Prerequisites

• Familiarity with object-oriented programming in Python

• Familiarity with HTML

• Basic familiarity with XML

• Familiarity with "what Zope is"; see e.g. first four chapters of the Zope Book: http://www.plope.com/Books/2_7Edition

  ... don't worry, those are quick reads.

• This talk will be much easier if you've at least downloaded and played with Zope 2

Scope

• Filesystem development of a simple Zope 2 application
• Zope 2.9.0 (including Five)

Out of scope

(many of these are covered in The Zope Book)

• Through-the-Web (TTW) development ... scripts, ZClasses, etc.

• DTML

• Advanced ZPT (METAL)

• external data sources (RDBMs, LDAP...)

• i18n / l10n

• optimization

• security, mostly :-(

  Users, roles, and permissions are covered pretty well in the Zope Book. Custom Zope 2 user folders and zope 3 pluggable auth are interesting but out of scope.

• testing :-(

• administration (installation, deployment, scaling...)

• indexing (ZCatalog)

• acquisition

Also out of scope: Zope 3

The Zope 3 features described in this talk are only those that are available in Zope 2.9.

Zope 3 itself is a quite different beast.

What Zope Is

• Python application server
• Framework for developing web apps
• Evolving since 1996, open source since 1998
• best known as platform for building CMS

Features

All of these apply to both Zope 2 and Zope 3.

• Object publishing ("Z Object Publishing Environment")
• Filesystem-like object tree
• nearly transparent persistence
• very transparently transactional
• very transparently scalable
• templating (ZPT)

Z2 architecture

Arch: ZServer

never mind.

Arch: ZPublisher

• models request data as a mapping

  (with some attribute namespaces for disambiguation)

• often (in zope 2) spelled "REQUEST", but sometimes "request" :(

  in zope 3, it's always spelled "request".

• requests are derived from ZPublisher.BaseRequest.BaseRequest, specialized for the protocol, e.g. HTTPRequest.

• request has a RESPONSE attribute, derived from ZPublisher.BaseRequest.BaseResponse.

Arch: ZPublisher, continued

• Traversal and publishing

  • traverses object hierarchy based on URL
  • objects can override default traversal
  • invokes security machinery
  • calls a default method on the object (index_html or __call__)
  • return result to ZServer

  Zope 2 publishing rules are simple but a bit odd: if object is callable (i.e. __call__()), call it; or if it has an index_html() method, call that. First argument to either must be REQUEST. Also, the object must have a docstring or zope 2's publisher refuses to publish it.

  There's a bit more to it; see frighteningly long method in BaseRequest.traverse() (in lib/python/ZPublisher/BaseRequest.py)

Arch: Zope.App

• a running zope process provides a single Zope.App instance.

• is a ZODB application:

  • it is the root of your object tree.
  • contains persistent sub-objects.

• Extensible via Products

  A "Product" is Zope 2 jargon for a python package which typically contains some code to register it with the Zope app.

  Typically you drop these into the "Products" subdirectory of your Zope instance. Zope then automatically loads them on startup.

  Usually, a Product provides at least one persistent class whose instances can be stored in the ZODB.

Arch: Zope.App continued...

• provides the Zope Management Interface (ZMI)
  • "Object filesystem" metaphor for the tree.
  • ZMI is an explorer-like web GUI for managing the OFS.
• User can interact with App via ZMI in browser, or via a python prompt ("zopectl debug" command on unix).
• manages ZODB transactions (by default, one per request).

Arch: ZODB

• Stores anything derived from Persistent. (and arbitrary pickleable sub-objects)
• Transactional.
• Transparently scalable (via ZEO).

Example "Traditional" Zope 2 class: A blog post

class Z2Post(SimpleItem):
   """A simple Post."""

   meta_type = 'Zope 2 Blog Post'
   title = ''
   body = ''

   manage_options=(
       {'label':'Edit',
        'action':'manage_main',
        },
       {'label':'View',
        'action':'index_html',
        },
       ) + SimpleItem.manage_options

   security = ClassSecurityInfo()  # Needed for declarative security.

continued...

Example class continued...

def __init__(self, id, title, body):
    self.id = id
    self.edit(title, body)

security.declareProtected(EDIT_PERMISSION, 'edit')
def edit(self, title, body, REQUEST=None):
    """ Edit a post. """
    self.title = title
    self.body = body
    if REQUEST is not None:
        msg = '%s updated' % self.getId()
        url = '%s/%s?manage_tabs_message=%s' % (self.absolute_url(),
                                                'manage_main', msg)
        REQUEST.RESPONSE.redirect(url)

security.declareProtected(Permissions.view, 'getTitle')
def getTitle(self, title):
    return self.title

continued...

Example class, the end (finally)

   security.declareProtected(Permissions.view, 'getRenderedBody')
   def getRenderedBody(self):
       return structured_text(self.body)

   security.declareProtected(EDIT_PERMISSION, 'getRawBody')
   def getRawBody(self, body):
       return self.body

   security.declareProtected(Permissions.view, 'index_html')
   index_html = PageTemplateFile('z2_forms/post_view', globals())

   security.declareProtected(Permissions.view_management_screens,
                             'manage_main')
   manage_main = PageTemplateFile('z2_forms/post_edit', globals())

InitializeClass(Z2Post)

Pretty hefty for such a simple post!

Lots of zope-specific stuff sprinkled into the class body.

Zope 2 Antipatterns

That Z2Post class demonstrates a lot of what's difficult about Zope 2.

• Ad-hoc configuration

  

  lots of boilerplate python code ("dead chickens").

• Features provided by mixing in many base classes

  Huge inheritance hierarchy

  Bloated, inflexible classes

• Design is made up of many implicit / vague interfaces

  Unclear boundary between requirements and convention. This relates to previous point: "I'm inheriting from some class, but I'm not sure why I need to." These things are not spelled out unless you spend a lot of time reading the source.

• Only pluggable by subclassing

  A classic example is adding tabs to the Zope Management Interface. You can only add tabs for classes that you write; to add tabs for third-party classes, you have to monkeypatch or maintain a fork.

  (skip if short on time) In Zope 3, the ZMI gives you something to play with out of the box but it's totally reconfigurable and apparently you can get rid of it completely and build all UI from scratch (by removing some things from a config file).

• Existing (persistent) instances hard to extend

  that's somewhat overstated, but the three usual techniques are:

  • dump and reload (lots of work!)
  • embedded upgrade code in the class (when can you remove it?)
  • upgrade script - iterate all instances and modify them

We will try to avoid these antipatterns, but today (Zope 2.9.0) we still have to make some sacrifices.

Zope 3 Patterns

• "Design to an interface"

  literally, we implement Interfaces

• Features provided by small classes: "Components"

  • Shallow inheritance hierarchy
  • enables tight cohesion / loose coupling

• Components are pluggable by:

  • providing adapters to different Interfaces
  • re-composing and re-configuring collections of small classes
  • use configuration to replace components with your own

• Existing instances can get new features, via adapters

• Don't use python code for configuration

  • instead, use ZCML

  There is currently much discussion on the zope 3 developers' list about what does and doesn't belong in ZCML and in python. There is general agreement to simplify ZCML; details being hashed out now.

  The concensus seems to be that policy belongs in ZCML but machinery belongs in Python, which leaves us arguing about what counts as policy and what counts as machinery...

Zope 2 + Zope 3 = Five

• project to include zope 3 features in zope 2
• very gradually deprecating and replacing some zope 2 ways of doing things
• more and more Interfaces in the core
• "five" directives when using ZCML in zope 2 code
• work-in-progress through zope 2.8, 2.9, ...
• not all the dead chickens are buried

come to the sprint!

Common Zope 2 base classes

Although it's good to not inherit from too much at once, you still need to know these when you see them, and for some of them there's no currently easy way to use a zope 3 idiom instead.

• Persistent

• Acquisition.Implicit

• AccessControl.Role.RoleManager

• SimpleItem (inherits from all the above and lots more)

  almost all third-party Products provide classes that inherit from SimpleItem.

  Today we still have to do this.

• ObjectManager

  For containing persistent sub-objects. e.g. "Folder".

• PropertyManager

  For storing arbitrary metadata on objects.

  You get a simple ZMI edit form for free. Sometimes too flexible: if users can edit properties, they can also add and delete properties.

  The Zope 3 idiom to use instead is Annotations, but I'm not sure how well supported they are in Five yet.

• CatalogAware

  For automatically updating ZCatalog index data when the object is modified.

  in Zope 3, we instead use an events framework; much more general and flexible. I won't get into this topic.

Content and Utilities

Informally, many persistent objects in Zope can be categorized as providing either content or functionality (utilities).

Best practice: implement either but not both in one class.

So e.g. utilities should not have state except perhaps local configuration, and content should not have behavior that could be generalized to other kinds of content.

A Moment of Z3 Zen

interfaces

adapters

interfaces

Interfaces

from zope.interface import Interface

class IPost(Interface):

    """A minimal blog post.

    """

    title = ''

    body = ''

    def edit(title, body):
        """Save changes to the title and body.
        """

Interfaces look like classes with nothing but docstrings.

notice there's no "self" in method signatures.

Purposes of Interfaces

• for humans, they document what, not how
• for testing, we can verify that implementations conform to the interface
• Zope can use and adapt objects based on interfaces they provide and not care about classes they derive from.
• Terminology:
  • Classes implement interfaces.
  • Objects provide interfaces.
• Schemas: interfaces that describe content objects

A Simpler Blog Post

In the rest of this talk, we'll develop a minimal proto-blog.

We'll use some zope 3 technologies that are available in zope 2.9 today.

An Example Interface

from zope.interface import Interface
from zope.schema import Text, TextLine

class IPost(Interface):
    """A minimal blog post.

    """
    title = TextLine(
       title=u"Title",
       description=u"Displayed title of the post.",
       required=True,
       )
    body = Text(
       title=u"Body",
       description=u"Main body of the post.",
       required=True,
       )

You may notice that the edit() method is gone. We will instead use schema features to give us a nice way to modify the title and body.

A Simple Implementation

We need a class that explicitly implements our interface:

from zope.interface import implements
from zope.app.container.interfaces import IOrderedContainer
from zope.schema.fieldproperty import FieldProperty
from OFS.SimpleItem import Item, SimpleItem
from interfaces import IPost, IComment

class Post(object):
    """
    A base implementation of a blog post.
    """
    implements(IPost)

    # Using FieldProperty() for attributes allows
    # auto-validation whenever they are set.
    title = FieldProperty(IPost['title'])
    body  = FieldProperty(IPost['body'])

Making it persistent

To store data in the ZODB, a class must inherit from Persistent:

from persistent import Persistent

class Post(Persistent):
    """
    A persistent implementation of a blog post.
    """
    ...

register the class as addable in zope 2

<configure
    xmlns="http://namespaces.zope.org/zope"
    xmlns:five="http://namespaces.zope.org/five"
    xmlns:browser="http://namespaces.zope.org/browser"
    >
    <!-- First, tell the system about our IPost interface. -->
    <interface
        interface=".interfaces.IPost"
        type="zope.app.content.interfaces.IContentType"
      />
    <!-- Create a new permission for editing and managing posts. -->
    <permission
        id="slinkblog.ManagePosts"
        title="slinkblog: Manage posts"
      />
    <!-- Register blog.Post as a zope 2 addable "product".
         This does the equivalent of zope 2's registerClass().
     -->
    <five:registerClass
        class=".blog.Post"
        meta_type="Slinkblog Post"
        permission="slinkblog.ManagePosts"
        addview="post_addform"
     />
</configure>

Content Types

<!-- Register blog.Post as a viewable zope 3 content type,
     with security protections. -->
<content
    class=".blog.Post">
  <require
      permission="zope2.View"
      interface=".interfaces.IPost"
      />
  <require
      permission="slinkblog.ManagePosts"
      set_schema=".interfaces.IPost"
      />
</content>

In zope 3 and Five, a content type is simply a component that can be added and displayed by the system. Here we declare that the zope2.View permission applies to viewing all attributes declared by the IPost interface, and with the "set_schema" attribute we declare that the slinkblog.ManagePosts permission applies to modifying all attributes and calling all methods defined by IPost.

This replaces all the security.declareProtected() calls we used to have to do. It's a lot shorter when you want to protect multiple attributes with the same permission.

Creating a Simple UI: Add Form

One nice thing about schemas is that they allow you to automatically generate simple forms.

<!-- Auto-generate an add view, i.e. an html form for
     adding Posts.  -->
<browser:addform
    schema=".interfaces.IPost"
    content_factory=".blog.Post"
    label="Add Slinkblog Post"
    name="add_blog_post"
    permission="slinkblog.ManagePosts"
    />

Unfortunately, in order for this to work, we have to sacrifice a few chickens to the spirits of Zope 2. First some ZCML.

<!-- in order to get to those add forms, we need the z3
     add view "+" to be traversable in zope 2 ObjectManagers,
     e.g. Folders. -->
<five:traversable class="OFS.Folder.Folder" />

Creating an Add View, continued

If we want to add Posts to standard Zope 2 folders, the class must inherit from SimpleItem :-(

class Post(Persistent, SimpleItem):
    ...

The reason for inheriting SimpleItem is that Zope 2 folders call a number of post-add methods on objects that you add to them; if those methods don't exist, you get errors.

This is not necessary in Zope 3. Hopefully, we can eliminate the SimpleItem requirement some day, and have the Five ZCML directives take care of this behind the scenes.

Making an Edit Form

 <!-- Auto-generate an edit view.
      Note that the "for" attribute is NOT optional
      in zope 2.9.0. -->
 <browser:editform
     schema=".interfaces.IPost"
     for=".interfaces.IPost"
     name="post_editform"
     label="Edit Slinkblog Post"
     permission="slinkblog.ManagePosts"
     />
<!-- Edit form won't be available in z2
     unless we declare the class traversable. -->
<five:traversable class=".blog.Post" />

Creating a View

Now we can add and edit Post instances. But we can't really view them!

Informally, there are two kinds of views:

• Render content for output
• Helpers for other views

A View Class

This example only concerns itself with the body:

class PostView(BrowserView):

   """Adapt an IPost into a view.
   """
   def render_body(self):
       """
       Render the body of an IPost as structured text.
       """
       # This stx implementation can only handle ascii.
       return structured_text(self.context.body.encode('ascii'))

The Template

<html
 xmlns:tal="http://xml.zope.org/namespaces/tal"
 xmlns:metal="http://xml.zope.org/namespaces/metal"
 >
<head>
 <title tal:content="context/title">The Post Title</title>
</head>
<body>

 <img src="++resource++post.png" style="float:left" />
 <h2 style="text-transform: capitalize;"
     tal:content="context/title">The Post Title</h2>

 <div tal:content="structure view/render_body">
   Body Text Goes Here
 </div>
 <div>
   <a href="@@post_editform"
   tal:attributes="href string:${context/@@absolute_url}/@@post_editform">
   Edit this post</a>
 </div>

</body>
</html>

The Configuration

First, create the view:

 <browser:page
  for=".interfaces.IPost"
  permission="zope2.Public"
  name="view_post.html"
  template="view_post.zpt"
  class=".blog.PostView"

/>

Next make it the default view for this class:

<browser:defaultView
  for=".interfaces.IPost"
  name="view_post.html"
/>
<five:defaultViewable class=".blog.Post" />

Summary

We have now reimplemented the complete old-style content class with much less gunk in the class body.

This means you can pretty easily take existing classes and hook them up to Zope 2 / Five just by writing configuration. If you need persistent instances, write a tiny subclass that mixes in Persistent. (And SimpleItem, for now, ugh.)

Demo

here I'll show this minimal blog running.

Adapters

• you have an object that provides a feature (an interface)
• you want to provide another feature (another interface)
• write an adapter that, given any provider of the first interface, returns something that provides the second interface
• register your adapter for those interfaces
• zope can use your adapter automatically

Very flexible!

Adapter Example

You've already seen one! Views are adapters.

Views are set up by special ZCML. Other kinds of adapters can be applied manually by calling the interface that you want to adapt to, with the object to adapt as argument. In Python:

foo = IFoo(bar)

A bit of ZCML is needed to set this up:

<adapter provides="IFoo"
  for="IBar"
  factory="some_callable"
/>

Other Five features I didn't get around to

• zope.formlib and zc.form, nicer ways to do views and forms

  I haven't used these, but there's an interesting post from Jeff Shell on the z3-dev mailing list. http://mail.zope.org/pipermail/zope3-dev/2006-February/018273.html

Wrapping up

some miscellaneous advice follows.

THE PERSISTENCE GOTCHA

Watch out for mutable sub-objects! ZODB doesn't automatically know when these have changed.

class Pets(Persistent):

   def __init__(self, id='my pets', names=[], kinds={}):
       self.id = id
       self.names = names
       self.kinds = kinds

   def setId(self, id):
       self.id = id  # No problem here.

   def addPet(self, name='', kind='cat'):
       self.names.append(name)
       self.kinds[kind].setdefault(0)
       self.kinds[kind] += 1
       # Must notify ZODB that self.kinds changed!
       self._p_changed = 1

Persistence Gotcha, continued

• This is tedious.
• Storage bloat! Complete copy of self is persisted.
• Increased risk of write conflicts
  • app gets slower
  • under load, zope's automatic conflict resolution may eventually fail and some users may lose

Solution

from persistent.list import PersistentList
from persistent.mapping import PersistentMapping

class Pets(SimpleItem):

   def __init__(self, names=[], kinds={'cats': 0, 'dogs': 0}):
       self.names = PersistentList(names)
   self.kinds = PersistentMapping(kinds)

   def addPet(self, name='', kind='cat'):
       self.names.append(name)
       self.kinds[kind].setdefault(0)
       self.kinds[kind] += 1

Better solution: use BTrees.

BTrees handle much larger data structures; provide conflict resolution when multiple threads modify one mapping.

But not a 100% drop-in replacement. Very similar usage to dicts, but need to write a wrapper if you want list-like behavior.

from BTrees.IOBTree import IOBTree

   def __init__(self, names=[], kinds={'cats': 0, 'dogs': 0}):
       self.names = IOBTree([(i,n) for (i,n) in enumerate(names)])
       self.kinds = OIBTree(kinds)

See: http://www.zope.org/Wikis/ZODB/FrontPage/guide/node6.html#SECTION000630000000000000000

Resource Links

Random Things You Will Want

• options to enable in zope.conf:

  debug-mode on
  
  verbose-security on
  
  security-policy-implementation python
  

• ExternalEditor: http://plope.com/software/ExternalEditor/ - use your favorite editor to edit Zope objects

• DocFinderTab: http://www.zope.org/Members/shh/DocFinderTab - browse an object's inheritance hierarchy and docstrings through the ZMI

• Zope Profiler: http://www.dieter.handshake.de/pyprojects/zope/#bct_sec_3.8

• ZopeTestCase: http://www.zope.org/Members/shh/ZopeTestCaseWiki/FrontPage very useful for setting up zope 2 application "init" tests and integration tests.

Q&A (5+ minutes)