IRC log of #zope3-dev for Saturday, 2005-08-20

« Friday, 2005-08-19 Index Sunday, 2005-08-21 »
*** yotaff has quit IRC00:22
*** hazmat has quit IRC00:32
*** hazmat has joined #zope3-dev00:32
*** hazmat has quit IRC00:33
*** hazmat has joined #zope3-dev00:34
*** timte has quit IRC00:35
*** Alef has joined #zope3-dev00:41
*** bradb is now known as bradb-away00:42
*** tvon has quit IRC00:43
*** alga has joined #zope3-dev00:44
*** MJ has quit IRC00:46
*** MJ has joined #zope3-dev00:48
*** benji_york has quit IRC00:51
*** hazmat has quit IRC01:00
*** RaFromBR1 has joined #zope3-dev01:04
*** tvon has joined #zope3-dev01:06
*** RaFromBRC has quit IRC01:06
*** FarcePest has quit IRC01:16
*** lunarosity has joined #zope3-dev01:16
*** Alef has quit IRC01:17
lunarosityhello01:18
lunarosityI think I read somewhere that someone did some work on an LDAP adaptor, or LDAP principal source of some sort01:18
lunarosityAnyone happen to have any links?01:18
*** fdrake has joined #zope3-dev01:19
fdrakesrichter, you there?01:19
projekt01See in the zope3 repository, there are some top level ldap packages01:20
lunarosityok01:21
projekt01fdrake, are you looking for the Release Manager ;-)01:21
srichterfdrake: here01:23
fdrakeya01:23
fdrakei'm giong to start merging the TAL changes from the trunk now01:23
fdrakei'm not planning on any more changes on the trunk right now  :-)01:24
*** REdOG has left #zope3-dev01:24
srichterok, don't forget the branch :-)01:24
fdrakethat's where I'm merging them  :-)01:25
srichterok01:25
projekt01Is the IQueriableAuthenticator the only one API to a IAuthentication, for principal lookup?01:27
srichterI think so01:27
projekt01Does it mean that every IAuthentication has to implement this interface for participation on lookups for 3rd party apps01:28
projekt01?01:28
projekt01implement/provide01:29
*** roym`` has quit IRC01:30
srichterI think they have to adapt to it yes01:32
projekt01Ok thanks, then this is the API where I can search for principals01:32
srichteryes01:33
fdrakerunning tests on the branch...01:48
fdrakepassed ... committing...01:51
*** RaFromBR1 has quit IRC01:56
fdrakesrichter, it'd probably be good if you release before we find any more problems  :-)01:56
fdrakei'm outta here...01:57
*** fdrake has quit IRC01:57
lunarosityFor User and Group Principals, can a User and a Group both have the same id (like '27' for instance)?01:58
*** yota has quit IRC02:01
*** tvon has quit IRC02:05
*** RaFromBRC has joined #zope3-dev02:17
*** deo has quit IRC02:45
projekt01lunarosity, Yes principal and group folder have a prefix where you can set if you add them03:05
*** RaFromBRC has quit IRC03:19
*** tanghus has quit IRC03:49
*** hwo4 has joined #zope3-dev04:06
hwo4I'm having a bit of trouble getting a handle precisely on how User Principals and Group Principals work together04:13
hwo4first, is there a group principal in zope? i saw an IGroupAwarePrincipal, but not GroupPrincipal04:14
hwo4second, assuming there is a Group Principal, it never authenticates, right? No one would log in AS a Group04:14
hwo4third, If a group has been assigned a local role on an object, then presumably the users of that group also gain the permission associated with that role. Whats the mechanism for this.04:15
hwo4fourth, This might make a little more sense if I understood rather or not a user can be authenticated as multiple principals at the same time.04:21
hwo4which begs the question of how group principals are related to user principals at all. From my (very limited) understanding, they do two different things04:21
*** projekt01 has quit IRC04:27
hwo4Also, is there any infrastructure for heirarchical permissions. I.e. this function requires permission level 5, so users with permission level 7 could access it, but level 4 couldn't.04:39
srichterhwo4: the default security does not have a level model, but you could easily implement your own security policy thst does this04:49
hwo4well right05:00
hwo4I was just making sure I didn't reinvent anything05:00
hwo4you don't happen to have any insight on the group vs. user principal questions?05:01
*** alga has quit IRC05:17
*** tanghus has joined #zope3-dev05:55
*** sashav has quit IRC08:56
*** gintas has joined #zope3-dev09:12
*** sashav has joined #zope3-dev11:36
*** _drzoltron has joined #zope3-dev11:36
*** drzoltron_ has joined #zope3-dev11:38
drzoltron_hi, is there a view implemented for IOrderedFolder ?11:38
drzoltron_you know one with up&down arrows ?11:39
drzoltron_OrderedContainer, that is11:39
*** sashav has quit IRC11:55
*** timte has joined #zope3-dev12:03
*** projekt01 has joined #zope3-dev12:28
projekt01morning12:29
drzoltron_guten morgen12:41
drzoltron_projekt01: do you know of an implementation of orderedcontainer where I get a view with up/down arrows ?12:44
projekt01drzoltron, Yes, there is one, but I'm not sure if the buttons are implemented12:45
*** loreto has joined #zope3-dev12:46
drzoltron_projekt01: cool, can you remember where it is ?12:46
projekt01See, zope.app.container.ordered.OrderedContainer12:47
drzoltron_yeah, I am implementing  this one, but something is missing ...12:48
projekt01grep the source for OrderedContainer and see if this container is used somewhere,12:48
drzoltron_ok12:48
drzoltron_thanx12:48
projekt01then this implementation isn't registred as a content type12:48
drzoltron_I am mixing into one of my content types12:48
projekt01Ah, cool12:49
drzoltron_do you know where I can find the contents.html view ?12:49
drzoltron_zope3 is a little like a maze for a newbeginner like me ;)12:49
projekt01zope.app.container.browser.contents.py and content.html12:49
drzoltron_nice, thanx ! ;)12:49
drzoltron_sounds like swiss precision ;)12:50
projekt01;-)12:50
projekt01Where are you from?12:50
drzoltron_vienna12:53
projekt01Bernie?12:53
drzoltron_yes12:53
projekt01Are you moving the Archetypes to z3?12:54
drzoltron_not at all :)12:54
projekt01Perhaps there are some interesting patterns in our Tiks repository for you.12:55
projekt01Hm, why is there no event less IContainer implementation in z3 like a pure IWriteMapping?13:00
drzoltron_hmmm, no idea13:00
*** kidnic has joined #zope3-dev13:02
*** kidnic has left #zope3-dev13:04
drzoltron_projekt01: is the Tiks rep. publicly accessible ?13:08
projekt01Yes, at: svn://svn.tiks.org/repos/Tiks/trunk13:10
projekt01the trunk is the location of the z3 root, you can find the tiks package at trunk/src/tiks13:11
projekt01Checkout the trunk and symlink all folders under the trunk to the zope install root except the package-includes folder13:12
projekt01this folder contains the configure where you can place into the original package-includes folder.13:13
drzoltron_sorry, alittle on and off here, girlfriend has poured water in her PB13:13
drzoltron_thanx13:13
projekt01Don't include the json configure.zcml in package-includes if jsonserver isn't installed.13:14
drzoltron_ok13:15
drzoltron_got tiks now, what does it do ?13:23
projekt01It's a library based on z3, it contains different more or less useful components ;-)13:24
drzoltron_hehe13:25
projekt01The Tiks packages itself does not this much, they can be used for build system.13:25
drzoltron_ok13:25
projekt01A good starting point is tiks.system13:25
projekt01Tiks systems are a generic implementation for z3 objects (content types).13:26
projekt01All additional methods and attributes of such a system are adapted, nothing is implemented directly in class13:26
projekt01not even a class itself is used for build new content types!13:27
projekt01All is done with marker interfaces!13:27
projekt01There are also some demos in tiks.demo where you can start13:27
drzoltron_nice, thanx !13:28
projekt01Or I started adding our new tiks.org portal in tiks.org which is accessible under ++skin++TiksORG if you add the content type "Tiks site (tiks.org)"13:28
projekt01There is also a skin /++etc++Tiks/ out of the box which is a replacement for the Rotterdam ZMI13:29
drzoltron_nice13:31
