all: Ignore language when checking if URL is prefixed by WebSite's url

Otherwise
  https://example.com/foo
would match
  https://example.com/
but not the language-selector
  https://example.com/en/

bt5/erp5_web/SkinTemplateItem/portal_skins/erp5_web/WebSite_login.zpt

@@ -7,7 +7,7 @@
              came_from python: request.get('came_from') or request.get('field_came_from');
              isAnon here/portal_membership/isAnonymousUser | nothing;
              url_topmost_document python: here.Base_getURLTopmostDocumentValue();
-             came_from_valid python: not came_from or url_topmost_document.isURLAncestorOf(came_from);">
+             came_from_valid python: not came_from or url_topmost_document.getOriginalDocument().isURLAncestorOf(came_from);">
     <tal:block tal:condition="isAnon">
       <tal:block tal:define="dummy python: response.expireCookie('__ac', path='/');
                  url python: '%s/login_form?portal_status_message=%s' % (here.absolute_url(), here.Base_translateString('Login and/or password is incorrect.'));

product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_cancel.py

 topmost_url_document = context.Base_getURLTopmostDocumentValue()
-if not topmost_url_document.isURLAncestorOf(cancel_url):
+if not topmost_url_document.getOriginalDocument().isURLAncestorOf(cancel_url):
   return context.ERP5Site_redirect(topmost_url_document.absolute_url(),
     keep_items={'portal_status_message': 'Redirection to an external site prevented.'},
     **kw)

product/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/logged_in.py

@@ -40,7 +40,7 @@ if REQUEST.get('is_user_account_password_expired_expire_date'):
               hour_minute=1)})})
 
 topmost_url_document = context.Base_getURLTopmostDocumentValue()
-if not topmost_url_document.isURLAncestorOf(url):
+if not topmost_url_document.getOriginalDocument().isURLAncestorOf(url):
   return topmost_url_document.Base_redirect(
     keep_items={
       'portal_status_message': translateString('Redirection to an external site prevented.'),

[Jérome Perrin]

I think we have failures like https://erp5js.nexedi.net/#/test_result_module/20240923-13084D824/315 because getOriginalDocument is not defined on ERP5Site, so when logged_in is called on the context of portal object, this fails.

With 5820860d test would pass, but I'm not sure if it's the best fix.

[Vincent Pelletier]

Oh, nice catch, thanks.

IMHO the best fix is to get ERP5Site to inherit from Base (and possibly more, so it becomes a more normal document - like being able to call activate on it). I expect bootstrap to be possible given how portal_types is a portal-typed document itself, for example. But in the meantime I think your proposed commit should be the best. Could you push it to master please ?

[Jérome Perrin]

Thanks, yes also I have the same feeling that ERP5Site should inherit from Base. Every time we changed class hierarchy it was more complex than what I expected, so for now pushing this fix is enough but it's something we should try one day.