[Zope-CMF] Feedback wanted on Zope/CMF/Plone product developing - you might really want to read this;-)
Wankyu Choi
wankyu@neoqst.com
Wed, 11 Dec 2002 19:13:14 +0900
Hi everyone,
**READABILITY ALERT: text too long**
**NEWBIE ALERT: New to Python/Zope/CMF/Plone. Please bear with my
ignorance.**
First, appologies sorry for cross postng, but I needed to access wider
audience for feedback.
I hope this will be my last shot at clearing up any doubts about the way
I'm developing Zope/CMF/Plone products.
Please enlighten me if I'm wrong.
First, a bit of background why I'm posting this. I have a set of three
products finished just a few hours ago: NeoBoard 1.1b1, NeoPortal
Library, and NeoPortal Content Pak.
NeoPortal Library
NeoPortal Library is a collection of base modules on which to build
sophisticated Zope/CMF/Plone products such as NeoBoard.
NeoBoard
NeoBoard is a threaded message board ( http://www.neoboard.net ).
There's a HUGE gap between 1.0x versions and 1.1a, and another QUANTUM
LEAP between the last 1.1a2 and soon-to-be-released 1.1b1. Most of its
core features have been refactored into NeoPortal Library. NB supports
stock Zope and CMF, and Plone. Works the same with or without CMF or
Plone.
NeoPortal Content Pak
NeoPortal Content Pak is a collection of CMFPlone content types.
It's dependent on Plone but I wouldn't call it Plone product since I
don't fully follow the Plone developing guides.
With NCP comes NeoPortal Document, NP File, NP Image, NP External
File, NP Article, NP Link, NP Media, NP Container/Element pairs ( eg.
NeoPortal Aritlce is a container and NeoPortal Page Element or Image
Element type is an element ), plus all their advanced counterparts that
offer additional features: DTML handling for example.
As of 0.9a, NPC has 20 or so new content types and a couple of
NeoPortal content-specific tools. NCP is an add-on to CMFPlone. Some
common features include (every feature can be toggled on and off either
in a site-wide or individual manner)::
- backtalk like inline commenting ( factored out from NeoBoard )
- automatic conversion of textual notations into icons ( emoticons,
for example )
- OLE-like object embedding ( one object can embed another; changes
in embedded objects are automtically updated in embedding objects, etc
); even inline comments can embed and render other objects; NeoPortal
object embedding follows the rules of acquisition
- element-type-aware Containers like NeoPortal Article/Advanced
Article ( automatic renumbering/navigation: you get your sequenceable
photo albums in a second, for example )
- external data access ( External File and ExternalAccess tool - the
tool supports filesystem access only as of 0.9a ; will support MySQL,
etc;
- a whole directory ( and its subdirectories ) of files on the
server can be imported into corresponding NeoPortal External Files
- individual content-rating and daily access logging ( IP-based and
purgeable by specific interval of days )
- a new discussion tool for new content-types ( creates a NeoBoard
instance when discussion is enabled ); you get everything NeoBoard
offers for content discussion
- site-wide configuration and instance-specific configuration that
can override the former
- togglable IP-based spam-blocking ( one can't comment on an article
twice in less than 10 seconds, for example, to prevent malicious
duplicate postings ).... to name a few (that's quite a few;-).
NeoBoard comes with the same set of bells and whistles since it's
basically a NeoPortal Element container and its articles/attachments are
NeoPortal Elements, you get the idea.
Need Your Help/Feedback
Now here's what I'm not sure about.
1. Some fear granting users filesystem accesss is a real bad idea.
You can specify file bases (/home/ZopeHome/archives, for example)
NeoPortal External Files validate against given an absolute filepath at
the time of their instantiatioin raising error if a user tries to go up
the file bases. That's the solution I came up for filesystem security.
NeoPortal Content Pak currently allows users with AddPortalContent
permissions to use this mass-importing features from a given directory:
one can FTP his files to one of the allowed directoy bases and import
them into NeoPortal External Files in one go. If you import a set of
images into a NeoPortal Article ( a NeoPortal container) , that is your
auto-navigatable photo album, for example. In fact, I have tons of audio
files that should be imported into my own Zope server to serve up our
users. That's why I created the feature. Am I missing anything here?
2. The new discussion tool appends a acquisition-wrapped discussion
board ( np_neoboard.__of__( self ) ) to instances as a normal property
so that a board can be attachable to a non-folderish object (guess
that's how it works with CMF anyway). Works just fine, but again... am I
missing something?
3. Might be simple but haven't been able to find answers: how do I
go about i18n'ing Zope internal messages like you do with ZPT's i18n
tags? Every NeoPortal classes use a message-manipulating method to spew
out warnings, errors, user messages, etc. The method just returns back
the given messages as of now. I want this method to return i18n'd
messages. Might be a stupid newbie question... but can you give me some
pointers?
4. NeoPortal Library uses the 'email' package from Python 2.2. Just
put the entire package into the NeoPortal Library package directory and
it works just fine. I need this package to handle UNICODE mime headers.
This is where my another python newbie question comes in: I have 'tests'
directory under the NeoPortal directory:
./NeoPortalLibrary
./email
./tests
NP_Mailer, a unicode-aware emailer class, works wonderfully but only
the test modules in the 'tests' directory can't import email's Header
class. I guess I'm pretty ignorant of python importing rules. If I move
test modules into ./NeoPortalLibrary, all the tests go smoothly. I had
to append 'Products.NeoPortalLibrary.email' to every import statement in
the package. Please enlighten me on this one.
5. This might be a Plone-specific question but, Plone's master .po
file has some multiline msgstr definitions that kill poEdit and
Localizer when importing the file. For example:
#: from plone_templates/sendto_template.pt
msgid "mailtemplate_sendto_body"
msgstr "This link is sent to you from ${portal_url}"
" "
"You are receiving this mail because someone read a page
at"
"${portal_title}"
"and thought it might interest you."
" "
"It is sent by ${name} with the following comment:"
"${comment}"
" "
"${document_title}"
" "
"${document_description}"
" "
"${document_url}"
6. One of the most difficult tasks I faced up to while developing
Zope products is dealing with Zope security machinery. I use three
computers when developing in Zope: a Linux server, a win2k where I write
code with Manager role (everthing works security-wise), another win2k
with Anonymous/Authenticated role. Also use the VerboseSecurity product
to track down vague security errors. Any hints, tips or pitfalls or
whatever would be greatly appreciated on this Zope security topic. In a
word, how you guys test security handling of your products? And any
ideas on testing it in unittests?
7. Access logging/readcounting would bloat ZODB unless
version-less/non-undoable storages are used...right? How serious would
it be if I use stock ZOPE filesystem storage? In my production
envirionment, I have 300,000 users with tons of data. Any hints? How
about the Directory Storage?
8. I defined a new set of formatting rules to render Structured
Text. This might be a bad idea, but need these new rules for my users.
Suppose you want to add a new rule to ST, how would you go about it? In
my case, I just hacked it away:-(
9. I use 'guarded_getattr' instead of '_getViewFor' to get specific
skins. For example, NeoBoard can work as a pure Zope product, in which
case, I can't assume there'll be '_getViewFor'. Please warn me if I need
additional 'guarding'.
10. I override the '_setObject' method in NeoPortalElementContainer
class to allow id's that conform to a defined format: page_1, page_2,
table_1, image_2 etc. Id validatioin can be skipped by setting
'no_id_check' argument and all. Element renumbering is done by calling
'resetElementNumbers' method, which, in turn, calls
'manage_renameObjects' for renumbering. I also override this
'manage_renameObjects' so that it calls '_setOb' instead of
'_setObject'; otherwise I fall into a visious circle of '_setObject'
calling 'resetElementNumbers' recursively. Anything I should be aware of
in this regard?
11. FINALLY, NeoPortal Content Pak comes with two pairs of types:
normal types for memebers and advanced types for Mangers/Reviewers. How
do I filter out these content types based on permissions? I posted a
question about this one a while ago, but none of the suggested solutions
worked. Calling 'ContentInit' twice cancels out the first call, least in
ZMI. Works okay in a CMF/Plone site.
I also want Element types to appear only in a container object: page
elements, image elemnts showing up only in an article container, for
example. Can't find any solution for this.
(Whew... are you still with me? God, thanks.)
I plan to release NeoPortal Library, NeoBoard 1.1b1 and NeoPortal
Content Pak by the end of this week unless I find **really serious**
flaws thanks to YOUR feedback.
Thanks in advance.
Best Regards,
Wankyu Choi
---------------------------------------------------------------
To the dedicated staff at NeoQuest, language is not a problem
to be dealt with, but an art waiting to be performed.
---------------------------------------------------------------
Wankyou Choi
CEO/President
NeoQuest Communications, Inc.
3rd Floor, HMC Bldg., 730-14, Yoksam-dong, Kangnam-gu
Seoul, Korea
Tel: 82-2 - 501 - 7124 Fax: 82-2-501-7058
Corporate Home: http://www.neoqst.com
Personal Home: http://www.neoboard.net
e-mail: wankyu@neoqst.com
---------------------------------------------------------------