This Zope server has been made available to developers and Zope users to allow interoperability and general testing of Zope's WebDAV support. Zope is a free, Open Source(tm) web application platform used for building high-performance, dynamic web sites.
WebDAV is a set of extensions to the HTTP protocol that allow users to collaboratively edit and manage remote web resources.
There are two ways to get access to the test server. You can access the "Public" area of the server which allows only read-only DAV operations via the url: http://webdav.zope.org:2518/users/public/.
To get access to your own private area where you can test both read and write operations, please send an email to webdav@zope.org. The recipient is a human, so the command language is pretty flexible :)
We have made this server available because we want to find bugs and ensure maximum interoperability with WebDAV clients. To this end, we give each tester a private Folder where he or she has fairly unrestricted abilities to create, change and delete his or her objects. We do, however, ask that you observe a few rules:
Please keep the number and size of uploaded objects reasonable, as a hard limit has been set on the size of the Zope object database.
Don't perform "torture-test" type performance tests on the server. We are mainly interested in interoperability and bugs at this point, and performance testing will just make life difficult for other users of the server.
Be aware that the contents of all private Folders will be periodically reset to their defaults, so don't upload or create anything that you aren't prepared to lose :^)
Information on available WebDAV client (and server) software can be found on www.webdav.org, as well as on the homepage of the IETF WEBDAV Working Group.
The upcoming Zope release that includes WebDAV support will also contain a client library that can be used to access WebDAV servers. The client library is still under active development, and is not yet generally available.
Please use our Bug report form at zope.org to report bugs or suspected bugs. You can also check the listing of reported bugs to see if something has already been reported. To let us know about your interoperability experiences or for other feedback, please email us at webdav@zope.org.
Server created on Mar 15, 1999.
Zope currently provides Class 1 WebDAV support and correct handling of HTTP GET, HEAD, POST, PUT, DELETE, OPTIONS, TRACE, PROPFIND, PROPPATCH, MKCOL, COPY and MOVE methods, as appropriate for the object that is the target of the operation. Objects which do not support a given operation should respond with an appropriate HTTP error.
Zope Folders and objects which are "content" objects such as DTMLDocuments, Images and Files fully support the DAV methods. Some objects in the Zope environment however, such as database connection objects or MailHost objects, are not really "content" objects. For these objects, PUT and PROPPATCH are usually not meaningful and thus not allowed, though you may generally use DAV to perform other operations such as DELETE, COPY or MOVE on them as usual.
WebDAV support is tightly integrated with the powerful Zope security model. Most WebDAV operations correspond closely to operations that are already available in the Zope management interfaces. WebDAV operations are generally protected by the same existing permission that protects the corresponding management operation.
The following describes the protection of the currently supported DAV HTTP methods by Zope permissions.
GET, HEAD and POST continue to correspond to the View permission on content objects such as DTMLDocuments, DTMLMethods, Images and Files. Objects which are not really "content" objects (such as the underlying system-provided documents and methods that implement management screens and operations) are usually protected by permissions specific to those objects. Access to management documents, for example, is controlled by the "View Management Screens" permission.
PUT is slightly different from other operation in that its intent is "overloaded". A PUT to the url of a resource that does not yet exist creates a new object, while a PUT to an existing resource modifies the content of the existing object. In Zope, these two operations would usually be protected by two different permissions, for example "Add Documents, Images and Files" and "Change DTML Documents". Because the intent of a PUT request is not known until the time it is called, the PUT method is protected by the corresponding "Add" or "Change" permission for the type of object being created or changed.
For example, a user must have the "Add Documents, Images and Files" permission to create a DTML Document using PUT, and must have the "Change DTML Documents" permission to update the contents of an existing DTML Document using PUT.
OPTIONS is not protected and may be accessed anonymously.
TRACE is not protected and may be accessed anonymously.
DELETE requires "Delete Objects" permission.
PROPFIND requires "Access contents information" permission.
PROPPATCH requires "Manage Properties" permission.
COPY requires permission to create an object of the type being copied in the destination Folder (for instance, to use COPY to copy a DTML Document to a particular Folder, you need to have "Add DTML Documents" permission in that Folder). This is the same way Copy/Paste operations are protected in the Zope management interface.
MOVE requires permission to create an object of the type being moved in the destination Folder, as well as "Delete Objects" permission in the source Folder of the object. This is identical to the way that a Cut/Paste operation is handled in the Zope management interface.
MKCOL requires the "Add Folders" permission.
DTML Methods and DTML Documents provide a DAV:source link in their properties which DAV clients may attempt to access in order to obtain the unprocessed DTML source for the object. Note that the "View Management Screens" permission is required to get the unprocessed source of a DTML Method or DTML Document via HTTP.
Note that the ability of a Zope installation to support WebDAV HTTP methods depends on the willingness of the web server to defer handling of those methods to the Zope process. In most cases, servers will allow the process to handle any request, so the Zope portion of your url namespace may well be able to handle WebDAV operations even though your web server software is not WebDAV-aware itself. Zope installations which use bundled server implementations such as ZopeHTTPServer or ZServer will fully support WebDAV functions.
The Apache web server seems to intercept OPTIONS requests, preventing back end programs from even having a chance to handle them. This means that clients that depend on an OPTIONS response to determine DAV capability will probably fail on Zope/Apache installations until this is resolved. We will be working with the Apache folks to fix this.
Digest authentication is not yet supported.
"If" headers are currently ignored.
Sitecopy works without any known problems.
Internet Explorer 5's new WebDAV-based "web folder" support works with Zope. To try it out, click File | Open and enter the url "http://webdav.zope.org:2518/users/public" or the url to your private Folder on the server if you have requested one, and click the "open as web folder" checkbox.
We expect WebDAV support to be included in an upcoming Zope 1.11.0 release. In the meantime, adventurous Zope fans can use our public CVS server to check out the latest work in progress.
