IRC log of #zope3-dev for Thursday, 2008-02-21

« Wednesday, 2008-02-20 Index Friday, 2008-02-22 »
*** regebro has left #zope3-dev00:02
*** rcrafton has quit IRC00:04
*** jodok has joined #zope3-dev00:06
*** rmarianski has quit IRC00:07
*** toutpt has quit IRC00:08
*** fcorrea has quit IRC00:11
*** greenman has joined #zope3-dev00:12
*** jodok_ has quit IRC00:24
*** RaFromBRC|lunch is now known as RaFromBRC00:28
*** jodok has quit IRC00:30
*** norro has quit IRC00:37
*** philiKON has quit IRC00:41
*** rmarianski has joined #zope3-dev00:46
*** nathany has quit IRC00:51
*** acsr has quit IRC00:54
*** danielblackburn has quit IRC00:54
*** benji has quit IRC01:00
*** whit has quit IRC01:01
*** wiggy has quit IRC01:05
*** sm has joined #zope3-dev01:07
*** natea_ is now known as natea01:17
*** rmarianski has quit IRC01:17
*** mgedmin has quit IRC01:18
*** timte has quit IRC01:19
*** supton has quit IRC01:23
*** menesis has joined #zope3-dev01:30
*** RaFromBRC is now known as RaFromBRC|away01:30
*** lucielejard has quit IRC01:30
*** acsr has joined #zope3-dev01:30
*** projekt01 has joined #zope3-dev01:52
*** harobed has quit IRC01:56
*** danielblackburn has joined #zope3-dev02:03
*** tarek has quit IRC02:06
*** stub has joined #zope3-dev02:08
*** J1m has quit IRC02:12
*** mweichert has joined #zope3-dev02:15
*** ignas has quit IRC02:40
*** run|home has joined #zope3-dev02:54
*** redir has joined #zope3-dev03:23
*** danielblackburn has quit IRC03:23
*** danielblackburn has joined #zope3-dev03:23
*** menesis has quit IRC03:25
*** niemeyer has quit IRC03:25
*** whit has joined #zope3-dev03:40
*** RaFromBRC|away is now known as RaFromBRC03:43
*** rcrafton has joined #zope3-dev04:20
*** greenman has quit IRC04:22
*** danielblackburn has quit IRC04:23
*** RaFromBRC has quit IRC04:55
*** danielblackburn has joined #zope3-dev05:03
*** lucielejard has joined #zope3-dev05:05
*** jayaraj has joined #zope3-dev05:09
*** jayaraj has quit IRC05:10
*** stub has quit IRC05:16
*** danielblackburn has quit IRC05:17
*** lucielejard has quit IRC05:18
*** strichter has joined #zope3-dev05:21
*** srichter has quit IRC05:26
*** strichter is now known as srichter05:27
*** ChanServ sets mode: +o srichter05:27
*** rcrafton has quit IRC05:29
*** baijum has joined #zope3-dev05:42
*** redir has quit IRC05:50
*** afd_ has joined #zope3-dev06:02
*** [1]Doc_Dan has joined #zope3-dev06:19
*** baijum has quit IRC06:19
*** afd__ has joined #zope3-dev06:31
*** Doc_Dan has quit IRC06:36
*** [1]Doc_Dan is now known as Doc_Dan06:36
*** alecm has quit IRC06:40
*** afd_ has quit IRC06:47
*** jayaraj has joined #zope3-dev07:03
*** philiKON has joined #zope3-dev07:16
*** stub has joined #zope3-dev07:40
*** pcardune has quit IRC08:03
*** philiKON_ has joined #zope3-dev08:05
*** philiKON has quit IRC08:23
*** philiKON_ has quit IRC08:28
*** baijum has joined #zope3-dev08:28
*** __mac__ has quit IRC08:31
*** BjornT has quit IRC08:31
*** __mac__ has joined #zope3-dev08:32
*** BjornT has joined #zope3-dev08:32
*** run|home has quit IRC08:33
*** jukart has joined #zope3-dev08:37
*** whit has quit IRC08:40
*** sorin has joined #zope3-dev08:53
*** sorin is now known as sorindregan08:53
*** zagy has joined #zope3-dev08:57
*** stub has quit IRC09:05
*** stu2 has joined #zope3-dev09:05
*** stu2 is now known as stub09:05
*** hdima has joined #zope3-dev09:11
*** afd__ has quit IRC09:16
*** __mac__ has left #zope3-dev09:25
*** d2m has joined #zope3-dev09:34
*** reco has joined #zope3-dev09:36
*** __mac__ has joined #zope3-dev09:38
*** timte has joined #zope3-dev09:43
*** sorindregan has quit IRC09:43
*** ghendi has joined #zope3-dev09:45
*** timte has quit IRC09:46
*** sorin has joined #zope3-dev09:46
*** timte has joined #zope3-dev09:46
*** sorin is now known as sorindregan09:47
*** jodok has joined #zope3-dev09:52
*** toutpt has joined #zope3-dev09:52
*** jodok has quit IRC09:58
*** stub has quit IRC10:03
*** stub has joined #zope3-dev10:04
*** afd_ has joined #zope3-dev10:07
*** dobee has joined #zope3-dev10:11
*** dobee has joined #zope3-dev10:12
*** d21 has joined #zope3-dev10:24
*** goschtl has joined #zope3-dev10:25
*** menesis has joined #zope3-dev10:25
*** harobed has joined #zope3-dev10:38
*** d21 has quit IRC10:39
*** d2m has quit IRC10:39
*** pelle_ has joined #zope3-dev10:40
timtesrichter: can z3c.pdftemplate use css to style html so the style is also shown in the pdf?10:46
srichtertimte: no, it uses RML to generate PDF, not HTML and CSS10:48
*** tarek has joined #zope3-dev10:50
timteah, so you need to learn rml10:50
srichteryes10:50
srichterHTML simply does not suffice for layout10:51
*** markusleist has joined #zope3-dev11:01
*** jodok has joined #zope3-dev11:03
*** greenman has joined #zope3-dev11:05
*** markusleist has quit IRC11:12
*** wiggy has joined #zope3-dev11:13
*** wiggy has left #zope3-dev11:13
*** __mac__ has left #zope3-dev11:18
*** jpcw2002 has joined #zope3-dev11:20
*** quodt has joined #zope3-dev11:20
baijumsrichter, may be HTML+CSS would be suffice for layout as Pisa doing: http://www.htmltopdf.org/ (based on RML & Reportlab)11:34
*** maurits has joined #zope3-dev11:42
srichterbaijum: sure, HTML -> RML is okay, but you could not replace RML with HTML11:44
*** MJ has joined #zope3-dev11:45
srichterbaijum: unfortunately, pisa uses PML11:46
baijumsrichter, PML is extended RML, is it ?11:46
srichterno, I think it is a totally different XML dialect, as far as I remember11:47
baijumsrichter, is there any any other package to convert HTML+CSS to RML ?11:47
baijummay be based on z3c.rml ?11:49
srichterI don't think so11:49
srichterbaijum: I would welcome one though11:49
srichtermaybe pisa could be abstracted to support both11:50
baijumok11:53
*** stub has quit IRC12:01
*** ktwilight has quit IRC12:02
*** ktwilight_ has joined #zope3-dev12:02
*** ktwilight has joined #zope3-dev12:05
*** agroszer has joined #zope3-dev12:06
*** maurits__ has joined #zope3-dev12:08
*** thruflo has joined #zope3-dev12:09
*** maurits has quit IRC12:12
*** maurits__ is now known as maurits12:12
*** ktwilight_ has quit IRC12:20
*** quodt has quit IRC12:27
*** quodt has joined #zope3-dev12:38
*** d2m has joined #zope3-dev12:41
*** thruflo has left #zope3-dev12:48
*** jodok has quit IRC13:04
*** mkerrin has joined #zope3-dev13:06
*** regebro has joined #zope3-dev13:06
*** pyqwer has joined #zope3-dev13:13
pyqwersrichter: I have a pattern for z3c.form where I need to delete widgets (=correctly entered input fields) in the action routine, however, z3c.form.util.Manager does not have a __del__ method. Is there any reason why?13:15
srichterpyqwer: I guess I thought you never need that, because you can do you selection in the field and button manager:13:17
srichterdef update(self):13:17
srichter  self.fields = self.fields.omit('myname')13:18
srichter  ...13:18
pyqwerHmmm, in my case, I check the correctness of input fields in the action routine. Correct input fields should not be shown, wrong ones should be present.13:19
pyqwerSo the only way seems to me to delete unneeded widgets in the action routine, before render() is called.13:19
*** toutpt has quit IRC13:20
srichterpyqwer: ok, I agree that __del__ is a use case13:22
srichterpyqwer: you could also just switch them to the mode "hide"13:22
srichteror "hidden" (?)13:22
pyqwerYes, hiding would be an option. But I think __del__ is not much work and quite simple, too. If you wait a little, I'll send you some code for util.py which should work...13:23
srichterok13:23
srichterfeel free to check it in13:23
srichterjust make sure you write a test, so that test coverage stays at 100%13:23
pyqwerOk.13:24
pyqwerBut I can't check in, I still have no SVN write permission yet, so I'll send it to you.13:24
srichterok13:25
projekt01pyqwer, why __del__ , widget.mode='hidden' works like you need13:25
projekt01but I'm fine with the __del__ method13:25
*** maurits__ has joined #zope3-dev13:27
pyqwerHmmm, hiding it is ok, but to me, deleting unneeded widgets seems somehow cleaner. Moreover, I think a __del__ method never hurts.13:28
projekt01pyqwer, I'm fine with __del__, It cuold give a sppedup if you delete the wideget before you update them13:29
projekt01don't delete after setup and update, right?13:30
pyqwerprojekt01: Ummm, well, I thought about deleting the widget in the action handler.13:31
pyqwerThat's after the updateWidget() routine.13:31
projekt01that doesn't work because sometimes there is a redirect in action handler13:32
projekt01the action is only called on form processing, it has nothing to do with rendereing13:32
pyqwerprojekt01: Yes, that's exactly my case: If input fields are correctly processed, they should not be shown. I process them in the action handle, therfore I need to also delete them there, right?13:34
projekt01this means if you click on abort whihc does a redirect you will get all widgets or if you refresh the browser with F5, you will get all widgets too13:35
projekt01that doesn't work13:35
projekt01you need to make the desicion and delete widgets during the udpate call13:35
pyqwerWell, the fields are dynamically added in the update() method.13:35
*** salfield has quit IRC13:36
projekt01but that doesn't work in the core, I think you have a valid usecase but not for the z3c.form in general13:37
*** maurits has quit IRC13:37
*** maurits__ is now known as maurits13:37
projekt01pyqwer, probably you can use a session and store the available widgets names there and use them for widget rendering, this makes the form consistent with browser page refresh etc.13:39
projekt01then you can set widgets names in the action and use them in the update if you redirect after your action call13:40
projekt01note, everything you will do in the action just works if the button get clicked, this means it's not consitent with the HTTP stateless concept13:41
*** fcorrea has joined #zope3-dev13:41
projekt01if you like to have forms which works with browser page reload etc, you need to do everything in the update method13:41
projekt01pyqwer, do you know what I mean?13:42
pyqwerHmmm, I'm not really sure.13:43
pyqwerMy usecase is stateless, as I have the condition in the update() and render method.13:43
projekt01the form action handler is like a post processing step of a form, but it' only processing if the button get cklicked13:43
projekt01this means you will get different HTML rendered if you cklick the button or not if you put some rendering relvant stuff into the action13:44
pyqwerYes, true. Before that come the update/updateWidgets() methods.13:44
pyqwerYes, but that's my intention.13:44
pyqwerPerhaps I illustrate my example:13:44
*** maurits is now known as maurits|lunch13:45
projekt01it's only a question if the form should work consistent or not. Remeber you can navigate with back and F5 buttons too in browsers13:45
pyqwerI have an object that is assigned to other users. To confirm that assignment, all these users have to input their password in a "save" form.13:45
pyqwerIf a password is correctly entered, the widget for this user password should not be shown again. All wrongly entered password-widgets should be still shown.13:46
pyqwerSo, my update() method adds fields for all users who have not confirmed the assignment. And the action routine then deletes all widgets with correct passwords.13:47
projekt01try to implement this and you will see what happens13:48
pyqwer;-)13:48
projekt01think about what happens if you you click the second time when only one field is wrong and submitted13:48
pyqwerMaybe I'll a little stubborn, so I'll try to find out...13:48
projekt01I guess then it will render the missing first correct widget again13:48
projekt01because you cant delete them13:49
projekt01because it's missing13:49
projekt01it's a kind of egg and ckicken problem13:49
projekt01I defently whould use sessions support for handling such use case13:50
projekt011. setup widgets in update. 2. exclude widget names in action, store this names in a session. 3. redirect to the form in action13:53
projekt01then you can delete the widgets in step 1 based on widget names stored in the session13:54
*** ignas has joined #zope3-dev14:01
*** afd_ has quit IRC14:05
*** danielblackburn has joined #zope3-dev14:06
baijumWhat is the advantage of z3c.recipe.dev over zc.zope3recipes ?14:15
*** maurits|lunch is now known as maurits14:15
baijumIs there any buildout recipe for setting up a WSGI application like zopeproject ?14:18
projekt01baijum, z3c.recipe.dev doesn't use the daemon14:19
projekt01and z3c.recipe.dev offers a python script runner recipe14:20
baijumah. ok, will it run in Windows also ?14:20
projekt01zope3recipe is for production use and z3c.recipe.dev only for development14:20
projekt01Yes, windows was the reason I started that piece14:20
projekt01started/developed14:21
baijumok, thanks !14:21
projekt01z3c.recipe.dev doesn't start a python instance which starts another python (daemon) instance which starts zope14:21
projekt01np14:21
*** thruflo has joined #zope3-dev14:22
pyqwerprojekt01: Hmmm, I thought about it and coded it and it seems to work (apart from some problems).14:22
pyqwerUsing a session seems of no much use as there's only one form in my pattern.14:23
projekt01pyqwer, cool14:23
projekt01the session is only needed for stateless support14:23
pyqwerIn my pattern I can recreate the needed state anytime.14:23
projekt01if you use a session the users could use the back button and switch to the same form later and the widget exlude concept still works14:24
*** danielblackburn has quit IRC14:24
pyqwerYes and no: If they use the back button, users see widgets that they should not see. There's nothing I can do about that.14:25
pyqwerHowever, I simply ignore all unneeded widgets in my action routine.14:25
pyqwerMy problem with sessions is that I somehow have to manage data stored in there, I'm not sure if I can rely on some "magic garbage collection".14:26
pyqwerprojekt01: Anyway, I still have the problem that implementing __del__() for util.Manager raises some errors during Zope3 startup:14:27
pyqwerException exceptions.TypeError: '__del__() takes exactly 2 arguments (1 given)' in <bound method Buttons.__del__ of <z3c.form.button.Buttons object at 0x37fa8d0>> ignored14:27
pyqwerMoreover, I can't use del widgets[xyz] on the manager but have to use widgets.__del__(xyz).14:28
pyqwerThere seems to be some black magic involved I don't know about.14:28
*** salfield has joined #zope3-dev14:28
* pyqwer leaving for lunch...14:29
projekt01pyqwer, you mean __delitem__, I guess the manager is a IContainer, right?14:31
*** jodok has joined #zope3-dev14:40
*** rcrafton has joined #zope3-dev14:47
*** timte_ has joined #zope3-dev14:51
*** quodt_ has joined #zope3-dev14:56
*** quodt has quit IRC14:56
*** timte has quit IRC14:58
*** timte_ is now known as timte14:59
*** quodt has joined #zope3-dev14:59
*** niemeyer has joined #zope3-dev15:04
pyqwerprojekt01: Oh my, thanks, yes, __delitem__ instead of __del__!15:16
*** benji has joined #zope3-dev15:16
*** jayaraj has quit IRC15:16
*** toutpt has joined #zope3-dev15:16
*** quodt_ has quit IRC15:17
pyqwersrichter: Ok, I think I successfully implemented the __delitem__ method, I think, but it seems the z3c.form tests fail because interestingly "zopetest z3c.form" runs also tests from other packages, (e.g. from z3c.formdemo) - do you know why?15:22
projekt01did you use the z3c.form trunk?15:24
pyqwerYes.15:24
projekt01does it buildout with z3c.formdemo?15:24
pyqwerHmmm, I never used buildout, but probably.15:25
projekt01you need to use buildout for z3c.form package development15:25
projekt01evrything works just ou of the box with buildout for development, or at least it shuold15:26
pyqwerPffft, hmmm, that's bad. So I have to switch my environment to buildout...15:28
projekt01for z3c package development, yes15:34
srichterthe reason z3c.formdemo is also run is because the regex "z3c.form" matches also z3c.formdemo15:37
*** rocky|away is now known as rocky15:38
pyqwerAh, I see. Hmmm, something like "zopetest 'z3c.form$'" does help.15:39
pyqwerAh, does NOT help.15:39
*** greenman has quit IRC15:39
srichtermaybe it does only substring matching15:39
srichterbut I agree with Roger, you should switch to buildout, at least for the package development15:40
*** yvl has joined #zope3-dev15:40
srichteryou can then use everything as you are used to for your other stuff15:40
pyqwerOk, that makes things easier for me.15:41
*** danielblackburn has joined #zope3-dev15:43
*** lucielejard has joined #zope3-dev15:47
*** ignas has quit IRC15:47
*** afd_ has joined #zope3-dev15:52
pyqwersrichter: Ok, I got around buildout this time :-> I just sent you the two changed files for checkin.15:58
pyqwerprojekt01: I still have these security problems here (objects are not proxied), as I read that you are up to high security standards and probably use IPageletBrowserLayer I wonder if you also experience such problems?16:00
projekt01yes, I will add a ISecureLayer to z3c.layer.security16:01
*** maurits__ has joined #zope3-dev16:02
pyqwerprojekt01: So this means, there's a but that will be fixed?16:02
projekt01the trusted part is not a bug it's needed if you have nested ISite with own PAU installed16:02
pyqwers/but/bug16:02
projekt01no there will be a new layer next to the existing one16:03
*** maurits has quit IRC16:03
*** maurits__ is now known as maurits16:03
projekt01that's not a bug that's a simpe configuration which allows you to use nested ISite16:03
romanofskihi maurits :)16:03
mauritshi romanofski16:03
pyqwerHmmm, It seems we are talking of different things. I have a _very_ simple example, existing of one object and one view. And if I use IPageletBrowserLayer, the object is not proxied any more.16:03
pyqwerIt's very strange: On some occasions, it is proxied, but when I add objects, it's not.16:04
projekt01Yes, that's fine16:04
*** mweichert has quit IRC16:04
pyqwerEspecially, directly after a login, it is proxied.16:04
projekt01nobody can do anything with that unproxied object except you have bad views with wrong permission settings accessible for that object16:05
projekt01I think it depends on which traverser servers your view16:05
projekt01some of them are registered as trusted which will remove the proxy16:05
projekt01see the z3c.layer.pagelet configure.zcml16:06
* maurits colleagues are playing with/repairing the wireless/adsl.16:06
pyqwerOk, but that means that configuring security on object/class attributes are senseless when using IPageletBrowserLayer?16:06
projekt01you can simply override them in your layer or define a own layer and configure them again as NOT trusted16:06
*** sp0cksbeard has joined #zope3-dev16:07
projekt01the pagelet layer implementation was a copy of our project whihc needs trusted traverser, that was probably bad that we didn't cleanup the trusted part16:07
projekt01But I guess if we remove them we will bring a lot of people in trouble which do not know how to configure permissions16:08
*** maurits has quit IRC16:08
*** ignas has joined #zope3-dev16:08
*** malthe has quit IRC16:08
projekt01I think it's better to add a secure layer which explicit is NOT trusted16:09
pyqwerprojekt01: Hmmm, I can't completely follow you - does this mean that permissions should be mapped to views only?16:09
afd_projekt01: my two cents, I'd say the least surprise for a zope developer would be to get proxied objects16:09
projekt01with pagelet layer, yes16:09
afd_although I admit that may be just me being used to proxied objects16:09
pyqwerafd_: Well, after reading Phillips book I had the impression that objects are proxied everywhere.16:10
projekt01If we really like ot cleanup this, we need to fix the broken parent lookup implementation in Zope16:10
pyqwerThe problem about not having security on objects is that some silly page-template developer may thus reveal data that should be accessible.16:11
pyqwerAh, NOT be accessible.16:11
projekt01pyqwer, you only have to change the 3 trusted traverseing adapter in the pagelet layer, then you are fine16:12
* pyqwer looking at z3c.layer.pagelet/configure.zcml16:13
projekt01But I think if poeple don't know how security works it doesn't matter if there is a trusted adapter and a proxied object or not16:13
pyqwerprojekt01: Well, yes and no. I'm no expert but I followed the guidelines in Philipps book, configured permissions/roles/classes, everything was fine.16:14
projekt01remember the z3c.layer package offers only a simple implementation of a layer, just copy that and remove the trusted="True" arguments from the adapter configurations16:15
pyqwerAnd then just added the IPageletBrowserLayer to my request and the security was gone (And I was not even aware of it for quite some time as things continued to work).16:15
pyqwerSo I think there should a big WARNING at some of the Readme's that point that out.16:16
projekt01that's the problem with general phrases in books, it doesn't work like this. Yes, everything get proxied in zope, BUT, if you use trusted adapters they get removed during adaption16:16
projekt01so it is really important to know what component you are using in zope and to understand what each piece does.16:17
*** faassen has joined #zope3-dev16:17
projekt01there is so quick some bad code loaded from a package which does really bad things16:17
pyqwerAh, now I understand it. Because I digged into the source code and wondered why the heck queryAdapter removed the security proxy.16:18
projekt01it's just a onliner in zcml trusted="True"16:18
pyqwerYes, I can see that now.16:18
pyqwerit's in zope.traversing.browser.zcml16:19
projekt01do you understand why I don't like ot much packages installed on a server which I don't know?16:19
pyqwerprojekt01: Yes, I think I do now.16:19
projekt01there are som many ways in zope wich allows others to open backdoors in thier packages16:19
projekt01that's the bad thing about a component architecture ;-)16:20
pyqwerIt definitely is.16:20
projekt01I implemented one of this backdoors in z3c.layer.pagelet ;-(16:21
projekt01but the good thing this door is locked till somebody does bad things in views16:21
*** sp0cksbeard has quit IRC16:22
pyqwerHmmm, well, it's not only up to the programmer of the views, unfortunately security may thus be shifted to the pagetemplate designer, which should never happen.16:22
srichterpyqwer: I agree16:23
srichterI think we should try harder not to use trusted=Truw16:23
*** jsadjohnson has joined #zope3-dev16:24
pyqwersrichter: I think we should point out this problem in z3c.form also, as most people seem to start out with z3c.form and are even not aware of pagelets that much.16:24
srichterwell, it is not really a problem in z3c.form, but that of the traversal16:25
*** baijum has quit IRC16:26
projekt01srichter, can you remeber the broken parent lookup in zope, this doesn't let us to use trusted views only for one context?16:27
projekt01The __parent__ lookup in the while loop should use the adaption pattern for parent lookup16:27
pyqwersrichter: True, nevertheless people may start out using z3c.form without looking at other packages at all.16:27
*** alga has joined #zope3-dev16:28
srichterprojekt01: yeah, but if anonymous always has the permission to __getitem__ (and maybe some other methods on the container) it should work, right?16:28
projekt01then this is fixed and we can use trusted adatper for ISite object whihc need to allow to traverse to sub ISite16:28
*** J1m has joined #zope3-dev16:28
projekt01not it doesn't16:28
srichterok, so we need to allow __parent__ as well16:28
projekt01no we need to get the right trusted traverser per context16:29
projekt01and not at the end of the parent lookup chain16:29
srichtermh, then I don't remember the problem fully16:30
projekt01remember the parent site is protected becaues this is the management tool for sub sites16:30
projekt01the subsite is the extranet for one customer16:30
projekt01I know that's probably a wired use case but that's the concet if one site manages different CMS sites16:30
projekt01the management (parent) site is the protected site and sub sites are probably public16:31
projekt01that's how each CMS works it it uses sub sites16:31
projekt01that's not possible without trusted traversers at the end of the chain (e.g. view), and this makes the parent chain trusted to the root16:32
*** faassen has quit IRC16:42
*** danielblackburn has quit IRC16:45
pyqwerHmmm, now I disabled the trusted=True directive and there are a lot of permission problem. :-(16:46
pyqwerFor instance, it makes a difference when accessing a container with "index.html" and without. Hmmm.16:47
projekt01pyqwer, that's the reason why I don't disable them in the package, it whould be a pain for others to fix thier apps wihtout any security knowledge16:50
pyqwerprojekt01: But is it fixable? Or are there some security quirks that are not?16:50
projekt01ther is nothing to fix becasue we have to concepts of traversing, trusted or not trusted, the pagelet layer offers the trusted traversal concept.16:51
*** yvl has left #zope3-dev16:51
pyqwerBtw., is there a simple way to tell Zope3 to somehow log what attribute lacks the required permissions? E.g. via raising an error?16:51
projekt01it's a bad idea to change this. it will hurt other developers which need a trusted layer16:52
pyqwerNo, only for me, as I don't know which are the offending attributes (and all I can see is the login page).16:52
projekt01see the security tool from daniel, I guess that's the only thing we have in zope for good security review16:52
projekt01He is working very hard since the last Boston sprint on that tool16:53
pyqwerWell, my approach is to deny all and carefully permit access to certain attributes.16:54
afd_pyqwer: I think if you configure the root error log utility not to ignore Unauthorised exceptions you'll get details about what attribute and permissions you need to have16:56
pyqwerafd_: Ah, that's possible? How?16:57
afd_just go to ZMI, error tab and take out the Unauthorized from that list16:57
pyqwerafd_: Hmmm, I don't have/use ZMI - at least not at my local errorReportingUtility. So I assume, there's a way to set that directly?16:58
afd_I'm not sure, you could check the relevant packages source code16:59
pyqwerOk, I'll do that.16:59
*** danielblackburn has joined #zope3-dev16:59
*** malthe has joined #zope3-dev16:59
pyqwerBtw., z3c.securitytool seems to be broken in the current SVN. browser/configure.zcml is cluttered with what seems to be SVN messages.17:00
afd_pyqwer: just to make sure, do you have ZMI on you zope? if you can configure the root error utility it will be just as well, as far as I know17:00
pyqwerYes, I do have ZMI I just don't use it for my application, so I'll try that, thanks.17:01
*** norro has joined #zope3-dev17:02
*** hdima has quit IRC17:04
pyqwerafd_: Yes, that seems to work.17:07
afd_should make debugging those permissions easier17:08
*** markusleist has joined #zope3-dev17:08
pyqwerafd_: Btw., I have to use the local error reporting utility, there I needed to remove the Unauthorized exception and view the errors via the ZMI.17:08
*** MJ has quit IRC17:11
pyqwerHmmm, it's strange: The unauthorized attribute is "__getitem__".17:13
afd_you probably need security assertions for IReadContainer17:13
afd_IWriteContainer would be __setitem__17:13
*** ignas has quit IRC17:16
pyqwerafd_: Yes, it was that simple, thanks, it was just IReadContainer.17:16
fcorreaHello there. Can a viewlet has a class and a template so the template can use the logic of the class like a view?17:18
pyqwerYes.17:18
pyqwerThe view has - I think - an update() method you can use, but let me have a look...17:18
pyqwerAh, s/view/viewlet17:19
fcorreammm...Just wondering if I can cook some tal inside the class and render it on the template17:19
afd_fcorrea: just register the viewlet with a template attribute and set inside that template tal:content="view/mysomething"17:19
afd_just like you'd do with a regular view17:19
pyqwerWhy would you do tal inside the class/python code?17:20
*** jodok has quit IRC17:20
fcorreaafd_: Dos the viewlet directive support the allowed_attributes from a view? I will check if I can just call it17:20
pyqwerI don't think so.17:21
pyqwerallowed_attributes are for content objects only.17:21
fcorreapyquer: I need to return a series of metal:use-macro for the template and the template needs to render it17:21
pyqwerYou can only give permissions to the whole viewlet.17:21
fcorreaThat's what I thought17:22
afd_fcorrea: you can do something like this:17:22
pyqwerWhat you can do - although I don't like tal code in the class - to override the render method.17:22
afd_inside your viewlet: mymacros = ViewPageTemplate('template_with_macros.pt'_17:22
afd_and then inside your viewlet's template17:22
*** jodok has joined #zope3-dev17:22
pyqwerYes, that should do it.17:23
afd_metal:use-macro="view/mymacros/macros/macroname"17:23
afd_but you'd have an easier life using z3c.macro :)17:23
pyqwerOr don't use macros at all :-)17:23
fcorreaThat'd would be cool. Let me try it.17:23
afd_pyqwer: why not use macros? as a templating mechanism, they're great17:23
fcorreaaft_, pyqwer: This is a plone2.5 with a requirement like: Get plone.portlets like runing on plone2.517:24
pyqwerfcorrea: Ok, then use macros ;-)17:24
fcorreahehe, k thanks17:24
*** whit has joined #zope3-dev17:24
pyqwerafd_: I don't like macros that much, I prefer viewlets/pagelets.17:24
fcorreapyqwer: I am kinda doing a frankeinstein here. I ZopeFind() all templates with "portlet" macros and render them in a viewlet :D17:25
fcorreaWell, that's what I am trying to do :)17:25
afd_viewlets won't help a lot getting rid of macros, pagelets might go some way17:27
afd_I'm not saying go crazy with macros like plone, but for general use templates (for example, defining how a box looks like), I think they're still ok17:27
