Netsight Blog

In a standard (Plone 3.1) site, when you go to folder contents, any Images and Files that are included in the listing automatically have "/view" appended to their hyperlink (so that you get the content view rather than the raw data). If you subclass ATImage, you don't get this by default which causes problems for content creators (they click on an Image and can't get to the "edit" tab).

The solution is to add your custom types to the site properties field "typesUseViewActionInListings".

The folder_contents template (code defined in plone/app/content/browser/foldercontents.py) uses this to determine which URLs to append '/view' on to.

We have a requirement for an experienced Python/Zope developer to come work on a client project with us here in the UK. The contract will be for approx 10 weeks starting as soon as possible, and will be based in our offices here in Bristol with some time on client site. Unfortunately telecommuting in this instance is not possible -- we need someone physically on site here.

You will be working alongside a couple of other great guys, working on a system that combines Zope 2 and SQL (not Plone) adding additional functionality to an existing system. It is hoped that the new code will be written in a much more modern style using Zope 3 libraries and Five, but a good portion of it is likely to be old-skool Zope 2 development via the ZMI. The role will also involve some HTML/CSS work and writing ZPTs.

So, if you are interested and able to come over to the UK to start work very soon (we can arrange accommodation, etc) then drop me an email (matth@netsight.co.uk) with some details of yourself and your experience.

Two weeks ago, we had a stand at Internet World in London. One thing that happened quite bit was people came up to us asking 'So I've heard of Drupal/Joomla, what does Plone offer?' and I would explain to them about some of the features Plone has making it ideal for deployment and integration in an Enterprise. I was going to write up about some of these points, but didn't get a chance to until now as something has pushed it back to the front of my mind again:

I've just been in a case study presentation of the Honda Italia Intranet at the European Plone Symposium in Sorrento. They have built a fantastic intranet in conjunction with Abstract Open Solutions. What was great to see was the process they went through in ending up using Plone. They worked with a consultancy firm who helped them to work out what their Intranet requirements were, and what they needed to be able to do.

They went through a very thorough process involving chatting with over 100 stakeholders in the organisation directly, and getting about 1000 staff to respond to a survey on what was going on. Card sorts were done, IA maps were drawn out, requirements prioritised. Only after all of this did they start looking at Content Management Systems and after doing a comparison of three Open Source and three Proprietary systems, they chose Plone.

I'm going to present just two specific killer features Plone has that sets it way above some other CMSs, both Open Source and Commercial.

Authentication

Something that Bruno Ripa from Abstract talked about in the presentation was Honda's complex authentication requirements. Well I say 'complex', but in fact from our experience its actually pretty normal within any large corporation. Their user authentication was spread over three active directory systems, one LDAP server, one SQL server, and a web services system. They needed to be able to combine all of them to provider all of their user information to their intranet -- a requirement that put quite a few, even large commercial, CMSs out of the running.

Plone is built upon Zope which allows us to us Zope's Pluggable Authentication Service (PAS). It is a powerful and flexible system that allows you to have separate (and multiple) plugins to handle all the different aspects of users. There are in total about a dozen different steps that plugins can be used for, but just a few of these steps are:

• Extracting credentials from the user
• Authenticating the user
• Storing and managing properties and information about the user
• Searching and listing users and groups
• Assigning users to groups

This allows you to easily configure Plone to fetch information about a user from a multitude of sources around a corporation. You could authenticate them against several sources, and then fetch information about the user from a multitude of other places and combine them all.

Its flexible enough to allow you to use a variety of PAS plugins each to do the specific functions you want without having to use all or nothing. It also allows you to take the majority of your information from a central corporate source but then override or augment some of the information from a local source. Great for when you want your intranet to store some specific additional data on your users that is not suitable to go in a central source (or the powers that be won't let you!).

For more detailed, technical view of this and how we use it in a real example, see this blog entry on PAS.

Internationalisation

Another really killer feature for Plone that is lacking in quite a few CMSs is the ability to support and manage multilingual content.

By default Plone comes out of the box translated into over 50 different languages, and has a very simple system for allowing 3rd party developers and site customisers to provide translation strings for their products. An add-on for Plone called LinguaPlone provides a simple mechanism for creating and managing translations of pieces of content in your site. Once installed you simply choose 'Translate into...' and pick a language. Plone will then create a copy of your piece of content and present you the two versions side-by-side ready for translation.

The contents language variants are linked together and even if you move a piece of content to somewhere else in the site it will remain linked to its translations. This allows you to have different site structures for different languages, but still easily switch between languages of a piece of content.

This product can simply be added into Plone at any stage of a site's life and viola! you have multilingual content support with a minimum of hassle. This means unlike with products like Sharepoint, you don't have to plan ahead to use multilingual features from the outset, and it allows you to translate an entire site, or just a few pages as necessary.

This is a more technical look at one of Plone's great features for the Enterprise, its authentication system. If you just want to know the high level benefits then read the previous post, if you want to know the nuts and bolts of a real world scenario then continue reading...

To recap, Pluggable Authentication Service (PAS) allows you to break up the authentication process into small steps and have individual plugins deal with each step.

But how does this work in reality? We have a client we are developing an intranet for whom need NTLM authentication. NTLM is quite a complex challenge/response mechanism, but allows users on Windows PCs to be transparently logged in to a web server using the credentials they supplied when they logged in to their workstation. We had to write a plugin for this as there wasn't one for Plone around (and we'd already done some NTLM work many years ago, so knew how it worked).

The NTLM plugin was responsible for telling the web browser to use NTLM (ChallengePlugin); extracting the credentials from the user (ExtractionPlugin); and actually authenticating the user (AuthenticationPlugin). So that gets the user authenticated, but all we know is the users username then (which in this company is just a random number). We need to get some more information about them such as their real name and their email address. Well there is an existing add-on PAS plugin that can get that for me, LDAPMultiPlugin. I can configure the LDAP plugin to look up information from Active Directory: the user's name and email address (PropertiesPlugin); Search/List all users in the company (UserEnumerationPlugin). I can also use the same plugin to lookup what groups a user is a member of (GroupsPlugin).

So, we are authenticating a user via one source and then looking up further information about the user and their groups from another source. However we want to assign the users roles in the intranet. This information is just specific to the intranet, and so whilst could be stored in LDAP it probably wouldn't make much sense, and we should probably store it locally. That's not a problem, as Plone comes with the ZODBRoleManager plugin which stores the roles locally.

We can even take this a step further: as setup above, every request to the web server causes a lookup to the domain controller server to do the NTLM authentication, which is a bit of a waste. Plone comes with a 'session' plugin which uses a cryptographically signed cookie to authenticate users which can be enabled for extracting credentials (ExtractionPlugin) and authenticating (AuthenticationPlugin). We now have two separate authentication plugins, NTLM and session. Plone will try both of them to authenticate a user and stop once it is successful, so if we put the session plugin at the top of the list that will be tried first, then if that doesn't work (ie this is the user's first visit to the site this day) it will try the NTLM one.

I always forget how to do things like this as I do not have to do them very often so I thought I would blog about it.

We've had a couple of projects here at Netsight where customers have required customised image content types in their plone sites. All very easy to do but an issue arrives when you want to be able to use this new content type in Kupu.

Say you created a new Image content type called CustomImage and added one in your plone site. Then you create a new page in your site and want to use this image in that page. To be able to use your new content type in kupu you need to modify new kupu.xml. If you do not already have a modified kupu.xml the easiest way to create one is to got to portal_setup in the zmi and export 'Kupu Settings' then move this into the 'default' folder inside 'profiles' in you content types product.

Add the following line (replace CustomImage with your own content type's name):

     	<type>CustomImage</type>

into the following location like so:

	<resource id="mediaobject" mode="whitelist">
		<type>CustomImage</type>
		<type>Image</type>
	</resource>

Once you have reinstalled your product (and reindexed the catalog) you should be able to insert an image, that already exists and is your new content type, into a kupu document.

To be able to upload an image from inside kupu you'll need to do another step. You have to override what content type is created when you upload from within kupu. In profiles/default create a new file called contenttyperegistry.xml and add the following code (replacing 'CustomImage' with your image content type name).

<?xml version="1.0"?>
<object name="content_type_registry" meta_type="Content Type Registry">

  <predicate name="ATImage_ext" content_type_name="CustomImage"
     predicate_type="extension">
   <argument value="jpg,jpeg,png,gif"/>
  </predicate>
  <predicate name="image" content_type_name="CustomImage"
     predicate_type="major_minor">
   <argument value="image"/>
   <argument value=""/>
  </predicate>

</object>

Once again after reinstalling your product and reindexing the catalog, you should be able to upload your new custom image content type from within kupu.

I hope this is useful to more people that just me.

Adrian

We just got back from the Internet World Expo in London's Earls Court so I thought I'd do a bit of a writeup on the expo, and how it all went.

A bit of background, Internet World is a pretty big 3-day expo with 300 exhibitors there, with Content Management, Digital Marketing, Mobile Media, eCommerce and Online Information being amongst the main themes. There were also six themed theatres with over 200 seminars across the three days. There is quite a bit of money being spent there with some pretty impressive big stands from the commercial CMS players.

Logistics & Stand

Things started a bit fraught, with us turning up at about 8pm the evening before with a van full of stuff for the stand to be told that unlike what it said on all the literature the organisers had sent us, the loading bays were closing at 8:30pm, not 10pm. We managed to talk them into letting us in, but then had to rush pretty quick to get everything unloaded and the stand setup.

We had a slightly smaller stand than we did in December at IMS, being only 2m x 2m, but we managed to cram quite a bit in with two 24" iMacs on the stand mounted on nice 4-legged stands which allowed the screens to be easily rotated to show people demos. We has a Plone pull-up vertical banner in the background between the two computers, and a literature stand at the front with Plone brochures in. A last minute addition was a bunch of customer logos printed off and put in frames hung from the stand. A decision that paid of quite a bit as a few passers by came to talk to us due to seeing their company/competitor/peer listed there. Oh and we had our Netsight polo shirts and Plone jackets to complete the picture.

In terms of staff on the stand, we had three people from Netsight, Astra (Marketing Manager), Chris (Operations Director), and myself (Technical Director). The general flow was similar to that we used at IMS with Astra initially talking to people and finding out what they wanted to know and then passing them on to either Chris or myself to show demos of Plone and talk them through some of the site's we've designed.

The internet connection at the show was pretty bad to start with, but improved later on. Quite amazing the amount they charge for it, then can't really deliver. Ironic for a show entitled 'Internet World'. We might just go for 3G dongles next time.

Literature

In terms of literature, we had a load of glossy Plone brochures we had produced, with a page of Plone info, a page on Open Source and a section on the back about Netsight. We also had Netsight corporate brochures, and Top 15 Questions about Plone leaflets as designed by Gabrielle at Six Feet Up and put together by the Plone Marketing Committee. I created a variant that works with A4 paper, and also produced an A3 poster version which we had stuck up on the edge of the stand too.

Day One

Day one started quite slow as people first started to come into the show, but after an hour things had picked up and we had a steady stream of people coming by the stand. We were doing a fair number of demos and talking to people. One thing that I found interesting was the number of people who came up asking 'I've heard about Drupal/Joomla, how does Plone compare?'. At one point this was pretty much every other person who came to the stand with the 15 Questions leaflets being handed our readily.

By mid day we were pretty much flat out with Chris and I doing demos non stop and collecting contact details for people interested in hearing more about Plone. By the end of the first day we were pretty exhausted... and with very sore feet!

Day Two

Day Two was similar to the first day, starting quite quietly, but in total was probably the busiest day of the three. I had a chance to wander around the show a bit and there was most of the big commercial CMS players there. Of the Community Open Source projects there was only Plone, and on the Commercial Open Source side there was Squiz with their MySource Matrix product. There was a big pavilion near the entrance for Magneto eCommerce, also Open Source.

We had a number of people come to the stand and say 'Looks interesting, but we are going for Sharepoint'. I managed to explain the differences between Plone and Sharepoint to a few of them, and showed them some very heavily corporate branded Plone intranets we have developed and then showed them some of the business specific applications we had built directly in the intranet and they were pretty impressed. As an example, for one client, we built an application in their intranet that allows them to visually see on a set of globes the locations of their current advertising campaigns worldwide. They can click on an icon on the globe and be shown the video of the television campaign or listen to the audio of the radio campaign, complete with transcripts and translations of the advert. This is an example of something going very much beyond normal 'content management' and where Open Source is so powerful as it allows you the flexibility to extend a CMS way beyond its original functions.

I had a chance to talk to Tony Byrne at the CMS Watch stand about Plone, Zope and the future roadmap of the projects. He was asking if Zope Corp was still around as they didn't seem to do much other than hosting these days. I explained to him the recent discussions about how the Zope 3 application server might soon cease to be actively developed but how the libraries, now known as the Zope Toolkit which are a core part of Plone, and used by a number of other projects such as Zope 2, BFG, Grok are going from strength to strength. One of the main goals for Plone 4 is to strip out a lot of un-needed code, and produce a much leaner, smaller, faster default install. We also talked about the stages that Open Source projects go through and the fact that Plone has a much more defined and controlled development process than many other projects. We also have a much better governance structure than competing Open Source projects with the Plone Foundation in place.

I attended a seminar entitled 'Open Source Software and Lightweight Software Implementations for Central Government' presented by the UK Borders Agency and a consulting firm Digerati. The title of the talk was actually quite misleading, and the talk as a whole basically a thinly veiled attempt to lure people in to talk about Open Source, but then discredit it. The presenter started to describe how they wanted lightweight, iterative development processes and how they 'needed a CMS to evolve and grow with the organistion'. They then said that with Open Source you can end up with a mix of different technologies that end up a support nightmare, and so best to go for a Commercial CMS as the core and build around that. In the case of the Borders Agency the speaker said that they ended up implementing much of the functionality they needed outside the CMS as they didn't want to go through the hassle of dealing with customising a heavyweight CMS system. A solution that seems to totally contradict their requirements. Surely if they had chosen an Open Source CMS then they would have had the flexibility to extend it to their requirements rather than have to operate outside the CMS due to its inflexibility? I tried to bring this point up as a question afterwards, but the presenter did a fantastic politicians answer (avoiding answering the question asked and just agreeing with an unrelated point) and just replied about how good an iterative development process is.

Day Three

The last day we were one person short on the stand as Chris had to go to a client meeting, leaving just Astra and I manning the stand. Luckily it started quite quietly at the show, and Astra was able to do some demos for clients as well.

I was talking on a panel discussion on Open Source vs Commercial CMSs, which was due to be quite an interesting and possibly contentious talk. There were three panelists representing the spectrum from the commercial at one end (Sitecore) to the commercial open source in the middle (Squiz MySource Matrix) to the community open source at the opposite end (myself representing Plone). The panel was moderated by Tony Byrne from CMS Watch who gave a brief run down of the state of the market and to set the scene for the debate. He had a set of about five questions to ask the panel such as:

• What are the key strengths and weaknesses of each approach?
• How can you give yourself certainty that the solution you go with will be supported now and in the future?
• Are there any security/reliability/scalability concerns you need to bear in mind with each approach?
• "Out of the box" solution or platform for customisation?

I'm hoping that the video of the talks will be made available soon as I can't fully remember all of what was discussed. Someone did live tweet it though. For much of the discussion, Steve from Squiz and myself agreed on many of the key strengths of Open Source, namely the transparency of the organisations, and how the code and bug trackers and the likes are open for inspection. Steve made quite a good point with Open source in that if you go to one company and they quote you £100K for a feature and then go to another and they quote you £20K then you know something is up. By being open and having a multitude of implementation partners is keeps the companies honest.

With regards to future supportability I made the case that Open Source systems are not reliant on a single vendor, and in the case of Community Open Source such as Plone, even the development infrastructure, and tools such as user forums, trackers, source code repositories are not controlled by a single company. With Commercial or Commercial Open Source there is one dominant company to do any integration and customisation work, whilst with Community Open Source there are hundreds and you can pick the best one to fit your own organisation -- you want a low cost one-man-band? or do you want a big development company with Prince 2 project management?. Not only that, but different companies have different specialties in different sectors. If I want Plone development on Microsoft platforms I know the likes of Enfold are good at that. If I want someone who knows NGOs and campaign management I'd likely give One Northwest a call.

Everything on the debate was actually pretty civilized and (to the disappointment of some attendees) the gloves didn't really come off. The most contentious point was probably a question from the chair on costs. A scenario was given and we had to give a range of costs. Both Squiz and myself were able to give a rough ballpark idea, but the representative from Sitecore could only give his licensing fee costs as said implementation costs were up to development partners. Fair enough I suppose, but then he did go on to assert that their product would be cheaper than any Open Source implementation, and that they had paid Forrester to do an ROI study and that proved the case. Oh really? That's not really a surprise is it?

In closing I stressed that with Open Source you are in control of your budget and in control of the flexibility of your system. You can determine how you want to extend it and not be beholden to a single supplier.

I got back to the stand and I don't think my mouth shut for the next 2-3 hours. Astra had been holding the fort on her own for the past hour, and the tidal wave of people that came over after the talk was fantastic. Quite a lot of positive comments from people who had been in the seminar and one in particular who was really excited about the whole notion of Open Source and how it meant she could tailor her development spend to fit her budget much better and slowly develop features and additional sites as she needed.

Conclusion

The expo was great, and there were a number of people who came up saying they already use Plone in their organisation. There was one guy who had just recommended it to his boss (who was also there), so was really pleased to see us there as it gave more visibility of the project (and his decision) to his boss. One person came up after the talk and said the only thing they didn't understand was why wasn't all software Open Source.

A lot of people know of other Open Source projects now, esp Drupal and Joomla. Something that has changed in this type of expo in the past few years.