This was not following the signature of the real method

backport nexedi/erp5/merge_requests/469 to fix [Tracking issue for a specific user](https://www.erp5.com/project_section/capago-project/forum/Tracking-issue-for-a-specific-user-NfPPKu12hc)




/reviewed-on https://lab.nexedi.com/nexedi/erp5-capago/merge_requests/3

If we leave sort_column empty, catalog/listbox will incorrectly guess
the sortable columns.

There is a related key for source_title that does not work here (because
this method selects movements, and movements categories are not indexed,
so lines which acquire source from their parent are filtered out)

Conflicts:
	product/ERP5/tests/testItem.py

Some listboxs using it were using default_sort to inject this
automatically, but it's better to do this directly in the script, this
way the script can be reused.

I'm not really convinced the script should honor sort_on parameter
received in kw, because misconfigured listbox can inject some parameters
that would cause more table to be joined.

this is still unfinished work

no need to do catalog here

this way callers does not have to lookup explanation by catalog themselves

This uses caching (which will probably never be hit here), prevent
problems if delivery_uid is null (which should not happen) but it's
consistent with other brain methods.

temp changes in ERP5, backporting  changes for https://lab.nexedi.com/nexedi/capago/merge_requests/235

/reviewed-on https://lab.nexedi.com/nexedi/erp5-capago/merge_requests/1

* explain how to use
* remove useless getTitle method
* fix indentation

merge rebased commits of nexedi/erp5/merge_requests/321

with:

`git cherry-pick nexedi/mr/321...47eba793~1`

Changes:
 * indentation and whitespaces between function and (. ( tips: use ignore whitespace for review)
 * usage of `new`. Some RSVP.Promise where not using `new`, some RSVP.all had an extra `new`
 * fix a "weird condition", javascript does not evaluate (a <= b <= c) same as python
 * change `var` declarations one per line, to be compatible with
   upcoming jslint version. Use a vars: true  directive so that jslint 2014-04-21 is also happy  (
   see https://stackoverflow.com/questions/34862541/expected-and-instead-saw-jslint-multivar-setting )
 * in function definitions: rename unused arguments as `ignore` or remove them when possible ( when they were last )
 * use named functions ( for exemple fillDialog ), otherwise jslint complain they are not in scope.

Otherwise, the event handler is set multiple times on the same #qunit-fixture element

It causes {msg: "jsPlumb: unknown connector type 'StateMachine'"} problem when jquery was already loaded

because it adds an action to edit business processes

This is to comply with
[jsl](https://lab.nexedi.com/nexedi/slapos/blob/ce15c54/component/jsl/buildout.cfg)
used in testXHTML

External dependencies are there

Run existing qunit test in zelenium framework, to easily integrate it in current test suite.

 * a graph which nodes have an empty coordinate Object should be auto layout
 * our approach cannot layout a graph without edges

RSVP.Monitor no longer exist.

Use the gadget's own monitor instead (not sure it is safe)

Not used in this test, but since it's made to be reusable in projects.

do not limit to the first script with errors

It produces almost same visual result

they may contain folder containing skins

Don't test a skin folder twice when business template is present more
than once

This replaces ERP5Site_checkPythonScriptsWithPyflakes that I guess
nobody was using

This reverts commit 91bb6bec.

use pylint, at least here

Name is unchanged, but it will use
Products.ERP5Type.Utils.checkPythonSourceCode which uses pylint.

 .. except from Draft and Submitted state.

Document security should be based on group, site, function defined on
document, sometimes publication section and or follow up, but the owner
should only be considered in draft state.

For conveniance (and compatibility), Owner is also allowed to view in
Submitted state. The use case is for when a user submit a document he
will not be allowed to see, for example because he made a mistake when
choosing properties, user is still allowed to view the document and
there's no unauthorized error.

We want to allow a user to set properties before publishing a document
and later, once the document is no longer draft, the security of the
document will be depending on these properties.

We want to prevent users to get permissions on a PDF document that would
be created by interactions and they are not supposed to see. For exemple
when we generate a PDF invoice and store it in document module. In this
case, as the interaction runs as the user, this user will have Owner
role implicitely.

(cherry picked from commit 1664e541)

This action should only be possible if user have View History
permission.

erp5_data_protection relies on removing the "View History" permission to
make sure users cannot see the properties before protection in the
history tab. This was supported by Base_viewHistory, but not by ZODB
History

(cherry picked from commit d2c08463)

This way, guarded_getattr is used and accessor permission is applied.