[Zope-dev] ZModules - A loaded gun

[Kapil Thangavelu]

i wrote up an interface to allow for module registration in the dtml
namespace, _

its got major caveats, but it might be useful for some.

at the moments its just a stop gap till the new python methods come
along. at the moment if just allows for people to write more code in
dtml:( or ttw python methods.

it might be useful to allow ttw developers access to some modules
without allowing them use of XXXpython_methods since the configuration
file that defines the imported modules resides on the FS.

an example use








and the response

+OK EarthLink POP server (version: EL_3_10 ) at pop04.earthlink.net. 
<[EMAIL PROTECTED]>
+OK Password required for kthangavelu.
+OK kthangavelu has 0 messages (0 octets).
(0, 0)

personally i thinks it better to just pass the module off to a python
method
and let it do the work. real coding in dtml is heinous, maybe even a
crime against humanity.

how it works.

it reads a module configuration from the FS. fmt is currently

module_name: class_name, class_name


it tries to import the module and than place the module in the namespace
dict.
- usual python discovery rules apply (python_path, curdir)

it sets the magic key __allow__access_to_unprotected_subobjects=1 on all
imported modules.

it allows you to define classes in modules those you want to interact
with. defining those classes allows you to interact meaningfully with
instances otherwise zope's security policy will bump you because the
container doesn't define proper permissions or the magic key.

caveats:

it hasn't had much testing, i did it as proof of concept and because i
had an itch.

you can't accces any attributes of any object that doesn't define
__allow__access_to_unprotected_subobjects=1

an example where this is a pain, are getting filehandles back from
libraries,
like urllib.urlopen (note. urllib is not ts).

BE VERY VERY WARY OF THREAD SAFETY ISSUES

it might be very much like holding a loaded gun to your server;)

possible improvements:
allow for nested modules & classes
?


if people think this is useful enough, i'll package it up as a product.

installation.

create a directory in your products folder (mines called ZModules)

drop in the attached file.

write a configuration file 

restart zope

sample config file.

poplib:POP3
mimetypes


Cheers

Kapil

# DISTRIBUTED UNDER THE ZPL 
# Author [EMAIL PROTECTED]
# made for zope, www.zope.org

import App
import App.Common
import Globals
import os
from DocumentTemplate import DT_Util
from DocumentTemplate.DT_Util import d
from string import strip,split,replace

config_path=os.path.join(App.Common.package_home(globals()), 'zmodules.config')
 
fh = open(config_path)
modules_list=fh.readlines()

#print 'read config file'

counter = 0

for module in modules_list:
module = strip(module)
module = replace(module, '\012', '')
if len(module) <= 1:
continue

module_config = split(module, ':')

if len(module_config) > 1:
classes = split(module_config[1], ',')
else : classes = []

module = strip(module_config[0])
module_name = module[:]

try:
exec('import %s'%(module))
except:
continue

loaded_mod = eval(module)

s_classes = classes[:]
for class_name in classes:
class_name=strip(class_name)
if len(class_name) == 0: continue
try:
getattr(loaded_mod, 
class_name).__allow_access_to_unprotected_subobjects__=1
except:
s_classes.pop(s.index(s_classes))

d[module_name] = loaded_mod

loaded_mod.__allow_access_to_unprotected_subobjects__=1

print 'success: loaded module %s and classes %s'%(module_name, s_classes)

[Zope-dev] ZClass + ZSQLmethods bug in 2.2.2?

[Alexander Schonfeld]

Hi,

I've seen lots of ZSQLmethods patches and such and tried a few of them
under 2.1.6, but thought upgrading to 2.2.2 would fix this problem.  It
didn't.

Basically:
1. Create a ZClass
2. Inside create a DTML method and ZSQLmethod
3. from the dtml method call the ZSQLmethod
4. do a  

5. get a Unauthorized error no matter what the access privileges
are set to

This is with the "MySQLda".  Is there a newer MySQLda somewhere that
fixes this?  Or some patch (that works with 2.2.2???)?!

Running 2.2.2 from source... now with less hair...
Sincerely,

Alex.


Zope Error
Zope has encountered an error while publishing this resource. 

