Happy hacking with PloneÉric Bréhault - PloneConf 2015

We, Plone developersinvest time in Plone,build something nice and attractive,feel pround of it.

We, Plone developers

from "Les Vacances du Petit Nicolas" by Laurent Tirard

.fx: extra-large

The users play

from "Les Vacances du Petit Nicolas" by Laurent Tirard

The conflictThey loved it.We are desperate.

We retaliate

Pharmakonφάρμακον: medecine, drug, poison

Any medecine is also a poison.

My solution

Hackability is a featureIt is not a flaw.

It must be provided as a tool.

A hacking tool...to change or add whatever we want in our Plone sitethrough a modern and pleasant web interface

... not a hackable system

ZMI?

The Plone Theming editor!Already a "hacking" tool:

non-Plone experts can change the entire theme.

Diazo theory"We Write XSLT, So You Don't Have To"

Diazo realityGuess what? I am writing tons of XSLT!!

What we need

Content-to-contentOn-the-fly content changes with <before/> and <after/>.

< b e f o r e c s s : c o n t e n t = " # c o n t e n t - c o r e " > < a h r e f = " m a i l t o : c o n t a c t @ d i a z o . o r g " > A s k f o r h e l p < / a >< / b e f o r e >

Content-to-contentOn-the-fly content insertion.

< b e f o r e c s s : c o n t e n t - c h i l d r e n = " # m a i n " > < i n c l u d e c s s : c o n t e n t = " # b r e a d c r u m b s " / >< / b e f o r e >

Content-to-contentOn-the-fly remote content insertion.

< b e f o r e c s s : c o n t e n t - c h i l d r e n = " # m a i n " > < i n c l u d e h r e f = " / n e w s " c s s : c o n t e n t = " # b r e a d c r u m b s " / >< / b e f o r e >

We want morecreate our own chuncks of contentimplement our own scripts

with basic knowledge of HTML and Python

Rapido

It lives in the themeEditable through the Plone interface......or in the sources.We use Diazo to inject it in Plone.

Dead simpleno ZCA stuff,no ZPT (or any templating language),no JBOT,

Just HTML and Python

Demo

What do we get in ourcontext?

context.app

context.request

context.portal

context.content

context.api (the Plone API!!)

Is it secure?Python scripts are executed byzope.security.untrustedpython.

All the regular security stack is applied, like:

current user privileges,CSRF policy (@PostOnly for instance).

Battery includedRapido comes with a complete REST API.

GET / POST / DELETE / PUT / PATCH

It is a ready-to-use JSON backend.

Demo

Battery includedRapido provides a Plone Content Rules action.

We can hook our scripts to any Plone event.

Battery includedRapido is Mosaic compliant.

(but it does not depend on it)

Demo

Thank you!