ake anonymous subscription safer using a login and password to check the application progress :

* update StandardSecurity Extension to be able to login with all annoymous application even if they are not reindexed and all portal types
* change EGov_register to create a subscription form, assign login and password to it, and login with it. Now when you try to subscribe to egov, you are automatically relogged with the subscription form login
* modify PDFDocument_viewLoginInformationPT to display the new login and password on submission
* use the new css filename in template_erp5_egov_workspace, this avoid many error log message
* improve WebSite_viewSubmissionWizardRenderer to avoid error messages on logs by testing current_action value. Steps are not displayed if there is no current_action (like in PDFDocument_viewLoginInformation form)
* change egov_anonymous_workflow permission because now the subsciption form is edited as owner, so remove anonymous permission. This permit a better security on anonymous forms.
* bring some correction on PDFDocument_validateFormDataBeforeSubmission

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@23571 20353a03-c40f-0410-a6d1-a30d3c3de9de

bt5/erp5_egov/ExtensionTemplateItem/StandardSecurity.py

@@ -112,7 +112,7 @@ def getSecurityCategoryFromEntity(self, base_category_list, entity_name,
     portal_type_list   -- list of portal type to search the entity
   """
   if portal_type_list is None:
-    portal_type_list = ['Person', 'Organisation']
+    portal_type_list = self.portal_type_list
   if child_category_list is None:
     child_category_list = []
 
@@ -126,8 +126,26 @@ def getSecurityCategoryFromEntity(self, base_category_list, entity_name,
       # if a person_object was not found in the module, we do nothing more
       # this happens for example when a manager with no associated person 
       # object creates a person_object for a new user
-      return []
-  object = object_list[0].getObject()
+
+      portal = self.getPortalObject()
+
+      # XXX this hack permit to get the module of the application
+      # the goal is to work with anonymous applications, even if they are 
+      # not reindexed
+      if len(self.REQUEST.steps) >= 3 and \
+          'module' in self.REQUEST.steps[-3]:
+        module_id = self.REQUEST.steps[-3]
+        module =  getattr(portal, module_id, None)
+        if module is not None:
+          result = module._getOb(entity_name, None)
+          if result is not None:
+            object = result
+          else:
+            return []
+      else:
+        return []
+  else:
+    object = object_list[0].getObject()
   
   category_dict = {}
   for base_category in base_category_list:

bt5/erp5_egov/SkinTemplateItem/portal_skins/erp5_egov/EGov_register.xml

@@ -65,7 +65,9 @@
         </item>
         <item>
             <key> <string>_body</string> </key>
-            <value> <string>request=context.REQUEST\n
+            <value> <string encoding="cdata"><![CDATA[
+
+request=context.REQUEST\n
 \n
 # check captcha\n
 if not context.isCaptchaTextCorrect(captcha_text):\n
@@ -75,8 +77,42 @@ if not context.isCaptchaTextCorrect(captcha_text):\n
              "%s/%s?portal_status_message=%s" %\n
              (context.absolute_url(), form_id, translated_message))\n
 \n
-return context.EGov_createNewProcedure(new_application_procedure=\'Subscription Form\', captcha_ok=True)\n
-</string> </value>
+# create a new subscription form\n
+module = context.getDefaultModule(portal_type=\'Subscription Form\')\n
+form = module.newContent(portal_type=\'Subscription Form\')\n
+\n
+# XXX this group is not good for a form\n
+# but it\'s used for security on subscription form module\n
+form.setGroup(\'dgid/di/cge\')\n
+\n
+web_site_url = context.getWebSiteValue().absolute_url()\n
+module_id = module.getId()\n
+new_object_id = form.getId()\n
+\n
+redirect_url = "%s/%s/%s" % (web_site_url, module_id, new_object_id)\n
+\n
+# set a login on the new form\n
+form.setReference(new_object_id)\n
+\n
+# set a password\n
+password = context.Person_generatePassword()\n
+form.setPassword(password)\n
+\n
+# the ownership is the form itself\n
+form.manage_addLocalRoles(new_object_id, [\'Owner\',])\n
+#form.changeOwnership(new_object_id)\n
+\n
+\n
+\n
+\n
+# login with this new form\n
+redirect_url = \'%s/logged_in?__ac_name=%s&__ac_password=%s\' % (redirect_url, new_object_id, password)\n
+\n
+result = request[\'RESPONSE\'].redirect(redirect_url) \n
+return result\n
+
+
+]]></string> </value>
         </item>
         <item>
             <key> <string>_code</string> </key>
@@ -103,7 +139,9 @@ return context.EGov_createNewProcedure(new_application_procedure=\'Subscription
         <item>
             <key> <string>_proxy_roles</string> </key>
             <value>
-              <tuple/>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
             </value>
         </item>
         <item>
@@ -139,7 +177,14 @@ return context.EGov_createNewProcedure(new_application_procedure=\'Subscription
                             <string>message</string>
                             <string>translated_message</string>
                             <string>_getitem_</string>
-                            <string>True</string>
+                            <string>module</string>
+                            <string>form</string>
+                            <string>web_site_url</string>
+                            <string>module_id</string>
+                            <string>new_object_id</string>
+                            <string>redirect_url</string>
+                            <string>password</string>
+                            <string>result</string>
                           </tuple>
                         </value>
                     </item>

bt5/erp5_egov/SkinTemplateItem/portal_skins/erp5_egov/PDFDocument_viewLoginInformationPT.xml

@@ -69,6 +69,15 @@
 <div class="site_address">\n
   <a href="http://www.safi.sn">http://www.safi.sn</a>\n
 </div>\n
+<tal:bloc tal:condition="python: here.getPortalType() == \'Subscription Form\'">\n
+  <div class="explanation">\n
+    And use the login \n
+    "<b tal:content="here/getId">20080512-CF1</b>"\n
+    and the password \n
+    "<b tal:content="here/getPassword">pin02nuz</b>"\n
+  \n
+  </div>\n
+</tal:bloc>\n
 <div class="explanation">\n
   <tal:bloc i18n:translate="" i18n:domain="ui">\n
     You may now logout or go home and proceed to other applications:\n

bt5/erp5_egov/SkinTemplateItem/portal_skins/erp5_egov/template_erp5_egov_workspace.xml

@@ -94,7 +94,7 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.\n
                               \'%s/WebSite_viewWorkspaceWidgets.css\' % portal_path,\n
                               \'%s/WebSite_ListBox_asWorkspaceWidgets.css\' % portal_path,\n
                               \'%s/WebSite_viewAgentWorklistRenderer.css\' % portal_path,\n
-                              \'%s/DeclarationTVA_ListBox_asAttachedFile.css\' % portal_path];\n
+                              \'%s/PDFDocumentListBox_asAttachedFile.css\' % portal_path];\n
                         global js_list python:[\'%s/tabber.js\' % portal_path,\n
                                                \'%s/erp5_xhtml_appearance.js\' % portal_path,]">\n
 <!-- \'%s/tabber-cookie.js\' % portal_path,  must be added to js_list to use cookies to rembeber las tab used-->\n

bt5/erp5_egov/SkinTemplateItem/portal_skins/erp5_egov_widget_library/WebSite_ListBox_asWorkspaceWidgets.css.xml

@@ -59,7 +59,7 @@
 <tal:block define="dummy python: request.RESPONSE.setHeader(\'Content-Type\', \'text/css;; charset=utf-8\')"/>\n
 \n
 /*========================================================================================\n
-  DeclarationTVA_ListBox_asAttachedFile CSS.\n
+  ListBox_asWorkspaceWidgets CSS.\n
 \n
 ========================================================================================*/\n
 \n
@@ -153,6 +153,12 @@
             <key> <string>title</string> </key>
             <value> <string></string> </value>
         </item>
+        <item>
+            <key> <string>uid</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
       </dictionary>
     </pickle>
   </record>

bt5/erp5_egov/SkinTemplateItem/portal_skins/erp5_egov_widget_library/WebSite_viewSubmissionWizardRenderer.xml

@@ -51,7 +51,7 @@
             <key> <string>_text</string> </key>
             <value> <string encoding="cdata"><![CDATA[
 
-<div class="submission_wizard">\n
+<div class="submission_wizard" tal:condition="python: request[\'current_action\']">\n
   <div class="clear">\n
   </div>\n
   <div class="wizard_title" i18n:domain="ui" i18n:translate="">\n
@@ -77,13 +77,13 @@
       <div class="actions">\n
         <ul>\n
           <tal:block tal:repeat="action actions">\n
-            <tal:block tal:condition="python: action_dict.get(action[\'name\']) == None">\n
+            <tal:block tal:condition="python: not action_dict.has_key(action[\'name\'])">\n
               <tal:block tal:define="global action_not_in_dict_count python: action_not_in_dict_count+1" />                    \n
             </tal:block>\n
           </tal:block>\n
           <tal:block tal:repeat="action actions"\n
                  tal:attributes="class python: action == current_action and \'selected\' or \'not_selected\'">\n
-            <tal:block tal:condition="python: action_dict.get(action[\'name\'])">\n
+            <tal:block tal:condition="python: action_dict.has_key(action[\'name\']) and action_dict[action[\'name\']]">\n
               <li>\n
                 <tal:block tal:condition="python: here.getValidationState() in state_dict[action[\'name\']]">\n
                   <tal:block tal:condition="python: current_action[\'name\'] != action[\'name\']">\n
@@ -132,6 +132,12 @@
             <key> <string>title</string> </key>
             <value> <string></string> </value>
         </item>
+        <item>
+            <key> <string>uid</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
       </dictionary>
     </pickle>
   </record>

bt5/erp5_egov/WorkflowTemplateItem/portal_workflow/egov_anonymous_workflow.xml

@@ -58,6 +58,7 @@
                 <string>Add portal content</string>
                 <string>Modify portal content</string>
                 <string>Delete objects</string>
+                <string>Set own password</string>
               </tuple>
             </value>
         </item>

bt5/erp5_egov/WorkflowTemplateItem/portal_workflow/egov_anonymous_workflow/states/draft.xml

@@ -68,7 +68,6 @@
                     <key> <string>Access contents information</string> </key>
                     <value>
                       <tuple>
-                        <string>Anonymous</string>
                         <string>Assignee</string>
                         <string>Assignor</string>
                         <string>Auditor</string>
@@ -81,7 +80,6 @@
                     <key> <string>Add portal content</string> </key>
                     <value>
                       <tuple>
-                        <string>Anonymous</string>
                         <string>Assignor</string>
                         <string>Manager</string>
                         <string>Owner</string>
@@ -92,7 +90,6 @@
                     <key> <string>Delete objects</string> </key>
                     <value>
                       <tuple>
-                        <string>Anonymous</string>
                         <string>Assignor</string>
                         <string>Manager</string>
                         <string>Owner</string>
@@ -103,18 +100,22 @@
                     <key> <string>Modify portal content</string> </key>
                     <value>
                       <tuple>
-                        <string>Anonymous</string>
                         <string>Assignor</string>
                         <string>Manager</string>
                         <string>Owner</string>
                       </tuple>
                     </value>
                 </item>
+                <item>
+                    <key> <string>Set own password</string> </key>
+                    <value>
+                      <tuple/>
+                    </value>
+                </item>
                 <item>
                     <key> <string>View</string> </key>
                     <value>
                       <tuple>
-                        <string>Anonymous</string>
                         <string>Assignee</string>
                         <string>Assignor</string>
                         <string>Auditor</string>

bt5/erp5_egov/WorkflowTemplateItem/portal_workflow/egov_anonymous_workflow/states/submitted.xml

@@ -70,7 +70,6 @@
                     <key> <string>Access contents information</string> </key>
                     <value>
                       <tuple>
-                        <string>Anonymous</string>
                         <string>Assignee</string>
                         <string>Assignor</string>
                         <string>Auditor</string>
@@ -106,11 +105,18 @@
                       </tuple>
                     </value>
                 </item>
+                <item>
+                    <key> <string>Set own password</string> </key>
+                    <value>
+                      <tuple>
+                        <string>Owner</string>
+                      </tuple>
+                    </value>
+                </item>
                 <item>
                     <key> <string>View</string> </key>
                     <value>
                       <tuple>
-                        <string>Anonymous</string>
                         <string>Assignee</string>
                         <string>Assignor</string>
                         <string>Auditor</string>

bt5/erp5_egov/WorkflowTemplateItem/portal_workflow/egov_interaction_workflow/scripts/PDFDocument_validateFormDataBeforeSubmission.xml

@@ -77,14 +77,10 @@ portal_type = document.getPortalType()\n
 attachement_method = getattr(context, \'%s_getApplicationIncomeDict\' % portal_type.replace(\' \', \'\'))\n
 attachement_type_dict = attachement_method()\n
 \n
-# if the portal type is not mapped, no attached files are required\n
-if not attachement_type_dict.has_key(portal_type):\n
-  return\n
-\n
 document_title_list = [x.getTitle() for x in document.contentValues(portal_type=\'File\')]\n
 \n
 # get only required documents\n
-required_title_list = [x for x,y in attachement_type_dict[portal_type].items() if y == \'Required\']\n
+required_title_list = [x for x,y in attachement_type_dict.items() if y[\'requirement\'] == \'Required\']\n
 \n
 message = \'The following documents are missing to submit the request :\'\n
 missing_document_list = []\n

bt5/erp5_egov/bt/change_log

+2008-09-11 fabien
+* Make anonymous subscription safer using a login and password to check the application progress.
+
 2008-09-09 fabien
 * report_section refactoring to be more generic and easier to customize with more pdf
 

bt5/erp5_egov/bt/revision

-285
\ No newline at end of file
+289
\ No newline at end of file