[Appstore] New upgrader constraint for SW apps migration

See merge request !21

bt5/officejs_test/TestTemplateItem/portal_components/test.erp5.testOfficeJSScenario.py

@@ -126,7 +126,7 @@ class TestOfficeJSScenario(testOfficeJSAppstoreMixin):
 
     page_content = response.read()
     self.assertTrue(
-      'document.location.replace("development/" + document.location.hash)' in page_content,
+      '<script data-appconfig="latest_version" type="text/x-renderjs-configuration">development</script>' in page_content,
       page_content
     )
     self.assertTrue(
@@ -144,7 +144,7 @@ class TestOfficeJSScenario(testOfficeJSAppstoreMixin):
     )
     self.assertEquals(
       response.getheader('Content-Security-Policy'),
-      "default-src 'self'; script-src 'unsafe-inline';"
+      "default-src 'self';"
     )
     self.assertEquals(
       response.getheader('X-Frame-Options'),
@@ -248,7 +248,7 @@ class TestOfficeJSScenario(testOfficeJSAppstoreMixin):
 
     page_content = response.read()
     self.assertTrue(
-      'document.location.replace("development/" + document.location.hash)' in page_content,
+      '<script data-appconfig="latest_version" type="text/x-renderjs-configuration">development</script>' in page_content,
       page_content
     )
     self.assertTrue(
@@ -266,7 +266,7 @@ class TestOfficeJSScenario(testOfficeJSAppstoreMixin):
     )
     self.assertEquals(
       response.getheader('Content-Security-Policy'),
-      "default-src 'self'; script-src 'unsafe-inline';"
+      "default-src 'self';"
     )
     self.assertEquals(
       response.getheader('X-Frame-Options'),
@@ -296,7 +296,7 @@ class TestOfficeJSScenario(testOfficeJSAppstoreMixin):
 
     page_content = response.read()
     self.assertTrue(
-      'document.location.replace("%s/" + document.location.hash)' % web_section.getId() in page_content,
+      '<script data-appconfig="latest_version" type="text/x-renderjs-configuration">%s</script>' % web_section.getId() in page_content,
       page_content
     )
     self.assertTrue(
@@ -314,7 +314,7 @@ class TestOfficeJSScenario(testOfficeJSAppstoreMixin):
     )
     self.assertEquals(
       response.getheader('Content-Security-Policy'),
-      "default-src 'self'; script-src 'unsafe-inline';"
+      "default-src 'self';"
     )
     self.assertEquals(
       response.getheader('X-Frame-Options'),

bt5/officejs_test/TestTemplateItem/portal_components/test.erp5.testOfficeJSScenarioRjsUI.py

@@ -120,7 +120,7 @@ class TestOfficeJSScenario(testOfficeJSAppstoreMixin):
 
     page_content = response.read()
     self.assertTrue(
-      'document.location.replace("development/" + document.location.hash)' in page_content,
+      '<script data-appconfig="latest_version" type="text/x-renderjs-configuration">development</script>' in page_content,
       page_content
     )
     self.assertTrue(
@@ -138,7 +138,7 @@ class TestOfficeJSScenario(testOfficeJSAppstoreMixin):
     )
     self.assertEquals(
       response.getheader('Content-Security-Policy'),
-      "default-src 'self'; script-src 'unsafe-inline';"
+      "default-src 'self';"
     )
     self.assertEquals(
       response.getheader('X-Frame-Options'),
@@ -242,7 +242,7 @@ class TestOfficeJSScenario(testOfficeJSAppstoreMixin):
 
     page_content = response.read()
     self.assertTrue(
-      'document.location.replace("development/" + document.location.hash)' in page_content,
+      '<script data-appconfig="latest_version" type="text/x-renderjs-configuration">development</script>' in page_content,
       page_content
     )
     self.assertTrue(
@@ -260,7 +260,7 @@ class TestOfficeJSScenario(testOfficeJSAppstoreMixin):
     )
     self.assertEquals(
       response.getheader('Content-Security-Policy'),
-      "default-src 'self'; script-src 'unsafe-inline';"
+      "default-src 'self';"
     )
     self.assertEquals(
       response.getheader('X-Frame-Options'),
@@ -290,7 +290,7 @@ class TestOfficeJSScenario(testOfficeJSAppstoreMixin):
 
     page_content = response.read()
     self.assertTrue(
-      'document.location.replace("%s/" + document.location.hash)' % web_section.getId() in page_content,
+      '<script data-appconfig="latest_version" type="text/x-renderjs-configuration">%s</script>' % web_section.getId() in page_content,
       page_content
     )
     self.assertTrue(
@@ -308,7 +308,7 @@ class TestOfficeJSScenario(testOfficeJSAppstoreMixin):
     )
     self.assertEquals(
       response.getheader('Content-Security-Policy'),
-      "default-src 'self'; script-src 'unsafe-inline';"
+      "default-src 'self';"
     )
     self.assertEquals(
       response.getheader('X-Frame-Options'),

bt5/officejs_upgrader/PropertySheetTemplateItem/portal_property_sheets/WebSectionAppstoreConstraint/ContentSecurityPolicy%20Consistency_constraint.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Script Constraint" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_identity_criterion</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>_range_criterion</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>categories</string> </key>
+            <value>
+              <tuple>
+                <string>constraint_type/post_upgrade</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>ContentSecurityPolicy Consistency_constraint</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Script Constraint</string> </value>
+        </item>
+        <item>
+            <key> <string>script_id</string> </key>
+            <value> <string>WebSection_checkAppstoreApplicationContentSecurityPolicy</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

bt5/officejs_upgrader/PropertySheetTemplateItem/portal_property_sheets/WebSectionAppstoreConstraint/PrecacheManifestScript%20Consistency_constraint.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Script Constraint" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_identity_criterion</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>_range_criterion</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>categories</string> </key>
+            <value>
+              <tuple>
+                <string>constraint_type/post_upgrade</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>PrecacheManifestScript Consistency_constraint</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Script Constraint</string> </value>
+        </item>
+        <item>
+            <key> <string>script_id</string> </key>
+            <value> <string>WebSection_checkAppstoreApplicationPrecacheManifestScript</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

bt5/officejs_upgrader/SkinTemplateItem/portal_skins/officejs_upgrader/WebSection_checkAppstoreApplicationContentSecurityPolicy.py

+web_section = context
+error_list = []
+
+if (web_section.getParentId() == 'application-list'):
+  csp = web_section.getLayoutProperty("configuration_content_security_policy", default='')
+  if (web_section.getAggregate() == 'web_page_module/gadget_ojs_appstore_redirect_page_html') \
+     and ("script-src 'unsafe-inline';" in csp):
+    new_csp = csp.replace("script-src 'unsafe-inline';", "")
+    web_section.edit(configuration_content_security_policy=new_csp)
+
+return error_list

bt5/officejs_upgrader/SkinTemplateItem/portal_skins/officejs_upgrader/WebSection_checkAppstoreApplicationContentSecurityPolicy.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>fixit=False</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>WebSection_checkAppstoreApplicationContentSecurityPolicy</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

bt5/officejs_upgrader/SkinTemplateItem/portal_skins/officejs_upgrader/WebSection_checkAppstoreApplicationPrecacheManifestScript.py

+web_section = context
+error_list = []
+
+if (web_section.getParentId() == 'application-list'):
+  if (web_section.getLayoutProperty("configuration_precache_manifest_script", default='') == ''):
+    web_section.edit(configuration_precache_manifest_script='WebSection_getAppstorePrecacheManifest')
+
+return error_list

bt5/officejs_upgrader/SkinTemplateItem/portal_skins/officejs_upgrader/WebSection_checkAppstoreApplicationPrecacheManifestScript.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>fixit=False</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>WebSection_checkAppstoreApplicationPrecacheManifestScript</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>