Tom, My modification of the css has nothing to do with security. It is to simplify the UI for general users. And I use the zmi not because it is easy but because it is proven. If you have any specific examples of the management nightmare created by using zmi as a cms I would very much appreciate hearing about them. I think all websites are a management nightmare! (but it doesn't stop facebook from becoming a platform, eh?) :) Thanks, Tim On Jan 17, 2008 8:36 AM, Tom Von Lahndorff <tom@modscape.com> wrote:
There's nothing wrong with the ZMI. You're just try to hack into some kind of cms rather than just build one. Hiding a link with css is nasty hack and major security issue. While it may seem like what you're doing is an easy path to a quick cms, you're really just setting yourself up for a management nightmare. I'd recommend reading through (all of) this:
http://www.zope.org/Documentation/Books/ZopeBook
On Jan 17, 2008, at 10:17 AM, Tim Nash wrote:
Tom, Thanks but I think I am almost done. I have replaced the old <style> calls with id="Find" id="Properties" etc. by access the sequence. Then I added css code at the top of that same file (I think it is manage_tabs.dtml, I'm not on that computer right now). So now I can format the tabs anyway I want. There is also a little bit of javascript that checks window.parent.location and applies changes to the tabs if the user hasn't logged into the base directory.(only available to the admin).
My thinking is that the zmi is battle tested. I'd rather use something that many people have already been using. Plus, from my perspective, it looks to me like the zmi just needs a little updating. Incorporating style sheets, etc. and it can have a new life.
zope 3 people: zope zmi, dtml are fast and really useful, please don't toss these valuable tools!
On Jan 17, 2008 6:25 AM, Tom Von Lahndorff <tom@modscape.com> wrote:
You really should be writing a custom UI for this rather than hacking the ZMI. It will probably take less time, be much more manageable, flexible and secure.
On Jan 16, 2008, at 8:05 PM, Tim Nash wrote:
The other important difference between ajax loaded pages and iframes is that when you click on a link within an iframe page, the returned page is loaded into the same iframe. If I am not being clear, please check out this png file. <a href="http://medicinebrain.com/iframe.png"> http://medicinebrain.com/iframe.png </a> In this png I did a search for DML Docs within a tab panel and the search results are loaded into the same tab.
BTW, I would like to simplify the zmi even more for my users. I want to hide various tabs (eg. security, find, etc) and I want to restrict the number of products they are shown in the drop down box for adding to a folder. However, I still want to offer complete zmi functionality to the overall administrator. I can probably hide the security tabs using css (the overall admin won't load the css sheet) but how can I control the products displayed to a user in the folder view of the zmi?
Thanks, Tim
On Jan 16, 2008 9:54 AM, Andreas Jung <lists@zopyx.com> wrote:
--On 16. Januar 2008 09:33:58 +0100 Tino Wildenhain <tino@wildenhain.de
wrote:
Tim Nash wrote: > Jurian, > While the ZMI is a bit geeky for the average user, it works quite > well inside an iframe. > iframes are used by many ajax/web2 (whatever you want to call it) > libraries. So in my application (for example) I currently make > ajax > calls to load specific zmi pages inside tabs of a window layout.
IFRames. You should avoid those. With ajax or similar its easy to skip such stuff and just replace any named container tag.
Iframes are still a valid choice in case asynchronous won't work e.g. when you need to load resources from servers != your origin server. Due the security model of asynchronous requests, a browser will only load stuff from the origin server. Iframes are a way to work around this limitation - ugly as you said, but sometimes a good workaround.
Ansdeas
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )