WebSection: Fix RJS website rendering when trailing / in the URL is missing

renderJS gadget HTML uses relative URLs to link to there javascript/CSS files. Absolute URL calculation is resolved dynamically by the browser when loading the gadget. When accessing an ERP5 web section without a trailing / in the URL, the browser will calculate absolute URL from the parent document and not the web site itself. Example: In http://foo.com/web_site_module/bar , the relative URL couscous.js will be resolved http://foo.com/web_site_module/couscous.js If couscous.js is a document from DMS (Web Page for example), such URL can not be resolved and leads to a 404 error. One solution to solve this is to redirect (302) the browser when accessing a Web Section (Web Site is a web section) directly in ERP5. Example: http://foo.com/web_site_module/bar -> http://foo.com/web_site_module/bar/ But http://foo.com/web_site_module/bar/view should not redirect

WebSection: Fix RJS website rendering when trailing / in the URL is missing
renderJS gadget HTML uses relative URLs to link to there javascript/CSS files. Absolute URL calculation is resolved dynamically by the browser when loading the gadget. When accessing an ERP5 web section without a trailing / in the URL, the browser will calculate absolute URL from the parent document and not the web site itself. Example: In http://foo.com/web_site_module/bar , the relative URL couscous.js will be resolved http://foo.com/web_site_module/couscous.js If couscous.js is a document from DMS (Web Page for example), such URL can not be resolved and leads to a 404 error. One solution to solve this is to redirect (302) the browser when accessing a Web Section (Web Site is a web section) directly in ERP5. Example: http://foo.com/web_site_module/bar -> http://foo.com/web_site_module/bar/ But http://foo.com/web_site_module/bar/view should not redirect
309297a0 · Gabriel Monnerat · Georgios Dagkakis · d91b8a5a · 309297a0 · 309297a0
Commit 309297a0 authored Jan 21, 2016 by Gabriel Monnerat Committed by Georgios Dagkakis Nov 13, 2017
4 changed files
--- a/bt5/erp5_hal_json_style/SkinTemplateItem/portal_skins/erp5_hal_json_style/ERP5Document_getHateoas.py
+++ b/bt5/erp5_hal_json_style/SkinTemplateItem/portal_skins/erp5_hal_json_style/ERP5Document_getHateoas.py
@@ -42,34 +42,34 @@ def getProtectedProperty(document, select):

 url_template_dict = {
  "form_action": "%(traversed_document_url)s/%(action_id)s",
-  "traverse_generator": "%(root_url)s/%(script_id)s?mode=traverse" + \
+  "traverse_generator": "%(root_url)s%(script_id)s?mode=traverse" + \
                       "&relative_url=%(relative_url)s&view=%(view)s",
-  "traverse_template": "%(root_url)s/%(script_id)s?mode=traverse" + \
+  "traverse_template": "%(root_url)s%(script_id)s?mode=traverse" + \
                       "{&relative_url,view}",
-  "search_template": "%(root_url)s/%(script_id)s?mode=search" + \
+  "search_template": "%(root_url)s%(script_id)s?mode=search" + \
                     "{&query,select_list*,limit*,sort_on*,local_roles*}",
-  "worklist_template": "%(root_url)s/%(script_id)s?mode=worklist",
-  "custom_search_template": "%(root_url)s/%(script_id)s?mode=search" + \
+  "worklist_template": "%(root_url)s%(script_id)s?mode=worklist",
+  "custom_search_template": "%(root_url)s%(script_id)s?mode=search" + \
                     "&relative_url=%(relative_url)s" \
                     "&form_relative_url=%(form_relative_url)s" \
                     "&list_method=%(list_method)s" \
                     "&default_param_json=%(default_param_json)s" \
                     "{&query,select_list*,limit*,sort_on*,local_roles*}",
-  "custom_search_template_no_editable": "%(root_url)s/%(script_id)s?mode=search" + \
+  "custom_search_template_no_editable": "%(root_url)s%(script_id)s?mode=search" + \
                     "&relative_url=%(relative_url)s" \
                     "&list_method=%(list_method)s" \
                     "&default_param_json=%(default_param_json)s" \
                     "{&query,select_list*,limit*,sort_on*,local_roles*}",
-  "new_content_action": "%(root_url)s/%(script_id)s?mode=newContent",
-  "bulk_action": "%(root_url)s/%(script_id)s?mode=bulk",
+  "new_content_action": "%(root_url)s%(script_id)s?mode=newContent",
+  "bulk_action": "%(root_url)s%(script_id)s?mode=bulk",
  # XXX View is set by default to empty
-  "document_hal": "%(root_url)s/%(script_id)s?mode=traverse" + \
+  "document_hal": "%(root_url)s%(script_id)s?mode=traverse" + \
                  "&relative_url=%(relative_url)s",
  "jio_get_template": "urn:jio:get:%(relative_url)s",
  "jio_search_template": "urn:jio:allDocs?%(query)s",
  # XXX Hardcoded sub websection
-  "login_template": "%(root_url)s/%(login)s",
-  "logout_template": "%(root_url)s/%(logout)s"
+  "login_template": "%(root_url)s%(login)s",
+  "logout_template": "%(root_url)s%(logout)s"
 }

 default_document_uri_template = url_template_dict["jio_get_template"]
@@ -343,7 +343,7 @@ def renderField(traversed_document, field, form, value=None, meta_type=None, key

    if (editable_column_list):
      list_method_custom = url_template_dict["custom_search_template"] % {
-        "root_url": site_root.absolute_url(),
+        "root_url": site_root_absolute_url,
        "script_id": script.id,
        "relative_url": traversed_document.getRelativeUrl().replace("/", "%2F"),
        "form_relative_url": "%s/%s" % (getFormRelativeUrl(form), field.id),
@@ -357,7 +357,7 @@ def renderField(traversed_document, field, form, value=None, meta_type=None, key
      list_method_query_dict["parent_uid"] = traversed_document.getUid()
    else:
      list_method_custom = url_template_dict["custom_search_template_no_editable"] % {
-        "root_url": site_root.absolute_url(),
+        "root_url": site_root_absolute_url,
        "script_id": script.id,
        "relative_url": traversed_document.getRelativeUrl().replace("/", "%2F"),
        "list_method": list_method_name,
@@ -372,7 +372,7 @@ def renderField(traversed_document, field, form, value=None, meta_type=None, key
 #       document = row.getObject()
 #       line = {
 #         "url": url_template_dict["document_hal"] % {
-#           "root_url": site_root.absolute_url(),
+#           "root_url": site_root_absolute_url,
 #           "relative_url": document.getRelativeUrl(),
 #           "script_id": script.id
 #         }
@@ -461,6 +461,7 @@ def renderForm(traversed_document, form, response_dict, key_prefix=None, selecti
    action_to_call = "Base_callDialogMethod"
  else:
    action_to_call = form.action
+
  if (action_to_call == 'Base_edit') and (not portal.portal_membership.checkPermission('Modify portal content', traversed_document)):
    # prevent allowing editing if user doesn't have permission
    include_action = False
@@ -470,7 +471,7 @@ def renderForm(traversed_document, form, response_dict, key_prefix=None, selecti
    response_dict['_actions'] = {
      'put': {
        "href": url_template_dict["form_action"] % {
-          "traversed_document_url": site_root.absolute_url() + "/" + traversed_document.getRelativeUrl(),
+          "traversed_document_url": site_root.absolute_url() + traversed_document.getRelativeUrl(),
          "action_id": action_to_call
        },
        "action": form.action,
@@ -480,7 +481,7 @@ def renderForm(traversed_document, form, response_dict, key_prefix=None, selecti
  # Form traversed_document
  response_dict['_links']['traversed_document'] = {
    "href": default_document_uri_template % {
-      "root_url": site_root.absolute_url(),
+      "root_url": site_root_absolute_url,
      "relative_url": traversed_document.getRelativeUrl(),
      "script_id": script.id
    },
@@ -623,6 +624,10 @@ else:
  site_root = portal
  view_action_type = "object_view"

+site_root_absolute_url = site_root.absolute_url()
+if not site_root_absolute_url.endswith("/"):
+  site_root_absolute_url += "/"
+
 context.Base_prepareCorsResponse(RESPONSE=response)

 # Check if traversed_document is the site_root
@@ -661,7 +666,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None,
      # Always inform about site root
      "site_root": {
        "href": default_document_uri_template % {
-          "root_url": site_root.absolute_url(),
+          "root_url": site_root_absolute_url,
          "relative_url": site_root.getRelativeUrl(),
          "script_id": script.id
        },
@@ -688,7 +693,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None,
      response.setHeader(
        'WWW-Authenticate',
        'X-Delegate uri="%s"' % (url_template_dict["login_template"] % {
-          "root_url": site_root.absolute_url(),
+          "root_url": site_root_absolute_url,
          "login": login_relative_url
        })
      )
@@ -716,7 +721,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None,
    if not is_portal:
      result_dict['_links']['type'] = {
        "href": default_document_uri_template % {
-          "root_url": site_root.absolute_url(),
+          "root_url": site_root_absolute_url,
          "relative_url": portal.portal_types[traversed_document.getPortalType()]\
                            .getRelativeUrl(), 
          "script_id": script.id
@@ -731,7 +736,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None,
        # Jio does not support fetching the root document for now
        result_dict['_links']['parent'] = {
          "href": default_document_uri_template % {
-            "root_url": site_root.absolute_url(),
+            "root_url": site_root_absolute_url,
            "relative_url": container.getRelativeUrl(), 
            "script_id": script.id
          },
@@ -764,7 +769,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None,
            erp5_action_key in global_action_type or
            "_jio" in erp5_action_key):
          erp5_action_list[-1]['href'] = url_template_dict["traverse_generator"] % {
-                "root_url": site_root.absolute_url(),
+                "root_url": site_root_absolute_url,
                "script_id": script.id,
                "relative_url": traversed_document.getRelativeUrl().replace("/", "%2F"),
                "view": erp5_action_list[-1]['name']
@@ -893,7 +898,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None,
  #     }
      result_dict['_links']['raw_search'] = {
        "href": url_template_dict["search_template"] % {
-          "root_url": site_root.absolute_url(),
+          "root_url": site_root_absolute_url,
          "script_id": script.id
        },
        'name': 'Raw Search',
@@ -901,7 +906,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None,
      }
      result_dict['_links']['traverse'] = {
        "href": url_template_dict["traverse_template"] % {
-          "root_url": site_root.absolute_url(),
+          "root_url": site_root_absolute_url,
          "script_id": script.id
        },
        'name': 'Traverse',
@@ -909,7 +914,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None,
      }
      action_dict['add'] = {
        "href": url_template_dict["new_content_action"] % {
-          "root_url": site_root.absolute_url(),
+          "root_url": site_root_absolute_url,
          "script_id": script.id
        },
        'method': 'POST',
@@ -917,7 +922,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None,
      }
      action_dict['bulk'] = {
        "href": url_template_dict["bulk_action"] % {
-          "root_url": site_root.absolute_url(),
+          "root_url": site_root_absolute_url,
          "script_id": script.id
        },
        'method': 'POST',
@@ -929,7 +934,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None,
      if person is not None and portal.portal_membership.checkPermission('View', person):
        result_dict['_links']['me'] = {
          "href": default_document_uri_template % {
-            "root_url": site_root.absolute_url(),
+            "root_url": site_root_absolute_url,
            "relative_url": person.getRelativeUrl(), 
            "script_id": script.id
          },
@@ -947,7 +952,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None,
      elif relative_url == 'portal_workflow':
        result_dict['_links']['action_worklist'] = {
          "href": url_template_dict['worklist_template'] % {
-            "root_url": site_root.absolute_url(),
+            "root_url": site_root_absolute_url,
            "script_id": script.id
          }
        }
@@ -956,7 +961,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None,
        if (logout_relative_url):
          result_dict['_links']['logout'] = {
            "href": url_template_dict['logout_template'] % {
-              "root_url": site_root.absolute_url(),
+              "root_url": site_root_absolute_url,
              "logout": logout_relative_url,
              "template": True
            }
@@ -1060,7 +1065,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None,
        '_links': {
          'self': {
            "href": default_document_uri_template % {
-              "root_url": site_root.absolute_url(),
+              "root_url": site_root_absolute_url,
              # XXX ERP5 Site is not an ERP5 document
              "relative_url": getRealRelativeUrl(document) or document.getId(), 
              "script_id": script.id
@@ -1134,7 +1139,7 @@ def calculateHateoas(is_portal=None, is_site_root=None, traversed_document=None,
    response.setStatus(201)
    response.setHeader("X-Location",
      default_document_uri_template % {
-        "root_url": site_root.absolute_url(),
+        "root_url": site_root_absolute_url,
        "relative_url": document.getRelativeUrl(),
        "script_id": script.id
      })

--- a/product/ERP5/Document/WebSection.py
+++ b/product/ERP5/Document/WebSection.py
@@ -226,6 +226,14 @@ class WebSection(Domain, DocumentExtensibleTraversableMixin):
      if self.REQUEST.get(self.web_section_key, MARKER) is MARKER:
        self.REQUEST[self.web_section_key] = self.getPhysicalPath()
      self.REQUEST.set('current_web_section', self)
+
+      actual_url = self.REQUEST.get("ACTUAL_URL", "").strip()
+      if actual_url and actual_url in actual_url and not actual_url.endswith("/"):
+        query_string = self.REQUEST.get("QUERY_STRING", "")
+        query_str = "?%s" % query_string if query_string else query_string
+        return self.REQUEST.RESPONSE.redirect(
+          "".join([actual_url, "/", query_str]))
+
      if not self.REQUEST.get('editable_mode') and not self.REQUEST.get('ignore_layout'):
        document = None
        if self.isDefaultPageDisplayed():
@@ -403,6 +411,23 @@ class WebSection(Domain, DocumentExtensibleTraversableMixin):

      return result

+    def _add_trailing_slash(self, path):
+      path += "" if path.endswith("/") else "/"
+      return path
+
+    def absolute_url_path(self):
+      absolute_url_path = self.absolute_url(relative=1)
+      if not absolute_url_path.startswith("/"):
+        absolute_url_path = "/" + absolute_url_path
+      return absolute_url_path
+
+    def absolute_url(self, relative=0):
+      """
+        Return absolute_url with / in the end to avoid redirections when
+        accessing Web sections. Please check the method WebSection.__call__
+      """
+      return self._add_trailing_slash(Domain.absolute_url(self, relative=relative))
+
    security.declareProtected(Permissions.View, 'getSiteMapTree')
    def getSiteMapTree(self, **kw):
      """

--- a/product/ERP5/tests/testERP5Web.py
+++ b/product/ERP5/tests/testERP5Web.py
@@ -236,6 +236,60 @@ class TestERP5Web(ERP5TypeTestCase):

    return webpage_list

+  def test_WebSection_add_trailing_slash_in_url(self):
+    """
+     When accessing an ERP5 web section without a trailing / in the URL, the
+     browser will calculate absolute URL from the parent document and not the web
+     site itself.
+
+     Example:
+      In http://foo.com/web_site_module/bar , the relative URL couscous.js will
+      be resolved http://foo.com/web_site_module/couscous.js If couscous.js is a
+      document from DMS (Web Page for example), such URL can not be resolved and
+      leads to a 404 error.
+
+     One solution to solve this is to redirect (302) the browser when accessing a
+     Web Section (Web Site is a web section) directly in ERP5.
+     Example:
+      http://foo.com/web_site_module/bar -> http://foo.com/web_site_module/bar/
+      But http://foo.com/web_site_module/bar/view should not redirect
+    """
+    # Web Site as context
+    website = self.setupWebSite()
+    response = self.publish(website.absolute_url_path()[:-1])
+    self.assertEqual(MOVED_TEMPORARILY, response.status)
+    response = self.publish(
+      "%s?ignore_layout:int=1" % website.absolute_url_path()[:-1])
+    self.assertEqual("%s?ignore_layout:int=1" % website.absolute_url(),
+      response.headers.get("location"))
+    self.assertEqual(MOVED_TEMPORARILY, response.status)
+    response = self.publish(
+      "%s/getTitle?ignore_layout:int=1" % website.absolute_url_path())
+    self.assertEqual(HTTP_OK, response.status)
+    self.assertEqual("test", response.body)
+    response = self.publish(
+      "%s/getTitle" % website.absolute_url_path())
+    self.assertEqual(HTTP_OK, response.status)
+    self.assertEqual("test", response.body)
+    response = self.publish(
+      "%s/a_non_existing_page" % website.absolute_url_path())
+    self.assertEqual(404, response.status)
+    # Web Section as context
+    websection = self.setupWebSection()
+    response = self.publish(
+      "%s?ignore_layout:int=1" % websection.absolute_url_path()[:-1])
+    self.assertEqual("%s?ignore_layout:int=1" % websection.absolute_url(),
+      response.headers.get("location"))
+    self.assertEqual(MOVED_TEMPORARILY, response.status)
+    response = self.publish(
+      "%s/getTitle?ignore_layout:int=1" % websection.absolute_url_path())
+    self.assertEqual(HTTP_OK, response.status)
+    self.assertEqual("1", response.body)
+    response = self.publish(
+      "%s/getTitle" % websection.absolute_url_path())
+    self.assertEqual(HTTP_OK, response.status)
+    self.assertEqual("1", response.body)
+
  def test_01_WebSiteRecatalog(self):
    """
      Test that a recataloging works for Web Site documents
@@ -440,11 +494,12 @@ Hé Hé Hé!""", page.asText().strip())
    self.assertEqual(web_page_en, websection.getDefaultDocumentValue())
    # and make sure that the base meta tag which is generated
    # uses the web section rather than the portal
+    self.REQUEST.set("ACTUAL_URL", websection.absolute_url())
    html_page = websection()
    from Products.ERP5.Document.Document import Document
    base_list = re.findall(Document.base_parser, str(html_page))
    base_url = base_list[0]
-    self.assertEqual(base_url, "%s/%s/" % (websection.absolute_url(),
+    self.assertEqual(base_url, "%s%s/" % (websection.absolute_url(),
                                           web_page_en.getReference()))

  def test_06b_DefaultDocumentForWebSite(self):
@@ -477,11 +532,12 @@ Hé Hé Hé!""", page.asText().strip())
    self.assertEqual(web_page_en, website.getDefaultDocumentValue())
    # and make sure that the base meta tag which is generated
    # uses the web site rather than the portal
+    self.REQUEST.set("ACTUAL_URL", website.absolute_url())
    html_page = website()
    from Products.ERP5.Document.Document import Document
    base_list = re.findall(Document.base_parser, str(html_page))
    base_url = base_list[0]
-    self.assertEqual(base_url, "%s/%s/" % (website.absolute_url(), web_page_en.getReference()))
+    self.assertEqual(base_url, "%s%s/" % (website.absolute_url(), web_page_en.getReference()))

  def test_07_getDocumentValueList(self):
    """ Check getting getDocumentValueList from Web Section.
@@ -868,7 +924,7 @@ Hé Hé Hé!""", page.asText().strip())
    website_relative_url = website.absolute_url(relative=1)
    website_fr = self.portal.restrictedTraverse(
      'web_site_module/%s/fr' % website_id)
-    website_relative_url_fr = '%s/fr' % website_relative_url
+    website_relative_url_fr = '%sfr/' % website_relative_url

    websection_id = self.setupWebSection().getId()
    websection = self.portal.restrictedTraverse(
@@ -876,7 +932,7 @@ Hé Hé Hé!""", page.asText().strip())
    websection_relative_url = websection.absolute_url(relative=1)
    websection_fr = self.portal.restrictedTraverse(
      'web_site_module/%s/fr/%s' % (website_id, websection_id))
-    websection_relative_url_fr = '%s/%s' % (website_relative_url_fr,
+    websection_relative_url_fr = '%s%s/' % (website_relative_url_fr,
                                            websection.getId())

    page_ref = 'foo'

--- a/product/ERP5/tests/testERP5WebWithDms.py
+++ b/product/ERP5/tests/testERP5WebWithDms.py
@@ -396,6 +396,7 @@ class TestERP5WebWithDms(ERP5TypeTestCase, ZopeTestCase.Functional):

    # check Unauthorized exception is raised for anonymous when authorization_forced is set
    self.logout()
+    self.REQUEST.set("ACTUAL_URL", websection.absolute_url())
    self.assertEqual(None,  websection.getDefaultDocumentValue())
    self.assertRaises(Unauthorized,  websection)