Tom, My modification of the css has nothing to do with security. It is to simplify the UI for general users. And I use the zmi not because it is easy but because it is proven.
If you have any specific examples of the management nightmare created by using zmi as a cms I would very much appreciate hearing about them. I think all websites are a management nightmare! (but it doesn't stop facebook from becoming a platform, eh?) :) Thanks, Tim On Jan 17, 2008 8:36 AM, Tom Von Lahndorff <[EMAIL PROTECTED]> wrote: > > There's nothing wrong with the ZMI. You're just try to hack into some > kind of cms rather than just build one. Hiding a link with css is > nasty hack and major security issue. While it may seem like what > you're doing is an easy path to a quick cms, you're really just > setting yourself up for a management nightmare. I'd recommend reading > through (all of) this: > > http://www.zope.org/Documentation/Books/ZopeBook > > > > On Jan 17, 2008, at 10:17 AM, Tim Nash wrote: > > > Tom, > > Thanks but I think I am almost done. I have replaced the old <style> > > calls with id="Find" id="Properties" etc. by access the sequence. Then > > I added css code at the top of that same file (I think it is > > manage_tabs.dtml, I'm not on that computer right now). So now I can > > format the tabs anyway I want. There is also a little bit of > > javascript that checks window.parent.location and applies changes to > > the tabs if the user hasn't logged into the base directory.(only > > available to the admin). > > > > My thinking is that the zmi is battle tested. I'd rather use something > > that many people have already been using. Plus, from my perspective, > > it looks to me like the zmi just needs a little updating. > > Incorporating style sheets, etc. and it can have a new life. > > > > zope 3 people: zope zmi, dtml are fast and really useful, please > > don't toss these valuable tools! > > > > On Jan 17, 2008 6:25 AM, Tom Von Lahndorff <[EMAIL PROTECTED]> wrote: > >> > >> You really should be writing a custom UI for this rather than hacking > >> the ZMI. It will probably take less time, be much more manageable, > >> flexible and secure. > >> > >> > >> On Jan 16, 2008, at 8:05 PM, Tim Nash wrote: > >> > >>> The other important difference between ajax loaded pages and iframes > >>> is that when you click on a link within an iframe page, the returned > >>> page is loaded into the same iframe. > >>> If I am not being clear, please check out this png file. > >>> <a href="http://medicinebrain.com/iframe.png"> > >>> http://medicinebrain.com/iframe.png > >>> </a> > >>> In this png I did a search for DML Docs within a tab panel and the > >>> search results are loaded into the same tab. > >>> > >>> BTW, I would like to simplify the zmi even more for my users. I want > >>> to hide various tabs (eg. security, find, etc) and I want to > >>> restrict > >>> the number of products they are shown in the drop down box for > >>> adding > >>> to a folder. > >>> However, I still want to offer complete zmi functionality to the > >>> overall administrator. > >>> I can probably hide the security tabs using css (the overall admin > >>> won't load the css sheet) but how can I control the products > >>> displayed > >>> to a user in the folder view of the zmi? > >>> > >>> Thanks, > >>> Tim > >>> > >>> > >>> > >>> On Jan 16, 2008 9:54 AM, Andreas Jung <[EMAIL PROTECTED]> wrote: > >>>> > >>>> > >>>> --On 16. Januar 2008 09:33:58 +0100 Tino Wildenhain <[EMAIL PROTECTED] > >>>>> > >>>> wrote: > >>>> > >>>> > >>>>> Tim Nash wrote: > >>>>>> Jurian, > >>>>>> While the ZMI is a bit geeky for the average user, it works quite > >>>>>> well inside an iframe. > >>>>>> iframes are used by many ajax/web2 (whatever you want to call it) > >>>>>> libraries. So in my application (for example) I currently make > >>>>>> ajax > >>>>>> calls to load specific zmi pages inside tabs of a window layout. > >>>>> > >>>>> IFRames. You should avoid those. With ajax or similar its easy to > >>>>> skip > >>>>> such stuff and just replace any named container tag. > >>>> > >>>> Iframes are still a valid choice in case asynchronous won't work > >>>> e.g. when > >>>> you need to load resources from servers != your origin server. Due > >>>> the > >>>> security model of asynchronous requests, a browser will only load > >>>> stuff > >>>> from the origin server. Iframes are a way to work around this > >>>> limitation - > >>>> ugly as you said, but sometimes a good workaround. > >>>> > >>>> Ansdeas > >> > >>> _______________________________________________ > >>> Zope maillist - Zope@zope.org > >>> http://mail.zope.org/mailman/listinfo/zope > >>> ** No cross posts or HTML encoding! ** > >>> (Related lists - > >>> http://mail.zope.org/mailman/listinfo/zope-announce > >>> http://mail.zope.org/mailman/listinfo/zope-dev ) > >> > >> > > _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )