just the whole thing. I think calling the module 'aux' might not be the best for code readability sake though. Perhaps it should just be called fmt or format. Perhaps like so: dtml-var "... _.fmt.expr(x, '%.2f') ..." and dtml-var "... _.fmt.string_quote(x) ..." newbie format methods could be added too (Feature creep alert!) like: dtml-var "... _.fmt.currency(x) ..." in place of the first one. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Acquisition Confusion :S
Hi Jim, (or any zope-dev'ers who can explain this ;-) I've just been reading: http://www.zope.org/Members/jim/Info/IPC8/AcquisitionAlgebra ...and I've got confused on the 'Getting the containment wrapper' section. In anser to 'What is A.B.C.D?' I can't see how you can get: ((D o (C o A)) o (B o A)) Here's my working: A.B.C.D = (B o A) : .C.D = ((C o A) o (B o A)) : .D = ((D o C) o ((C o A) o (B o A))) You can't apply the simplification: ((Z o Y) o (Y o Z)) to the leftmost section 'cos the brackets are in the wrong place... so how to you make the jump to: = ((D o (C o A)) o (B o A)) (but should it?!) Also, is the definition "aq_inner is obtained by finding the innermost wrapped object" the same as "aq_inner is the 'self'/'object' part of the current aquisiton wrapper"? Confusedly and looking for help, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZOracle LOB Questions
Alexander Schad wrote: Alex, Oracle 8i broke DCOracle's support for LOBs; DCOracle primarily uses OCI 7 (Oracle 7) calls, and Oracle 8i enforces a restriction that OCI 8 objects cannot be used in the context of an OCI 7 statement. You can use Oracle 8.0 for this, the restriction isn't enforced until Oracle 8.1. Hello! thank you for your answer. but does that mean that i can only use LOBS with Oracle 8.0 ? i'm confused. i need to use LOBs. if i use oracle 8.1 can i use LOBS and if yes which Databse adapter do i need? If your database adapter is 8.0 you can probably use LOBs, if the adapter is 8.1 you probably can't. I never mix and match adatpters vs. databases, though, so your mileage my vary. By this I mean, you could use 8.0 libraries to access an 8.1 database via SQL*NET. I *think* the error is actually being raised at the library level, not the server itself. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Are full pathnames in error messages a security bug?
I don't know if this has been raised before, but the following excerpt from the most recent SANS security alert concensus made me think: -- Forwarded message -- [...] -- {00.31.014} Apache TomCat leaks system information Apache's TomCat server has been found to provide various types of system information to an attacker-such as full system paths being displayed in error messages. TomCat also comes with the "snoop" servlet, which provides even more detailed information about the system when invoked. Obviously the 'snoop' servlet is the reason this was posted, but still, they are calling full path information a security leak. Not perhaps something to put high on a priority list, but should there be a way to prevent full path information from appearing in error messages? It would have the side benefit of making the error messages more readable grin. --RDM ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] MethodGeddon
Chris Withers wrote: http://www.zope.org/Wikis/zope-dev/MethodGeddon Just been reading about this and I was wondering how is coming along... After more pondering I decided to throw out the idea for typed arguments. I was trying to solve a difficult problem with a roundabout, and in the end more difficult solution. Is it in the fishbowl under another name or should it be in the fishbowl? It would actually fall under the the "Current Projects" section. http://dev.zope.org/Wikis/DevSite/Projects/PythonMethods/MethodObjectInterface Alright, I didn't put it my comments in exactly the right place, but it's close enough. :-) Shane, would the argument list be a management tab for methods? That sounds cool to me :-) What I have done instead (and this is exactly the way Jim envisioned it months ago) is added a "Bindings" tab to Python methods. You just fill in the names to be populated with an object's container, its context, itself, the DTML namespace, and (this just in :-) the traversal subpath. Then I did the same thing with External Methods and combined them into one product. Unless my changes are vetoed, in the