Unauthorized

You are not authorized to access sqlGetValue. 
Traceback (innermost last):
  File /Zope-2.2.2/lib/python/ZPublisher/Publish.py, line 222, in
publish_module
  File /Zope-2.2.2/lib/python/ZPublisher/Publish.py, line 187, in
publish
  File /Zope-2.2.2/lib/python/ZPublisher/Publish.py, line 171, in publish
  File /Zope-2.2.2/lib/python/ZPublisher/mapply.py, line 160, in mapply
(Object: testmeth)
  File /Zope-2.2.2/lib/python/ZPublisher/Publish.py, line 112, in call_object
(Object: testmeth)
  File /Zope-2.2.2/lib/python/OFS/DTMLMethod.py, line 172, in __call__
(Object: testmeth)
  File /Zope-2.2.2/lib/python/DocumentTemplate/DT_String.py, line 528, in __call__
(Object: testmeth)
  File /Zope-2.2.2/lib/python/DocumentTemplate/DT_With.py, line 146, in render
(Object: testcrp)
  File /Zope-2.2.2/lib/python/OFS/DTMLMethod.py, line 168, in __call__
(Object: craptest)
  File /Zope-2.2.2/lib/python/DocumentTemplate/DT_String.py, line 528, in __call__
(Object: craptest)
  File /Zope-2.2.2/lib/python/DocumentTemplate/DT_In.py, line 633, in renderwob
(Object: 
sqlGetValue(tableId='Artist',columnId='Name',keyId='3f69016017c39d5da0a1d60d0a98dbed55d46414'))
  File /Zope-2.2.2/lib/python/DocumentTemplate/DT_Util.py, line 331, in eval
(Object: 
sqlGetValue(tableId='Artist',columnId='Name',keyId='3f69016017c39d5da0a1d60d0a98dbed55d46414'))
(Info: sqlGetValue)
  File /Zope-2.2.2/lib/python/OFS/DTMLMethod.py, line 194, in validate
(Object: testmeth)
  File /Zope-2.2.2/lib/python/AccessControl/SecurityManager.py, line 139, in validate
  File /Zope-2.2.2/lib/python/AccessControl/ZopeSecurityPolicy.py, line 209, in 
validate
Unauthorized: (see above)

 
1010011010101001101010100110101010011010
0  Digital Garage$B!!%G%8%?%khttp://www.zope.ne.jp/ http://www.garage.co.jp



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] ZCatalog with UTF-8 Chinese

[Sin Hang Kin]

Dear Developer:

Trying to short-cut UNTEXTINDEX to handle UTF-8 Chinese, I need some help.

After reading some code of query, I think the regular expression operations
which in parse, quotes and parse2 were not safe for utf8 string. So, I
decide to emulate what they do. However, I do not understand what getlexicon
is doing and I would like to learn what  q should looks like before it is
passed to evaluate. I do not understand that vocabulary seems to store like
integer, is getlexicon a step to look up the string to convert them to
integer? I am getting lost.

Could some experienced developer help me out of these?

Rgs,

Kent Sin
-
kentsin.weblogs.com
kentsin.imeme.net


def query(self, s, default_operator = Or, ws = (string.whitespace,)):

"""

This is called by TextIndexes. A 'query term' which is a string

's' is passed in, along with an index object. s is parsed, then

the wildcards are parsed, then something is parsed again, then the

whole thing is 'evaluated'

"""

# First replace any occurences of " and not " with " andnot "

s = ts_regex.gsub('[%s]+and[%s]*not[%s]+' % (ws * 3), ' andnot ', s)

# do some parsing

q = parse(s)

## here, we give lexicons a chance to transform the query.

## For example, substitute wildcards, or translate words into

## various languages.

q = self.getLexicon(self._lexicon).query_hook(q)

# do some more parsing

q = parse2(q, default_operator)

## evalute the final 'expression'

return self.evaluate(q)





___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] structure text

[nw_moriarty us]

I asked, some time ago, why the StructuredText.py did not work with the example 
provided in the triple quotes but my email has been patchy.  Did anybody reply as to 
why the :: does not work all the time?

Nigel




--== Sent via Deja.com http://www.deja.com/ ==--
Before you buy.



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Soft links again

[Shane Hathaway]

Toby Dickenson wrote:
> 
> On Wed, 27 Sep 2000 09:06:18 -0400, Shane Hathaway
> <[EMAIL PROTECTED]> wrote:
> 
> > Also, there's currently a buglet in
> >acquisition that makes it so that you can only perform the actions on
> >the symlink which "anonymous" is allowed to do.
> 
> Woooh! Someone else that agrees this is a bug in Acquisition.
> 
> Full report and patch at
> http://classic.zope.org:8080/Collector/1066/view

Not only are you 100% correct, but we were planning to do the same
thing!  You were several steps ahead of us.

The patch works perfectly, although I added a couple of comments.

Sorry the patch didn't get applied sooner.

Shane

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Soft links again

[Toby Dickenson]

On Wed, 27 Sep 2000 09:06:18 -0400, Shane Hathaway
<[EMAIL PROTECTED]> wrote:

> Also, there's currently a buglet in
>acquisition that makes it so that you can only perform the actions on
>the symlink which "anonymous" is allowed to do.


Woooh! Someone else that agrees this is a bug in Acquisition.

Full report and patch at
http://classic.zope.org:8080/Collector/1066/view

Toby Dickenson
[EMAIL PROTECTED]

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Soft links again

[Shane Hathaway]

Okay, I've posted a proof of concept.  Please keep in mind that this
could be dangerous in terms of security, although I've done a couple of
things to make it safer.  Also, there's currently a buglet in
acquisition that makes it so that you can only perform the actions on
the symlink which "anonymous" is allowed to do.

http://www.zope.org/Members/hathawsh/Symlink/index_html

Shane

Andre Schubert wrote:
> 
> Hi,
> 
> i have read the two messages about Soft Link, and i tried to work with it,
> because it it very important for my Product.
> The problem is that the Soft Link class won't work and i don't know why.
> I use zope 2.2.2 and python 1.5.2.
> root:
> -myproductfolder
> -SoftLink to testdtmldoc
> -testfolder
> -testdtmldoc
> 
> In myproduct i have the following function, the class SoftLink is the same
> as of Shane Hathaway.
> I wan't to add a SoftLink in myproductfolder which links to testdtmldoc.
> When i call the function manage_addSoftLink nothing happens??
> 
> def manage_addSoftLink(self, REQUEST=None):
> .
> obj=SoftLink('Test/link')
> self._setObject('TestSoftLink',obj)
> 
> Whats going wrong, or did i missunderstand something?
> Who can help?
> 
> as
> 
> Shane Hathaway schrieb:
> 
> > [cut]
> > Try this.  I failed to account for the fact that sometimes the object is
> > not in context and therefore the linked object will not be found.
> >
> >def __of__(self, parent):
> >   try:
> > ob = self.restrictedTraverse(self.path)
> >   except:
> > # We're not in context or the object was not found.  Default to
> > self.
> > return self
> >   else:
> > return getattr(ob, 'aq_base', ob).__of__(parent)
> >
> > Keep in mind, though, that there are all kinds of security
> > implications.  Someone will have to think hard about security before
> > this is viable.
> >
> > OTOH perhaps it's really simple.  Try this as the last line instead:
> >
> > return getattr(ob, 'aq_inner', ob).__of__(parent)
> >
> > This way, the security context might be retained.  If it doesn't work,
> > try changing the last line to:
> >
> > return ob.__of__(parent)
> >
> > Shane
> >
> > ___
> > Zope-Dev maillist  -  [EMAIL PROTECTED]
> > http://lists.zope.org/mailman/listinfo/zope-dev
> > **  No cross posts or HTML encoding!  **
> > (Related lists -
> >  http://lists.zope.org/mailman/listinfo/zope-announce
> >  http://lists.zope.org/mailman/listinfo/zope )
> 
> ___
> Zope-Dev maillist  -  [EMAIL PROTECTED]
> http://lists.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope )

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] bouncing e-mail

[Tom Deprez]

Hi,

Has somebody noticed some problems with my e-mail? It looks like my account
was turned of at zope-dev. Since I didn't do it, it must be an automatic
thing. So my q'n had someone of you problems with my e-mail?

Tom.

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] more __call__ ...

[Chris Withers]

Jim Fulton wrote:
> > http://a.site/folder/object/myobject
> >
> > myobject contains 
> > standard_html_header contains 
> 
> Is myobject a DTMLMethod? Some kind of container?

Sorry... a good example for myobject would be a DTML Document.

> I don't see how it can contain a var tag if it's not
> DTML.  If it is DTML, I don't see where mynavigator
> fits in.

It is DTML, containing the line 
standard_html_header is a DTML Method containing 
mynavigator is an object of meta_type 'Navigator' and it's the __call__
method of the Navigator product that I'm having trouble writing :-S

> > > > So, if I give my product a class attribute of isDocTemp=1, what
> > > > signature should I give my product's __call__ method so it picks up the
> > > > DTML namespace?
> > >
> > >   def __call__(self, ignored, md): ...

This, of coruse, begs the question as to what 'ignored' is, but I
probably don't want to know ;-)

> No: self.nav_header(None, md)

ok..

> > In any case, what is self in __call__(self, ...) and what should it be
> > in nav_header(self, ...)?
> 
> Python method signatures always begin with an argument that is the instance
> to which they are bound.

Okay, so in the __call__ case, self will be the mynavigator object?

Anyway, the isDocTemp thing seems to be getting somewhere.

md is a TemplateDict, and that's a stack of InstanceDict's, right?
Now, from what I've seen from playing, the object I've been looking for
all along is the one whose InstanceDict is on the top of the md stack.

So, two questions:

1. How can I get the top most InstanceDict out of md? is _pop the only
way? If so, I would guess I do:

x = md._pop(1)
md._push(x)

   to get the InstanceDict without disturting the namespace stack?

2. How would I turn the InstanceDict, x, back into an object? From
reading pDocumentTemplate.py, I would guess:

obj = x.self

   Is that right?

well, thanks for all the help, I _think_ the end is in sight now ;-)

cheers,

Chris

PS: Once I've got that object, can I still use aq_chain(obj,1) to get
the list of obj and its containing parents? (In essence, the PARENTS'y
type thing I've been looking for all along ;-)

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Soft links again

[Andre Schubert]

Hi,

i have read the two messages about Soft Link, and i tried to work with it,
because it it very important for my Product.
The problem is that the Soft Link class won't work and i don't know why.
I use zope 2.2.2 and python 1.5.2.
root:
-myproductfolder
-SoftLink to testdtmldoc
-testfolder
-testdtmldoc

In myproduct i have the following function, the class SoftLink is the same
as of Shane Hathaway.
I wan't to add a SoftLink in myproductfolder which links to testdtmldoc.
When i call the function manage_addSoftLink nothing happens??

def manage_addSoftLink(self, REQUEST=None):
.
obj=SoftLink('Test/link')
self._setObject('TestSoftLink',obj)

Whats going wrong, or did i missunderstand something?
Who can help?

as

Shane Hathaway schrieb:

> [cut]
> Try this.  I failed to account for the fact that sometimes the object is
> not in context and therefore the linked object will not be found.
>
>def __of__(self, parent):
>   try:
> ob = self.restrictedTraverse(self.path)
>   except:
> # We're not in context or the object was not found.  Default to
> self.
> return self
>   else:
> return getattr(ob, 'aq_base', ob).__of__(parent)
>
> Keep in mind, though, that there are all kinds of security
> implications.  Someone will have to think hard about security before
> this is viable.
>
> OTOH perhaps it's really simple.  Try this as the last line instead:
>
> return getattr(ob, 'aq_inner', ob).__of__(parent)
>
> This way, the security context might be retained.  If it doesn't work,
> try changing the last line to:
>
> return ob.__of__(parent)
>
> Shane
>
> ___
> Zope-Dev maillist  -  [EMAIL PROTECTED]
> http://lists.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope )


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Zope Error message

[Chris Withers]

Andy McKay wrote:
> 
> So now I need to change it so most normal errors (such as 404) are handled
> by standard_error_message. 

I'm pretty sure 404s are handled by standard_error_message already.
Authentication Errors aren't! :-(

> So I went to HTTPResponse.py and found this:
> 
> def _error_html(self,title,body):
> # XXX could this try to use standard_error_message somehow?
> 
> I gather someone smarter than me has tried this before. Before waste a day
> going down this path, does anyone have any advice?

There should be a collector issue on this somewhere. Apparently it is
possible for _all_ errors to be handled by standard_error_message.
Sadly, some are still hardcoded to use the internal one, Authentication
being a good example. 

Some coding needs to be done by someone who understands the intricacies.
I wonder if there are any plans at DC or if this one has been shelved?

cheers,

Chris

PS: This would be very nice for the PTK: Give people a nice screen
saying 'we can mail your password to you' if they get it wrong, rather
than barfing the standard "Zope Error" message...

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )