      erp5_stripe: introduce new module and features to handle Stripe checkout and payments in ERP5 · d0b448a2
      This business template contains a framework to integrate stripe checkout payments in ERP5.
      To configure the connector:
       - Create an account on stripe.com
       - In stripe.com's dashboard: Developers / API keys use "Create restricted key" to create a key with write access to "All Checkout resources".
       - Create a stripe connector in portal_web_services. Set URL to `https://api.stripe.com/v1/` and the restricted key created in the previous step
       - In stripe.com's dashboard: Developers / Webhooks use "Add endpoint", with "Endpoint URL" set to https://your.erp5.public.hostname/ERP5Site_receiveStripeWebHook and "Events to send" including all events from "checkout.session" category.
      To integrate in an ERP5 project:
       - Implement a custom script to start a checkout session. The script should call `StripePaymentSessionModule_createStripeSession` to initiate the session and redirect the end user to stripe checkout page.
       - Implement an interaction workfow on `Stripe Payment Session.complete` which inspects the value of `state_change['kwargs']['payment_status']` and implement the logic (such as create a payment transaction) depending on the status `"paid"` or `"unpaid"`.
      Example script to create session
      web_site = context.getWebSiteValue()
      data = {
        # custom web sections for success and cancel URLs
        "success_url": web_site.stripe_payment_session_success.absolute_url(),
        "cancel_url": web_site.stripe_payment_session_cancel.absolute_url(),
        "line_items": {
            "price_data": {
              "currency": "EUR",
              "unit_amount": 2000, # for 20.00 EUR
              "product_data": {
                "name": "Product Name",
            "quantity": 1
       # this will redirect the user to stripe checkout page
      return module.StripePaymentSessionModule_createStripeSession(
      Example interaction workflow script
      if state_change['kwargs']['payment_status'] == 'paid':
          portal_type='Payment Transaction',
          description="Stripe checkout ...",
      Implementation notes:
      * Add new stripe connector in ERP5 to access retrieve Stripe session
      * New ERP5 functional module to handle Stripe Payment Sessions
      * Stripe Payment Session reflects a payment transaction/session initiated using the Stripe Checkout solution.
      * Workflow associated with Stripe Payment Sessions provides for the "draft", "open", "completed" and "expired" states in order to reflect the existing states on Stripe.
      * Each Stripe Payment Session offers a history and complete traceability of the HTTP exchanges carried out between ERP5 and Stripe from the start and the end of the payment transaction. All Stripe API calls (createSession, retrieveSession) and Stripe webhook POSTs are logged as system events (HTTP Exchange ERP5) related to a Stripe Payment Session.
      * Add alarm to handle Stripe Payment Sessions open whose date are expired
      * Set web service as source in Stripe Payment Session
      accounting: allow Associate role to pass transitions on accounting transactions · b5463f27
      f0808ac6 (workflow: add workflow transition guard for non-user
      actions as well., 2015-11-18) broke some custom security
      configurations where doing an action on a document would modify an
      accounting transaction - but the user doing this action does not have
      access to accounting.
      This repairs the situation for accounting, by using the Associate
      role. The idea is that for such patterns where users "do something
      which will interact with accounting", the users also need an
      Associate role on accounting transaction portal types, which is in
      line with the meaning of Associate.
      officejs_support_request_ui: Support events with non accessible sender in RSS · 43e0d1d6
      To be consistent with slapos.core RSS and default values of fields
      in ERP5, where we only check the permission on the "context" document
      and tolerate displaying properties of context document even if
      accessing some properties of related documents caused an error.
      See also nexedi/slapos.core!433
