Re: [Zope] What product to choose?
Karlo Lozovina a écrit : (snip) First one is something like a mathematical encyclopedia and online collaboration tool - mix between MathWorld (http://mathworld.wolfram.com/) and a Wiki of some kind (http://www.wikipedia.org). (snip) Second web is much less complicated - it's intended to be a mix between news portal and searchable database of medical and similar products. Currently, I'm reviewing few options for implementing those two projects - plain Zope 2 or a Zope 2 based CMS (Plone, ZWiki, etc). If there is a Zope 2 based CMS that satisfies most of my requirements, I wouldn't mind using that. For the first project, I don't think you'll find an out-of-the-box solution, nor you can reasonnably expect to forcefit it into a CMF based CMS. Zwiki could be a good starting block, then you're on your own IMHO. For the second one, I think it could fit into Plone but - depending on the complexity of what you call a news portal, and unless you really need all the 'community portal' part of Plone - you may be better rolling your own product(s). But, since Zope 2 will be someday replaced by Zope 3, I'm not that happy to use an already outdated product. That brings me to my next question - would it be smart to try to develop this using Zope 3? Is it mature and production ready enough? I can't answer about stability and such - but if you don't intend to use an existing Zope2 CMS, you may as well take the Zope3 road... (I wouldn't bet my hand on this, but I think I saw a Zope3 port of Zwiki somewhere...) There is a third possibility, try to do it from scratch Err... YMMV, but I wouldn't do that. using Python (since that is the only language I'm good in that is suited for web development), but that seems like to big hassle. no comment... There, that's all I can think of now, any thoughts, ideas, URL's are very much appreciated. Zope has surely a lot to offer. But you may also want to check some other solutions, like Django or Turbogears (2 rails-like fullstack 'MVC' frameworks), or Myghty (HTML:Mason Python port). My 2 cents. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Newbee interfaces and implementations
Roman Klesel a écrit : bruno desthuilliers schrieb: Looks like you're newbie to OO too !-) A class defines a type. You then need to have an instance of that type (like, say, 42 is an instance of type integer and 'foo' is an instance of type string). Yes, true! :-) !-) (Interfaces (I mean, 'explicit' interfaces) defines an 'abstract' type, that can be implemented by many classes. With Python's dynamic typing, you don't *need* explicit interfaces - at least with Zope 2.x. AFAICT, the recommandation to use explicit interfaces is mostly about Zope3 relying on them to implement some nice features). So it would be: tal:define=some_name context/myObject/doThis As you see, you don't have to worry about interface at this level... So you recommend that I should just skip them as long as I'm on Zope2? Short answer : yes. Unless you plan to switch to Zope3 really soon, but then, I'd recommand that you skip Zope 2.x !-) I would be happy with that. I find them confusing when they don't really interface with but just document my methods. The Interface package offers much more than simple documentation. But I don't think you will find much Zope 2.x code using it. My 2 cents ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: Java vs Zope
[EMAIL PROTECTED] a écrit : (snip) All said and done, I prefer to use Java over Python for large applications Good for you; there are others that share your tastes, but that's all it is: preference. A good coder could create an equally powerful suitably large application in either language in the same amount of time. My guess is that it will take much less time with Python. And that the large Java application will end up as a medium-sized app in Python (the average ratio must be along the line of 5 lines of Java for 1 line of Python). (snip) simply because it's cleaner and has mechanisms in place that support reusability of components and extensibility. Huh? You can do pretty much the same designs, patterns, etc in Python. Why does language make a difference here in re-usability. It does make a difference - but the other way round !-) Almost any (if not all) Java pattern can be translated to Python, but the opposite is not true. Perhaps you are arguing for single-inheritance as a constraint (which you can self-impose in design in Python). But why would you ?-) Python's duck typing makes inheritence much less important than it is in Java, but still, multiple inheritence is handy for mixins (let's talk about componants and reusability...). Also, Python offers a pretty good support for composition/delegation, which allows for better decoupling (than inheritence), which in turns makes reusability easier. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Revision Control / CVS / SVN integration with ZODB?
Michael Schwartz a écrit : Zope has been a fantastic environment for our application (a front end for an Asterisk PBX application), but now that more people are contributing to the development effort, it is becoming a challenge to keep the various environments in sync. The project is now hundreds of page templates, sql methods, and python scripts: we desperately need revision control to move the project forward. (snip) If I understand correctly, you're using TTW componants. My very humble opinion is that all ths code should go to the filesystem. This would allow you to simply use SVN (or whatever). Part of this code should probably move to products and/or external methods. Also, there's a non-CMF implementation of CMF skins, that can be useful when you want to let the user customize parts of the application TTW. My 2 cents ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope/Editor problems
Håkan Johansson a écrit : I need some sort of content editor and have looked at both Epoz and Kupu. My problem is that I can't get any of them to work. If I install Epoz, Zope crashes without any error messages. Have you looked in the logs ? (snip) Are these editors even usable by me? I had no problem using Epoz or Kupu. I found the Kupu documentation a bit cryptic too. As I am very new to Zope, I want a simple functioning example how to edit a simple document object. Use the code, Luke. Silva uses Kupu, so having a look at Silva's code should get you started. Epoz has this but I could not try it because of the crash. I have googled around a lot, but I haven't found anything that resembles my problems. You don't give enough informations (logs, tracebacks etc) for us to help you. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Aquisition, UserFolder and security
Dieter Maurer wrote: bruno modulix wrote at 2005-9-29 13:20 +0200: ... The problem here is that CPS (the portal and all CPMs are CPS instances) uses predefined roles, on which the various workflows relies, so that would mean renaming all roles - differently - on each CPM, and modifying the workflows too. I think that is would only be necessary that the roles are disjoint between Portal and CPM. All CPMs can use the same roles. Nope. Some users may have different roles from CPM to CPM. I did not say that the user to role mapping should (or even must) be identical in all CPMs but that the *set* of roles *might* be identical in all CPMs -- or to say it differently: that you are not forced to use disjoint role sets for any pair of CPMs. Hopefully, you see the difference... Dieter, I didn't misunderstood your proposed solution. But some users exist in different CPMs with different roles in each CPM. So - unless I'm totally at lost with how Zope's security works - if User1 has role RoleWithMuchPrivileges in Cpm1 and role RoleWithFewPrivileges in Cpm2, he could gain RoleWithMuchPrivileges in Cpm2 just by using faked url cpm1/cpm2/whatever_he_should_not_access_here. Worse, anyone existing in any CPM could gain access to any other CPM just by faking url. See, it's not only a 'portal roles' vs 'CPMs roles' problem, it's a 'siblings CPS instances in the same Zope container with a same domain name' problem. Playing with roles and permissions aquisition settings and whatever is not the solution here IMHO. Detecting and correcting 'faked' urls would be simpler and better - and that's somehow the solution I applyed - even if in a somewhat hackish way. BTW I'm still looking for a hands on doc on traversal hooks, if there's such a thing... -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: Aquisition, UserFolder and security
Tres Seaver wrote: bruno modulix wrote: Dieter, I didn't misunderstood your proposed solution. But some users exist in different CPMs with different roles in each CPM. So - unless I'm totally at lost with how Zope's security works - if User1 has role RoleWithMuchPrivileges in Cpm1 and role RoleWithFewPrivileges in Cpm2, he could gain RoleWithMuchPrivileges in Cpm2 just by using faked url cpm1/cpm2/whatever_he_should_not_access_here. Worse, anyone existing in any CPM could gain access to any other CPM just by faking url. The Zope security machinery goes out of its way to prevent such an exploit: Which one ? I have the case where authentication happens in the context, not containment, ie given two sibling folders fa and fb, each with it's own acl_user, if UserA exists in fa['acl_users'] and not in fb['acl_users'], then UserA is still authenticated in fb when accessing it thru fa/fb (while he is not when accessing fb directly). essentially, it considers only containment acquisition when evaluating roles, etc. I wasn't very sure about this. If I understand correctly, this means that authentication can come from an acl_user aquired by context (this is what I've experimented), but that roles/permission lookup will only happens in the containment hierarchy ? -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Aquisition, UserFolder and security
Dieter Maurer wrote: bruno modulix wrote at 2005-9-28 10:02 +0200: Dieter Maurer wrote: ... Sounds like a permission to role mapping flaw... Apparently, roles controlled by the Portal UserFolder (e.g. Authenticated) are allowed to do things in your CPM that you only be allowed by roles controlled by their UserFolder. You may be able to fix this by making the roles controlled by the Portal and the CPM level disjoint. Authenticated cannot be made disjoint -- but you may not use it inside your CPMs. The problem here is that CPS (the portal and all CPMs are CPS instances) uses predefined roles, on which the various workflows relies, so that would mean renaming all roles - differently - on each CPM, and modifying the workflows too. I think that is would only be necessary that the roles are disjoint between Portal and CPM. All CPMs can use the same roles. Nope. Some users may have different roles from CPM to CPM. Given that the customer is going to create new CPMs at will, I'm afraid this solution is somewhat unpractical... Maybe, this changes when you need to touch only the Portal roles? I don't want to mess with CPS predifined roles. But thanks anyway. -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Aquisition, UserFolder and security
Dieter Maurer wrote: Hi Dieter bruno modulix wrote at 2005-9-27 11:34 +0200: I have a little problem with aquisition and security. We have a project using multiple CPS instances (for those that don't know CPS, it's a CMF based groupware/CMS) running in the same Zope instance, and being siblings of each others [1]. One of these instances is the main entry point for the portal (I'll all it the 'portal'), the others are acting as workspaces for dedicated communities (I'll call them CPMs). Each CPS instance has its own UserFolder. All users exists in the portal's UserFolder, but only exists in some CPMs UserFolders. Now the problem is that, due to acquisition, a member existing in the Portal but not in a given CPM can gain access to this CPM by faking the url - ie: going to mydomain.tld/portal/cpm instead of mydomain.tld/cpm. So we have a potential (err...) security hole here, that I would like to address ASAP. Sounds like a permission to role mapping flaw... Apparently, roles controlled by the Portal UserFolder (e.g. Authenticated) are allowed to do things in your CPM that you only be allowed by roles controlled by their UserFolder. You may be able to fix this by making the roles controlled by the Portal and the CPM level disjoint. Authenticated cannot be made disjoint -- but you may not use it inside your CPMs. The problem here is that CPS (the portal and all CPMs are CPS instances) uses predefined roles, on which the various workflows relies, so that would mean renaming all roles - differently - on each CPM, and modifying the workflows too. Given that the customer is going to create new CPMs at will, I'm afraid this solution is somewhat unpractical... -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Aquisition, UserFolder and security
Andrew Milton wrote: (snip) And turning off Acquire roles on the security tab of the folders you don't want to have acquired doesn't work? This would probably be the cleanest solution here, and - shame on me - I didn't even think of it. Now the problem is that CPS has a very complex permission/roles/groups scheme, and I wouldn't want to mess with it. Anyway, I found a working hack^Msolution that do the trick and seems not to have too much drawbacks for now - mostly, overriding the _isTop() method and looking for another CPS instance in aq_chain, if so return True, which prevent looking further. Since there won't be another CPS instance in the aq_chain when managing the application from the ZMI, it should be ok (and AFAICT it works just fine). -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Aquisition, UserFolder and security
Hello hi I have a little problem with aquisition and security. We have a project using multiple CPS instances (for those that don't know CPS, it's a CMF based groupware/CMS) running in the same Zope instance, and being siblings of each others [1]. One of these instances is the main entry point for the portal (I'll all it the 'portal'), the others are acting as workspaces for dedicated communities (I'll call them CPMs). Each CPS instance has its own UserFolder. All users exists in the portal's UserFolder, but only exists in some CPMs UserFolders. Now the problem is that, due to acquisition, a member existing in the Portal but not in a given CPM can gain access to this CPM by faking the url - ie: going to mydomain.tld/portal/cpm instead of mydomain.tld/cpm. So we have a potential (err...) security hole here, that I would like to address ASAP. We've been thinking of using apache's rewrite rules, but since the customer will have the possibilitie to create new CPMs at will, this won't do. Idem for using subdomains, or anything implying the modification of apache conf. So we must fix the problem inside Zope itself. I searched the doc, this list's archive and the source code, and it seems that possible solutions involve playing with __bobo_traverse__ or __before_publishing_traverse__, but my (very naive) try didn't make it, so I'd really enjoy any hint and/or pointers about howtos, do's and don't, or any other resource concerning these hooks. Another thing I've been thinking of, reading BasicUserFolder's source, would be to subclass it and redefine the _isTop() method so users wouldn't been looked up for in a UserFolder placed in the context by acquisition, but I don't know enough about the whole mechanism to be sure it would'nt have unwanted side-effects and drawbacks. It's also very possible that I missed another simpler and better solution, so here again, any hint, pointer etc is *very* welcome. TIA [1] don't tell me, I know this is far from the best possible architecture, but that's the only one that we could think of that would let us meet the deadline. CPS Workspaces did not offer enough functionalities to be used for CPMs, and we need a tight integration between the Portal and CPMs. -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Aquisition, UserFolder and security
Jens Vagelpohl wrote: Each CPS instance has its own UserFolder. All users exists in the portal's UserFolder, but only exists in some CPMs UserFolders. Now the problem is that, due to acquisition, a member existing in the Portal but not in a given CPM can gain access to this CPM by faking the url - ie: going to mydomain.tld/portal/cpm instead of mydomain.tld/cpm. So we have a potential (err...) security hole here, that I would like to address ASAP. A normal pattern to use here would be to have one central user folder (e.g. at the root) and work with local roles in the sub-portals instead of having several user folders. I know, but I don't think it will possible here (this is an euphemism). The UserFolder is a LDAPUserGroupsFolder, users data are stored in a LDAP directory, with one branch for each CPS instance, and some user data and schema varying from one branch to another. We don't have the possibility to change this (it's part of a bigger system), and we don't have the time to rewrite a custom LDAPUserFolder that could accomodate this LDAP schema (this project was already very late when we took on it and we have a *very* tight deadline - I hate this situation, but I have to deal with it...). Any robust solution, as hackish as it may be, will be just fine, as long as we deliver on time. -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Aquisition, UserFolder and security
Julien Anguenot wrote: Hi Bruno, Hi Julien, If you're using a central LDAP for all the instances you can restrict the access from the different instances using either LDAPUserGroupsFolder or CPSUserFolder. Discrimination are done by LDAP branches (users or groups). If you can't control the LDAP and thus the way the branches are designed, for whatever reasons, then you can use CPSUserFolder and set the discrimination on the UF within each instance by setting custom CPS directories (which is what CPSUserFolder uses as proxy for authentication sources). To sum up it's a matter of configuration. I'm afraid there's more to it than just a matter of configuration, cf below... We'll be glad to discuss your use case on cps-users list. I've spent quite some time investigating the CPSUserFolder/Metadirectories/Stackingdirectories/backingDirectories... solution, and the final word (from Olivier Grisel, cf the cps-users ml) was that some code concerning roles and groups management was not yet fully implemented, so the whole thing couldn't work without patching and merging parts of CPSDirectories - which was a definitive no-no for us. I don't know if this has been fixed in 3.3.6, but anyway, this part of our project is supposed to be already working (and mostly does, except for this security problem), and we can't afford to come back on it, as it would delay delivery by at least one week - which is also not an option. But thanks anyway... -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Aquisition, UserFolder and security
Jens Vagelpohl wrote: On 27 Sep 2005, at 11:17, bruno modulix wrote: A normal pattern to use here would be to have one central user folder (e.g. at the root) and work with local roles in the sub-portals instead of having several user folders. I know, but I don't think it will possible here (this is an euphemism). The UserFolder is a LDAPUserGroupsFolder, users data are stored in a LDAP directory, with one branch for each CPS instance, and some user data and schema varying from one branch to another. We don't have the possibility to change this (it's part of a bigger system), and we don't have the time to rewrite a custom LDAPUserFolder that could accomodate this LDAP schema (this project was already very late when we took on it and we have a *very* tight deadline - I hate this situation, but I have to deal with it...). Any robust solution, as hackish as it may be, will be just fine, as long as we deliver on time. No idea what LDAPUserGroupsFolder is or what it does, It's a modified LDAPUserFolder that supports CPS/CMF groups. but for the standard LDAPUserFolder product you would instantiate a LDAPUserSatellite object in the subportals that would be configured to look up LDAP groups in specific DIT branches and convert them to user roles. The central user folder would not hand out any roles itself, it's only for authentication purposes in this setup. Yes, but the problem here is that parts of the *users* schema and data will vary according to the CPM - it's not just a matter of roles and perms - would have been to simple :-/ Once again, I'm well aware that some architectural choices here are less than optimal, but there are strong constraints, very tight deadline, and we just don't have time to make it right - in fact barely enough time to make it work at first. God knows I don't like working that way, but still, I have to deal with it :( -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Aquisition, UserFolder and security
Jonathan wrote: Could you create a central user folder (in root) and then create an external method which queries all of the LDAP branches and returns the appropriate local roles to the central user folder when the user logs in? This way you get a central user folder and can keep all your existing LDAP branches. Hi Jonathan Well, I've been thinking of such a solution, but I really don't have time to rewrite the whole damn thing - also, I'm not sure CPS would support using a 'central' UserFolder, so I'd probably need to write 2 specifics UserFolders (the second one delegating to the first) Just a thought. Yeps, could have been a solution... -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Aquisition, UserFolder and security
Julien Anguenot wrote: bruno modulix wrote: Julien Anguenot wrote: (snip) To sum up it's a matter of configuration. I'm afraid there's more to it than just a matter of configuration, cf below... I confirm. For having done the intranet of the Senegal gouvernement (almost 35 CPS (one instance for each ministry) on the same Zope within a ZEO env linked on a central LDAP with differents branches for users and groups per ministry) using CPS, I have sort if an idea what you're trying todo here. I've spent quite some time investigating the CPSUserFolder/Metadirectories/Stackingdirectories/backingDirectories... solution, and the final word (from Olivier Grisel, cf the cps-users ml) was that some code concerning roles and groups management was not yet fully implemented, so the whole thing couldn't work without patching and merging parts of CPSDirectories - which was a definitive no-no for us. I assume, you're talking about roles and groups compute schema fields here on directories. This is TALES expression linking the directories. The code can be wherever you wanna, even within the TALES expression if you feel like... That's probably, what Olivier tried to say. Still I didn't follow the discussion at this time. Too bad :( You'll find it on the cps-users list. I'm not a CPS expert[1] - and not even a Zope expert - but from what I saw, it seemed to imply more than only TALES expressions... [1] given the change pace and resulting lack of documentation, I guess only you Nuxeo guys have a good understanding of the whole product... Let me add that CPSUserFolder works and is in production for a while now in several projects. So be sure it's stable. I don't doubt it works fine. I just didn't managed to make the whole thing work, and couldn't afford to spend more time on it. I don't know if this has been fixed in 3.3.6, but anyway, this part of our project is supposed to be already working (and mostly does, except for this security problem), and we can't afford to come back on it, as it would delay delivery by at least one week - which is also not an option. But thanks anyway... Then, you might have a design flaw... Probably. Certainly. But we'll have to live with it for at least this and next iteration - our customer needs a working solution for yesterday, and we have pretty good reasons to do whatever we can to deliver yesterday. You didn' reply to my question at the first place : are you controling the LDAP (rw) ? Actually, no, r only. As I answered to Jens, it's part of a bigger system, and we have very few freedom here. This will probably change in the future, but we must first deal with the existing situation. Are the schemas describing your users differents in between the CPS instances ? Yes. etc... CPSUserFolder has been designed to tackle such a use case. (Not only this use case but this one has been a reason of the existence of this product.) I know, that's why my first try was to use the CPSUserFolder + metadirectories + etc solution. Now from what I saw (I may have missed some points, but...), we concluded that using LDAPUserGroupsFolder, at least for the first rounds, would be much more manageable - we (well... I) only forgot that aquisition could come in the way :( Of course, looking for a hack to deliver your project can always be solution ;) I'm afraid it's the only short-term solution we have. -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Aquisition, UserFolder and security
Julien Anguenot wrote: bruno modulix wrote: You'll find it on the cps-users list. I'm not a CPS expert[1] - and not even a Zope expert - but from what I saw, it seemed to imply more than only TALES expressions... [1] given the change pace and resulting lack of documentation, I guess only you Nuxeo guys have a good understanding of the whole product... CPS is an open process so contributions such as documentation, patches, codes, ideas etc... is always warmly welcome. I don't doubt it, but you'll agree that to document something, one has first to know how it works !-) Don't take me wrong, I'm not complaining about the lack of documentation - I know what is takes to document a project, and the fast changes surely don't help here. It's just a fact that CPS documentation is sparse and usually somewhat out-of-date, so it's use the code, Luke. Actually, my very modest contributions are restricted to a couple of tickets and work-around in Trac. More may come if and when I'll find time for it. Then, you might have a design flaw... Probably. Certainly. But we'll have to live with it for at least this and next iteration - our customer needs a working solution for yesterday, and we have pretty good reasons to do whatever we can to deliver yesterday. I understand. You didn' reply to my question at the first place : are you controling the LDAP (rw) ? Actually, no, r only. (snip) Are the schemas describing your users differents in between the CPS instances ? Yes. Argh..., it really would have been a job for CPSUserFolder... Yes, I know. And I would be sorry to conclude that I misunderstood what it took to make it work and gave up when I was almost done :-/ But I still have to find a way to handle the current situation... As I said at first, my guesses are either hacking the _isTop() method of LDAPUserGroupsFolder or finding some good hints/doc on using traversal hooks. If you can be of any help here, please be sure you'll gain ma reconnaissance éternelle... -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] [resolved ???] Aquisition, UserFolder and security
bruno modulix wrote: (snip) Each CPS instance has its own UserFolder. All users exists in the portal's UserFolder, but only exists in some CPMs UserFolders. Now the problem is that, due to acquisition, a member existing in the Portal but not in a given CPM can gain access to this CPM by faking the url - ie: going to mydomain.tld/portal/cpm instead of mydomain.tld/cpm. So we have a potential (err...) security hole here, that I would like to address ASAP. (snip) Another thing I've been thinking of, reading BasicUserFolder's source, would be to subclass it and redefine the _isTop() method so users wouldn't been looked up for in a UserFolder placed in the context by acquisition, but I don't know enough about the whole mechanism to be sure it would'nt have unwanted side-effects and drawbacks. Ok, I've tried a QD hack here, redifining userFolder's _isTop() to always return True, and it seems to do the job. But if someone is aware of any drawback of this hack (apart from the fact that there's no more way to authenticate again a 'higher' userFolder...), I'd be interested... It's also very possible that I missed another simpler and better solution, so here again, any hint, pointer etc is *very* welcome. This still holds !-) And thanks to the Three Jeez (Jens, Julien and Jonathan) for having taking time to try to help me. -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] how to programmatically control zope?
David Pratt wrote: Hi. This discussion has really helped me with my question about running asynchronous methods also since these kinds of requests could be cronned at the very least. But what about triggering this kind of script from the running zope instance. Is this possible? Two solutions a priori: - call an external method that launch a thread that do the job - fork and launch the script as a new process with os.execXXX You'll find documentations about threads and os.execXX in the Python's manual. Now there can be Zope-specific gotchas, but there I can't help you. -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] how to programmatically control zope?
akonsu wrote: hello, would someone please point me to the right direction? what is the preferred way to control a zope server programmatically? i need to be able to administer my zope instance from a script. add users, change permissions, create new sites, add objects to the sites. there is webdav, xml-rpc, what else? Interactively control/inspect/play with the server: ZOPE_INSTANCE/bin/zopectl debug Run a script on the server: ZOPE_INSTANCE/bin/zopectl run myscript.py [args...] There are a few tricks however: 1/ You can't run zopectl debug or zopectl run while you instance is running (as it locks the ZODB). The solution here is to set up a zeo instance (this is really easy), and have 2 zope instances, one serving the web requests, the other being used for debug/run 2/ changes made from the debug interactive shell or a script needs to be explicitely commited. The idiom is: # ... your code here get_transaction.commit() app._p_jar.sync() # app is the root zope object 3/ When accessing your zope server this way, you have the default Anonymous role. If you need Admin privileges (which may well be the case !-), you have to 'log in' by code. Here's a snippet I stoled from I-Can't-Remember-Where-But-Thanks-Anyway(tm) : from AccessControl.SecurityManagement import newSecurityManager def login(app, username): acl = app.acl_users user = acl.getUserById(username) assert user is not None user = user.__of__(acl) newSecurityManager(None, user) login(app, myadminlogin) 4/ Some Products or methods may need a REQUEST object, which is not provided by default. Here's a way to simulate one: from os import environ from sys import stdin, stdout from ZPublisher.HTTPRequest import HTTPRequest from ZPublisher.HTTPResponse import HTTPResponse from ZPublisher.BaseRequest import RequestContainer from ZPublisher import Publish from thread import get_ident def makerequest(app, stdout=stdout): # copy/hacked from Testing.makerequest resp = HTTPResponse(stdout=stdout) environ['SERVER_NAME']='foo' environ['SERVER_PORT']='80' environ['REQUEST_METHOD'] = 'GET' req = HTTPRequest(stdin, environ, resp) # first put the needed values in the request req['HTTP_ACCEPT_CHARSET'] = 'latin-15' req['HTTP_ACCEPT_LANGUAGE'] = 'fr' # etc, just fill what you need in the request # then store the request in Publish._requests # with the thread id id = get_ident() Publish._requests[id] = req # ok, let's wrap and return return app.__of__(RequestContainer(REQUEST = req)) app = makerequest(app) Most - if not everything - of what you do via the ZMI can be done by code. Reading the ZMI and the base Products source code may be a good way to learn the API. which one is the right way to do it? Depends on your needs. i am a newbie i hope this is not a frequent question, at least i did not find an answer in the documentation... This is usually not what newbies starts with !-) And I'm afraid that Zope's documentation is not always that helpful to newbies - not that it's that bad, but documentation, being freely contributed, is not always the strongest point of OSS projects, and Zope is quite a complex application anyway, so it's not easy to document. There again, it's mostly Use The Code, Luke. HTH -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] how to programmatically control zope?
Paul Winkler wrote: (snip) yep, I like working that way, and Bruno's introduction is excellent. blushThanks/blush One clarification however: 1/ You can't run zopectl debug or zopectl run while you instance is running (as it locks the ZODB). The solution here is to set up a zeo instance (this is really easy), and have 2 zope instances, one serving the web requests, the other being used for debug/run That's a bit misleading. With ZEO, you don't need two full instances (by which i mean directories containing their own etc, bin, var, and log subdirectories). You can run the Zeo server AND one Zope server out of a single instance home at the same time; and since your zopectl scripts won't normally involve starting up on a tcp/ip port, you can run those from the same instance too. I do it all the time. Woops ! Seems obvious when explained, but I missed that point. Doh :( Thanks Paul, this will simplify my sandbox setup scripts !-) -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Adding a zope product
Paul Hendrick wrote: Hi all, i've just started with zope, and i'm trying to write a filesystem product, so i can have a project in svn and work on it in the filesystem. I've followed the guide at zope.org for creating a minimal product, but can't get this to show up in the list of products. You have of course restarted your zope instance ? Can anyone see whats wrong? __init.py__ should be __init__.py --- import minimal def initialize(context): init the product contect.registerClass(minimal.minimal,constructor=(minimal.manage_addMinimal,)) This line should be indented. There's a typo also : s/contect/context/ Anyway, unless you have a compelling reason to stick with Zope 2.x, you should consider starting with Zope 3. -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Python/Zope job in France
Hi We're looking for a Python/Zope developer, free ASAP. Job based in Bordeaux, France. Please contact me for more informations -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] MVC Approach
Thomas Adams wrote: Hi all, I'm a newbie to Zope, using version 2.7.3 (okay it is not the newest one) and I want to know if there is something like a MVC approach available for Zope, i.e. Model-View-Controller approach, as it is for instance in Java with the Struts framework from Apache. (snip description of MVC à la Struts) To transfer this appraoch to Zope, I'm not sure: Views: DTML-Document and/or DTML-Methods? Nope, use ZopePageTemplates instead. DTML is useful for non-html templating (css, Javascript, SQL etc), but it's an horror when it comes to html IMHO. Controller: PythonScripts? You could get away with Python scripts, but Zope product(s) might be your best bet. Note that a single Zope Product can be composed of multiple classes, external methods, templates etc... Models: I'm absolutely not sure, Pluggable brains? Why ? This goes into the product too. Understand that a Zope product is not restricted to a single class, and that not all classes in a Zope product needs to be persistant or whatsoever. My 2 cents -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Why don't work?
Garito wrote: bruno modulix escribió: (snip) Hi Bruno http://yanged:8280/Papeles/Yanged/Links/Eliminar is an url that if I call it from my browser executes some python scripts that I define in a XML file Then Eliminar is a string not an object nor a method because, as I told you some mails ago, I has it via traverse_subpath mmm... The real Object (travesed) is Yanged that is a mixed object with a ZCatalog and a folder (like plone portal_catalog) Ok, that's what I wanted to know... When I ask for Yanged/Links/Eliminar I ask to the XML file to see what Python Scripts or Page Templates give back to me and the I execute them But, I think its very interesting for me that an action url don't work if I submit the form but works if I call it directly from the browser. thinking-out-loud 1/ Do you call it exactly the same way ? ie: http://yanged:8280/Papeles/Yanged/Links/Eliminar/; or http://yanged:8280/Papeles/Yanged/Links/Eliminar; 2/ When you call it 'directly from the browser', you send a GET request. When you call it from the form, you send a POST request. This may have something to do with your problem... Are you sure you end up calling the same component in both cases ? Is there any component involved that act differently depending on the HTTP method ? /thinking-out-loud Sorry, nothing more... :( -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Why don't work?
Garito wrote: Andreas Jung escribió: --On 6. Juli 2005 10:29:45 +0200 Garito [EMAIL PROTECTED] wrote: My question is why If I push Eliminar button don't submit the form to the correct url (http://yanged:8280/Papeles/Yanged/Links/Eliminar)? What happens instead? Look at your Z2.log to figure out what is requested. -aj Hi Aj! this is the Z2.log modification after submit the form *192.168.0.129 - Garito [06/Jul/2005:10:38:03 +0200] POST /Papeles/Yanged/Links/Eliminar/ HTTP/1.1 302 - 10.3.3 302 Found The requested resource resides temporarily under a different URI. Since the redirection might be altered on occasion, the client SHOULD continue to use the Request-URI for future requests. This response is only cacheable if indicated by a Cache-Control or Expires header field. The temporary URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s). If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued. Note: RFC 1945 and RFC 2068 specify that the client is not allowed to change the method on the redirected request. However, most existing user agent implementations treat 302 as if it were a 303 response, performing a GET on the Location field-value regardless of the original request method. The status codes 303 and 307 have been added for servers that wish to make unambiguously clear which kind of reaction is expected of the client. (http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html) 383 http://yanged:8280/Papeles/Yanged/Links/Ver; Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 192.168.0.129 - Garito [06/Jul/2005:10:38:03 +0200] GET /Papeles/Yanged/Links/Ver HTTP/1.1 200 3434 Your POST request seems to be transformed into a GET to another url... Now *why* this happens, I can't tell you... -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Why don't work?
Garito wrote: Lennart Regebro escribió: A wild guess: Your post works, but returns a redirect to a nother page, which returns nothing. This will look exactly like notyhing happened at the browser side. Yes, looking at Z2.log it seems it but If I execute the action url manually it works like I expect Any idea? Since we're not able to guess what your code is doing (well, I, at least, am not able to...), you could perhaps post it ? One thing that strikes me is the final slash in POST /Papeles/Yanged/Links/Eliminar/ What is Eliminar, exactly ? -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Why don't work?
Garito wrote: bruno modulix escribió: Garito wrote: Lennart Regebro escribió: A wild guess: Your post works, but returns a redirect to a nother page, which returns nothing. This will look exactly like notyhing happened at the browser side. Yes, looking at Z2.log it seems it but If I execute the action url manually it works like I expect Any idea? Since we're not able to guess what your code is doing (well, I, at least, am not able to...), you could perhaps post it ? One thing that strikes me is the final slash in POST /Papeles/Yanged/Links/Eliminar/ What is Eliminar, exactly ? Links/Eliminar is the execution path sarcastic Oh yes ? Really ? I sure wouldn't have guessed /sarcastic (using traverse_subpath) But if I execute the action URL directly on the browser it works fine Garito, if you expect anyone here to be of any help, please provide *useful* informations. When I ask What is Eliminar, exactly ?, I of course mean what kind of object is it (ie: a dtml method, a python script, etc...). PS: You may want to read this: http://www.catb.org/~esr/faqs/smart-questions.html -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Organisational vs. Functional hierarchies
David Given wrote: On Tue, 2005-04-19 at 18:43 +0200, bruno modulix wrote: [...] All of B's siblings are the same sort of object. Why do you have this strange idea ? From, uh, the documentation... because all of B's siblings will inherit the same methods from A. s/inherit/acquire/ [...] Then calls like: Rose/Text/MyFavouriteRoseStories/text_methods/do_this Ah, so *that's* how acquisition by context works! (I couldn't find any documentation on this. All the documentation about acquisition by context just says 'this is really complicated and I'm not going to describe it here'.) It *is* really complicated, and I'd advise you not to go for this solution. What you want is clearly a Product. 2/ Write a product for your object types. Here it could be a Flower object, extending Folder so you can put texts and images in, and having all the code needed for your texts and images. Unfortunately, this requires having the code dealing with text and images to be in the same place, which breaks encapsulation. Why ? What you want is a custom Flower object, that can handle texts and images, right ? But if this bother you too much, you can add to your product specific texts and images classes (remember, a product is a componant, not a class - it can be composed of multiple classes, templates, images, external methods etc). (snip) Meh. Can you point me at any good tutorial documentations? google for zope + minimal product. Also read the developper's book on zope.org. And read the code of a few products. That's how I did anyway. -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] tal:attributes and extra newline
Andreas Jung wrote: --On Montag, 18. April 2005 17:55 Uhr +0200 Pascal Peregrina [EMAIL PROTECTED] wrote: Ok, it was TALInterpreter after all, but you need a long list of attributes (on a single line / single tal:attributes statement I mean)... It's because of the TAL.TALInterpreter.TALInterpreter.wrap value defaulting to 60 (see __init__) I managed, in my object that relies on PageTemplate, to set warp to 0 and I got no more extra newlines. So, just to know, why is the default value 60 ? It could be 42 or 120 or 800 :-) And it *really* should be 42. -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Organisational vs. Functional hierarchies
David Given wrote: I apologise if this is a newbie question, but I can't seem to find anything in the documentation about this. The way Zope seems to want to organise things is so that folders roughly equate to classes. Nope. That is, if I have B inside A, then B inherits its behaviour from A. B acquire part of its behavior from A. But acquisition is not only by containment, it's also by context. All of B's siblings are the same sort of object. Why do you have this strange idea ? However, this means that I have to seperate all my various types of object by kind, regardless of whether they're related. Not at all. The most obvious think to do is to put your objects where they belongs - that is, use the ZODB hierarchie like you'd use a plain filesystem for a static site. Let's say I have a site that talks about flowers. I have two main kinds of object: images of flowers, which support methods for scaling etc, and descriptions of flowers, which support methods for rendering in various interesting ways. I have to arrange things like this: / Text HistoryOfTheDaisy MoreInformationAboutDaisies HowToGeneticallyEngineerRoses MyFavouriteRoseStories Images WildDaisy DomesticatedDaisy MutatedDaisyFromBeyondTimeAndSpace FakePictureOfABlackRose This works, but is a bit icky. I have my daisies mixed in with my roses. It would be far more convenient for organisational purposes if I arranged things like this: / Daisy Text HistoryOfTheDaisy MoreInformationAboutDaisies Images WildDaisy DomesticatedDaisy MutatedDaisyFromBeyondTimeAndSpace Rose Text HowToGeneticallyEngineerRoses MyFavouriteRoseStories Images MutatedDaisyFromBeyondTimeAndSpace FakePictureOfABlackRose But to make this work, I need to duplicate all the code in each 'Text' and 'Images' folder... Nope. The most obvious thing to do is : put that code in your root folder. Now everyone will acquire it, and you'll be a happy webmaster. (unless of course there are name clashes somewhere !-) Is it possible to tell Zope that methods for a particular kind of object should be found at a particular location, regardless of the containment hierarchy? 0/ Put all your code in the root folder and use acquisition by containment. QD, but proven to work. 1/ add (in the root folder, or anywhere on top of your Flowers) a folder for each 'type of object', put the 'methods' in, and use acquisition by context: text_methods dothis dothat image_methods: dosomething dosomethingelse Then calls like: Rose/Text/MyFavouriteRoseStories/text_methods/do_this Should work. But I would not do it (at least for your exemple). 2/ Write a product for your object types. Here it could be a Flower object, extending Folder so you can put texts and images in, and having all the code needed for your texts and images. Is this in fact possible, or do I need to start tinkering with custom products? Anyway, you *should* write your own Products - and for this kind of things, it's pretty easy. -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZPT list is dead... zpt nav question
Norbert Ray-Goldman wrote: so I am posting this here. I would like my zpt to list only folders in a director - essentially filtering out all other meta_type(s)... can you tell me where I am going wrong with the filtering here ? html head title tal:content=template/titleThe title/title /head body span a href=HOME_URL tal:attributes=href container/absolute_url tal:content=container/title_or_idTITLE OR ID/a span tal:repeat=item here/objectValues Make it: span tal:repeat=item python:here.objectValues('Folder') ...and remove the test on meta_types. Or you can also put the filter in a python script, so the template does not need to know about that... -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Persistent Objects
Roy S. Rapoport wrote: A coworker of mine wrote his own web server framework from scratch for an internal application. We're looking to migrate this application to Zope (thank God!). The only question we need to deal with is: The reason he wrote his own webserver rather than use CGIs is that there was some processing that needed to happen to initialize a system state -- basically, create an object that knows about the configuration of some things. In his model, this object is created at the beginning and is simply shared among the various Python objects/modules that are invoked when responding to user requests. How can I create such a persistent object that, say, a python script object or a page template could access? Just write a Python product (there's a bit of boilerplate code, but that's pretty easy) that inherit from persitence.Persistant and can handle all that stuff, and instantiate one at the root of the application. ZODB will take care of the persistence, and acquisition magic will make this object accessible from all the application. (Sure, handholding on this would be nice, but what I'm actually expecting is answers along the lines of look into foo) Look into Product, ZODB, and acquisition !-) -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] best practices Zope filesystem development
Andreas Jung wrote: --On Freitag, 8. April 2005 11:30 Uhr +0200 Milos Prudek [EMAIL PROTECTED] wrote: Hi, What are the best, most effective practices in leveraging filesystem when developing in Zope? I'm looking for an approach that would let me use keyboard and leave the mouse alone as much as possible. In other words, minimum use of ZMI even if TTW Python Scripts are used extensively. Instead of ZMI/External editor I need vim, grep, mv and cp to manipulate Zope ZODB. CFM + filesystem-based skin methods and templates. Or using ftp/webdav. BTW : there is a non-CFM skin implementation, but I found very few clues about how to use it (being a bit lazy, I'd prefer not having to learn the whole CFM stuff !-). Could someone point me to any exemple, doc or whatsoever so I could get started ? TIA -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Does anyone care whether we deprecate ZClasses?
Jim Fulton wrote: (snip) Does anyone care whether we deprecate ZClasses? ZClasses ? What are ZClasses ? (Sorry, couldn't resist. +1 for deprecation) -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Newbie Zope Howto
Enrique Arizón wrote: I'm trying to do a micro-Zope that basically store documents (PDFs scanned files) with some custom-made attributes (¿Who stores the document?, ¿where is the original -physical paper- stored?, ¿who is in charge of maintenance?, ¿token words?, ...) so that final users are able to search for stored docs based on those properties (ideally using regex approach, not exact matches). The idea is that users insert the scanned pdfs through a normal html form that forces them to input the additional data -properties- and reject the input if required fields are empty. Since I'm complety new to Zope and I see there are too many ways to approach the problem I wonder what's the easiest way to make it. I don't know if it's the easiest way, but this needs a specific Product developpement IMHO. Subclassing (or wrapping + delegating to) OFS.File shoud do it. As for searches, I'd first try to use Catalogs before trying ti reinvent the wheel. Also prefer ZPT for your form and delegate validation to a Python script (DTML is kind of messy IMHO) If you have no experience with Products developpement, I found these pages to be quite helpful : http://www.zope.org/Members/maxm/HowTo/minimal_01 http://www.zope.org/Members/maxm/HowTo/minimal_02 caution : there are a few small errors in the code - I promised the author to send him a correction, but did not found time to do so :( Thanks in advance for any help, hint or link!! HTH -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )