[Zope] Re: posting data to a class method
Dylan Reinhardt
zope at dylanreinhardt.com
Tue Oct 14 12:39:01 EDT 2003
On Tue, 2003-10-14 at 07:47, Ted holden wrote:
> Dylan,
>
> The thing one would really want to do with the set method for a global
> variable would be to allow a user to enter data from a form and set it.
I'm not sure what you mean by "global" in this context but you can set
values from a form, no problem.
Everything below is indented one level in from your class statement.
-----
def __init__(self, ...)
...
self._data = {}
thank_you = DTMLFile('thanks', globals())
def form_proc(self, REQUEST):
""" You must have a docstring here """
expected_fields = ['spam','ham','eggs']
for field in expected_fields:
self._data[field] = REQUEST.form.get(field)
self._p_changed = 0
return self.thank_you
------
Now all you need is to create a form that posts to object_name/form_proc
and contains the right fields.
This is a very simple example, but demonstrates several key concepts:
1. Basic validation. You don't *ever* want to just take whatever
shows up... go looking for what you expect to find.
2. Tainted strings. Any user-supplied string that contains certain
characters is marked as tainted. Using REQUEST.form.get marks it as
untainted, while REQUEST.get leaves it as it is.
3. Docstrings. Zope will not publish a method unless it has a
docstring and begins with an alphanumeric character (i.e., not an
underscore). Unless a method conforms, it will not be possible for
any user to request it directly. Unpublished methods can still be
called by other objects.
4. Persistence. Zope maintains persistence on strings and numbers just
fine, but has no way of knowing if a list or mapping has changed.
The self._p_changed assignment marks your object as changed so that
the persistence machinery can do its work. There are other ways of
accomplishing this, but I wanted to make sure you didn't get much
further along without at least hearing about it.
5. You can return dtml (or zpt) objects. Never use a product to create
significant amounts of HTML... that's as bad a sin as using dtml for
heavy logic. :-)
Before you go much further, I'd *highly* recommend reading the Zope
Developer Guide. Zope is a quirky beast and there are difficulties
lying in wait.
And if you're not already a Python wiz, I'd dig into that more deeply
too... there's a lot of OO voodoo just below the surface here and if
you're not already fluent in how that works, you'll miss a lot of what's
possible.
HTH... happy hacking!
Dylan
More information about the Zope
mailing list