My life with Plone, part 2

In part 1 I discussed documentation, support for previous releases, upgrading, backup/restore and versioning.

The object database

As I said in Part 1, the ZODB is very solid. I find, however, that the tools for analyzing the contents of the database — at least those that ship with Plone’s Zope/CMF — are relatively weak. It feels like the system needs a GUI app for administrators. As it is, you either deal with the limited functionality of the ZMI, or you use plain old Python. I miss the power of relational databases to generate ad hoc reports with SQL statements, or even something like Django’s ORM methods. Part of the problem I suppose is poor documentation of the Zope API, and it can take some detective work and trial and error (even if you do use DocFinderTab) to find not only the methods you need, but the correct way to call them. This in turn is to some extent the fault of the Python language itself in that function parameters and return values are not typed as in Java, for example. There are certainly advantages to Python’s approach — and everything considered Python is still my preferred programming language — but I do think it often results in weaker documentation. Even the official documentation of the Python language is, to me, often maddeningly vague with respect to input and output of standard library functions.

Managing permissions, users and groups

Zope has a complex, flexible, and extremely granular security model, almost too much so for a web-based management UI. I generally try to minimize the amount of manual permissions tweaking I do in the system, as it feels a bit risky, partly because of issues with the database noted above. Managing users and groups in Plone is no better or worse than most decent content management systems or complex web applications, which is to say that it’s serviceable but not great. Again, it seems that this aspect of the system could benefit from a GUI app, or perhaps the web UI just needs more development, maybe adding some Ajax functionality to reduce page loads, etc.  A major positive development in user/group management has been the maturation of the Pluggable Authentication Service (PAS) and its integration into Plone.  Since I have a requirement to use an external authentication system (Shibboleth) via my Apache front-end, I started in the pre-PAS days by using a product called RemoteUserFolder, which worked well with Zope, but did not integrate with Plone. Now I use apachepas and AutoMemberMaker (I just learned that these products have been replaced by WebServerAuth). Since PAS is now the default user folder in Plone, these products integrate seamlessly and they have proven solid.

Continued in Part 3.

, , , ,