This repository is archived and read only.
If you want to unarchive it, then post to the [Admin & Infrastructure (AI) Team category on the Plone Community Forum](https://community.plone.org/c/aiteam/55).
src/plone.server/README.rst
This project has moved to https://github.com/plone/guillotina
Home Page: https://github.com/plone/guillotina
License: Other
This repository is archived and read only.
If you want to unarchive it, then post to the [Admin & Infrastructure (AI) Team category on the Plone Community Forum](https://community.plone.org/c/aiteam/55).
src/plone.server/README.rst
Seems we're forever troubled by the zope style of naming things..
Right now, we have module level functions that are both camel case and many that are underscore.
I'm inclined to stick with the underscore way so we're more pythonic. I know this is annoying with zope tech since it uses camel case.
Thoughts?
I think we should focus on using more pyramid-like patterns. It will help people feel more familiar with configuring and building applications on top of it.
Some things specifically where I think this applies:
Any thoughts?
I think it'd be better for us to use decorators to define endpoints instead of everything in the json file.
What do you think about doing something like this?
@Service(
for_=IDataBase,
method='GET',
permission='plone.GetPortals'
)
async def get(context, request):
serializer = getMultiAdapter((context, request), ISerializeToJson)
return serializer()
See https://github.com/plone/plone.server/blob/master/src/plone.server/plone/server/browser.py#L35 and https://github.com/plone/plone.server/blob/master/src/plone.server/plone/server/traversal.py#L411 for details
It seems to be that using permissions correctly should already handle this use-case right? Simply using a permission that plone.Anonymous
is granted should be enough?
Or am I missing something here for why this is necessary? Does it have to do with CORS? In any case, I think we should clear this up.
Also, setting this value maybe should be possible with the @configure
decorator.
Accessing http://localhost:8080 responds with "401: Unauthorized"...what's the next step?
Right now allowed types is configured with FTI.
Can we change it so we are allowed to provide an IAllowedTypes
adapter. This adapter would have two methods, type_allowed(type_id): check if type is allowed
and allowed_types(): provide list of allowed types
.
Default adapter provided by plone.server would just look at the fti like it's doing now.
However, this would allow addons to provide their own policies. More specifically, I'm looking to provide a policy that allows you to customize allowed type per folder like in Plone right now--we could make this the default as well if you want.
ideas:
thoughts:
I cloned, ran buildout, tried to run bin/server, and got:
Traceback (most recent call last):
File "bin/server", line 71, in <module>
import plone.server.server
File "/Users/davisagli/Plone/plone.server/src/plone.server/plone/server/server.py", line 3, in <module>
from plone.server.factory import make_app
File "/Users/davisagli/Plone/plone.server/src/plone.server/plone/server/factory.py", line 15, in <module>
from plone.server.traversal import TraversalRouter
File "/Users/davisagli/Plone/plone.server/src/plone.server/plone/server/traversal.py", line 8, in <module>
from parts.packages.zope.security.checker import selectChecker, \
ImportError: No module named 'parts'
Some step missing from setup instructions?
Since we can't use thread locals, we aren't using setSite and getSite and then getSiteManager will never return the local site manager as well.
However, it can be useful for addons to provide site-specific functionality, adapters, etc.
A way around this limitation is to have every sort of extendable functionality adapter the "request" objects so registered layers is the way you start hooking in custom functionality.
Thoughts?
If it is not considered good and safe to use the local registry, perhaps we should just remove it and no longer register the settings registry on the local components registry.
registry
being used in terms confusingly here--hope that all makes sense.
https://github.com/plone/plone.server/blob/master/src/plone.server/plone/server/traversal.py#L214
refers to txn, which isn't started for non-writable requests.
Which results in:
MainThread plone.server.traversal: Not authorized to render operation 4c8af77fe03645d2a14dd2dba64cf8ce
Traceback (most recent call last):
File "/Users/roelbruggink/Develop/plone/plone.server/src/plone.server/plone/server/traversal.py", line 207, in handler
view_result = await self.view()
File "/Users/roelbruggink/Develop/plone/plone.server/src/plone.server/plone/server/security.py", line 80, in check
raise Unauthorized(obj, name, permission)
zope.security.interfaces.Unauthorized: (<plone.server.api.portal.DefaultGET object at 0x10209a9b0>, '__call__', 'plone.GetPortals')
MainThread aiohttp.web: Error handling request
Traceback (most recent call last):
File "/Users/roelbruggink/Develop/plone/plone.server/src/plone.server/plone/server/traversal.py", line 207, in handler
view_result = await self.view()
File "/Users/roelbruggink/Develop/plone/plone.server/src/plone.server/plone/server/security.py", line 80, in check
raise Unauthorized(obj, name, permission)
zope.security.interfaces.Unauthorized: (<plone.server.api.portal.DefaultGET object at 0x10209a9b0>, '__call__', 'plone.GetPortals')
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/roelbruggink/.buildout/eggs/aiohttp-1.0.5-py3.5-macosx-10.11-x86_64.egg/aiohttp/server.py", line 261, in start
yield from self.handle_request(message, payload)
File "/Users/roelbruggink/.buildout/eggs/aiohttp-1.0.5-py3.5-macosx-10.11-x86_64.egg/aiohttp/web.py", line 88, in handle_request
resp = yield from handler(request)
File "/Users/roelbruggink/Develop/plone/plone.server/src/plone.server/plone/server/traversal.py", line 214, in handler
await sync(request)(txn.abort)
UnboundLocalError: local variable 'txn' referenced before assignment
Locally I can fix this by removing await sync(request)(txn.abort)
, but I don't know if this is by design?
Shouldn't every request be in a transaction, just in case someone is writing in a GET?
One problem with using json configuration is that we can't have comments.
What does everyone think of pre-processing our json configs for lines that start with "#" and removing them before passing them off to json.loads?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.