[Zope] Re: posting data to a class method

Dylan Reinhardt zope at dylanreinhardt.com
Tue Oct 14 12:39:01 EDT 2003 

On Tue, 2003-10-14 at 07:47, Ted holden wrote:
> Dylan,
> 
> The thing one would really want to do with the set method for a global 
> variable would be to allow a user to enter data from a form and set it.

I'm not sure what you mean by "global" in this context but you can set
values from a form, no problem.

Everything below is indented one level in from your class statement.

-----

def __init__(self, ...)
    ...
    self._data = {}

thank_you = DTMLFile('thanks', globals())

def form_proc(self, REQUEST):
    """ You must have a docstring here """
    expected_fields = ['spam','ham','eggs']
    for field in expected_fields:
        self._data[field] = REQUEST.form.get(field)
    self._p_changed = 0
    return self.thank_you

------

Now all you need is to create a form that posts to object_name/form_proc
and contains the right fields.

This is a very simple example, but demonstrates several key concepts:
 1. Basic validation.  You don't *ever* want to just take whatever 
    shows up... go looking for what you expect to find.
 2. Tainted strings.  Any user-supplied string that contains certain
    characters is marked as tainted.  Using REQUEST.form.get marks it as
    untainted, while REQUEST.get leaves it as it is.
 3. Docstrings.  Zope will not publish a method unless it has a 
    docstring and begins with an alphanumeric character (i.e., not an
    underscore).  Unless a method conforms, it will not be possible for
    any user to request it directly.  Unpublished methods can still be 
    called by other objects.
 4. Persistence.  Zope maintains persistence on strings and numbers just
    fine, but has no way of knowing if a list or mapping has changed.
    The self._p_changed assignment marks your object as changed so that 
    the persistence machinery can do its work.  There are other ways of
    accomplishing this, but I wanted to make sure you didn't get much 
    further along without at least hearing about it.
 5. You can return dtml (or zpt) objects.  Never use a product to create
    significant amounts of HTML... that's as bad a sin as using dtml for
    heavy logic.  :-)

Before you go much further, I'd *highly* recommend reading the Zope
Developer Guide.  Zope is a quirky beast and there are difficulties
lying in wait.  

And if you're not already a Python wiz, I'd dig into that more deeply
too... there's a lot of OO voodoo just below the surface here and if
you're not already fluent in how that works, you'll miss a lot of what's
possible.  

HTH... happy hacking!

Dylan

More information about the Zope mailing list