Using objects in Zope

In this Daily Drill Down, Vincent Danen takes a look at the object-oriented nature of Zope, a Python-based Web-creation and management system. With Zope, everything from pages to graphics is a distinct object available in the framework.

In the last Daily Drill Down of this series, I took a look at the Zope Web site creation and management tool. I discussed the installation of this Python-based tool and showed how to make it run with the Apache Web server.

In this Daily Drill Down, I’ll take a look at the object-oriented nature of Zope. Zope is a Web-management system where everything from pages to graphics is a distinct object available in the overall Zope framework.

Zope's built-in objects
By default, Zope provides a number of useful objects for developers. These default objects include Document, Image, Folder, UserFolder, and MailHost objects.

By breaking pages and graphics down into objects, Zope is ideal for multi-user administration. This means you can delegate responsibility for various objects to various members of a design team. For instance, your graphics designer may have access to only the Image objects, whereas your primary HTML designer may have access to all objects. Perhaps there are one or two contributing editors who would manage only certain Document objects that pertain to their area of expertise.

By utilizing the object model, Zope allows people to get hands-on experience with the design of the site, and yet it restricts them to only those areas to which they should have access. Gone are the days when FTP access was granted solely to the primary HTML designer and all changes had to be forwarded to one person to enter. With Zope, everyone can get their hands dirty—but only where they are allowed access.

The objects are fairly traditional, yet extensive, and aren’t difficult to understand. For instance, you can choose from two types of documents: DTML (Document Template Markup Language) Documents and DTML Methods. The DTML Documents are like static HTML pages. They contain information that can be easily changed like any other HTML page, but they do not contain any processing power or dynamic variables. The DTML Method pages are the dynamic pages that would be used to pull information out of databases, external sources, and so forth. Image objects simply contain a graphic element that you designate.

Folders can be used to further break down your object grouping. For instance, the default folder is zope, which contains the base documents for the site. If you were running your entire Web site from Zope, the zope folder would be similar to the top-level directory of your Web site. Further defined folders contain other object groupings and can be referred to as subdirectories in that they appear below the top-level folder. Each folder can also optionally contain a public interface. This means that if someone enters the folder, they will be presented with an administration-defined page, similar to an index.html file within a subdirectory. UserFolders are not like traditional folders. They are used for user access control for the defined parent folder. Each folder can contain one UserFolder that specifies which users have access to specific objects.

You can also define an object called the MailHost. The MailHost object is a definition that points to an accessible SMTP server. This object allows Zope to send e-mail via forms or other administration-defined functions. If your Web site needs to talk via e-mail to you or your visitors for any reason, you’ll need to use the MailHost object.

Each object in Zope also has a user-assigned ID. This ID is used to reference other objects. Instead of referring to other documents on the Web site via traditional URLs, the ID allows you to reference documents by a simple ID associated with a document. For instance, to link to a page containing documentation in a traditional Web site, you might use
<a href=?/docs.html?>Documentation</a>

This is a standard HREF tag in HTML that links to another page. In Zope, instead of linking to a page, you’d link to an object by its ID, like this:
<a href=”docs”>Documentation</a>

In this instance, “docs” is the ID for the Documentation object.

Creating the first object
By default, Zope sets up a very basic index page to your system when you first install it. This index page (or rather, object) basically provides a link to the QuickStart tutorial and to the management session. Click the Management link, and it will take you to the Zope Management screen.

Your Web browser should now be split into two frames. The left-hand frame is an index frame of sorts that provides links to different primary sections of the Zope system. At the top of the frame, it will tell you the name you’re logged in as, and below it will be a folder icon in front of the word zope, which is your top-level folder. Below that you will see a QuickStart folder and an acl_users folder (which is the UserFolder object for the base Zope system). Below that will be a link to the Digital Creations copyright screen and finally a Refresh link.

In the right-hand frame, you will see a few tabs at the very top, and then a line that says Folder at /zope. Underneath that you will see a list of the objects that exist in that folder. Below that you will see a drop-down list that allows you to add a new object to the folder.

There are four objects you will want to look at immediately if you intend to use Zope for any serious Web design and customization. The objects are index_html, standard_error_message, standard_html_footer, and standard_html_header. These are, respectively, the main body of the index page, the page displayed when a page is not found or an error occurs, the footer for all pages, and the header for all pages.

Let’s take a look at the standard_html_header first. This is the object that should be persistent across all displayed pages. It is where you would place all of your META tags and so forth. The default is pretty plain, so let’s change it to something a little more exciting, like this:
<TITLE><!—#var title_or_id—></TITLE>
<link rel="stylesheet" href="css">

This is all standard HTML code except for two things. Between the TITLE tags we have inserted a DTML reference. All DTML references are enclosed within the standard HTML comment codes, namely <!— to start the comment and —> to end it. In this case, we’re using the following DTML reference:
#var title_or_id

This basically is a reference to the calling object’s title or ID. The value will be replaced by the object title—and if that doesn’t exist, by the object’s ID. So if you had an object called docs and the title for the object was Web site Documentation, the following HTML code would be sent to your browser:
<TITLE>Web site Documentation</TITLE>

Next, add a link to a nonexistent object that you will call css a little later on. That object will contain the Cascading StyleSheets you want to insert into your documents to give them a more flexible and consistent look.

Now, click the Changes button to save the changes. Zope will refresh the editing page, so just select the zope folder in the left-hand frame to return to the Object Listings page. Now, click the standard_html_footer link to edit the footer you’ll use across all of the displayed pages.

You can do what you like with this page—add in some links to Image objects or display a copyright notice or anything else you prefer. Now, I’d like to call your attention to another DTML reference, this one being
<!—#var ZopeAttributionButton—>

This is basically a link to include the Powered By Zope button, which also contains a link to the Zope Web site. You can remove this button or reposition it if you wish. Just keep in mind that whatever you define here will be displayed at the bottom of each document that includes it.

Return to the Object Listing page and edit the index_html object. This is the body of the index page. By default, it contains a Welcome To Zope page, which you’ll definitely want to change, but before you do, take a look at the code. You’ll notice the DTML references to the standard_html_header and standard_html_footer, as well as links to other objects, primarily the Management screen and the QuickStart guide.

Change the title of the object to whatever you wish. Remember, the standard_html_header uses this as the value for the TITLE tags for the page. Next, edit the text of the object itself, but keep the references to the header/footer objects:
<!—#var standard_html_header—>
<!—#var standard_html_footer—>

Place the information that you wish to be displayed on the page between the two DTML references to the Header and Footer objects. Think of those #var statements as include-like statements. They will be replaced by the contents of the referenced object, so keep this in mind as you write the HTML code to be displayed on the index page. Once you’ve finished, click Change to save your changes and return to the Object Listing page.

Now you want to add a new object. Recall the reference to the css object in the standard_html_header? We’ll now add a new object that contains the stylesheet information for our site.

Select DTML Document from the drop-down list at the bottom of the page and click Add. You are then taken to another editor screen that allows you to define the ID and Title of the object. You will also notice a field that can be used to enter a filename. You can use this field to import existing HTML documents into Zope, which works great for those wishing to change existing Web sites to Zope-based sites. If you have an existing stylesheet file to import, click the Browse button and select the file from your local system. Once you’ve done this, click Add And Edit to upload the page and then edit the object. If you don’t have an existing file to import, merely click Add And Edit to create the object and edit it. To make it easy to remember, I would give the new object an ID of css because that’s what we used in the standard_html_header object, and give it a name of StyleSheets.

Now, you can modify or create your site stylesheets. Going into detail about stylesheets is beyond the scope of this article, so let me provide you with a simple example:
body   { font_family: Arial, Helvetica; font_size: 12pt;
     color: #000000; background_color: #ffffff }

a    { text_decoration: none }
a:link   { color: darkcyan }
a:visited  { color: darkcyan }
a:hover   { color: red; text_decoration: underline }

p    { font_family: Arial, Helvetica;
     color: #000000; font_size: 12pt; margin_right: 10px }

This simply defines the style for a few different traditional HTML elements. The first line defines the characteristics of the BODY tag; the following four tags define the A (anchor) tags in different modes: normal, linked, visited, and when the mouse is hovering over the link. Finally, we define the characteristics of the P (paragraph) tag.

Save your changes and visit your Zope site. You should see your new index page with the Header and Footer objects you defined. It should look the way you specified in your Stylesheet object. If this is not the case, simply return to the Zope Management screen and edit the objects until they look the way you want them to.

Security in Zope: UserFolders
One of the unique features of Zope is its inherent security. It uses simple HTTP authentication, which is supported by browsers like Netscape and the latest Internet Explorer. This means that the user authentication is done on the browser level by talking to the HTTP server, whether you use the Zope Zserver itself or you use PCGI and Apache. This reduces the need for form-based authentication and the use of cookies to track user authentication.

With a traditional Apache Web server, you’d use the .htaccess method of securing sensitive pages for HTTP authentication. Zope eliminates this requirement and makes things even simpler with its UserFolders, which are basically lists of users who have access and are assigned a certain security level: manager or owner. These levels can also be modified to include or exclude certain administrative functions such as adding objects, changing existing objects, deleting objects, changing the configuration, using a database, and so forth. These security levels are referred to as roles and can also be changed. This means that you’re not limited to Manager or Owner roles—you can add your own role such as User for personal users with personal pages.

For instance, open the folder entitled acl_users, which is the name assigned to UserFolders. If you haven’t yet modified any of the users, you’ll see an empty list of users. The default user in a Zope system is the superuser, which is similar to root. In the UserFolders, you define new users for the system.

Click the Add button to add a new user. You will be asked for the name and password twice (to avoid misspelling a password). You will also be asked for a Domains field, which warrants special notice. Here, you can restrict the domains from which a user may log in. For example, if you were in a company setting and the entire company was situated in a domain called, you could enter that into the Domains field. This means that user Joe can only log in from a computer originating from the domain and no others. If you need to support multiple domains for a user, simply specify the domains in the same field separated by spaces. Finally, you can specify the role for that user: manager, owner, or any other role you have defined.

When you return to the UserFolder, you will see the newly defined user listed there. You can then proceed to add more users if you wish. Let me draw your attention once again to the tabs at the top of the right-hand frame. One of them is labeled Security and is used to fine-tune the access for each defined role. Click the Security tab and take a look at the list. Here you can check off which activities may be performed by users in any particular role. You can also add new roles here.

The nice thing about this method is that you can provide folders for customers or departments who wish to maintain their own folders and objects. You, as the administrator of the site and superuser, have access to any folders you or your users may create. Your users in turn have full control of the folders you have assigned to them and can further create subfolders with UserFolders if they wish. You will always retain control of any folders beneath your primary folder. Zope also ensures that users with access to lower-level folders cannot access higher-level folders without having permission to do so.

I’ve just begun to scratch the surface of Zope in this Daily Drill Down dealing with various aspects of dynamic Web sites. Zope is a powerful object-oriented Web- management system that provides the Web administrator and any associates a lot of flexibility and control over what they display to visitors, as well as rigid control over who has access to what in the management screens. In our next Daily Drill Down, I’ll take a look at the Document Template Markup Language (DTML), which provides Zope the ability to serve dynamic content in its various objects.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.

About Vincent Danen

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

Editor's Picks