future you won't be adding "External Methods" and "Python Methods" anymore, you'll be adding "Python Method (Internal)" and "Python Method (External)" instead. I've checked it all into CVS but I'm not sure it's available to the public. Perhaps it should be; lobby Ken or Brian. It's the module Packages/Products/PythonMethod. I reckon 'self' should always be the equivalent of the python 'self' or not exist to avoid confusion. I guess that means it wouldn't get used much since it would be the actual method-object (and I thought that was an oxymoron ;-) but with the possibility opf things like __render__ and __call__, who knows... Jim solved this confusion by letting you invent your own names, then we made it easier to use by providing "recommended names": container, self, m_self (the method object), _, and traverse_subpath. Now, the bindings still aren't available to DTML methods. But it shouldn't be difficult to add. ... So you could get to any or all of those as you need in your method. Of course, new users wouldn't have to worry about this until they needed to do something that used it. Right. An important feature. Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: ZScheduler and SSL
On Mon, 31 Jul 2000, Loren Stafford wrote: If there is a generally available solution to this SSL client problem, I wouldn't mind building it into ZScheduler as an option. At the very least, I could encapsulate the client interface in a separate module. Then you could conveniently replace that module with your own. Lynx has an ssl capable version, but it is currently considered too buggy to be safe. w3m also has an ssl version. Unfortunately I don't know if the ssl version of either one is available for Windows. --RDM ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Ids starting with _
Toby Dickenson wrote: Almost all zope-manageable classes (and certainly Folders, that Dieter mentioned) use the old rule. This happens because they derive from SimpleItem.Item, which has __allow_access_to_unprotected_subobjects__=1 1) Why does SimpleItem still have this?! Since so much, IIRC, is derived from SimpleItem.Item, surely this goes very much against the grain of 'everything should be protected unless I say otherwise'? 2) Why does having __allow_access_to_unprotected_subobjects__=1 mean that the 'start with _ = hidden/no DTML, no web Access' ruel applies? cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Collector #1457: DateTime strftime() -- still broken
[EMAIL PROTECTED] wrote: Steve Alexander reported: This is a patch to address collector item 1455. Here's a working patch to make formatting of a DateTime instance work as generally expected, when you use dtml-var "_.DateTime()" fmt="%d %H %z" or whatever. It could be made more efficient by compiling the two regular expressions into class attributes. However, a bug in ts_regex stops it using compiled regular expressions in gsub. See the following URL for a description of the regex bug. http://lists.zope.org/pipermail/zope-dev/2000-July/006105.html with patch: *** lib/python/DateTime/DateTime.old.py Sun Jul 23 20:03:04 2000 --- lib/python/DateTime/DateTime.py Mon Jul 24 14:01:37 2000 *** *** 1376,1382 return millis def strftime(self, format): ! return strftime(format, gmtime(self.timeTime())) # General formats from previous DateTime def Date(self): --- 1376,1385 return millis def strftime(self, format): ! diff=_tzoffset(self._tz, self._t) ! format = ts_regex.gsub('\(^\|[^%]\)%Z', '\\1'+self._tz, format) ! format = ts_regex.gsub('\(^\|[^%]\)%z', '\\1%+05d' % (diff/36), format) ! return strftime(format, gmtime(self.timeTime()+diff)) # General formats from previous DateTime def Date(self): Thanks for the report. Per popular demand based on list feedback, strftime() now formats using the current timezone representation of the DateTime object (consistent with all of the other DT formatting methods). For those who really needed it to format based on GMT, you can use the toZone() method to get a copy of the DateTime object represented in GMT and call the formatting methods on that object: dtml-var "myDate.toZone('GMT')" fmt="%y, %m, %d" or dtml-var "myDate.toZone('GMT').strftime('%y, %m, %d')" -Brian I just looked at the fix in CVS. I'm sad to report that it is still broken. Here's the patched method from CVS: def strftime(self, format): # Format the date/time using the *current timezone representation*. jfirst = _julianday(self._year, 1, 1) - 1 jtoday = _julianday(self._year, self._month, self._day) julian = jtoday - jfirst time_info=(self._year, self._month, self._day, self._hour, self._minute, self._nearsec, (self._dayoffset + 6) % 7, julian, 0) return strftime(format, time_info) This gets time.strftime to format the time in the DateTime instance, shifted by an appropriate amount. However, if you try and format with %z or %Z to display the timezone information, it always comes out as GMT. So, the implementation has gone from correct but not useful, to generally useful but technically incorrect. To see the problem, apply the patch and try this DTML snippet: dtml-let time1="_.DateTime('2000/07/23 14:03 BST')" Time: dtml-var time1 fmt="%B %d, %Y %H:%M %Z" br Time: dtml-var "time1.fCommonZ()" br /dtml-let This prints out the following: Time: July 23, 2000 14:03 GMT Time: July 23, 2000 2:03 pm GMT+1 They are being presented as different times. The first one should read "Time: July 23, 2000 14:03 GMT+1". A solution is to replace the %Z and %z format substrings with correctly calculated values, as in my original patch, included towards the start of this message. -- Steve Alexander Software Engineer Cat-Box limited http://www.cat-box.net ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Acquisition Confusion :S
I still don't get this :( Here's the situation: A has attributes B and C, C has attribute D my old working: A.B.C.D = (B o A) : .C.D now, since C is found in A: = ((C o A) o (B o A)) : .D again since D is found in C: = ((D o C) o ((C o A) o (B o A))) However, this: This last line should be (((D o C) o (C o A)) o ((C o A) o (B o A))), which Implies that rather than the rule I was working on which was: If X is found in Y, the next line becomes ((X o Y) o {the last line}) This rule applies: If X is found in Y, then the next line becomes (((X o Y) o (wrapper of which Y was either parent or self)) o {the last line}) Is this the case? If so, why? ;-) In this case aq_inner is the entire expression, since aq_self is not a wrapper. I still don't get this at all :( I hoep someone can help more :~( The IPC8 slides are in error, and need to be fixed. Similarly, does the dev-wiki still have a purpose? It feels like the unmaintained precursor to dev.zope.org... cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZOracle LOB Questions
Alexander Schad wrote: Hello! i have Oracle 8.1.6 ZOracleDA 2.2 installed with Zope 2.1.6 on a red hat linux machine. i have an oracle table with one column containing blobs. Now i have the following problems: 1. How can i retrieve data from that table in zope or in python (syntax) ? 2. How can i insert data to that table ? i need the zope syntax something like: insert into blob_table values ('dtml-var image') ??? or the python syntax i have written a little script: import DCOracle, sys, os, DCOracle.dbi dbc = DCOracle.Connect('mozdb_dba/mozdb_dba') cur = dbc.cursor() fn = open('test_img.jpg','rb') data = fn.read() fn.close() param = DCOracle.dbi.dbiRaw(data) cur.execute('select blobcol from blobtable') dat = cur.fetchone() cur.close() dbc.close() print dat when i try to execute it i get the following error: Traceback (innermost last): File "blobtest.py", line 12, in ? dat = cur.fetchone() File "DCOracle/ociCurs.py", line 339, in fetchone self._error() File "DCOracle/ociCurs.py", line 109, in _error raise error, (rc, oci_.OracleErrorMessage(self._c.lda, rc)) oci.error: (24813, 'ORA-24813: cannot send or receive an unsupported LOB\012') 3. Is there a way to call a stored procedure or function that actually return values ? i succeeded in retrieving one particular value out of a table but when i try a function like : select * from some_table i fail... 4. Changes.txt: Z Oracle DA Releases 2.2.0 Added a small feature that allows you to access LOBs in the Oracle database. To do this, you must have your maximum number of results set to '1'. Otherwise, it won't work. i don't know what this is referring to. where should i make this change? Ciao, Alex Alex, Oracle 8i broke DCOracle's support for LOBs; DCOracle primarily uses OCI 7 (Oracle 7) calls, and Oracle 8i enforces a restriction that OCI 8 objects cannot be used in the context of an OCI 7 statement. You can use Oracle 8.0 for this, the restriction isn't enforced until Oracle 8.1. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )