From b5153d8b7c732f565edbc3427dc03c262d62af7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9rome=20Perrin?= <jerome@nexedi.com>
Date: Tue, 9 Oct 2018 08:00:01 +0200
Subject: [PATCH] post: review Post API

* add a `source_reference` field to store message-id
* store the raw content "as is" - there is not preview for this reason (
  because it might be unsafe html or whatever)
* remove proxy roles on scripts. User must have permission.
* minor simplifications
---
 .../portal_skins/erp5_post/HTMLPost_view.xml  |   1 +
 .../HTMLPost_view/my_source_reference.xml     | 272 ++++++++++++++++++
 .../erp5_post/PostModule_createHTMLPost.py    |  15 +-
 .../erp5_post/PostModule_createHTMLPost.xml   |  11 +-
 .../PostModule_createHTMLPostFromText.py      |   5 +-
 .../PostModule_createHTMLPostFromText.xml     |  11 +-
 6 files changed, 288 insertions(+), 27 deletions(-)
 create mode 100644 bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/HTMLPost_view/my_source_reference.xml

diff --git a/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/HTMLPost_view.xml b/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/HTMLPost_view.xml
index 8337f99809..ee1a20568a 100644
--- a/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/HTMLPost_view.xml
+++ b/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/HTMLPost_view.xml
@@ -73,6 +73,7 @@
                     <value>
                       <list>
                         <string>my_title</string>
+                        <string>my_source_reference</string>
                       </list>
                     </value>
                 </item>
diff --git a/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/HTMLPost_view/my_source_reference.xml b/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/HTMLPost_view/my_source_reference.xml
new file mode 100644
index 0000000000..78269f6c4d
--- /dev/null
+++ b/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/HTMLPost_view/my_source_reference.xml
@@ -0,0 +1,272 @@
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="StringField" module="Products.Formulator.StandardFields"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>my_source_reference</string> </value>
+        </item>
+        <item>
+            <key> <string>message_values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>external_validator_failed</string> </key>
+                    <value> <string>The input failed the external validator.</string> </value>
+                </item>
+                <item>
+                    <key> <string>required_not_found</string> </key>
+                    <value> <string>Input is required but no input given.</string> </value>
+                </item>
+                <item>
+                    <key> <string>too_long</string> </key>
+                    <value> <string>Too much input was given.</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>overrides</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>alternate_name</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>css_class</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>default</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>description</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>display_maxwidth</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>display_width</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>editable</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>enabled</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>external_validator</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>extra</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>hidden</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>input_type</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>max_length</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>required</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>truncate</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>unicode</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>whitespace_preserve</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>tales</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>alternate_name</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>css_class</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>default</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>description</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>display_maxwidth</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>display_width</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>editable</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>enabled</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>external_validator</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>extra</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>hidden</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>input_type</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>max_length</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>required</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>truncate</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>unicode</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>whitespace_preserve</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>alternate_name</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>css_class</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>default</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>description</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>display_maxwidth</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>display_width</string> </key>
+                    <value> <int>20</int> </value>
+                </item>
+                <item>
+                    <key> <string>editable</string> </key>
+                    <value> <int>1</int> </value>
+                </item>
+                <item>
+                    <key> <string>enabled</string> </key>
+                    <value> <int>1</int> </value>
+                </item>
+                <item>
+                    <key> <string>external_validator</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>extra</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>hidden</string> </key>
+                    <value> <int>0</int> </value>
+                </item>
+                <item>
+                    <key> <string>input_type</string> </key>
+                    <value> <string>text</string> </value>
+                </item>
+                <item>
+                    <key> <string>max_length</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>required</string> </key>
+                    <value> <int>0</int> </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value> <string>Source Reference</string> </value>
+                </item>
+                <item>
+                    <key> <string>truncate</string> </key>
+                    <value> <int>0</int> </value>
+                </item>
+                <item>
+                    <key> <string>unicode</string> </key>
+                    <value> <int>0</int> </value>
+                </item>
+                <item>
+                    <key> <string>whitespace_preserve</string> </key>
+                    <value> <int>0</int> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
diff --git a/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/PostModule_createHTMLPost.py b/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/PostModule_createHTMLPost.py
index a1d7ac9666..13a544f715 100644
--- a/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/PostModule_createHTMLPost.py
+++ b/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/PostModule_createHTMLPost.py
@@ -1,4 +1,7 @@
+# XXX do we need two scripts ??
+
 portal = context.getPortalObject()
+traverse = context.getPortalObject().restrictedTraverse
 
 # create an HTML Post
 post_module = portal.post_module
@@ -6,14 +9,16 @@ post_module = portal.post_module
 now = DateTime()
 post_edit_kw = {
   "start_date": now,
-  "follow_up_value": context.getPortalObject().restrictedTraverse(follow_up),
+  "follow_up_value": traverse(follow_up),
   "text_content": data,
+  "source_reference": source_reference,
+  "title": title,
 }
-if predecessor not in (None, ""):
-  predecessor_value, = portal.portal_catalog(relative_url=predecessor, limit=2)
-  post_edit_kw["predecessor_value"] = predecessor_value.getObject()
+
+if predecessor:
+  post_edit_kw["predecessor"] = traverse(predecessor)
+
 post = post_module.newContent(
-  immediate_reindex=immediate_reindex_context_manager,
   portal_type='HTML Post',
   **post_edit_kw
 )
diff --git a/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/PostModule_createHTMLPost.xml b/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/PostModule_createHTMLPost.xml
index ab46081d23..25c2ca6d68 100644
--- a/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/PostModule_createHTMLPost.xml
+++ b/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/PostModule_createHTMLPost.xml
@@ -50,16 +50,7 @@
         </item>
         <item>
             <key> <string>_params</string> </key>
-            <value> <string>follow_up, data, predecessor=None, immediate_reindex_context_manager=None</string> </value>
-        </item>
-        <item>
-            <key> <string>_proxy_roles</string> </key>
-            <value>
-              <tuple>
-                <string>Assignor</string>
-                <string>Manager</string>
-              </tuple>
-            </value>
+            <value> <string>follow_up, data, predecessor=None, source_reference=None, title=None</string> </value>
         </item>
         <item>
             <key> <string>id</string> </key>
diff --git a/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/PostModule_createHTMLPostFromText.py b/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/PostModule_createHTMLPostFromText.py
index fa5858be2c..9a895907cd 100644
--- a/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/PostModule_createHTMLPostFromText.py
+++ b/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/PostModule_createHTMLPostFromText.py
@@ -1,6 +1,7 @@
 return context.PostModule_createHTMLPost(
+  title=data.splitlines()[0][:30] if data else None,
+  source_reference=source_reference,
+  data=data,
   follow_up=follow_up,
   predecessor=predecessor,
-  data="<p>" + data.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;").replace("  ", " &nbsp;").replace("\n", "<br/>") + "</p>",
-  immediate_reindex_context_manager=immediate_reindex_context_manager,
 )
diff --git a/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/PostModule_createHTMLPostFromText.xml b/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/PostModule_createHTMLPostFromText.xml
index c8313ac95a..140b494a5d 100644
--- a/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/PostModule_createHTMLPostFromText.xml
+++ b/bt5/erp5_post/SkinTemplateItem/portal_skins/erp5_post/PostModule_createHTMLPostFromText.xml
@@ -50,16 +50,7 @@
         </item>
         <item>
             <key> <string>_params</string> </key>
-            <value> <string>follow_up, data, predecessor=None, immediate_reindex_context_manager=None</string> </value>
-        </item>
-        <item>
-            <key> <string>_proxy_roles</string> </key>
-            <value>
-              <tuple>
-                <string>Assignor</string>
-                <string>Manager</string>
-              </tuple>
-            </value>
+            <value> <string>follow_up, data, source_reference, predecessor=None</string> </value>
         </item>
         <item>
             <key> <string>id</string> </key>
-- 
2.30.9