Re: [Zope3-dev] Confusion re Site Management Objects

[Stephan Richter]

This should have been really posted on zope3-users.

On Monday 28 November 2005 00:53, Jeff Rush wrote:
> What are the two folders here, named 'default' and 'tools'?  And why does
> the 'Visit default folder' link take me to the same place as clicking on
> the 'default' folder itself?  One of the books say 'Tools folder let you
> manage tools.' ;-)

'Visit default folder' is just UI sugar for clicking on 'default', which is 
the default site management folder.

> It's not clear whether to create my DB connector under 'default' or 'tools'
> so I guessed and picked 'default'.

It does not matter. You could create a third site management folder having 
your own custom name and place the utility (DB adapter) in there.

> A key part I'm confused about is that when creating the connector, I gave
> it a name like 'dbfinance', but later I need to register it, giving it
> another name.  Why two names, and when is the first name ever used?  The
> second name (registration name) is what appears in the drop-down 'Known
> Connectors' vocabulary.  I guess I don't understand utility registration.
>  I'm used to the Zope 2 approach of dropping DB connectors in the
> acquisition path.

Originally we wanted to make naming and object and registering it using a name 
two separate concepts. I think this is still useful, but not that gentle for 
new comers. I agree with you that the registration form should at least 
suggest the name of the utility to be the registered name.

> After registration, I can use the connector, but I'm puzzled re access
> permissions.  If my connector permissions is 'zope.public', for general SQL
> access throughout the site architecture, does that mean there is a way for
> anonymous website visitors to invoke arbitrary SQL operations?

yes and no. Theoretically, everyone could access an arbitrary SQL expression. 
However, since the utility is stored inside a site management folder, the 
person would probably have not enough permissions to get there.

> Does Zope 3 
> support the Zope 2 idea of priviledged proxies, where an intermediate has
> more privilege than the user visiting the site?

I do not know this Zope 2 feature, so I cannot comment.

> One of very useful features of Zope 2 was balloon text that popped up when
> you hovered over component icons within the ZMI, which told you the type of
> component.  Adding that would help disambiguate the various types of
> folders, most of which have the same icon.

Feel free to add the feature.

> Also interesting, reported as bug #494, is that you can't ever remove
> registered utilities via the ZMI, even when they are deactivated.  You get
> a msg about needing to deactivate them first. ;-)

Eek, I am surprised it had not been promoted to urgent. We will fix that for 
the next release.

Regards,
Stephan
-- 
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
___
Zope3-dev mailing list
Zope3-dev@zope.org
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

[Zope3-dev] Confusion re Site Management Objects

[Jeff Rush]

Just digging into Zope 3 after years with Zope 2, I'm having trouble 
understanding the concept of 'site-management folders'.  I've got both of the 
Zope 3 books here, but am finding that this area of Zope 3 (I'm running Zope 
3.1) has changed from the time of the book writings.

My objective is to play with PsycopgDA, but the usage docs that come with 
PsycopgDA refer to obsolete/missing Zope 3 stuff re how to create a 
connector.

Let me walk thru some of my confusion.

In the root folder I click on 'Manage Site', which takes me into some kind of 
special folder, presumably a site mgmt folder although the presence of a 
'Site Management' tab leads me to wonder if I'm not there yet.

What are the two folders here, named 'default' and 'tools'?  And why does the 
'Visit default folder' link take me to the same place as clicking on the 
'default' folder itself?  One of the books say 'Tools folder let you manage 
tools.' ;-)

It's not clear whether to create my DB connector under 'default' or 'tools' so 
I guessed and picked 'default'.

A key part I'm confused about is that when creating the connector, I gave it a 
name like 'dbfinance', but later I need to register it, giving it another 
name.  Why two names, and when is the first name ever used?  The second name 
(registration name) is what appears in the drop-down 'Known Connectors' 
vocabulary.  I guess I don't understand utility registration.  I'm used to 
the Zope 2 approach of dropping DB connectors in the acquisition path.

After registration, I can use the connector, but I'm puzzled re access 
permissions.  If my connector permissions is 'zope.public', for general SQL 
access throughout the site architecture, does that mean there is a way for 
anonymous website visitors to invoke arbitrary SQL operations?  Does Zope 3 
support the Zope 2 idea of priviledged proxies, where an intermediate has 
more privilege than the user visiting the site?

One of very useful features of Zope 2 was balloon text that popped up when you 
hovered over component icons within the ZMI, which told you the type of 
component.  Adding that would help disambiguate the various types of folders, 
most of which have the same icon.

Also interesting, reported as bug #494, is that you can't ever remove 
registered utilities via the ZMI, even when they are deactivated.  You get a 
msg about needing to deactivate them first. ;-)

-Jeff
___
Zope3-dev mailing list
Zope3-dev@zope.org
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com