Forum OpenACS Q&A: Templating, file storage and Web DAV

Collapse
Posted by Barry Books on
I've been thinking it would be nice to allow users to edit content in part of a page. It seems like it would be nice to be able to put a tag in an ADP file like
<cr item_id=123 revision_id=567>
and have that item magically appears on the adp page. I've looked around and I don't see anything quite like that. Am I just missing it? I realise I could write an include that does this but I'd like it a bit more integrated.

What I'd really like to do is create a subsite and mount the filestorage package. Then have a tag like

<fs src="/subsite/fs/pages/front_story.html" >
The tag would go fetch the right content and add it into the page. Then I could use the file storage package structure and persmissions to control who can put what on which pages, kinda like Macromedia Contribute. As a bonus users could actually mount the site content on thier machine and edit it.

Is there a tag like that in the templating system or do I need to write one?

Collapse
Posted by Dave Bauer on
Barry look in the old aD CMS package. There are some tags and procedures in the acs-content-repository tcl library to find a content item and get its content.

This is a goal of mine also. I would eventually like to get rid of the file-storage package completely, and be able to get any object in the same way.

Collapse
Posted by Barry Books on
I'll track down that code. It would be nice if every object (and perhaps every attribute) had a url.
Collapse
Posted by Dave Bauer on
Yes, it would be nice if every object had a URL.

One place is in acs-content-repository/tcl/publish-procs

There was some work on the <relation> tag done for the simulation package, I believe.

What you are proposing is a good way to work around the security implications of <img> tags in user contributed content. It would be nice to be able to add a photo from a photo album, or any CR folder, to a page content.

It is easy enough to add WebDAV support to any content folder that uses the content repository in a consistent manner. Although I think it will need to be smarter about what content type to use when creating a new object.

Collapse
Posted by Barry Books on
After the long security discussion my plan is to only use the main site for admin. All "user" pages will be in subsites under the main site. I'm going to add some options to sudo so that you only access admin pages from the main site and that the referer must be the main site. If you don't then you'll be directed to a policy violation page. There will be a link there to the corrisponding page on the main site.

For example if I click on the admin link subsite/admin I'll be redirected to mainsite/sudo/policy_violoation. That page will have a link to mainsite/subsite/admin. If I just type mainsite/acs-admin into my browser I'll be redirected to mainsite/sudo/policy_violation (because referer is null) but when I click on the link everything will be fine.

I also added a feature like host_node map so when you go to http://subsite.com you are redircected to http://subsite.com/subsite.

With all that I think it's pretty bullet proof (more so than most sites anyway). It would also be nice if there were no such thing as a site wide admin except under the main site hostname.