Re: [Zope-dev] Added rename to ZOPE FTP server
Tom Vijlbrief wrote: Hi, I've added the rename capability to the Zope FTP-server, so I could use the KDE FTP client (this is a known Zope bug). Cool :-) Thank you very much Have you put them into the collector? http://classic.zope.org:8080/Collector/ cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How would I keep _v_* attributes from getting thrown away?
John D. Heintz writes: I am using ZODB along with CORBA to expose peristent objects. Some of my objects have per-connection/session state. ... My initial idea is to have a _v_position attribute ... Using "_v_" attributes for session state is a very bad idea. They are thread(!) local and not session local. This means, if a following request of your user (in the same session) happens to get assigned a different thread, it will read and update a different position. Chaos is garanteed (though you will see it only, if your site is loaded). Use a session product (- zope.org) for session data. Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZCatalog scalability
Steve Alexander writes: Michael Bernstein wrote: Also, is there a way to disable wildcards in full text searches? Do not allow direct queries to search the catalog. Instead, make searches go through an external method (or a PythonScript with Proxy permissions) that uses string.replace to change '*' and '?' to ''. Simply do not use a globbing vocabulary is another alternative. Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Annouce Developer Version DTML-Page-Contract
hello zen masters i just finished documenting a developer version of a port of the ACS's (arsdigita community system) acs_page_contract to dtml. test it out, i'm pretty sure everyone will be happy with the simplification of the resulting dtml. feed back and thoughts welcome. if no bugs are found in the next week or so i'll make it a general release, new filters are always welcome. available at http://www.zope.org/Members/k_vertigo/PageContract.tgz kapil readme included below. README.txt INSTALL: extract PageContact.tgz in your zope directory. it will create a python product in lib/python/Products. you will need to restart zope before you can use dtml-contract UNINSTALL: remove the PageContract directory from lib/python/Products and restart zope. I. What Page-Contract is a python product that adds a new type of dtml-tag to your zope installation. dtml-contract is a multi-purpose tag that is designed to provide documentation, marshalling and filtering of request data, and custom error handling of the request data. the documentation comes from a read only section of the contract which should describe the purpose of the object, its author, and some information about its parameters. the marshalling and filtering is done by naming variables expected in the request and associating one or more filters with those variables. PageContract comes with a set of prebuilt filters although it can easily be extended by writing new filters. lastly it allows association of different error handlers to different variables. II. Why Zope already includes facilties to perform simple marshalling of REQUEST values submitted via GET/POST into python data_types. This facility is built into ZPublisher. There are a couple of problems with this facility in real world usage. First, ZPublishers marshalling isn't secure because it retrievesmarshalling info from the REQUEST, a cracker could perform url surgery to by pass the marshalling. Second, ZPublishers marshalling isn't easily extensible to provide application level support of. The marshalling is buried square in the guts of the Publishing process, even if you did extend it would be too early in the Publishing of the object to perform any meaningful application specific processing (ie you don't know where you're going so how do you know what you'll see when you get there). Third ZPublisher has no concept of excluding parts of the REQUEST that aren't needed, this is mitigated by Zope placing the REQUEST on the bottom of the namespace stack, however it still provides a means for accidents (ie. you're expecting this object to have this attr, but it doesn't but the REQUEST has that attr). dtml-contract can optionally strip the REQUEST of variables not explicitly named within it. Fourth, ZPublisher is inflexible about how it handles errors. ZPublisher has hardcoded return values whenever it hits a bad input AND it short circuits the evalutation. Users don't get informative messages regarding their errors other than they made one. dtml-contract differs in that it collects all errors and associates them with their variables and provides the option of custom error pages on a variable by variable basis with information passing about the errors. (The current implementation is limited in that it only passes a list of filter errors to the error handler via a url string.) The dtml-contract also hopes to offer a standardized form of documenting your zope objects (DTML_METHODS, DOCUMENTS, and the like) by standardizing on a documentation format and a location for that documentation. III. How So how do you use it? dtml-contract Documentation about this object @author Kapil Thangavelu [EMAIL PROTECTED] @params myobj_id the id of the object where after @params title we'll set the object's title to this value @params thedate should be the range of the bada and bing @params foobar optional integer value that tells us whats going on dtml-params myobj_id:objid foobar:integer,optional thedate:range(date, 1.1.1, 11/11/11) title:string dtml-exceptions myobj_id:my_error_page generic_error_page /dtml-contract Generally dtml-contracts should be used at the start of a dtml page. why? so they can be easily referenced for documentation and knowledge of the expected parameters. Caveats. Note that there are no strict enforcements of the documentation section. Although some future documentation extraction
Re: [Zope-dev] How would I keep _v_* attributes from getting thrown away?
