[Zope-dev] ZModules - A loaded gun
i wrote up an interface to allow for module registration in the dtml namespace, _ its got major caveats, but it might be useful for some. at the moments its just a stop gap till the new python methods come along. at the moment if just allows for people to write more code in dtml:( or ttw python methods. it might be useful to allow ttw developers access to some modules without allowing them use of XXXpython_methods since the configuration file that defines the imported modules resides on the FS. an example use and the response +OK EarthLink POP server (version: EL_3_10 ) at pop04.earthlink.net. <[EMAIL PROTECTED]> +OK Password required for kthangavelu. +OK kthangavelu has 0 messages (0 octets). (0, 0) personally i thinks it better to just pass the module off to a python method and let it do the work. real coding in dtml is heinous, maybe even a crime against humanity. how it works. it reads a module configuration from the FS. fmt is currently module_name: class_name, class_name it tries to import the module and than place the module in the namespace dict. - usual python discovery rules apply (python_path, curdir) it sets the magic key __allow__access_to_unprotected_subobjects=1 on all imported modules. it allows you to define classes in modules those you want to interact with. defining those classes allows you to interact meaningfully with instances otherwise zope's security policy will bump you because the container doesn't define proper permissions or the magic key. caveats: it hasn't had much testing, i did it as proof of concept and because i had an itch. you can't accces any attributes of any object that doesn't define __allow__access_to_unprotected_subobjects=1 an example where this is a pain, are getting filehandles back from libraries, like urllib.urlopen (note. urllib is not ts). BE VERY VERY WARY OF THREAD SAFETY ISSUES it might be very much like holding a loaded gun to your server;) possible improvements: allow for nested modules & classes ? if people think this is useful enough, i'll package it up as a product. installation. create a directory in your products folder (mines called ZModules) drop in the attached file. write a configuration file restart zope sample config file. poplib:POP3 mimetypes Cheers Kapil # DISTRIBUTED UNDER THE ZPL # Author [EMAIL PROTECTED] # made for zope, www.zope.org import App import App.Common import Globals import os from DocumentTemplate import DT_Util from DocumentTemplate.DT_Util import d from string import strip,split,replace config_path=os.path.join(App.Common.package_home(globals()), 'zmodules.config') fh = open(config_path) modules_list=fh.readlines() #print 'read config file' counter = 0 for module in modules_list: module = strip(module) module = replace(module, '\012', '') if len(module) <= 1: continue module_config = split(module, ':') if len(module_config) > 1: classes = split(module_config[1], ',') else : classes = [] module = strip(module_config[0]) module_name = module[:] try: exec('import %s'%(module)) except: continue loaded_mod = eval(module) s_classes = classes[:] for class_name in classes: class_name=strip(class_name) if len(class_name) == 0: continue try: getattr(loaded_mod, class_name).__allow_access_to_unprotected_subobjects__=1 except: s_classes.pop(s.index(s_classes)) d[module_name] = loaded_mod loaded_mod.__allow_access_to_unprotected_subobjects__=1 print 'success: loaded module %s and classes %s'%(module_name, s_classes)
[Zope-dev] ZClass + ZSQLmethods bug in 2.2.2?
Hi, I've seen lots of ZSQLmethods patches and such and tried a few of them under 2.1.6, but thought upgrading to 2.2.2 would fix this problem. It didn't. Basically: 1. Create a ZClass 2. Inside create a DTML method and ZSQLmethod 3. from the dtml method call the ZSQLmethod 4. do a 5. get a Unauthorized error no matter what the access privileges are set to This is with the "MySQLda". Is there a newer MySQLda somewhere that fixes this? Or some patch (that works with 2.2.2???)?! Running 2.2.2 from source... now with less hair... Sincerely, Alex. Zope Error Zope has encountered an error while publishing this resource. Unauthorized You are not authorized to access sqlGetValue. Traceback (innermost last): File /Zope-2.2.2/lib/python/ZPublisher/Publish.py, line 222, in publish_module File /Zope-2.2.2/lib/python/ZPublisher/Publish.py, line 187, in publish File /Zope-2.2.2/lib/python/ZPublisher/Publish.py, line 171, in publish File /Zope-2.2.2/lib/python/ZPublisher/mapply.py, line 160, in mapply (Object: testmeth) File /Zope-2.2.2/lib/python/ZPublisher/Publish.py, line 112, in call_object (Object: testmeth) File /Zope-2.2.2/lib/python/OFS/DTMLMethod.py, line 172, in __call__ (Object: testmeth) File /Zope-2.2.2/lib/python/DocumentTemplate/DT_String.py, line 528, in __call__ (Object: testmeth) File /Zope-2.2.2/lib/python/DocumentTemplate/DT_With.py, line 146, in render (Object: testcrp) File /Zope-2.2.2/lib/python/OFS/DTMLMethod.py, line 168, in __call__ (Object: craptest) File /Zope-2.2.2/lib/python/DocumentTemplate/DT_String.py, line 528, in __call__ (Object: craptest) File /Zope-2.2.2/lib/python/DocumentTemplate/DT_In.py, line 633, in renderwob (Object: sqlGetValue(tableId='Artist',columnId='Name',keyId='3f69016017c39d5da0a1d60d0a98dbed55d46414')) File /Zope-2.2.2/lib/python/DocumentTemplate/DT_Util.py, line 331, in eval (Object: sqlGetValue(tableId='Artist',columnId='Name',keyId='3f69016017c39d5da0a1d60d0a98dbed55d46414')) (Info: sqlGetValue) File /Zope-2.2.2/lib/python/OFS/DTMLMethod.py, line 194, in validate (Object: testmeth) File /Zope-2.2.2/lib/python/AccessControl/SecurityManager.py, line 139, in validate File /Zope-2.2.2/lib/python/AccessControl/ZopeSecurityPolicy.py, line 209, in validate Unauthorized: (see above) 1010011010101001101010100110101010011010 0 Digital Garage$B!!%G%8%?%khttp://www.zope.ne.jp/ http://www.garage.co.jp ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] ZCatalog with UTF-8 Chinese
Dear Developer: Trying to short-cut UNTEXTINDEX to handle UTF-8 Chinese, I need some help. After reading some code of query, I think the regular expression operations which in parse, quotes and parse2 were not safe for utf8 string. So, I decide to emulate what they do. However, I do not understand what getlexicon is doing and I would like to learn what q should looks like before it is passed to evaluate. I do not understand that vocabulary seems to store like integer, is getlexicon a step to look up the string to convert them to integer? I am getting lost. Could some experienced developer help me out of these? Rgs, Kent Sin - kentsin.weblogs.com kentsin.imeme.net def query(self, s, default_operator = Or, ws = (string.whitespace,)): """ This is called by TextIndexes. A 'query term' which is a string 's' is passed in, along with an index object. s is parsed, then the wildcards are parsed, then something is parsed again, then the whole thing is 'evaluated' """ # First replace any occurences of " and not " with " andnot " s = ts_regex.gsub('[%s]+and[%s]*not[%s]+' % (ws * 3), ' andnot ', s) # do some parsing q = parse(s) ## here, we give lexicons a chance to transform the query. ## For example, substitute wildcards, or translate words into ## various languages. q = self.getLexicon(self._lexicon).query_hook(q) # do some more parsing q = parse2(q, default_operator) ## evalute the final 'expression' return self.evaluate(q) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] structure text
I asked, some time ago, why the StructuredText.py did not work with the example provided in the triple quotes but my email has been patchy. Did anybody reply as to why the :: does not work all the time? Nigel --== Sent via Deja.com http://www.deja.com/ ==-- Before you buy. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Soft links again
Toby Dickenson wrote: > > On Wed, 27 Sep 2000 09:06:18 -0400, Shane Hathaway > <[EMAIL PROTECTED]> wrote: > > > Also, there's currently a buglet in > >acquisition that makes it so that you can only perform the actions on > >the symlink which "anonymous" is allowed to do. > > Woooh! Someone else that agrees this is a bug in Acquisition. > > Full report and patch at > http://classic.zope.org:8080/Collector/1066/view Not only are you 100% correct, but we were planning to do the same thing! You were several steps ahead of us. The patch works perfectly, although I added a couple of comments. Sorry the patch didn't get applied sooner. Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Soft links again
On Wed, 27 Sep 2000 09:06:18 -0400, Shane Hathaway <[EMAIL PROTECTED]> wrote: > Also, there's currently a buglet in >acquisition that makes it so that you can only perform the actions on >the symlink which "anonymous" is allowed to do. Woooh! Someone else that agrees this is a bug in Acquisition. Full report and patch at http://classic.zope.org:8080/Collector/1066/view Toby Dickenson [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Soft links again
Okay, I've posted a proof of concept. Please keep in mind that this could be dangerous in terms of security, although I've done a couple of things to make it safer. Also, there's currently a buglet in acquisition that makes it so that you can only perform the actions on the symlink which "anonymous" is allowed to do. http://www.zope.org/Members/hathawsh/Symlink/index_html Shane Andre Schubert wrote: > > Hi, > > i have read the two messages about Soft Link, and i tried to work with it, > because it it very important for my Product. > The problem is that the Soft Link class won't work and i don't know why. > I use zope 2.2.2 and python 1.5.2. > root: > -myproductfolder > -SoftLink to testdtmldoc > -testfolder > -testdtmldoc > > In myproduct i have the following function, the class SoftLink is the same > as of Shane Hathaway. > I wan't to add a SoftLink in myproductfolder which links to testdtmldoc. > When i call the function manage_addSoftLink nothing happens?? > > def manage_addSoftLink(self, REQUEST=None): > . > obj=SoftLink('Test/link') > self._setObject('TestSoftLink',obj) > > Whats going wrong, or did i missunderstand something? > Who can help? > > as > > Shane Hathaway schrieb: > > > [cut] > > Try this. I failed to account for the fact that sometimes the object is > > not in context and therefore the linked object will not be found. > > > >def __of__(self, parent): > > try: > > ob = self.restrictedTraverse(self.path) > > except: > > # We're not in context or the object was not found. Default to > > self. > > return self > > else: > > return getattr(ob, 'aq_base', ob).__of__(parent) > > > > Keep in mind, though, that there are all kinds of security > > implications. Someone will have to think hard about security before > > this is viable. > > > > OTOH perhaps it's really simple. Try this as the last line instead: > > > > return getattr(ob, 'aq_inner', ob).__of__(parent) > > > > This way, the security context might be retained. If it doesn't work, > > try changing the last line to: > > > > return ob.__of__(parent) > > > > Shane > > > > ___ > > Zope-Dev maillist - [EMAIL PROTECTED] > > http://lists.zope.org/mailman/listinfo/zope-dev > > ** No cross posts or HTML encoding! ** > > (Related lists - > > http://lists.zope.org/mailman/listinfo/zope-announce > > http://lists.zope.org/mailman/listinfo/zope ) > > ___ > Zope-Dev maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] bouncing e-mail
Hi, Has somebody noticed some problems with my e-mail? It looks like my account was turned of at zope-dev. Since I didn't do it, it must be an automatic thing. So my q'n had someone of you problems with my e-mail? Tom. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] more __call__ ...
Jim Fulton wrote: > > http://a.site/folder/object/myobject > > > > myobject contains > > standard_html_header contains > > Is myobject a DTMLMethod? Some kind of container? Sorry... a good example for myobject would be a DTML Document. > I don't see how it can contain a var tag if it's not > DTML. If it is DTML, I don't see where mynavigator > fits in. It is DTML, containing the line standard_html_header is a DTML Method containing mynavigator is an object of meta_type 'Navigator' and it's the __call__ method of the Navigator product that I'm having trouble writing :-S > > > > So, if I give my product a class attribute of isDocTemp=1, what > > > > signature should I give my product's __call__ method so it picks up the > > > > DTML namespace? > > > > > > def __call__(self, ignored, md): ... This, of coruse, begs the question as to what 'ignored' is, but I probably don't want to know ;-) > No: self.nav_header(None, md) ok.. > > In any case, what is self in __call__(self, ...) and what should it be > > in nav_header(self, ...)? > > Python method signatures always begin with an argument that is the instance > to which they are bound. Okay, so in the __call__ case, self will be the mynavigator object? Anyway, the isDocTemp thing seems to be getting somewhere. md is a TemplateDict, and that's a stack of InstanceDict's, right? Now, from what I've seen from playing, the object I've been looking for all along is the one whose InstanceDict is on the top of the md stack. So, two questions: 1. How can I get the top most InstanceDict out of md? is _pop the only way? If so, I would guess I do: x = md._pop(1) md._push(x) to get the InstanceDict without disturting the namespace stack? 2. How would I turn the InstanceDict, x, back into an object? From reading pDocumentTemplate.py, I would guess: obj = x.self Is that right? well, thanks for all the help, I _think_ the end is in sight now ;-) cheers, Chris PS: Once I've got that object, can I still use aq_chain(obj,1) to get the list of obj and its containing parents? (In essence, the PARENTS'y type thing I've been looking for all along ;-) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Soft links again
Hi, i have read the two messages about Soft Link, and i tried to work with it, because it it very important for my Product. The problem is that the Soft Link class won't work and i don't know why. I use zope 2.2.2 and python 1.5.2. root: -myproductfolder -SoftLink to testdtmldoc -testfolder -testdtmldoc In myproduct i have the following function, the class SoftLink is the same as of Shane Hathaway. I wan't to add a SoftLink in myproductfolder which links to testdtmldoc. When i call the function manage_addSoftLink nothing happens?? def manage_addSoftLink(self, REQUEST=None): . obj=SoftLink('Test/link') self._setObject('TestSoftLink',obj) Whats going wrong, or did i missunderstand something? Who can help? as Shane Hathaway schrieb: > [cut] > Try this. I failed to account for the fact that sometimes the object is > not in context and therefore the linked object will not be found. > >def __of__(self, parent): > try: > ob = self.restrictedTraverse(self.path) > except: > # We're not in context or the object was not found. Default to > self. > return self > else: > return getattr(ob, 'aq_base', ob).__of__(parent) > > Keep in mind, though, that there are all kinds of security > implications. Someone will have to think hard about security before > this is viable. > > OTOH perhaps it's really simple. Try this as the last line instead: > > return getattr(ob, 'aq_inner', ob).__of__(parent) > > This way, the security context might be retained. If it doesn't work, > try changing the last line to: > > return ob.__of__(parent) > > Shane > > ___ > Zope-Dev maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Zope Error message
Andy McKay wrote: > > So now I need to change it so most normal errors (such as 404) are handled > by standard_error_message. I'm pretty sure 404s are handled by standard_error_message already. Authentication Errors aren't! :-( > So I went to HTTPResponse.py and found this: > > def _error_html(self,title,body): > # XXX could this try to use standard_error_message somehow? > > I gather someone smarter than me has tried this before. Before waste a day > going down this path, does anyone have any advice? There should be a collector issue on this somewhere. Apparently it is possible for _all_ errors to be handled by standard_error_message. Sadly, some are still hardcoded to use the internal one, Authentication being a good example. Some coding needs to be done by someone who understands the intricacies. I wonder if there are any plans at DC or if this one has been shelved? cheers, Chris PS: This would be very nice for the PTK: Give people a nice screen saying 'we can mail your password to you' if they get it wrong, rather than barfing the standard "Zope Error" message... ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )