Re: [Zope-dev] Re: More resilient indexes

2007-09-19 Thread Roché Compaan 
On Tue, 2007-09-18 at 20:01 +0200, Dieter Maurer wrote:
> Roché Compaan wrote at 2007-9-18 08:55 +0200:
> > ...
> >Sorry if I was unclear but what I'm really asking is if it is possible
> >to improve the conflict handling of the current indexes that we have in
> >Zope. I am also asking if concurrent indexing in the ZODB is a realistic
> >goal.
> 
> I have implemented "Conflict Reduced Indexes".
> 
> They essentially work as follows:
> 
>Standard indexes use for efficiency reasons a complex
>dance with a quite high conflict potential:
>The document list for a term can have 3 implementation
>  missing, represented as an integer, represented as an IITreeSet.
> 
>Whenever the implentation type changes, a conflict will occur
>when a concurrent request accesses the same document list.
> 
>The conflict reduced indexes use only 2 implementation types:
>  missing and IITreeSet and once, the list used an IITreeSet,
>  it remains this way.
>This can leverage the conflict resolution build in "OOBTree"
>and "IITreeSet" quite well.
> 
> Nevertheless, it turned out that these separate indexes were
> not worth the efford (meanwhile, they have been replaced by
> "ManagableIndex").

Thanks for your feedback. I refactored things a little bit so that I
don't require immediate indexing which makes QueueCatalog a good
solution.

-- 
Roché Compaan
Upfront Systems   http://www.upfrontsystems.co.za

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] security problem in an monkey-patch

2007-09-19 Thread Dieter Maurer 
Joachim Schmitz wrote at 2007-9-19 11:54 +0200:
>and
>
>../portal_catalog/getBypassQueue
>displays a 1

This looks like a security bug.

You should not be able to "call" something via the ZPublisher
what you cannot call in a script.

Maybe, you file a bug report?



-- 
Dieter
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Re: More resilient indexes

2007-09-19 Thread Dieter Maurer 
Laurence Rowe wrote at 2007-9-19 10:03 +0100:
> ...
>Indexes are inherently difficult to perform conflict resolution on. As 
>Dieter mentioned their implementation is designed for efficient reading, 
>not efficient writing.

You did not mean me?

I have implemented the "Conflict Reduced Indexes" because
my colleague thought he would need to import mass data in
parallel threads -- thus, the reason was to support parallel writing.

Fortunately, the Zope based system was much faster than its
C++ implemented predecessor. Thus, the need for mass import
parallelization was not given to the expected extent

We also use the QueueCatalog (in fact a two level queue:
one for fast indexes and one for text indexes)
and have only the most important workflow indexes updated inline.
The workflow indexes, of course, need to be updated inline
as otherwise, the workflows would not work reliably.



-- 
Dieter
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: security problem in an monkey-patch

2007-09-19 Thread Joachim Schmitz 

Tres Seaver schrieb:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1




security.declareProtected(view_management_screens, 'getBypassQueue')
def getBypassQueue(self):
 "get _by_pass"
 if not hasattr(self,"_bypass"):
 self._bypass = False
 return self._bypass


I would write this as:

   return getattr(self, '_bypass', False)

avoiding both write-on-read and hasattr in one fell swoop.

thanks for the tip.







I get:
Unauthorized: The container has no security assertions.  Access to 
'getBypassQueue' of (QueueCatalog at /uniben/portal_catalog) denied.


What I am missing here.


You need to supply security assertions for the new method you have adeed
to the class (your security assertions are being "left behind" in the
context where you defined the function)..  Likely you can add another
attribute to the class, 'getBypassQueue__roles__', with the value being
a tuple, ('Manager',)  (unless you want to figure out how to create a
PermissionRoles object yourself).

I solved it with:

QueueCatalog.getBypassQueue__roles__ = ['Manager', 'Owner',]
thanks for the help.

--
Gruß Joachim
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: security problem in an monkey-patch

2007-09-19 Thread Tres Seaver 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joachim Schmitz wrote:
> Hi,
> 
> I have monkey-patched the QueueCatalog to adopt it to our needs, which 
> works fine. I now wanted to introduce a new feature:
> 
> The QueueCatalog should be bypassed during mass-import of data.
> So I introduced a new variable "_bypass", and new getBypassQueue() and 
> setBypassQueue methods in the monkey-patch:
> 
> security.declareProtected(view_management_screens, 'getBypassQueue')
> def getBypassQueue(self):
>  "get _by_pass"
>  if not hasattr(self,"_bypass"):
>  self._bypass = False
>  return self._bypass

I would write this as:

   return getattr(self, '_bypass', False)

avoiding both write-on-read and hasattr in one fell swoop.

> security.declareProtected(view_management_screens, 'setBypassQueue')
> def setBypassQueue(self, bypass=False):
>  "set _bypass"
>  self._bypass = bypass
> 
> from Products.QueueCatalog.QueueCatalog import QueueCatalog
> QueueCatalog.getBypassQueue = getBypassQueue
> QueueCatalog.setBypassQueue = setBypassQueue
> 
> 
> I can invoke these methods from the url like:
> 
> ../portal_catalog/setBypassQueue?bypass=1
> 
> and
> 
> ../portal_catalog/getBypassQueue
> displays a 1
> 
> But when I do a:
> 
>   tal:attributes="checked
>  here/portal_catalog/getBypassQueue" />
> 
> I get:
> Unauthorized: The container has no security assertions.  Access to 
> 'getBypassQueue' of (QueueCatalog at /uniben/portal_catalog) denied.
> 
> What I am missing here.

You need to supply security assertions for the new method you have adeed
to the class (your security assertions are being "left behind" in the
context where you defined the function)..  Likely you can add another
attribute to the class, 'getBypassQueue__roles__', with the value being
a tuple, ('Manager',)  (unless you want to figure out how to create a
PermissionRoles object yourself).



Tres.
- --
===
Tres Seaver  +1 540-429-0999  [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG8S9F+gerLs4ltQ4RAp8kAJ4xECJyWPwPzvkOdDNiNGA3Vp6zNACg0bI5
41ihaq521kUpdFKgieWa0+A=
=IBzZ
-END PGP SIGNATURE-
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Zope Tests: 5 OK

2007-09-19 Thread Zope Tests Summarizer 
Summary of messages to the zope-tests list.
Period Tue Sep 18 12:00:00 2007 UTC to Wed Sep 19 12:00:00 2007 UTC.
There were 5 messages: 5 from Zope Unit Tests.


Tests passed OK
---

Subject: OK : Zope-2.7 Python-2.3.6 : Linux
From: Zope Unit Tests
Date: Tue Sep 18 20:50:14 EDT 2007
URL: http://mail.zope.org/pipermail/zope-tests/2007-September/008361.html

Subject: OK : Zope-2.8 Python-2.3.6 : Linux
From: Zope Unit Tests
Date: Tue Sep 18 20:51:50 EDT 2007
URL: http://mail.zope.org/pipermail/zope-tests/2007-September/008362.html

Subject: OK : Zope-2.9 Python-2.4.4 : Linux
From: Zope Unit Tests
Date: Tue Sep 18 20:53:21 EDT 2007
URL: http://mail.zope.org/pipermail/zope-tests/2007-September/008363.html

Subject: OK : Zope-2.10 Python-2.4.4 : Linux
From: Zope Unit Tests
Date: Tue Sep 18 20:54:51 EDT 2007
URL: http://mail.zope.org/pipermail/zope-tests/2007-September/008364.html

Subject: OK : Zope-trunk Python-2.4.4 : Linux
From: Zope Unit Tests
Date: Tue Sep 18 20:56:21 EDT 2007
URL: http://mail.zope.org/pipermail/zope-tests/2007-September/008365.html

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] security problem in an monkey-patch

2007-09-19 Thread Joachim Schmitz 

Hi,

I have monkey-patched the QueueCatalog to adopt it to our needs, which 
works fine. I now wanted to introduce a new feature:


The QueueCatalog should be bypassed during mass-import of data.
So I introduced a new variable "_bypass", and new getBypassQueue() and 
setBypassQueue methods in the monkey-patch:


security.declareProtected(view_management_screens, 'getBypassQueue')
def getBypassQueue(self):
"get _by_pass"
if not hasattr(self,"_bypass"):
self._bypass = False
return self._bypass

security.declareProtected(view_management_screens, 'setBypassQueue')
def setBypassQueue(self, bypass=False):
"set _bypass"
self._bypass = bypass

from Products.QueueCatalog.QueueCatalog import QueueCatalog
QueueCatalog.getBypassQueue = getBypassQueue
QueueCatalog.setBypassQueue = setBypassQueue


I can invoke these methods from the url like:

../portal_catalog/setBypassQueue?bypass=1

and

../portal_catalog/getBypassQueue
displays a 1

But when I do a:



I get:
Unauthorized: The container has no security assertions.  Access to 
'getBypassQueue' of (QueueCatalog at /uniben/portal_catalog) denied.


What I am missing here.


--
Gruß Joachim
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: More resilient indexes

2007-09-19 Thread Laurence Rowe 

Roché Compaan wrote:



I use QueueCatalog often and I know how it works. But if an application
requires immediate indexing then QueueCatalog is not a solution. 


Sorry if I was unclear but what I'm really asking is if it is possible
to improve the conflict handling of the current indexes that we have in
Zope. I am also asking if concurrent indexing in the ZODB is a realistic
goal.

The reason I mentioned QueueCatalog is not because of its batch indexing
in one thread, but because it has a lot of conflict handling on the
queue itself. Sessions might be another good example of a product that
tries hard to handle conflicts. Do these products have strategies that
can be made to work for indexes?


By definition, if you're not using QueueCatalog then you don't have a 
queue to perform conflict resolution on. QueueCatalog does not perform 
conflict resolution as such, but optimises the number of cataloguing 
operations by applying rules to the queue to remove duplicate operations.


Indexes are inherently difficult to perform conflict resolution on. As 
Dieter mentioned their implementation is designed for efficient reading, 
not efficient writing.


Do you really need to have concurrent indexing? Would concurrently 
updating the metadata records (there is an option in QueueCatalog for 
this) be sufficient?


Laurence



___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope )