Kotti 0.1a5

A friendly, light-weight web content management system (WCMS). Written in Python, based on Pyramid and SQLAlchemy.

What is Kotti?

Kotti is a user-friendly web content management system (WCMS).

Features:

  • Support for pluggable authentication modules and single sign-on
  • Access control lists (ACL) for fine-grained security
  • Separation between public area and editor interface
  • Separation of basic and advanced functionality in the editor user interface, enabling a pleasant learning curve for editors
  • Easily extensible with your own look & feel with no programming required
  • Easily extensible with your own content types and views

Note

At this point, Kotti is experimental. You're encouraged to try it out and give us feedback, but don't use it in production yet. We're likely to make fundamental changes to both Kotti's API and its database structure in weeks to come.

Issue tracker and development

Kotti is developed on Github. The issue tracker also lives there.

Kotti's mailing list for both users and developers is at http://groups.google.com/group/kotti

You can also find us on IRC: join the #kotti channel on irc.freenode.net.

Installation using virtualenv

It's recommended to install Kotti inside a virtualenv.

Change into the directory of your Kotti download and issue:

$ python setup.py install

To run Kotti with the included development profile then type:

$ paster serve development.ini

To run all tests:

$ python setup.py nosetests

Installation using buildout

Alternatively, you can use the provided buildout configuration like so:

$ python bootstrap.py
$ bin/buildout

To run Kotti with the included development profile then type:

$ bin/paster serve development.ini

To run all tests:

$ bin/test

Configuring Kotti

Kotti includes two Paste Deploy configuration files in production.ini and development.ini.

kotti.authn_policy_factory and kotti.authz_policy_factory

You can override the authentication and authorization policy that Kotti uses. By default, Kotti uses these factories:

kotti.authn_policy_factory = kotti.authtkt_factory
kotti.authz_policy_factory = kotti.acl_factory

These settings correspond to pyramid.authentication.AuthTktAuthenticationPolicy and pyramid.authorization.ACLAuthorizationPolicy being used.

kotti.secret

kotti.secret and kotti.secret2 (optional) are used as salts for various hashing functions. Also, kotti.secret is the password of the default admin user. (Which you should change immediately.)

An example:

kotti.secret = qwerty
kotti.secret2 = asdfgh

With these settings, to log in as admin, you would log in as admin with the password qwerty.

kotti.secret is used as a salt to the passwords in the default user database. Changing it will result in the user database's passwords becoming invalid.

kotti.session_factory

The kotti.session_factory configuration variable allows the overriding of the default session factory, which is pyramid.session.UnencryptedCookieSessionFactoryConfig.

kotti.principals

Kotti comes with a default user database implementation in kotti.security.principals. You can use the kotti.principals configuration variable to override the implementation used. The default looks like this:

kotti.principals = kotti.security.principals

kotti.templates.master_view and kotti.templates.master_edit

The default configuration for these two variables is:

kotti.templates.master_view = kotti:templates/view/master.pt
kotti.templates.master_edit = kotti:templates/edit/master.pt

You may override these to provide your own master templates.

kotti.templates.base_css, kotti.templates.view_css, and kotti.templates.edit_css

These variables define the CSS files used by the default master templates. The defaults are:

kotti.templates.base_css = kotti:static/base.css
kotti.templates.view_css = kotti:static/view.css
kotti.templates.edit_css = kotti:static/edit.css

kotti.includes

The default configuration here is:

kotti.includes =
  kotti.events kotti.views.view kotti.views.edit kotti.views.login kotti.views.manage

These point to modules that contain an includeme function. An includeme function that registers an edit view for an Event resource might look like this:

def includeme(config):
    config.add_view(
        edit_event,
        context=Event,
        name='edit',
        permission='edit',
        )

Examples of views and their registrations are in Kotti itself. Take a look at kotti.views.view and kotti.views.edit. XXX Need example extension package.

Changing the kotti.includes configuration allows you to register your own views or event handlers instead of Kotti's defaults. As an example, consider a scenario where you want to implement your own management views. This could be because you're using a user database implementation that is very different to Kotti's own. Your configuration would look something like this:

kotti.includes =
  kotti.events kotti.views.view kotti.views.edit kotti.views.login mypackage.manage
kotti.principals = mypackage.manage.principals

Note that it's also possible to set these options directly from your Python package by use of the kotti.configurators configuration variable.

kotti.available_types

The default configuration here is:

kotti.available_types = kotti.resources.Document

You may replace or add your own types with this variable. An example:

kotti.available_types =
    kotti.resources.Document
    mypackage.resources.Calendar
    mypackage.resources.Event

kotti.resources.Document is itself a class that's suitable as an example of a Kotti content type implementation:

class Document(Node):
    type_info = Node.type_info.copy(
        name=u'Document',
        add_view=u'add_document',
        addable_to=[u'Document'],
        )

    def __init__(self, body=u"", mime_type='text/html', **kwargs):
        super(Document, self).__init__(**kwargs)
        self.body = body
        self.mime_type = mime_type

documents = Table('documents', metadata,
    Column('id', Integer, ForeignKey('nodes.id'), primary_key=True),
    Column('body', UnicodeText()),
    Column('mime_type', String(30)),
)
mapper(Document, documents, inherits=Node, polymorphic_identity='document')

kotti.configurators

Requiring users of your package to set all the configuration variables by hand in pasteserve.ini is not ideal. That's why Kotti includes a configuration variable through which extending packages can set all other configuration options through Python. Here's an example of a function that configures Kotti:

# in mypackage/__init__.py
def kotti_configure(config):
    config['kotti.includes'] += ' mypackage.views'
    config['kotti.principals'] = 'mypackage.security.principals'
    config['kotti.authn_policy_factory'] = 'mypackage.security.authn_factory'

And this is how you'd hook it up in the pasteserve.ini:

kotti.configurators = mypackage.kotti_configure

Authentication and Authorization

We're currently working on a user interface for user management.

Authentication in Kotti is pluggable. See kotti.authn_policy_factory.

ACL

Auhorization in Kotti can be configured through kotti.authz_policy_factory. The default implementation uses inherited access control lists. The default install of Kotti has a root object with this ACL that's defined in kotti.security.SITE_ACL:

SITE_ACL = [
    ['Allow', 'system.Authenticated', ['view']],
    ['Allow', 'role:viewer', ['view']],
    ['Allow', 'role:editor', ['view', 'add', 'edit']],
    ['Allow', 'role:owner', ['view', 'add', 'edit', 'manage']],
    ]

You can see how viewing the site is locked down to authenticated users. You can set the ACL through the Node.__acl__ property to your liking. To open your site so that everyone can view, do:

from kotti.resources import get_root
root = get_root(request)
root.__acl__ = root.__acl__ + [('Allow', 'system.Everyone'), ['view']]

Roles and groups

The default install of Kotti maps the role:admin role to the admin user. The effect of which is that the admin user gains ALL_PERMISSIONS throughout the site.

Principals can be assigned to roles or groups by use of the kotti.security.set_groups function, which needs to be passed a context to work with:

from kotti.security import set_groups
set_groups(bobsfolder, 'bob', ['role:owner'])

To list roles and groups of a principal, use kotti.security.list_groups. Although you're more likely to be using Pyramid's security API in your code.

Under the hood

Kotti is written in Python and builds upon on the two excellent libraries Pyramid and SQLAlchemy. Kotti tries to leverage these libraries as much as possible, thus:

  • minimizing the amount of code and extra concepts, and
  • allowing users familiar with Pyramid and SQLAlchemy to feel right at home since Kotti's API is mostly that of Pyramid and SQLAlchemy.

For storage, you can configure Kotti to use any relational database for which there is support in SQLAlchemy. There's no storage abstraction apart from that.

Have a question? Join our mailing list at http://groups.google.com/group/kotti or read this blog post for more implementation details.

Thanks

Kotti thanks the University of Coimbra for their involvement and support.

History

0.1a5

  • Add sharing screen.

    This allows you to set roles for groups and users on individual folders. This also considers roles that are inherited from higher up in the hierarchy, and those that are inherited from groups that the user belongs to.

  • Refined available system roles in kotti.security.ROLES. We now have:

    • Viewer: view
    • Editor: view, add, edit
    • Owner: view, add, edit, manage
    • Admin: all permissions

0.1a4

  • Added login form.

    With the development profile in development.ini, log in with user 'admin' and password 'qwerty'. User management and sharing tab is a TODO.

  • Add a default user database implementation in kotti.security.Principals.

    Override with kotti.principals configuration setting.

  • Add inheritbale, nested groups support.

    Groups are stored in Node.__groups__. The API is kotti.security.list_groups and kotti.security.set_groups.

Author

Daniel Nouri

Pip

Kotti==0.1a5

Classifiers

  • Programming Language :: Python
  • Development Status :: 3 - Alpha
  • Topic :: Internet :: WWW/HTTP
  • Topic :: Internet :: WWW/HTTP :: Dynamic Content
  • Topic :: Internet :: WWW/HTTP :: WSGI :: Application
  • Framework :: Pylons
File Type Python Version Uploaded On Downloads
Kotti-0.1a5.tar.gz Source Feb. 23, 2011 5,023
Version Release Date
1.1.4 June 26, 2015
1.1.3 June 17, 2015
1.1.2 June 12, 2015
1.1.1 May 11, 2015
1.1.0 April 16, 2015
1.1.0-alpha.1 March 19, 2015
1.0.0 Feb. 20, 2015
1.0.0-alpha.4 Jan. 29, 2015
1.0.0-alpha.3 Jan. 13, 2015
1.0.0-alpha.2 Jan. 1, 2015
1.0.0-alpha Dec. 20, 2014
0.10b1 July 11, 2014
0.10a4 June 19, 2014
0.10a3 June 11, 2014
0.10a2 June 5, 2014
0.10a1 May 19, 2014
0.9.2 Oct. 15, 2013
0.9.1 Sept. 25, 2013
0.9 Sept. 17, 2013
0.9b2 Aug. 20, 2013
0.9b1 June 27, 2013
0.9a2 May 4, 2013
0.9a1 March 12, 2013
0.8 March 12, 2013
0.8b2 Feb. 8, 2013
0.8b1 Dec. 30, 2012
0.8a2 Dec. 15, 2012
0.8a1 Nov. 13, 2012
0.7.2 Oct. 2, 2012
0.7.1 Aug. 30, 2012
0.7rc1 Aug. 14, 2012
0.7 Aug. 16, 2012
0.7a6 Aug. 7, 2012
0.7a5 Aug. 7, 2012
0.7a4 June 25, 2012
0.7a3 June 15, 2012
0.7a2 June 7, 2012
0.7a1 June 1, 2012
0.6.3 May 8, 2012
0.6.2 April 21, 2012
0.6.1 March 30, 2012
0.6.0 March 22, 2012
0.6.0b3 March 17, 2012
0.6.0b2 March 16, 2012
0.6.0b1 March 15, 2012
0.5.2 March 10, 2012
0.5.1 Feb. 27, 2012
0.5.0rc2 Feb. 14, 2012
0.5.0rc1 Feb. 13, 2012
0.5.0 Feb. 15, 2012
0.5.0a7 Feb. 9, 2012
0.5.0a6 Feb. 9, 2012
0.5.0a5 Feb. 8, 2012
0.5.0a4 Feb. 3, 2012
0.5.0a3 Jan. 27, 2012
0.5.0a2 Jan. 25, 2012
0.5.0a1 Jan. 23, 2012
0.4.5 Jan. 19, 2012
0.4.4 Jan. 5, 2012
0.4.3 Dec. 22, 2011
0.4.2 Dec. 20, 2011
0.4.1 Dec. 20, 2011
0.4.0 Dec. 14, 2011
0.3.1 Dec. 9, 2011
0.3.0 Nov. 30, 2011
0.2.10 Nov. 22, 2011
0.2.9 Nov. 21, 2011
0.2.8 Nov. 21, 2011
0.2.7 Nov. 20, 2011
0.2.6 Nov. 17, 2011
0.2.5 Nov. 14, 2011
0.2.4 Nov. 13, 2011
0.2.3 Oct. 28, 2011
0.2.2 Oct. 10, 2011
0.2.1 Sept. 29, 2011
0.2 Sept. 16, 2011
0.2a2 Sept. 5, 2011
0.2a1 Aug. 29, 2011
0.1.1 May 17, 2011
0.1 May 4, 2011
0.1a9 April 12, 2011
0.1a8 March 18, 2011
0.1a7 March 10, 2011
0.1a6 March 2, 2011
0.1a5 Feb. 23, 2011
0.1a4 Feb. 17, 2011
0.1a3 Feb. 8, 2011
0.1a2 Feb. 4, 2011
0.1a1 Aug. 24, 2015
Date Package Version Action
Aug. 24, 2015, 11:36 p.m. Kotti 0.7rc1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.9a2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.8a2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.9.1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.5.2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.5.1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.5.0 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.7.1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.5.0a7 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.5.0a4 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.5.0a5 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.5.0a2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.5.0a3 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.5.0a1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.2.8 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.2.9 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.1.1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.2.1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.2.2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.2.3 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.2.4 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.2.5 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.2.6 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.2.7 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.7 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 1.1.4 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 1.1.2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 1.1.3 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 1.1.0 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 1.1.1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.4.4 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.4.5 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.2.10 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.9a1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.10a4 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.10a3 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.10a2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.10a1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.1a8 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.1a9 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.4.2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.4.3 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.4.0 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.4.1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.1a2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.1a3 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.1a1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.1a6 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.1a7 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.1a4 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.1a5 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 1.1.0-alpha.1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.6.0 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.6.1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.6.2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.6.3 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 1.0.0-alpha.4 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.2a1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.2a2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.8b2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.8b1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.5.0rc2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.5.0rc1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.10b1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.9 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.8 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.9.2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.8a1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.9b2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.9b1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.6.0b2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.3.1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.3.0 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.7a1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.7a2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.7a3 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.7a4 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.7a5 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.7a6 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.5.0a6 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.6.0b1 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 1.0.0-alpha Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.6.0b3 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 1.0.0-alpha.2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 1.0.0-alpha.3 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 0.7.2 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti 1.0.0 Release Created
Aug. 24, 2015, 11:36 p.m. Kotti Package Created