The Zope Developer's Guide (2.4 Edition)
Total Page:16
File Type:pdf, Size:1020Kb
The Zope Developer's Guide (2.4 Edition) Chris McDonough, Michel Pelletier, Shane Hathaway Zope Developer's Guide (2.4 edition) Introduction 7 Chapter 1: Components and Interfaces 8 Zope Components 8 Python Interfaces 10 Why Use Interfaces? 10 Creating Interfaces 10 The Interface Model 12 Querying an Interface 12 Checking Implementation 13 Conclusion 14 Chapter 2: Object Publishing 15 Introduction 15 HTTP Publishing 15 15 URL Traversal 16 Traversal Interfaces 17 Publishable Object Requirements 17 Traversal Methods 17 Publishing Methods 18 HTTP Responses 19 Controlling Base HREF 19 Response Headers 20 Pre-Traversal Hook 20 Traversal and Acquisition 20 Traversal and Security 22 Basic Publisher Security 22 Zope Security 22 Environment Variables 23 Testing 23 Publishable Module 23 Calling the Published Object 24 Marshalling Arguments from the Request 24 Argument Conversion 24 Method Arguments 25 Record Arguments 26 Exceptions 27 2 Zope Developer's Guide (2.4 edition) Exceptions and Transactions 27 Manual Access to Request and Response 28 Other Network Protocols 29 FTP 29 WebDAV 30 Supporting Write Locking 30 XML-RPC 31 Summary 32 Chapter 3: Zope Products 33 Introduction 33 Development Process 33 Consider Alternatives 33 Starting with Interfaces 33 Implementing Interfaces 34 Building Product Classes 35 Base Classes 35 Acquisition.Implicit 35 Globals.Persistent 36 OFS.SimpleItem.Item 36 AccessControl.Role.RoleManager 37 OFS.ObjectManager 37 OFS.PropertyManager 37 Security Declarations 38 Summary 39 Registering Products 40 Product Initialization 40 Factories and Constructors 40 The dispatcher has three methods: 41 Testing 42 Building Management Interfaces 43 Defining Management Views 43 Creating Management Views 44 Icons 47 Online Help 47 Context Sensitive Help 48 Other User Interfaces 48 FTP and WebDAV Interfaces 49 3 Zope Developer's Guide (2.4 edition) XML-RPC and Network Services 49 Content Management Framework Interface 49 Packaging Products 49 Product Information Files 49 Product Directory Layout 50 Product Frameworks 50 ZClass Base Classes 50 TransWarp and ZPatterns 51 Evolving Products 51 Evolving Classes 51 Evolving Interfaces 51 Conclusion 52 Chapter 4: ZODB Persistent Components 53 Persistent Objects 53 Persistence Example 53 Persistent Rules 54 Transactions and Persistent Objects 55 Subtransactions 56 Threads and Conflict Errors 57 Resolving Conflicts 57 Threadsafety of Non-Persistent Objects 58 Mutable Default Arguments 58 Shared Module Data 59 Shared External Resources 59 Other ZODB Resources 60 Summary 60 Chapter 5: Acquisition 61 Introductory Example 61 Acquisition Wrappers 61 Explicit and Implicit Acquisition 61 Implicit acquisition 62 Explicit Acquisition 62 Controlling Acquisition 62 Filtered Acquisition 62 Acquiring from Context 63 Containment Before Context 64 Additional Attributes and Methods 64 4 Zope Developer's Guide (2.4 edition) Acquisition Module Functions 65 Acquisition and Methods 66 Conclusion 66 Chapter 6: Security 67 Introduction 67 Security Architecture 67 How The Security Policy Relates to Zope's Publishing Machinery 67 How The Security Policy Relates to Restricted Code 67 Unauthorized Exceptions and Through-The-Web Code 67 How The Security Policy Relates To Unrestricted Code 68 Details Of The Default Zope Security Policy 68 Overview Of Using Zope Security Within Your Product 68 Security Declarations In Zope Products 68 Permissions In Zope Products 69 Implementing Security In Python Products 70 Security Assertions 70 When Should I Use Security Assertions? 70 Making Security Assertions 70 Class Security Assertions 71 Declaring Class Security 71 Deciding To Use declareProtected vs. declarePublic or declarePrivate 72 A Class Security Example 72 Deciding Permission Names For Protected Methods 73 Object Assertions 73 An Object Assertion Example 74 Other Assertions 74 What Happens When You Make A Mistake Making SecurityInfo Declarations? 75 Setting Default Roles For Permissions 75 An Example of Associating Default Roles With Permissions 76 What Happens When You Make A Mistake Declaring Default Roles? 76 What Can (And Cannot) Be Protected By Class Security Info? 77 Inheritance And Class Security Declarations 77 Class Security Assertions In Non-Product Code (External Methods/Python Scripts) 81 Module Security Assertions 82 Declaring Module Security 82 Using ModuleSecurityInfo Objects 83 Embedded ModuleSecurityInfo Declarations 83 5 Zope Developer's Guide (2.4 edition) External ModuleSecurityInfo Declarations 83 Providing Access To A Module Contained In A Package 84 Declaring Module Security On Modules Implemented In C 84 Default Module Security Info Declarations 84 Utility Functions For Allowing Import of Modules By Through The Web Code 85 Making Permission Assertions On A Constructor 85 Designing For Security 86 Compatibility 86 Using The RoleManager Base Class With Your Zope Product 86 Conclusion 87 Chapter 7: Testing and Debugging 88 Debugging 88 The Control Panel 88 Product Refresh Settings 88 Debug Mode 88 The Python Debugger 89 Simulating HTTP Requests 89 Interactive Debugging 90 Interactive Debugging Triggered From the Web 92 Post-Mortem Debugging 93 Debugging With ZEO 93 Unit Testing 94 What Are Unit Tests 94 Writing Unit Tests 94 Zope Test Fixtures 95 Logging 97 Other Testing and Debugging Facilities 98 Debug Logging 98 HTTP Benchmarking 98 Summary 98 Appendix A: Zope Core Permissions 99 Core Permissions 99 Appendix B: Zope Directories 102 Character Encodings for Responses 105 Character Encodings for Arguments 105 Character Encodings for Arguments; The Full Story 106 6 Zope Developer's Guide (2.4 edition) Introduction Zope is an open source web application framework. It has three distinct audiences: Site Managers — individuals who use of Zope's "out of the box" features to build websites. This audience is interested in making use of Zope's existing array of features to create content management solutions. They will likely make heavy use of "through the web" scripting using DTML, Page Templates, and Python Scripts as well as (of course) HTML and XML. They are generally less concerned about code reuse than the speed with which they can create a custom application or website. Developers — individuals who wish to extend Zope to create highly customized solutions. This audience is likely interested in creating highly reusable custom code that makes Zope do something new and interesting. Administrators — individuals responsible for keeping a Zope site running and performing installations and upgrades. This guide is intended to document Zope for the second audience, developers, as defined above. If you fit more into the "user" audience defined above, you'll probably want to start by reading The Zope Book . If you fit more into the "administrator" audience defined above, you'll likely be interested in The Zope Administrator's Guide , although it is currently unfinished. Throughout this guide, it is assumed that you know how to program in the Python programming language. Most of the examples in this guide will be in Python. There are a number of great resources and books for learning Python; the best online resource is the Python.org web site and many books can be found on the shelves of your local bookstore. This book describes Zope's services to the developer from a hands on, example-oriented standpoint. This book is not a complete reference to the Zope API, but rather a practical guide to applying Zope's services to develop and deploy your own web applications. This book covers the following topics: Components and Interfaces — Zope is moving toward a component-centric development model. This chapter describes the new component model in Zope and how Zope components are described through interfaces. Object Publishing — Developing applications for Zope involves more than just creating a component, that component must be publishable on the web. This chapter describes publication, and how your components need to be designed to be published. Zope Products — New Zope components are distributed and installed in packages called "Products". This chapter explains Products in detail. Persistent Components — Zope provides a built-in, transparent Python object database called ZODB. This chapter describes how to create persistent components, and how they work in conjunction with the ZODB. Acquisition — Zope relies heavily on a dynamic technique called acquisition. This chapter explores acquisition thoroughly. Security — When your component is used by many different people through the web, security becomes a big concern. This chapter describes Zope's security API and how you can use it to make security assertions about your object. Debugging and Testing — Zope has built in debugging and testing support. This chapter describes these facilities and how you can debug and test your components. 7 Zope Developer's Guide (2.4 edition) Chapter 1: Components and Interfaces Zope is becoming a component system. Zope components will be Python objects with interfaces that describe them. Right now only some of the Zope code base uses interfaces. In coming releases more and more of Zope will include interfaces. As a Zope developer you can use interfaces right now to build your Zope components. Zope Components Components are objects that are associated with interfaces. An interface is a Python object that describes how you work with other Python objects. In this chapter, you'll see some simple examples of creating components, and a description of interfaces and how they work. Here is a very simple component that says hello. Like