I have two sites that are using a "product" built on rapido.
I've stopped building new things with it as I don't know what the situation is with rapido at this point. Is it a dead end?
I believe it is.
There is a security problem with it and it's stopped being developed.
I've switched to using themefragments (for tiles and other views), ampidexerity (for validations and custom views) and plomino (for mini apps/relational data).
Thanks @djay...
I have some unraveling to do on those projects. Similarly, I've been using themefragments on newer projects. The security issue with rapido is definitely concerning...
@pigeonflight rapido is not maintained anymore.
The original objective was to make something more "code-oriented" than Plomino (with actual HTML and Python files you can manage just like any source code), and also to provide a way for developers who do not know much about Plone to be able to develop apps on top of Plone.
But on the different projects I have been using it, it ends up to be a pretty bad solution, extremely difficult to maintain.
@djay regarding the security issue, as far as I remember, it was in a very specific case: if you have 2 Plone sites on the same Zope instance, a user who is manager on one of the Plone site can make some Rapido scripts able to modify content in the other Plone site (but I might remember wrongly).
projects. The security issue with rapido is definitely concerning…
It’s fixable. It’s just the version of restrictedpython rapido uses comes with less restrictions out of the box than it should, but it provides a way to implement them if you want.
There was no protection on attribute setting.
oh yes, right