=============
Zope features
=============

Zope features are mostly features from zope.* packages, though it has some
extras and some limitations.

ZCML
====

ZCML is the Zope Configuration Markup Language, an XML application. Zope code
consists of a lot of components that can be plugged together using ZCML.

If you put a ``site.zcml`` in the etc directory of your Zope
instance, this is the root of the ZCML tree. An example of
``site.zcml`` is in ``site.zcml.in``. If you don't place a
``site.zcml``, Five falls back on ``fallback.zcml``.

ZCML in Zope 2 has a special directive, ``five:loadProducts``, to load the
ZCML (``meta.zcml``, ``configure.zcml``) of all installed Zope 2
products, if available.

Another special directive, ``five:loadProductsOverrides`` is available
to load any overriding ZCML (``overrides.zcml``) in these products. In
the ``overrides.zcml`` you can override existing views or adapters, in
this or in other products.

Security declarations
=====================

Zope 2 aims to eradicate ``declareProtected``, ``ClassSecurityInfo`` and
``initializeClass`` from your code.

In order to do this, Zope 2 provides a way of declaring permissions from ZCML.
To declare permissions for methods and templates on views you use the
``permission`` attribute on the ``browser:page`` directive, and specify a
Zope 2 permission (given a dotted name). You can find a list of these
permissions in ``permissions.zcml`` in AccessControl's permissions.zcml.
The permission check takes place before the view is executed.

The ``class`` directive can also be used to declare permissions on
Zope 2 content classes. Note however that these permissions will be
ignored by views anyway, as they are trusted -- it only serves to
protect directly exposed methods on content classes (the Python
scripts and the ZPublisher).