Re: [Zope-dev] Re: ZPT for CSS, anyone?

[Craeg K Strong]

Here is one option I happen to like:  generate CSS via XSLT from an XML 
dialect

It has the following pre-requisite: make XSLT available as part of the 
Zope framework.

Once you can rely on having XSLT as part of your framework (it really 
should be part
of "batteries included" IMHO), you can do interesting things like 
providing a transformer
for creating CSS files out of some sort of XML dialect.  Here is a 
snippet of one we created
at Ariel:



 ariel-letter
 
   Special style sheet to support printed Ariel Partners Letterhead
 
 
   #header
  
   

 height

 5 cm

   
   

 right

 1.0in

   
 
...

If someone does not like the XSLT transformer that Zope would (in my 
proposal) provide
out of the box, they are free to substitute their own.  Since it would 
be integrated with ZPT,
you could use ZPT expressions to create the XML dynamically out of 
pieces and parts.
If the XSLT capability were integrated into ZPT somehow, it could be 
made cache aware
for greatest efficiency.

Of course, not everyone likes this kind of "generative programming" 
approach.  I find that
code generation tends to simplify alot of problems.

Just my 2c,

--Craeg

Richard Jones wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Friday 02 Apr 2004 18:44, Chris Withers wrote:
 

Ah, okay, I think building something purely for CSS would REALLY suck.

Something which could generically build SQL, CSS, Emails I would be less
lielyl to vomit about...
[snip] 

So persuade the Python guys to make string interpolation as powerful as you
need it to be ;-)
   

Why don't we have a good, long look at:

 http://www.python.org/cgi-bin/moinmoin/WebProgramming

under the "Templating Systems" heading and make sure that someone else hasn't 
already come up with a good system that templates SQL, CSS, email, etc 
nicely.

There's an awful lot of templating systems there...






___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: CVS File 0.9 bugs

[Craeg K Strong]

Thanks for your note.

Yes, version 0.9 went out with some silly bugs, and I haven't had time 
to fix them.
However, we now have a customer funding some Zope-related work, so I
imagine I will have time to work on CVSFile again within 3-6 weeks.

CVSFile will be supported until it gets replaced by another Zope add-on
that will add CVS functionality to the Adaptable Persistence Engine (APE).
We will be looking into that for our customer as well.  APE is the wave
of the future, it will ultimately replace ExternalFile (the current 
underpinnings
of CVSFile), ExtFile, LocalFS, and lots of other related products.

As far as migrating from a Zope site developed the traditional way, you have
to decide what is worth versioning and what is not.  For example, in 
what format
is your content?  Is it in XML?  HTML?  Is it mixed in with your formatting
directives inside your ZPTs? Or perhaps is it all in DTML documents?

We used versioning for anything meeting any of the following criteria
- multiple developers might work on it simultaneously
- content that needs to be reused
- anything changing rapidly that might need to be reverted or needs an 
audit trail

Under that definition, quite a few zope objects should be versioned, all but
the most trivial ones, really.
One option is to have a folder full of versioned CVSFiles in a tree, 
parallel
to your "real" site.  Your "real" site then merely navigates in via 
aquisition and retrieves its
content from objects within the versioned area.   That way, you have *two*
hierarchies.  One is for the site.  One matches the file system and CVS.

I found this arrangement a little easier to handle, because I could 
refresh the
entire CVSFile hierarchy in a batch and watch my website update :-)
See the latest CVSFile batch oriented functionality for more details.

Hope this helps,

--Craeg

PS, I cc'd the zope-dev mailing list, as I feel the conversation might 
be helpful to others...

Guido Notari wrote:

Dear Sirs,
we're examining your CVS File Zope product, and we feel it has the
potential to be hugely useful to the serious Zope developer.
I am eager to give it a serious try, and integrate it in one of our
projects.
I had difficulties with it, though, and found some little bugs, you may be
already aware of.
Actually, I'm having problems with the CVS Management tag of a CVS File
instance: as it goes, the page template file (cvs.pt) names the called
methods with incorrect spelling. Among the others, I found
manage_updateFile instead of manage_UpdateFile, and manage_commitFile
instead of manage_CommitFile.
There are probably others...
In the light of these little bugs, considering that Revision 0.9.0 was
released a few month ago (May 2003), I cannot refrain from asking:
Is CVS File supported anymore? Why such obvious bugs got unnoticed?
(possibly by bud luck and page templates been rushed in place?)
I would really like to hear from you, I don't really want to lose the
opportunity to test the product, if indeed is usable.
And, speaking of doubts... It's not really obvious to me how to migrate
_into_ a CVS an existing Zope site, developed in the "traditional" way.
Have you got any "standard" method you're adopting to make such a move?
Perhaps some kind of dump product?
Best regards
Guido Notari
--
__/__/   Link I.T. spa   Tel > +39 0332 250111
__/__/   Servizi Integrati Avanzati  Fax > +39 0332 250199
 via Cairoli, 5 - 21100 Varese   http://www.linkgroup.it/
 

--
Craeg K Strong, General Partner
Ariel Partners LLC
http://www.arielpartners.com
voice 781-647-2425
fax   781-647-9690
NOTICE: This message is for the sole use of the intended recipient(s)
and may contain confidential and privileged information. Any review,
retransmission, dissemination or other use of, or taking of any action
in reliance upon, this information by persons or entities other than
the intended recipient is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all
copies -- including electronic copies -- of the original message.


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Using 2.3.2 for Zope 2.7

[Craeg K Strong]

+1000 for moving directly to 2.3.2
I maintain several existing Zope add-on products that have to change 
anyway to be compatible
with 2.7.  Why on earth would I want to go through that pain *twice* ? 
Change is inevitable.  Killing two birds with one stone means less pain 
overall, IMHO.

--Craeg

Chris McDonough wrote:

Some people at ZC have made pretty compelling arguments to make Python
2.3.2 the "recommended" version of Python to use with Zope 2.7 final. 
I'm wondering if other people have a strong feeling about this either
way.

 



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] looking for zope consultant, DC area

[Craeg K Strong]

Greetings, all:

Regular zope-dev poster here with an unusual item...
We are looking for a Zope developer in the Washington D.C. area;
US citizenship required.  Is this the right forum to post such a request?
If not, please advise.  Thanks,
--Craeg



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Any thoughts on when Zope 2.7 beta1 might be available?

[Craeg K Strong]

Yes, a build of Zope 2.6.1 using Python 2.2.2 would be fantastic!

I understand it would not be officially supported, but it would
give me the chance to test out my zope products using the latest
Python.   I am not sure if you could post the binaries somewhere public,
but my guess is that they would probably be useful for others in the same
situation.  Of course you would want to put a disclaimer there about
support in BOLD letters :)
Thanks again for the offer!

--Craeg

Chris Withers wrote:

Craeg K Strong wrote:

Thanks much for the quick response.   And good news, too!

Hum.  In your opinion, what is the best way to do this?   My 
constraints:

- I use both windows 2000 and Red Hat Linux 8
- I do *not* have a C/C++ compiler on Windows


I do ;-)

Anything in particular you'd like a build of?

cheers,

Chris


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Any thoughts on when Zope 2.7 beta1 might be available?

[Craeg K Strong]

Thanks much for the quick response.   And good news, too!

Hum.  In your opinion, what is the best way to do this?   My constraints:

- I use both windows 2000 and Red Hat Linux 8
- I do *not* have a C/C++ compiler on Windows
Do I need to build Zope from source in order to use Python 2.2? 
Or can I simply get rid of $ZOPE/lib/python2.1 and replace it with
$ZOPE/lib/python2.2  (retrofit)?  What are the ramifications of this choice?

Sorry for so many questions; I am trying to get the most stable setup I can,
while doing the least amount of setup work :-)
Thanks very much!

--Craeg

BTW, The answers to these questions should probably be on zope.org
or in a wiki somewhere, do you agree?
Chris McDonough wrote:

Hi Craeg,

2.6.X appears to work great with Python 2.2.  We even removed the
startup warning lately.  I'd go this way were I you as 2.7 is probably
still some time away and you almost certainly don't want to be tracking
the trunk, as its relatively volatile at the moment.
- C

On Fri, 2003-03-21 at 02:42, Craeg K Strong wrote:
 

Hello:

I am using multiple third party Python libraries with Zope, and they are 
no longer
supporting Python 2.1.X at all.  I am forced to upgrade to Python 2.2.X

   

copies -- including electronic copies -- of the original message.



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Any thoughts on when Zope 2.7 beta1 might be available?

[Craeg K Strong]

Hello:

I am using multiple third party Python libraries with Zope, and they are 
no longer
supporting Python 2.1.X at all.  I am forced to upgrade to Python 2.2.X

As I see it, my options are:

1- try to recompile Zope 2.6.1 from source using Python 2.2.2 (and cross 
my fingers)
2- wait for the Zope 2.7

I think Python 2.2.2 support is the most important feature for me in 
Zope 2.7 --
frankly I wouldn't care if that were its *only* new feature beyond what 
2.6.1 supports

Can anyone over at ZC give a rough ballpark estimate for when we might 
see a first beta
of 2.7?

Thanks,

--Craeg

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Declaring Dependencies for XML documents (Was: How To Improve CacheCoherency for RAM/Disk Cache Manager...?)

[Craeg K Strong]

Jamie Heilman wrote:

Why make the unlucky user pay the price?
   

Because the unlucky user (which I read as: author) is the only one who
knows the required behavior of their code.
 

Allow me to clarify -- I meant the end user browsing the website.
I hate it when I surf to a less-highly-used portion of a website and
have to wait 30 seconds for the page to render.  

Anyway, after talking this over with my colleague, I realize that
the problem of *deriving* dependencies is fundamentally undecidable.
We might be able to figure it out in the case of simple acquisition,
like 

 

But it is hopeless for pure python:


:)
One possibility is to add the ability to *declare* dependencies.
I thought of doing that for an X-path aware "XML Composite Document"
object.   It is an object that produces a valid XML document by grabbing
parts of other Zope objects via XPath/XPointer/XInclude.  

Such an object could have an explicit listing of the objects on
which it depends, and invalidate the cache appropriately whenever
any of the dependent objects changed.
http://www.zope.org/Members/faassen/SimpleCache

Is a nice beginning along these lines.

Thoughts?

--Craeg



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] How To Improve Cache Coherency for RAM/Disk Cache Manager...?

[Craeg K Strong]

Hello:

I am getting ready to release the next version of XMLTransform, and in
revisiting the Caching strategy for the product, I realized there are larger
issues that probably deserve a discussion here. 

The bottom line is that transforming XML to something else via
XSLT is a potentially expensive operation, so that caching the results
is often worthwhile.
As I thought about the problem, I realized that this probably holds true
for any sufficiently dynamic site where you employ caching because:
- the cost of processing exceeds the cost of retrieval from cache by at 
least
an order of magnitude
- there are many more readers than writers

Question:  How can we ensure cache coherency?

For example, you might have a ZPT that includes the results of several
long-running PythonScripts, whose rendered result is cached. 
What happens when the code for those
PythonScripts changes?  Worse, what happens when the SQL data
retrieved by the Z SQL Method that the PythonScripts operate on
changes?

Correct me if I am wrong, but today the Zope Cache Management facility
takes into account changes in cached objects, but not objects on which they
depend.
One strategy for accounting for this problem is to invalidate objects in 
the cache
based on a certain interval.  That way objects are out of date for at 
most the
length of the interval.  This could be called the "pull" or reactive model.

Alternatively, Cacheable objects might be somehow aware of the objects 
on which
they depend, and invalidate themselves in the cache when one of their 
dependent
objects changes.  This could be called the "push" or proactive model.  
Depending on
some parameters, they might even recalculate their results proactively 
so they
could be re-cached immediately.  Why make the unlucky user pay the price?

The latter alternative is not infeasible.   DTML and ZPT scripts must parse
their contents in order to render, so the information is available 
somewhere.

The question is: can/should this be addressed for Zope2?  What about Zope3?
Is one model more appropriate for a development setting (equal numbers 
of writers and
readers) vs production (many more readers, few or no writers)?

Any thoughts or sage advice on this topic would be much appreciated!

Regards,

--Craeg

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Re: RDF Musings and TinyTables

[Craeg K Strong]

Paul Everitt wrote:


On jeudi, fév 20, 2003, at 22:15 Europe/Paris, Shane Hathaway wrote:


- RDF is hard to read, but legibility by humans isn't its primary 
focus.  It's more concerned with providing a way to declare any 
relationship about anything.


Right.  That's what the graph tool at the W3C online validator is for. 
:^)  Just throw it some RDF and let it draw a picture for you. 

Fascinating discussion.  Could you please share the URL of this 
validator you mentioned? 
I am assuming it is based on GraphViz/IsaViz technology?  Or is it 
something totally new?

Thanks,

--Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Re: Unsecure design of ExternalFile

[Craeg K Strong]

OK

How about this for the TODO list for ExternalFile:

Create a facility whereby ExternalFiles must be created
within a set of allowed directory(ies), specified in

.../etc/allowedDirectories.txt

For example:
#
# helpful comment goes here
#
/ # allow everything
#

Or:
#
/home/webserver/public  # public stuff
/archive/repository/# read only dir full of downloaded PDFs
/space/temp # temporary area for testing

Or:
#
c:\Documents And Settings  # docs dir

- the create dialog will list the current set of allowed directories,
but not allow changes (changes must be done by hand to the txt file)

- there is no default for allowedDirectories.txt
I will ship it with no entries,
meaning that the product is effectively disabled by default

- If no directory is set, ExternalFile.py will raise an Exception at
Zope startup time, indicating that at least one allowdir must be set
The exception report will include appropriate instructions

Comments?

--Craeg

Martijn Pieters wrote:

On Thu, Nov 07, 2002 at 11:24:35AM -0500, Craeg K Strong wrote:


What would you recommend?  Perhaps there should be
a predefined list of "forbidden" directories for ExternalFiles?
The problem is that-- in the development scenario-- the
very things you mention below might be what you
legitimately *want* to do as a developer.



'Jail' the base directory. Files can only be referenced within the jail.
Relative paths outside the jail are forbidden. This is what FTP and web
servers do, and so should ExternalFiles. A full path (starting with a '/')
then starts at the base directory.

The base directory should not be configurable through the web. Rather, use
an environment variable. Only one directory is needed, as files that need to
be accessible can be copied or symlinked.



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: Unsecure design of ExternalFile

[Craeg K Strong]

Yikes!  Scary stuff.

However, here are some things to consider:

a) ExternalFile advertises itself as being a developers/
content authors tool, not really for production.
Of course, most folks end up using it for production,
anyway... ;-)

b) Once created, an ExternalFile cannot be retargetted
to point to another file in the file system

c) The permission to create an ExternalFile instance is
different than the permission to edit one.  The permission to
create an ExternalFile instance should be assigned
judiciously...

d) the Zope server should be run as a user that has very
limited permissions.

e) Even if a user *does* have permission to edit
an ExternalFile, they only have whatever permission the
user running the Zope server has.  If the Zope user
(usually "webserver" or something like that) does not
have permission to write to /etc/passwd, it doesn't matter
if you create an ExternalFile pointing to it, you still
can't write to it...

However, the points you raise are valid, as they are
Zope-specific, and the zope user "webserver" *would*
probably have permission to do your (1) and (2) examples.

What would you recommend?  Perhaps there should be
a predefined list of "forbidden" directories for ExternalFiles?
The problem is that-- in the development scenario-- the
very things you mention below might be what you
legitimately *want* to do as a developer.

Well, thanks for pointing this out.  Let's continue
the conversation a bit, perhaps a good solution will
reveal itself (even if it is only some kind of warning
in the documentation...)

Regards,

--Craeg

PS I am CC-ing the zope-dev mailing list, as I think this
warrants a wider audience

Jonagustine Lim wrote:

Hi!

I just noticed that it's possible to create or replace
any files in the filesystem using the ZMI with
ExternalFile installed.

Possible exploits:

1. Use ExternalFile web interface to replace Zope
Data.fs

2. Create a .py file in /Zope/Extensions and run it by
creating an Extenal Method.

Anyway, I hope you can fix this or put a warning up.

Jon




___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Unit tests for Zope products: how to test HTTP access to objectsin ZODB?

[Craeg K Strong]

Hello:

I am trying to add some unit tests for my XMLTransform product
that test URL to Zope object traversal.  For example, I want
to ensure that one XSLT (a zope object) can include another using



Zope should transform the above into a request for a zope object
with an ID of "foo.xsl" in the parent folder of the original XSLT.

My question: how have you, dear reader, tested Zope's mapping of
URLs (relative and/or absolute) to objects in ZODB?

I am hoping that it can be done, possibly at the cost of bringing in
additional Zope machinery (which means additional unit test startup
time)...?

Thanks in advance,

--Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] getSecurityManager force auth in __bobo_traverse__

[Craeg K Strong]

I don't know, but this might help:

http://lists.zope.org/pipermail/zope-dev/2002-October/017701.html

It gives you the authenticated user, and you can call the authorization
machinery yourself by hand from there.

--Craeg

[EMAIL PROTECTED] wrote:
> On Wed, 16 Oct 2002, Chris Withers wrote:
> 
> 
>>[EMAIL PROTECTED] wrote:
>>
>>>I need to check if a user has a certain permission to decide to call a
>>>function during traversal however even though the browser is sending auth
>>>(I checked with ethereal) it seems that zope is not figuring out its
>>>security stuff until later.
>>
>>If this is in an access rule, the nread the mailing list archives ;-)
> 
> 
> I checked the list archives and this is not an access rule and I could not
> find any good search engines for the list archives to try and get a good
> answer.
> 
> 
>>PS: Short answer: you can't.
> 
> 
> I have to do it somehow there is really no choice in that even if I have
> to do the auth myself to an acl_user folder and follow it from there.
> However if I have to go that far then I would also have to say that the
> design of zopes security system is very flawed. There should be one
> function call to make to initialize the security environment needed that
> can be called from a python product.


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How can I find out who visited a URL within my ZopeProduct?

[Craeg K Strong]

Steve Alexander wrote:
>> My application can then automatically send notifications to others
>> based on the execution of the VisitURL Command.
>> I can send email to my group saying "So and so has seen the contract"
> 
> Incorrect.
> 
> This shows that they read the original email, and intended to view the 
> contract at the URL. However, after that point, we only know that Zope 
> attempted to send the page at the URL back to the browser. You have no 
> proof that such data was ever received by the browser in any way 
> meaningful to the end-user. This gets even more complicated when http 
> proxies are involved.

You are right, of course, but I believe that, for our purposes, this is
a distinction without a difference.  The notification is purely for
administrative purposes-- just a convenient reminder to our client if their
invoice has not been paid yet.  If *their* client denies that they have
seen the invoice, we don't have a legal basis for non-repudiation, but as it
turns out, this is a pretty rare problem in practice.

I suppose the only way to legally guarantee that someone has seen something
delivered as a web page is for them to attach their
digital signature to the form and submit it back to the server.

Ultimately we will probably have to do this, but for now the VisitURL
notification is enough...

--Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How can I find out who visited a URL within my ZopeProduct?

[Craeg K Strong]

I figured out a way to do this, although it uses an unpublished method.

In my __before_publishing_traverse__  I do the following:

 if not request.has_key('userId'):
 #
 # Get authentication information from the REQUEST, where it
 # is held in encrypted form.
 #
 # This code is copied directly from BaseRequest.py It uses
 # an unpublished method, but I see no decent alternative.
 #
 # CKS 10/8/2002
 #
 auth=request._authUserPW()
 if auth:
 name,password = auth
 request['userId'] = name

However, others have posted some interesting alternative solutions
that don't involve using unpublished methods.. :)

My reason for needing this follows.  If you don't care, hit delete now :)

We are using the Command pattern, so every user gesture becomes an
execution of a Command.

Each Command is logged.  The logged Command includes the user, datetime
the command was executed, and other relevant information.

This gives us a full audit trail, undo-able commands, capability to
"replay history", etc.

The act of visiting a URL is also a Command, and is logged as such.
Why?  Because that way we can provide roughly similar functionality
to sending a package "return receipt requested"

If we send an email to a counterparty to a legal contract with a URL to
the contract, we know that they saw the contract by observing a
VisitURL Command with their user ID and the URL of the contract.
That means they read the email and clicked on the URL we sent
(or navigated to it through some other means).

My application can then automatically send notifications to others
based on the execution of the VisitURL Command.
I can send email to my group saying "So and so has seen the contract"

In this particular case, we are writing an invoicing application, so the moment
the client "sees" the invoice this way, the Net-30 clock starts ticking

If, after a reasonable period of time, we STILL haven't seen a
VisitURL Command logged, we know that the recipient either hasn't read his
mail or hasn't clicked on the URL.  We can then send it to someone else or
call his boss and complain ;-)

--Craeg





Craeg K Strong wrote:
> Hello:
> 
> I would like to log the identity of the authenticated
> user for *every* URL traversal within my Zope Product.
> 
> For example, let's say that my forms-based web application contains 50
> screens.  They are all protected such that only authenticated users
> can view them.  Any one of them could be bookmarked, so a user could
> "jump in" at any point.
> 
> I want to record the fact that a user visited a screen, each and every
> time they do so.
> 
> A natural place to do this would be in a pre-traversal hook, but I seem
> to be stymied by the lack of authentication information in 
> __bobo_traverse__
> or __before_publishing_traverse__
> 
> Can anyone think of a way this could be done?
> 
> I suppose I could hack all of my ZPTs to call a "registerUser" method
> by putting it in an empty  in their shared header, but that seems
> to mix concerns.  Why should my ZPTs have knowledge of this workflow
> requirement?
> 
> Thanks in advance!
> 
> --Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] How can I find out who visited a URL within my Zope Product?

[Craeg K Strong]

Hello:

I would like to log the identity of the authenticated
user for *every* URL traversal within my Zope Product.

For example, let's say that my forms-based web application contains 50
screens.  They are all protected such that only authenticated users
can view them.  Any one of them could be bookmarked, so a user could
"jump in" at any point.

I want to record the fact that a user visited a screen, each and every
time they do so.

A natural place to do this would be in a pre-traversal hook, but I seem
to be stymied by the lack of authentication information in __bobo_traverse__
or __before_publishing_traverse__

Can anyone think of a way this could be done?

I suppose I could hack all of my ZPTs to call a "registerUser" method
by putting it in an empty  in their shared header, but that seems
to mix concerns.  Why should my ZPTs have knowledge of this workflow
requirement?

Thanks in advance!

--Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] MailHost.py does not set the "Date" header, who's bug?

[Craeg K Strong]

Hello:

I have noticed that all of my notifications on page edits in my ZWiki
are dated year=1969.

This happens because there is no "Date" header in the email message
sent from ZWiki (version 0.10)

The MailHost product that comes with Zope 2.5.1 does not add a Date
header to mail messages.

My mozilla email client seems to interpret the lack of a date header as
date="the beginning of time", or somewhere in 1969 ;-)

My Zope-based web app *also* uses MailHost to send out emails.
It has the same problem.

Here is my question.  Should ZWiki, my web app, and everybody else's
Zope-based web app in the world have to add "Date" headers?
Or maybe MailHost should be smart enough to add a Date header with
Date=now if Date is missing from the header...?

If someone from ZC agrees that this is a good idea, I would be happy
to provide a patch.

Regards,

--Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] http://cvs.zope.org/Products/Scheduler vs Xron for cron-likefunctionality. Advice?

[Craeg K Strong]

Hello:

I am looking for a way to schedule events within my Zope-based web
application.  Here are my requirements:

- Zope 2.5.1 platform
- Win/UNIX/Linux compatibility
- Ability to view and modify scheduled events
- repeating and one-time events
- ZPT based or integratable
- Easy to integrate into my application
 (e.g. event executes my method, I can display lists
 of pending events within my own custom forms)


It looks like there are two likely options:

http://cvs.zope.org/Products/Scheduler

-vs-

http://www.zope.org/Members/lstaffor/Xron

The Xron product release is almost a year old,
but Scheduler seems to be only available via CVS.

Can anyone comment as to the maturity/stability
of these products?  Any advice would be much appreciated.

Thanks!

--Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] __before_publishing_traverse__ calls RESPONSE.redirect():is there another way to change the browser URL?

[Craeg K Strong]

Andreas Kostyrka wrote:
> Am Fre, 2002-09-27 um 20.58 schrieb Craeg K Strong:
> 
>>Thanks for the advice!
>>
>>Unfortunately, I don't know how to do what you suggest.
>>
>>I believe that a redirect always causes a GET, rather than a POST, no?
>>
>>Also, hidden form fields are filled in on the original request, but the redirect
>>flushes the request.  All of my fields are gone!  :-(
>>
>>Perhaps I could do something really nasty and override the Python method
>>in urllib2 that handles HTTP redirects?
> 
> What to hell does urllib2 have to do with Zope?

Sorry for the non-sequitur..  I do not really know if Zope uses the urllib2
machinery or not.  Somewhere, however, there must be some code that catches

raise 'Redirect', myurl

and does the appropriate thing (creates a new request, etc.).

My "find-grep" caught   class HTTPRedirectHandler(BaseHandler):  (line 427 of 
urllib2.py)

But I have not looked into it enough to understand whether it is what
I am guessing it is, and-- even if so-- whether Zope uses it or not.

in any event, there are other, better solutions on the table, so at this point
it is no longer important...

> 
>>Today, that code creates a new REQUEST object, throwing away the old request.
>>I could cause it to insert some value that I would then test for,
>>to distinguish the two cases.
> 
> REQUEST.redirect sends a status code to the browser which then requests
> the new URL by itself, ...
> 
>>That would be the king of all hacks, but it might work :-}
> 
> Probably not. The only thing you can do with redirect is to urlencode
> your parameters, ...

You're probably right.  The browser is getting back a status code in the HTTP 
header that makes it generate a new request.  The question I had was: would
there be a way to stuff something in the HTTP header that the browser would
somehow copy over to the new HTTP header it sends back in response to the
redirect status code...?

After all, it *does* copy the URL to which it is being redirected, along with
all of its query parameters, etc

A thorough re-reading of the HTTP spec would probably give me an answer...

--Craeg

> 
> Andreas


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] __before_publishing_traverse__ calls RESPONSE.redirect():is there another way to change the browser URL?

[Craeg K Strong]

Indeed this should work.  Although I will first try out Casey's idea of using
the SessionDataManager, this is a nice fallback.  Very creative! :-)

--Craeg

Oliver Bleutgen wrote:
> Craeg K Strong wrote:
> 
>> I believe HTTP_REFERER will list the place from whence you were 
>> redirected,
>> but unfortunately it does not distinguish between
>>
>>  "redirect"  and
>>
>> "following HTML link"
>>
>> Of which my application has many :-(
> 
> 
> 
> Ok, then here are two other ideas:
> 
> 1. in your redirect to an acquired method which itself redirects back to 
> the document, this creates a HTTP_REFERER header which will tell you 
> that it - via this method - came from your application:
> 
> raise 'Redirect',newURL+'/I_am_just_here_to_show_the_special_redirect'
> 
> where 'I_am_just_here_to_show_the_special_redirect'
> 
> is a python script which just does
> context.REQUEST.RESPONSE.redirect(context.absolute_url())
> 
> I don't know ATM if you need perhaps context.aq_parent.absolute_url().
> 
> Now inspect HTTP_REFERER.split('/')[-1].
> 
> But note that HTTP_REFERER is not secure, because it's sent by the 
> client, and some privacy tools/proxies might suppress it.
> 
> 2. use cookies, which have their own problems.
> 
> Or, use both methods.
> 
> cheers,
> olive


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] __before_publishing_traverse__ calls RESPONSE.redirect():is there another way to change the browser URL?

[Craeg K Strong]

Casey Duncan wrote:
 > What you are looking for sounds like "stateful" through-the-web functionality.
 >
 > I think you should use sessions to remember the form fields and/or whether the
 > user has been to this URL before.
 >
 > I am suspect of an app design that makes a single URL mean different things in
 > this way, however. I suspect there is a much easier way to accomplish what
 > you want that does not use traversal hooks or magic redirect descrimination.
 >
 > I'm still not sure I'm seeing the big picture of what you are really trying to
 > accomplish here.
 >
 > -Casey

Hmm  You are probably right.  I confess I have not looked into the
SessionDataManager stuff yet, but it looks like now would be a good
time :-)I will look into it and report back..

For those who are interested, the following is a bit of elaboration on our
application architecture, which will explain why my question came up in
the first place.  For those who are not, feel free to hit the delete button
now :)

Our application is a typical forms-based business app.  Each page is a ZPT
with one or more forms on it.  Each business transaction is encapsulated by
a Command (a la GOF Command pattern).  That gives us "undo", logging, etc.
for every command in a uniform way and separates business logic from GUI
logic.

Every business object is published at a unique URL.  That is, a contract with
ID "123" would be published at myapp/contracts/123.  We use a mnemonic naming
scheme:

myapp/contracts/123  --> GET:  get a human readable HTML read-only 
representation of the resource

myapp/contracts/123/xml --> GET: get an XML representation of the resource

myapp/contracts/123/edit --> GET: get a human readable HTML form for modifying 
the resource

myapp/contracts/123/xml --> POST: replace the current state of the resource with
the state indicated by the passed-in XML document

This makes our app equally usable by humans and other apps, and also makes
beautiful reports easy to build using XSLT against the xml representations.

*However* we don't want to embed *any* URLs in our ZPT code.  All the forms
in the ZPT look like the following:


   
   
   


There is a one-to-one relationship between ZPTs and application states.
If you are in the "EditingInvoice" state, you are looking at the
EditingInvoiceForm.zpt

Similarly, Commands are pure-python beings.  They are not allowed to know
URLs.  The application defines a number of states and actions in a finite
state machine.  The step() method asks the finite state machine for the next 
state given the current state and the command ("actionName" above).
The application then actually executes the
appropriate command, and finally executes
its own internal algorithm to determine the proper URL to go
to given the resulting state.

For example, it knows that if the state is "EditingContract" then
there must be a "contractId" in the REQUEST, and the resulting
url is "contracts/" + contractId

Since our business objects (like contracts and invoices) are pure-python
(i.e. non-Zope objects), we do all of the traversal machinery in
the __before_publishing_traverse__ and __bobo_traverse__ hooks.

Some might say we pay a high price for purity :-) but it pays
dividends in the robustness and ease of maintainability of the code.
In many ways, we are trying to simulate a Zope-3 app on top of Zope2.5.1

Once again, thanks for all the help!

--Craeg


> 
> On Friday 27 September 2002 02:53 pm, Craeg K Strong wrote:
> 
>>Hello:
>>
>>This is a good idea, and would solve the problem as stated.
>>
>>Unfortunately, it conflicts with my other (heretofore unstated)
>>requirement that
>>
>>"all URLs shown in the browser should be bookmarkable
>>at all times."
>>
>>Once a user bookmarks foo?I_am_an_application_controlled_redirect=1
>>and comes back to it, it is no longer telling the truth ;-)
>>
>>--Craeg
>>
>>Oliver Bleutgen wrote:
>>
>>>Craeg K Strong wrote:
>>>
>>>
>>>>However, I would like to distinguish between two cases:
>>>>
>>>>a) Direct Navigation:   e.g.I am a user and I just typed in
>>>>
>>>>
>>>
> http://acme.com/myapp/contracts/TRW-001/taskorders/TO-01/invoices/DSDC-001-9301 
> 
>>>>
>>>>into my browser
>>>>
>>>>b) Application-Controlled:   e.g. I am the application, I did some 
>>>>processing
>>>>based on a button the user pressed in some form somewhere and determined
>>>>that the next URL should be
>>>>
>>>>
>>>
> http://acme.com/myapp/contracts/TRW-001/taskorders/TO-01/invoices/DSDC-001-9301 
> 
>>>>
>&g

Re: [Zope-dev] __before_publishing_traverse__ calls RESPONSE.redirect(): is there another way to change the browser URL?

[Craeg K Strong]

Thanks for the advice!

Unfortunately, I don't know how to do what you suggest.

I believe that a redirect always causes a GET, rather than a POST, no?

Also, hidden form fields are filled in on the original request, but the redirect
flushes the request.  All of my fields are gone!  :-(

Perhaps I could do something really nasty and override the Python method
in urllib2 that handles HTTP redirects?

Today, that code creates a new REQUEST object, throwing away the old request.
I could cause it to insert some value that I would then test for,
to distinguish the two cases.

That would be the king of all hacks, but it might work :-}

--Craeg

Florent Guillaume wrote:
> Craeg K Strong  <[EMAIL PROTECTED]> wrote:
> 
>>However, I would like to distinguish between two cases:
>>
>>a) Direct Navigation:   e.g.I am a user and I just typed in
>>
>>http://acme.com/myapp/contracts/TRW-001/taskorders/TO-01/invoices/DSDC-001-9301
>>
>>into my browser
>>
>>b) Application-Controlled:   e.g. I am the application, I did some processing
>>based on a button the user pressed in some form somewhere and determined
>>that the next URL should be
>>
>>http://acme.com/myapp/contracts/TRW-001/taskorders/TO-01/invoices/DSDC-001-9301
>>
>>Now here is the issue
>>
>>In both cases above, the REQUEST object looks identical.   Is there any way
>>that I can distinguish a GET that is the result of a REDIRECT from one that
>>is not?
>>
>>I would think this would be of interest to others.  For example, if I move my
>>web page and put a redirect from the old address, I could track how many
>>people came to my web page directly versus those that are still using the
>>old address and are getting redirected.
> 
> 
> You could try to do a POST and distinguish that from the GET when the
> user just types the URL. But it's probably better to add a special
> hidden field in your form to distinguish the two.
> 
> Florent



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] __before_publishing_traverse__ calls RESPONSE.redirect():is there another way to change the browser URL?

[Craeg K Strong]

Hello:

This is a good idea, and would solve the problem as stated.

Unfortunately, it conflicts with my other (heretofore unstated)
requirement that

"all URLs shown in the browser should be bookmarkable
at all times."

Once a user bookmarks foo?I_am_an_application_controlled_redirect=1
and comes back to it, it is no longer telling the truth ;-)

--Craeg

Oliver Bleutgen wrote:
> Craeg K Strong wrote:
> 
>> However, I would like to distinguish between two cases:
>>
>> a) Direct Navigation:   e.g.I am a user and I just typed in
>>
>> http://acme.com/myapp/contracts/TRW-001/taskorders/TO-01/invoices/DSDC-001-9301 
>>
>>
>> into my browser
>>
>> b) Application-Controlled:   e.g. I am the application, I did some 
>> processing
>> based on a button the user pressed in some form somewhere and determined
>> that the next URL should be
>>
>> http://acme.com/myapp/contracts/TRW-001/taskorders/TO-01/invoices/DSDC-001-9301 
>>
>>
>> Now here is the issue
>>
>> In both cases above, the REQUEST object looks identical.   Is there 
>> any way
>> that I can distinguish a GET that is the result of a REDIRECT from one 
>> that
>> is not?
>>
>> I would think this would be of interest to others.  For example, if I 
>> move my
>> web page and put a redirect from the old address, I could track how many
>> people came to my web page directly versus those that are still using the
>> old address and are getting redirected.
> 
> 
> raise 'Redirect', newURL+'?I_am_an_application_controlled_redirect=1'
> 
> 
> HTH,
> oliver



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] __before_publishing_traverse__ calls RESPONSE.redirect():is there another way to change the browser URL?

[Craeg K Strong]

I believe HTTP_REFERER will list the place from whence you were redirected,
but unfortunately it does not distinguish between

  "redirect"  and

"following HTML link"

Of which my application has many :-(

--Craeg

Casey Duncan wrote:
> On Friday 27 September 2002 12:49 pm, Craeg K Strong wrote:
> [snip]
> 
>>Now here is the issue
>>
>>In both cases above, the REQUEST object looks identical.   Is there any way
>>that I can distinguish a GET that is the result of a REDIRECT from one that
>>is not?
>>
>>I would think this would be of interest to others.  For example, if I move 
> 
> my
> 
>>web page and put a redirect from the old address, I could track how many
>>people came to my web page directly versus those that are still using the
>>old address and are getting redirected.
>>
>>Any advice?
> 
> 
> How about the HTTP_REFERER value? I'm not sure how a redirect affects this 
> though.
> 
> -Casey



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] __before_publishing_traverse__ calls RESPONSE.redirect():is there another way to change the browser URL?

[Craeg K Strong]

Thanks for the response!

I have made a bit more progress on the issue.  To recap: our application
consists of a number of HTML forms.  When the submit button on a form is
pressed, the application must do some processing in order to determine
which URL should next be displayed.

We are trying to follow ReST principles, so in order to view an invoice
within a task order for a contract, you might view the following url

http://acme.com/myapp/contracts/TRW-001/taskorders/TO-01/invoices/DSDC-001-9301

We have defined a __before_publishing_traverse__ hook that determines the proper
URL and then does the following:

raise 'Redirect', newURL

We found that by doing the redirect this way, rather than:

response.redirect(newURL)

__bobo_traverse__ does *not* get called.  By raising an exception, the
current call is aborted, and a new request is generated for the new URL.
This is a good thing.

However, I would like to distinguish between two cases:

a) Direct Navigation:   e.g.I am a user and I just typed in

http://acme.com/myapp/contracts/TRW-001/taskorders/TO-01/invoices/DSDC-001-9301

into my browser

b) Application-Controlled:   e.g. I am the application, I did some processing
based on a button the user pressed in some form somewhere and determined
that the next URL should be

http://acme.com/myapp/contracts/TRW-001/taskorders/TO-01/invoices/DSDC-001-9301

Now here is the issue

In both cases above, the REQUEST object looks identical.   Is there any way
that I can distinguish a GET that is the result of a REDIRECT from one that
is not?

I would think this would be of interest to others.  For example, if I move my
web page and put a redirect from the old address, I could track how many
people came to my web page directly versus those that are still using the
old address and are getting redirected.

Any advice?

Thanks again!

--Craeg

Casey Duncan wrote:
> - Original Message -----
> From: "Craeg K Strong" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, September 23, 2002 10:59 PM
> Subject: [Zope-dev] __before_publishing_traverse__ calls
> RESPONSE.redirect(): is there another way to change the browser URL?
>  
>>Hello:
>>
>>I have defined a __before_publishing__traverse__() method in my Zope
> 
> product.
> 
>>Its job is to redirect the URL displayed in the browser to a nice looking
>>URL, something like
>>
>>"../myapp/invoices/123"
>>
>>instead of
>>
>>"../myapp/execute"
> 
> 
> __before_publishing__traverse__() doesn't affect the way the url looks to
> the browser. Although it can change the path being traversed inside Zope if
> you wish. It effectively lets any traversed object affect the rest of the
> traversal in some arbitrary way, or do some work before it is itself
> traversed.
> 
> 
>>That way all my ZPT forms can call the same method: execute(),
>>and I don't hardcode any URLs in my ZPTs.  The objective is to
>>encapsulate my resource-to-URL mapping so that it can be changed
>>independently from the ZPT code.
>>
>>I don't want to use setVirtualRoot, because I want to change the entire
>>URL, not just "all but the leaf"
> 
> 
> I'm not following this.
> 
> 
>>The problem is that __before_publishing_traverse__ is getting called
> 
> *twice*
> 
>>for each button press.
>>
>>*First* it gets called with the "../myapp/execute" URL.  This is when I
>>call RESPONSE.redirect()
>>
>>*Second* it gets called with the "../myapp/invoices/123" URL
>>
>>I am trying to understand how Zope works with the HTTP REDIRECT machinery.
> 
> 
> __before_publishing_traverse__ is called once for any object that defines it
> each time that object is traversed during a web request. A redirect
> generates a whole new web request, so this causes another whole set of
> object traversals.
> 
> 
>>Is there a way to make the URL that is actually displayed in the browser
>>*different* from the Zope method name you are calling, aside from using
>>RESPONSE.redirect()?
> 
> 
> Redirect would not do this. Redirect changes the URL and makes the browser
> go to that URL. Whether that URL is a complete traversal to a method depends
> on your application. For example, a humble Python script has a traversal
> hook of the aforementioned variety that eats the rest of the URL path
> elements and binds them to the script's namespace, by default under the name
> "traverse_subpath". For example, given a Python script "pyscript" in your
> Zope root directory, then the following URL would call it:
> 
> http://zopeserver/pyscript/more/path/elements
> 
> When called, the script woul

Re: [Zope-dev] how to change to another authenticated user programmatically?

[Craeg K Strong]

Hello:


This is a great idea!  Even better, it is very easy to implement.
Brilliant.  We will do it this way.

Many thanks to all who responded.  zope-dev rocks :)

--Craeg

Andreas Kostyrka wrote:
> Am Die, 2002-09-24 um 19.41 schrieb Craeg K Strong:
> 
>>Alternative number two is to force the user to reauthenticate-- somehow get the
>>browser to popup a login screen where the user can type in the new username and
>>password.   This might be easier, b/c it is simply a matter of sending
>>back the appropriate HTTP Header and status codes, right?
> 
> Create an object/page that is viewable by all users except the registrar
> user. Redirect the user to it.
> 
> Andreas


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] how to change to another authenticated user programmatically?

[Craeg K Strong]

Hello:

I am working on an application where users register themselves.  That is,
there will be a registrar username and password that is sent out to all
prospective users via email.

The only thing the registrar can do is add a user.

The most convenient thing would be for the user to log in as the registrar,
add himself as a user, and then the application woud immediately recognize him
as *the new user* from then on, without the user having to exit the browser,
restart it, and login as the new user.

The new user is added using the standard _addUser() function on the user folder,
so it is a valid Zope user.

Does anyone know how to change the current AUTHENTICATED_USER programmatically?

That is, the "user" object in my ZPTs would thereafter be the *new* user,
not the registrar?

Alternative number two is to force the user to reauthenticate-- somehow get the
browser to popup a login screen where the user can type in the new username and
password.   This might be easier, b/c it is simply a matter of sending
back the appropriate HTTP Header and status codes, right?

Thanks in advance!

--Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] __before_publishing_traverse__ calls RESPONSE.redirect(): is thereanother way to change the browser URL?

[Craeg K Strong]

Hello:

I have defined a __before_publishing__traverse__() method in my Zope product.

Its job is to redirect the URL displayed in the browser to a nice looking
URL, something like

"../myapp/invoices/123"

instead of

"../myapp/execute"

That way all my ZPT forms can call the same method: execute(),
and I don't hardcode any URLs in my ZPTs.  The objective is to
encapsulate my resource-to-URL mapping so that it can be changed
independently from the ZPT code.

I don't want to use setVirtualRoot, because I want to change the entire
URL, not just "all but the leaf"

The problem is that __before_publishing_traverse__ is getting called *twice*
for each button press.

*First* it gets called with the "../myapp/execute" URL.  This is when I
call RESPONSE.redirect()

*Second* it gets called with the "../myapp/invoices/123" URL

I am trying to understand how Zope works with the HTTP REDIRECT machinery.

Is there a way to make the URL that is actually displayed in the browser
*different* from the Zope method name you are calling, aside from using
RESPONSE.redirect()?

Thanks in advance,


--Craeg Strong
Ariel Partners LLC


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Unit testing on win32 with FAT requires patch to custom_zodb.py,isthis a known issue?

[Craeg K Strong]

Hello:

I was just curious as to what the status is on this.
I just had to apply the patch to yet another Win2000 computer.
Thanks,

--Craeg

Shane Hathaway wrote:
> On Thu, 29 Aug 2002, Chris Withers wrote:
> 
> 
>>Shane Hathaway wrote:
>>
>>>No, this is not a known issue.  Could you provide a traceback?
>>
>>Traceback (most recent call last):
>>   File "testStripogram.py", line 103, in ?
>> import Zope
>>   File "D:\ZOPE\25228D~1.1\lib\python\Zope\__init__.py", line 40, in ?
>> m=imp.load_module('Zope.custom_zodb', m[0], m[1], m[2])
>>   File "D:\ZOPE\25228D~1.1\lib\python\Testing\custom_zodb.py", line 7, in ?
>> Storage = DemoStorage(base=FileStorage(dfi, read_only=1), quota=(1<<20))
>>   File "D:\ZOPE\25228D~1.1\lib\python\ZODB\FileStorage.py", line 200, in __init_
>>_
>> raise ValueError, "can\'t create a read-only file"
>>ValueError: can't create a read-only file
> 
> 
> Apparently the file "Data.fs.in" doesn't exist.  Why?  (Try adding "print
> dfi" to custom_zodb.py.)
> 
> Shane



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Unit testing on win32 with FAT requires patch to custom_zodb.py,is this a known issue?

[Craeg K Strong]

Hello:

In order to use the unit testing facility for my custom Zope Products under
FAT in win32, I had to do the following:
In the file name::

 [ZOPE]\lib\python\Testing\custom_zodb.py

   Where ZOPE stands for the directory in which you installed Zope,
   Change line number seven::

 Storage = DemoStorage(base=FileStorage(dfi,read_only=1), quota=(1<<20))

   to instead read::

 Storage = DemoStorage(base=FileStorage(dfi, read_only=0), quota=(1<<20))

   My guess is that FAT does not support the read_only attribute as required.

Is this a known issue?  Am I missing something?

Thanks very much!

--Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] [OPINIONS SOLICITED] Adding Batch Factory to ZMI "Add" menu OK?

[Craeg K Strong]

Hello:

I am about to release a new version of the ExternalFile and CVSFile products

http://www.zope.org/Members/arielpartners/ExternalFile

They are Zope objects that behave like standard Zope objects but retrieve
their content from files anywhere in the file system. (kind of like a windows 
shortcut or UNIX symbolic link)

I would like to include a way to automatically create an instance for every
file within a directory:  a "batch" flavor.

Previously, one would have to select "ExternalFile" from the "Add" menu in ZMI
for each and every file, one at a time.  For large directories, this is a major
pain.

The way I have implemented this is to create a new "pseudo object" -- basically
a factory for creating batches of ExternalFiles: "ExternalFileBatch"

You select "External File Batch" from the "Add" menu in ZMI and you get a form
that allows you to specify the directory.

Here is the code for ExternalFileBatch.py:


def manage_batch_add(self, target_dir, basedir='', REQUEST=None):
 """
 Factory method to actually create a batch of instances of
 ExternalFile.
 """
 message = "External File Batch Create Results:"

 try:
 filelist = dirlist(os.path.join(basedir,target_dir))

 if len(filelist) == 0:
 message = message + "No files found."

 for fileid, filepath in filelist:
 message = message + "Object instance '" + \
   fileid + \
   "' successfully created, pointing to file: " + \
   filepath + ""

 self._setObject(fileid, ExternalFile(fileid, '', '', filepath))
 self._getOb(fileid).reindex_object()

 except OSError, e:
 message = message + str(e)

 return MessageDialog(title   = 'results',
  message = message,
  action  = 'manage_main')


# ExternalFileBatch class


class ExternalFileBatch:
 """
 ExternalFileBatch is a factory for creating instances of
 ExternalFile a batch at a time
 """
 meta_type = 'External File Batch'


As you can see, ExternalFileBatch is not much of a class.   It is really just
a Factory for creating instances of another class, namely ExternalFile.

An alternative would have been to create an additional tab in the ZMI for 
Folders which allows you to create instances of ExternalFile.  I could do this
by monkeypatching Folders, or by creating an ExternalFileFolder class.

There are advantages and disadvantages either way.  I don't like 
ExternalFileFolder b/c ExternalFiles are not supposed to be anything special. 
The whole point is to be able to use them in ANY context in which you would use 
a standard Zope object.

Thoughts?

--Craeg



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Is there a de facto standard for manage_add() behavior?

[Craeg K Strong]

Hello:

I have a question about style.  

My ExternalFile product enables one to create zope objects that behave 
like DTML methods
or DTML documents but point to external files for their content.   The 
creation routines
handle many different possible cases

- external file does not exist yet, create it blank
- external file exists
- external file does not exist yet, upload a file and create it with 
uploaded content

etc, etc.

My manage_add() routine handles all of these cases, posting up 
confirmation dialogs, etc. when
necessary.  It then calls either

create_file() and/or
create_object()

to actually _create_ the external file (if necessary) and the 
ExternalFile instance (always).

The problem is this:  many users create ExternalFile instances 
programmatically.   To do this,
they expect to call manage_add()   when instead (according to my design) 
they should be calling
create_object() directly.

The question is-- am I violating some kind of de facto Zope standard?   
Is manage_add() supposed to
silently create an object without any sort of confirmation dialogs?   Or 
is this a simple case of
insufficient documentation-- I should make it more clear in the docs 
which methods to call in order
to create programmatically?

Of course, with Zope3 this wouldn't be an issue, because you have 
pluggable GUIs.  Don't like the default
dialogs? Plug in your own with by changing the deployment descriptor...  

In the meantime, however-- for Zope 2x, what do the Zope style mavens 
suggest?

Regards,

--Craeg



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Simplification via custom protocol handlers: cvs://server/project,zope://foo ?

[Craeg K Strong]

Dieter Maurer wrote:

>Craeg K Strong writes:
> > ...
> > The Zope protocol handler idea is interesting, and I haven't thought 
> > this all the way through yet.
> > Couldbe thought of as referring to "zope://blat" 
> > where the Zope protocol is the default
> > and therefore omitted?
>I do not think, this would be a good correspondence:
>
>  "zope://blat" is kind of an absolute URL while "blat" is by no means
>  absolute.
>
>
>Dieter
>
You're right, it is a different thing.I was originally thinking that 
you could
imagine a URN with a "zope" namespace ID (meaning the entire contents of 
the ZODB)
and the python expression as the namespace specific string.

However, I believe URNs are supposed to name a specific resource.  By 
contrast,
acquisition means that a dtml-var can name very different resources 
depending on
what is in the ZODB.  It is a variable, not a name.

I am now thinking that the way to avoid my multiple mixin problem in 
Zope-2 is
to break things apart into small pieces that each do a specific thing. 
 For example,
you could have:

- a CVSFile product that makes an object in ZODB retrieve its content 
from a CVS sandbox
- an XPath filter product that applies an xpath to an object in ZODB and 
returns the result
- an XSLT transformer product that applies an xslt to an object in ZODB 
and returns the result
- a STX to Docbook filter product that takes an ASCII file in structured 
text format and returns
an XML file using the docbook dialect (I think STXDocument does this)

So you could have a structured text document foo.stx in your CVS sandbox.  
A contrived example follows.  Lets say you wanted an HTML page that 
displayed
only a portion of the contents of a structured text file.  The file 
("foo.stx") is in your
CVS sandbox, and you just want the first paragraph as an HTML page.

You would create an instance of CVSFile called foo.stx in ZODB.  foo.stx 
gets its
content from the file "foo.stx" in your CVS sandbox.

You would then create an instance of STXDocument that gets its content
from foo.stx but transforms it into docbook XML.  You might call it foo.xml

You could then create an instance of XPathFilter that gets its content 
from foo.xml
but just picks out some subset of that content based on the specified 
xpath.  You might
call that object "bar.xml"

Finally, You could create an instance of XSLTFile that gets its content 
from bar.xml
and applies an xslt transformer to it to output HTML.  You might call 
this file "index_html"

So inside a single folder in ZODB you could have your four different 
objects:

folder/foo.stx  (instanceof CVSFile)
folder/foo.xml  (instanceof STXDocument)
folder/bar.xml   (instanceof XPathFilter)
folder/index_html  (instanceof XSLTFile)

So by navigating to "folder" you automatically get the HTML webpage with 
the desired content.

How to make this work?   Each Zope Product must be able to either hold 
its content directly
or get its content by referring to another object in ZODB.   Also, if 
the Product maintains a cache
(obviously you don't want to run a transformation more than once on the 
same content) it must
ask the referrred to object if its contents have changed.

Thoughts?

--Craeg



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Simplification via custom protocol handlers: cvs://server/project,zope://foo ?

[Craeg K Strong]

Hello:

I am the author of the CVSFile product, available at 
http://www.zope.org/Members/arielpartners/CVSFile

I am thinking about implementing a new design, and wanted to get some
feedback from the list first (perhaps others have tried this approach?)

Here is a description of our problem:

ExternalFile is a Zope product that behaves like a 
DTMLDocument/method/etc but points
to a file outside of ZODB for its content (sort of like a symbolic link)

CVSFile inherits from ExternalFile, where the content file is stored in 
a CVS sandbox.
It features buttons to do updates, commits, etc.

So far, so good.  The problem is that we are working on a third Zope 
product whose instances
represent XML documents that automatically render themselves to HTML (or 
whatever) when
referred to.  You edit the XML content using ZMI or whatever, but when 
you navigate there,
you see the resulting web page/PDF/etc.  We are going to call it 
something along the lines of XSLTFile
because it uses XSLT to do the conversion.

Here's the issue:  the XML file that is the source of the transformation 
may or may not reside inside
the ZODB.   For example, we store most of our XML documents in CVS.   
 But if revision control is not
important (such as for one-off or throw-away documents) we keep them in 
ZODB.

How did we do this?  Well we had XSLTFile inherit from CVSFile. This 
is bad.   What happens
when we switch to some other revision control tool (like clearcase, 
subversion, sourcesafe)?  Either you
have multiple classes like "CVS-XSLTFile, Clearcase-XSLTFile, etc." or a 
single class that knows
about every possible version control system.   yuk.   Clearly, 
inheritance and mixins are not the answer.

Instead we want delegation.   How to do this?

One idea is to register a custom protocol handler with python, using 
urllib2.  
See:  http://www.python.org/doc/current/lib/module-urllib2.html 
  install_opener()

I am imagining the following.  a new XSLTFile instance is created, 
pointing to a URL for its
content.   Here are some examples of URLs:

cvs://myserver/myproject/my/file#VERSION-10
zope://foobar
http://www.foo.bar/myfile

In this way, the XSLTFile instance knows nothing about CVS or any other 
revision control system.
Instead, it only knows about a URL, and the CVS protocol handler would 
know about how to retrieve files
from CVS.   We could create our own scheme where a query parameter would 
specify the sandbox name
or something.

The Zope protocol handler idea is interesting, and I haven't thought 
this all the way through yet.
Couldbe thought of as referring to "zope://blat" 
where the Zope protocol is the default
and therefore omitted?   The idea of unifying all object references 
through URIs is intriguing to me.
(for more info, see REpresentational State Transfer: 
http://conveyor.com/RESTwiki/moin.cgi )

Comments?

--Craeg




___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Zope 2.6 project updated

[Craeg K. Strong]

Stephan Richter wrote:

>> I am afraid I must second this opinion.  We recently looked at 
>> OrderedFolder, thinking to subclass it
>> to produce our Slideshow product.   The idea was to make a 
>> lightweight web-based replacement for PowerPoint
>> where you can define the order of the slides and can hide/show them 
>> individually.
>
> Actually, there SmartWizard (of course built with OF), whcih can be 
> used for Slideshows. I used it for all my talks last year.

For some reason we missed that one :-( Of course, we also wanted 
functionality like selectively hiding slides
(that way you can have lots of slides in a standard slideshow and choose 
subsets for a particular presentation).
Still, the Products _are_ quite similar.  

We might be able to collaborate, but I suspect the Zope-2 architectural 
limitations will make it pretty difficult.
For example, we have three products that are related by inheritance, and 
even though _we_ wrote all of them,
it was interesting how much extra work it was to make them extensible in 
this way.   With the Zope-3 architecture
it would be _much_ easier.

>> We found that it was actually easier to create our own 
>> "OrderedFolder" base class and subclass it rather than
>> use OF because of the extra functionality we did not want.
>
> Really? You should just have used OrderedObjectManager as base class.

Are you referring to the latest (0.4 IIRC) release?  We did our work 
before that came out...

>> I am willing to help out.   I would love to see this functionality in 
>> 2.6 and carry it forward to 3.0...
>
> Ordering and the Limit code is already in the Zope 3 core. The 
> advanced Folder version there is know as LoadedFolder. 

Excellent!   I think Zope-3 anticipation is building to a fever 
pitch ;-)

--Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Zope 2.6 project updated

[Craeg K. Strong]

Stephan Richter wrote:

> If OF will make it in the core, the ZBabel stuff will be taken out of 
> it in anyway, since no part of Zope has something like that in it. I 
> am also tempted to say that only the ordering module should go in 
> (maybe the limit as well), since other functionality seems too specific.
>
> Regards,
> Stephan 

I am afraid I must second this opinion.  We recently looked at 
OrderedFolder, thinking to subclass it
to produce our Slideshow product.   The idea was to make a lightweight 
web-based replacement for PowerPoint
where you can define the order of the slides and can hide/show them 
individually.

We found that it was actually easier to create our own "OrderedFolder" 
base class and subclass it rather than
use OF because of the extra functionality we did not want.

Of course, the extra functionality is probably really useful for some 
people.  My vote would be to include
_some_ additional functionality like defined orderings in the Zope3 
core, and keep OF as a third party extension product
which people can use or not.  The Zope3 version of OF would then be 
simpler, as it would only have the remaining
functionality (like "reverse" acquisition, setting a max limit on number 
of items, etc.)

To summarize,

I would like to see regular Zope Folders enhanced to optionally have 
some notion of type
( a la  Brian's Zope 2.6 proposal "Object Type Assocation And Death To 
index_html"  )
and basic ordering

I am willing to help out.   I would love to see this functionality in 
2.6 and carry it forward to 3.0...

my 2c,

--Craeg

>



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: Zope vs. Cocoon

[Craeg K. Strong]

.  Cocoon does it out of the box  
>
>What else can I say :)
>
>No seriously: Zope is a more mature effort, but i strongly doubt that it
>can stand the evolution rates that this community exhibits.
>
I cannot agree with you here.  Zope Corporation is the primary driving 
force behind Zope, so there are actually
people out there who get paid to enhance Zope every day :-)I think 
their release schedule speaks for itself:

2.5.1beta1  2/22/2002
2.4.4beta1  1/28/2002
2.5.0  1/25/2002
2.5.0beta4  1/15/2002
2.5.0beta3  12/23/2001
2.5.0beta2  12/05/2001
2.5.0beta1   11/28/2001
2.4.3  11/12/2001
2.4.3beta1  11/05/2001

That is just since November.   In general, they have put out point 
releases every month and minor releases every six months.
Zope 3.0 is currently under development.

>Moreover, there is no indication of internal modularity and
>extensibility, SoC-based design, IoC design, data storage abstraction...
>and no indication on caching strategies, scalability and performance
>issues.
>
Actually, there is a RAM Cache Manager object built in to Zope.   This 
object, like all other Zope objects, can
be extended in Python (for example to change the caching strategy or 
whatnot).

Zope Enterprise Objects (http://www.zope.org/Products/ZEO) is an 
optional add-on product that turns
Zope into a distributed architecture, allowing multiple processors, 
machines, and networks to act as one website.

Zope _is_ too difficult to develop for, and it is not very easy to 
create objects that can be used both inside
and outside the Zope environment (i.e. the Zopish aspects are not 
modular enough).That is what the Zope 3.0
effort is all about.   The Zope community has learned from the Java/J2EE 
architecture: they are refactoring
the internals of Zope so that add-ons as well as Zope itself will be 
component-based.

(see: 
http://www.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/FrontPage )

However, having said that, Zope _is_ amazingly extensible.   Consider 
these statistics:

When we first became interested in Zope (Sept/Oct 2001), there were 
about 300 add-on products available
for Zope at the zope.org site.

Today, there are over 500 add-ons available.

This tells me two things:   Zope has an extremely active community, Zope 
is extensible

>My impression is that they use Zope because it gives them the
>functionality they need.
>
>Cocoon is different: it will give you the 'substrate' you need to make
>your functionalities grow... and give you a way to modularize these
>functionalities to share add compose with others.
>
>I think we have very little to learn from Zope that we didn't know
>already.
>
After reading my reply, do you still feel that way?

>
>
>But my point is: comparing Cocoon and Zope is an serious architectural
>mistake.
>
I agree they were created to solve different problems.However, there 
are many reasons why developers may
want to compare the two technologies:

- both are leading open-source platforms for building websites
- other major open source alternatives may no longer be as attractive 
(recent demise of arsdigita, enhydra's problems, ...)
- XSLT is becoming more mainstream (why Zopers might want to consider 
Cocoon)
- Inclusion of Lucene + Xindice with Cocoon narrows the gap

In general, based on my assessment of the architectural directions of 
both projects, they are likely to
provide more and more similar functionality as time goes on.

When it comes right down to it, I believe the slash-dotters were correct 
when they said that the main
issue may be choice of programming language.   If you have a development 
shop full of Java programmers,
are you really going to expect them to learn Python and Zope?  
(Of course, that is precisely what ArielPartners did :-)

Curious to hear your response,

--Craeg

-- 
Craeg K Strong, General Partner
Ariel Partners LLC
http://www.arielpartners.com
voice 781-647-2425
fax   781-647-9690




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] [ANNOUNCE] ArielPartners releases CVSFile 0.7

[Craeg K. Strong]

  This is the first public release of our CVSFile 
 product. CVSFile 
enables Zope content to be served out of files residing in CVS 
sandboxes, and provides access to common CVS functions through the web 
in the Zope Management Interface.
Why not simply use ZCVSFolder 
? Because CVSFile stores 
files in CVS as normal files, rather than as Python "pickles." This 
makes it easy to use the same content, held in CVS, in both Zope and 
non-Zope contexts.

CVSFile extends ExternalFile 
, and therefore 
inherits all of its functionality.




___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] [ANNOUNCE] ArielPartners releases ExternalFile 0.9

[Craeg K. Strong]

  This is the third public release of our ExternalFile 
 product.
Why not simply use ExtFile 
? Because ExternalFile 
supports pointing to a file "in situ" like a symbolic link, rather than 
copying it into some central repository directory.

This may not seem like a big deal, until you consider that those files 
might be stored in a revision control system like CVS. ExternalFile 
gives you the ability to create a Zope object that points to a file in, 
for example, a CVS sandbox for its content.

This new release is compatible with CVSFile-0-7. It also features 
"workalike" capabilities. ExternalFile can behave like any of the 
following:

* DTMLDocument
* DTMLMethod
* Image

ExternalFile is usable by itself. It is also the base class for CVSFile 
.




___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] How to automatically redirect publishing request to another folder?

[Craeg K. Strong]

Hello:

We have a Slideshow product that is similar to OrderedFolder in that it 
maintains an ordered
list of contents.  Each subfolder represents a slide.   To view a 
particular slide, you navigate to the
subfolder, it automatically calls "index_html,"  and there's your slide.

All of the slides actually acquire their index_html DTMLDocument from
high up on the food chain.   The index_html in turn callsand the body is, of
course, different for each slide.   This is convenient, b/c each slide 
shares header/footer/etc.

My problem is this.  When you type in the URL of the top level folder 
(that is, the slideshow folder itself)
I want Zope to behave as if you typed in the URL of the first slide 
automagically.   The Slideshow product
has an easy way to get our mitts on the firstSlide object, so that part 
is not a problem, but I cannot get it to work.

Of course, if I create an index_html() method directly in my 
Slideshow.py, that screws up my acquisition.
Zope dies with an infinite recursion.  

Next try: using __bobo_traverse__()   That is a little bit nasty, b/c 
you have to figure out whether you are
the "end destination" or if Zope is just "passin' thru."  
[ See http://www.zope.org//Members/andym/wiki/MessingWithTraversal ]

Nothing works quite right.   Conceptually I know what I want to do:   
call index_html on firstSlide()
in the _context_ of firstSlide().   However, my Zope Zen is failing me. 
   Has anyone done something like this?

Thanks in advance!

--Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] ExternalFile released

[Craeg K. Strong]

In case any of you hadn't seen it yet, here is the news item
I just posted on zope.org:


ExternalFile 0.8 Released (Stable)

Created by arielpartners  on 
2002/01/17.

This is the second public release of our ExternalFile 
 product.
Why not simply use ExtFile 
? Because ExternalFile 
supports pointing to a file "in situ" like a symbolic link, rather than 
copying it into some central repository directory.

This may not seem like a big deal, until you consider that those files 
might be stored in a revision control system like CVS. ExternalFile 
gives you the ability to create a Zope object that points to a file in, 
for example, a CVS sandbox for its content.

This new release adds "workalike" capabilities. ExternalFile can now 
behave like any of the following:

* DTMLDocument
* DTMLMethod
* Image

ExternalFile is usable by itself. It is also the base class for CVSFile, 
to be released shortly.

--Craeg





___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] [Fwd: Does anyone know how to suppress display of +/- signs on a dtml-tree?]

[Craeg K. Strong]

I would like to answer my own question (see below).   According to 
ZOPE/lib/python/TreeDisplay/TreeTag.py, there is no way to suppress
the display of the + or - signs.   However, there certain parameters to 
__init__ that have been commented out:

#  opened_decoration = None,
#   closed_decoration = None,
#   childless_decoration = None,

which suggests that either there was a way to control this at one time, 
or that it is functionality that is planned for the future.

What is the plan for this in Zope 2.5?   I could prepare a quickie patch 
if you guys don't have the time.

Please advise,  thanks!

--Craeg


] I want to display a dtml-tree always expanded, with no controls visible
] for contracting (basically, an indented list of links).
] I set the tree to always expand via the following:

] 

] 

] But I can't figure out how to remove the little minus signs (-) from the
] branches.

] Has anyone done this?

] TIA,

] --Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Anyone know how to pre-expand a certain branch of a dtml-tree?

[Craeg K. Strong]

Hello:

I want a certain branch of my dtml-tree to be pre-expanded whenever
the webpage that contains the tree is displayed.

My dtml-tree is quite simple; I use the usual subordinate folder 
structure setup:



TIA!

--Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Does anyone know how to suppress display of +/- signs on a dtml-tree?

[Craeg K. Strong]

Hello:

I want to display a dtml-tree always expanded, with no controls visible
for contracting (basically, an indented list of links).
I set the tree to always expand via the following:





But I can't figure out how to remove the little minus signs (-) from the 
branches.

Has anyone done this?  

TIA,

--Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Can edit via FTP respect Zope versions?

[Craeg K. Strong]

I would like to see the following scenario:

1) I go into Zope/manage_main, create a Version, and enter it.

2) Outside Zope, I use emacs and pull up a DTMLDocument in an edit 
buffer using FTP

3) I make my changes and save the file (FTP PUT)

4) I return to Zope and see that the changes have been made INSIDE MY 
VERSION

5) Happy with the changes, I commit my Version and exit it.


Today, this does not seem to work.  That is, even though I have started 
working in a Version,
FTP does not respect this.

How could such a facility be implemented?

Well, what about having a context mapping feature where you could map a 
user to a context.
The Zope FTP machinery, when it gets a login, uses the passed in userid 
and looks up the context
in the (global) context map.   For me, it says "oh, Craeg is working in 
a Version.  I will silently and automatically
map URLs for GET and PUT to respect his Version."   For my colleague, it 
says "oh, Chip has no
special context, no filtering needed..."

Further, there could be hooks provided so that Zope developers could 
provide their own URI Resolution
algorithms, so that different user's requests could be mapped in 
different ways.
To use a contrived example, this could be a way of implementing a 
development workflow scenario-- for development, requests
are mapped to one area, where as for testing they are mapped to a 
different area.  Note that the "virtual host monster"
operates on a somewhat similar idea.

Has anyone else felt the need for such a facility ("URIResolver") ?   
Does anyone have any pointers where I should look in the
Zope libraries to program my own?   Thanks in advance!

--Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Any interest in a set of Zope products to support CVS-versioned, XML/XSLT-based Zope development?

[Craeg K. Strong]

Greetings!

We at Ariel have recently started using Zope and, needless to say, we 
are enjoying a large increase in productivity
compared to our previous Apache-Cocoon2-Tomcat-Servlet-dbXML-Java 
environment.   In our opinion, Zope
is about a year or two ahead of where these guys are in many respects. 
 Kudos!

The main problems we faced while moving to Zope were these:

- how to support version control, branching, merging, tagging, etc. 
etc.  (we use CVS)
- how to support our XML/XSLT-pipeline based document publishing 
paradigm (cf Cocoon2)

We have seen several efforts underway to address these issues within the 
Zope community.   We have gone a slightly different
direction, but hope to contribute to these efforts in some way. In 
our environment:

- multiple author/developers work on the same documents at the same time
- we work on content for several clients at the same time
- web pages are cobbled together from content pulled from several XML 
documents, according to a PagePolicy
   (similar to the way articles are collected and pasted into a 
newspaper page).
- the PagePolicies can be changed independent of the underlying content 
(header-body-leftmargin-footer, header-body, etc)
- all content is in XML, transformed into HTML/DTML by XSLT.
- we use lots of tools other than Zope, so we want to keep our content 
in XML, not pickled Zope objects. (hold the pickles ;-)

In order to make all this work, we created three Zope Products:

ExternalFile:
Points to a file in the filesystem.  Unlike ExtFile, it is not copied 
into a repository directory, but remains "in situ"
Behaves similarly to a symbolic link in UNIX or windows shortcut.   
Metadata stays in Zope, but content stays in the file.
index_html and __call__ return the content as if it were a real Zope 
object, so Zope doesn't know the difference. :-)
Due to permissioning and other possible problems, this is probably only 
appropriate for development, not production.
In future, we hope to add an option to copy in the content to ZODB, 
essentially converting it to a DTMLDocument.  At that
point we will probably rename the class "ExternalizableFile"  more on 
this later.

CVSFile:
inherits from ExternalFile.Same thing, but the file is assumed to be 
inside of a CVS sandbox.   Includes buttons for doing
normal cvs commands.   Sandboxdir is stored in a cookie, so each 
developer can access his own sandbox via THE SAME ZOPE OBJECT.
That is, all developers can share a single Zope server but each see 
content from his own sandbox.   (play in your own sandbox :-)
This avoids the locking issues and other problems inherent in things 
like CVSwebClient.   It also enables the content to
stay "native" rather than becoming a Zope extract like in 
ZCVSMixin/ZCVSFolder.

XMLDocument:
(Sorry for the name clash).  Inherits from CVSFile.Has a notion 
of a "transformer" property that points to an XSLT transformer.
This enables it to be rendered automatically into HTML when __call__ or 
index_html is called.The underlying XML file
can either be external or not.  The XMLDocument object represents the 
entire file, as opposed to the parsedXML stuff that explodes
a single document into multiple Zope objects for each XML node (correct 
me if I am wrong...)

There is lots more to do, but we do have initial development versions of 
all three working in the lab.   Is there interest in this kind
of Product?   Would it be considered heretical? ;-)   Are others working 
on the same thing?

Thanks!

--Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Anyone know how to add a property to a Zope Product (not its instances)?

[Craeg K. Strong]

I am developing a new Zope product in python.  Normally one adds 
properties to a product like so:

class newProduct(SimpleItem, etc):

meta_type 'NewProduct'

_properties = (
 {'id': 'title', 'type':'string'},
 { 'id':'description','type':'string'},
 {'id':'foobar' , 'type':'string'"},
)

   . . .

This defines properties for instances of the new Product.   But I want 
to add properties for the product itself.
These properties would show up in the property sheet of the PRODUCT, not 
its instances-- ie in
Root Folder/Control_Panel/Products/NewProduct on the Properties tab.

By default, Zope adds the title and version properties, for which it 
gets the value from version.txt and meta_type,
but does anyone know a way to add more?

Thanks in advance,

--Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] How to get the FULL path of an uploaded file?

[Craeg K. Strong]

Does anyone know offhand how to get the FULL path of an uploaded file?

I am using the standard HTML  within a form inside a 
DTML document.

Inside my python method, I am getting a 
ZPublisher.HTTPRequest.FileUpload object.   Fine.

This stuff wraps the standard python cgi module to give you access to 
the headers and contents of the
file.  You can use a FileUpload the same way you would use a file.

The problem is:  the name of the FileUpload is the leaf name of the 
file, but not the entire path.

Does anyone know how to get the FULL PATHNAME as listed in the input 
field in the HTML form?

I believe Python is being too clever by half and by the time I get my 
grubby hands on it, the value is gone.

The only thing I could come up with was an awful little JavaScript hack 
where I snag the value from the
input field into another "hidden" field using OnChange/OnClick/OnBlur, 
and grab it later.

Any suggestions would be greatly appreciated.  Thanks!

(Should I repost this question on a python-dev list? hm)

--Craeg


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )