Zope

The Python Job Board has been maintained for over 4 years primarily by one person: Martin Thomas. Recently, Martin has decided to pass the reins to Chris Withers. The PSF would like to thank Martin for his hard work and wish him well on his new ... [More] endeavors. We would also like to welcome Chris to his new position an d applaud him for taking up this new responsibility. Don't Know About the Job Board? Some members of the community may not be aware of the Python Job Board, a free list of open positions using Python and related tools. You'll find career opportunities working with Django, Plone, SQLAlchemy, CSS, HTML, Database Administration, and much more. Although the jobs are in a variety of industries, and located all over the world, the common thread that ties them all together is Python. For more information, see the website. [Less]

It's the Zope CMF property-sheet-counterpart to "snakes on a plane". Here's how to do it: https://gist.github.com/725048Why would anyone go through all that?I had a brief e-mail chat with Martin Aspeli where it was established fairly well that ... [More] certain control panel-like properties go well with the new registry for Plone and others don't go well at all, namely those that are more complex than numbers and strings. Rich text values are such complex properties.The very same limitations apply for the venerable CMF property sheets. But on the other hand, you've got to put this stuff somewhere and hiding it away in some obscure annotation isn't exactly transparent.So in a paean to the legacy software that the CMF is, I ended up storing the rich text value in said manner and it isn't all that awful. [Less]

Update: Filed a ZODB bug. I've been getting he following log message ever since I migrated to ZODB BLOBs: ZODB.blob WARNING (PID) The `lawn` blob directory layout is deprecated due to scalability issues on some file systems, please consider ... [More] migrating to the `bushy` layout. It's not obvious what to do about this, even after initial googling, so I thought I'd document it. Firstly, we need to use the ZODB.scripts.migrateblobs script so create a console script for it that has all the necessary eggs available. Unfortunately, the ZODB3 egg doesn't define a console_scripts entry point for this script so I used zc.recipe.egg to work around this: [buildout] ... parts += zeo ... migrateblobs ... [migrateblobs] recipe = zc.recipe.egg eggs = ZODB3 entry-points = migrateblobs=ZODB.scripts.migrateblobs:main After re-running buildout and shutting down ZEO, I used the generated script to migrate the blobstorage: $ mv var/blobstorage var/blobstorage-lawn $ bin/migrateblobs var/blobstorage-lawn/ var/blobstorage (PID) Blob directory `var/blobstorage-lawn/` has layout marker set. Selected `lawn` layout. (PID) The `lawn` blob directory layout is deprecated due to scalability issues on some file systems, please consider migrating to the `bushy` layout. (PID) Blob directory '.../var/blobstorage/' does not exist. Created new directory. (PID) Blob temporary directory 'var/blobstorage/tmp' does not exist. Created new directory. Migrating blob data from `var/blobstorage-lawn/` (lawn) to `var/blobstorage` (bushy) OID: 0x###### - 1 files ... Now I'm able to fire up ZEO and I can access AT file and image objects fine without the log warning. [Less]

Today I got back three color films from development. One of them was a Fuji Pro 400 H, a film I've bought for the first time. So far it looks like the colors are in line with the Fuji 160S that we all love and worship (haven't tried the " replacement...

Alan Hoey is a developer at Team Rubber in Bristol, specialising in scalability, security and general performance of applications.  He has been using Plone for the past four years, building government consultation platforms and other bespoke ... [More] projects. As a release manager for Plone 3.x, Alan is responsible for future releases to fix issues and make other improvements to Plone 3.  This continuing development and improvement is an important part of realizing Plone's commitment to our users for long term support of our products. The Foundation Board thanks Alan for taking this leadership role within the team. [Less]

Debugging There areas we can update to facilitate debugging are: Automatic template reloading Debugging middleware Automatic code reloading Automatic Template Reloading The first and easiest thing we can do to our previous NoteTaker ... [More] application is to change our configuration settings to enable Jinja2 template reloading. What this means is that any time a .html file is changed on the filesystem, it will be automatically reloaded. The correct way to do this is to pass it in using the reload_templates setting. 1 2 3 4 5 6 7 8 9 10def make_app(settings={}): '''WSGI app factory that sets up a useful default configuration specific to the NoteTaker app. ''' settings = dict(settings) settings.setdefault('jinja2.directories', 'notetaker:templates') settings.setdefault('reload_templates', True) config = Configurator(settings=settings, root_factory=models.root_factory_maker('sqlite:///notetaker.db')) Code Reloading and Debugging Middleware via Werkzeug Werkzeug provides several mechanisms for helping with debugging. In particular it's debugging middleware provides not only traceback information in the browser but also a Javascript-based mechanism for evaluating Python expressions at any stack point in the traceback. For further information, please see http://werkzeug.pocoo.org/documentation/dev/debug.html#using-the-debugger Now we need to add Werkzeug to the setup.py install_requires entry. 1 2 3 4 5 6 7setup(name='NoteTaker', install_requires=['pyramid', 'pyramid_jinja2', 'sqlalchemy', 'zope.sqlalchemy', 'repoze.tm2', 'Werkzeug'], We now need to change how the launching of the application occurs inside main.py. The werkzeug serving process automatically wraps the application with debugging middleware when use_debugger is set to True. 1 2 3 4 5 6 7from werkzeug import serving app = make_app({'reload_templates': True}) serving.run_simple('0.0.0.0', port, app, use_debugger=True) It's also possible to simply wrap an existing app using the debugging middleware directly. 1 2 3from werkzeug.debug import DebuggedApplication app = make_app({'reload_templates': True}) app = DebuggedApplication(app, evalex=True) To enable the code reloading we merely run the previous serving.run_simple() example line with use_reloader=True. 1 2 3 4 5 6app = make_app({'reload_templates': True}) serving.run_simple('0.0.0.0', port, app, use_debugger=True, use_reloader=True) [Less]

At the annual meeting of the Plone Foundation held November 28th in Bristol, UK, the assembled members approved by acclamation a statement of our community's openness to everyone who wants to be involved.  "The Plone Foundation and global Plone ... [More] community actively encourage the involvement and participation of everyone.  Our community is based on mutual respect, acceptance and encouragement; with each of us taking personal responsibility for helping each other live up to these principles.  We believe diversity of ideas, skills, cultures and viewpoints are irreplaceable in keeping Plone and our community vital, growing and viable. We want our community to be more diverse, by any measure - so whoever you are, whatever your background is, whatever views and goals you have, we welcome you." While some felt the statement was simply common sense, others expressed satisfaction at joining the growing ranks of open-source communities who have taken a stand on encouraging broader diversity in their ranks.  Plone has long been favored with a globally diverse community of developers from around the world, representing many regions and languages, but like most other open-source projects, sees the advantages in including people of many disciplines, cultures and backgrounds.  As one of the people involved in developing the statement put it "Our users are all sorts of people - from every imaginable background, job sector, and area of interest.  When you are creating something for that diverse a group, you need a group that can represent their many viewpoints and needs." The diversity statement is available on the Plone website. Special thanks is due to Plonechix, Joel Burton, Elizabeth Leddy, Steve McMahon, Trish Ang and Calvin Parker for their ideas and help in making this happen.   [Less]

Here's a small script that can help you get (broken object) data out of a ZODB database for which you don't have the right software: https://gist.github.com/704910.As a minimum, you need to know which persistent base class the original object was ... [More] based on, i.e. persistent object, mapping, list, dict etc. If you're on a Plone site, you'll probably want to use an Archetypes base class.The technique can be used to migrate an old site to a completely new software platform without bothering to try and install the original software which may be so outdated that even the Python syntax is wrong. Or simply to get your data out of the site. [Less]

This the first part of a document I'm writing for the Grok community documentation (http://bitbucket.org/jhsware/grok-doc/) project on the topic of authentication and authorization mechanisms in Grok (and the ZTK) This document is an attempt to ... [More] explain, into as much detail as needed, how the authentication and authorisation process is handled in Grok. This explanation is based on Grok-1.2 and the specific versions of its dependencies. Note This document most probably contains errors, ambiguities or ommisions. The reader is encouraged to discuss this document on the grok-dev mailing list and the #grok IRC channel. Authentication versus authorisation It is important to make a clear distinction between the terms "authentication" and "authorisation". To a large extent, the Wikipedia definitions apply: Authentication Authentication (..) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the subject are true(..) This might involve confirming the identity of a person(..). Authorization Authorization (also spelt Authorisation) is the function of specifying access rights to resources, which is related to information security and computer security in general and to access control in particular. More formally, "to authorize" is to define access policy(..) Authentication Grok - as it is built on top of the Zope Toolkit - has a particular name for the "actor" or "user" that is acting upon the application by issueing a request. This "actor" is called the principal. The request object in Grok has a reference to an object that provides IPrincipal - the so called principal object. In these cases where authenticating the principal is not possible, the principal object will provide IUnauthenticatedPrincipal. The principal is associated to the request object by several authentication attempts during the handling of a request. In other words, Grok tries to authenticate each and every request. This is worth repeating: Grok will try to authenticate the principal for each and every request! The authentication follows several steps: Before traversal hook At the very beginning of the request handling, just before object traversal is started, the publisher will call beforeTraversal() on the publication object (see zope.publisher.publish and zope.app.publication.zopepublication). This beforeTraversal() implementation will try to authenticate against the global IAuthentication utility. By default, the global IAuthentication utility implementation that is registered in a Grok application, is that of the zope.principalregistry. It knows how to authenticate the current request using information from the application's parts/etc/site.zcml. When this "top-level" authentication is succesful, no other authentication attempts are made! Traversal The next step in the request handling is to traverse step by step to the requested object. For each step in the traversal, a callTraversalHook() is called on the publication object. In the callTraversalHook() implementation of this hook, an authentication attempt is undertaken - at least, as long as the object currently being "traversed over" is an ISite and actually has a IAuthentication utility registered for and the current principal on the request still provides IUnauthenticatedPrincipal!. In other words, the very first authentication attempt that succeeds, wins! After traversal After the traversal has completed (mind you, the retrieved object is not called or "rendered" just yet!), the afterTraversal() hook is called on the publication object. The afterTraversal() implementation will do yet another authentication attempt. If authentication has not succeeded thusfar, the request object will still have the unauthenticated principal associated. If authentication would have been succesful, the request will have and object associated providing IPrincipal. The implementation for this IPrincipal depends on the IAuthentication utility that did the authentication. IAuthentication utilities As we have seen, in each request there are several attempts to authenticate the request. This is done by calling authenticate() on the found utility. If the utility returns None Grok will continue with the IUnauthenticatedPrincipal, if it returns an IPrincipal object that object is used for the request. In a Grok application, there's at least a globally registered IAuthentication utility available, implemented in zope.principalregistry. Its authenticate() method will validate a loginname and password "pair" - also called the credentials - against a simple registry. Actually retrieving the credentials however is delegated by this principal registry to the ILoginPassword adapter for the request. The ILoginPassword implementation for this adapter that is registered by default, will try to get Basic Authentication credentials from the request. So, as long as the correct Basic Authentication credentials are available in the request, the principal will be authenticated. Note It is important to realize that other IAuthentication implementations might have a completely different strategy for authenticating requests. Later we will see how the often used PluggableAuthentication implements the authenticate() contract. Authorization User agents, like web browsers, do not by default provide Basic Authentication credentials in the requests they send to the application. They have to be triggered in doing so. Basic Authentication is triggered by a 401 status code in the response. But what mechanism will make sure a 401 status code is set on the response object in a Grok application? Let's assume we have view that is publicly accessible. Let's also assume that we have a request for this view, that cannot be authenticated. The security mechanism will check whether the current request is allowed to access this particular view (exactly how this is checked is out of scope for this document. It would deserve an article on its own). Since it is a public view, the security checking will allow it and the publisher will make sure the view is rendered. Now suppose we have an unauthenticated request for another view, a view that is protected. Since we were not able to authenticate the request, we cannot determine whether the request should be allowed and the security mechanism will raise an Unauthorized exception. Whenever an exception is raised in the publication process, the publisher will try to handle the situation in a clean manner by giving the publication the possibilty to do something about the error situation by calling the handleException() hook. Part of the important house-keeping that is performed in the handleException() hook, is the lookup of a view for the current exception and having this "error" view rendered. Grok has "error" views registered for several error situations, including a view that is specifically built to handle Unauthorized exceptions. This particular error view implementation will call unauthorized() on the request object which will set the 401 status code on the response, in turn triggering a login/password dialog of some sort in the user agent and that is the end of this request's life-cycle. This implies that the error view is responsible for somehow triggering the authentication challenge. If there is no such view, the result will just be a basic error message displayed, with not much more that the name of the current exception. A new request could come in, now with credentials in the form of Basic Authentication, and the the new request cycle will follow the described process for authenticating the request. In the example of a protected view, we will now have an authenticated request and we can check whether the now-know principal actually was granted sufficient permissions to access this resource. Next part will be about the alternative IAuthentication implementation found the ``zope.pluggableauth`` package. [Less]

Calvin Hendryx-Parker has been named the Foundation's President.  Calvin is the CTO and Co-Founder of Six Feet Up, Inc., a WBENC certified Women's Business Enterprise based in the United States of America that specializes in Plone and Python-based ... [More] development, hosting and deployment. Calvin is a well-known speaker and evangelist both in and outside the Plone community, a contributor to Plone Core since 2007, a member of the Framework Team and was first elected to the Plone Foundation Board of Directors in 2009.Matt Hamilton was chosen as the Foundation's Vice President.  Matt is the director of Netsight, a 13-person web development firm in the UK which specialises in Plone deployments, customisation and integration. He has been involved in Plone since 2003 and Zope since 2000. Matt has served on the Foundation Board three times, including the inaugural board in 2004.  Widely recognized as a speaker and evangelist, Matt has represented Plone all over Europe. He also was a principal organizer of the very successful Plone Conference 2010 in Bristol, UK.Steve McMahon will serve as the Foundation Secretary for a third year. Steve is a partner in Reid-McMahon, LLC, a Plone consultancy in Davis, CA (USA) specializing in work with non profits. He also does extensive volunteer work with the Davis Community Network. In addition to three terms on the Foundation Board, Steve leads the membership committee, has served as a Google Summer of Code mentor, and is well known as a speaker and trainer at Plone events.Toby Roberts will continue as Plone's Treasurer - a role he has filled since 2004.  Toby is Vice President of Enfold Systems, a Houston Texas (USA) providing Plone solutions since 2004.Looking forward to the next year, the new Foundation President is upbeat.  "This new board brings a great amount of experience and teamwork to the table. This upcoming year is looking great after the solid Plone 4 release, but there is still a lot of work ahead of us on fronts other than technology." In making these announcements, the board also wanted to recognize the outstanding leadership, effort and dedication of outgoing President Geir Bækholt - who helped make the last year a very successful one for the Plone Community.  Geir remains on the board for 2010-2011. The 2010-2011 Plone Foundation Board of Directors is composed of seven members elected by the Foundation membership - Geir Bækholt, Mark Corum, Matt Hamilton, Calvin Hendryx-Parker, Alexander Limi, Steve McMahon & Jon Stahl.   [Less]