Skip to main content

Pagelet layer setup for Zope 3

Project description

This package provides a pagelet based layer setup for Zope3.

Pagelet-based Layer for Zope 3

This package contains the pagelet layer. This layer supports a correct set of component registration and can be used for inheritation in custom skins.

Right now the default implementation in Zope3 has different restriction in the traversal concept and use to much registration on the default layer.

Important

This layer ia based on the pagelet pattern. This means every page e.g. the error page is based on the pagelet concept.

IPageletBrowserLayer Layer

The pagelet layer is useful for build custom presentation skins without access to ZMI menus like zmi_views etc. This means there is no menu item registred if you use this layer.

This layer is NOT derived from IDefaultBrowserLayer layer. Therefore it provides only a minimal set of the most important public views such as @@absolute_url which get registered in zope packages for the IHTTPRequest and IBrowserRequest. Next to this views, this package will only provide error views and traversers which are normaly regsitered in the following zope packages:

  • zope.app.http.exception

  • zope.app.publication

  • zope.browserresource

  • zope.traversing

Note, this package does not depend on all the packages described above. We only need to depend on the same interfaces where this package will define views and traversers for.

Testing

For testing the IPageletBrowserLayer layer we use the testing skin defined in the tests package which uses the IPageletBrowserLayer layer as the only base layer. This means, that our testing skin provides only the views defined in the minimal package and it’s testing views defined in tests.

Login as manager first:

>>> from webtest.app import TestApp
>>> manager = TestApp(
...     make_wsgi_app(), extra_environ={
...         'wsgi.handleErrors': False,
...         'HTTP_AUTHORIZATION': 'Basic mgr:mgrpw'})

Check if we can access the page.html view which is registred in the ftesting.zcml file with our skin:

>>> skinURL = 'http://localhost/++skin++PageletTestSkin'
>>> res = manager.get(skinURL + '/page.html')
>>> res.request.url
'http://localhost/++skin++PageletTestSkin/page.html'
>>> print(res.html)
<!DOCTYPE...
<html ...>
<head>
<title>PageletTestLayout</title>
</head>
<body>
  test page
<BLANKLINE>
</body>
</html>
<BLANKLINE>

Not Found

Now check the not found page which is a exception view on the exception zope.publisher.interfaces.INotFound:

>>> err_manager = TestApp(
...     make_wsgi_app(), extra_environ={
...         'HTTP_AUTHORIZATION': 'Basic mgr:mgrpw'})
>>> res = err_manager.get(skinURL + '/foobar.html', status=404)
>>> print(res.html)
<!DOCTYPE...
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>PageletTestLayout</title>
</head>
<body>
  <div>
  <br/>
  <br/>
  <h3>
    The page you are trying to access is not available
  </h3>
  <br/>
  <b>
    Please try the following:
  </b>
  <br/>
  <ol>
    <li>
      Make sure that the Web site address is spelled correctly.
    </li>
    <li>
      <a href="javascript:history.back(1);">
        Go back and try another URL.
      </a>
    </li>
  </ol>
</div>
<BLANKLINE>
</body>
</html>
<BLANKLINE>

User error

And check the user error page which is a view registred for zope.exceptions.interfaces.IUserError exceptions:

>>> manager.get(skinURL + '/@@usererror.html')
Traceback (most recent call last):
...
UserError: simply user error
>>> res = err_manager.get(skinURL + '/@@usererror.html')
>>> print(res.html)
<!DOCTYPE ...
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>PageletTestLayout</title>
</head>
<body>
  <div>
  <div>simply user error</div>
</div>
<BLANKLINE>
</body>
</html>
<BLANKLINE>

Common exception (system error)

And check error view registred for zope.interface.common.interfaces.IException, it sets the HTTP status code to 500 if called during tests or if development mode is switched on:

>>> res = manager.get(skinURL + '/@@systemerror.html')
Traceback (most recent call last):
...
Exception: simply system error
>>> res = err_manager.get(skinURL + '/@@systemerror.html', status=500)
>>> print(res.html)
<!DOCTYPE...
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>PageletTestLayout</title>
</head>
<body>
  <div>
  <br/>
  <br/>
  <h3>A system error occurred</h3>
  <br/>
  <b>Please contact the administrator.</b>
  <a href="javascript:history.back(1);">
    Go back and try another URL.
  </a>
</div>
<BLANKLINE>
</body>
</html>
<BLANKLINE>

Unauthorized

To check the zope.security.interfaces.IUnauthorized view, we use a new unregistred user (test browser). As we have defined an unauthenticatedPrincipal in ZCML (see tests/ftesting.zcml) 401 Unauthorized is returned instead of 403 Forbidden which would show up otherwise:

>>> unauthorized = TestApp(make_wsgi_app())
>>> res = unauthorized.get(skinURL + '/@@forbidden.html', status=401)
>>> print(res.html)
<!DOCTYPE ...
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>PageletTestLayout</title>
</head>
<body>
  <div>
  <br/>
  <br/>
  <h3>Unauthorized</h3>
  <br/>
  <b>You are not authorized.</b>
</div>
</body>
</html>

Forbidden

When an authorized user tries to access a URL where he does not have enough permissions he gets a 403 Forbidden, the displayed page contents are the same like 401 Unauthorized. When an authentication utility is registered it might display a log-in form:

>>> authorized = TestApp(
...     make_wsgi_app(), extra_environ={
...         'HTTP_AUTHORIZATION': 'Basic mgr:mgrpw'})
>>> res = authorized.get(skinURL + '/@@forbidden.html', status=403)
>>> print(res.html)
<!DOCTYPE ...
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>PageletTestLayout</title>
</head>
<body>
  <div>
  <br/>
  <br/>
  <h3>Unauthorized</h3>
  <br/>
  <b>You are not authorized.</b>
</div>
</body>
</html>

CHANGES

2.1 (2018-12-01)

  • Add support for Python 3.5 up to 3.7.

  • Drop support for Python 2.6 and 3.3.

  • Drop the ability to run the tests using python setup.py test.

2.0.0 (2015-11-09)

  • Standardize namespace __init__.

  • Claim Python 3.4 support.

2.0.0a1 (2013-03-03)

  • Added support for Python 3.3.

  • Changed zope.testbrowser tests to WebTest, since zope.testbrowser is not yet ported.

  • Replaced deprecated zope.interface.implements usage with equivalent zope.interface.implementer decorator.

  • Dropped support for Python 2.4 and 2.5.

1.10.1 (2012-03-03)

  • Added adapter registration for zope.browserresource.interfaces.IETag interface to be available on IPageletBrowserLayer. This adapter is necessary to deliver file resources.

1.10.0 (2012-02-23)

  • Sets HTTP status code to 500 on system errors but only in devmode and in tests.

1.9.0 (2010-10-13)

  • Re-release of 1.8.1 as the changes in it require a new major release because they broke z3c.authviewlet.

1.8.2 (2010-10-13)

  • Re-release of 1.8.0 as the changes in 1.8.1 require a new major release because they break z3c.authviewlet.

1.8.1 (2010-10-11)

  • Doing redirect in UnauthorizedPagelet now in update method instead of render so the layout templage does not get rendered when redirecting.

  • Fixed tests: Using manager account, so anonymous user does not need to get all permissions for running tests successfully.

  • Got rid of zope.app.testing test dependency by using zope.app.wsgi.

  • Got rid of zope.app.authentication test dependency.

  • Added a test for 403 Forbidden.

1.8.0 (2010-08-20)

  • Requiring zope.login so tests run with zope.publisher >= 3.12.

1.7.0 (2009-12-24)

  • Added i18n domains to templates, so they can be translated. (Done using z3c.locales.)

1.6.1 (2009-12-23)

  • Moved zope.browserresource from test dependencies to install dependencies as it is needed in the ZCML configuration.

1.6.0 (2009-11-30)

  • Changed view for zope.publisher.interfaces.ITraversalException from system error pagelet to not found pagelet.

  • Moved authentication viewlets to z3c.authviewlet.

  • Cleaned up dependencies, reflecting changes in zope packages.

  • Cleaned up test dependencies.

1.5.0 (2009-05-28)

  • Removed dependency on zope.app.exception by using zope.browser>=1.2 and by implementing the exception view classes directly instead of inheriting them (Quite nothing of the base classes was in use here.)

  • Removed not necessary test dependency on zope.app.twisted.

  • Removed no longer necessary test dependency on zope.app.component.

1.4.0 (2009-03-16)

  • Removed direct dependency on zope.app.security by using the new packages zope.authentication and zope.principalregistry.

  • Removed not needed test-dependency on zope.app.zcmlfiles.

  • Fixed namespace package declaration in setup.py.

1.3.0 (2009-03-13)

  • Implemented login and logout using pagelets resp. viewlets.

  • Updated tests to use new zope.configuration which containts the exclude directive.

1.2.1 (2009-02-21)

  • Release 1.2.0 was missing the test file for the security issue.

1.2.0 (2009-02-21)

  • Security issue: The traverser defined for IPageletBrowserLayer was a trusted adapter, so the security proxy got removed from each traversed object. Thus all sub-objects were publically accessable, too.

1.1.0 (2009-02-14)

  • Bugfix: use IContentTemplate instead of IPageTemplate which avoids to get the layout template if no IPageTemplate is registered.

  • Using zope.location.interfaces.ISite instead of zope.app.component.interfaces.ISite.

  • Using zope.container instead of zope.app.container.

  • Cleaned up dependencies.

1.0.2 (2009-04-03)

  • backport release, see release date

  • Security issue: The traverser defined for IPageletBrowserLayer was a trusted adapter, so the security proxy got removed from each traversed object. Thus all sub-objects were publically accessable, too.

    Making this change might BREAK your application! That means if security is not well declared.

  • Bugfix: use IContentTemplate instead of IPageTemplate which avoids to get the layout template if no IPageTemplate is registered

1.0.1 (2008-01-24)

  • Bug: Update meta data.

1.0.0 (2008-01-21)

  • Restructure: Move z3c.layer.pagelet package to it’s own top level package form z3c.layer to z3c.layer.pagelet.

  • Restructure: Removed zope.app.form support from pagelet layer.

0.2.3 (2007-11-07)

  • Forward-Bug: Due to a bug in mechanize, the testbrowser throws httperror_seek_wrapper instead of HTTPError errors. Thanks to RE normalizers, the code will now work whether the bug is fixed or not in mechanize.

0.2.2 (2007-10-31)

  • Bug: Fixed package meta-data.

  • Bug: Fixed test failures due to depency updates.

  • Restructure: Fixed deprecation warning for ZopeSecurityPolicy.

0.2.1 (2007-??-??)

  • Changes unknown.

0.2.0 (2007-??-??)

  • Initial release.

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

z3c.layer.pagelet-2.1.tar.gz (18.1 kB view hashes)

Uploaded Source

Built Distribution

z3c.layer.pagelet-2.1-py2.py3-none-any.whl (26.7 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page