IRC log of #zope3-dev for Friday, 2005-10-21

*** srichter has joined #zope3-dev00:07
*** srichter has quit IRC00:08
*** natea_ has joined #zope3-dev00:14
*** SteveA_ has quit IRC00:20
*** whit has joined #zope3-dev00:23
*** natea has quit IRC00:25
*** zbir has quit IRC00:38
*** srichter has joined #zope3-dev00:39
*** srichter has quit IRC00:43
*** srichter has joined #zope3-dev00:45
*** srichter has quit IRC00:45
*** sashav has quit IRC00:47
*** sashav has joined #zope3-dev00:48
*** srichter has joined #zope3-dev00:48
*** ChanServ sets mode: +o srichter00:51
*** sidnei has joined #zope3-dev00:55
*** povbot has joined #zope3-dev01:22
*** whit has quit IRC01:27
*** whit has joined #zope3-dev01:32
*** whit has quit IRC01:33
*** projekt01 has quit IRC01:44
*** Alef has joined #zope3-dev02:05
*** sidnei has quit IRC02:13
*** niemeyer has quit IRC02:13
*** Alef has quit IRC02:17
*** stub has joined #zope3-dev02:32
*** Jim7J1AJH has quit IRC03:00
*** Jim7J1AJH has joined #zope3-dev03:01
*** zbir has joined #zope3-dev03:09
*** tiredbones has quit IRC03:26
*** bskahan has joined #zope3-dev03:53
*** bradb has left #zope3-dev04:06
*** anguenot has joined #zope3-dev04:30
*** stub has quit IRC04:44
* bmcru is back07:15
*** bskahan has quit IRC07:42
*** bskahan has joined #zope3-dev08:16
*** SteveA_ has joined #zope3-dev08:18
*** MacYET has joined #zope3-dev08:20
*** dobee has joined #zope3-dev08:27
*** stub has joined #zope3-dev08:41
*** peaceman has quit IRC09:02
*** anguenot has quit IRC09:02
*** roym has quit IRC09:02
*** SteveA_ has quit IRC09:02
*** icecrash has quit IRC09:02
*** Theuni has quit IRC09:02
*** Hellfried has quit IRC09:02
*** bob2 has quit IRC09:08
*** bob2 has joined #zope3-dev09:08
*** zagy has joined #zope3-dev09:08
*** SteveA_ has joined #zope3-dev09:08
*** icecrash has joined #zope3-dev09:08
*** roym has joined #zope3-dev09:08
*** Theuni has joined #zope3-dev09:08
*** peaceman has joined #zope3-dev09:08
*** Hellfried has joined #zope3-dev09:08
*** bmcru has quit IRC09:09
*** bmcru has joined #zope3-dev09:09
*** stub has quit IRC09:09
*** bskahan has quit IRC09:09
*** dobee has quit IRC09:09
*** zbir has quit IRC09:09
*** Aiste has quit IRC09:09
*** d2m has quit IRC09:09
*** gnosis has quit IRC09:09
*** vinsci has quit IRC09:09
*** yota has quit IRC09:09
*** natea_ has quit IRC09:09
*** lucia12345 has quit IRC09:09
*** SteveA has quit IRC09:09
*** sashav has quit IRC09:09
*** VladDrac has quit IRC09:09
*** peaceman has quit IRC09:13
*** zagy has quit IRC09:13
*** bmcru has quit IRC09:13
*** roym has quit IRC09:13
*** bob2 has quit IRC09:13
*** Hellfried has quit IRC09:13
*** SteveA_ has quit IRC09:13
*** icecrash has quit IRC09:13
*** Theuni has quit IRC09:13
*** stub has joined #zope3-dev09:13
*** dobee has joined #zope3-dev09:13
*** bskahan has joined #zope3-dev09:13
*** zbir has joined #zope3-dev09:13
*** Aiste has joined #zope3-dev09:13
*** SteveA has joined #zope3-dev09:13
*** sashav has joined #zope3-dev09:13
*** natea_ has joined #zope3-dev09:13
*** d2m has joined #zope3-dev09:13
*** vinsci has joined #zope3-dev09:13
*** gnosis has joined #zope3-dev09:13
*** yota has joined #zope3-dev09:13
*** VladDrac has joined #zope3-dev09:13
*** lucia12345 has joined #zope3-dev09:13
*** SteveA has quit IRC09:15
*** VladDrac has quit IRC09:15
*** gnosis has quit IRC09:17
*** zbir has quit IRC09:17
*** Aiste has quit IRC09:17
*** yota has quit IRC09:17
*** d2m has quit IRC09:17
*** vinsci has quit IRC09:17
*** dobee has quit IRC09:17
*** stub has quit IRC09:18
*** bskahan has quit IRC09:18
*** VladDrac has joined #zope3-dev09:18
*** stub has joined #zope3-dev09:20
*** bskahan has joined #zope3-dev09:20
*** Hellfried has joined #zope3-dev09:21
*** peaceman has joined #zope3-dev09:21
*** Theuni has joined #zope3-dev09:21
*** roym has joined #zope3-dev09:21
*** icecrash has joined #zope3-dev09:21
*** SteveA_ has joined #zope3-dev09:21
*** zagy has joined #zope3-dev09:21
*** bob2 has joined #zope3-dev09:21
*** SteveA has joined #zope3-dev09:21
*** dobee has joined #zope3-dev09:21
*** zbir has joined #zope3-dev09:21
*** Aiste has joined #zope3-dev09:21
*** yota has joined #zope3-dev09:21
*** gnosis has joined #zope3-dev09:21
*** vinsci has joined #zope3-dev09:21
*** sashav has quit IRC09:22
*** hdima has joined #zope3-dev09:34
*** bskahan has quit IRC09:38
*** bskahan has joined #zope3-dev09:43
*** vlado has joined #zope3-dev09:53
*** MJ has quit IRC10:16
*** sashav_ has joined #zope3-dev10:22
*** sashav_ is now known as sashav10:22
*** d2m has joined #zope3-dev10:24
*** jinty has joined #zope3-dev10:33
sashavif I try to add a object I1 into a container that only allowes objects of I2 will zope try to find an adapter for I1->I2?10:53
*** projekt01 has joined #zope3-dev10:54
*** tarek has joined #zope3-dev11:04
*** zmi_junkie has joined #zope3-dev11:28
zmi_junkiehi - I have got python 2.3.3 - will Zope 3.1.0 final really, really not run on this ?-(11:31
*** mgedmin has joined #zope3-dev11:37
*** MJ has joined #zope3-dev11:45
*** icecrash has quit IRC11:53
MacYETwhat is the reommended version? :)12:00
*** zmi_junkie has quit IRC12:03
*** andres has joined #zope3-dev12:13
*** ignas has joined #zope3-dev12:27
*** BjornT_ has joined #zope3-dev12:31
*** BjornT has quit IRC12:39
*** BjornT_ has quit IRC13:00
*** niemeyer has joined #zope3-dev13:12
*** Aiste has quit IRC13:17
*** Aiste has joined #zope3-dev13:18
*** bskahan has quit IRC13:25
*** zmi_junkie has joined #zope3-dev13:29
*** JoaoJoao has joined #zope3-dev13:51
*** bmcru has joined #zope3-dev13:51
bmcruprojekt01 - ping13:51
*** regebro has joined #zope3-dev13:56
*** bmcru has left #zope3-dev13:56
*** J1m has joined #zope3-dev14:01
*** efge has joined #zope3-dev14:04
projekt01bmcru, yup14:20
*** andrew_m has joined #zope3-dev14:25
andrew_mhi all.. i need an object browser for zope3 with selection / file upload functionality. planning to do that as a singleton utility. is that a good or bad idea?14:26
srichterzmi_junkie: Zope 3.1.x will run on PYthon 2.3.x, but Zope 3.2.x won't14:37
srichterthere is already code in the trunk that requires 2.414:37
srichterandrew_m: a utility would not be ideal14:38
srichterandrew_m: what you want is probably something similar to the Web UI, right?14:38
srichterandrew_m: if so, use views14:38
andrew_msrichter: yes..14:38
andrew_msrichter: but for a view i need an object also, right?14:38
zmi_junkie2.4 would be much better - because I might get a separation in installed sitepackes - because of the different major version number14:39
zmi_junkieI am lost on a crappy Suse System ;-(14:39
srichterandrew_m: yes, but you just told me you want to build an "*object* browser"14:39
andrew_msrichter: it just browses for objects and hands back a path14:40
zmi_junkieso I might try to get trunk stuff running ;-)14:40
srichterzmi_junkie: you can use 2.4 with 3,1x14:40
srichterzmi_junkie: you can use Python 2.4.x with 3.1.x14:40
andrew_msrichter: like a file open dialog in an application UI14:40
srichteris this dialog showing Python objects or files ont he file system?14:41
andrew_msrichter: zope objects. and there will also be a form to upload e.g. images and create objects like that on the fly14:41
andrew_msrichter: and maybe a button to create a folder14:42
srichterthus use views to display the objects and doing the file uploading and whatever14:42
andrew_msrichter: ok.. the problem i have with that is that someone needs to create an 'objectbrowser' object somewhere initially14:43
andrew_mso that the views of that object can then be used by other components to browse for objects14:43
andrew_mmaybe i'm not getting it :/14:44
andrew_mcan a view live without a content object of some sort?14:44
srichterif you have an object browser, you know your starting point14:44
srichteri.e. the root object or folderX14:44
srichterhave a view on this root object that implements the object browser14:45
andrew_mah.. so i make a view for the folder object that is a browser for that folder14:45
andrew_mooke.. that makes perfect sense now - thanks heaps :)14:46
*** J1m has quit IRC14:46
andrew_mglad i asked14:46
*** BjornT has joined #zope3-dev14:48
JoaoJoaothis Z3 views thingie is fantastic14:49
*** zbir has quit IRC14:55
*** andres has quit IRC15:16
*** tiredbones has joined #zope3-dev15:30
*** tiredbones has left #zope3-dev15:38
d2mhmm, which package-include loads the introspector and its views ?15:43
srichternote it is only loaded if you are in devmode15:45
srichterapidoc-configure or
d2msrichter: thats what i thought, just trying to find the minimal set of package-includes15:46
*** peaceman has quit IRC15:47
*** zagy has quit IRC15:47
*** roym has quit IRC15:47
*** bob2 has quit IRC15:47
*** efge has quit IRC15:47
*** vlado has quit IRC15:47
*** Hellfried has quit IRC15:47
*** SteveA_ has quit IRC15:47
*** SteveA has quit IRC15:47
*** Theuni has quit IRC15:47
*** efge has joined #zope3-dev15:48
*** vlado has joined #zope3-dev15:48
*** SteveA has joined #zope3-dev15:48
*** bob2 has joined #zope3-dev15:48
*** zagy has joined #zope3-dev15:48
*** SteveA_ has joined #zope3-dev15:48
*** roym has joined #zope3-dev15:48
*** Theuni has joined #zope3-dev15:48
*** peaceman has joined #zope3-dev15:48
*** Hellfried has joined #zope3-dev15:48
*** MJ has left #zope3-dev15:56
*** M1 has joined #zope3-dev15:56
*** M1 is now known as MJ15:57
*** MJ has left #zope3-dev15:58
*** M1 has joined #zope3-dev15:58
*** mkerrin has joined #zope3-dev15:59
*** MJ has joined #zope3-dev16:00
*** zmi_junkie has quit IRC16:02
*** zbir has joined #zope3-dev16:12
*** benji has joined #zope3-dev16:27
*** d2m_ has joined #zope3-dev16:28
*** d2m has quit IRC16:28
*** d2m_ is now known as d2m16:28
*** sashav has quit IRC16:49
*** MrTopf has joined #zope3-dev16:58
d2mis there a way to set the character set when uploading files through FTP ? i did an upload of files without extentions, think that makes the content-type: text/plain and the charset=ASCII or even unknown ? anyway, the ZMI edit form does not work on these files17:01
srichterno, FTP is encoding agnostic17:06
srichterI think that the standard File implementation that comes with Zope is probably far too immature17:06
srichterI am already regretting having put it into the releases17:06
d2mso, no workaround ? btw, the files are displayed as text/html17:06
srichterit was the first thing I ever contributed to Zope 3 and it was always just fixed up after that; someone should start from scratch17:07
srichterI don't know of any17:07
d2mok, bad luck then17:07
projekt01srichter, can you remember that I told you, I think we have a security info lookup (access) and a site hook problem. Right now I try to find it ;-)17:19
srichteryeah, I remember talking about it and asking you to write a unit or ftest that proves it :-)17:20
projekt01srichter, I'm pretty sure there is conceptual problem in the secturity proxy or the PAU if you use a "sub site" setup.17:20
projekt01It's not tat easy since I need to setup two sites and 3 utilities17:21
srichterI am really not the one to talk about security; I have very little experience ;-)17:21
*** J1m has joined #zope3-dev17:22
srichterprojekt01: there is the one you want to talk to :-)17:23
srichterthough I think without a working test it is hard to talk about it17:23
*** J1m is now known as someone_else17:23
projekt01Hi, yup, I think the problem depends on loosing the location somewhere17:24
srichterCan't you create a ftest using standard utilities? this would really help17:24
* benji points at someone_else: "There he is, officer!" 17:24
srichterJim is not himself today :-)17:24
*** someone_else is now known as shshshsh17:24
projekt01srichter, can you point me to the new test browser package? Perhaps that's the quickest way to write a complex test first for my problem.17:24
projekt01Hi, benji where is the york?17:25
* benji is not himself today17:25
*** shshshsh is now known as J1m17:25
benjiprojekt01, I had the previous owner of "benji" killed17:25
J1m /msg NickServ IDENTIFY <jim's password censored>17:25
srichterand Jim needs a new passowrd :-)17:26
mgedminJ1m, :-)17:26
projekt01J1m, I think it's time to change your password17:26
srichterI created a command /id on my client17:26
srichterthis way I never have to type this line explicitely anymore17:27
srichterit happened to me too many times already ;-)17:27
ignasso it's <jim's new password censored> now ?17:27
*** alga has joined #zope3-dev17:28
J1mignas, yup17:28
*** stub has quit IRC17:30
*** hdima has quit IRC17:30
projekt01where can I find the test browser package? Is this called mechanize?17:32
projekt01Ah fine, allready in the trunk ;-)17:34
*** zagy has quit IRC17:34
*** zagy has joined #zope3-dev17:37
*** tiredbones has joined #zope3-dev17:37
*** bradb has joined #zope3-dev17:37
*** regebro has quit IRC17:38
*** alga_ has joined #zope3-dev17:49
projekt01J1m, we have to discuss the sub-site setup and the trusted traversal adapter use case once. This isn't working out of the box and is very complex to setup.17:53
*** salfield has joined #zope3-dev17:54
J1mThe issue is that you want to create a subsite with users and they need to be able to traverse the root site to get to them.17:55
J1mBut you don't want to make traversal public in general, right?17:56
projekt01Perhaps I can add a trusted skin layer and a override directive which makes this sub-site setup with more then two PAU on different level working17:56
J1mFirst, I think this needs to be addressed with some sort of recipe/howto.17:56
J1mOne option is to register a special traverser for the root site that is trusted and public.17:57
J1mI think the root folder has a special interface.17:57
J1mso this should be straightforward,17:58
projekt01Ok, yes17:58
J1mThere could be an already written zcml that someone can inclide to turn this on.17:58
J1mAnother policy, that we use for z4i3 is that we want traversal to be always allowed, by default.17:59
J1mfor that, you provide alternate registrations of the standard traversers that make them public and trusted.17:59
J1mAgain, this could pe packages as a zcml that isn't used by default.17:59
projekt01I guess the best is to write a small sample application/setup together with a howto and explain a real use case18:00
J1mso, +1 from me. :)18:00
projekt01Perhaps we can collect all different usecases first18:00
J1mI think that would be a lot of work.18:01
projekt01Uhhhhh, Yes18:01
J1mI think these two use cases would be a good start.18:01
J1mmaybe enough18:01
J1mand they would provide examples that other people could base other solutions on.18:01
J1mso, maybe public-traversal.zcml and public-root-traversal.zcml, with extensive comments explaining what's going on.18:02
J1mand why18:02
*** alga has quit IRC18:03
projekt01Ok, we have all this trusted/locatable setup already registred and tested in our project. I think we can move them out of the project to a sample package later.18:03
projekt01The usecase is very simple. A company has a extranet and different customers of them have their own section (sublocation of the extranet)18:04
projekt01Now we don't allow them to login in the extranet level but in the subsection.18:05
projekt01them/the customer of the company18:06
*** tiredbones has left #zope3-dev18:07
*** Theuni has quit IRC18:08
projekt01J1m, but what's the reason not to use trusted locatable adapters as default which makes it possible to traverse to the location where you have access?18:09
*** tiredbones has joined #zope3-dev18:10
J1mBecause I think it is better to be restrictive by default.18:11
J1mIf other people want to be less restrictive by default, that's ok w me.  Why don't you write a proposal.18:11
J1mand see what others think18:11
*** edgordon has joined #zope3-dev18:12
projekt01there is no need for a proposal I think. It's not a "should we" question it's more a "howto" question. I can provide a sample configuration later.18:15
J1mYou seem to want to change the default policy. I'm OK with that if others agree. For that we need a proposal.18:16
J1mI suggested that a sample config with good comments would provide a good howto.18:16
projekt01Cool, I didn't understand this correctly, if you are Ok with a change I can write a proposal. Then we can see if somebody has a good reason against this changes.18:19
J1mI'm -.5 on the proposal.18:20
J1mI'll defer to the majority if it is for the change.18:20
J1mI wouldn't veto the change.18:21
*** sashav has joined #zope3-dev18:22
projekt01Ok, you are right with the default restrictive setup. Perhaps we only should offer a good documentation and sample ZCML files for change it to trusted locatable18:23
J1msounds good to me.18:23
projekt01btw, a trusted traversable site is only a security problem if other permission are not set correctly.18:24
projekt01or I'm wrong?18:24
J1mIt reveals information about a site.18:24
J1mIt tells you what the names of things are.18:24
J1mOr at least allos you do verify that certain names exist.18:25
projekt01Ok, but this could be catched up with the right (not found) views.18:25
J1mI don't know what you just said. :)18:26
*** tiredbones has quit IRC18:30
projekt01forget about the last part. If I got you correct, you will use sub sites for offer a way to not show the page hirarchie?18:30
J1mI mean that if you allow traversal of the root to anybode, then anybody can verify that a subsite exists.18:31
J1mIf you alow traversal to anything, then someone can verify that a url exists.18:31
J1mMany people won't want that.18:31
benjiright, so if you have an area of your site for each customer, a competitor can discern who your customers are by guessing URLs18:32
projekt01And with a not trusted traversable subsite you have to use a two step login, right?18:32
*** vlado has quit IRC18:32
J1mOr you could define all of the users at the root.18:33
projekt01How does the login concept work with not trusted subsites. This means you allow them to login into your parent site first and then he can introspect other URL as well18:33
J1mOr you could let competators determine who your customers are. :)18:33
mgedminJ1m, yes?18:33
*** tiredbones has joined #zope3-dev18:33
projekt01J1m, Ok, can you explain how you can avoide this with not trusted subsites?18:34
projekt01I guess there is no way to catch users on a site level and allow them to login to a sublevel in another way without the problem you are describing. or I'm wrong?18:35
projekt01How does a setup look like where you can login and not introspect on a shared level like a root for all customers?18:36
*** MacYET has left #zope3-dev18:36
J1mthe only benefit of having them log in at the root is that they would need a login to at least one site to see other others.18:39
mgedminum... has anyone tried implementing an object that can be sorted alongside instances?18:39
J1mBut you are right, if they had any ability to traverse the root, they could discover others.18:39
*** efge has quit IRC18:40
projekt01I think having "not trusted travesable sites" is a dead chicken or at least a very rare setup.18:40
*** edgordon is now known as ed_lunch18:40
projekt01I really can't think of a "normal" usecase for this.18:41
J1mI think having multiple sites in a zope is a rare setup.18:41
J1mThis isn't an issue without multiple sites.18:42
projekt01What if you don't like to share utilities? We don't offer utilities on the top, each customer has it's own e.g. index "search" utility. That's a normal uscase or not?18:43
J1msharing implies that you have multiple sites.18:44
J1mI just said that IMO multiple sites per zope is a rare use case.18:44
* srichter thinks that multiple sites are rare too18:45
SteveA_i think 'site' is way too big a concept in zope318:45
SteveA_i use it only as a 'place where resources are rooted'18:45
SteveA_but really, i want that to happen dynamically based on vhosting18:45
* SteveA_ is out on the edge...18:46
J1msite is a missleading name.18:46
J1mA site is really only a component manager.18:46
J1ma place where you can customize components.18:46
projekt01Sites are also a concept for support less complex utilities.18:47
SteveA_i think persistent customization managed by a content object is complex and offputting to people who come to zope 318:47
J1mI think that SteveA_'s point has a lot of merit.18:48
J1mI do still think that there is a place for local TTW customizatioopn that is easier than what we have now.18:48
projekt01Sites are also a concept for support separation of complexity.18:48
J1mhmm :)18:48
SteveA_by adding lots of complexit ;-)18:49
projekt01SeveA, but only complexity for developers, not for adaministrators.18:50
*** whit has joined #zope3-dev18:50
projekt01And don't forget some application need to change application logic during runtime!18:50
J1mThey do?18:51
SteveA_projekt01: i use an 'if' statement for that18:51
SteveA_or other variants thereof18:52
projekt01J1m, think about the optimization of xpdl defined wrkflows.18:52
*** dobee has quit IRC18:52
J1mI'd rather not.18:52
projekt01Ok, not in z3, but most enterprise wfmc workflow engine allows you to optimize workflows processes during runtime.18:57
*** MJ has quit IRC19:05
projekt01J1m, benji, srichter, A sub-site setup without trusted adapters (two step login sample from J1m) isn't working at all, because of the security proxy implementation!!!19:11
projekt01The method canAccess etc. can lookup the correct location and will fall back to the global settings.19:12
projekt01So, there is NO way to use a sub-site setup WITHOUT trusted locatable adapters, because the security lookup will need trusted locatable traverser for collect the right settings.19:14
projekt01J1m, all other setup where we discussed before won't work!19:15
projekt01I guess the proxy checker method canAccess and canWrite are not able to handel such setup.19:16
projekt01J1m, is there a way to implement the secruity check concept different and support the lookup correct.19:21
projekt01Perhaps with trusted locateable ICanWrite and ICanAccess adapters?19:21
*** nederhoed has joined #zope3-dev19:26
*** Aiste has quit IRC19:45
*** hazmat has joined #zope3-dev19:49
benjiprojekt01, J1m and benji have been eating lunch, J1m will be back in a minute19:52
projekt01benji, Ok. did you understand my last part?19:53
projekt01Ok, I'll go to dinner and write a mail to the list later.19:54
projekt01benji, can you tell J1m, that the security "lookup" doesn't work in his concept with "untrusted adapter registred" subsite19:56
*** MrTopf has quit IRC19:56
projekt01see you later19:56
*** ed_lunch is now known as edgordon20:00
*** efge has joined #zope3-dev20:03
*** BjornT_ has joined #zope3-dev20:11
*** tiredbones has quit IRC20:11
*** regebro has joined #zope3-dev20:15
*** BjornT has quit IRC20:23
*** efge has quit IRC20:39
*** MJ has joined #zope3-dev20:44
*** whit has quit IRC20:58
*** tarek has quit IRC21:11
*** mkerrin has quit IRC21:11
*** tiredbones has joined #zope3-dev21:20
*** alga_ has quit IRC21:24
*** sashav has quit IRC21:28
*** sashav has joined #zope3-dev21:29
*** natea_ has quit IRC21:45
*** natea has joined #zope3-dev21:45
*** tarek has joined #zope3-dev22:29
*** ignas has quit IRC22:44
*** mgedmin has quit IRC22:45
*** niemeyer has quit IRC23:03
*** natea_ has joined #zope3-dev23:25
*** sashav has quit IRC23:33
*** sashav has joined #zope3-dev23:34
*** nederhoed has quit IRC23:36
*** nederhoed has joined #zope3-dev23:36
*** natea has quit IRC23:37
*** JoaoJoao has quit IRC23:37
*** mgedmin has joined #zope3-dev23:41
*** whit has joined #zope3-dev23:45

Generated by 2.15.1 by Marius Gedminas - find it at!