[Zope-Annce] CMF 2.0.0 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The CMF developer community and Zope Corporation are pleased to announce the release of version 2.0.0 of the Zope Content Management Framework (CMF) as the first stable release from the CMF 2.0 development branch. What is the CMF? The Zope Content Management Framework provides a set of services and content objects useful for building highly dynamic, content-oriented portal sites. As packaged, the CMF generates a site much like the zope.org site. The CMF is intended to be easily customizable, in terms of both the types of content used and the policies and services it provides. What's new in this release? In addition to countless bug fixes and minor improvements, this release features many noteworthy additions, such as: - GenericSetup-integration as the replacement for the CMFSetup technology started in the CMF 1.5-series - the use of Zope 3-style interfaces throughout, bridged back to Zope 2-interfaces where needed for backwards compatibility - An experimental set of Five-style browser views for CMFDefault and CMFCalendar, which will evolve into the standard views for CMF 2.1 - widespread integration with Zope 3/Five technologies, and the folding-in of the previous CMFonFive addon-product - pluggable TypeInformation objects - new-style Actions Where do I get it? Download it from http://www.zope.org/Products/CMF/CMF-2.0.0 Points of interest include: - Windows ZIP file: http://www.zope.org/Products/CMF/CMF-2.0.0/CMF-2.0.0.zip - Unix tar/gzip archive: http://www.zope.org/Products/CMF/CMF-2.0.0/CMF-2.0.0.tar.gz - Release notes: http://www.zope.org/Products/CMF/CMF-2.0.0/README.txt - Change history: http://www.zope.org/Products/CMF/CMF-2.0.0/CHANGES.txt - Installation instructions: http://www.zope.org/Products/CMF/CMF-2.0.0/INSTALL.txt - CMF Release Roadmap: http://www.zope.org/Products/CMF/docs/roadmap Where do I go to learn more? The CMF mailing list ([EMAIL PROTECTED]) has many participants who are active in supporting the CMF. ...to report bugs? The CMF Collector at http://www.zope.org/Collectors/CMF is the place to report bugs (please search for existing reports of your issue first!) - - Jens Vagelpohl [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEQhVPRAx5nvEhZLIRAmilAJ9YY0YeqZK5SSFG88+ooWYNoqV4iACeJLJx lbGZzmDOcn1EnuiNAEkgtCY= =nyIK -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org http://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: http://mail.zope.org/mailman/listinfo/zope Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-dev] Traversal issue which affects Five
Hi all, It seems that the way OFS.Traversable.restrictedTraverse() handles security checking on objects with __bobo_traverse__ methods is considerably different from the way it normally checks security. The result is that traversal cannot obtain attributes using acquisition from objects that are marked five:traversable. In the normal case, security is checked using guarded_getattr, which gets an attribute and checks the permissions on the retrieved object in its original context. For __bobo_traverse__methods which return simple properties (say strings), it is impossible to determine the container from which the returned attribute originates, so unless the attribute was not acquired, an Unauthorized error will always be raised. Objects that are Five Traversable always have __bobo_traverse__ methods which attempt to mimic normal traversal, which effectively means that the security checks end up preventing acquisition of simple properties using traversal from ever working on these objects (say using a TAL path expression 'context/attribute' which you expect to be acquired). Unfortunately, because Five has no control over the security checks done during traversal, this cannot be fixed directly in Five. However, IMHO fixing this makes sense for Zope itself, provided there aren't any undesirable consequences. I propose that if the validation of a __bobo_traverse result raises Unauthorized, that we make one last check to see if the result o 'guarded_getattr(obj, name)' is identical to the result of the __bobo_traverse__ call and allow it if that's the case. Here is my proposed patch against Zope 2.9 trunk: --- Traversable.py (revision 66323) +++ Traversable.py (working copy) @@ -201,9 +201,18 @@ else: # Can't determine container container = _none -if not securityManager.validate( -obj, container, name, next): -raise Unauthorized, name +try: +if not securityManager.validate( +obj, container, name, next): +raise Unauthorized, name +except Unauthorized: +# If next is a simple unwrapped property, it's +# parentage is indeterminate, but it may have been +# acquired safely. In this case validate will raise +# an error, and we can check that our value was +# acquired safely. +if guarded_getattr(obj, name, marker) is not next: +raise Unauthorized, name else: if restricted: next = guarded_getattr(obj, name, marker) At the moment Plone 2.5 is really struggling with this issue, and it would be wonderful if a fix for this could go into Zope 2.8 and 2.9 soon. I'm happy to write tests for this, I just want to make sure that I'm not proposing something really wrong/inappropriate here. Generally, the validate() call should return a True or False value, so this change should have little performance impact except in the case where 'container == _none' and validate would otherwise raise a very unhelpful unauthorized error. Your feedback is much appreciated. Alec Mitchell ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope] Some installation glitches
--On 15. April 2006 20:42:11 -0700 Dennis Allison [EMAIL PROTECTED] wrote: When I install Zope 2.9.0 on a 64 bit machine the path to the system is .../Zope/lib64/python/... but with Zope 2.9.2, also on a 64-but machine the path to the system is ...Zope/lib/python/ Why the change? Huh? Never seen that! ...and no idea where this change should come from. -aj -- ZOPYX Ltd. Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany Web: www.zopyx.com - Email: [EMAIL PROTECTED] - Phone +49 - 7071 - 793376 E-Publishing, Python, Zope Plone development, Consulting pgpSi5zixTitX.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Some installation glitches
On Sunday 16 April 2006 08:27, Andreas Jung wrote: --On 15. April 2006 20:42:11 -0700 Dennis Allison [EMAIL PROTECTED] wrote: When I install Zope 2.9.0 on a 64 bit machine the path to the system is .../Zope/lib64/python/... but with Zope 2.9.2, also on a 64-but machine the path to the system is ...Zope/lib/python/ Why the change? Huh? Never seen that! ...and no idea where this change should come from. -aj I confirm, I also have problems with building zope 2.9.2. on X86... Allison have you got a work around? Jerry ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Some installation glitches
--On 16. April 2006 09:07:28 +0200 Jerry Westrick [EMAIL PROTECTED] wrote: On Sunday 16 April 2006 08:27, Andreas Jung wrote: --On 15. April 2006 20:42:11 -0700 Dennis Allison [EMAIL PROTECTED] wrote: When I install Zope 2.9.0 on a 64 bit machine the path to the system is .../Zope/lib64/python/... but with Zope 2.9.2, also on a 64-but machine the path to the system is ...Zope/lib/python/ Why the change? Huh? Never seen that! ...and no idea where this change should come from. -aj I confirm, I also have problems with building zope 2.9.2. on X86... Allison have you got a work around? Scary. Unfortunately I don't have a 64 bit machine to test it on my own. -aj -- ZOPYX Ltd. Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany Web: www.zopyx.com - Email: [EMAIL PROTECTED] - Phone +49 - 7071 - 793376 E-Publishing, Python, Zope Plone development, Consulting pgpz5vtwmIo0m.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] CMF 2.0.0 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The CMF developer community and Zope Corporation are pleased to announce the release of version 2.0.0 of the Zope Content Management Framework (CMF) as the first stable release from the CMF 2.0 development branch. What is the CMF? The Zope Content Management Framework provides a set of services and content objects useful for building highly dynamic, content-oriented portal sites. As packaged, the CMF generates a site much like the zope.org site. The CMF is intended to be easily customizable, in terms of both the types of content used and the policies and services it provides. What's new in this release? In addition to countless bug fixes and minor improvements, this release features many noteworthy additions, such as: - GenericSetup-integration as the replacement for the CMFSetup technology started in the CMF 1.5-series - the use of Zope 3-style interfaces throughout, bridged back to Zope 2-interfaces where needed for backwards compatibility - An experimental set of Five-style browser views for CMFDefault and CMFCalendar, which will evolve into the standard views for CMF 2.1 - widespread integration with Zope 3/Five technologies, and the folding-in of the previous CMFonFive addon-product - pluggable TypeInformation objects - new-style Actions Where do I get it? Download it from http://www.zope.org/Products/CMF/CMF-2.0.0 Points of interest include: - Windows ZIP file: http://www.zope.org/Products/CMF/CMF-2.0.0/CMF-2.0.0.zip - Unix tar/gzip archive: http://www.zope.org/Products/CMF/CMF-2.0.0/CMF-2.0.0.tar.gz - Release notes: http://www.zope.org/Products/CMF/CMF-2.0.0/README.txt - Change history: http://www.zope.org/Products/CMF/CMF-2.0.0/CHANGES.txt - Installation instructions: http://www.zope.org/Products/CMF/CMF-2.0.0/INSTALL.txt - CMF Release Roadmap: http://www.zope.org/Products/CMF/docs/roadmap Where do I go to learn more? The CMF mailing list ([EMAIL PROTECTED]) has many participants who are active in supporting the CMF. ...to report bugs? The CMF Collector at http://www.zope.org/Collectors/CMF is the place to report bugs (please search for existing reports of your issue first!) - - Jens Vagelpohl [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEQhVPRAx5nvEhZLIRAmilAJ9YY0YeqZK5SSFG88+ooWYNoqV4iACeJLJx lbGZzmDOcn1EnuiNAEkgtCY= =nyIK -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: CMF 2.0.0 released
Hi Jens, Congratulations! :-) - pluggable TypeInformation objects - new-style Actions Where would I look to find more details on how these work? They sound like the may be useful for Plone going forward. :) Martin -- (muted) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Permissions, files and folders
On 4/11/06, Dieter Maurer [EMAIL PROTECTED] wrote: Erik Billing wrote at 2006-4-10 20:38 +0200: ...This works fine, except that it's a bit clumsy and has one big error; Icatch just any exception that arises from thefiles.append(fileIterator.next ())-call,and swallow it.In fact, you should *NEVER* do this.I totally agree I've tried catching only the Unauthorized-exception, but ananonymus user does not have access to the Unauthorized-exception, so I can'tspecify is in my except-declaration without getting a new authorization error.The README in Products/PythonScripts (unmong others) tellsyou how to allow the import of usually protected ressources.--Dieter Thanx, it worked fine when I allowed the unauthorized module, but I still wonder if this is the way I *should* do it, is there no easier way that does not incorporate an python script (or a similar clumsy dtml solution). It just feels a little overkill to write a specific script just to access the files in a directory. /Erik ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Install 2.9.2 fails with error: must supply either home or prefix/exec-prefix -- not both
On Sunday 16 April 2006 01:18, Jens Vagelpohl wrote: On 16 Apr 2006, at 00:11, Jerry Westrick wrote: Hello all I've done a clean install SUSE 10.1 RC1. (Yes I know it's new, and probably the problem) I've downloaded Zope 2.9.2 And executed the installation as described in the readme.txt. It worked fine for me right now by doing... ./configure --prefix=`pwd` --force make make install jens This gives me the same error... After debugging the install.py with komodo (also beta :-) I found that by setting the environment variable with export DISTUTILS_DEBUG=1 additional debug information is printed. Here the relevant parts of the make install snip option dict for 'install' command: {'home': ('command line', '/opt/zope'), 'prefix': ('/usr/lib64/python2.4/distutils/distutils.cfg', '/usr/local'), 'skip_build': ('command line', 1)} option dict for 'install_lib' command: {'compile': ('setup.cfg', '1'), 'optimize': ('setup.cfg', '1')} Distribution.get_command_obj(): creating 'install' command object setting options for 'install' command: home = /opt/zope (from command line) prefix = /usr/local (from /usr/lib64/python2.4/distutils/distutils.cfg) skip_build = 1 (from command line) Traceback (most recent call last): File install.py, line 29, in ? context.setup() File /backup/install/zope/Zope-2.9.2/Support/zpkgsetup/setup.py, line 132, in setup setup(**kwargs) File /usr/lib64/python2.4/distutils/core.py, line 149, in setup dist.run_commands() File /usr/lib64/python2.4/distutils/dist.py, line 946, in run_commands self.run_command(cmd) File /usr/lib64/python2.4/distutils/dist.py, line 965, in run_command cmd_obj.ensure_finalized() File /usr/lib64/python2.4/distutils/cmd.py, line 117, in ensure_finalized self.finalize_options() File /usr/lib64/python2.4/distutils/command/install.py, line 246, in finalize_options raise DistutilsOptionError, \ distutils.errors.DistutilsOptionError: must supply either home or prefix/exec-prefix -- not both make: *** [install] Error 1 log2:/backup/install/zope/Zope-2.9.2 # From the following excerpt setting options for 'install' command: home = /opt/zope (from command line) prefix = /usr/local (from /usr/lib64/python2.4/distutils/distutils.cfg) snip raise DistutilsOptionError, \ distutils.errors.DistutilsOptionError: must supply either home or prefix/exec-prefix -- not both make: *** [install] Error 1 I assume the problem is that the install routine does not handle SUSE's version of the .../python2.4/distutil/distutils.cfg, which sets the prefix. Maybe this is a simple name clash? As a test I removed the --home $(PREFIX) from the Makefile, and zope installed into /usr/local instead of /usr/local/Zope 8-( Oh well it was a virgin installation, I'll just have to install it again! At any rate I went ahead and confirmed that the same happens on SUSE 10.1 RC1 i386 architecture so it's more probably SUSE problem and not x86_64 specific My question now is this a bug in Zope 2.9.2 installation, or in SUSE 10.1 RC1? The answer to that will decide where I look to fix it Jerry Westrick. P.S. I have both 32bit and 64bit test machines remotely available incase anyone wants to fix this :-) Unfortunately, I should be preparign the 64bit machine as a backup server, so if anyone is interested it's only available shortly... I can keep the 32bit SUSE 10.1 RC1 available for a week or so... ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )