We, Plone developers invest time in Plone to build something nice and attractive that users love. There is a need for a hacking tool that allows non-technical users to easily change and customize Plone sites through a modern web interface, rather than relying on hackable systems. Rapido is proposed as a solution, which would allow creating custom content chunks and scripts using basic HTML and Python knowledge, and injecting them into Plone through Diazo theming. Rapido scripts would have access to Plone APIs and content in a secure manner, and it includes a REST API and Plone content rules integration out of the box.

1. Happy hacking with Plone
Éric Bréhault - PloneConf 2015

2. We, Plone developers
invest time in Plone,
build something nice and attractive,
feel pround of it.

3. We, Plone developers
from "Les Vacances du Petit Nicolas" by Laurent Tirard
.fx: extra-large

4. The users play
from "Les Vacances du Petit Nicolas" by Laurent Tirard

5. The conflict
They loved it.
We are desperate.

6. We retaliate

7. Pharmakon
φάρμακον: medecine, drug, poison
Any medecine is also a poison.

8. My solution

9. Hackability is a feature
It is not a flaw.
It must be provided as a tool.

10. A hacking tool...
to change or add whatever we want in our Plone site
through a modern and pleasant web interface
... not a hackable system

11. ZMI?

12. The Plone Theming editor!
Already a "hacking" tool:
non-Plone experts can change the entire theme.

13. Diazo theory
"We Write XSLT, So You Don't Have To"

14. Diazo reality
Guess what? I am writing tons of XSLT!!

15. What we need

16. Content-to-content
On-the-fly content changes with <before/>and <after/>.
< b e f o r e c s s : c o n t e n t = " # c o n t e n t - c o r e " >
< a h r e f = " m a i l t o : c o n t a c t @ d i a z o . o r g " >
A s k f o r h e l p
< / a >
< / b e f o r e >

17. Content-to-content
On-the-fly content insertion.
< b e f o r e c s s : c o n t e n t - c h i l d r e n = " # m a i n " >
< i n c l u d e c s s : c o n t e n t = " # b r e a d c r u m b s " / >
< / b e f o r e >

18. Content-to-content
On-the-fly remote content insertion.
< b e f o r e c s s : c o n t e n t - c h i l d r e n = " # m a i n " >
< i n c l u d e h r e f = " / n e w s "
c s s : c o n t e n t = " # b r e a d c r u m b s " / >
< / b e f o r e >

19. We want more
create our own chuncks of content
implement our own scripts
with basic knowledge of HTML and Python

20. Rapido

21. It lives in the theme
Editable through the Plone interface...
...or in the sources.
We use Diazo to inject it in Plone.

22. Dead simple
no ZCA stuff,
no ZPT (or any templating language),
no JBOT,
Just HTML and Python

23. Demo

24. What do we get in our
context?
context.app
context.request
context.portal
context.content
context.api(the Plone API!!)

25. Is it secure?
Python scripts are executed by
zope.security.untrustedpython.
All the regular security stack is applied, like:
current user privileges,
CSRF policy (@PostOnlyfor instance).

26. Battery included
Rapido comes with a complete REST API.
GET / POST / DELETE / PUT / PATCH
It is a ready-to-use JSON backend.

27. Demo

28. Battery included
Rapido provides a Plone Content Rules action.
We can hook our scripts to any Plone event.

29. Battery included
Rapido is Mosaic compliant.
(but it does not depend on it)

30. Demo

31. Thank you!