Linux Productivity Magazine
Volume 1 Issue 4, November 2002
Zope: Quick and Simple
Copyright (C) 2002 by Steve Litt. All rights reserved.
Materials from guest authors copyrighted by them and licensed for perpetual
use to Linux Productivity Magazine. All rights reserved to the copyright
holder, except for items specifically marked otherwise (certain free software
source code, GNU/GPL, etc.). All material herein provided "As-Is". User
assumes all risk and responsibility for any outcome.
| Back Issues ]
If we hadn't given away our software we
wouldn't have gotten an investment. Because we gave it away he [Hadar] looked
at it, liked what he saw, and wanted to participate in the company."
-- Paul Everitt
(discussing the role of Open Source licensing
in Zope's success, during an interview with Steve Litt at the 1999 LinuxExpo in Raleigh,
By Steve Litt
We Linux users have no shortage of web authoring tools.
Mozilla Composer, VI, Screem, Quanta, and Bluefish for static web pages.
And our tools for data driven, dynamic web pages include Perl,
PHP, and Zope.
Of the three mentioned dynamic site tools, Perl is the lowest level. It can
be crafted to do absolutely anything, but Perl web authoring is rather time
consuming. Web programming in Perl is roughly analogous to writing content
in VI. You can do it, manually typing in the codes, but it can be time consuming
and error prone. Perl is a general purpose language that can be used for
web authoring, but when you use it that generality is obvious.
If Perl is analogous to VI, then web programming in PHP is analogous to content
authoring in a word processor such as MS Word. PHP is obviously built for
web programming, and its constructs make for fast construction of a dynamic
website. What more could anyone want?
That question is best answered by asking what anyone could want beyond a
word processor. MS Word or OpenOffice is wonderful for a quickie 5 or 10
page document. But as the document passes 50 pages, maintaining stylistic
consistancy becomes ever more difficult, to the point that by the time the
document is 300 pages, a word processor created document is likely to be
a hodgepodge of fonts, spacings and conventions. The solution? LyX.
LyX enforces application of styles to text, rather than direct application
of fonts, spacings and other formatting. With LyX it's very practical to
have a subject matter expert write the content, and a formatting expert create
the styles, freeing both from the hassle of switching between the two tasks.
Even if one person does both, the tasks are separated in time, so when one
is pounding out content, the total concentration is on that. And when one
is crafting the appearance, style creation and modification is the sole task
So the question is, what web programming tool is analogous to LyX? The answer
is Zope. The Zope author creates and modifies various objects, and puts them
together like Lego(R) blocks. Because these objects remain constant
across web pages, you get a completely consistent look and feel. And yet,
when necessary, an object can be modified for use in a subtree.
Zope sites are primarily tree based. If an object is changed in a directory,
those changes filter down to any subdirectories. Naturally, the object can
be changed in a subdirectory, in which case it will filter down to that subdirectory's
subdirectories. Security is based on subdirectories -- if person A has privilege
B in directory C, then A will have B in all subdirectories of C, unless those
privileges are changed in a subdirectory.
The design of Zope shows that much attention has been paid to the design
process, the creation process, and the final product. There's a complete
separation between the creation of content, appearance (via various objects),
and data, such that specialists in each field can be employed without too
much dependence on each other. Given the parallel nature of such construction,
a properly managed project can go up fast. And the finished product is stylistically
consistent and solid.
One could criticize Zope with the same criticism applied to LyX -- the stylistic
constraints limit creativity. And the criticism is rebuffed similarly. With
LyX, one can break into LaTeX to accomplish any imaginable appearance. Likewise,
one can create objects with the Python language to accomplish anything that
can be represented by an algorithm.
About the only valid criticism of Zope is that it isn't available at all
web hosting companies, so that a Zope created website isn't portable between
web hosts. This is a non-issue for a large entity, because they can maintain
their own website on their own server. Smaller entities who want the
benefits of Zope can locate Zope enabled web hosting companies by contacting
Out of the box, Zope comes with many features:
Zope isn't for everyone. Linux Productivity Magazine, and indeed all of Troubleshooters.Com,
was authored with Mozilla Composer (formerly Netscape Composer and Netscape
Gold). A few of the oldest pages were created with MS Frontpage, and the
few apps were written in Perl. The Symptom Description Wizard is a Java applet.
But basically, Troubleshooters.Com is a static infosite, and as such Mozilla
Composer is good enough.
- Content search and catalogging via the Catalog.
- Relational database connectivity
- Zope Enterprise Objects (ZEO) for scaling to millions of users
- Security with user logins
- Browser based management of your website's content, look and feel, security, and data connectivity
- Open Standards support: SQL, ODBC, XML, DOM, FTP, HTTP, FastCGI, XML-RPC, SOAP, and more.
- Extensibility via Python
That being said, if I'd known Zope in June of 1996, and if there had been a good selection
of Zope enabled web hosting companies at that time, it's very possible that
today Troubleshooters.Com would be a dynamic Zope site.
If you find yourself responsible for creating a large, dynamic website,
Zope is one of the must-evaluate products. And very possibly the best product
to use. Some say that Zope is difficult to learn. This issue of
Linux Productivity Magazine is a roadmap that shows you the path of least resistance in learning
Zope, and provides a roadmap for further learning.
Zope version 2.6 just came out recently, and although the content in this
magazine is based on Zope 2.5.1, you'll have no trouble using this magazine
to work with Zope 2.6.
So kick back, put your feet up, and read how you can use this powerhouse
web development environment. And remember, if you use Linux or other free
software, this is your magazine. Enjoy!
Many thanks go out to Zope gurus Mark Alexander, Hadar Pedhazur, Rob Page,
Jim Fulton and Paul Everitt for their suggestions, help and insight
with this LPM issue.
The Zope Challenge
By Steve Litt
Zope is reputed to have a long and steep learning curve. Perhaps compared
to Netscape Composer or OpenOffice this is true. But to put it in perspective,
Zope is easy compared to the LyX software detailed in last month's Linux
Productivity Magazine. Zope is quite learnable.
What's the benefit of learning Zope? I see several:
This month's magazine shows the easiest path to learning Zope basics. If
you read this LPM issue you'll be able to install Zope, put it through
its paces, and understand its concepts. From that point on, expertise is
just a matter of practice.
Learning this technology contributes to overall understanding of web technology.
You can make large, dynamic, data enabled websites (portals) with Zope.
Zope is easier than many other tools of its capability.
Zope facilitates functional separation of web creators: content creators,
data specialists, programmers and stylists.
Zope facilitates subject separation, enabling each subsite to have its
own administrators and content creators.
Zope facilitates style consistency throughout a large website, much the
same as LyX facilitates style consistancy throughout a large document.
By Steve Litt
Few Linux distributions ship with Zope on their install CD's. That means you'll need to download and install Zope.
Here's where you get your first opportunity to make Zope quick and simple. Follow these suggestions:
The preceding are the principles governing an easy installation. RPM
files seem to fail to install the start script, whereas using the .tgz file
from the Zope website is incredibly easy. Likewise, using Zope with the Zope
web server software is incredibly easy, whereas connecting the Zope Application
Server to another web server (such as Apache), that adds an extra level of
complexity that's counterproductive when you're learning Zope. And by creating
user and group zope, you'll remove many problems that occur if you try to install and run Zope as user root.
- DON'T install with a .rpm file! Use the binary .tgz file from Zope.Org instead.
- Use the Zope web server when learning Zope. Later, when you're confident
of your Zope prowess, you can interface Zope with Apache.
- Do the installation as user zope, group zope
Detailed Installation Instructions
- On the Linux machine on which you'll be installing Zope, create a user called zope and a group called zope. Make sure user zope is in group zope.
- Make anyone who will need to manage Zope products or the Zope server members of group zope.
- Create directory /usr/local/dc, chown zope.zope and chmod 755.
- Log in as user zope.
- Download the binary .tgz (not a source .tgz and not an .rpm) from the Zope website and place it in the /usr/local/dc directory. The filename should be something like Zope-2.5.1-linux2-x86.tgz, depending of course on the exact version. This documentation is based on Zope 2.5.1, but Zope 2.6 came out very recently.
- cd /usr/local/dc
- tar xzvf Zope-2.5.1-linux2-x86.tgz, or whatever the filename. This will create a directory called something like Zope-2.5.1-linux2-x86/.
- cd Zope-2.5.1-linux2-x86/ or whatever the directory created by the tarball.
- Be sure you're using a terminal software with a scrollbar, because
Zope's administrative password will scroll past you. You'll need to remember
it. It will look something like this:
The initial user name and password are 'admin'
- ./install to install the software. Depending on memory and processor speed, this could take several seconds or several minutes.
- bin/python ./zpasswd.py inituser to set the administrative
user, password and encryption method, all of which you will be prompted for.
For the purpose of this exercise, use user admin, password mypassword, and encryption method CRYPT. Note: CRYPT might not work with Windows, so if CRYPT doesn't work, try SHA. When prompted for "domain restrictions", press Enter so there are no domain
restrictions. This security compromise can be fixed later, after you're more
familiar with Zope.
- ./start to start the python web server and application server.
This will take some time. On version 2.5.1, when you see the message naming
the Unix socket, the server is running. It's now time to verify the installation.
Verifying the Installation
- Log in as yourself (NOT as user zope).
- In your favorite browser, log into port 8080 of your Zope server machine. For instance, if you've installed Zope on mydesk.domain.cxm, browse to http://mydesk.domain.cxm:8080.
You should see the Zope Quickstart screen. If you don't, check and see if
you have another web server running on port 8080. If so, temporarily shut
down that web server.
- Once you've successfully viewed http://mydesk.domain.cxm:8080, browse to http://mydesk.domain.cxm:8080/manage. You'll be asked for a username and password.
- Enter the username and password that you entered in the installation
step where you ran the zpasswd.py script. You should be brought to a screen
with a navigable tree on the left and a tab interfaced form on the right.
If so, you've installed Zope correctly.
This might be a good point to add a root level manager user. To do so, navigate
to the root folder, then into the acl_users folder, then click the Add button,
and add the username with password. Leave the domains field blank, and click
Manager in the Roles dropdown. Last but not least, click the Add button to
add this user.
There are certain tasks the admin/emergency user can't do, and for those tasks you need a manager type user.
If you cannot get into that screen, go over your installation steps again. Please remember that if you use the zpasswd.py
script again, you need to shut down the Zope server AND terminate all sessions
of your browser in order for the new username password combination to take
The Zope User Interface
By Steve Litt
If you can operate a file manager, you'll understand
the Zope user interface, available at http://localhost:8080/manage. Like
any good file manager, the window is divided into two panes. The leftmost
pane contains an object navigator, with which you navigate the hierarchy
of objects. Most such objects are folders, but there are other objects, and
some of those other objects can even contain other objects. The right pane
contains what's called the workspace, which exposes the selected object's contained objects, properties and the like. See the following screenshot:
As discussed, you use the navigator in the left pane to click and select
a object. Once so selected, that object's properties and contained objects
are exposed in the workspace in the right pane.
Simply put, the workspace contains all information about the chosen object.
It has tabs to view different aspects of the object. For instance, the Contents
tab exposes the object's contents (has-a relationships). You can modify or
delete these subobjects, or create new ones (via the add button and dropdown
to on the right side of the screen). There's a view tab to see what the object
looks like when run, a properties tab showing the object's properties, a
security tab showing many ACL like privileges, each of which can be enabled
for anonymous, authenticated, manager and owner. This is an extremely granular
security model allowing you to tailor the security to your exact needs.
The Undo tab enables you undo various previous actions. The Ownership tab shows the object's owner.
As you can see, a Zope app consists of many, many objects. Perhaps that's
one reason for Zope's reputation for a steep learning curve. But as you can
also see, once you learn the basics of the object hierarchy, the object types,
and how they interact, Zope's user interface makes web creation a snap.
By Steve Litt
application server that also comes with a web server. Zope has all the tools
you need to make web applications. Zope is written in the Python language.
|A computer program that users access with a web
browser over the Internet. The web application lets users use dynamic tools
to work with the application.
||Slang for web application.
|Three key ideas to understanding what Zope can do for you
|1) powerful collaboration, 2) simple content management, 3) and web components.
|Three layers of traditional web apps
|1) Databases, 2) Programs, 3) HTML and Layout. Zope
unifies all three layers, although programs can be extended in Python and
Perl, and data from other DBMS's such as Oracle or PostgreSQL can be read
and written from Zope.
|Islands of code that interact with each other. .net and xml-rpc are examples.
|Roles people play in an application
|1) Consumers (visitors), 2) Business users (create
and manage content), 3) Site designers (create sites look and feel), 4) Site
developers (program the site's services), 5) Component developers (make software
for distribution), 6) Administrators (keep software and environment running),
7) Information Architects (platform decisions and big picture). Zope has
separate facilities for those assuming each role. For instance, the site
designer needn't add content, and the business user needn't concern herself
To put this in Zopese, in Zope, Site developers create services to be turned
over to Site Designers and Business Users, and Component Developers distribute
new products and services for Zope users world wide.
Another way of thinking of roles is that roles are like hats you put on at
different times to do different jobs, or hats various people wear to do their
|Zope's tag-based scripting language
|Zope Page Templates
|Zope's templating language for XML -- Zope's new tool to create dynamic HTML
||Abbreviation for Zope Page Templates
|How to write business logic in Zope
|Zope's built-in search engine
|Zope Enterprise Objects
|A tool to scale Zope for huge numbers of customers.
Also facilitates data sharing between zope instances. This is what you use
when your app is successful enough to attract huge traffic.
||Abbreviation for Zope Enterprise Objects
server, Web based interface, object database, Relational integration,
Scripting language support. These are the high level components Zope uses
to build web apps.
|Zope management interface
|This is the high level interface by which you build Zope applications. Available at http://localhost:8080/manage.
|Zope Object Database
|Zope's built in database where they store all objects.
You can store your app's data here, or in other DBMS's such as Oracle, PostgreSQL,
|Abbreviation for Zope Object Database
|Zope's method of storing data outside of Zope (Oracle,
PostgreSQL, etc). Although Zope has its own data storage facilities, you'll
often need to write and access data from other systems.
|Database Adaptor (DA)
|A Zope product providing the Zope API for an external database such as Oracle, PostgreSQL, etc.
|Scripting language support
|You can build and enhance Zope functionality with
three scripting languages -- DTML Python or Perl. DTML is higher level but
not as capable.
|Script to change usernames and passwords
|How to start Zope manually
|Zope's facility to export a part of your Zope system for import on another Zope system
|Import a system part exported from another Zope system.
|Zope's mechanism to keep track of users. Alternatively,
|Session related objects
|1) Browser ID Manager, 2) Transient Object Container, 3) Session Data Manager
|Browser ID Manager
|To quote The Zope Book by ????: "Manages how visitors'
browsers are identified from request-to-request, and allows you to configure
whether this happens via cookies or form variables, or via a combination
of both. The default sessioning configuration provides a Browser Id Manager
as the /browser_id_manager object." <this is a quote from The Zope Book>
|Transient Object Container
|holds session data. It allows you to set how long
session data lasts before it expires. The default sessioning configuration
provides a Transient Object Container named /temp_folder/session_data. The
session data objects in the default session_data Transient Object container
are lost each time Zope is restarted. <this is a quote from The Zope Book>
|Session Data Manager
|connects the browser id and session data information.
When a folder which contains a session data manager is traversed, the REQUEST
object is populated with the SESSION, which is a session data object. The
default sessioning configuration provides a Session Data Manager named /session_data_manager.
<this is a quote from The Zope Book>
|The HTTP request, including cookies and form data restructered into a Zope object.
|Content Management Framework
|A Zope product that provides a full-blown member-oriented site for your Zope, with facilities for
membership, news, topics, discussions, workflows, user folders and "skins".
A great application of CMF would be for a departmental collaboration server!)
|Abbreviation for Content Management Framework
|Zope Object Types
has many types of objects. A good way to list them all is by clicking the
Add button in the Zope workspace. The following is the list on Zope version
2.5.1. The more common ones are defined later in this article:
- Accelerated HTTP Cache Manager
- Browser ID Manager
- DTML Document
- DTML Method
- External Metnod
- Mail Host
- Page Template
- RAM Cache Manager
- Script (Python)
- Session Data Manager
- Set Access Rule
- Temporary Folder
- Transient Object Container
- User Folder
- Virtual Host Monster
- Z Gadfly Database Connection
- Z SQL Method
- Z Search Interface
- Zope Tutorial
||Folders are objects whose purpose is containing other objects.
||Image objects contain graphical images.
||Web content containing not only HTML, but also Zope markup language. Used primarily as a document.
||Very similar to a DTML document, but used primarily
as a component by other objects. To a small degree DTML documents and DTML
methods are interchangable.
|Z Gadfly Database Connection
||An interface from your Zope app to a Zope relational database.
|Z SQL Method
container for a SQL statement. In general, a SQL statement is contained in
a Z SQL Method, which in turn is called by a DTML document or a DTML Method.
object to hold code similar to DTML, but more versatile. In fact, as time
goes on Zope Page Templates will be increasingly replacing DTML documents
|A copy of the Zope tutorial.
Using the Zope Tutorial
By Steve Litt
I could write a Zope tutorial, but I could never make
one as good as the one that comes with Zope. If you're evaluating Zope, or
if you will soon be using Zope to write a web app, the few hours spent taking
the tutorial will pay handsome dividends. The tutorial will answer many questions
you might have about Zope's capabilities and its ability to do what you need.
So before doing a lot of research, and certainly before trying to make your
own app, do the tutorial.
Here's how you access the tutorial:
You'll notice that the tutorial is in a browser window separate from
the Zope management interface. This is for your convenience -- you can read
the tutorial, then cut and paste the proper material into the Zope management
interface. And magically cool, the Zope Management interface synchronizes
with the tutorial. How cool is that? Can you imagine the kinds of apps you
could write using such techniques?
- Create a folder to house the tutorial object
- In the upper right of the right window of the browser, you'll see
a dropdown list. Click the dropdown right next to the Add button in the middle
of the right side of the screen, and choose "Folder" (see following screenshot).
- The folder properties screen appears. Fill in the Id and Title as
shown following, but don't touch the "create public interface" or "create
user folder" checkboxes.
Never put spaces in the Id field, because the Id becomes part of the URL,
and URL's with spaces are truly nasty. If you feel the need for the readability
that comes with spaces, substitute underscores for spaces.
- Click the "Add" button and note that the new folder appears in the tree in the left pane of the browser.
- Create the Tutorial Object
- Click the "My Folder" folder in the tree in the left pane.
- In the right pane, click the dropdown next to the add button, and choose "Zope tutorial".
- When asked for the Id, type my_tutorial and then click the "Add"
button. This is just like when you created the folder, except this time you're
creating a Zope tutorial within that folder.
- Click the "Begin Tutorial" button in the right pane, and follow the instructions.
In lesson 8 your web app allows the user to browse your hard disk looking
for a graphic to upload. Once selected, the graphic is uploaded and becomes
available to web browsers. Fantastic Magic!
Post Tutorial Learning
By Steve Litt
The Zope tutorial gets you familiar with Zope and
its management interface. When you're completed the tutorial, the creation,
modification and deletion of objects is no longer a mystery, and you understand
the principles behind connecting objects to create an application. Obviously,
understanding these things is different than being able to code a major app.
But the understanding enables you to read further documentation and understand
what you're reading.
With the Zope tutorial under your belt, your next step is a book called "The
Zope Book" by Michel Pelletier and Amos Latteier. This book comes in three
Each has its benefits. The HTML file is the most up to date, and it also
shows you user comments. I found the user comments to be valuable, because
when I had a question, usually someone else had that same question, asked
it as a comment, and received an answer. This was especially valuable while
doing the book's exercises, which didn't always work as documented.
- Paperback book
- No-cost downloadable PDF file
The HTML is also the easiest to use for cut and paste into your app. Cut
and paste reduces the likelihood of transcription errors, thereby speeding
The PDF version is best for a quick reference. If you use the right PDF reader
(Acrobat Reader comes to mind), you can both search the PDF and cut and paste
But for reading cover to cover, nothing beats a real book. Once you decide
that yes, you will definitely use Zope, I'd recommend purchasing the book.
But remember -- the book is more advanced than the tutorial, and its exercises
don't always work. So be sure to do the tutorial first.
Another great resource is the Zope help at http://localhost:8080/Control_Panel/Products/OFSP/Help/HelpSys.
It has API documentation on Python integration, the Zope Management Interface,
DTML, ZPT, and much more. You can browse it with a tree organization, or
click the Search tab and search on a term. Very cool!
And don't forget the examples that ship with Zope. You'll find some great examples at http://localhost:8080/Examples.
So take some time to read the Zope Book to acquire additional knowledge and vocabulary. Then begin to experiment.
Simple Topics Not Covered In the Tutorial
Even a quick browse of the book will reveal some things not covered in the tutorial:
Obviously the preceding list only scratches the surface of what's not covered
in the tutorial. But the preceding are very necessary, and they're easy to
explain, so they're explained in this article.
- Viewing a page as a normal web page
- Creating new users
- Managing a subfolder
- Creating an authentication-only user
- Setting security on a resource
- Zope Page Templates
- Python written objects
- REQUEST Objects
Viewing a page as a normal web page
In the tutorial you viewed pages and other resources with the View tab. That's
nice for the resource's manager, but not for the user. The purpose of Zope
is to give your content to your users -- not to expose them to the management
If you remember, within the management interface you have the following resource:
To administer that resource, you log into http://localhost:8080/manage as user admin, and navigate the navigator to my_folder/my_tutorial/examples/lesson1/home.html. To view it as a user would, you then click the View tab.
But a user can't access the management interface. Instead, he accesses the resource in user mode with the following URL:
Creating new users
Anything other than the smallest sites must be managed by multiple people.
Ideally, people are assigned trees. For instance, if Troubleshooters.Com
got big enough, perhaps one person would manage Linux Productivity Magazine, someone else Troubleshooting Professional Magazine, and another person would manage Code Corner.
More to the point, imagine you want to assign user mark (full name Mark Manager) to manage folder my_folder. Imagine his password is markspass. Do the following:
Note that if you had wanted user mark to manage the entire site (similar to what you do as admin),
you would have navigated to the root directory. The root already has a User
Folder object, and would have objected had you tried to create another one.
So instead you click the existing user folder, and add user mark. But in this case, we want mark to manage only the my_folder tree.
- Understand that your new user DOES NOT need to be a user on your server. Zope's security does not depend on the underlying operating system -- a big advantage.
- As user admin, log into http://localhost:8080/manage
- Navigate to my_folder
- Use the add dropdown to add a User Folder object. Note that it is inserted with the name is acl_users.
- Click the user folder's link to "get inside" it, and note there's nothing except an Add button.
- Click the Add button
- Place mark in the name field, markspass in both the password
and confirm fields, and click the Manager choice in the Roles dropdown. Leave
- Click the Add button to complete the addition.
- Notice that you now see a little man-shaped item called mark. Congratulations
-- you've just created an manager user who can manage my_folder and everything below, but nothing above.
Now you need to test. Read on...
Managing a subfolder
In order to test user mark, he must access the proper resource and log in.
The first step is to log out as user admin, so you can log in as mark.
If you haven't noticed yet, the Zope Management Interface has three frames.
We've discussed the left (navigator) and right (workspace) frames, but above
both of them is the top frame. The top frame contains a dropdown on the right
side. Click the dropdown and select Logout. You will be presented with a login screen for your user and password. Read the following caution.
Danger Will Robinson!
The user and password screen is misleading. Do not fill in a user or password,
as it will be rejected regardless of its correctness, at least on my Zope
2.5.1 setup. Instead, click the screen's cancel button. Then you will see
the phrase "You have been logged out." on the main screen. That's how you
know you're truly logged out.
Now that you're truly logged out, you'll manage the my_folder resource as user mark. Do the following:
The login screen disappears, and you're in the management interface. But there's a new wrinkle. The top level folder is my_folder, not the root folder that was the top level folder when logged in as admin.
- Place url http://localhost:8080/my_folder/manage in your browser's URL field. You'll be confronted with a screen asking for user name and password.
- Put mark in the user name field, markspass in the password field, then click the OK button.
As an experiment, try to access http://localhost:8080/manage as user mark, and you'll see you can't get in because user mark was created in my_folder, not in the root directory.
Creating an authentication-only user
The tutorial you created, and indeed everything under folder my_folder, is accessible by all, as you saw when you accessed http://localhost:8080/my_folder/my_tutorial/examples/lesson1/home.html.
That's sometimes good, but what if you want a "customers only" subsite? Zope
allows you to set a tree as readable only by authenticated users. To do that,
log in as either mark or admin and click on the my_folder link.
Click the Security tab, and note the matrix of ACL privileges vs. user type.
Note also that you can make your own user types, although that's beyond the
scope of this article.
First, let's make the my_folder tree require a password. Do the following:
- As admin or mark, Navigate to my_folder
- Click the Security tab in the workspace
- In every row, uncheck the Acquire permission settings column and check the Manager
columns. Warning: if you do not check every row for the manager, you might
get locked out, even as user admin. If you do it wrong and get locked out
of the directory (even as user admin), navigate to the to the root directory
as user admin, and use the Undo tab and facility to undo your change.
- In the following rows, check the Authenticated column:
- Click the Save changes button
The preceding security settings were a reckless strongarm to save time. In real life, you would uncheck only those Acquire permission settings
checks that gave permissions to unauthenticated users, and for those that
you unchecked, you'd check both Authenticated and Manager columns. The reason
this article doesn't have you do that is it is easy to do it wrong and lock
yourself out of the my_folder folder, and without a good knowledge of undo
and emergency users, you could stay locked out. Also, many privileges are
subtle, and without the brute force method you might not have kept out the
That's it. The my_folder tree is accessible only to managers and authenticated users. To prove this to yourself, try to access http://localhost:8080/my_folder/my_tutorial/examples/lesson1/home.html,
and note that you're asked for a password. Put in a bogus user and password,
and note that you're not let in. Of course, you could log in as mark, but mark has manager access. Now make another user, Ursula User, who is neither a manager nor owner:
Now user ursula is an authenticated user in the Zope system. Log out, and try to access http://localhost:8080/my_folder/my_tutorial/examples/lesson1/home.html. When queried for a user and password, enter ursula and ursulaspass, and note that you get in.
- Navigate to /my_folder/acl_users
- Click the Add button
- Enter ursula for name, ursulaspass for password and confirm. Do not select manager or owner, and do not fill in a domain.
- Click the Add button
And that, my friends, is how you make a members-only subsite in Zope.
Setting security on a resource
This was covered in the preceding section.
Zope Page Templates
Zope Page Templates (ZPT) are a new alternative to DTML. Their primary purpose
is to move web content editing out of Zope and into a web designer's favorite
WYSIWYG tool. The process goes something like this:
So if you've been thinking you'd have to give up your favorite web editor,
don't worry. Zope Page Templates work well with a wide variety of web authoring
tools using HTTP Put, WebDAV or FTP. For instance, my favorite web authoring
tool is Mozilla Composer. The following exercise works with Mozilla Composer
1.1 or better. Earlier Mozilla Composer versions weren't mature enough to
do this. Here' s the exercise:
- The web designer creates the web page in his favorite WYSIWYG tool, such as Mozilla Composer.
- The Zope manager creates a new page template, importing the web designer's HTML file.
- The Zope manager adds dynamic content by adding TAL code.
- The Zope manager gives the new page template a proper title.
- The new Zope resource is now accessed by the name of the page template.
- If it's necessary for the web designer to re-edit the page, she can upload it into her favorite WYSIWYG tool, and then re-import
ZPT Remote Authoring Example
Look at what was produced. Your original title was replaced by the title
you typed into the page template. And above it says "My Folder Presents".
If you look at the code you inserted, you'll see "here/title", which is a
macro replaced by the containing directory. If you look at the top of this
magazine you'll see "Troubleshooters.Com presents Linux Productivity Magazine".
My static pages forced me to enter that text into every page, but with Zope
the page template can arrange for hierarchis of "so and so presents".
- Using Mozilla Composer, create a simple web page: $HOME/mypage.html, whose title is This is my web page
- As admin, go to the my_folder folder
- Click the add dropdown and choose Page Template
- The ID should be my_page_template.zpt
- Click the browse button, navigate and select $HOME/mypage.html
- Click the Add and Edit button
- Click the Save Changes button to store what you have
- Within Zope's html edit screen, delete <body> tag and everything
before it. This is so you can replace it with Zope's TAL language properties.
- Before the remaining text, insert the following
<body text="#000000" bgcolor="#FFFFFF" link="#0000EE" vlink="#551A8B" alink="#FF0000">
<span tal:replace="here/title">whatever</span> presents:<br>
- Click the Save Changes button
- Click the Properties tab
- In the Title field, put I Made This Title In Zope
- Click the Save Changes button
- Using a different browser, view the page at http://localhost:8080/my_folder/my_page_template.zpt
So far you've seen how to import a WYSIWYG created page into Zope for the
first time. That's not worth a cent if you can't subsequently make changes
with a WYSIWYG editor. So in the second part of this exercise we'll pull
it into Mozilla Composer, edit it, and publish it back. Remember, this will
not work with Mozilla versions before 1.1.
That's it. You just downloaded, edited and uploaded a Zope Page Template
document from Mozilla Composer. Close all copies of Mozilla Composer, rerun
Mozilla, and once again browse to http://localhost:8080/my_folder/my_page_template.zpt
and verify that you now see the new sentence (refresh your browser if necessary).
Note that you see it as a user, not as a maintainer.
- Fire up Mozilla, version 1.1 or better
- Browse to http://localhost:8080/my_folder/my_page_template.zpt/source.html
- Note: The appended /source.html is what allows you to download the source instead of the produced code.
- Note that the title says "whatever presents: whichever". This is indeed pre-macro source code.
- In Mozilla, File->Edit to edit the source code.
- WARNING: Be careful not to delete any invisible codes. Those codes
are the Zope codes you inserted in Zope. In general these codes appear near
the top and bottom, as Zope's header and footer.
- Add the following sentence to the bottom of the web page: "I retrofitted this in Mozilla after the fact!"
- File->publish. When you see a message saying "Publishing complete", you know you're done.
- In another browser, browse to http://localhost:8080/my_folder/my_page_template.zpt/source.html and verify that the new sentence is now in the Zope version.
You've Just Scratched the Surface
This was a demonstration of remote editing with Zope Page Templates. They're
much more powerful than that, as you'll discover. Read "The Zope Book" and
Python written objects
This topic is immense, so this article will give you a "hello world" python
object, and then have one you can call with arguments. Let's start with the "hello world":
You see from the preceding example that everything printed during the script is available in the printed variable, and than script.title prints the title of the script, script.getId() gets the script's id, and that container.absolute_url() returns the url of the containing folder.
- As admin, navigate to my_folder in the management interface
- Using the add dropdown box, add a Script (python)
- Make the ID my_python, and leave the file blank. If you wanted to import
an existing file, you'd place that filename in the blank or use the browse
- Click Add and Edit button
- Note the script opens with example code
- Enter My Python Title in the Title field
- Click the Test tab, and note that intelligent output is printed (and if not, try to troubleshoot)
- With another browser, browse to http://localhost:8080/my_folder/my_python and verify you get the same output
Now let's use the Python code to process form data:
OK, that's cute, but will it work for real in a real browser? In another browser, navigate to the following URL:
- As admin, navigate to my_folder in the management interface
- Edit the my_python script
- Add a single parameter called name
- Add the following line just before the return statement:
- print "My name is " + name + "\n";
- Click the Test tab
- In the Value column for the parameter called name, enter Steve
- Click the Run Script button
- Note that the string "My name is Steve" appears below the rest of the text
You'll see it works the same way, and gives you Fred's name. Now let's hook it up with a form:
As mentioned, the preceding example is the most trivial proof of concept.
You can find more involved Python script examples in some of the examples
at http://localhost:8080/Examples/manage_main., and you can find the Pythonscript API at http://localhost:8080/HelpSys.
- Inside my_folder, add a DTML document
- Id is nameForm, title is Form for your name, file is left empty
- Click Add and Edit
- Delete the DTML doc's current contents
- Paste in the following
<p>Type your name.</p>
<form action="my_python" method="post" enctype="multipart/form-data">
<p>Name: <input type="text" name="name"></p>
- Click the Save Changes button
- Click the View button
- Type a name, click the Submit Query button, and verify that the name is processed by the python script
- To test outside the management interface, browse to http://localhost:8080/my_folder/nameForm, and operate the form.
REQUEST ObjectsTry this:
REQUEST objects make interactive web apps much easier. All fields from the
preceding form, or from the URL, are available with a simple syntax. Use
- Navigate to the my_folder folder
- Add a DTML Document with the Add button and Add dropdown
- Call the DTML Document my_request_example. The title should be My REQUEST Example. Leave the File blank
- Click the Add and Edit button
- Delete all code
- Insert the following line:
- REQUEST INFO: <dtml-var "REQUEST">
- Click the Save Changes button
- Click the View button, and observe all the info available
- Now browse to the following URL
- Notice that lname and fname are available.
- Back in the edit screen, add the following second line:
- LAST NAME: <dtml-var "REQUEST.lname">
- Click the Save Changes button
- Browse to http://localhost:8080/my_folder/my_request_example?fname=George&lname=Washington
- Scroll to the bottom, and notice that REQUEST.lname pulled up the lname variable in the URL.
There are also RESPONSE objects -- read up on them.
As mentioned previously, "The Zope Book" should be your constant companion,
probably in all 3 forms, HTML, PDF and Paper. The more you read the book,
the better you'll be at Zope. Try to hang out with other Zopesters, and share
code. Be sure to sign up for the Zope mailing list, which you can find at
Once you're good, try to get some Zope work. Oh, it won't be called Zope
work -- a job search reveals few if any "Zope Jobs". It will be a contract
for the automation of a smaller business that doesn't yet have a dynamic
website. If you do it right, you can walk in with a commodity Linux box and
your knowledge of Zope, and walk out with some cash and a reputation as a
web miracle maker.
Or, if you have a full time job and don't have time for contracting, start a little Zope project or Zope investigation at work.
For even better results, use the Rapid Learning techniques documented here. Within a few weeks you'll be a Zope Ninja.
Life After Windows: The Friday Justice Wept
Life After Windows is a regular Linux Productivity Magazine column,
by Steve Litt, bringing you observations and tips subsequent to Troubleshooters.Com's
Windows to Linux conversion.
By Steve Litt
On Friday, November 1, 2002, at around 4:20 in the afternoon, the United
States of America granted full and unconditional monopoly powers to Microsoft
Corporation. Microsoft was granted a complete pardon for what has been ruled
an illegal monopolization of the web browser market. Microsoft was granted
complete power to monopolize any other markets they choose. Microsoft was
granted the power to restart the dirty tricks against competitors that they
had put on hold during the antitrust trial. Microsoft now has the power to
use monopolistic tactics, no matter how outrageous, against Open Source software.
And worst for us, I fear that as long as the current administration is in
Washington, Microsoft can use the United States Government to attempt to shut down the
use of Open Source in the United States.
In case you didn't hear, on Friday, November 1, 2002, at around 4:20 in the afternoon, U.S.
District Court Judge Colleen Kollar-Kotelly ruled in favor of the US DOJ
"settlement" with Microsoft, brushing aside the more restrictive provisions
proposed by the nine states that didn't capitulate. Among other provisions,
this "settlement" provides that:
A. Unless this Court grants an extension, this Final Judgment will expire
on the fifth anniversary of the date on which it takes effect.
B. In any enforcement proceeding in which the Court has found that Microsoft
has engaged in a pattern of willful and systematic violations, the Plaintiffs
may apply to the Court for a one-time extension of this Final Judgment of
up to two years, together with such other relief as the Court may deem appropriate.
Microsoft's only punishment for non-compliance is another 2 years of the
same agreement. They have ABSOLUTELY NOTHING TO LOSE by continuing renewing
their dirty tricks, their strongarm tactics, their retaliation, preditory
pricing, bundling, and all the rest. The U.S. government has granted Microsoft
a 7 year license to ignore the Sherman and Clayton antitrust laws. For the
next 7 years Microsoft is above the law.
Perhaps Microsoft will comply with the agreement
for purposes of goodwill or good citizenship. My only comment on that theory
is to look at Microsoft's history of compliance with consent decrees.
Indeed, the skeptical amongst us might remark
that Microsoft owns the government. What else could account for zero punishment
for exploitation of an illegal monopoly (the fact that it was an illegal
monopoly was upheld by the appeals court).
Imagine telling a bank robber: "Keep the money,
but you'd better not do it again.". We'll be watching you for 5 years. If,
during that time, you rob another bank, we'll watch you for another two years".
Effect on Open Source
During the trial with Judge Jackson, Microsoft had to stop the worst of their
dirty tricks, retaliation, threats, purposeful anti-interoperability bugs,
and continual monopolization of new markets. When Judge Jackson's remedy
(not his findings, just his remedy) were overturned on appeal, Microsoft
began monopolizing other markets. Indeed, their .Net and Passport strategies,
and their upcoming "digital rights management" technology are custom made
to monopolize by defeat of interoperability. It's hard to use Open Source
when Microsoft can completely prevent data access by Open Source. Imagine
a Windows license preventing the viewing of OpenOffice documents on the Windows
box. From what I see of the "settlement", that's perfectly legal now.
One can make the argument that the "settlement" requires Microsoft to reveal
their APIs. But when "requires" means nothing more than 2 more years of impotent
oversight, for practical purposes there's no requirement.
Another post overturn move by Microsoft was to petition the government against
Open Source. The rants of Allchin, Mundie and Gates. And they succeeded to
some degree -- some government agencies have stopped contributing to GPL
software in the name of "fairness" :-)
But now Microsoft has been granted unconditional monopoly powers by the United
States Government, so you can expect a complete return of all the dirty tricks
and more. More because now they have more folks to retaliate against, and
more because they now have absolutely nothing to fear from the government.
Expect proposal of laws against Open Source. Expect laws requiring certain
software -- laws which specify data in either patented or Microsoft copyrighted
formats. You must have the software, and access by Open Source is prohibited.
Expect even more Machiavellian machinations in the future -- you know, plots
that the normal mind couldn't even conceive.
This won't effect Open Source outside the U.S. The European Union shows none
of the Microsoft favoritism displayed by the U.S. Microsoft's vision of the
future is other countries developing and profiting from Open Source while
our home grown products are relegated to working around Microsoft bugs and
security flaws, with U.S. citizens will be forced to live with inferior software.
The Microsoft vision requires the U.S. to slide into technological third-worldmanship,
for the sake of Microsoft profits.
Effect on Your Life
The court decision undoubtedly means that using Open Source will become more
challenging. The attempts to cut off our interoperability, and possibly to
outright make us illegal, will intensify.
We have a choice, you and I. We can "play it safe" and crawl back to Microsoft software, tail between our legs.
Or we can continue with superior Open Source software, beating our competition and benefitting our bottom line.
We can refuse to relay Microsoft Word documents after Microsoft alters the
format so our software won't legally read it. We can write our senators and
congressmen, telling them we'll vote them out if they assist Microsoft in
their war against Open Source.
Perhaps now is the time for us to become single issue voters. That's how
things are done in this country. That's how the pro-life and pro-choice movements
make politicians dance to their tune. That's how the NRA prevents gun registration.
It's the only way ordinary citizens can combat huge corporations with huge
bankrolls to buy senators and judges.
Meanwhile, let's just keep using and enjoying Linux, you and I. Face it --
Open Source is more productive. It's worth the effort of fending off attacks
by Microsoft and the government it appears to have bought. The "settlement"
of 11/1/2002 looks bleak, but if nothing else, the history of the last 10
years teaches us that nothing is certain but change. Microsoft might yet
be dealt a death blow by something we can't even see yet. Open Source has
the quality and price to win, even against Microsoft dirty tricks or the
government's Microsoft-sponsored anti-Open-Source legislation.
Give Me Liberty, Or Give Me Death
Me -- I'm going for it. I'm Open Source all the way. Like the guys who formed
this country, I value my freedom. Freedom to use the software of my choice
without interference from the government. Without interference by a government
We Americans have defeated many enemies of freedom. Some say we're no longer
up to the task, but I believe we are. The government has faltered, but we
citizens march on. Join me in defeating the illegal Microsoft monopoly.
Steve Litt is the author of the course
on the Universal Troubleshooting Process. He can be reached at Steve Litt's email address
Letters to the Editor
All letters become the property of the publisher (Steve Litt), and may
be edited for clarity or brevity. We especially welcome additions, clarifications,
corrections or flames from vendors whose products have been reviewed in
this magazine. We reserve the right to not publish letters we deem
in bad taste (bad language, obscenity, hate, lewd, violence, etc.).
Submit letters to the editor to Steve Litt's email address, and be sure
the subject reads "Letter to the Editor". We regret that we cannot return
your letter, so please make a copy of it for future reference.
How to Submit an Article
We anticipate two to five articles per issue, with issues coming out monthly.
We look for articles that pertain to the Linux or Open Source. This can
be done as an essay, with humor, with a case study, or some other literary
device. A Troubleshooting poem would be nice. Submissions may mention a
specific product, but must be useful without the purchase of that product.
Content must greatly overpower advertising. Submissions should be between
250 and 2000 words long.
Any article submitted to Linux Productivity Magazine must be licensed
with the Open Publication License, which you can view at http://opencontent.org/openpub/.
At your option you may elect the option to prohibit substantive modifications.
However, in order to publish your article in Linux Productivity Magazine,
you must decline the option to prohibit commercial use, because Linux Productivity
Magazine is a commercial publication.
Obviously, you must be the copyright holder and must be legally able
to so license the article. We do not currently pay for articles.
Troubleshooters.Com reserves the right to edit any submission for clarity
or brevity, within the scope of the Open Publication License. If you elect
to prohibit substantive modifications, we may elect to place editors notes
outside of your material, or reject the submission, or send it back for
modification. Any published article will include a two sentence description
of the author, a hypertext link to his or her email, and a phone number
if desired. Upon request, we will include a hypertext link, at the end
of the magazine issue, to the author's website, providing that website
meets the Troubleshooters.Com criteria for
links and that the author's website first links to Troubleshooters.Com.
Authors: please understand we can't place hyperlinks inside articles. If
we did, only the first article would be read, and we can't place every
Submissions should be emailed to Steve Litt's email address, with subject
line Article Submission. The first paragraph of your message should read
as follows (unless other arrangements are previously made in writing):
Copyright (c) 2001 by <your name>. This material
may be distributed only subject to the terms and conditions set forth in
the Open Publication License, version Draft v1.0, 8 June 1999 (Available
at http://www.troubleshooters.com/openpub04.txt/ (wordwrapped for readability
at http://www.troubleshooters.com/openpub04_wrapped.txt). The latest version
is presently available at http://www.opencontent.org/openpub/).
Open Publication License Option A [ is | is not] elected,
so this document [may | may not] be modified. Option B is not elected,
so this material may be published for commercial purposes.
After that paragraph, write the title, text of the article, and a two
sentence description of the author.
Why not Draft v1.0, 8 June 1999 OR LATER
The Open Publication License recommends using the word "or later" to describe
the version of the license. That is unacceptable for Troubleshooting Professional
Magazine because we do not know the provisions of that newer version, so
it makes no sense to commit to it. We all hope later versions will be better,
but there's always a chance that leadership will change. We cannot take
the chance that the disclaimer of warranty will be dropped in a later version.
All trademarks are the property of their respective owners. Lego(R) is a trademark of The Lego Group. Troubleshooters.Com(R) is a registered trademark of Steve Litt.
URLs Mentioned in this Issue
- Zope URLs
http://www.zope.org: Home page of the Zope project. Go here for all types of Zope info.
- http://www.zope.com: Home page of the Zope Corporation (formerly called Digital Creations), the originators of the Zope software and project.
- Zope localhost URL's (Zope must be running on port 8080 for these URLs to work).