Planet Plone

This is where developers and integrators write about Plone, and is your best source for news and developments from the community.

March 31, 2015

Andreas Jung: New hands-on training "Generating high-quality PDF documents from XML and HTML using CSS Paged Media"


Our hands-on training "Generating high-quality PDF documents from XML and HTML using CSS Paged Media" teaches you to generate high-quality PDF print layouts with HTML or XML as input and Cascading Stylesheets for the definition of print layouts and styling.

Abstract Technology: Plone Open Garden is warming up, get ready for a week of Plone activities

by Maurizio Delmonte at 2015-03-31T10:49:16Z

PLOG is on April 7-11 in Sorrento, Italy, and the Plone Strategic Summit is 2015 main focus.

March 28, 2015

Davide Moro: Pyramid exceptions logging

by davide moro at 2015-03-28T13:34:54Z

If you want to log exceptions with
If you want to log exceptions with Pyramid ( you should start reading carefully the following resources:
and once enabled pyramid_exclog check your tween chain order as explained here

If you get in trouble some some reason, maybe you'll find this article helpful in some way. Depending on how you serve your application, it might happen that your .ini configuration logging settings are not considered at all.

Covered arguments in this post:

Paul Roeland: Quick fix for Plone 4.3.x template that’s not mobile-friendly


If you’re running a Plone 4.3.x (and earlier) site, you might have found Google Webmaster tools complaining about mobile friendliness. On inspection, most of that comes from one single template, 

That’s the one that displays images in their original format when clicked upon, like News images. Many sites will have their own lightbox or jquery popup anyway, but the googlebot still finds the original link.

It takes three lines to fix this. There’s a pull request already, (UPDATE: merged already, thanks Nathan) but if you’re a site administrator you can also change this one in the ZMI. (It’s under ‘portal_skins’, ‘plone-content’, from there you can customize). 

Of course, if you have a theme-product it’s better to override in there, but if you’re not that advanced, you can just use the ‘custom’ folder. I won’t tell ;-)

You do want to address this, as Google will deduct karma points for mobile users.

March 27, 2015

Benoît Suttor: How I made my wedding site

by Benoît Suttor at 2015-03-27T06:39:29Z

So I'll getting maried !

I decide to make a website for my wedding with a list of gift, my honneymoon, presentation of my witnesses and so on.

I was looking for a litlle CMS with a "list of gift" (an online shopping) which can be installed on cheap and reliable hosting (An it's when I loose Plone)

Pyramid vs Django

I started looking on Pyramid (because I'm a Plone/Zope dev). I thought Kotti, but I didn't find a way to make easily gift, and I thougt project looks cool, but it'was maybe a little young for my kind of requirements. I didn't find good solution on pyramid for a wedding list. 

Such as I have some exprience in Django, And in my daily work, we started intereset on Geonode for GIS project.

-> I started looking on Django !

Django CMS vs Mezzanine

Django CMS and Django CMS e-commerce plugin. But it seems this project is a almost dead ? Last commit on github make me septic.

With little search, I found Mezzanine and Cartridge. I try it and It seems perfect for my porject, So I choose it !


My first choose was OVH, because it's very cheap (5€ / month). But with little search, it is almost impossible to create a complex Django site (by complex, I mean a "Mezzanine" Django site, and it's not very complex). I pursued my searching... And I found Webfaction. They have local pythons, postgres, 600Go data for 10 € / month. It looks perfect for me, except they do not manage domain name directly. So I host my wedding site on webfaction and my domain name on OVH.

Maybe I could made an heroku Django website, but I was little affraid about complexity.


Next step is to create an online shop with Kotti or with Pyramid !

Mikko Ohtamaa: Testing web hook HTTP API callbacks with ngrok in Python

by Mikko Ohtamaa at 2015-03-27T00:49:48Z

Today many API services provide webhooks calling back your website or system over HTTP. This enables simple third party interprocess communications and notifications for websites. However unless you are running in production, you often find yourself in a situation where it is not possible to get an Internet exposed HTTP endpoint over publicly accessible IP address. These situations may include your home desktop, public WI-FI access point or continuous integration services. Thus, developing or testing against webhook APIs become painful for contemporary nomad developers.

Screen Shot 2015-03-26 at 17.46.39

ngrok (source) is a pay-what-you-want service to create HTTP tunnels through third party relays. What makes ngrok attractice is that the registration is dead simple with Github credentials and upfront payments are not required. ngrok is also open source, so you can run your own relay for sensitive traffic.

In this blog post, I present a Python solution how to programmatically create ngrok tunnels on-demand. This is especially useful for webhook unit tests, as you have zero configuration tunnels available anywhere where you run your code. ngrok is spawned as a controlled subprocess for a given URL. Then, you can tell your webhook service provider to use this URL to make calls back to your unit tests.

One could use ngrok completely login free. In this case you lose the ability to name your HTTP endpoints. I have found it practical to have control over the endpoint URLs, as this makes debugging much more easier.

For real-life usage, you can check cryptoassets.core project where I came up with ngrok method. ngrok succesfully tunneled me out from CI service and my laptop.


Installing ngrok on OSX from Homebrew:

brew install ngrok

Installing ngrok for Ubuntu:

apt-get install -y unzip
cd /tmp
wget -O ""
unzip ngrok
mv ngrok /usr/local/bin

Official ngrok download, self-contained zips.

Sign up for the ngrok service and grab your auth token.

Export auth token as an environment variable in your shell, don’t store it in version control system:


Ngrok tunnel code

Below is Python 3 code for NgrokTunnel class. See the full source code here.

import os
import time
import uuid
import logging
import subprocess
from distutils.spawn import find_executable
logger = logging.getLogger(__name__)
class NgrokTunnel:
    def __init__(self, port, auth_token, subdomain_base="zoq-fot-pik"):
        """Initalize Ngrok tunnel.
        :param auth_token: Your auth token string you get after logging into
        :param port: int, localhost port forwarded through tunnel
        :parma subdomain_base: Each new tunnel gets a generated subdomain. This is the prefix used for a random string.
        assert find_executable("ngrok"), "ngrok command must be installed, see"
        self.port = port
        self.auth_token = auth_token
        self.subdomain = "{}-{}".format(subdomain_base, str(uuid.uuid4()))
    def start(self, ngrok_die_check_delay=0.5):
        """Starts the thread on the background and blocks until we get a tunnel URL.
        :return: the tunnel URL which is now publicly open for your localhost port
        logger.debug("Starting ngrok tunnel %s for port %d", self.subdomain, self.port)
        self.ngrok = subprocess.Popen(["ngrok", "-authtoken={}".format(self.auth_token), "-log=stdout", "-subdomain={}".format(self.subdomain), str(self.port)], stdout=subprocess.DEVNULL)
        # See that we don't instantly die
        assert self.ngrok.poll() is None, "ngrok terminated abrutly"
        url = "https://{}".format(self.subdomain)
        return url
    def stop(self):
        """Tell ngrok to tear down the tunnel.
        Stop the background tunneling process.

Example usage in tests

Here is a short pseudo example from cryptoassets.core webhook handler unit tests. See the full unit test code here.

class BlockWebhookTestCase(CoinTestRoot, unittest.TestCase):
    def setUp(self):
        self.ngrok = None
        self.backend.walletnotify_config["class"] = "cryptoassets.core.backend.blockiowebhook.BlockIoWebhookNotifyHandler"
        # We need ngrok tunnel for webhook notifications
        auth_token = os.environ["NGROK_AUTH_TOKEN"]
        self.ngrok = NgrokTunnel(21211, auth_token)
        # Pass dynamically generated tunnel URL to backend config
        tunnel_url = self.ngrok.start()
        self.backend.walletnotify_config["url"] = tunnel_url
        self.backend.walletnotify_config["port"] = 21211
        # Start the web server
        self.incoming_transactions_runnable = self.backend.setup_incoming_transactions(,
    def teardown(self):
        # Stop webserver
        incoming_transactions_runnable = getattr(self, "incoming_transactions_runnable", None)
        if incoming_transactions_runnable:
        # Stop tunnelling
        if self.ngrok:
            self.ngrok = None


Please see the unit tests for NgrokTunnel class itself.

 Subscribe to RSS feed Follow me on Twitter Follow me on Facebook Follow me Google+

March 25, 2015

Davide Moro: How to install Kotti CMS on Windows

by davide moro at 2015-03-25T21:16:15Z

Yes, as expected, you can install Kotti CMS also on Windows if you have this constraint!

What is Kotti

From the official doc:

"""A high-level, Pythonic web application framework based on Pyramid and SQLAlchemy. It includes an extensible Content Management System called the Kotti CMS.

Kotti is most useful when you are developing applications that:
  • have complex security requirements
  • use workflows, and/or
  • work with hierarchical data

It is developer friendly and with a good user interface. You can easily extend it, develop new features or install one of the available third party modules (search for Kotti on if you want to browse existing modules ready to be used). Heavily inspired by Plone (
If you want to evaluate Kotti you can install it locally (no database installation is required, you can use SQLlite during evaluation or development).
Otherwise if you are particular lazy there is a working demo online with admin / qwerty administrator credentials: 


  • python (tested with python 2.7.9 but it should work also on newer versions)
  • Microsoft Visual C++ 9.0 available on the following url (needed for an issue with bcrypt)
  • virtualenv (suggested)

Installation steps

Once you have installed python from you can start installing Kotti. I assume in this article that your Python installation path is C:\Python27.
Now create a new folder (it doesn't matter the name, in this article my folder name is just kotti):
> mkdir kotti
> cd kotti
Install virtualenv and create a new isolated python environment in your kotti dir:
> C:\Python27\Scripts\pip.exe install virtualenv> C:\Python27\Scripts\virtualenv.exe --no-site-packages .
Install Kotti and its requirements:
> Scripts\pip.exe install -r
> Scripts\pip.exe install Kotti

Put inside your kotti dir the app.ini file downloaded from:
Runs Kotti:
Scripts\pserve.exe app.ini
Starting server in PID 2452
serving on

Update 20150219: if you want to install Kotti as a standard Windows service see this tutorial:

Troubleshooting (tested on Windows Vista)

If Microsoft Visual C++ Compiler for Python 2.7 is not installed on your environment you'll get an error during the requirements installation phase (only on Windows):
> Scripts\pip.exe install -r
  Running install for py-bcrypt
    building 'bcrypt._bcrypt' extension
    error: Microsoft Visual C++ 9.0 is required (Unable to find vcvarsall.bat).
Get it from
    Complete output from command C:\Users\dmoro\kotti\Scripts\python.exe -c "imp
ort setuptools, tokenize;__file__='c:\\users\\dmoro\\appdata\\local\\temp\\pip-b
uild-mact2r\\py-bcrypt\\';exec(compile(getattr(tokenize, 'open', open)(_
_file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record c:\u
sers\dmoro\appdata\local\temp\pip-wcmy6c-record\install-record.txt --single-vers
ion-externally-managed --compile --install-headers C:\Users\dmoro\kotti\include\
    running install

    running build

    running build_py

    creating build

    creating build\

    creating build\\bcrypt

    copying bcrypt\ -> build\\bcrypt

    running build_ext

    building 'bcrypt._bcrypt' extension

    error: Microsoft Visual C++ 9.0 is required (Unable to find vcvarsall.bat).
Get it from
You just need to install this requirement and all will work fine.

Troubleshooting 2 (tested on Windows 2008 R2 Server - updated 20150219)

You might experience other compilation errors on Windows due to different compiler versions, role management tool configuration, missing DLLs, environment variables (vcvars32.bat), missing header files, etc. The same C code that compiles fine on a Windows machine, on a different version of Windows could produce a compilation error (compiling under Windows is a pain).

Anyway the following links helped me a lot a install py-bcrypt under Windows 2008 R2 Server with Visual Studio 2008 Express (free version downloadable from



Kotti's front page (from the public demo online):

Kotti's folder contents (from the public demo online), requires authentication:

All posts about Kotti

Davide Moro: Kotti - avoid types addable in content root

by davide moro at 2015-03-25T21:15:53Z

With Kotti CMS ( you don't have to fight against the framework: after one or two days you'll love it and you will be productive.

You can add new content types mapped on database tables, extend existing ones, add one or more object actions, easy building of add and edit views without having to touch any html file.

Kotti is shipped with the pytest framework and I love it! The tests setup is very easy and you can mock or initialize your reusable fixtures with a dependency injection technique.

If your customer wants to use Windows, no problem:

How to prevent your content types to be added in content root

This blog post will explain how to prevent your content type to be added in the content root but only in Document types (they behave like folderish items too). What's the matter? The root itself is a Document.

My solution was similar to the following one, but a bit different:


from kotti.resources import TypeInfo
from kotti.resources import get_root
from kotti.resources import Content

class YourContentTypeInfo(TypeInfo):

    def addable(self, context, request):
        root = get_root()
        if context == root:
            return False
        return super(YourContentTypeInfo, self).addable(context, request)

yourcontent_type_info_data = Content.type_info.copy(
yourcontent_type_info = YourContentTypeInfo(**course_type_info_data)

class YourContent(Content):
    """ A yourcontent type. """


    id = Column(Integer, ForeignKey(''), primary_key=True)

    type_info = yourcontent_type_info
I tried to inherit all the default options and actions from the default Content's type info. This way you'll inherit all the backend menu actions.



After using Kotti for a while I can tell that the feedback is absolutely positive. It is the right choice when you don't need a much more complex system like Plone. So join the Python, Pyramid and Kotti community and say love to Kotti!

All posts about Kotti

by davide moro at 2015-03-25T21:15:36Z

If you want to create a new content type based on an existing one with
If you want to create a new content type based on an existing one with Kotti you need to write few lines of code and zero html for the add and edit views: it is very simple (browse Kotti's and views code).

Basically you have to extend the existing content type shipped with Kotti and add your custom fields.

But let's suppose you need a new content type named ImageWithLink with the following fields:
  • title
  • description
  • image
  • link
In this case the implementation is more verbose compared to extend another content type (like the Document, but it is still an easy job).
from zope.interface import implements
from kotti.resources import Image
from kotti.interfaces import IImage
from sqlalchemy import Column
from sqlalchemy import ForeignKey
from sqlalchemy import Integer
from sqlalchemy import Unicode

class ImageWithLink(Image):

    id = Column(Integer, ForeignKey(''), primary_key=True)
    link = Column(Unicode(1000))

    type_info = Image.type_info.copy(

    def __init__(self, link=u"", **kwargs):
        super(ImageWithLink, self).__init__(**kwargs) = link 
The code is quite self-explaining: you create a new ImageWithLink class that inherits from Image. You only need to add your custom field named link and you initialize the link in the __init__ code after calling the super method.

import colander
from deform import FileData
from deform.widget import FileUploadWidget
from kotti.views.edit import ContentSchema
from kotti.views.edit.content import ImageEditForm
from kotti.views.edit.content import ImageAddForm
from kotti.views.form import validate_file_size_limit
from kotti.views.form import FileUploadTempStore
from kotti.views.form import AddFormView
from pyramid.view import view_config
from kotti_yourplugin import _
from kotti_yourplugin.resources import ImageWithLink
from kotti_yourplugin.validators import link_validator

def ImageWithLinkSchema(tmpstore):
    """ File schema with no set title missing binding """
    class ImageWithLinkSchema(ContentSchema):
        file = colander.SchemaNode(
        link = colander.SchemaNode(

    def after_bind(node, kw):
        del node['tags']

    return ImageWithLinkSchema(after_bind=after_bind)

@view_config(name='edit', permission='edit',
class ImageWithLinkEditForm(ImageEditForm):
    def schema_factory(self):
        tmpstore = FileUploadTempStore(self.request)
        return ImageWithLinkSchema(tmpstore)

@view_config(name=ImageWithLink.type_info.add_view, permission='add',
class ImageWithLinkAddForm(ImageAddForm):
    item_type = _(u"Banner Box")
    item_class = ImageWithLink

    def schema_factory(self):
        tmpstore = FileUploadTempStore(self.request)
        return ImageWithLinkSchema(tmpstore)

    def save_success(self, appstruct):
        # override this method (no filename as title
        # like images)
        return AddFormView.save_success(self, appstruct)

    def add(self, **appstruct):
        # override (no tags in our form)
        buf = appstruct['file']['fp'].read()
        filename = appstruct['file']['filename']
        return self.item_class(
            title=appstruct['title'] or filename,
Here the code is more complex. There is a dynamic schema definition with the Kotti's temp store implementation. Both the add and the edit form refer to this schema, with some overrides because our object does not behave like files or images.
UPDATE 20150211: no need to write this validator. Use the url validator provided by colander instead (colander.url). Anyway you can use all the builtin colander validators or write your own validators.

import re
import colander
from kotti_yourplugin import _

URL_REGEXP = r'(%s)s?://[^\s\r\n]+' % '|'.join(VALID_PROTOCOLS)

def link_validator(node, value):
    """ Raise a colander.Invalid exception if the provided url
        is not valid
    def raise_invalid_url(node, value):
        raise colander.Invalid(
            node, _(u"You must provide a valid url."))
    if value:
        if not re.match(URL_REGEXP, value):
            raise_invalid_url(node, value)
Here you can see an example of link validator based on a regular expression. This validator decorates our link field of the ImageWithLink schema.

Obviously you need to add in your kotti_configure method your ImageWithLink in the kotti.available_types settings.
def kotti_configure(settings):
    settings['pyramid.includes'] += ' kotti_yourplugin'
    settings['kotti.available_types'] += ' kotti_yourplugin.resources.ImageWithLink'

and enable your configurator in your .ini file:
kotti.configurators =     mip_course.kotti_configure

And what about the default view of your content types? If you visit an ImageWithLink box it will behave like an image: it inherits the default view of the image (you should customize it adding the link on the image, very simple: not showed in this blog post), no need to deal with the image resize machinery, etc.

As you can see, Kotti is a flexible solution if you need a simple but powerful CMS solution based on Python, Pyramid and SQLAlchemy. You may consider it as a simple framework (but easy to understand, don't be scared by the word framework. It is really developer friendly). If you are curious about how to manage contents with Kotti you may play with the demo online: (admin - qwerty).

All posts about Kotti

by davide moro at 2015-03-25T21:15:20Z

Yet another blog post about
Yet another blog post about Kotti CMS ( this time I'm going to talk about workflows and security.

Workflows in Kotti are based on repoze.workflow. See for further information. Basically you can use an xml file (zcml) in order to describe your workflow definition. You can see an example here: A you can see it is quite straightforward adding new states, new transitions, new permissions, etc. You can easily turn your 2-states website workflow into a 3-states website workflow with reviewers or turn Kotti app into an intranet application.

The default workflow definition is loaded from your project .ini file settings (using the kotti.use_workflow settings). The kotti.use_workflow setting's default value is:
kotti.use_workflow = kotti:workflow.zcml
but can change change default workflow for the whole site, register new workflows related to specific content types or disable it as well.

Anyway, if you need to write a Python based CMS-ish application with hierarchical contents, custom content types, workflows, security, global and local ACL (sharing permissions), pluggable and extensible, based on relational databases, developer friendly, with a simple UI, etc... Kotti is your friend!

How to disable the default workflow

Kotti is shipped with a simple workflow implementation based on private and public states. If your particular use case does not require workflows at all, you can disable this feature with a non true value. For example:
kotti.use_workflow = 0

How to override the Kotti's default workflow for all content types

The default workflow is quite useful for websites, but sometimes you need something of different. Just change your workflow setting and point to your zcml file:
kotti.use_workflow = kotti_yourplugin:workflow.zcml
The simplest way to deal with workflow definitions is:
  • create a copy of the default workflow definition
  • customize it (change permissions, add new states, permissions, transitions, initial state and so on)
If your site already has content and you configure it use a workflow for the first time, or you use a different workflow than the one you used before, run the kotti-reset-workflow command to reset all your content's workflow.

    How to enable the custom workflow for images and files

    Images and files are not associated with the default workflow. If you need a workflow for these items you need to attach the IDefaultWorkflow marker interface.

    You can add the following lines in your includeme function:
    from zope.interface import implementer
    from kotti.interfaces import IDefaultWorkflow
    from kotti.resources import File
    from kotti.resources import Image

    def includeme(config):
        # enable workflow for images and files

    How to assign a different workflow to a content type

    In this kind of situation you want to use the default workflow for all your types and a different workflow implementation for a particular content type.

    You'll need to:
    • create the new workflow definition, with a workflow elector
    • write an elector function that will returns True or False depending if the workflow should be applied (otherwise will win the default default workflow, or better, the first matching workflow without an elector)
    • load manually your zcml file in your includeme function
    .ini file (optional)
    kotti_boxes.use_workflow = kotti_boxes:workflow.zcml

    from pyramid.i18n import TranslationStringFactory
    from kotti import FALSE_VALUES

    def includeme(config):
        workflow = config.registry.settings.get('kotti_boxes.use_workflow', None)
        if workflow and workflow.lower() not in FALSE_VALUES:


    From the repoze.workflow documentation: """A workflow is unique in a system using multiple workflows if the combination of its type, its content type, its elector, and its state_attr are different than the combination of those attributes configured in any other workflow."""
    Depending on how specific is your combination you may need to implement an elector (a function that returns True or False for a given context).
    from kotti_boxes.interfaces import IBoxWorkflow

    def elector(context):
        return IBoxWorkflow.providedBy(context)
    <configure xmlns=""

      <include package="repoze.workflow" file="meta.zcml"/>


        <state name="private" callback="kotti.workflow.workflow_callback">

          <key name="title" value="_(u'Private')" />
          <key name="order" value="1" />

          <key name="inherit" value="0" />
          <key name="system.Everyone" value="" />
          <key name="role:viewer" value="viewbox view" />
          <key name="role:editor" value="viewbox view add edit delete state_change" />
          <key name="role:owner" value="viewbox view add edit delete manage state_change" />



          permission="state_change" />



    All posts about Kotti

by davide moro at 2015-03-25T21:15:09Z

With Kotti CMS you can extend existing types inheriting from a base class (eg: Document) and obtain another type of object (eg: MyDocument) with new fields, new workflows, custom views, custom addability conditions, etc.

But sometimes you may want to add a custom field to one or more resources, without having to create a new type. For example you might want to add a colour attribute to all existing Document objects, let's imagine a simple select widget with few colours that will be used for adding a class depending on the choosen colour.

By default Kotti is shipped with an annotations column that can be used to store arbitrary data in a nested dictionary.

You can store arbitrary data in the nested dictionary with a syntax similar to the following one:
context.annotations['SOMEKEY'] = VALUE
and read annotations with:
All you need to do is overriding the add and edit form of your target class. With Pyramid is quite easy to extending an existing application and override views, assets, routes, etc. See for further info.

Here you can see one possible implementation:
from pyramid.view import view_config
import colander
from deform.widget import SelectWidget
from import (
    LinkActionAddForm as OriginalLinkActionAddForm,
    LinkActionEditForm as OriginalLinkActionEditForm,
from kotti_actions.resources import (
        colours = [
            ('', 'Select'),
            ('red', 'Red'),
            ('brown', 'Brown'),
            ('beige', 'Beige'),
            ('blue', 'Blue'),

def add_colour(schema):
    schema['colour'] = colander.SchemaNode(

@view_config(name=LinkAction.type_info.add_view, permission='add',
class LinkActionAddForm(OriginalLinkActionAddForm):
    """ Form to add a new instance of CustomContent. """

    def schema_factory(self):
        schema = super(LinkActionAddForm, self).schema_factory()
        return schema

    def add(self, **appstruct):
        colour = u''
            colour = appstruct.pop('colour')
        except KeyError:
        obj = super(LinkActionAddForm, self).add(**appstruct)

        obj.annotations['colour'] = colour
        return obj

@view_config(name='edit', context=LinkAction, permission='edit',
class LinkActionEditForm(OriginalLinkActionEditForm):
    """ Form to edit existing calendars. """

    def schema_factory(self):
        schema = super(LinkActionEditForm, self).schema_factory()
        return schema

    def before(self, form):
        super(LinkActionEditForm, self).before(form)
        colour = self.context.annotations.get('colour')
        if colour:
            form.appstruct.update({'colour': colour})

    def edit(self, **appstruct):
        super(LinkActionEditForm, self).edit(**appstruct)
        self.context.annotations['colour'] = appstruct['colour']

Now our LinkAction add and edit form will have an additional select with our colours.

All posts about Kotti

by davide moro at 2015-03-25T21:14:56Z

In the previous posts we have seen that Kotti is a minimal but robust high-level Pythonic web application framework based on Pyramid that includes an
In the previous posts we have seen that Kotti is a minimal but robust high-level Pythonic web application framework based on Pyramid that includes an extensible CMS solution, both user and developer friendly. For developer friendly I mean that you can be productive in one or two days without any knowledge of Kotti or Pyramid if you already know the Python language programming.

If you have to work relational databases, hierarchical data, workflows or complex security requirements Kotti is your friend. It uses well know Python libraries.

In this post we'll try to turn our Kotti CMS public site into a private intranet/extranet service.

I know, there are other solutions keen on building intranet or collaboration portals like Plone (I've been working 8 years on large and complex intranets, big public administration customers with thousands of active users and several editor teams, multiple migrations, etc) or the KARL project. But let's pretend that in our use case we have simpler requirements and we don't need too complex solutions, features like communities, email subscriptions or similar things.

Thanks to the Pyramid and Kotti's architectural design, you can turn your public website into an intranet without having to fork the Kotti code: no forks!

How to turn your site into an intranet

This could be an hard task if you use other CMS solutions, but with Kotti (or the heavier Plone) it will requires you just 4 steps:
  1. define a custom intranet workflow
  2. apply your custom worklows to images and files (by default they are not associated to any workflow, so once added they are immediatly public) 
  3. set a default fallback permission for all views
  4. override the default root ACL (populators)

1 - define a custom intranet workflow

Intranet workflows maybe different depending on your organization requirements. It might be very simple or with multiple review steps.

The important thing is: no more granting the view permission for anonymous users, unless you are willing to define an externally published state

With Kotti you can design your workflow just editing an xml file. For further information you can follow the Kotti CMS - workflow reference article.

2 - apply your custom workflow to images and files

By default they are not associated to any workflow, so once added they are immediately public.

This step will requires you just two additional lines of code in your includeme or kotti_configure function.

Already described here: Kotti CMS - workflow reference, see the "How to enable the custom workflow for images and files" section.

3 - set a default fallback permission

In your includeme function you just need to tell the configurator to set a default permission even for public views already registered.

I mean that if somewhere into the Kotti code there is any callable view not associated to a permission, it won't be accessible by anonymous after this step.

In your includeme function you'll need to :
def includeme(config):
    # set a default permission even for public views already registered
    # without permission
If you want to bypass the default permission for certain views, you can decorate them with a special permission (NO_PERMISSION_REQUIRED from which indicates that the view should always be executable by entirely anonymous users, regardless of the default permission. See:

4 - override the default root ACL (populators)

The default Kotti's ACL associated with the root of the site
from import SITE_ACL
gives view privileges to every user, including anonymous.
You can override this configuration to require users to log in before they can view any of your site's pages. To achieve this, you'll have to set your site's ACL as shown on the following url:
You'll need you add or override the default populator. See the kotti.populators options here:


After reading this article you should be able to close your Kotti site for anonymous users and obtaining a simple, private intranet-like area.

Off-topic: you can also use Kotti as a content backend-only administration area for public websites, with a complete decoupled frontend solution.

Useful links

All posts about Kotti

by davide moro at 2015-03-25T21:13:59Z

Pyramid, MySQL and Windows: the good (Pyramid), the ugly and the bad. This title does not fit perfectly the main characters of this blog post because some of theme are both ugly and bad, but it doesn't matter.

Just in case you are going to set up a Pyramid project based on MySQL and Windows (sometimes you have to)... there are a couple of things useful to know. But let's start with a chronologically order.

Day 0 - morning

You feel like the brave Steeve McQueen:

Evening - day 0

At the end of the day you'll feel also like Steeve McQueen, but a little more proved:

What happened?

Random problems with normal transactions considered too large, thread disconnected, error log entries like:
  • InterfaceError
  • OperationalError
  • MySQL Server has gone away
  • database connection failure
  • TimeoutError: QueuePool limit of size ... overflow ... reached, connection timed out, timeout ...
  • pyramid process hangs
  • etc

The solution

1 - adjust your my.ini options like that:
max_allowed_packet = 64MB # adjust this parameter according to your situation
wait_timeout = 28800
interactive_timeout = 2880
2 - be sure your production.ini file looks like the following one (with Python 2):
sqlalchemy.url = mysql+mysqldb://USER:PASSWORD@
# For Mysql "MySQL Connection Timeout and SQLAlchemy Connection Pool Recycling" issues see:
sqlalchemy.pool_recycle = 3600
3 - you can schedule a restart of your application once a day.

4 - [OPTIONAL, not only Windows related] adjust your SqlAlchemy configuration parameters according to how many threads your server runs. For example (production.ini):
sqlalchemy.pool_size = 20
sqlalchemy.max_overflow = 10
5 - if you are using CherryPy as a Windows service, be sure your  'engine.autoreload.on' option is set to False.


No more exceptions or odd behaviours!


    by davide moro at 2015-03-25T21:13:47Z

    Yet another small recipe for
    Yet another small recipe for Kotti CMS: how to initialize automatically a new object once inserted with events, for example adding a subobject.

    Use case? When someone creates a UserProfile object /users/name-surname, an event should create automatically a profile image in /users/name-surname/photo (a Kotti image instance).

    It is quite simple. Let's see our your_package/ module, where IMAGE_ID is equals to 'photo':
    import os
    from import (
    from kotti.resources import Image
    from your_package.resources import UserProfile
    from your_package.config import IMAGE_ID

    @subscribe(ObjectInsert, UserProfile)
    def user_profile_added(event):
    obj = event.object

    if IMAGE_ID not in obj.keys():
    image_path = os.path.join(
    'data', 'fallback.png'
    with open(image_path, 'rb') as image_file:
    obj[IMAGE_ID] = image_obj = Image(
    notify(ObjectInsert(image_obj, event.request)) 
    1. the subscribe decorator will register our handler when a UserProfile resource will be inserted
    2. we should check if IMAGE_ID is already instanciated (prevent errors on paste)
    3. if you want your code will work both for Unix-like or under Windows, use os.path.join instead of a plain data/fallback.png path (path separator issues)
    4. the final b in the open is important if you want to write code that works under Windows, see On Unix, it doesn’t hurt to append a 'b' to the mode, so you can use it platform-independently for all binary files
    5. notify the image insertion
    And your_package/ (in this example I've used the scan method but you could also register your event handlers imperatively):
    def includeme(config):
    """ Don't add this to your ``pyramid_includes``, but add the
    ``kotti_configure`` above to your ``kotti.configurators`` instead.

    :param config: Pyramid configurator object.
    :type config: :class:`pyramid.config.Configurator`
    And... tests of course (your_package/tests/
    from pytest import fixture

    from kotti.testing import DummyRequest

    def user_profile(db_session, config, root):
    """ returns dummy UserProfile.

    from your_package.resources import UserProfile
    root['userprofile'] = userprofile = UserProfile(title='UserProfile')
    from import notify
    from import ObjectInsert
    notify(ObjectInsert(course, DummyRequest())) return userprofile

    class TestUserProfileWithEvents:

    def test_assert_userprofile_image(self, user_profile):
    from your_package.config import IMAGE_ID
    assert IMAGE_ID in user_profile.keys()
    You can test also if everything goes right after a copy/paste action (see the Kotti's tests).


    All posts about Kotti

    March 23, 2015 Reboot of my Plone activities

    by Kamon Ayeva at 2015-03-23T01:00:00Z

    The first months of this year have seen more activities on the Plone front in my realm, and there are signs of a regain of energy for future work and collaborations. Let me share some information here.

    Meetups in Geneva

    I started proposing a monthly Plone meetup. Though everyone is busy these days, we had 3 participants for each of the february and march meetups. Here is the combined summary of the stuff we discussed with links to useful resources for people interested.

    Plone theming

    We talked about Diazo in the perspective of the "move from old practices to use the currently recommended way" mantra.

    Diazo is a theming engine integrated to Plone, actually since Plone 4.2. Diazo allows you to apply an HTML/CSS theme to your Plone site. Since Plone 4.3, there is a theme editor which you can see showcased in this video by Eric Steele.

    File-system-based vs. Through-the-web customizations

    In summary, the advice is this: Avoid doing everything through the web!

    Through the web customization, though helpful, can lead to a trap: the inability to translate your work into code which can be versioned, reused across sites and by a community of webmasters. And sometimes simply debugging and fixing your customizations will be tricky.

    In case you have missed it, this article from the Six Feet Up blog gives advices for keeping all customizations (e.g., templates, Python code, stylesheets, javascript code) in version control and using the through-the-web trick sparingly. The article also discusses how to make customizations properly when needed.

    Bob templates

    mr.bob is a generic Python project scaffolding tool. It helps speed developers' work and their adherence to best practices. In the Plone world, mr.bob provides a replacement for ZopeSkel with the bobtemplates.plone package, a set of templates for creating our add-on packages.

    Front-end stuff

    • Icono: Not strickly related to Plone, but Icono is an icon pack I like to use for small projects or static apps. It doesn’t require external resources; only CSS (i.e. no font or svg). Can be seen as a lightweight alternative to FontAwesome, which I also use.

    Plone support offer

    I re-started helping people with projects where Plone is the preferred choice. Or Pyramid.

    Note that my process for taking and delivering work is more optimized for cases where you come with a clearly defined picture of you want and you need me for specific tasks.

    To make things dead simple for me and others, I am using the microtasks platform Fiverr for handling everything. So if you are someone who sees outsourcing as a natural way of doing things and getting productive, or if you just want to offload small maintenance tasks, you are welcome to use my Fiverr Gigs. You can also use their custom order feature when you have more involved work planned.

    In addition to that, I am available on AirPair, a micro-consulting service site.

    On the horizon

    • I started exploring Node.js which, added to Python, gives us the choice between 2 powerful sets of scripting tools and frameworks. Obviously, I quickly came accross Express, and I will definitely play with it on a project this year.

    • There is a Static Apps online class in the works. I will talk about it in a dedicated post.


    I want to thank Nicola Lazzari and Gianguglielmo Calvi I recently met in Geneva and started collaborating with, for their trust in Plone, and their commitment to try and convince people around them to use these tools for their Internet and intranet projects.