Thanks for the warning Dieter, but I'm managing threads/connections/sessions/POAs and a few other things already to expose ZODB objects through CORBA sessions. I wanted the _v_* attributes to live for the life of the DB Connections. Last night I found a fix for the bug that prevented me from overriding the _p_deactivate() method on Persistent objects, so I think that I will just do this: class ... def _p_deactivate(self): temp_position = self._v_position Persistent._p_deactivate(self) self._v_position = temp_position Thanks for the help though. John Dieter Maurer wrote: John D. Heintz writes: I am using ZODB along with CORBA to expose peristent objects. Some of my objects have per-connection/session state. ... My initial idea is to have a _v_position attribute ... Using "_v_" attributes for session state is a very bad idea. They are thread(!) local and not session local. This means, if a following request of your user (in the same session) happens to get assigned a different thread, it will read and update a different position. Chaos is garanteed (though you will see it only, if your site is loaded). Use a session product (- zope.org) for session data. Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope ) -- . . . . . . . . . . . . . . . . . . . . . . . . John D. Heintz | Senior Engineer 1016 La Posada Dr. | Suite 240 | Austin TX 78752 T 512.633.1198 | [EMAIL PROTECTED] w w w . d a t a c h a n n e l . c o m ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Local roles and security of ZClass instances in Specialists
Hi, I'm trying to work out a security strategy for data stored in Specialists, where specific users need access to specific data instances. For example: A Customer object is linked to a Person and Address objects. The customer needs permission to edit the her - and only her - Address object. Using the Owner local role won't work, because customers can be registered by site managers and customer support people, in which case Owner won't be the customer. I can solve this by giving the customer a local role when creating her Address object: Customers.addCustomer(REQUEST): ni = container.addItem(some_id) container.Addresses.addAddressFor(ni.id, REQUEST) Addresses.addAddressFor(for_id, REQUEST): ni = container.addItem(some_id) ni.manage_addLocalRole(for_id, 'EditMyDetails') But this can be a lot of work - If an Address object can also be created for a CreditCard object, addCreditCard will have to both set its own local role, and pass the customer id on to Address... But the main problem is that I'm not sure if it will work at all - can local roles be set for DataSkins that aren't stored in the ZODB? From what I can see ZPatterns doesn't support this, so I'll have to do it myself. __ac_local_roles__ can't be accessed in a SkinScript - so will I have to override has_local_roles, get_local_roles and get_local_roles_for_userid and call them from the SkinScript? This is getting hairy... Without local roles, all I can think of is explicitly checking that the logged in user is the right customer in all the methods that display and edit the object, which is very ugly. Plus it would require Address to know a customer_id even when it actually belongs to a CreditCard, not a Customer... there goes Demeter. Or I can add a findUserID to Address, CreditCard and Customer, all of which pass the request upwards until one is reached that actually knows the customer. Still ugly. TIA for Any comments/suggestions. Itai -- Itai Tavor"Je sautille, donc je suis." C3Works[EMAIL PROTECTED] - Kermit the Frog "If you haven't got your health, you haven't got anything" ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Membership and the 2.3 beta2 ... bug in the latter!
Broke. broke badly. Not sur ecompletely why yet, but in 2.3b2, I can't move or copy a ZCatalog. There is one in the Membership interface, so as a result, no workie there. After deleteing int from teh membership interface folder, I get a traceback complaining about too many arguments in checkRoles (3 instead of 2). I haven't had time to dig into it yet, so I thought I would toss it up here so anyone with visibility to this issue can look at it. Bill Anderson ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Specialist/Rack scalability
"Phillip J. Eby" wrote: Just to expand a little on the abov... Racks should scale at least as well, if not larger than a ZCatalog, given the same storage backing for the ZODB. This is because ZCatalog has to manage a minimum of one forward and reverse BTree for *each* index, plus another few BTrees for overall storage and housekeeping. Also, keyword and full text indexes store multiple BTree entries per object, so that's a factor as well. So don't worry about the Rack. If you're using a Rack, you can store the data anywhere, and you can index it in an RDBMS, LDAP directory, ZCatalog, or some combination thereof, using triggers to keep the data in sync. Thanks Philip, that's reassuring. I guess now I need to make certain that the ZCatalog can scale as far as I need it to. Michael Bernstein. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Is manage_add for products broken?
Hello all, One of the Local File System users pointed out that calling manage_addLocalFS from dtml doesn't work. I did some checking and discovered that calling manage_addXXX doesn't work for any of the built-in products either. My testing was with 2.2.5. Am I crazy or didn't this work at one time? Is there a way to work around this? I couldn't find one. Thanks very much. Any help is appreciated. --jfarr ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZCatalog scalability
We seem to have disposed of the wildcard issue [snipped out below], and I'm looking forward to Eric's results, but does anyone else have any information about whether there is a practical upper limit on how many objects can be indexed and searched in a ZCatalog? Michael Bernstein wrote: After comsidering the feedback I got from the previous 'Massive scalability' thread, I decided to split my queries into two areas: Rack scalability and ZCatalog scalability. This email deals with the latter. [snip] What I am interested in for my application are two things: - ZTopics populated using one or more keyword indexes - Full text search on a single computed attribute that concatenates several fields including the aforementioned keyword index fields and a few simple string attributes (title, caption, description, etc.) I need to know how far the ZCatalog will scale using this indexing and search strategy. Does anyone have anectodal or benchmark data to suggest if (and when) I will hit a 'wall' regarding the number of objects being indexed and searched? Some anectodal data suggests that single field indexing will scale easily to 60,000 objects, but what about hundreds of thousands or even millions of objects? [snip] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
