in json responses--careful of what we dump

http://guillotina.readthedocs.io/en/latest/quickstart.html

(guillotina) ajung@Andreass-MBP ~/src/guillotina $ ./bin/guillotina create configuration
Could not find the configuration file config.yaml. Using default settings.
usage: guillotina [-h] [-c CONFIGURATION] [--debug] --template
                  {configuration,application} [-w] [-n] [-o OUTPUT]
                  command
guillotina: error: the following arguments are required: --template

Exception on writing execution
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/guillotina/async.py", line 58, in initialize
view_result = await view()
File "/usr/local/lib/python3.6/site-packages/guillotina/api/search.py", line 93, in call
await search.reindex_all_content(self.context, self._security_reindex)
AttributeError: 'NoneType' object has no attribute 'reindex_all_content'

All we have left is zope.(configuration|component). We'll leave zope.interface in.

See https://github.com/vxgmichel/aioconsole and https://pypi.python.org/pypi/aiomonitor/0.2.1

Something integrated would be even nicer...

• https://www.npmjs.com/package/swagger-ui
• be able to generate swagger configuration
• guillotina_swagger

Additionally, for improved docs experience...

• sass package
• auth with google, facebook, etc
• be able to create temporary container
• guillotina_sass
• then, use guillotina_swagger with that container to explore API for developers to easily be able to explore the api.

Example in this PR: #282

so getAdapter -> get_adapter and so on.

Right now we're using very ugly async syntax, let's make something sane...

We are experiencing lots of conflicts errors without the rediscache module. The tid allocation does seems to be enough accurate or fast:

  File "/usr/local/lib/python3.6/site-packages/guillotina/factory/app.py", line 84, in _handle
    return await super()._handle(request)
  File "/usr/local/lib/python3.6/site-packages/aiohttp/web.py", line 325, in _handle
    resp = yield from handler(request)
  File "/usr/local/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 93, in impl
    return (yield from handler(request))
  File "/usr/local/lib/python3.6/site-packages/guillotina/traversal.py", line 229, in handler
    await commit(request, warn=False)
  File "/usr/local/lib/python3.6/site-packages/guillotina/transactions.py", line 22, in commit
    await get_tm(request).commit(request)
  File "/usr/local/lib/python3.6/site-packages/guillotina/db/transaction_manager.py", line 100, in commit
    return await shield(self._commit(request=request, txn=txn))
  File "/usr/local/lib/python3.6/site-packages/guillotina/db/transaction_manager.py", line 109, in _commit
    await txn.commit()
  File "/usr/local/lib/python3.6/site-packages/guillotina/db/transaction.py", line 276, in commit
    return await self._commit()
  File "/usr/local/lib/python3.6/site-packages/guillotina/db/transaction.py", line 290, in _commit
    await self.tpc_commit()
  File "/usr/local/lib/python3.6/site-packages/guillotina/db/transaction.py", line 345, in tpc_commit
    await self._store_object(obj, oid)
  File "/usr/local/lib/python3.6/site-packages/guillotina/db/transaction.py", line 331, in _store_object
    await self._manager._storage.store(oid, serial, writer, obj, self)
  File "/usr/local/lib/python3.6/site-packages/guillotina/db/storages/cockroach.py", line 262, in store
    oid, txn, old_serial, writer)
guillotina.exceptions.TIDConflictError: Mismatch of tid of object being updated. This is likely caused by a cache invalidation race condition and should be an edge case. This should resolve on request retry..```

Cockroach version: 1.0.3
Guillotina version: 2.3.17

Just use _p_register() everywhere instead.

https://docs.google.com/document/d/1S6ACBUEv444gT-1n3JQxo8jUH0rQvu_OPNH7ygQLIyY/edit

The @items service filters out the result based on permissions.
The pagination is made prior to filtering, leading to exotic paging information in the final result.

Be able to generate documentation on the api automatically

and reuse objects

This issue gather the ideas we talked about during the Costa-Brava sprint.

Transactions

Simple transactions

Simplify the transaction opening api. It should always be a one line operation.

txn = await tm.begin()
await txn.commit()

If the tm is associated with a request, the it should be passed to the
transaction, which removes any need to explicitely pass the request.

Request default transaction

It the transaction is to become the default transaction of a request, the
eventual container of the request should be moved to the new transaction,
or refetched, and the transaction be set as the request._txn:

txn = await request.begin()
await txn.commit()

Also, if the transaction is the default request transaction, commiting it
should call execute_futures() automatically.

Context manager

A transaction manager for handling transactions could be provided (it
might already be the case):

async with transaction(tm):
    pass

Flush

In some cases it is needed to apply all changes to the database without closing
the transactions. There is currently no way to do that with the db api.

The proposal is to add a flush() function to Transaction, that does what
tpc_commit does (except for commit itself of course). This function would be
called automatically on commit.

async txn.flush()

Path-based index

Problems

When a object is added, or its path changed, the navigation api (async_get,
navigate_to) will not 'see' it until the changes are flushed to the database.

Implementing flush somehow fix the problem but at a double cost:

• the user must remember to flush before navigating
• a same object my be loaded/modified/flushed many times in a single transaction.

Another problem with the current implementation is that a same object can be
loaded several times as different instances, and loose all consistency between
those instances.

Proposal

The idea is to add a path-based index of all the objects that were loaded.

This index would be used by the content api (async_get etc.), and achieve
complete consistency of the objects loaded in a transaction.

The index would use weakref so that the memory footprint is as low as possible
(we don't want to keep an object loaded when its not used anywhere).

Instead of multiple bin scripts, use one script to kick off registered commands(like django).

Example: bin/guillotina serve
Example: bin/guillotina shell
etc

• use type hinting for programming API, auto docs
• fix documenting programming api(read the docs)
• docs for interfaces, auto doc
• touch up addon docs
• document tus API
• document all endpoints(like swagger but not needing swagger)
• auth framework, how to extend, configure and use
• document how to write your own configurator
• document component features(getUtility, getAdapter)
• document extending cloud storage
• document useful applications
• document serialization and validation(un-included field validation) framework
• document available schema fields
• document security functions
• document request object
• document annotations
• document registry
• document renderers
• document testing
• document transaction helper functions
• utils
• directives

"portal_type" doesn't really make sense. What is a "portal" in guillotina. Nothing :)

Let's just change it to "type_name". What do you think @bloodbare?

because it doesn't support cascade on delete

"The full stack data framework"

1. Fast and scalable out of the box: scalability/performance/asyncio/micro services
2. Simplicity with batteries included, "the right amount of batteries", cors, es, etc, extensible
3. Securely organized data

Why Guillotina

• Performance: Traditional python web servers limit the number of simultaneous
  requests to the number of threads running the server. With AsyncIO, you are
  able to server many simultaneous requests at the same time.
• Front-end friendly: Guillotina is designed to make your
  JavaScript engineers happy. With things like automatic swagger documentation
  for endpoints, OOTB CORS and websockets, your front-end team will be happy
  to work with Guillotina. We speak JSON but can adapt with any Content-Type
  payload request/response bodies.
• AsyncIO: With AsyncIO, websockets are simple. More interestingly, AsyncIO
  is an ideal match with micro-service architectures.
• Object model: Guillotina uses a hierarchial object model. This hierarchy
  of objects then maps to URLs. The hierarchy model is perfect for managing
  a large number of objects.
• Security: Guillotina has a granular, hierarchial, multi-demensional
  security system that allows you to manage the security of your content
  at a level not available to other frameworks.
• Scale: With integrations like Redis, ElasticSearch and Cockroach, you
  have the tools to scale.

The HTTP spec does not (really) allow to post a body in a DELETE call.

So it might be blocked by some HTTP servers, or might not be supported by client/frameworks http implementation.

• fix DELETE in the behaviors endpoint
• fix DELETE in the addons endpoint

• read through all the docs
• include important modules as API reference

Which is by design so we can have small payloads but perhaps we need to document and/or provide direction on how to do your own mechanism for managing this

With the following 'Accept' request header :

Accept: text/html,*/*

The response Content-Type is "text/html". It think its wrong, it should be application/json:

• The actual content remains application/json, it is not transformed to valid html
• */* clearly allow the server to return something else than text/html
• Even if application/json is not in Accept (and maybe in the absence of text/javascript), the returned content-type should still be application/json, unless of course the content can be rendered as one of the accepted content types.

At the moment (as far I can see), to modify an existing resource, the only option is a PATCH.

The problem is we cannot delete existing attributes or behaviors by patching.

So I guess PUT would be useful.

Right now, guillotina is super stable and scales up well.
But there are use cases where you only want to deploy a single guillotina service, and with this there are additional missing features, like the object cache. (We know, we can use the redis one, but doesn't make sense to deploy a new service neither all the invalidations pubsub feature).
The main idea is to provide just an in-process lru-cache, that fills this gap.
I'm not sure if this should go to an additional package or just implement a new InMemory cache strategy.
Ideas, thoughts?

Purpose: consider implementing events for these life cycles.

Any performance implications?

I am trying to run buildout from master branch after pull latest.
Unfortunately got version conflict error, coming from buildout.

............................................................
...............................................................
Version and requirements information containing urllib3:
  Requirement of aio_etcd: urllib3>=1.7.1
  Requirement of requests!=2.11.0,!=2.12.2,!=2.18.0,>=2.5.2: urllib3<1.22,>=1.21.1
  Requirement of python-etcd: urllib3>=1.7.1
While:
  Installing pytest.
Error: There is a version conflict.
We already have: urllib3 1.22
but requests 2.18.1 requires 'urllib3<1.22,>=1.21.1'.

I could fix this problem by pinning urillib3 version of 1.21.1 into buildout.cfg, but may be that is not the best solution.
Looking forward :)

I don't see any api service for user to create new (user), may I am wrong?
What is the plan about this, will it get new package i.e guillotina.user.

would be really nice if dev environment gave you a pytest auto reloader when code changed

When a user has multiple groups and permissions on different levels are assigned to different groups, some permissions get ignored.

Given a user with the following groups: 'group1', 'group2'.
If group1 is assigned AccessContent on the container with AllowSingle, and group2 is assigned AccessContent with Allow on a child node, the user will not be able to access the child node or the container node (randomly it seems).

The following test reproduces the issue:
orus-io@ed87c4c

Make sure all the python we brought over is pythonic

When a ASyncUtility constructor is called, the app_settings global variable is not yet updated with the application settings.

This is because it is called when the components of an application are loaded (which is done at https://github.com/plone/guillotina/blob/master/guillotina/factory/app.py#L207), the application settings are not yet applied to the global app_settings (L219 in the same function).

I raised the issue on gitter and @vangheem concluded that load_application should be splitted in two parts:

• part 1, load settings
• part 2, load components

The global app_settings update would be done between the two parts.

How would I implement several versions (aspects) of an API with the containerish architecture of Guillotina?

Let's say I have a container with content and put a service on it. This is straight forward: containter/@service

Now what I want is container/v1/@service and container/v2/@otherservice.

Putting the version name in the service name (like container/@v1_service) does not work in all situations because there might be legacy names I can't/want to change.

Does sound adding a noop Container with the version as the name and access the items from its parent sound feasable, or this there another recommended way to do it?