pyqwerYes, maybe, I just try to use as less technology as possible. And macros can get quite complex, too. So in my case, things work out well without macros.17:28
afd_yes17:29
fcorreaI agree with both of you. I usually use z3c cool stuff on z3 projects only...but this one is different. It is zope2.9 + Five17:29
danielblackburnpyqwer: z3c.securitytool was just updated in the svn, and seems fine when I do an update17:30
*** maurits has joined #zope3-dev17:32
*** ghendi has quit IRC17:33
*** danielblackburn has quit IRC17:33
* Theuni found another error while using persistent zeo caches17:33
*** danielblackburn has joined #zope3-dev17:33
*** sorindregan has quit IRC17:34
*** rmarianski has joined #zope3-dev17:34
*** pcardune has joined #zope3-dev17:36
pyqwerdanielblackburn: yes, thanks, it seems to work again.17:36
danielblackburnpyqwer: cool, I would also appreciate any feedback you may have. I will be announcing the beta pretty soon17:37
pyqwerdanielblackburn: Ok, I'll do that.17:37
danielblackburnpyqwer: thanks!17:38
pyqwerThank YOU for z3c.securitytool :-)17:38
danielblackburnpyqwer: no prob17:38
*** nathany has joined #zope3-dev17:39
fcorreaafd_: It didn't work. The viewlet is blind about the methods inside it. The render method wont interpret the metal:use-macros...only a page template can do that.17:46
afd_fcorrea: I think it should, could you show the code?17:46
fcorreasure17:46
fcorreasec17:47
afd_ok17:47
pyqwerprojekt01: Thanks a LOT for the hint on trusted="True", things seem to work out now. Great!17:48
fcorreaaft_: http://paste.plone.org/1963817:48
pyqwerI simply use an override.zcml file that overrides these three adapters without trusted="True". I wonder if it wouldn't be an idea to include this file along with some z3c-projects and point out what it's about.17:49
*** afd__ has joined #zope3-dev17:49
fcorreaThe question is: How to render the macros in a viewlet ? :D17:50
afd__fcorrea: move the macro template in a file17:50
afd__and set macro_template = ViewPageTemplateFile('path/file.pt')17:50
afd__inside the template, instead of:17:50
afd__#17:50
afd__<metal:view tal:replace="structure view/portlet_macros"></metal:view>17:50
afd__you should do the regular way17:50
afd__metal:use-macro="view/macro_template/macros/macro_name"17:51
afd__ok, I should look closer to your code17:51
afd__you're doing something trickier :)17:51
fcorreaafd__ : The point is that the macro paths are dynamic and returns as strings that I need to render. I don't have one singe macro so I can point...they just appear as a result of the computation17:52
*** goschtl has quit IRC17:53
fcorreaaft__: What I am after, maybe, is something like: ViewPageTemplate(macro_string)17:54
fcorreainstead of a file17:54
afd__yes, that could be17:54
fcorreaDo you know if there is such thing?17:54
afd__there is PageTemplate17:55
*** menesis has quit IRC17:55
afd__PageTemplateFile subclasses it and adds some stuff to read the file content17:55
srichterfcorrea: have a look at z3c.template17:55
srichterfcorrea: it allows you to select a macro and makes it behave like a page template17:55
fcorreasrichter: Thanks, but this is a zope2.9 + Five and I don't think it will work in there17:56
srichtermmh, I would try it17:56
fcorreaWell, I don't have more hair to tear off so I can try anything :)17:57
*** natea has quit IRC17:57
*** jayaraj has joined #zope3-dev17:59
afd__fcorrea: looking in the PageTemplateFile implementation, it seems that you could subclass it and override some of its method to feed it a string instead of it looking in a file18:00
*** jodok has quit IRC18:00
fcorreaafd__ : Thanks, I am trying ZopePageTemplate first. I got a good hint on TemplateFields plone product18:01
*** alga has quit IRC18:05
pyqwerdanielblackburn: I'm just playing around with securitytool, it works for the root site, but not for mine. Any clue why?18:06
*** afd_ has quit IRC18:06
pyqwerI get a 404 when appending @@securityMatrix.html to my site.18:06
*** ignas has joined #zope3-dev18:09
srichterpyqwer: maybe the tool runs on a different skin? also try vum.html18:09
afd__pyqwer: you probably have a different skin18:09
pyqwerYes, I have a different skin - my application needs specific layers.18:10
pyqwerperhaps I need to register these views for my layer?18:11
srichteryes18:11
srichterthough you should be able to simply reuse the security tool skin18:11
pyqwersrichter: how would I do that?18:12
pyqwerBy manually specifying a skin?18:12
srichterlet me check how the security matrix is registered18:12
srichterpyqwer: ok, the views are registered against the default layer18:13
srichterpyqwer: do you have rotterdam?18:13
pyqwerAh, yes, it works with rotterdam!18:13
srichteryou can select your skin in the tool, so you get all the info you need18:13
pyqwerYes, right.18:13
*** danielblackburn has quit IRC18:15
pyqwerHmmm, but it does not seem of too much use as it shows only the permissions for zope.manager.18:16
pyqwerI can't see any other of my defined roles than zope.manager. Hmmm, I'll contact daniel for that.18:20
*** natea_ has joined #zope3-dev18:22
pyqwerAh, I got it. I simply need to be logged in to see the permissions for the current principal.18:22
*** rmarianski has quit IRC18:23
*** jayaraj has quit IRC18:27
*** dobee has quit IRC18:27
*** reco has quit IRC18:29
*** reco has joined #zope3-dev18:36
*** zagy has quit IRC18:39
*** menesis has joined #zope3-dev18:45
*** b52laptop has quit IRC18:49
*** b52laptop has joined #zope3-dev18:50
*** rmarianski has joined #zope3-dev18:56
*** dobee has joined #zope3-dev18:57
*** pelle_ has quit IRC18:59
*** markusleist has quit IRC19:03
*** baijum has joined #zope3-dev19:06
*** malthe has quit IRC19:06
*** malthe has joined #zope3-dev19:08
*** baijum has quit IRC19:09
*** jpcw2002 has left #zope3-dev19:20
*** projekt01 has quit IRC19:25
*** markusleist has joined #zope3-dev19:26
*** harobed has quit IRC19:27
*** danielblackburn has joined #zope3-dev19:28
*** davidstryker has joined #zope3-dev19:30
*** Theuni has quit IRC19:34
*** davidstryker has left #zope3-dev19:35
*** Theuni has joined #zope3-dev19:37
*** toutpt has quit IRC19:39
*** danielblackburn has quit IRC19:41
fcorreaHey, I am debugging my code here and while doing it I reached PageTemplate. That is very cool that is has variables like c . Pdb simply wont print it19:41
bigkevmcdprint c19:43
bigkevmcdor rather pp c19:43
fcorreathat did the trick. Thanks19:46
bigkevmcdpeople naming varilables like "c" or "s" or "n" is bad for pdbing through :-)19:47
bigkevmcds/varilables/variables/19:47
*** philiKON has joined #zope3-dev19:50
*** malthe has quit IRC19:51
*** pbugni has joined #zope3-dev19:53
*** rmarianski has quit IRC19:54
*** rmarianski has joined #zope3-dev19:55
*** quodt has quit IRC20:03
*** whitmo has joined #zope3-dev20:03
*** whit has quit IRC20:03
*** whitmo has quit IRC20:09
*** whit has joined #zope3-dev20:09
*** whit has quit IRC20:13
*** benji has quit IRC20:13
*** whit has joined #zope3-dev20:13
*** markusleist has quit IRC20:13
*** benji has joined #zope3-dev20:14
foodelshey! What's the simplest way to provide my own zpt instead of the standard one used for login (@@loginForm.html)20:15
*** whitmo has joined #zope3-dev20:17
*** RaFromBRC has joined #zope3-dev20:20
*** whitmo has quit IRC20:21
*** whitmo has joined #zope3-dev20:21
*** whitmo has joined #zope3-dev20:22
*** jukart has quit IRC20:28
*** maurits has quit IRC20:28
*** natea_ is now known as natea20:29
*** agroszer_ has joined #zope3-dev20:30
*** danielblackburn has joined #zope3-dev20:33
*** whit has quit IRC20:36
*** whit has joined #zope3-dev20:41
hazmatfoodels, override the login form either in your own layer, or directly in an overrides.zcml20:42
*** agroszer has quit IRC20:44
fcorreaafd__ : still around? I got it working :). Now I have a @@manage_portles that stores portlet configuration in annotation using old-style plone portlets20:48
*** whit has quit IRC20:49
*** natea has quit IRC20:54
*** whitmo has quit IRC20:57
*** whit has joined #zope3-dev20:58
foodelshazmat: ah, cheers..21:00
*** pelle_ has joined #zope3-dev21:01
*** thruflo has quit IRC21:01
*** pcardune_ has joined #zope3-dev21:15
*** mgedmin has joined #zope3-dev21:16
*** niemeyer has quit IRC21:18
*** niemeyer has joined #zope3-dev21:18
*** quodt has joined #zope3-dev21:20
*** sp0cksbeard has joined #zope3-dev21:21
*** febb has joined #zope3-dev21:29
febbhola !!  hi all. !21:31
*** rmarianski has quit IRC21:33
*** pcardune has quit IRC21:33
*** febb has quit IRC21:36
*** dobee has quit IRC21:42
*** whit is now known as whit|blt21:42
*** ignas has quit IRC21:49
*** rmarianski has joined #zope3-dev21:55
*** febb has joined #zope3-dev21:57
afd__fcorrea: how did you do it?22:05
*** markusleist has joined #zope3-dev22:08
*** mkerrin has quit IRC22:09
*** menesis has quit IRC22:09
*** febb has quit IRC22:11
*** greenman has joined #zope3-dev22:14
*** danielblackburn has quit IRC22:18
*** salfield has quit IRC22:22
*** dunny_ has joined #zope3-dev22:32
fcorreaafd__ : Needed to use PageTemplate instead of ZopePageTemplate. For that I neede to put everything back in the extra_context of pt_render(). Now it works properly22:36
afd__cool22:37
fcorreaIt is nasty but works22:37
*** dunny has quit IRC22:40
*** Macarse has joined #zope3-dev22:41
mgedminthe multitude of page template classes is confusing22:41
Macarsehi22:41
fcorreaindeed22:45
*** whit|blt is now known as whit22:59
*** RaFromBRC has quit IRC23:02
*** dobee has joined #zope3-dev23:04
*** quodt_ has joined #zope3-dev23:05
*** reco has quit IRC23:05
*** RaFromBRC has joined #zope3-dev23:19
*** agroszer_ has quit IRC23:21
*** quodt has quit IRC23:23
*** mgedmin has quit IRC23:30
*** quodt has joined #zope3-dev23:34
*** BjornT has quit IRC23:35
*** BjornT has joined #zope3-dev23:36
*** d2m has quit IRC23:51
*** quodt_ has quit IRC23:53
« Wednesday, 2008-02-20 Index Friday, 2008-02-22 »

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!