[Zope3-dev] PythonProgrammerTutorial: questions, comments, and feedback

Joseph Wayne Norton norton@alum.mit.edu
Mon, 10 Dec 2001 09:45:49 +0900 

Paul -

> > 'Products" package directory ..."
> > 
> >   - In a manner similiar to python's environment PYTHONPATH, it would
> >     be useful to have a ZPRODUCTPATH that can be searched for
> >     configuration files.
> 
> 
> To be devil's advocate, why not continue to be more Pythonic and just 
> use PYTHONPATH?  That is, the only relevant difference between a Python 
> package and a Zope package would be the presence of a Zope configuration 
> file.  (There might be other differences, such as presence of DTML 
> templates, but these wouldn't be considered significant.)
> 

I would prefer to be able to control the python and zope product paths
independently ... but keep a similiar interface or usage model where
it makes sense.

> >    4. I really wish the CMF DCWorkflow functionality was built-in to
> >    zope's security mechanism.  The whole CMF concept of
> >    published,private,show,hide etc. would be much more powerful if it
> >    could be applied in a manner similiar to zope's security model.
> >    For example, the "acquire permission settings" button would equally
> >    apply if one had a "acquire publication settings" button.  Anyway,
> >    this is just an idea.
> 
> This is an intriguing idea.  I also wonder if there is any cross-over 
> effect with versioning.  For instance, here's a pattern that the CMF, 
> even with DCWorkflow, can't do without versioning:
> 
>    o Author creates document
> 
>    o Author requests publishing
> 
>    o Reviewer publishes
> 
>    o Author edits document and adds foul language
> 
> Since there is only one document, it is either published or not.  There 
> is a workflow and security relationship to which version of a resource 
> you're talking about.
> 
> I have no proposals on how to represent this without an NxNxN situation.
> 
> --Paul
> 

I haven't really thought about the versioning issue.

However, unless my understanding is correct ... the DCWorkflow version
2 model would cause the document to be "retracted" (and cause it to be
non-published) if the author edits the document after it has been
published.  Depending on a site's policy, I think this behavior is
correct ... however it places a lot burden if one wants to make some
minor edits.

I suppose my main point with respect to having a tighter integration
between the security model and workflow model sprung from the
following e-mail posted to the CMF list.

  http://lists.zope.org/pipermail/zope-cmf/2001-December/010670.html

Given the current CMF model, it is rather painful to publish an single
folder of documents or an entire folder tree at once -- each document
is independent and has no relation to its parent folders.

If one follows the zope security model, it should be feasible to
publish an entire document tree at once and then mark "exception"
documents by turning-off an "aqcuire publishing" switch ... just like
security permissions.  Instead of having a document's published state
determine its "security settings", the sum of a document's security
settings could determine its published state. I imagine the tricky
point would be how to efficiently calculate a single document's
published state and have it be catalogued appropriately with respect
to an anonymous user's security level.

Anyway, this is just an idea ...

- j

p.s. I will have to also take a look at Jim's paper regarding dynamic
workflow -- know of a URL where it can be downloaded or viewed?