[Zope] Zope ZMI Templates

Tim Nash thedagdae at gmail.com
Thu Jan 17 17:26:33 EST 2008 

Tom,
  My modification of the css has nothing to do with security. It is to
simplify the UI for general users. And I use the zmi not because it is
easy but because it is proven.

If you have any specific examples of the management nightmare created
by using zmi as a cms I would very much appreciate hearing about them.
I think all websites are a management nightmare! (but it doesn't stop
facebook from becoming a platform, eh?)
:)

Thanks,
Tim



On Jan 17, 2008 8:36 AM, Tom Von Lahndorff <tom at modscape.com> wrote:
>
> There's nothing wrong with the ZMI. You're just try to hack into some
> kind of cms rather than just build one. Hiding a link with css is
> nasty hack and major security issue. While it may seem like what
> you're doing is an easy path to a quick cms, you're really just
> setting yourself up for a management nightmare. I'd recommend reading
> through (all of) this:
>
> http://www.zope.org/Documentation/Books/ZopeBook
>
>
>
> On Jan 17, 2008, at 10:17 AM, Tim Nash wrote:
>
> > Tom,
> >  Thanks but I think I am almost done. I have replaced the old <style>
> > calls with id="Find" id="Properties" etc. by access the sequence. Then
> > I added css code at the top of that same file (I think it is
> > manage_tabs.dtml, I'm not on that computer right now). So now I can
> > format the tabs anyway I want. There is also a little bit of
> > javascript that checks window.parent.location and applies changes to
> > the tabs if the user hasn't logged into the base directory.(only
> > available to the admin).
> >
> > My thinking is that the zmi is battle tested. I'd rather use something
> > that many people have already been using. Plus, from my perspective,
> > it looks to me like the zmi just needs a little updating.
> > Incorporating style sheets, etc. and it can have a new life.
> >
> > zope 3 people:  zope zmi, dtml are fast and really useful, please
> > don't toss these valuable tools!
> >
> > On Jan 17, 2008 6:25 AM, Tom Von Lahndorff <tom at modscape.com> wrote:
> >>
> >> You really should be writing a custom UI for this rather than hacking
> >> the ZMI. It will probably take less time, be much more manageable,
> >> flexible and secure.
> >>
> >>
> >> On Jan 16, 2008, at 8:05 PM, Tim Nash wrote:
> >>
> >>> The other important difference between ajax loaded pages and iframes
> >>> is that when you click on a link within an iframe page, the returned
> >>> page is loaded into the same iframe.
> >>> If I am not being clear, please check out this png file.
> >>> <a href="http://medicinebrain.com/iframe.png">
> >>> http://medicinebrain.com/iframe.png
> >>> </a>
> >>> In this png I did a search for DML Docs within a tab panel and the
> >>> search results are loaded into the same tab.
> >>>
> >>> BTW, I would like to simplify the zmi even more for my users. I want
> >>> to hide various tabs (eg. security, find, etc) and I want to
> >>> restrict
> >>> the number of products they are shown in the drop down box for
> >>> adding
> >>> to a folder.
> >>> However, I still want to offer complete zmi functionality to the
> >>> overall administrator.
> >>> I can probably hide the security tabs using css (the overall admin
> >>> won't load the css sheet) but how can I control the products
> >>> displayed
> >>> to a user in the folder view of the zmi?
> >>>
> >>> Thanks,
> >>> Tim
> >>>
> >>>
> >>>
> >>> On Jan 16, 2008 9:54 AM, Andreas Jung <lists at zopyx.com> wrote:
> >>>>
> >>>>
> >>>> --On 16. Januar 2008 09:33:58 +0100 Tino Wildenhain <tino at wildenhain.de
> >>>>>
> >>>> wrote:
> >>>>
> >>>>
> >>>>> Tim Nash wrote:
> >>>>>> Jurian,
> >>>>>> While the ZMI is a bit geeky for the average user, it works quite
> >>>>>> well inside an iframe.
> >>>>>> iframes are used by many ajax/web2 (whatever you want to call it)
> >>>>>> libraries. So in my application (for example) I currently make
> >>>>>> ajax
> >>>>>> calls to load specific zmi pages inside tabs of a window layout.
> >>>>>
> >>>>> IFRames. You should avoid those. With ajax or similar its easy to
> >>>>> skip
> >>>>> such stuff and just replace any named container tag.
> >>>>
> >>>> Iframes are still a valid choice in case asynchronous won't work
> >>>> e.g. when
> >>>> you need to load resources from servers != your origin server. Due
> >>>> the
> >>>> security model of asynchronous requests, a browser will only load
> >>>> stuff
> >>>> from the origin server. Iframes are a way to work around this
> >>>> limitation -
> >>>> ugly as you said, but sometimes a good workaround.
> >>>>
> >>>> Ansdeas
> >>
> >>> _______________________________________________
> >>> Zope maillist  -  Zope at zope.org
> >>> http://mail.zope.org/mailman/listinfo/zope
> >>> **   No cross posts or HTML encoding!  **
> >>> (Related lists -
> >>> http://mail.zope.org/mailman/listinfo/zope-announce
> >>> http://mail.zope.org/mailman/listinfo/zope-dev )
> >>
> >>
>
>

More information about the Zope mailing list