Welcome to Zope.org

Copyright O'Reilly, 2000. All rights reserved.

This is an early draft chapter from a forthcoming book on Zope, to be published by O'Reilly & Associates. The material has not been through O'Reilly's editorial process, nor has it been reviewed for technical accuracy. O'Reilly & Associates disclaims responsibility for any errors in this draft and advises readers to use the information contained herein with caution.

O'Reilly & Associates grants readers the right to read this material and to print copies or make electronic copies for their own use. O'Reilly & Associates does not grant anyone the right to use this material as part of a commercial product or to modify and distribute it. When O'Reilly & Associates publishes the final draft of this book in print form, the content will be made available under an open content license, but this chapter is not open content.

If you have any comments on the material in this chapter, you should send them to the authors, Michel Pelletier and Amos Latteier, at docs@digicool.com.

Advanced Zope Scripting

Introduction

Alot of using Zope involves creating objects and gluing them together with DTML and HTML. In dynamic sites it is often necessary to implement some programming logic to carry out a task. DTML can be used for the more trivial programming cases, but DTML's purpose is for layout and reporting, not general purpose programming.

Python is the most natural language to extend Zope with since Zope is written in Python. Zope can be extended with other languages and interfaces however, and in this chapter we will explore ways of extending Zope in Python, Perl, and XSLT.

Compare DTML Meths to Others

DTML Methods, although covered heavily in this book, are not the only kind of objects that can execute a programming language. These kinds of objects are called executable object.

• Justify Methodness

A method is a task or action that you want to carry out. These actions come in many forms and for many problem domains. DTML is a presentation language, and for dynamically manipulating content it is very useful.

SQL is a very specific language that is suited for one task, querying databases. If you the action you want to talk out involves quering a database, then obviously a SQL Method will suite you better than a DTML Method.

When presentation isn't your concern but rather, application logic, then writing that logic directly in python is probably your best bet. Sometimes it is hard to draw the line between pure application logic and presentation logic. Often, the same solution can be written in DTML and Python. Consider the two folling DTML and Python Methods:

DTML:

          <dtml-in objectValues>
            <dtml-call transformFoo>
          </dtml-in>

Python:

          for object in objectValues():
              object.transformFoo()

These both do the exact same thing. Which one should you use? It's up to you!

If you want to transform XML or work with Zope's DOM capabilities, you mind find XSLT very useful. XSLT has many more XML specific capabilities than DTML. Just like with python it is possible towrite an XSLT method and a DTML method that do the same thing:

XSLT:

          Do some DOM thing.

DTML:

          Do some DOM thing.

Python:

          Do some DOM thing.

XXX Is any of this true? XXX

If you come to Zope from the Perl crowds, you might find yourself more comfortable writing methods in Perl:

Perl:

          Ugh. Help. XXX XXX XXX

Excutable Object Security

Objects that execute code must make sure they run safely. For example, executable code should not be able to work with objects that the owner of the executable object does not have permission to see.

In order for executable objects to do their job, they work in a security context. This context defines an API that executable objects can use to determine what they can and cannot do.

For the most part, executable object security is trasparent to you; you don't need to do any special configurations to get the security working. What may be confusing to you is why you are getting an Unauthorized error message when you try to execute some DTML code.

When the security context tells you that your action is Unauthorized, it raises an exception with a traceback that you can see on the Zope error page:

        <screenshot>

This traceback tells you exactly which object you were denied access to.

Zope's Security Policy?

XXX

Python Methods

Introduction

Python Methods are through-the-web objects for writing Python code directly into Zope. Unlike programming in "raw" Python, Python Methods enforce several constraints on the programmer for the sake of security.

Python methods allow you to write python directly in the web browser.

The Python Language

Python is a high-level, object oriented scripting language. Most of the core of Zope is written in Python. Python has a very clean, easily read syntax.

Example

• Create a Python Method with the id foo

• Give the method the argument bob and uncle

• Create the following content in the Method::

          for object in objectValues():
              object.doSomething()
  
  

Perl Methods

Introduction

A new feature in Zope x.x is the ability to interface Perl code with Zope by writing Perl Methods.

The Perl Language

Perl is a high-level scripting language like Python. From a broad perspective, Perl and Python are very similar languages, they have similar primitive data constructs and embody similar functional programming concepts.

Perl has a long, popular history on the Internet for dynamic content scripting. Many CGI scripts and web site scripting on the Internet is provided by Perl code.

Perl has object oriented capability, but OO is not considered as mainstream a feature of the language like it is in Python. Perl has many powerful built in semantics for text manipulation and pattern matching.

Perl Methods are a way to write Perl code in Zope.

Example

${//foo//$r%[abscc]///\\/\\//**/}

XXX

XSLT Methods

Introduction

A new feature in Zope x.x is the ability to interface XSLT code with Zope by writing XSLT Methods.

The XSLT Language

XSLT, which is a language for transforming XML documents into other XML documents.

Example

XXX

External Python Methods

Introduction

External Python Methods are web-objects that link to a Python method that is defined in Zope's Extensions directory on the filesystem. External Python Methods are more powerful than through-the-web Python Methods because there are no security constraints placed on them.

Security

External Python methods have no security restrictions. Any arbitrary python code can be executed. Since External python moethods must be on the filesystem, which is securly away from Zope users, they do not need any kind of security that other through the web executable object need.

The Extensions Directory

• Global

• Product

Example

XXX

Remote Scripting

XML-RPC

Introduction

XML-RPC is a simple remote procedure call mechanism interchanging data between two systems

Example:

        import os, sys, string

        sys.path.append('/home/michel/dev/Trunk/lib/python')
        from xmlrpclib import Server, ProtocolError
        from BasicAuthTransport import ZopeTransport

        target="http://localhost:14980/ZB/"
        username="zope"
        password="crack"

        t = ZopeTransport(username, password)
        s = Server(target, t)

        files = os.listdir(os.getcwd())

        for file in files:

            fl = string.split(file, '.')

            if fl[-1] in ['stx', 'dtml']:

                f = open(file)
                obj = string.join(fl[:-1])
                try:
                    s.manage_delObjects([obj])
                except: pass

                if fl[-1] == 'stx':
                    print 'adding %s\n' % obj
                    print s.manage_addFile(obj, f.read(), '', '', 
                    'text/structured-text')

                if fl[-1] == 'dtml':            
                    print s.manage_addDTMLMethod(obj, '')
                    getattr(s, obj).manage_edit(f.read(), '')

SOAP

SOAP is the Simple Object Access Protocol defined by rfcXXX. SOAP is the sucessor to XML-RPC and is more flexible. Despite the Simple in its name, SOAP is more complex than XML-RPC.

HTTP

Any scriptable http client can be used for remotely scripting Zope.

httplib - Example

Copyright O'Reilly, 2000. All rights reserved.

This is an early draft chapter from a forthcoming book on Zope, to be published by O'Reilly & Associates. The material has not been through O'Reilly's editorial process, nor has it been reviewed for technical accuracy. O'Reilly & Associates disclaims responsibility for any errors in this draft and advises readers to use the information contained herein with caution.

O'Reilly & Associates grants readers the right to read this material and to print copies or make electronic copies for their own use. O'Reilly & Associates does not grant anyone the right to use this material as part of a commercial product or to modify and distribute it. When O'Reilly & Associates publishes the final draft of this book in print form, the content will be made available under an open content license, but this chapter is not open content.

If you have any comments on the material in this chapter, you should send them to the authors, Michel Pelletier and Amos Latteier, at docs@digicool.com.