projekt01Is it running?13:31
drzoltron_haven't tried yet, I think I use it for grepping first ;)13:35
drzoltron_still in emergency mode trying to get the water out of the powerbook13:36
projekt01;-)13:37
projekt01I recommend the packages in this order tiks.initializer, tiks.typing, tiks.system for a good introduction13:38
projekt01That's our base concepts, initialize a content type, mark a content type with a type marker and build system domains13:39
drzoltron_ok13:42
*** jinty has joined #zope3-dev14:17
*** yota has joined #zope3-dev14:19
*** gintas has quit IRC14:25
*** alga has joined #zope3-dev14:29
srichterhwo4: yes, there are groups in the default security policy14:32
srichterhwo4: IGroupAwarePrincipals are simply principals that know about the groups they are in and thus inherit their permissions/roles14:32
srichterhwo4: Group principals are simply known as groups; see zope.app.authentication.groupfolder; also read all the TXT files in this package14:34
srichterhwo4: of course noone would ever log in as a group; not all principals in a security system must support login/logout14:35
srichterhwo4: yes, user principals inherit their group principals' permissions/roles; that is implemented in the default security policy14:36
srichterhwo4: to the forth question, principals are really only aggregate objects (like roles) of permissions. They are granted permissions; the user is a bit special since it also supports login/logout (iow Authentication), whereby roles and groups only provide authorization14:39
srichterhwo4: btw, you can also simulate your levels using groups; every group could be a security level14:46
*** drzoltron_ has quit IRC15:02
projekt01srichter, ayt?15:04
srichteryes15:10
projekt01I miss some important adapter tests in zope3!15:10
projekt01Was there not a adapter.txt test file?15:10
projekt01in the zope.app.security15:11
srichteraehm, I don't know15:11
srichternot that I remember15:11
srichteryou can check the repository15:11
projekt01There a re no tests for the trusted adapter factories15:11
projekt01e.g. LocatingTrustedAdapterFactory15:11
projekt01Are you remember, wasn't there tests for this factories?15:12
srichterI can't remember15:13
srichterI have never been involved in any of this15:13
*** roym has joined #zope3-dev15:14
projekt01Ok, will take a look at this, perhaps I'm wrong and this part wasn't tested directly15:15
projekt01Ah, found the file adapter.txt in the zope.interface15:22
projekt01srichter, Ok, found what I'm need ;-)15:25
srichter:-)15:25
roymI have a path stored as a string (eg: A/B/C); how would I in ZPT,15:25
roymconvert that to a physical path? All I can think of is15:25
roympython:context['A']['B']['C'] - seems like there ought to be a better15:25
roymway.15:25
projekt01romy, Use a view class for the template and use a method which calls traverse(obj, path)15:27
*** jinty has quit IRC15:28
roymprojekt01: thanks.15:29
*** drzoltron_ has joined #zope3-dev15:39
projekt01argh, I guess all PAU events are not locatable with the subcribers directive locate=True15:39
projekt01because this are not object events.15:39
projekt01srichter, why are the events used in the PAU's principal folder are not object events?15:40
projekt01if FoundPrincipalCreated whould be a object event, then I could locate from where the principal was created15:42
srichterI think you can make it an object event; I don't see a problem there15:49
projekt01I guess this would break existing custom subscribers? right?15:51
srichterhow so?15:52
srichterjust inherit IObjectEvent in IFounfPrincipalCreated15:52
drzoltron_how do i get the order of contents of IOrderedContainers15:53
projekt01srichter, is the registration in ZCML for such a subscriber not different after this changes?15:53
srichterdrzoltron_: I would assume that container.keys() gives you the right order15:53
srichterprojekt01: no15:54
projekt01Ah, just optional15:54
srichterit is still an IFoundPrincipalCreated event15:54
srichterit is justa  feature add, not replace15:54
drzoltron_srichter: yeah, you are right :)15:55
projekt01srichter, and the subsciber can be regsitred like for="IFoundPrincipalCreated" or for="ILocation IFoundPrincipalCreated"15:56
srichteryep15:56
projekt01Ok, should I change it in the trunk?15:57
projekt01I guess not in the in the branch because it's a feature. right?15:57
srichterno, this cannot go into the branch15:58
projekt01Ok, I will change it in the trunk15:59
projekt01Argh, this doesn't work, because we don't have the location from the principal in the principal factory because we just use attributes in the constructor16:03
*** jinty has joined #zope3-dev16:03
*** jinty has quit IRC16:03
projekt01...and not the principal itself where we like to use the location16:04
drzoltron_funny, @@contents.html always show the contents in the created order not in the actual16:05
srichterprojekt01: I guess once you have the pricnipal id you can always look up the principal16:06
srichterand this principal might have a location16:06
srichterdrzoltron_: are you sure @@contents.html is written for the ordered container?16:06
projekt01drzoltron, the ordered container should return the right order, this is the order the items get added16:09
projekt01Did you try to order the container keys with orderedContianer.updateOrder(keysInAOrderYouLike)16:11
*** drzoltron_ has quit IRC16:15
*** drzoltron_ has joined #zope3-dev16:17
drzoltron_projekt01: sorry, still no lifesign from the powerbook16:18
drzoltron_i added the items16:18
drzoltron_did a updateOrder()16:19
drzoltron_container.keys() now gives me the updated order but @@contents does not16:19
drzoltron_anyway, have to write a new @@contents with some nice arrows16:19
projekt01Hm, the methods keys, values and items are ordered by the order stored in OrderedContainer16:22
projekt01This should work16:22
projekt01Can you check if the method items() and values() also return the items in the right order like the method keys() does?16:24
*** drzoltron_ has quit IRC16:25
*** drzoltron_ has joined #zope3-dev16:25
drzoltron_irclogs is nice ;)16:26
*** jinty has joined #zope3-dev16:26
*** jinty_ has joined #zope3-dev16:40
*** jinty_ has quit IRC16:41
*** drzoltron_ has quit IRC16:47
*** mikecrowe has joined #zope3-dev16:51
mikecroweHi folks, can I ask some n00b questions without getting flamed?16:53
mikecroweI'm getting this error on a new instance I just created.  Had it working, but don't know what went wrong:16:54
mikecrowezope.configuration.xmlconfig.ZopeXMLConfigurationError: File "c:\mus\etc\site.zcml", line 14.2-14.3616:54
mikecrowe    ZopeXMLConfigurationError: File "c:\mus\etc\principals.zcml", line 33.216:54
mikecrowe    ConfigurationError: ('Unknown directive', u'http://namespaces.zope.org/zope', u'grant')zope.configuration.xmlconfig.ZopeXMLConfigurationError: File "c:\mus\etc\site.zcml", line 14.2-14.3616:54
mikecrowe    ZopeXMLConfigurationError: File "c:\mus\etc\principals.zcml", line 33.216:54
mikecrowe    ConfigurationError: ('Unknown directive', u'http://namespaces.zope.org/zope', u'grant')16:54
mikecroweI don't see anything wrong with site or principals.  Is there something basic I am missing here?16:55
*** tvon has joined #zope3-dev16:55
mikecroweZope 3.1.0c1/Python 2.416:55
*** drzoltron_ has joined #zope3-dev16:58
*** Alef has joined #zope3-dev17:04
*** mikecrowe has left #zope3-dev17:06
*** mikecrowe has joined #zope3-dev17:08
*** loreto has quit IRC17:10
*** gintas has joined #zope3-dev17:16
srichterthat is very strange; did you modify your site.zcml?17:16
srichterit seems that the security meta configuration is not loaded17:17
mikecroweahhh!  when you run a make-instance, it doesn't create a security.zcml17:17
mikecrowesorry, securitypolicy.zcml17:18
mikecrowei renamed -testing and just used it, since i didn't know how to create.  i bet that was wrong, huh?17:18
srichteryep17:18
srichterprobably17:18
mikecroweis there a template for security?  i didn't see in zopeskel17:19
srichterbest would be to go online and get the origianl site.zcml back17:19
srichterhttp://svn.zope.org/Zope3/branches/Zope-3.117:19
mikecrowehmm, are you sure?  should makeinstance create a securitypolicy.zcml in your etc/ directory?17:21
mikecrowemy clean install (from 2 days ago) didn't.  I'm thinking that i am expected to create with the parameters I need.17:21
mikecroweproblem is, I'm so new i don't know what i need!  :)17:21
mikecrowejust looked, there is only  securitypolicy-ftesting.zcml in cvs.17:22
srichterI am not sure what mkzopeinstance is supposed to do, since I never use it ;-)17:23
srichtermkzopeinstance -u user:passwd -d path/to/instance/dir17:24
srichtershould work17:24
srichterwe constantly test this combination17:24
srichterprojekt01: have you tried the Windows release already?17:24
mikecrowesrichter: found an example in cvs  z3/modzope/trunk/demosite/securitypolicy.zcml (thanks, google)17:35
projekt01srichter, no where is it located?17:36
projekt01I guess at the z3 release download page at www.zope.org?17:37
projekt01No there is only a release from 2005-07-27 20:55:0617:38
srichterthat's it17:42
srichterprojekt01: mikecrowe has troubles with the Win release17:42
projekt01I'll try it17:43
projekt01Why can I install the release only with a python 2.3 installed?17:46
projekt01I only have python 2.4 installed right now17:46
projekt01Is there a reason why or can we change the script that it will check for a minimal version of python and not just one version?17:47
srichterbecause 3.1 targets 2.317:50
srichterI don't know enough about Windows installaers to say how to fix this problem17:51
srichterwe have to ask tim17:51
projekt01Ok17:52
*** tvon has left #zope3-dev18:02
*** srichter has quit IRC18:06
projekt01mikecrowe, I installed z3 from the download it's up and running, seems that all is Ok from a fresh installation.18:08
*** srichter has joined #zope3-dev18:12
projekt01srichter, I installed z3 from the download it's up and running, seems that all is Ok from a fresh installation.18:12
srichterprojekt01: thanks18:13
srichtermikecrowe: you messed up your installation somehow18:13
srichterI'd suggest reinstalling18:13
*** srichter has quit IRC18:14
*** srichter has joined #zope3-dev18:15
*** srichter has quit IRC18:17
*** tvon has joined #zope3-dev18:17
*** srichter has joined #zope3-dev18:17
*** jinty has quit IRC18:18
*** projekt01 is now known as _projekt0118:24
*** _projekt01 is now known as _projekt01_away18:27
*** ChanServ sets mode: +o srichter18:29
*** loreto has joined #zope3-dev19:27
*** RaFromBRC has joined #zope3-dev19:33
*** Alef has quit IRC19:36
*** loreto has quit IRC19:37
*** loreto has joined #zope3-dev19:40
*** loreto has quit IRC19:42
*** drzoltron_ has quit IRC19:48
hwo4I'm a bit confused on the concept of a Principal20:04
hwo4its a persistant object stored in a principal source, or at least an instance of a Principal is returned by the source?20:05
srichterno a principal is not persistent20:41
srichterit is created when the principal is looked up20:41
srichterthe info about the principal is persistently stored20:42
*** alga has quit IRC20:58
*** jinty has joined #zope3-dev21:05
*** RaFromBRC is now known as RaAtBRC21:24
*** RaAtBRC has quit IRC21:49
*** wiggy has joined #zope3-dev22:15
hwo4How do Participations work? If a user authenticates and a Principal is created, then is a participation created then as well? whats the lifetime of a participation. Also, if there is only one participation per principal, why does an interaction hold multiple participations?22:36
srichterno the participation is set by the request22:36
srichterthe lifetime of the participation is equal to the life time of the request (basically)22:37
wiggyhow do you define a reference in a scheme?22:37
srichterreference to other objects?22:41
srichteryou can use vocabularies22:41
wiggyheh, philikons book says 'vocabularies have been deprecated' at the beginning of the vocabulary chapter :)22:43
*** jinty has quit IRC22:44
srichterwell, they are replaced by sources, but sources are still not used widely22:45
hwo4so then how does a principal get more than one participation?23:04
srichtercurrently there is only one participation ever23:09
srichterat a given point in time23:09
srichter(per thread and request)23:09
hwo4so then why are interactions able to add and remove participations? and when you say one participation ever, per thread per request, i'm not sure how the 'per thread' part impacts it.23:18
srichterwhen Jim rewrote the security stuff he had use cases in mind that have multiple participations; it's just a feature that's not used23:20
srichterwell, participations are stored in a thread global; it should not matter I just mentioned it23:21
hwo4ok23:22
hwo4I have a security system in mind in which users can be members of groups23:23
hwo4and if you give a group a set of permissions (local role) on an object, then the members of the group should have those permissions as well23:24
hwo4I wasn't entirely sure if i should implement the checking of permissions in a Checker by looking in each group the user is a member of, or somehow having an authenticated user have multiple participations or some such thing23:25
hwo4So I assume, since there is only one participation per request, the checker should look for permissions associated with the user, and also with their groups23:26
hwo4With this sort of setup in mind,23:26
hwo4would groups even need to be prinicipals?23:26
*** Theuni has quit IRC23:27
srichterthe default security policy provides all those features for you23:27
srichterjust use the code in zope.app.authentication23:27
*** RaFromBRC has joined #zope3-dev23:28
hwo4ok23:28
*** jinty has joined #zope3-dev23:32
*** mikecrowe has left #zope3-dev23:35
hwo4I see in zope.app.authentication there is a Principal class that implements GroupAwarePrincipal, and there are group principals, and group principal folders, as well as user principal folders23:36
hwo4It seems to me though that the determination of a users permissions depending on what groups they were a member of, would be carried out in zope.app.security23:37
srichteryes, of course; it all hangs together23:39
hwo4right. I'm just having trouble locating the part of the security implementation which does that checking23:39
hwo4I guess it would be in the interaction, right?23:40
srichteryeah, as far I remember, the interaction is just an instance of the security policy23:43
srichterwhy are you digging in all this so deep?23:43
hwo4Hmm. I was under the impression that it was necessary to understand this stuff to start developing23:47
hwo4I went through Phillips book and your book, and things seemed to make a lot of sense,23:48
hwo4but it left me a little confused on how to deal with groups23:49
hwo4and I still can't understand why a group is a principal23:50
srichterbecause you can only grant permissions and roles to principals23:51
hwo4ok23:52
srichterthe reason our books don't cover that is that it is new in 3.123:52
hwo4right23:52
srichterbut you really don't need to understand all this23:52
srichterall you need to know is that you can grant permission and roles to users and groups23:52
srichterand you can put principals into several groups23:53
hwo4ok, thats pretty straightforward23:53
wiggygroups in groups23:55
hwo4then if i had a content object such as userprofile, then i'd just grant the user some sort of managerial local role on the userprofile object and give his groups a local viewing role.23:55
srichteryep23:56
hwo4so i guess i only have one more question for now23:57
hwo4are groups, group aware?23:57
hwo4can i put groups in groups?23:57
hwo4and if i can, does a member of  group a (which is a member of group b) get the roles of group b?23:57
srichterof course23:57
srichtergroups are principals23:57
srichterof course23:58
hwo4great23:58
hwo4thanks a lot23:58
« Friday, 2005-08-19 Index Sunday, 2005-08-21 »

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!