[Zope3-dev] Confusion re Site Management Objects

Stephan Richter srichter at cosmos.phy.tufts.edu
Tue Jan 3 11:29:04 EST 2006


This should have been really posted on zope3-users.

On Monday 28 November 2005 00:53, Jeff Rush wrote:
> What are the two folders here, named 'default' and 'tools'?  And why does
> the 'Visit default folder' link take me to the same place as clicking on
> the 'default' folder itself?  One of the books say 'Tools folder let you
> manage tools.' ;-)

'Visit default folder' is just UI sugar for clicking on 'default', which is 
the default site management folder.

> It's not clear whether to create my DB connector under 'default' or 'tools'
> so I guessed and picked 'default'.

It does not matter. You could create a third site management folder having 
your own custom name and place the utility (DB adapter) in there.

> A key part I'm confused about is that when creating the connector, I gave
> it a name like 'dbfinance', but later I need to register it, giving it
> another name.  Why two names, and when is the first name ever used?  The
> second name (registration name) is what appears in the drop-down 'Known
> Connectors' vocabulary.  I guess I don't understand utility registration.
>  I'm used to the Zope 2 approach of dropping DB connectors in the
> acquisition path.

Originally we wanted to make naming and object and registering it using a name 
two separate concepts. I think this is still useful, but not that gentle for 
new comers. I agree with you that the registration form should at least 
suggest the name of the utility to be the registered name.

> After registration, I can use the connector, but I'm puzzled re access
> permissions.  If my connector permissions is 'zope.public', for general SQL
> access throughout the site architecture, does that mean there is a way for
> anonymous website visitors to invoke arbitrary SQL operations?

yes and no. Theoretically, everyone could access an arbitrary SQL expression. 
However, since the utility is stored inside a site management folder, the 
person would probably have not enough permissions to get there.

> Does Zope 3 
> support the Zope 2 idea of priviledged proxies, where an intermediate has
> more privilege than the user visiting the site?

I do not know this Zope 2 feature, so I cannot comment.

> One of very useful features of Zope 2 was balloon text that popped up when
> you hovered over component icons within the ZMI, which told you the type of
> component.  Adding that would help disambiguate the various types of
> folders, most of which have the same icon.

Feel free to add the feature.

> Also interesting, reported as bug #494, is that you can't ever remove
> registered utilities via the ZMI, even when they are deactivated.  You get
> a msg about needing to deactivate them first. ;-)

Eek, I am surprised it had not been promoted to urgent. We will fix that for 
the next release.

Regards,
Stephan
-- 
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training


More information about the Zope3-dev mailing list