Re: [Zope-dev] What causes the failure
The latest CVS doesn't seem to like tiny tables. Anybody got similar problems? Seems rather a brutal kind of error to say the super user can't own any objects. Zope Error Zope has encountered an error while publishing this resource. Error Type: SuperCannotOwn Error Value: Objects cannot be owned by the superuser . Traceback (innermost last): File C:\Python\devel\Zope\lib\python\ZPublisher\Publish.py, line 224, in publish_module File C:\Python\devel\Zope\lib\python\ZPublisher\Publish.py, line 189, in publish File C:\Python\devel\Zope\lib\python\Zope\__init__.py, line 221, in zpublisher_exception_hook (Object: ApplicationDefaultPermissions) File C:\Python\devel\Zope\lib\python\ZPublisher\Publish.py, line 175, in publish File C:\Python\devel\Zope\lib\python\ZPublisher\mapply.py, line 160, in mapply (Object: addItem) File C:\Python\devel\Zope\lib\python\ZPublisher\Publish.py, line 112, in call_object (Object: addItem) File C:\Python\devel\Zope\lib\python\Products\TinyTable\TinyTable.py, line 57, in addItem (Object: ApplicationDefaultPermissions) File C:\Python\devel\Zope\lib\python\OFS\ObjectManager.py, line 245, in _setObject (Object: ApplicationDefaultPermissions) File C:\Python\devel\Zope\lib\python\AccessControl\Owned.py, line 265, in manage_fixupOwnershipAfterAdd (Object: t) SuperCannotOwn: (see above) -- Robin Becker ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Methods through the Web (security?)
On Thu, 18 May 2000 16:55:37 +0200, Martijn Faassen <[EMAIL PROTECTED]> wrote: >Brian Lloyd wrote: >> Yes you could, except that you would also make them inaccessible >> from DTML (or from anywhere else) for the same class of users. >> >> Is it really acceptable that in order to use >> on a page that needs to be accessible to anonymous users that I >> must grant 'Access contents information' to anonymous users and >> thus give them the ability to inspect my objects if they want to? > >So you have something like: > >'Access at all' (this is 'Access Contents Information') > >'Access through URL' (the 'expose' flag I talked about in previous posts) > >'Access through FTP' > >'Access through XML-RPC' It sounds like what you really want is the ability to provide a different Anonymous User objects, based on how the user is accessing the server. You could have separate "Anonymous RPC User", "Anonymous FTP User" etc, and use the existing mechanism to give different permissions to each user. Toby Dickenson [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Strange ZClass permissions problem with 2.2a1
On Fri, 19 May 2000, Dr. Ross Lazarus wrote: > Yep, trying to access a newly instantiated empty zclass instance > produces the same error. > > Looks like a bug. Email me if you want an exported version of my zclass > to poke and prod at... Evan Simpson remarked to me as I walked in this morning that he was reproducing your issue on a newly-created ZClass. Go ahead and pop it into the Collector. Tres. -- === Tres Seaver[EMAIL PROTECTED] Digital Creations "Zope Dealers" http://www.zope.org ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Strange ZClass permissions problem with 2.2a1
Yep, trying to access a newly instantiated empty zclass instance produces the same error. Looks like a bug. Email me if you want an exported version of my zclass to poke and prod at... Tres Seaver wrote: > Does the problem repeat in the "vanilla" version if you just create a > new instance of your ZClass, instead of importing the old pickle? If > so, it is definitely a "bug"; if not, it may be a "migration problem," > with a fix like the one Brian posted for recursively "re-ownering" > Zope.org. > > If I take out manage_tabs from the offending ZClass index_html > > method, I can view index_html (but of course, I can't use the > > management stuff built in! making it rather useless), so that's > > where we're getting into trouble for sure. > > > > I've tried starting out with a vanilla 2.2a1 Data.fs and importing all > > the zclasses and the relevent folders - no difference. > > > > Anyone else seeing this? > > Is this worthy of the collector? > -- Dr Ross Lazarus Associate Professor and Sub-Dean for Information Technology Faculty of Medicine, Room 126A, A27, University of Sydney, Camperdown, NSW 2006, Australia Tel: (+61 2) 93514429 Mobile: +61414872482 Fax: (+61 2) 93516646 Email: [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Displaying Excel Workbooks on a Zope site
I am using a Zope site as a repository for documentation on a business application that I'm involved in supporting. Site content presently includes a mixture of HTML pages and MS Word and Excel documents. The site uses a frameset to contain a DTML-Tree based navigation structure in the left frame, and displayed pages in the right frame. When I attempt to open MS Office documents in the right frame they typically open fine the 1st time around, but if I move off the page and seek to revisit them I'm presented with a download dialog box rather than the page itself. I imagine that this is a caching issue. If anyone was able to help with some ideas on the behaviour of MS Office documents in Zope it would be most appreciated. Best regards Adam ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: Fixed reply Re: [Zope-dev] Trouble setting LoginManager default user class default user class
Phillip J. Eby writes: > At 04:04 PM 5/18/00 -0400, Dan L. Pierson wrote: > > > >The portal now gets created, but I can't login to the initial account. > >I also can't display the members roster by clicking on Members > >(AttributeError for getUsers), but can write a DTML method in the > >UserSource that lists all one user. The code in DemoPortalBase that > >trys to display the roster follows, I suspect it's this bug again, but > >don't know where to put the __of__: > > Actually, the problem is probably that, as a DTML method, it expects to be > passed its containing object as the first parameter. You might try using a > PythonMethod, DTML Document, or an ExternalMethod instead. I must not have been clear. The DTML method works. It's the Python code in the previous message that doesn't. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Double-aborting of objects registered w/transactions, andrelated weirdness related weirdness
[reported to Collector; posted as FYI] Under certain circumstances, Zope transaction objects will have their abort() method called more than once for the same transaction, which leads to jar.abort() operations being called twice. This occurs any time that the zpublisher_exception_hook reraises the original exception, such as if the exception is an 'unauthorized' or 'redirect', or if a standard_error_message handler can't be found, or the transaction is being executed by XML-RPC or some other non-HTML protocol. Under "normal" circumstances (most other errors), the transaction's abort() method is *still* called twice, but with different arguments that lead to registered objects being aborted only once. This is a mess, because to write objects which can be registered with a transaction, one must consider the possibility of being aborted twice during the same transaction. It appears that the Zope exception hook uses get_transaction.begin() in order to do an abort. If it first did an abort(), this would at least make the double-abort behavior consistent. :) In practice, it seems as though it would be better to avoid double aborts by always having the abort method clear/reset self._objects. (The second abort takes place as a result of the __del__ method being called while there are still registered objects, following the free_transaction() called in the first execution of abort(). (Are you confused yet?) To add to the interestingness of this situation, there is a method which releases cached connection objects associated with the transaction, in collaboration with ZODB.DB.open(). This collaborating pair looks completely broken, as it assumes only a single DB exists, and also the method only ends up called by aborts, not commits. It does not appear as though anything in Zope uses this mechanism currently, but it should probably be fixed or removed before somebody hurts themselves with it. :) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] How does the submit magic work in, eg, ZCatalog manage_addIndex?
On Thu, 18 May 2000, Chris McDonough wrote: > yourcatalog._catalog.addIndex(id, 'FieldIndex') Sorry, I started that email when I was about to ask the question you answered, then figured it out myself and changed the email body to ask a new question, but forgot to change the email subject . > "R. David Murray" wrote: > > > > I was just looking at the ZCatalog code to figure out how to programatically > > add an index to a Catalog. I figured out how to do that fairly easily, > > but the code I was looking at has me a bit mystified. The method > > manage_addIndex is defined. The form that you use through the > > management interface to add an index has a submit button whose name > > is manage_addIndex:method. OK, that all looks like reasonable > > magic (magic because I don't know exactly what happens when a button > > gets marshalled as a method). > > > > Here's the part I don't understand: the form's action is set to the > > Catalog itself. manage_addIndex expects the index name and type > > as its first two parameters. Where does the magic come from that > > turns the form submission into a correct call to manage_addIndex? > > > > Probably I'm missing something obvious, but I will appreciate any > > aid in increasing my Zope Zen level here . > > > > --RDM > > > > ___ > > Zope-Dev maillist - [EMAIL PROTECTED] > > http://lists.zope.org/mailman/listinfo/zope-dev > > ** No cross posts or HTML encoding! ** > > (Related lists - > > http://lists.zope.org/mailman/listinfo/zope-announce > > http://lists.zope.org/mailman/listinfo/zope ) > > -- > Chris McDonough > Digital Creations > Publishers of Zope - http://www.zope.org > ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Adding ZCatalog index programatically
How about: yourcatalog._catalog.addIndex(id, 'FieldIndex') replace FieldIndex with TextIndex or KeywordIndex as desired. "R. David Murray" wrote: > > I was just looking at the ZCatalog code to figure out how to programatically > add an index to a Catalog. I figured out how to do that fairly easily, > but the code I was looking at has me a bit mystified. The method > manage_addIndex is defined. The form that you use through the > management interface to add an index has a submit button whose name > is manage_addIndex:method. OK, that all looks like reasonable > magic (magic because I don't know exactly what happens when a button > gets marshalled as a method). > > Here's the part I don't understand: the form's action is set to the > Catalog itself. manage_addIndex expects the index name and type > as its first two parameters. Where does the magic come from that > turns the form submission into a correct call to manage_addIndex? > > Probably I'm missing something obvious, but I will appreciate any > aid in increasing my Zope Zen level here . > > --RDM > > ___ > Zope-Dev maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope ) -- Chris McDonough Digital Creations Publishers of Zope - http://www.zope.org ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Adding ZCatalog index programatically
I was just looking at the ZCatalog code to figure out how to programatically add an index to a Catalog. I figured out how to do that fairly easily, but the code I was looking at has me a bit mystified. The method manage_addIndex is defined. The form that you use through the management interface to add an index has a submit button whose name is manage_addIndex:method. OK, that all looks like reasonable magic (magic because I don't know exactly what happens when a button gets marshalled as a method). Here's the part I don't understand: the form's action is set to the Catalog itself. manage_addIndex expects the index name and type as its first two parameters. Where does the magic come from that turns the form submission into a correct call to manage_addIndex? Probably I'm missing something obvious, but I will appreciate any aid in increasing my Zope Zen level here . --RDM ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: Fixed reply Re: [Zope-dev] Trouble setting LoginManager default user class default user class
At 04:04 PM 5/18/00 -0400, Dan L. Pierson wrote: > >The portal now gets created, but I can't login to the initial account. >I also can't display the members roster by clicking on Members >(AttributeError for getUsers), but can write a DTML method in the >UserSource that lists all one user. The code in DemoPortalBase that >trys to display the roster follows, I suspect it's this bug again, but >don't know where to put the __of__: Actually, the problem is probably that, as a DTML method, it expects to be passed its containing object as the first parameter. You might try using a PythonMethod, DTML Document, or an ExternalMethod instead. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZServer Ftp Active mode through firewall
Shane Hathaway wrote: > Kent Polk wrote: > > If we could simply solve this problem by replacing our active ftp > > clients with passive ones, it would be great, but it still doesn't > > solve the problem of clients *elsewhere* which are running behind > > a firewall and attempting to contact our server... > > One possible way to solve this is to use an FTP proxy. A quick search > at freshmeat.net yielded: > > http://www.mcknight.de/jftpgw/ Now this gets really convoluted... :^( We have it up and running, but user/permissions/role translation quickly turns into a really bad nightmare. Why can't root launch ZServer and have port 20 permissions? jftpgw has to do that to have active ftp work anyway. Why add yet another Point of Entry/Confusion? As I mentioned earlier, why not have it respond on port 20 if it has permissions, otherwise respond via high port#?? What am I missing here? ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Fixed reply Re: [Zope-dev] Trouble setting LoginManagerdefault user class default user class
Phillip J. Eby writes: > Um, no. You've found a bug in PlugInGroup.objectValues(). :( It doesn't > wrap the returned objects in the context of the PlugInContainer > (LoginManager in this case). As a workaround, you can say > us.__of__(self.acl_users).manage_setStorage(). Sorry; I'm fixing this in > the code right now. Hurray! That got me to the next bug :-) The portal now gets created, but I can't login to the initial account. I also can't display the members roster by clicking on Members (AttributeError for getUsers), but can write a DTML method in the UserSource that lists all one user. The code in DemoPortalBase that trys to display the roster follows, I suspect it's this bug again, but don't know where to put the __of__: def getRoster(self, REQUEST): """ Return a list of the usernames of those users who have made themselves "listed". If Manager, return a list of all usernames. """ # Consider changing this to check for a permission rather than a role if REQUEST.AUTHENTICATED_USER.has_role('Manager'): return self.acl_users.getUserNames() names = [] for user in self.acl_users.getUsers(): if user.listed: names.append(user.getUserName()) return names Thanks for all the help, Dan Pierson ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] a simple example of the ZPatterns frame work
"Phillip J. Eby" wrote: > >The AttributeProvider (that my rack have by default) raise an exception > >in MyItem.__init__ because i and s do not exist (indeed, I want to > >create them in the instance!) > > Could you give the traceback? I think it is more likely your __init__ is > failing because you are setting self.id. You should not set self.id > directly in your __init__ method, you should call RackMountable's __init__ > method like this: > Thanks for the insight. It is a pity that I can't write e-mail from where I work. When I'm back to the office, I will cut and paste the traceback and send it to you tomorrow. I hope it will be useful. You probably noticed that when you are at work, it's time to sleep for me. see you tomorrow :-) we-should-definitely-have-36-hours-a-day-ly yours, Jephte CLAIN [EMAIL PROTECTED] begin:vcard n:CLAIN;Jephte x-mozilla-html:FALSE version:2.1 email;internet:[EMAIL PROTECTED] adr;quoted-printable:;;71 rue Lory les Hauts=0D=0AAppt 16;Ste Clotilde;;97490; x-mozilla-cpt:;0 fn:Jephte CLAIN end:vcard
[Zope-dev] Re: Fixed reply Re: [Zope-dev] Trouble setting LoginManagerdefault user class default user class
At 01:49 PM 5/18/00 -0400, Dan L. Pierson wrote: >Oops, my reply of yesterday was missing the actual error I get using >manage_setStorage. It's an AttributeError for aq_acquire! I can't >see how I could be getting this since PersistentUserSource singly >inherits from BasicUserSource which inherits from Rack. What happened >to my aq_acquire? Does it have to do with some mistake in the way I'm >calling manage_addLoginManager? Um, no. You've found a bug in PlugInGroup.objectValues(). :( It doesn't wrap the returned objects in the context of the PlugInContainer (LoginManager in this case). As a workaround, you can say us.__of__(self.acl_users).manage_setStorage(). Sorry; I'm fixing this in the code right now. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZODB now supports user-defined __get/set/delattr__ methods
FYI, I have found a problem with the setattr/delattr implementation. I'm not sure it's technically a bug, but if I understand the code correctly, setting or deleting a non _v_ attribute on a cPersistent will always cause the object to be marked changed, regardless of what the Python-level __set/delattr__ routine does. This seems incorrect for situations where the Python-level code is manipulating an external attribute. IMHO, the correct behavior would be to require a "persistent" __setattr__ or __delattr__ to use _p_changed directly if they are manipulating the object data. This is the algorithm used by ZPatterns, and also seems consistent with the normal semantics of having a __setattr__ or __delattr__ routine - i.e., if you implement a set/del hook, you have to implement it completely. At 02:02 PM 5/16/00 -0400, Jim Fulton wrote: > >I've just checked in some changes to ExtensionClass, >and ZODB in the Zope CVS tree that provide support >for user-defined (python) __get/set/delattr__ methods. >These methods now have the same semantics as they do >in standard Python classes. > >This means that you can define your own >__get/set/delattr__ hooks and they will automatically >work with, rather than break, the persistence system's >use of the low-level attribute hooks. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] updated Wikki with __call__ issue
I added another note on the Wikki regarding the XSLTMethod __call__ issue, more information on the ZPublisher is neccessesary for any progress. Is there any good documentation on the subject? Here is the link to the issue: http://216.164.72.7:7780/Wiki/Members/jim/ZDOM/Issue%20with%20__call__%20and%20Aquisition -- Chimezie Thomas-Ogbuji Junior Consultant Fourthought Inc. (303) 583 9900 ext 104 [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Fixed reply Re: [Zope-dev] Trouble setting LoginManager default user class
Oops, my reply of yesterday was missing the actual error I get using manage_setStorage. It's an AttributeError for aq_acquire! I can't see how I could be getting this since PersistentUserSource singly inherits from BasicUserSource which inherits from Rack. What happened to my aq_acquire? Does it have to do with some mistake in the way I'm calling manage_addLoginManager? Phillip J. Eby writes: > At 10:01 PM 5/17/00 +0100, Steve Alexander wrote: > > > >The _defaultClass only needs to become DemoPortal.LoginMember before a > >Portal's LoginManager instance is created. > > > >Therefore, you can leave the _defaultClass as LoginUser until the > >"install" method of DemoPortalBase is called (PTKDemo/Portal.py). > > > >In the "install" method, after creating a MembersClass(), set its > >_defaultClass to LoginMember. > > It would be better to call manage_setStorage(zclass='meta type') rather > than tinkering with attributes directly, as manage_setStorage should always > be forward-compatible. Ah yes, forgot about this problem -- it was yesterday... Here's my current code from DemoPortalBase.install: elif db == 'LoginManager': from Products.LoginManager.LoginManager import \ LoginManager, manage_addLoginManager from PersistentUserSource import PersistentUserSource self.MembersClass = LoginManager # maybe not needed anymore manage_addLoginManager(self, 'Persistent User Source', ['Basic Auth Login'], 0, 0, 0) #self.acl_users.manage_setStorage('DemoPortal/LoginMember') for us in self.acl_users.UserSourcesGroup.objectValues(): if us.meta_type == 'Persistent User Source': us.manage_setStorage('DemoPortal/LoginMember') The commented out line fails because it doesn't have a manage_setStorage. The uncommented out code causes the following traceback. It was after I hit this that I started hacking on _defaultClass... Probably I should have yelled for help then, but I have this bad habit of digging myself in as far a possible first :-) Traceback (innermost last): File /home/zope/lib/python/ZPublisher/Publish.py, line 214, in publish_module File /home/zope/lib/python/ZPublisher/Publish.py, line 179, in publish File /home/zope/lib/python/Zope/__init__.py, line 202, in zpublisher_exception_hook File /home/zope/lib/python/ZPublisher/Publish.py, line 165, in publish File /home/zope/lib/python/ZPublisher/mapply.py, line 160, in mapply (Object: Portal_add) File /home/zope/lib/python/ZPublisher/Publish.py, line 102, in call_object (Object: Portal_add) File /home/zope/lib/python/OFS/DTMLMethod.py, line 150, in __call__ (Object: Portal_add) File /home/zope/lib/python/DocumentTemplate/DT_String.py, line 502, in __call__ (Object: Portal_add) File /home/zope/lib/python/DocumentTemplate/DT_With.py, line 148, in render (Object: Portal.createInObjectManager(REQUEST['id'], REQUEST)) File /home/zope/lib/python/Products/PTKDemo/Portal.py, line 71, in install (Object: DemoPortalBase) File /home/dan/src/Zope-2.1.6-src/lib/python/Products/ZPatterns/Rack.py, line 348, in manage_setStorage (Object: AttributeProviderContainer) File /home/dan/src/Zope-2.1.6-src/lib/python/Products/ZPatterns/Rack.py, line 225, in _unifiedZClassRegistry (Object: AttributeProviderContainer) AttributeError: (see above) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZServer Ftp Active mode through firewall
Kent Polk wrote: > If we could simply solve this problem by replacing our active ftp > clients with passive ones, it would be great, but it still doesn't > solve the problem of clients *elsewhere* which are running behind > a firewall and attempting to contact our server... One possible way to solve this is to use an FTP proxy. A quick search at freshmeat.net yielded: http://www.mcknight.de/jftpgw/ > And here I thought active ftp clients had gone by the wayside years > ago, considering the problem they have with firewalls... Solaris, > RedHat, and NT still have active ftp clients by default, which are > the main clients boxes which will be hitting the server. Passive mode is indeed more compatible--all the browsers I've used make passive connections and don't even provide an "active" option. Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZServer Ftp Active mode through firewall
On 18 May 2000 08:45:02 -0500, Shane Hathaway wrote: >Kent, > >If possible, I'd like you to check whether the FTP server is trying to >make the connection from a port other than 20. Then try out a Ahhh! figured it out... 1) ZServer passive mode appears correct. 2) ZServer active mode responds on the *wrong port number* Active mode is supposed to respond from port 20 for the data port but ZServer is using a high port number, similar to passive mode. Passive mode succeeds because the firewall allows outgoing high port#'s, but blocks incoming high port#'s unless it sees a port 20 response from the outside server. Active mode observed behavior with ZServer : - client connects to server port 21, requests (high#) data port - server responds from server high p# to client data port - client receives data port response (unless firewall blocks) >different FTP server that is working through the firewall (on active >mode connections) and see if it connects from port 20. If so, we have Active mode observed behavior with WUFTP server : - client connects to server port 21, requests (high#) data port - server responds from server port 20 to client data port - (firewall recognizes port 20 response, enables data port) - client receives data port response (Note that wuftpd runs as root...) >found the problem. The solution is not obvious to me, however, >considering the restriction of allocation of ports below 1024. Exactly. If ZServer isn't running with root privs, it *can't* respond on port 20. >Guidance is welcome... What might be the recommended procedure to allow ZServer to open port 20? Possibly detect if running with root privs and use port 20 instead of high port# for active mode? If we could simply solve this problem by replacing our active ftp clients with passive ones, it would be great, but it still doesn't solve the problem of clients *elsewhere* which are running behind a firewall and attempting to contact our server... And here I thought active ftp clients had gone by the wayside years ago, considering the problem they have with firewalls... Solaris, RedHat, and NT still have active ftp clients by default, which are the main clients boxes which will be hitting the server. Thanks Much! ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.2.0a1 Problems
On Wed, May 17, 2000 at 03:28:58PM -0400, Brian Lloyd wrote: > > - start.bat still hasn't been renamed. It's not that bright since > > windows has had a start command for ages now... typing start.bat tries > > to 'start' something called .bat. doh... > > The only way to get it to work is > > "start.bat" > > or > > ./start > > which is very weird on an NT box although quite normal on UNIX ;-) > > We are going to move a better 'zopectl start', 'zopectl stop' sort of > setup, though its not there yet. This will make a number of things > better. It's nice to hear that! Can you tell me who's working on this, maybe we can work together on finding a better solution than my zopectl script. Gregor PGP signature
Re: [Zope-dev] ZCatalog and Umlaut Problems
Alexander Schad wrote: > > Hi Folks! > > I experienced some problems using Umlauts (ä,ö,ü,ß) in ZCatalog. The > problems seems to be that the umlauts get html_quoted when indexed i.e. > u-umlaut becomes ü but when i search for an umlaut they get > url_quoted u-umlaut becomes %FC and though the entry wont be found. Is > that a bug?? > > What can i do to easily solve the problem ? ./start -L 'my_locale' Assuming you're using zope 2.1.4 or later. I did it with Portuguese (./start -L 'pt_PT'), and all funny portuguese characters (çêã etc.) catalog properly. You may need to reindex after restarting. ~mindlace ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Distributed ZODB-Transactions
Well, that sort of makes sense. The containing object is the object that needs to be updated to rid itself of the reference to the contained object. I'm not sure I understand the problem. The object to be updated *is* the container. > My problem is the first step: how does the client recognize, which > object has to be updated? In the case of a creation and deletion of an > object, the transaction-class handles the parent object and not the object > itself. -- Chris McDonough Digital Creations Publishers of Zope - http://www.zope.org ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] DCOracle and floats (was: DCOracle Problem on HPUX)
"R. David Murray" wrote: > > On Thu, 18 May 2000, Matthew T. Kromer wrote: > > Yes, this is in the CVS version; Chris Petrilli will probably make an > > announcment & a release soon. The behavior is such that NUMBER with > > neither scale nor precision is a float. > > Great! Thanks for the info. From your last sentence I'm wondering if > the fix is a simple change to the if test in _description in > ociCurs.py...maybe I'll experiment, not knowing how soon 'soon' is . In this case, yes, that's all that it is (well, it was a 1-liner in ociCurs.py). ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Distributed ZODB-Transactions
> > I want to write an Product that mirrors every ZODB-Transaction to a > > Backup-Server. > > The idea was to trap every transaction (i.e. creation, change, deletion > of > > zope-objects) and transfer a copy of the object to another server (via > > XML-RPC?!?) after the transaction got commited. > > I've been debugging through various zope-classes (esp. transaction.py, > > connection.py) but couldn't understand the way, zope manages the > > transactions. > > The creation and deletion process always seems to trigger a transaction > for > > the parent object. > > Has anybody an idea? > > Data.fs is essentially a log file that is appended with binary data. > The only time the data is changed rather than appended is when you pack > the database. Therefore, it may be easier to write a script that > catches the data that is appended and appends it to the backup file. > When the script detects the file has shortened (after a packing > operation), it should copy the whole file over. > > The simple fact that data is appended rather than changed makes Data.fs > quite reliable. It can withstand most kinds of failure. And the Zope > undo mechanism is very effective. > > So I would suggest that the backup you intend to perform does not need > to be an integral part of Zope. Rather, it is appropriate that it be a > background process run periodically. > > Shane OK, I admit, I didn't tell you the whole truth. ;-) The Backup-Server should not only backup one, but various Zope-installations (sort of 'backup-central'). My idea was to create a folder for each backuped server. This folder holds the complete object-tree of a backup-client. Each time a change in the database of the client occurs, the client informs the server about it (tells the server which object has been changed, created or deleted). Then the server requests that object from the client. The client pickles the object, sends it to the server and the server unpickles it again and puts it in the right place in the client folder. My problem is the first step: how does the client recognize, which object has to be updated? In the case of a creation and deletion of an object, the transaction-class handles the parent object and not the object itself. Thanx, Gregor! ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] zope + apache + webdav
Hello, I've got a zope who turn on my apache server, and i want use webdav. I have already apply the patch to mod_cgi (thanks greg) but my problem is not resolv. Is anybody know how to change the httpd.conf to use webdav protocol to work with zope through apache ? Steve GIRAUD Universite de Savoie ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Zope and SMP
Thilo Mezger: > hi! > Howdy. > yesterday, i have test-driven zope on a dual-pentium smp-machine > running linux 2.2 and i was very disappointed by the results. > the zserver threads are running on both cpu's but it seems to > scale really, really badly. i have only done some very cheap > benchmarking but it seems that a single cpu is faster than 2 cpu's. > > but as i said, this is not proper benchmarking (yet). i wanted to > ask if someone has already tried zope on more than 1 cpu and/or > could point me to a direction where i could find out more about > this subject? > I have our intranet running off a dual Xenon 350Mhz running 2.2.12-20smp and things are terrific. I haven't ran any comparisons either, but speed isn't an issue. > cheers! > thilo > > > -- > [EMAIL PROTECTED] > innominate AG > networking people > fon: +49-30-308806-0 fax: -77 web: http://innominate.de pgp: /pgp/tm > All my best, Jason Spisak CIO HireTechs.com 6151 West Century Boulevard Suite 900 Los Angeles, CA 90045 P. 310.665.3444 F. 310.665.3544 Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] DCOracle and floats (was: DCOracle Problem on HPUX)
"R. David Murray" wrote: > > On Thu, 18 May 2000, Matthew T. Kromer wrote: > > However, if that's not the case, maybe a recent checkout of the DCOracle > > CVS will help; I have made no announcement because the ONLY platform > > I've tested on is Linux with Oracle 8.0.5 and 8.1.5; Oracle is variant > > enough that this doesn't represent a full validation. > > > > If you can't get DCOracle out of CVS, I'll send a tarball separately. > > Ah, so maybe *you* are the person to whom I should have addressed > my recent note that I sent to '[EMAIL PROTECTED]'. Are you > aware of the issue a few of us have run into with DCOracle munging > float values into ints? Is this fixed in the CVS by any chance? > In any case, how do I access the CVS version; I couldn't find it > in the CVS web interface linked off of zope.com (I haven't tried > to set up the non-web interface yet). Yes, this is in the CVS version; Chris Petrilli will probably make an announcment & a release soon. The behavior is such that NUMBER with neither scale nor precision is a float. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Distributed ZODB-Transactions
Shane Hathaway wrote: > Data.fs is essentially a log file that is appended with binary data. > The only time the data is changed rather than appended is when you pack > the database. Therefore, it may be easier to write a script that > catches the data that is appended and appends it to the backup file. > When the script detects the file has shortened (after a packing > operation), it should copy the whole file over. Someone alreay wrote a script that does this - search the archives or zope.org. -- Itamar S.T. [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Methods through the Web (security?)
Martijn Faassen wrote: > Various things. What you'd need is turn off 'view' permission by > default for just about *everything* except possibly DTML Documents, > otherwise it's just too easy to set up a site that exposes too > much. Exposure to URLs should be turned off by default. Well, this is why doing it with permissions is great because you can set it to your preference in the root folder and aquire it from there onwards... > Everything would still have 'execute' permission, so I don't think > that should be a permission at all, as everything really has it and > nothing can do without it anyway. Yes, but you may want to restrict WHO can execute something. Perhaps you have a method that only managers should be able to execute, and no-one should be able to 'view'. > 'view' and 'access' merge into a single thing called 'access'. I still don't really see any point in the 'access' permission and, in fact I've just been bitten badly by it (see my RecentChanges post to the Zope list...) > the question is if you really ever want that in a site. You usually > only call such methods from DTML. Not so, try out ZWiki's ;-) I notice there is an FTP permission already. Maybe there should be: - an execute permission - a 'view' permission for each 'server': HTTP, FTP, XML-RPC... cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Methods through the Web (security?)
Martijn Faassen wrote: > > Brian Lloyd wrote: > > Yes you could, except that you would also make them inaccessible > > from DTML (or from anywhere else) for the same class of users. > > > > Is it really acceptable that in order to use > > on a page that needs to be accessible to anonymous users that I > > must grant 'Access contents information' to anonymous users and > > thus give them the ability to inspect my objects if they want to? > > So you have something like: > > 'Access at all' (this is 'Access Contents Information') > > 'Access through URL' (the 'expose' flag I talked about in previous posts) > > 'Access through FTP' > > 'Access through XML-RPC' > > etc. This is an interesting idea -- The Zope server is an Object database that exposes objects and attributes via various protocol modules. I can see a future where you'd want to be able to plug in arbitrary protocol modules -- and perhaps more than one instance of each type of protocol (for example, http on ports 80 and 8080). It would make sense to me for each protocol to have its own set of "expose flags" or even "expose rules" for each addressable object/attribute. The user interface to manage the objects could collect these all into one place, so as the manager of an object, you can decide what is allowed to be seen via which protocols. -- Steve Alexander Software Engineer Cat-Box limited ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Distributed ZODB-Transactions
Heine Gregor wrote: > I want to write an Product that mirrors every ZODB-Transaction to a > Backup-Server. > The idea was to trap every transaction (i.e. creation, change, deletion of > zope-objects) and transfer a copy of the object to another server (via > XML-RPC?!?) after the transaction got commited. > I've been debugging through various zope-classes (esp. transaction.py, > connection.py) but couldn't understand the way, zope manages the > transactions. > The creation and deletion process always seems to trigger a transaction for > the parent object. > Has anybody an idea? Data.fs is essentially a log file that is appended with binary data. The only time the data is changed rather than appended is when you pack the database. Therefore, it may be easier to write a script that catches the data that is appended and appends it to the backup file. When the script detects the file has shortened (after a packing operation), it should copy the whole file over. The simple fact that data is appended rather than changed makes Data.fs quite reliable. It can withstand most kinds of failure. And the Zope undo mechanism is very effective. So I would suggest that the backup you intend to perform does not need to be an integral part of Zope. Rather, it is appropriate that it be a background process run periodically. Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Distributed ZODB-Transactions
Heine, You'll want to take a look at lib/python/ZODB/FileStorage, lib/python/ZODB/DemoStorage, and lib/python/ZODB/MappingStorage for ideas. You may also want to take a look at the ZODB Wiki at http://www.zope.org/Members/jim/ZODB Heine Gregor wrote: > > Zopistas! > > I want to write an Product that mirrors every ZODB-Transaction to a > Backup-Server. > The idea was to trap every transaction (i.e. creation, change, deletion of > zope-objects) and transfer a copy of the object to another server (via > XML-RPC?!?) after the transaction got commited. > I've been debugging through various zope-classes (esp. transaction.py, > connection.py) but couldn't understand the way, zope manages the > transactions. > The creation and deletion process always seems to trigger a transaction for > the parent object. > Has anybody an idea? > > Thanx, > > Gregor! > > ___ > Zope-Dev maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope ) -- Chris McDonough Digital Creations Publishers of Zope - http://www.zope.org ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Distributed ZODB-Transactions
Zopistas! I want to write an Product that mirrors every ZODB-Transaction to a Backup-Server. The idea was to trap every transaction (i.e. creation, change, deletion of zope-objects) and transfer a copy of the object to another server (via XML-RPC?!?) after the transaction got commited. I've been debugging through various zope-classes (esp. transaction.py, connection.py) but couldn't understand the way, zope manages the transactions. The creation and deletion process always seems to trigger a transaction for the parent object. Has anybody an idea? Thanx, Gregor! ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] DCOracle and floats (was: DCOracle Problem on HPUX)
On Thu, 18 May 2000, Matthew T. Kromer wrote: > Yes, this is in the CVS version; Chris Petrilli will probably make an > announcment & a release soon. The behavior is such that NUMBER with > neither scale nor precision is a float. Great! Thanks for the info. From your last sentence I'm wondering if the fix is a simple change to the if test in _description in ociCurs.py...maybe I'll experiment, not knowing how soon 'soon' is . --RDM ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Methods through the Web (security?)
Tres Seaver wrote: > I don't get the issue here, I guess; either anonymous users can view > objectIds (through the web, through XML-RPC, whatever), or they can't > (because you don't want them to have the information that a given > object is there, I guess?) Perhaps you just don't want to expose internal implementation details to them. Users have no business viewing 'standard_html_header' directly, for instance. > If they can't, then _any_ DTML method > which calls objectIds() should be required to have non-anonymous > permissions, either through the AUTHENTICATED_USER or through proxy > roles. This seems to be working as designed in the current > implementation. Turning off objectIds() by default is like running > an anonymous FTP server but disallowing the "dir" command: it reduces > the utility of the server to such an extent that you might as well > not bother. :) I think this picture changes if you make the distinction between viewing as an anonymous user, viewing as the manager, viewing through XML-RPC, etc. I think the idea is that a random person on the web should only be able to view that which that user is explicitly allowed to view. Preferably the user should not have the capability to access things directly that are actually only DTML/Python methods used to *produce* the view. If you could say to a method that it is like that, you can make a distinction that can currently not be made. i.e. a 'viewable through URL' permission (default set to off). Regards, Martijn ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Methods through the Web (security?)
Chris Withers wrote: > The solution I proposed before is simple (maybe not to implement ;-) and > I think solves all the problems: > > Split the current 'view' permission into two new permissions: > 1. View - allow users to directly access an object through > HTTP/FTP/XML-RPC/etc > 2. Execute - allow non-direct execution of a method by a user, for > example by them viewing another method/object which they have the 'view' > permission for. [snip] > Comments? (hopefully I'll get some this time... ;-) Various things. What you'd need is turn off 'view' permission by default for just about *everything* except possibly DTML Documents, otherwise it's just too easy to set up a site that exposes too much. Exposure to URLs should be turned off by default. Everything would still have 'execute' permission, so I don't think that should be a permission at all, as everything really has it and nothing can do without it anyway. Anyway, see my other posts. I think you would need to do something like this: 'view' and 'access' merge into a single thing called 'access'. 'access' then gets split into 'access through URL', 'access through FTP', 'access through XML-RPC'. By default, 'access through URL' is turned *off* for anonymous surfers for all objects. You need to turn this on explicitly. Note that you quickly overestimate the amount of cases this needs to be done. In fact, I think in the site I have in production use here, there's just one or two index_html's that need to be given 'access through URL' permission. :) The tricky bit is if you want methods on objects that *are* accessible through URLs. There doesn't seem to be a good way to do that now, but the question is if you really ever want that in a site. You usually only call such methods from DTML. Regards, Martijn ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Methods through the Web (security?)
Martijn Faassen wrote: > So you have something like: [snip] > Of course this sounds like it could get unwieldy, unless there was > some clear user interface. This would be unwieldy, I prefer the suggestion I made (obviously ;-) which gets around this... > > From the point of view of an xml-rpc based > > client app, having objectIds and the like may be an absolute > > necessity, while from a pure HTTP standpoint many would > > at best consider it superfluous or at worst consider it > > a security hole. Well, yes, but its the same problem no matter what your protocol: Should a user be able to do something with a method or should a method used by user be able to do something with a method? The second case, the use is defined by the person who wrote the application, the first case it's defined by the (possibly malicious) user... This sounds a lot like proxy roles, I know, but they'er just to clumsy for this special case... > Um, is there a good workaround then, if you turn it off? I mean, > if you turn off 'Access Contents Information' *and* you want a > DTML method that generates an index of all subfolders, what do you > do? Work with proxies? Yes, lots of them and in a very complicated fashion which is easy to screw up and so defeat the point of doing it in the first place ;-) cynically, Chris PS: I'll try and cheer up later :S ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] DCOracle and floats (was: DCOracle Problem on HPUX)
On Thu, 18 May 2000, Matthew T. Kromer wrote: > However, if that's not the case, maybe a recent checkout of the DCOracle > CVS will help; I have made no announcement because the ONLY platform > I've tested on is Linux with Oracle 8.0.5 and 8.1.5; Oracle is variant > enough that this doesn't represent a full validation. > > If you can't get DCOracle out of CVS, I'll send a tarball separately. Ah, so maybe *you* are the person to whom I should have addressed my recent note that I sent to '[EMAIL PROTECTED]'. Are you aware of the issue a few of us have run into with DCOracle munging float values into ints? Is this fixed in the CVS by any chance? In any case, how do I access the CVS version; I couldn't find it in the CVS web interface linked off of zope.com (I haven't tried to set up the non-web interface yet). --RDM ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Methods through the Web (security?)
Brian Lloyd wrote: > Yes you could, except that you would also make them inaccessible > from DTML (or from anywhere else) for the same class of users. > > Is it really acceptable that in order to use > on a page that needs to be accessible to anonymous users that I > must grant 'Access contents information' to anonymous users and > thus give them the ability to inspect my objects if they want to? So you have something like: 'Access at all' (this is 'Access Contents Information') 'Access through URL' (the 'expose' flag I talked about in previous posts) 'Access through FTP' 'Access through XML-RPC' etc. This would be for individual Zope objects. For objects that expose methods, perhaps you'd need yet another permission, something like: 'Access methods at all' 'Access methods through URL' .. Of course this sounds like it could get unwieldy, unless there was some clear user interface. > I have a feeling that intent will need to become more important > somehow in the future. As we add more protocols and types of > usage to Zope, it becomes harder for a single permission to > really cover a resource in a way that makes sense for all of > the various usages. Right. > From the point of view of an xml-rpc based > client app, having objectIds and the like may be an absolute > necessity, while from a pure HTTP standpoint many would > at best consider it superfluous or at worst consider it > a security hole. > > *sigh*. Maybe the right short-term thing is to just leave it > the way it was and tell people who may be concerned about it > to turn it off via that permission and live the repercussions > that will have in their DTML. I guess at least that way the > software isn't taking the choice out of their hands. Um, is there a good workaround then, if you turn it off? I mean, if you turn off 'Access Contents Information' *and* you want a DTML method that generates an index of all subfolders, what do you do? Work with proxies? Regards, Martijn ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Methods through the Web (security?)
Ty Sarna wrote: > Can't you just turn off 'Access contents information' permission or > whatever it is on a folder if you don't want people to call > those things trough the web? Hm, but wouldn't that break a lot of code? You need Access contents information if you're going to do something like automatically generate an index, right? Regards, Martijn ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Methods through the Web (security?)
Brian Lloyd wrote: > I don't have a good answer for you, though I tend to agree with > you that some things just don't want to be accessed outside of > some larger context. I'd like to hear some different viewpoints > on how people think something like this should work... What the difference seems to be is exposure to surfer through URL. So, you could equip all items in the object tree with a flag 'expose', that is off by default. When the user should be able to view the thing through an URL (such as index_html), you turn it on. Would this have any unforseen problems? You could even have some user interface help here. Imagine I made an index_html but forgot to expose it. Now, still logged in as manager, I try to view it. Zope detects I'm trying to view something through an URL that I'm not supposed to see, so asks something like "hey, you tried to view this but it's not set to be exposed, expose this?". If the manager chooses 'yes', the expose flag is set to true. Hm, I suppose the problem here would arise with methods that directly return HTML output through an URL. This would seem to be fairly rare, though, and you can always wrap it up in some object that does have the expose flag. Regards, Martijn ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] a simple example of the ZPatterns frame work
At 12:53 PM 5/18/00 +0400, Jephte CLAIN wrote: > > >"Phillip J. Eby" a écrit : >> >> When created, Racks create some default Attribute and Sheet providers. >> These objects are used by Rackmountables to access data which is not stored >> directly in the rackmountable. > >Indeed, attribute and sheets are not stored in the rackmountable. Where >are they stored then? in the specialist? in the rack? reading the code >does not help to answer that question. They are stored wherever the SheetProvider or AttributeProvider specifies. That is the point of having AttributeProviders and SheetProviders - to make it possible to put things in different places without application-level code needing to know where/how they are stored. >say I have in MyItem.py: > >class MyItem(RackMountable, Item): > "" > meta_type = 'My Item' > > def __init__(self, id): > self.id = id > self.i = 0 > self.s = '' > >and in __init__.py, MyItem is registered as a z base class > >i and s are properties my objects are going to store. I would like to >use MyItem objects until I am ready to move the data into an SQL >database, where i and s will be columns in a table. > >The AttributeProvider (that my rack have by default) raise an exception >in MyItem.__init__ because i and s do not exist (indeed, I want to >create them in the instance!) Could you give the traceback? I think it is more likely your __init__ is failing because you are setting self.id. You should not set self.id directly in your __init__ method, you should call RackMountable's __init__ method like this: def __init__(self,id): RackMountable.__init__(self,id) self.i = 0 self.s = '' Or, better yet, don't define an __init__ method at all, and set the default values for i and s in your class itself. As a general rule, RackMountables should not redefine the __init__ method. (And yes, I'm going to add that rule to the docstrings right now...) >Also, say I want to add the OFS.ProperyManager.PropertyManager mixin >class to MyItem to manage my properties through the standard interface. >Will it clash with the sheet provider? No. RackMountables can be PropertyManagers. The attributes will be handled by the AttributeProviders. >I'm not interested in the ZPatterns framework to allow my customers to >customize the data sources or the collaborators. I'm interested in it >because I want to develop code that is independant of the data sources. >I want to store some data in the ZODB (because they are python list and >dict, or because it is easier for me to use Zope objects until I move to >a SQL database), and some of them in an SQL database (because they might >be used by externals applications), but still want to have a common >interface to the data. The default AttributeProviders for a Rack are of two kinds: an "acquired" provider and a "persistent internal" provider. The "persistent internal" provider simply stores attributes in the object itself whenever you set them. i.e., it assumes that the object is stored in the ZODB, so setting an attribute will cause it to be stored. In effect, it's as though you just had a normal ZODB object. The "acquired" provider allows you to share AttributeProviders between Racks in a Specialist. If you add AttributeProviders to the Specialist, the "acquired" provider will detect this and make the appropriate attributes available in the Rack. Both of these providers can be removed or reconfigured; by default they are set up to use all available providers from the Specialist, and to allow any attribute to be set in a rack-mounted object. As other providers become available, such as SQLAttributeProvider or LDAPAttributeProvider (which Ty is tinkering with at the moment), I think this will all begin to make a bit more sense. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Methods through the Web (security?)
At 12:13 PM 5/18/00 +0100, Steve Alexander wrote: > >It occurs to me that there are two distinct "views" of the Zope tree. > > 1. The developer's / content manager's view > > 2. The end-user's view > Unfortunately, it's not just black-and-white, it's lots of shades of grey in between. Management screens, for example, display tabs based on a user's permissions. You can give someone certain permissions and not others. It's very difficult to say, at the Zope framework level that something is "development" vs. "content". In some ways it'd be nice if you could, because then you could use permission mappings for "runtime" permissions on all of your methods, and have roles mapped to permissions in "development" mode. (Sort of the way ZClasses work now - when you edit the ZClass, you're in "development", but when you access an instance, it's "runtime" as far as permissions are concerned.) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Methods through the Web (security?)
Tres Seaver wrote: > > > Taking HTTP alone, for simplicity of expression; I suppose what I'm > > asking for is that there are two HTTP servers for one Zope instance. > > The one on port 80 (for example) only responds to those URLs that are > > for public viewing. The one on port 8081 (for example) responds to > > any request that makes sense to map onto an object or attribute. > > > > The same scheme can be applied to FTP -- you choose whether a > > particular FTP server presents the "public" view, or the "developer" > > view. > > I'm presuming you mean to disallow anonymous access to the "developer" > view -- otherwise, you have just transferred the > "security-through-obscurity" to another location. You could. I'd like to do this so that I could block port 8081 (in the example above) at my firewall, or apache config, or whatever. In that way, I get a "neat and tidy" public-viewable website, and a developer site that is viewable only within my network's DMZ. -- Steve Alexander Software Engineer Cat-Box limited ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] DCOracle Problem on HPUX
Mark Postal wrote: > > I'm running HPUX 10.20 and Oracle 8.0.3. My goal is to use ZOracleDA, > but first I must get DCOracle working. DCOracle compiles OK and I > am able to connect to the database when executing from the command line. > My test script is attached for reference. > > My problem occurs when running in the Zope environment, as ZOracleDA Product > or > an External Method, DCOracle hangs in the oci_8.Logon() method. I have to > kill > the python process to recover from the error. > > Yes, I have ORACLE_HOME and LD_LIBRARY_PATH set. > > I wrote a new module, just to login to Oracle, using code that I am > more familiar with. Again with the same result, it works OK on the > command line but not in Zope. I have included that code also, because > it shows where the hangup is. In my module it hangs in OCIServerAttach. > > Here's where I need help. In both cases, its actually hanging in an Oracle > function (OCILogon in oci_8.c and OCIServerAttach in my module). > > What might cause this? > > Why does it happen in the Zope environment and not in the command line > environment? > > How do I get this working? > > Thanks in advance, > Mark Postal > [EMAIL PROTECTED] Can I ask what version of DCOracle you are attempting to build? Some of that code looks like my recent changes with a lot of extra stuff ripped out; and may be indicative that it needs to be regressed on your platform at Oracle 8.0.3 *if* that's where it came from. However, if that's not the case, maybe a recent checkout of the DCOracle CVS will help; I have made no announcement because the ONLY platform I've tested on is Linux with Oracle 8.0.5 and 8.1.5; Oracle is variant enough that this doesn't represent a full validation. If you can't get DCOracle out of CVS, I'll send a tarball separately. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Methods through the Web (security?)
Chris Withers <[EMAIL PROTECTED]> opined: > > Brian Lloyd wrote: > > [snip] > > > > Won't this break Amos' XML-RPC-based editor and similar hacks? > > > > Waaa probably. Ok, so I've _provisionally_ changed this in > > the current CVS. I feel a to-the-death-cage-match coming on. > > Horse before the cart? > > Maybe the XML-RPC editor needs fixing 'cos something got fixed in > Zope?! > > > > Can't you just turn off 'Access contents information' permission > > > or whatever it is on a folder if you don't want people to call > > > those things trough the web? > > > > Yes you could, except that you would also make them inaccessible > > from DTML (or from anywhere else) for the same class of users. > > ...as I found out when I first ran into this problem... > > ...and as I said in the first post you can get round this using a > tortuous set of proxy roles (dunno how that'll get screwed up in 2.2) > but it's not a 'nice' solution to what should be a fairly simple > problem. > > > Is it really acceptable that in order to use > > on a page that needs to be accessible to anonymous users that I > > must grant 'Access contents information' to anonymous users and > > thus give them the ability to inspect my objects if they want to? > > No!!! ;-) I don't get the issue here, I guess; either anonymous users can view objectIds (through the web, through XML-RPC, whatever), or they can't (because you don't want them to have the information that a given object is there, I guess?) If they can't, then _any_ DTML method which calls objectIds() should be required to have non-anonymous permissions, either through the AUTHENTICATED_USER or through proxy roles. This seems to be working as designed in the current implementation. Turning off objectIds() by default is like running an anonymous FTP server but disallowing the "dir" command: it reduces the utility of the server to such an extent that you might as well not bother. :) An alternate implementation would be to have objectIds() check for the anonymous role, and return only the subset of IDs that the 'skip-unauthorized' attribute filters in (this touches on another peeve of mine -- lots of the "magic" which DTML does is not accessible outside of the tags). > The solution I proposed before is simple (maybe not to implement ;-) > and I think solves all the problems: > > Split the current 'view' permission into two new permissions: > > 1. View - allow users to directly access an object through > HTTP/FTP/XML-RPC/etc > > 2. Execute - allow non-direct execution of a method by a user, for > example by them viewing another method/object which they have the > 'view' permission for. > > This effectively provides the same functionality as adding or removing > a docstring from a method in a python class, and could be used to > replace it, as it's not really documented anywhere. > > I can't really see a use for he 'Access contents information' > permission other than an additional control over and above these two > new ones. > > As simple example: > -index_html (role X has view permission) > > Some Text > > > -standard_html_header (role X has execute but not view permission) > > > So, a user with role X can view index_html and have it render > properly (although it wouldn't if he didn't have the execute > permission on standard_html_header) but if the user tried to view > standard_html_header on its own, he would get an unauthorised > error... > > Comments? (hopefully I'll get some this time... ;-) > > cheers, > > Chris > > PS: The XML-RPC stuff could just be given the nwe view permission for > objectIds, if it REALLY needs it... although this would mean the > docstrings thing would have to eb replaced, which isn't necessarily a > bad thing ;-) Itamar Shtull-Trauring <[EMAIL PROTECTED]> replied: > Yes, it really needs it. My XML-RPC uploading interface to Zope > needs to know what's in a folder - so it needs objectIds. How else > am I supposed to browse through the Zope tree? I could have users > install a method, but this is a very generic need (browsing the > object tree) and should be built in. Steve Alexander <[EMAIL PROTECTED]> chimed it: > It occurs to me that there are two distinct "views" of the Zope tree. > > 1. The developer's / content manager's view > > This is what we have now. > > 2. The end-user's view > > Taking HTTP as an example, this consists of the set of URLs that > are available for access via the web. Other URLs should return a > 404 Not Found, even if they are available as part of the > developer's view (point 1). > > Taking HTTP alone, for simplicity of expression; I suppose what I'm > asking for is that there are two HTTP servers for one Zope instance. > The one on port 80 (for example) only responds to those URLs that are > for public viewing. The one on port 8081 (for example) responds to > any request that makes sense to map onto an object or attribute. > > The same scheme can be applied
[Zope-dev] Re: Strange ZClass permissions problem with 2.2a1
"Dr. Ross Lazarus" wrote: > > I'm testing 2.2a1. > I have some ZClasses which work fine in 2.1.6. I copied my Data.fs to > the new 2.2a1 install. > As a non-superuser I have taken ownership of the top level of the > site. When I try to access a zclass instance which uses manage_tabs > in it's > index_html method, I get the traceback shown below. > > The relevant code is checking that the containerbase is not the > accessedbase whatever they are! > > If I take out manage_tabs from the offending ZClass index_html > method, I can view index_html (but of course, I can't use the > management stuff built in! making it rather useless), so that's > where we're getting into trouble for sure. > > I've tried starting out with a vanilla 2.2a1 Data.fs and importing all > the zclasses and the relevent folders - no difference. > > Anyone else seeing this? > Is this worthy of the collector? Does the problem repeat in the "vanilla" version if you just create a new instance of your ZClass, instead of importing the old pickle? If so, it is definitely a "bug"; if not, it may be a "migration problem," with a fix like the one Brian posted for recursively "re-ownering" Zope.org. Tres. -- = Tres Seaver [EMAIL PROTECTED] Digital Creations "Makers of Zope" http://www.zope.org ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZServer Ftp Active mode through firewall
Kent, If possible, I'd like you to check whether the FTP server is trying to make the connection from a port other than 20. Then try out a different FTP server that is working through the firewall (on active mode connections) and see if it connects from port 20. If so, we have found the problem. The solution is not obvious to me, however, considering the restriction of allocation of ports below 1024. Guidance is welcome... Shane Kent Polk wrote: > > I believe we discovered a problem with ZServer's ftp server. > (Zope 2.1.6) > > I posted the following to the collector: > http://classic.zope.org:8080/Collector/1257/view > > Has anyone else seen this problem? : > > -- > It appears that ZServer's active ftp mode may be broken, but probably > is only noticed when used in conjunction with a firewall. Ftp > Passive mode operates as expected and active mode operates as long > as there is no firewall. > > Observations (Active mode): > - client connects, instructs server regarding data port to use. > - server appears to never send port 20 reply to client, which is > required by the firewall to know that the data port needs to be > opened. > - client waits on data port. If no firewall, the connection is > made. If firewall is blocking high port numbers, the firewall > never is instructed to open the data port which is indicated by > the server port 20 response (that is never sent), so no connection > is made. > > I saw a number of discussions regarding this topic that indicated > that improper DNS configuration was causing the problem. However, > this is not the problem in our case. We first noticed that all > passive (PASV) mode ftp clients worked correctly, then noticed that > all ftp clients on the same subnet or outside the firewall worked > correctly, then noticed that active clients inside the firewall > were never receiving the port 20 response and that the firewall > was blocking the data port from the server. > > Comments? > > ___ > Zope-Dev maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
RE: [Zope-dev] Zope and SMP
hi thilo, the scaling problem comes from the overhead of switching python threads when they run on 2 CPUs. one strategy, if your OS allowed it, would be to force the python process onto a single CPU. sunOS/solaris allows you to do so if i remember right. you're a little luckier if you actually run 2 zope instances on the machine (like i do on an old pentium 166 at home), at least on linux, which does not allow you to set processor affinity, this will force each python process onto a single CPU. what you definitely might want to try is a fix that matt kromer here at digital creations came up with. the technical background is that python has a built-in timer that controls how often python checks on all its threads and, if needed, switches from one to another. if you increase the interval on this timer you will decrease the number of thread switches, thereby speeding up your zope installation. to apply it to your own zope install open z2.py in your zope root directory and add the following line just before the comment that starts the "Configuration section" (roughly around line 220): sys.setcheckinterval(50) the best number given as argument to setcheckinterval is something you could find out by benchmarking. 50 is what i use on my site, and compared to two standard zope 2.1.6 instances running i gained about 100% in speed. this fix is becoming part of zope 2.2.0, as far as i know it is already in the alpha and brian lloyd decided on 120 as a good number for starters. again, to see the best results you might want to try different numbers and benchmark the site with e.g. ab. hope that helps jens Jens Vagelpohl [EMAIL PROTECTED] Software Engineer www.digicool.com Digital Creations (888) 344-4332 Got Zope? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Thilo Mezger Sent: Thursday, May 18, 2000 03:21 To: [EMAIL PROTECTED] Subject: [Zope-dev] Zope and SMP hi! yesterday, i have test-driven zope on a dual-pentium smp-machine running linux 2.2 and i was very disappointed by the results. the zserver threads are running on both cpu's but it seems to scale really, really badly. i have only done some very cheap benchmarking but it seems that a single cpu is faster than 2 cpu's. but as i said, this is not proper benchmarking (yet). i wanted to ask if someone has already tried zope on more than 1 cpu and/or could point me to a direction where i could find out more about this subject? cheers! thilo -- [EMAIL PROTECTED] innominate AG networking people fon: +49-30-308806-0 fax: -77 web: http://innominate.de pgp: /pgp/tm ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Methods through the Web (security?)
Itamar Shtull-Trauring wrote: > > Chris Withers wrote: > > > PS: The XML-RPC stuff could just be given the nwe view permission for > > objectIds, if it REALLY needs it... although this would mean the > > docstrings thing would have to eb replaced, which isn't necessarily a > > bad thing ;-) > > Yes, it really needs it. My XML-RPC uploading interface to Zope needs to > know what's in a folder - so it needs objectIds. How else am I supposed to > browse through the Zope tree? I could have users install a method, but this > is a very generic need (browsing the object tree) and should be built in. It occurs to me that there are two distinct "views" of the Zope tree. 1. The developer's / content manager's view This is what we have now. 2. The end-user's view Taking HTTP as an example, this consists of the set of URLs that are available for access via the web. Other URLs should return a 404 Not Found, even if they are available as part of the developer's view (point 1). Taking HTTP alone, for simplicity of expression; I suppose what I'm asking for is that there are two HTTP servers for one Zope instance. The one on port 80 (for example) only responds to those URLs that are for public viewing. The one on port 8081 (for example) responds to any request that makes sense to map onto an object or attribute. The same scheme can be applied to FTP -- you choose whether a particular FTP server presents the "public" view, or the "developer" view. -- Steve Alexander Software Engineer Cat-Box limited ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Methods through the Web (security?)
Chris Withers wrote: > PS: The XML-RPC stuff could just be given the nwe view permission for > objectIds, if it REALLY needs it... although this would mean the > docstrings thing would have to eb replaced, which isn't necessarily a > bad thing ;-) Yes, it really needs it. My XML-RPC uploading interface to Zope needs to know what's in a folder - so it needs objectIds. How else am I supposed to browse through the Zope tree? I could have users install a method, but this is a very generic need (browsing the object tree) and should be built in. -- Itamar S.T. [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Frames and Zope
Hi, I am working at a search form and trying to display the result in one of the frame newly created. I just realize by putting the instead of the code into the frames, the variables were all gone. I recall that zope take account to different browser section, did this related to my problem? If the user require login to perform something, is this means If i split a browser into three frames, all three frames need to login again? Rgs, Kent Sin - kentsin.weblogs.com kentsin.imeme.net ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Methods through the Web (security?)
Brian Lloyd wrote: [snip] > > Won't this break Amos' XML-RPC-based editor and similar hacks? > > Waaa probably. Ok, so I've _provisionally_ changed this in > the current CVS. I feel a to-the-death-cage-match coming on. Horse before the cart? Maybe the XML-RPC editor needs fixing 'cos something got fixed in Zope?! > > Can't you just turn off 'Access contents information' permission or > > whatever it is on a folder if you don't want people to call > > those things trough the web? > > Yes you could, except that you would also make them inaccessible > from DTML (or from anywhere else) for the same class of users. ...as I found out when I first ran into this problem... ...and as I said in the first post you can get round this using a tortuous set of proxy roles (dunno how that'll get screwed up in 2.2) but it's not a 'nice' solution to what should be a fairly simple problem. > Is it really acceptable that in order to use > on a page that needs to be accessible to anonymous users that I > must grant 'Access contents information' to anonymous users and > thus give them the ability to inspect my objects if they want to? No!!! ;-) The solution I proposed before is simple (maybe not to implement ;-) and I think solves all the problems: Split the current 'view' permission into two new permissions: 1. View - allow users to directly access an object through HTTP/FTP/XML-RPC/etc 2. Execute - allow non-direct execution of a method by a user, for example by them viewing another method/object which they have the 'view' permission for. This effectively provides the same functionality as adding or removing a docstring from a method in a python class, and could be used to replace it, as it's not really documented anywhere. I can't really see a use for he 'Access contents information' permission other than an additional control over and above these two new ones. As simple example: -index_html (role X has view permission) Some Text -standard_html_header (role X has execute but not view permission) So, a user with role X can view index_html and have it render properly (although it wouldn't if he didn't have the execute permission on standard_html_header) but if the user tried to view standard_html_header on its own, he would get an unauthorised error... Comments? (hopefully I'll get some this time... ;-) cheers, Chris PS: The XML-RPC stuff could just be given the nwe view permission for objectIds, if it REALLY needs it... although this would mean the docstrings thing would have to eb replaced, which isn't necessarily a bad thing ;-) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.2.0a1 Problems
Brian Lloyd wrote: > We are going to move a better 'zopectl start', 'zopectl stop' sort of > setup, though its not there yet. This will make a number of things > better. Cool :-) > > - the -P option doesn't work properly. > > python z2.py -D -P 9000 still resulted in the PCGI server being run on > > port 8090. > > That's because the pcgi info file (Zope.cgi) controls the pcgi port. Okay, fair enough... the problem is that I run a few Zopes on my NT workstation for testing stuff that's REALLY likely to break ;-) (don't want anyone to think I'd use NT in production!...) I already had 2.1.6 running and when I tried to start up 2.2, they both tried to use the same port for PCGI causing 2.2 to bomb out. Maybe PCGI should be off by default? If people want to use PCGI, they'll know they want to use it, but other people just tend to run with default settings that starts up a PCGI server that never gets used... > > Wasn't there going to be an option so that servers which you don't use > > (monitor and PCGI in this case) don't get started? > > yes, try: > > python z2.py -X -w 8080 > > ...to only publish HTTP on port 8080. Note that -X should come before > the specific servers you want to enable. Thanks... > Yes - I just checked in the help for ownership today. It will be in > the next release. Yup, saw that getting checked in abotu 5 mins after I posted the message ;-) cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] a simple example of the ZPatterns frame work
"Phillip J. Eby" a écrit : > > At 08:39 PM 5/17/00 +0400, Jepthte CLAIN wrote: > > > >I wonder if someone can send me a simple example using the ZPatterns > >framework. I read all the source, and I still can't figure out what is > >the relationship between the objects instantiated by the Racks and the > >Rackmountable objects. Also, why do the rack try to instantiate a > >ZClass??? > > When created, Racks create some default Attribute and Sheet providers. > These objects are used by Rackmountables to access data which is not stored > directly in the rackmountable. Indeed, attribute and sheets are not stored in the rackmountable. Where are they stored then? in the specialist? in the rack? reading the code does not help to answer that question. > > When used, Racks create instances of the ZClass you've specified. If you > call newItem(key), you will receive a new instance of that ZClass, which > will be stored in the rack under the specified key. Whenever you call > getItem(key), the instance will be retrieved. Some Racks, like > GenericUserSource, do not store items in themselves, but in external > databases. When you call getItem(key) on a GUS, it calls methods to access > the external database, then creates an instance of the appropriate > LoginUser subclass and returns that. > I don't like ZClasses, because I want to use XEmacs to edit my code. In fact, I have trouble using a python class to store my data. say I have in MyItem.py: class MyItem(RackMountable, Item): "" meta_type = 'My Item' def __init__(self, id): self.id = id self.i = 0 self.s = '' and in __init__.py, MyItem is registered as a z base class i and s are properties my objects are going to store. I would like to use MyItem objects until I am ready to move the data into an SQL database, where i and s will be columns in a table. The AttributeProvider (that my rack have by default) raise an exception in MyItem.__init__ because i and s do not exist (indeed, I want to create them in the instance!) Also, say I want to add the OFS.ProperyManager.PropertyManager mixin class to MyItem to manage my properties through the standard interface. Will it clash with the sheet provider? > Hope that helps; I'm not 100% clear on your question. Anyway, my question was not 100% clear neither :-) I'm not interested in the ZPatterns framework to allow my customers to customize the data sources or the collaborators. I'm interested in it because I want to develop code that is independant of the data sources. I want to store some data in the ZODB (because they are python list and dict, or because it is easier for me to use Zope objects until I move to a SQL database), and some of them in an SQL database (because they might be used by externals applications), but still want to have a common interface to the data. I'm still figuring out how it works, but once I'm done, I will rule the world :-) Thanks for your good work, and thanks for the advices! regards, jephte clain [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Zope and SMP
Thilo Mezger wrote: > yesterday, i have test-driven zope on a dual-pentium smp-machine > running linux 2.2 and i was very disappointed by the results. > the zserver threads are running on both cpu's but it seems to > scale really, really badly. i have only done some very cheap > benchmarking but it seems that a single cpu is faster than 2 cpu's. Python has an interpreter lock that can really slow things down on multiprocessor computers, or so I've heard. ZEO will solve this problem by letting you run two instances of Zope on the same machine - check out the ZEO Wiki on zope.org. -- Itamar S.T. [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Zope and SMP
hi! yesterday, i have test-driven zope on a dual-pentium smp-machine running linux 2.2 and i was very disappointed by the results. the zserver threads are running on both cpu's but it seems to scale really, really badly. i have only done some very cheap benchmarking but it seems that a single cpu is faster than 2 cpu's. but as i said, this is not proper benchmarking (yet). i wanted to ask if someone has already tried zope on more than 1 cpu and/or could point me to a direction where i could find out more about this subject? cheers! thilo -- [EMAIL PROTECTED] innominate AG networking people fon: +49-30-308806-0 fax: -77 web: http://innominate.de pgp: /pgp/tm ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )