[Zope-dev] Inhibit URL-traversal
Greetings, for a product I am writing, i need to experiment with inhibiting URL-traversal to the methods and subobjects of it. I still wnat the methods and objects to be available via direct call, for instance: from a script or template: container.my_product_instance.some_method(...) but not http://some/url/my_product_instance/some_method?... In effect I am hiding that part of the zodb for external access- Also, can such a behaviour be imposed on templates (they being methods really) and Script(Python)s? Thanks, /dario -- -- --- Dario Lopez-Kästen, IT Systems Services Chalmers University of Tech. Lyrics applied to programming application design: emancipate yourself from mental slavery - redemption song, b. marley ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Python warnings behavior and stacklevel=2
Hi there, I'm having some problems with the warnings module behavior. (Python-2.4.2 and Zope-2.9 trunk) [... traceback ... ] - Line 71 Module zLOG, line 140, in LOG Module warnings, line 61, in warn Module warnings, line 67, in warn_explicit TypeError: unsubscriptable object It seems to be referenced on the Python tracker since Python-2.3.3. Has been fixed and closed but has been updated in January this year. https://sourceforge.net/tracker/?func=detailatid=105470aid=890010group_id=5470 Specifying a stacklevel of a workaround, instead of 2 within the zLOG/__init__.py for instance1, as works fine. (and this seems to appear within the Python but report) I actually get the same error and behavior within CPS code using the warnings module with a stacklevel of 2. Has someone a proper way to fix this from Zope and / or Python or can we simply change the StackLevel of the deprecation warnings to 1 waiting for a proper fix in Python ? Cheers, J. -- Julien Anguenot | Nuxeo RD (Paris, France) CPS Platform : http://www.cps-project.org Zope3 / ECM : http://www.z3lab.org mail: anguenot at nuxeo.com; tel: +33 (0) 6 72 57 57 66 signature.asc Description: OpenPGP digital signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Introspector package in zope 2.9
Hello, I can't find the Introspector package in zope.app in 2.9 (Zope shipped with Zope-2.9.0.tgz) but can find it on svn. Forgot something ? Can you help? Thanks! Regards, Jeff ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Inhibit URL-traversal
Dario Lopez-Kästen wrote at 2006-2-10 10:56 +0100: ... for a product I am writing, i need to experiment with inhibiting URL-traversal to the methods and subobjects of it. I still wnat the methods and objects to be available via direct call, for instance: You can use a SiteAccess AccessRule for this. Be warned, however, that AccessRules can be disabled in the URL (by a few knowing people). If this concerns you, can can remove this feature from AccessRule (code modification). ... Also, can such a behaviour be imposed on templates (they being methods really) and Script(Python)s? It can -- with some difficulties: Templates and scripts are called because they define index_html as None. If you give a template or script a non-None index_html, then this object will be called instead of the template/script. -- Dieter ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Python warnings behavior and stacklevel=2
[Julien Anguenot] I'm having some problems with the warnings module behavior. (Python-2.4.2 and Zope-2.9 trunk) [... traceback ... ] - Line 71 Module zLOG, line 140, in LOG Module warnings, line 61, in warn Module warnings, line 67, in warn_explicit TypeError: unsubscriptable object It seems to be referenced on the Python tracker since Python-2.3.3. Has been fixed and closed but has been updated in January this year. https://sourceforge.net/tracker/?func=detailatid=105470aid=890010group_id=5470 I expect that referencing that bug report is just misleading here: none of the bad behaviors listed in that bug report occur under Python 2.4.2 (I just tried all of 'em). Specifying a stacklevel of a workaround, instead of 2 within the zLOG/__init__.py for instance1, as works fine. (and this seems to appear within the Python but report) None of the provoking code in the bug report used stacklevel. There's a line of _output_ in the bug report, from a pdb session, where pdb showed the first line of the warnings.warn() function, showing that `stacklevel` is a formal argument of `warn()`, and that it defaults to 1: (Pdb) s --Call-- /usr/lib/python2.3/warnings.py(24)warn() - def warn(message, category=None, stacklevel=1): # this is pdb output, not input There's no other mention of `stacklevel` in the report. I actually get the same error and behavior within CPS code using the warnings module with a stacklevel of 2. Has someone a proper way to fix this from Zope and / or Python or can we simply change the StackLevel of the deprecation warnings to 1 waiting for a proper fix in Python ? All the symptoms in the bug report are already fixed. In the absence of a new bug report, nothing else _will_ be fixed in Python related to this. The _cause_ of those bugs in the first place was an internal Python error: one of the internal functions didn't propagate exceptions properly back to the eval loop. It's possible that other cases like that exist, in Python itself or in a C extension module (it's actually a pretty common error in extension modules). Progress requires a small test case demonstrating the problem; the bug report contained several small test cases illustrating symtpoms, but all of those have been repaired, so if there's another bug it requires another test case to track it down. ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope] Using ParsedXML from Python script
(Thu, Feb 09, 2006 at 12:00:08PM -0500) [EMAIL PROTECTED] wrote/schrieb/egrapse:
From: Brian Sullivan [EMAIL PROTECTED]
Subject: [Zope] Using ParsedXML from Python script
I am attempting to extract information from a ParsedXML object using
Python script.
I can't seem to get my mind around exactly how this works. Can anyone
point non trivial examples in Python of maniupulating a ParsedXML
object?
This is from a class that is based on ParsedXML.ParsedXML, caveat: It's
code from an old project that isn't maintained and maybe it was done
suboptimal anyway :-)
def get_Status(self):
doc = self.documentElement
status = doc.getElementsByTagName('Status')[0].getAttribute('Number')
return { 'Status':str(status), 'Schema':'ImageID' }
another one:
def get_photo_count(self):
return self.documentElement.getElementsByTagName('Photo').length
the manage_addXY method of that object has something like this inside:
try:
b = NetSelection(id, file, useNamespaces, contentType)
except expat.error, e:
... do things here
and the class has no explicit __init__ method, so likely we got that
from the ParsedXML.ParsedXML base class.
also there seems to be stuff that adds/changes things in some methods:
if not new_node:
new_node = this_Photo.appendChild(doc.createElement(Network_Description))
or:
def _set_description_on_node ( self, node, Description_Dictionary ):
''' sets the contents of a Dictionary into an XML node '''
for fred in Description_Dictionary.keys():
node.setAttribute( fred, Description_Dictionary[ fred ] )
Is that the kind of thing you were looking for?
Regards,
Sascha
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope and roles and hierarchy
- Original Message - From: David [EMAIL PROTECTED] To: zope user list zope@zope.org Sent: Friday, February 10, 2006 4:44 AM Subject: [Zope] Zope and roles and hierarchy Hello Zope, Is it true that even though a user Role like 'author' is defined at zope root that users defined lower in the hierarchy *also* with role 'author' cannot access objects at root with role 'author' and permissions of view and access? The online zope book seems to say so. If so, couldn't we have some extra attribute to a role like upwardly mobile? (I want to share a code base for several folders sub-folders and I do not wanta to give it anonymous access). I second that. This used to be possible, at least up to zope 2.7.3. Not any more in 2.7.8. The loss of this feature makes the acquisition concept obsolete to some extent. cb ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] zope file system folder(severe problem)
Hello Zope, I am new to zope and I'm exploring different products an functions. A couple of days ago I tried to install a zope product called zope file system folder, on a zope 2.8.4 linux(Red Hat core 4) installation. What this attemt caused was a severe damage of the linux partition. The exact boot error message is this: JDB:Failed to read block at offset 7609 EXT3-fs:error loading journal I tried rescue mode but it whouldn't even let me mount the partition. Anyway I managed to save my work files using a windows utility (Fortunatly I have windows booting too.) and lost a day's work reinstalling and reconfiguring my linux. Could somebody please tell me why did that happen? I need the functionality of file sytem folder but I sure wouldn't risk installing it again! ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] zope file system folder(severe problem)
Hi, Suggest firstup you read: http://www.catb.org/~esr/faqs/smart-questions.html ...especially the bit about Don't flag your question as “Urgent”, even if it is for you... Giorgos Dimitriou wrote: I am new to zope and I'm exploring different products an functions. A couple of days ago I tried to install a zope product called zope file system folder, on a zope 2.8.4 linux(Red Hat core 4) installation. Where did you download it from? How are we supposed to help you if we don't know what software you used? What this attemt caused was a severe damage of the linux partition. The exact boot error message is this: JDB:Failed to read block at offset 7609 EXT3-fs:error loading journal I'm pretty suprised about that.. I'd look elsewhere, like a hardware failure, to find the source of your problem... Could somebody please tell me why did that happen? I need the functionality of file sytem folder but I sure wouldn't risk installing it again! I suspect you really want LocalFS... cheers, Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] zope file system folder(severe problem)
2006/2/10, Chris Withers [EMAIL PROTECTED]: Hi,Suggest firstup you read:http://www.catb.org/~esr/faqs/smart-questions.html...especially the bit about Don't flag your question as "Urgent", even if it is for you... Ok I'm sorry about the severe part. Giorgos Dimitriou wrote: I am new to zope and I'm exploring different products an functions. A couple of days ago I tried to install a zope product called zope file system folder, on a zope 2.8.4 linux(Red Hat core 4) installation.Where did you download it from? How are we supposed to help you if we don't know what software you used? http://sourceforge.net/projects/fsfolder I just searched in www.zope.org for file system and it came out as a product. I don't think you can help me actually, I just re-installed everything What this attemt caused was a severe damage of the linux partition. The exact boot error message is this: JDB:Failed to read block at offset 7609 EXT3-fs:error loading journal I'm pretty suprised about that.. I'd look elsewhere, like a hardwarefailure, to find the source of your problem... There is no hardware problem, I actually used the same partition to do my fresh installation. Could somebody please tell me why did that happen? I need the functionality of file sytem folder but I sure wouldn't risk installing it again!I suspect you really want LocalFS... Yes! this is what I want thanx. Anyway, I'm sure there is no hardware problem and everything happened after I tried to run the product. To be more specific after running it I lost a bunch of files in my home dir .bashrc etc. I thought I fixed it untill I had to reboot and then it happened. I can't imagine what went wrong apart from the product itself. cheers,Chris--Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk cheers, George ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] zope file system folder
Giorgos Dimitriou wrote: Suggest firstup you read: http://www.catb.org/~esr/faqs/smart-questions.html Ok I'm sorry about the severe part. Yup, there's loads of other good stuff in there too ;-) http://sourceforge.net/projects/fsfolder I just searched in www.zope.org for file system and it came out as a product. Okay, I don't think I'd choose to use software that's 2 years old and still marked as Alpha ;-) I don't think you can help me actually, I just re-installed everything Yup, but I doubt fsfolder caused the problem... I'm pretty suprised about that.. I'd look elsewhere, like a hardware failure, to find the source of your problem... There is no hardware problem, I actually used the same partition to do my fresh installation. Well, good luck ;-) cheers, Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: zope file system folder(severe problem)
http://sourceforge.net/projects/fsfolder I just searched in www.zope.org for file system and it came out as a product. I don't think you can help me actually, I just re-installed everything Well, I still have difficulties in believing that Zope will damage your filesystem, but I do not know that Product you mention. What I can see however, is that it is declared as pre alpha code - do you know what that means? If you running your Zope Instance with a dedicated User (like zope e.g.) on Linux I still cannot imagine how this Application, running with limited rights can damage your Partition. Kind Regards Maik ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Method to return the properties of an object
Is there a method to return the properties of an object?Sorry if it's sth obvious! ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: major problems placing authentication on an extranet site-security flaw?
Well I said it was over and out but I have to respond to this latest post. I appreciate the help here and will be trying out some of the suggestions. Basically though, Zope permissions and security could be made a lot more usable. It's far too technically focused and this is the opinion of a few others as well. The whole ZMI interface could be put through a usability re-design to be honest and that's not even to comtemplate the security areas. I have a few clients, who I have built sites for using Plone and on showing them the ZMI they have re-coiled in absolute horror. Now obviously Plone is trying to bring more and more features within its own interface, which is good as it's more usable. However many things still remain. Most of my clients are able to use the Plone editing tools and interfaces but can't at all get their heads round the ZMI. I would guess that changing interfaces doesn't help but there you go. Glad you feel entertained Norbert. I have been as well and at the same time have made quite a bit of progress. Cheers.On 2/9/06, Norbert Marrale [EMAIL PROTECTED] wrote:Chris Withers wrote: michael nt milne wrote: Over and out on this one from me You promise? ;-) ChrisI think Tino made the key suggestion earlier on: log out of the ZMI,close your browser, restart it, clear the cache, clear any saved passwords, try to view the page in question and - if your settings arecorrect - get prompted to log by whichever authentication mechanism youchose to implement. If you cancel out and are able to view the page, you made a configuration mistake somewhere. Find it, fix it - and try again.This has become one of the more hilarious threads I've read in a longtime. I suggest submitting Michael's name to alt.usenet.kooks for consideration as KotM.Norbert___Zope maillist-Zope@zope.org http://mail.zope.org/mailman/listinfo/zope** No cross posts or HTML encoding!**(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )-- Michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Method to return the properties of an object
You can create a small utility external method to call dir() and type() - very useful!Jonathan - Original Message - From: George To: zope@zope.org Sent: Friday, February 10, 2006 8:11 AM Subject: [Zope] Method to return the properties of an object Is there a method to return the properties of an object?Sorry if it's sth obvious! ___Zope maillist - Zope@zope.orghttp://mail.zope.org/mailman/listinfo/zope** No cross posts or HTML encoding! **(Related lists - http://mail.zope.org/mailman/listinfo/zope-announcehttp://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: major problems placing authentication on an extranet site-security flaw?
michael nt milne wrote: Well I said it was over and out but I have to respond to this latest post. You liar! Basically though, Zope permissions and security could be made a lot more usable. Cool, we look forward to your documented proposal to dev.zope.org including implemented code on a branch with unit tests that satisfies all of Zope's potential users while maintaining complete security in all scenarios and providing a ui so perfect that even muppets could use it and not shoot themselves in the foot. It's far too technically focused and this is the opinion of a few others as well. A few other halfwits maybe... The whole ZMI interface could be put through a usability re-design to be honest Ah great, does that mean you're offering to finance this? and that's not even to comtemplate the security areas. I'm not sure you're qualified or capable of contemplating such areas ;-) I have a few clients, I pitty them, I really do... who I have built sites for using Plone and on showing them the ZMI they have re-coiled in absolute horror. Sure it wasn't just your cack-handed coding? ;-) Now obviously Plone is trying to bring more and more features within its own interface, which is good as it's more usable. Obiviously, it's why we all _love_ Plohn so _damn_ much *grinz* However many things still remain. Sadly, including you... Most of my clients are able to use the Plone editing tools and interfaces but can't at all get their heads round the ZMI. They shouldn't be going to the ZMI if you've done your job properly with the Plohn interface... I would guess that changing interfaces doesn't help but there you go. Guessing? Yay, just what you need from someone you're paying to develop something... Glad you feel entertained Norbert. I have been as well and at the same time have made quite a bit of progress. Cheers. Please god, leaves us alone... Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Method to return the properties of an object
George wrote: Is there a method to return the properties of an object? Not sure what you're talking about... Properties as defined by the PropertySheet/PropertyManager API, or just attributes ? -- bruno desthuilliers développeur [EMAIL PROTECTED] http://www.modulix.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Method to return the properties of an object
Jonathan schrieb: You can create a small utility external method to call dir() and type() - very useful! There are easier ways to shot yourself in the foot :-) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: Zope and roles and hierarchy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David wrote: Is it true that even though a user Role like 'author' is defined at zope root that users defined lower in the hierarchy *also* with role 'author' cannot access objects at root with role 'author' and permissions of view and access? The online zope book seems to say so. If so, couldn't we have some extra attribute to a role like upwardly mobile? (I want to share a code base for several folders sub-folders and I do not wanta to give it anonymous access). The scope of a user's roles is limited to the folder containing her user folder. The usual way to accomplish what you are asking for is to have a single user folder at the highest scope which needs protecting, and hav it grant users a role (you might even use 'Authenticated') which you use to protect the shared resources. You would then grant them *local* roles on the subfolders, giving them more access. Tres. - -- === Tres Seaver +1 202-558-7113 [EMAIL PROTECTED] Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFD7Jdn+gerLs4ltQ4RAqeNAKCTPYdS61XRIqXpNRC//p0vyqJVAQCfV0Tr OX6edHZz3TSsDITtETExXQE= =w5qj -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Method to return the properties of an object
How would you shoot yourself? - Original Message - From: Tino Wildenhain [EMAIL PROTECTED] To: Jonathan [EMAIL PROTECTED] Cc: George [EMAIL PROTECTED]; zope@zope.org Sent: Friday, February 10, 2006 8:36 AM Subject: Re: [Zope] Method to return the properties of an object Jonathan schrieb: You can create a small utility external method to call dir() and ype() - very useful! There are easier ways to shot yourself in the foot :-) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Method to return the properties of an object
Jonathan schrieb: How would you shoot yourself? dont you think these methods arent accessible from ZMI code by purpose? :-) Btw, for Properties and their types there are already API methods. So no need to put holes into your site security. Regards Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Method to return the properties of an object
The idea of using an external method for dir/type is simply to allow a developer to quickly investigate attributes/methods of objects - if you are silly enough to actually incorporate this mechanism into 'production' code then you should shoot yourself. - Original Message - From: Tino Wildenhain [EMAIL PROTECTED] To: Jonathan [EMAIL PROTECTED] Cc: zope@zope.org Sent: Friday, February 10, 2006 8:45 AM Subject: Re: [Zope] Method to return the properties of an object Jonathan schrieb: How would you shoot yourself? dont you think these methods arent accessible from ZMI code by purpose? :-) Btw, for Properties and their types there are already API methods. So no need to put holes into your site security. Regards Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: Method to return the properties of an object
On 2/10/06, George [EMAIL PROTECTED] wrote: propertyMap() Returns a tuple of mappings, giving meta-data for properties. The meta-data includes id, type, and mode.Thx! Sorry for my blindness! :) On 2/10/06, Tres Seaver [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE-Hash: SHA1George wrote: Is there a method to return the properties of an object? Sorry if it's sth obvious!*For properties defined via the Properties tab, use the API defined in OFS.PropertyManager, e.g. 'propertyMap'.Tres.- --===Tres Seaver+1 202-558-7113 [EMAIL PROTECTED]Palladion Software Excellence by Designhttp://palladion.com-BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux)Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.orgiD8DBQFD7JiY+gerLs4ltQ4RAhKnAKCSIx5apt9mabTVkh/4JkSizQ4JKwCggMuDi8vudlG9vI0POoDudbbAX/M= =gw2Q-END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope and roles and hierarchy
On 2/10/06, Kees de Brabander [EMAIL PROTECTED] wrote: If so, couldn't we have some extra attribute to a role like upwardly mobile? (I want to share a code base for several folders sub-folders and I do not wanta to give it anonymous access). I second that. This used to be possible, at least up to zope 2.7.3. No, you don't have any rights above where you are created, because you don't exist there and hence you can not be validated. Implementing that would be complicated, unnecessary and most likely open up huge security holes. The loss of this feature makes the acquisition concept obsolete to some extent. There may be some difference and some feature which you lost between 2.7.3 and 2.7.8, especially since there was done a lot of security fixes, but the described functionality was not it, unless Zope 2.7.3 specifically had by mistake opened up this gaping security hole. -- Lennart Regebro, Nuxeo http://www.nuxeo.com/ CPS Content Management http://www.cps-project.org/ ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: Method to return the properties of an object
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 George wrote: Is there a method to return the properties of an object? Sorry if it's sth obvious!* For properties defined via the Properties tab, use the API defined in OFS.PropertyManager, e.g. 'propertyMap'. Tres. - -- === Tres Seaver +1 202-558-7113 [EMAIL PROTECTED] Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFD7JiY+gerLs4ltQ4RAhKnAKCSIx5apt9mabTVkh/4JkSizQ4JKwCggMuD i8vudlG9vI0POoDudbbAX/M= =gw2Q -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Method to return the properties of an object
Jonathan schrieb: The idea of using an external method for dir/type is simply to allow a developer to quickly investigate attributes/methods of objects - if you are silly enough to actually incorporate this mechanism into 'production' code then you should shoot yourself. And how did you protect your external methods? :-) Btw: Hint - as developer, start a 2nd ZEO client via zopectl debug and use dir, type, help() interactively on your object tree :-) Regards Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] about zope and mouse event handling
I want to make a web page that could handle mouse events. My primary goal is to do some image processing like zooming and panning on an image displayed and redisplay it on the same page. But I don't really know how to approach this and at the same time interacting with Zope to retrieve relevent information from the database. I wasreading GUI with python coding but I don't know how toconnect itwith zope database. Is this method possible? Is thereany other methods I could look into? Relax. Yahoo! Mail virus scanning helps detect nasty viruses!___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Method to return the properties of an object
Jonathan schrieb: The idea of using an external method for dir/type is simply to allow a developer to quickly investigate attributes/methods of objects - if you are silly enough to actually incorporate this mechanism into 'production' code then you should shoot yourself. And how did you protect your external methods? :-) We develop on an internal server (no public/outside access), so security for developer utilities is not an issue. Btw: Hint - as developer, start a 2nd ZEO client via zopectl debug and use dir, type, help() interactively on your object tree :-) Good hint! ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] about zope and mouse event handling
Handling mouse eventsis a _javascript_/DOM issue. If you are interested in having _javascript_ communicate with zope you could look into Ajax (although I prefer Json to XML). This might help: http://www.zope.org/Members/ree/jsonserver2 Jonathan - Original Message - From: Allen Huang To: Zope Sent: Friday, February 10, 2006 9:13 AM Subject: [Zope] about zope and mouse event handling I want to make a web page that could handle mouse events. My primary goal is to do some image processing like zooming and panning on an image displayed and redisplay it on the same page. But I don't really know how to approach this and at the same time interacting with Zope to retrieve relevent information from the database. I wasreading GUI with python coding but I don't know how toconnect itwith zope database. Is this method possible? Is thereany other methods I could look into? Relax. Yahoo! Mail virus scanning helps detect nasty viruses! ___Zope maillist - Zope@zope.orghttp://mail.zope.org/mailman/listinfo/zope** No cross posts or HTML encoding! **(Related lists - http://mail.zope.org/mailman/listinfo/zope-announcehttp://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] about zope and mouse event handling
On 2/10/06, Allen Huang [EMAIL PROTECTED] wrote: I want to make a web page that could handle mouse events. My primary goal is to do some image processing like zooming and panning on an image displayed and redisplay it on the same page. But I don't really know how to approach this and at the same time interacting with Zope to retrieve relevent information from the database. The method to do this is called Ajax, and is basically all about writing the user interface in javascript and talking to the web server with XML. http://en.wikipedia.org/wiki/AJAX I was reading GUI with python coding but I don't know how to connect it with zope database. Is this method possible? Yes, absolutely, but then you are no longer using a Web-browser. :-) But sure, that works fine too. -- Lennart Regebro, Nuxeo http://www.nuxeo.com/ CPS Content Management http://www.cps-project.org/ ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] about zope and mouse event handling
Allen Huang schrieb: I want to make a web page that could handle mouse events. My primary goal is to do some image processing like zooming and panning on an image displayed and redisplay it on the same page. But I don't really know how to approach this and at the same time interacting with Zope to retrieve relevent information from the database. If the only mouse event you like to know is left-button-click - then just use an HTML image-map. If not, you do the processing via Javascript in the client - zope and python has no business here. All you do is to trigger GET requests with parameters or URLs which are then handled in Zope. I was reading GUI with python coding but I don't know how to connect it with zope database. Is this method possible? Is there any other methods I could look into? This is not even remotely related - maybe if there is a chapter about image manipulation on the fly with PIL (python imaging lib) Zooming, panning can all be done but you need to get a deep understanding on HTTP, HTML, CSS and Javascript DOM. As well as to write a zope product which does the data preparation (e.g. tiling/resizing of the images) Regards Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Using ParsedXML from Python script
On 2/10/06, Sascha Welter [EMAIL PROTECTED] wrote: Is that the kind of thing you were looking for? Better than what I have now -- it might get me over the initial hump -- thanks. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: major problems placing authentication on an extranet site-security flaw?
Can we all stop with the public name-calling and personal insults? It's embarassing. -- Paul Winkler http://www.slinkp.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: major problems placing authentication on an extranet site-security flaw?
You liar! I couldn't resist :-) You seem so entertained. Bit of sport and all that.I've spoken to many people on various lists and can confirm the feeling about usability on the ZMI etc. You call them 'halfwits'. That puts you on rather high ground and this attitude is obviously part of the problem. How come Plone's interface is so useable and a delight to work with? How was that financed? who I have built sites for using Plone and on showing them the ZMI they have re-coiled in absolute horror. Sure it wasn't just your cack-handed coding? ;-) I haven't coded anything in the ZMI ! They shouldn't be going to the ZMI if you've done your job properly with the Plohn interface..Wrong. There are many things you still have to do through the ZMI. Like changing the banner graphic on the site if you want to. Basic things like that. Guessing? Yay, just what you need from someone you're paying to develop something... Just a figure of speech in trying to be diplomatic. I shouldn't have bothered to be honest. And as for the clients comment I'm not even going to go there. I have many highly satisfied clients. I hope you do as well but I doubt it with such an un-professional manner. Please don't post again or I will have to reply :-) haOn 2/10/06, Chris Withers [EMAIL PROTECTED] wrote:michael nt milne wrote: Well I said it was over and out but I have to respond to this latest post. You liar! Basically though, Zope permissions and security could be made a lot more usable.Cool, we look forward to your documented proposal to dev.zope.orgincluding implemented code on a branch with unit tests that satisfiesall of Zope's potential users while maintaining complete security in all scenarios and providing a ui so perfect that even muppets could use itand not shoot themselves in the foot. It's far too technically focused and this is the opinion of a few others as well. A few other halfwits maybe... The whole ZMI interface could be put through a usability re-design to be honestAh great, does that mean you're offering to finance this? and that's not even to comtemplate the security areas.I'm not sure you're qualified or capable of contemplating such areas ;-) I have a few clients,I pitty them, I really do... who I have built sites for using Plone and on showing them the ZMI they have re-coiled in absolute horror.Sure it wasn't just your cack-handed coding? ;-) Now obviously Plone is trying to bring more and more features within its own interface, which is good as it's more usable.Obiviously, it's why we all _love_ Plohn so _damn_ much *grinz* However many things still remain.Sadly, including you... Most of my clients are able to use the Plone editing tools and interfaces but can't at all get their heads round the ZMI.They shouldn't be going to the ZMI if you've done your job properly withthe Plohn interface... I would guess that changing interfaces doesn't help but there you go. Guessing? Yay, just what you need from someone you're paying to developsomething... Glad you feel entertained Norbert. I have been as well and at the same time have made quite a bit of progress. Cheers. Please god, leaves us alone...Chris--Simplistix - Content Management, Zope Python Consulting- http://www.simplistix.co.uk -- Michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: major problems placing authentication on an extranet site-security flaw?
I agree. I didn't start it and I find it un-professional. I came here with a genuine issue, have received some help which I thank people for and have made some legitimate points. I find the Zope and Plone lists are generally very good and an not interested in slanging matches. ThanksMichaelOn 2/10/06, Paul Winkler [EMAIL PROTECTED] wrote:Can we all stop with the public name-calling and personal insults? It's embarassing.--Paul Winklerhttp://www.slinkp.com___ Zope maillist-Zope@zope.org http://mail.zope.org/mailman/listinfo/zope** No cross posts or HTML encoding!** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )-- Michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Using ParsedXML from Python script
Hi Brian, unless it is mandatory for you to use ParsedXML for your XML needs, you might want to check out Uche Ogbuji's Amara Toolkit ( http://uche.ogbuji.net/tech/4suite/amara/ ). It provides a much more pythonic way of dealing with XML. Regards, Patrick. On 2/10/06, Brian Sullivan [EMAIL PROTECTED] wrote: On 2/10/06, Sascha Welter [EMAIL PROTECTED] wrote: Is that the kind of thing you were looking for? Better than what I have now -- it might get me over the initial hump -- thanks. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Using ParsedXML from Python script
On 2/10/06, Patrick Decat [EMAIL PROTECTED] wrote: Hi Brian, unless it is mandatory for you to use ParsedXML for your XML needs, you might want to check out Uche Ogbuji's Amara Toolkit ( http://uche.ogbuji.net/tech/4suite/amara/ ). It provides a much more pythonic way of dealing with XML. Well maybe more pythonic -- but seemingly not zopic? My Python use is in Zope. Or am I missing something? ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: major problems placing authentication on an extranet site-security flaw?
On 2/10/06, michael nt milne [EMAIL PROTECTED] wrote: I've spoken to many people on various lists and can confirm the feeling about usability on the ZMI etc. You call them 'halfwits'. That puts you on rather high ground and this attitude is obviously part of the problem. 1. By complaining about something that a lot of people do not find any problem with, YOU put yourself on a rather high ground compared to the people here who both created and use it. Suggestion: Don't complain about the software that you want help with, because it makes the people who wrote it pissed off. Quite simple, really. 2. I have myself held courses in how to use a CMS (EasyPublisher) where you did most everything through the ZMI for people with bother very little computer experience and a lot, and it was never a big usebility problem. That the ZMI has big useability problems is simply not true. You also claim that there are lot of people complainng that the ZMI has useability problems. Well, we are on all those mailing-lists, unless you have found some secret mailing lists for people who don't like Zope, so we know that there is in fact NOT a lot of complaints about this. When you claim that there are loads of people who say so, when there obviously isn't undermines your credbility and inclines people to not take you seriously. Suggestion: Don't make up facts and statements that is not true, don't invent people that doesn't exist. Don't say that X is generally accepted as a fact when it isn't. If you do that, people will call you a liar, and you don't want that. (Oh, and if you want an explanation about why a few people don't find the ZMI useable, it's because it's not pretty, don't have flash graphics and such. People often confuse prettyness with useability. ZMI is basic and well, ugly. It is however quite consistent and useable.) And the same goes for Zopes access control. It is in no way complicated or hard to understand. By starting early in the discussion with complaining about it, you just make people pissed off and get the discussion running away in the wrong direction. Don't do that. How come Plone's interface is so useable and a delight to work with? How was that financed? Because it's pretty? :-) -- Lennart Regebro, Nuxeo http://www.nuxeo.com/ CPS Content Management http://www.cps-project.org/ ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Using ParsedXML from Python script
I use it with Zope and Zope/CMF Content (Documents, Files, ExternalFiles) from a custom filesystem product. Regards, Patrick. On 2/10/06, Brian Sullivan [EMAIL PROTECTED] wrote: On 2/10/06, Patrick Decat [EMAIL PROTECTED] wrote: Hi Brian, unless it is mandatory for you to use ParsedXML for your XML needs, you might want to check out Uche Ogbuji's Amara Toolkit ( http://uche.ogbuji.net/tech/4suite/amara/ ). It provides a much more pythonic way of dealing with XML. Well maybe more pythonic -- but seemingly not zopic? My Python use is in Zope. Or am I missing something? ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] about zope and mouse event handling
Dear Lennart RegebroThanks for replying. If I use the pythonGUI, which you mention that it no longer use a brower, how would I use GUI to interact with zope database? How does the client end interact with the GUI? Lennart Regebro [EMAIL PROTECTED] wrote: On 2/10/06, Allen Huang <[EMAIL PROTECTED]>wrote: I want to make a web page that could handle mouse events. My primary goal is to do some image processing like zooming and panning on an image displayed and redisplay it on the same page. But I don't really know how to approach this and at the same time interacting with Zope to retrieve relevent information from the database.The method to do this is called "Ajax", and is basically all aboutwriting the user interface in _javascript_ an d talking to the web serverwith XML.http://en.wikipedia.org/wiki/AJAX I was reading GUI with python coding but I don't know how to connect it with zope database. Is this method possible?Yes, absolutely, but then you are no longer using a Web-browser. :-)But sure, that works fine too.--Lennart Regebro, Nuxeo http://www.nuxeo.com/CPS Content Management http://www.cps-project.org/ Yahoo! Mail Use Photomail to share photos without annoying attachments.___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: Transfer Data to New Zope Server
On Thu, Feb 09, 2006 at 07:01:15PM -0500, Tres Seaver wrote: 4. Finally, shut down Zope on the both boxes. Copy the 'Data.fs*' files from the 'var' subdirectory of the instance home on the old box to the equivalent 'var' directory on the new box. Start Zope on the new box, and verify that the instance looks OK If downtime is a problem, I'd do a trial run first, something like this: * On the old box, leave Zope running, and do: cp var/Data.fs TEST.fs (the TEST.fs name doesn't matter). * Copy TEST.fs to the new box, rename it Data.fs. * Start zope on the new box and verify that it looks OK. If not, the old one is still running while you figure out the problems. Once you have the new box working, *then* shut down Zope on the old box and re-copy the old Data.fs to the new box to be sure you get all data up to the moment of shutdown. 5. Now, start upgrading the various bits of software incrementally on the new box, beginning with Zope and Python, then the libraries, and finally the Products. Test the site after each upgrade. Yep. I'd suggest being cautious and emphasize the incremental part of that. I just added a stub page to zopewiki.org about upgrading old versions: http://zopewiki.org/Upgrading ... contributions welcome, of course. I vaguely recall having some pain when migrating from 2.6 to 2.7, I think due to security fixes and/or deprecations that broke some third-party code. Nothing major, I just had to install appropriate versions of the third-party stuff to fix it, and tweak some of my own code. For similar reasons, at my old job there are still boxes running Zope 2.7 that we had not had the time to upgrade to 2.8 or 2.9 because of third-party product issues. -- Paul Winkler http://www.slinkp.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: major problems placing authentication on an extranet site-security flaw?
On 2/10/06, michael nt milne [EMAIL PROTECTED] wrote: I agree. I didn't start it and I find it un-professional. I came here with a genuine issue, have received some help which I thank people for and have made some legitimate points. I find the Zope and Plone lists are generally very good and an not interested in slanging matches. Thanks Michael On 2/10/06, Paul Winkler [EMAIL PROTECTED] wrote: Can we all stop with the public name-calling and personal insults? It's embarassing. -- Paul Winkler http://www.slinkp.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) -- Michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) I've resisted the urge to weigh in on this conversation for far too long. Mr. Milne, Your original email to this list was presented in such a way that you guaranteed yourself a difficult time acquiring assistance for the following reasons: 1. It contained a tone indicating something along the lines of this is broken and you need to fix it because I'm complaining. 2. You made no indication that you had attempted to understand the existing framework. Most people cite or quote existing documentation, e.g. The zope book says X, but I am experiencing Y when attempting to sort out a problem. 3. You assume that because you are technically-capable in other realms, your experience with Zope and Plone must be the fault of Zope and Plone, and not the fault of your inexperience with the paradigm differences between the common Apache+RDBMS architectures and the object-oriented Zope/Plone architecture. Zope and Plone are both built by volunteers. Thousands of people worldwide pour their free-time efforts into making these products the best that they can be. Regardless of what you may think, the security framework in Zope and Plone was built in the way that it is FOR A REASON, and that reason is to make the Zope Application Server as powerful as possible in terms of security. If you would have read the Zope book, the Definitive Guide to Plone, or the Zope Developer's Guide, you would have found the following phrase: Security is hard. Despite the fact that your original email that started this confounded thread was an ignorant insult to the years of time and effort spent making Zope and Plone what they are, faithful patrons of the Zope mailing list attempted to help you. In response, you continued to insult Zope with cretinous comments like: I find the Zope security, permissions set-up hideously complex and unusable to be honest and it doesn't even seem to work. ...and... But ultimately my comments on usabiltity should be taken on board because Zope security is overly complex. ...and indicating your complete unwillingness to conform to simple requests from the people who are attempting to help you for free, in spite of your near-intolerable insults interspersed with vague information detailing what everyone has told you is what Zope *should* do with comments like the following: Sorry but this is not my experience and I have experimented. Am using gmail basic setting which I like. It is obvious to the people who have taken the time to understand how Zope's security works that the trouble you are experiencing has one source and one source alone - you don't know what you're doing. Read the documentation, go through the tutorials, and prove that you are able to understand what's happening, then attempt again to set up the security model that you are attempting. Furthermore (and I want you to read this carefully), you would do well to understand that Zope is built by volunteers. Insulting the work of such volunteers, and failing to respect the expertise of those people who caused Zope to be what it is by considering unexpected behaviors bugs that should be fixed just because you say so is a certain way to get hostile reactions. You are a dinner guest in the world of Zope, and you have come into our living room and told us that we should repaint the walls and remodel our kitchen because it doesn't work for you. The Zope community has made a robust product (regardless of your opinions to the contrary), and your behavior would have been much better-received if you would have kept your opinions about Zope's security (opinions founded in inexperience, I might add) to yourself and considered your own capability for making mistakes before pointing fingers at a worldwide community of software developers. The trouble that you are having with Zope's security is YOUR fault. The
Re: [Zope] Re: major problems placing authentication on an extranet site-security flaw?
I take the point that I approached this issue from the wrong standpoint and apologise for that. This was perhaps born out of a little frustration. I was never rude though. Also I feel that Plone has usabillity which sits above it's prettyness. It is a well designed interface graphically but also has very strong non graphical usability elements. On 2/10/06, Lennart Regebro [EMAIL PROTECTED] wrote: On 2/10/06, michael nt milne [EMAIL PROTECTED] wrote: I've spoken to many people on various lists and can confirm the feeling about usability on the ZMI etc. You call them 'halfwits'. That puts you on rather high ground and this attitude is obviously part of the problem.1. By complaining about something that a lot of people do not find anyproblem with, YOU put yourself on a rather high ground compared to the people here who both created and use it.Suggestion: Don't complain about the software that you want help with,because it makes the people who wrote it pissed off. Quite simple,really.2. I have myself held courses in how to use a CMS (EasyPublisher) where you did most everything through the ZMI for people with bothervery little computer experience and a lot, and it was never a bigusebility problem. That the ZMI has big useability problems is simplynot true. You also claim that there are lot of people complainng that the ZMI has useability problems. Well, we are on all thosemailing-lists, unless you have found some secret mailing lists forpeople who don't like Zope, so we know that there is in fact NOT a lotof complaints about this. When you claim that there are loads of people who say so, when thereobviously isn't undermines your credbility and inclines people to nottake you seriously.Suggestion: Don't make up facts and statements that is not true, don't invent people that doesn't exist. Don't say that X is generallyaccepted as a fact when it isn't. If you do that, people will call youa liar, and you don't want that.(Oh, and if you want an explanation about why a few people don't find the ZMI useable, it's because it's not pretty, don't have flashgraphics and such. People often confuse prettyness withuseability. ZMI is basic and well, ugly. It is however quite consistent and useable.)And the same goes for Zopes access control. It is in no waycomplicated or hard to understand. By starting early in the discussionwith complaining about it, you just make people pissed off and get the discussion running away in the wrong direction.Don't do that. How come Plone's interface is so useable and a delight to work with? How was that financed?Because it's pretty? :-)-- Lennart Regebro, Nuxeo http://www.nuxeo.com/CPS Content Management http://www.cps-project.org/ -- Michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: major problems placing authentication on an extranet site-security flaw?
Yes I've apologised for the initial tone which was the wrong way to begin and yes I agree I should have routed out more documentation. I've read Andy Mackay, Plone Live, printed out screeds of how tos, chapters of the Zope book, installed Zope on my Unix server etc so I do have a reasonable, if still not mature, take on the environment. I feel that 'leech' and 'cretinous' are perhaps slightly over the top to be honest though :-)Anyway, yes I feel we should over and out on this thread as it's not too entertaining now, even if it was before :-) Apologies to Zope if he's been offended.On 2/10/06, Floyd May [EMAIL PROTECTED] wrote: On 2/10/06, michael nt milne [EMAIL PROTECTED] wrote: I agree. I didn't start it and I find it un-professional. I came here with a genuine issue, have received some help which I thank people for and have made some legitimate points. I find the Zope and Plone lists are generally very good and an not interested in slanging matches. Thanks Michael On 2/10/06, Paul Winkler [EMAIL PROTECTED] wrote: Can we all stop with the public name-calling and personal insults? It's embarassing. -- Paul Winkler http://www.slinkp.com ___ Zope maillist-Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding!** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) --Michael ___ Zope maillist-Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding!** (Related lists -http://mail.zope.org/mailman/listinfo/zope-announcehttp://mail.zope.org/mailman/listinfo/zope-dev )I've resisted the urge to weigh in on this conversation for far too long.Mr. Milne,Your original email to this list was presented in such a way that youguaranteed yourself a difficult time acquiring assistance for the following reasons:1. It contained a tone indicating something along the lines of thisis broken and you need to fix it because I'm complaining.2. You made no indication that you had attempted to understand the existing framework.Most people cite or quote existing documentation,e.g. The zope book says X, but I am experiencing Y when attemptingto sort out a problem.3. You assume that because you are technically-capable in other realms, your experience with Zope and Plone must be the fault of Zopeand Plone, and not the fault of your inexperience with the paradigmdifferences between the common Apache+RDBMS architectures and theobject-oriented Zope/Plone architecture. Zope and Plone are both built by volunteers.Thousands of peopleworldwide pour their free-time efforts into making these products thebest that they can be.Regardless of what you may think, the security framework in Zope and Plone was built in the way that it is FOR AREASON, and that reason is to make the Zope Application Server aspowerful as possible in terms of security.If you would have read theZope book, the Definitive Guide to Plone, or the Zope Developer's Guide, you would have found the following phrase:Security is hard.Despite the fact that your original email that started this confoundedthread was an ignorant insult to the years of time and effort spent making Zope and Plone what they are, faithful patrons of the Zopemailing list attempted to help you.In response, you continued toinsult Zope with cretinous comments like:I find the Zope security, permissions set-up hideously complex and unusable to be honest and it doesn't even seem to workand...But ultimately mycomments on usabiltity should be takenon board because Zope security is overly complex. ...and indicating your complete unwillingness to conform to simplerequests from the people who are attempting to help you for free, inspite of your near-intolerable insults interspersed with vagueinformation detailing what everyone has told you is what Zope *should* do with comments like the following:Sorry but this is not my experience and I have experimented.Am using gmail basic setting which I like.It is obvious to the people who have taken the time to understand how Zope's security works that the trouble you are experiencing has onesource and one source alone - you don't know what you're doing.Readthe documentation, go through the tutorials, and prove that you areable to understand what's happening, then attempt again to set up the security model that you are attempting.Furthermore (and I want youto read this carefully), you would do well to understand that Zope isbuilt by volunteers.Insulting the work of such volunteers, andfailing to respect the expertise of those people who caused Zope to be what it is by considering unexpected behaviors bugs that should befixed just because you say so is a certain way to get hostilereactions.You are a dinner guest in the world of Zope, and you have come into our living room and told us that we should repaint the walls andremodel our
Re: [Zope] about zope and mouse event handling
On 2/10/06, Allen Huang [EMAIL PROTECTED] wrote: Dear Lennart Regebro Thanks for replying. If I use the python GUI, which you mention that it no longer use a brower, how would I use GUI to interact with zope database? That depends on what method you decide to use to interact. There are infinite options, from connecting directly to ZODB to using http some way. How does the client end interact with the GUI? Via mouse and keyboard, usually. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] about zope and mouse event handling
Dear LennartSorry... I'm still pretty new at this, I'm only worked with java templet.Is it possible for you to show me some example using GUI and ZODB together.. Some other guy replyed and said it couldn't be done.Lennart Regebro [EMAIL PROTECTED] wrote: On 2/10/06, Allen Huang <[EMAIL PROTECTED]>wrote: Dear Lennart Regebro Thanks for replying. If I use the python GUI, which you mention that it no longer use a brower, how would I use GUI to interact with zope database?That depends on what method you decide to use to interact. There areinfinite options, from connecting directly to ZODB to using http someway. How does the client end interact with the GUI?Via mouse and keyboard, usually. Yahoo! Mail Use Photomail to share photos without annoying attachments.___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: major problems placing authentication on an extranet site-security flaw?
Hi Michael, michael nt milne wrote: Also I feel that Plone has usabillity which sits above it's prettyness. It is a well designed interface graphically but also has very strong non graphical usability elements. You are correct - but you are not comparing like with like, as Plone is an /application/ and Zope is an /application server/. An analogous comparison might be between a car's dashboard and it's engine compartment - you would expect the dashboard to be designed for a human user above all, but the engine compartment - however logically laid out - is primarily functional and is always going to appear alien to the person who is more comfortable driving than using a spanner. Ultimately, Zope's ZMI user interface is designed for techies who want a minimal user interface which allows them to see the moving parts, not the kind of end-user oriented GUI that Plone sports. You've been given a bit of a hard time in this thread, and I think that some good points have been made, but I've seen your energetic but somewhat misdirected posting as more a symptom of youth and over-confidence than any great sin - you seem to be coping with the feedback, so you'll learn. However, I'd like to make the point that the counter-productive and gratuitous insults for which Chris is rightly famous are another thing entirely. He's a clever bloke and helpful, but he seems to enjoy being rude - which is a shame. FWIW, I think the best advice you've been given, albeit in the midst of quite a strong mail were Floyd's - the security framework in Zope and Plone was built in the way that it is FOR A REASON - both in terms of etiquette and in terms of what should be reasonable to assume, it is usually best to assume that the core of Zope and Plone /work/, and that if some part of them appears not to then it is more likely the nut behind the steering wheel that is responsible, as it were. ;-) Have a good weekend... -- Regards, PhilK Email: [EMAIL PROTECTED] PGP Public key: http://www.xfr.co.uk Voicemail Facsimile: 07092 070518 You'll find that one part's sweet and one part's tart: say where the sweetness and the sourness start. - Tony Harrison ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Research on collaborative navigation (z9)
Hi all, My name is André. I'm workingon aresearch prototype that tries to cluster web pages by tracking the interests of users (by recording the users' searches and accepted links) and relates that with an adaptive crawling mechanism. The address is http://andrers52.dyndns.org:8080/z9 The development is all being done in zope. I would like to invite everyone. Any comment is appreciated! Cheers! André ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] about zope and mouse event handling
On 2/10/06, Tino Wildenhain [EMAIL PROTECTED] wrote: ... maybe if there is a chapter about image manipulation on the fly with PIL (python imaging lib) I believe that Plone (or Plohn as it seems to be called by Zope people ;-) ) has some product(s) somewhere that make use of PIL. Here's a VERY brief page on it: http://plone.org/documentation/tutorial/richdocument/pil It's definitely possible to hook PIL into Zope, and it's been done in the past. You should be able to find some documentation or perhaps a product or two that uses it. -- Floyd May Senior Systems Analyst CTLN - CareerTech Learning Network [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] about zope and mouse event handling
Floyd May wrote: On 2/10/06, Tino Wildenhain [EMAIL PROTECTED] wrote: ... maybe if there is a chapter about image manipulation on the fly with PIL (python imaging lib) I believe that Plone (or Plohn as it seems to be called by Zope people ;-) ) If by Zope people you mean Chris Withers. --jcc -- Building Websites with Plone http://plonebook.packtpub.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: major problems placing authentication on an extranet site-security flaw?
michael nt milne wrote: Well I said it was over and out but I have to respond to this latest post. I appreciate the help here and will be trying out some of the suggestions. Basically though, Zope permissions and security could be made a lot more usable. It's far too technically focused and this is the opinion of a few others as well. The whole ZMI interface could be put through a usability re-design to be honest and that's not even to comtemplate the security areas. The ZMI is well known to be geeky. For developers, by developers might be its motto. If you have some concrete suggestions, by all means put them forth. Patches are even better. Anyway, ACLs are ACLs. And if you don't know what you're doing, you can get into trouble real fast. Ever tried managing file security on a Windows machine with ACLs? CMF (this includes Plone) provides a way to manage this complexity: workflow states. Each workflow has a set of permissions it manages, and a setting of these for each state. This is much more easily comprehended than infinite fiddling with the ZMI Security tab. Also, as I recall, there was a private plone site howto on plone.org; dunno what happened to it. --jcc -- Building Websites with Plone http://plonebook.packtpub.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] about zope and mouse event handling
Floyd May schrieb: On 2/10/06, Tino Wildenhain [EMAIL PROTECTED] wrote: ... maybe if there is a chapter about image manipulation on the fly with PIL (python imaging lib) I believe that Plone (or Plohn as it seems to be called by Zope people ;-) ) has some product(s) somewhere that make use of PIL. Here's a VERY brief page on it: http://plone.org/documentation/tutorial/richdocument/pil It's definitely possible to hook PIL into Zope, and it's been done in the past. You should be able to find some documentation or perhaps a product or two that uses it. I never said it would not be possible (I'm using PIL for some projects) but I'm a bit uncertain if the OP will be capable of doing it in a short time given the horizont of his question. I home though, hinting on the possible solution path should give him a perspective to dig into the right documentations. Regards Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: major problems placing authentication on an extranet site-security flaw?
In the very beginning of my Zope career, I once shot myself in the foot with a very stupid thing... I kept it to myself then but if we are talking about Zope security settings and usability of the ZMI at the same time, perhaps it is an ideal place to raise this issue. If you use the famous manage_access page with all the checkboxes to set permissions on an object, it then calls manage_changePermissions to using POST method to apply your settings. The result is that http://your_object_url/manage_changePermissions (without any parameters) stays in your browser visited url history. Now imagine what happens if you click this url by mistake being logged as someone with Change permissions permission. I guess changing the form method to GET is not going to be liked by browsers that put additional restrictions on URL length. So I would propose to introduce a basic request sanity check in the manage_changePermissions itself. I cannot think of any use for resetting all permissions and acquisition for everyone, so the easiest way to do that is to simply check that at least something exists in the form: ... def manage_changePermissions(self, REQUEST): Change all permissions settings, called by management screen. if len(REQUEST.form)2: raise ... self._isBeingUsedAsAMethod(REQUEST, 0) valid_roles=self.valid_roles() indexes=range(len(valid_roles)) have=REQUEST.has_key permissions=self.ac_inherited_permissions(1) fails = [] ... or something like that. J Cameron Cooper wrote: michael nt milne wrote: Well I said it was over and out but I have to respond to this latest post. I appreciate the help here and will be trying out some of the suggestions. Basically though, Zope permissions and security could be made a lot more usable. It's far too technically focused and this is the opinion of a few others as well. The whole ZMI interface could be put through a usability re-design to be honest and that's not even to comtemplate the security areas. The ZMI is well known to be geeky. For developers, by developers might be its motto. If you have some concrete suggestions, by all means put them forth. Patches are even better. Anyway, ACLs are ACLs. And if you don't know what you're doing, you can get into trouble real fast. Ever tried managing file security on a Windows machine with ACLs? CMF (this includes Plone) provides a way to manage this complexity: workflow states. Each workflow has a set of permissions it manages, and a setting of these for each state. This is much more easily comprehended than infinite fiddling with the ZMI Security tab. Also, as I recall, there was a private plone site howto on plone.org; dunno what happened to it. --jcc ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] zope 3 and web services
Title: zope 3 and web services Is there any recent documentation available for soap and web services in general using python 2.4.2 and zope 3 thanks ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] restricting permissions for direct access only
Hi, I am new to Zope, and so far I like it very much. But I think I am confused about how security works, or is supposed to work. Specifically I want to know the following. Is there a way in Zope to restrict permissions for direct access only (i.e. calling an object through the web) but still allow indirect access (i.e. executing an object that was called by another object that was called through the web)? I have many Zope scripts but most of them are only auxiliary functions; only a few are designed to be accessed by a user through a URL. I don't want users to be able to call my auxiliary scripts directly, only the ones that are designed to be published. But changing the security settings on the auxiliary scripts (e.g. removing View access from Anonymous role) prevents anonymous users from executing them even indirectly, so the public objects which depend on those auxiliary methods also stop working. Feel free to tell me that I am misunderstanding the way security works, or is supposed to work, in Zope, or that if this is something I need to do I am designing my site incorrectly from the point of view of Zope security (and if so, what is the correct way to design it?). Thanks!! Mike ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
