Anonymous Content Submission

The Requirement

So far we've created a business object and defined the workflow through which it will operate.  We could be done now, if all of our users had member accounts.  But for the purposes our business, we want anonymous users to be able to submit these suggestions.  This is good because:

1. Since this is a suggestion box, we want staff to be able to submit a suggestion under the guise of anonymous submission.  In reality, I could track them down by IP address and such, but they don't know that.
2. I don't want to have to maintain user accounts for 500 people.  Yes, I know I could integrate into our MS AD, or some such nonsense, but this is easier.

Anonymous Content Addition

We don't want users to be able to add content everywhere, though.  Just in one folder, so we'll start by creating that.

1. Go into your Plone instance and create a folder off of the Root called "Suggestions".  And in that folder, create another folder named "Archive".  We're going to be creating the actual improvementsuggestions in the "Archive" folder, and putting smartfolders in the "Suggestions" folder, as you'll see later on.
2. Now, go into the ZMI.  Yes, I know it's scary.  Yes, you've been told to stay away and set permissions in a different manner, but this is they way we're gonna do it.
   
   1. Browse to the /Suggestions/Archive folder and click on the properties tab.  You will see a huge grid of permissions.  Do not be afraid.  Scroll down until you see "add portal content".  Uncheck the "Aquire" box on the left, and check the "Anonymous" and "Authenticated" boxes on the right.
   2. Scroll down until you see "modify portal content".  Make sure "Aquire" is unchecked and check "Anonymous" and "Authenticated".
   3. Scroll down to the very bottom of the page and click "Save Changes".
3. Now close your web browser completely (or pull up a different one.  I user Firefox for dev, so I just pull of IE for this testing so I can keep my ZMI on screen), and go to your website.  Do not log in.  Browse to the /Suggestions/Archive folder.  You should be able to add a "improvementsuggestion" type object. 
   
4. TODO: Define custom permission for the ImprovementSuggestion type so that containing folder can be controlled the objects inside of it.  Right now, with this configuration, the folder is editable by anonymous, and this is undesirable.
   
5. Great!  Anonymous users can now add content, but there's a problem.

Preventing Anonymous Users from Editing

Now that anyone can add content, it's important to prevent those same anyones from being about to delete or modify that submitted content.  The way we will be handling this is to add a script that is executed automatically when the new content is saved that progresses it in it's workflow process.  We will move from the "Creating" state to the "Submitted" state.  If you remember (or click back on your browser), the Submitted state only allows modification of content by Managers and Reviewers, and not anonymous users.  We will be using a technique that I took from the PloneJobBoard project. 

We're gonna getting into the nitty gritty here.  We'll be editing files with a text editor.  One thing to know is that the changes that we're making will be overwritten if you regenerate the project with ArchGenXML.  So make sure you have your project checked into your CVS/Subversion system so you can diff the changes back in.  Or, just don't regenerate after this point... 

1. Go into your /Products/ProcessImprovement/skins/ProcessImprovement folder and create the following two files.  They comprise a script that will be executed and automatically propel the workflow.
   /Products/ProcessImprovement/skins/ProcessImprovement/ improvementsuggestion_post.cpy
   

   ## Script (Python) "improvementsuggestion_post"
   ##title=Post ImprovementSuggestion after validation
   ##bind container=container
   ##bind context=context
   ##bind namespace=
   ##bind script=script
   ##bind state=state
   ##bind subpath=traverse_subpath
   ##parameters=
   ##
   
   from Products.CMFCore.utils import getToolByName
   
   workflow = getToolByName(context, 'portal_workflow')
   workflow.doActionFor(context, 'Submit')
   
   return state.set(status = 'success',
                    portal_status_messsage = 'Thank you.')
   

   /Products/ProcessImprovement/skins/ProcessImprovement/ improvementsuggestion_post.cpy.metadata
   

   [default]
   title = Submit a suggestion
   
   [validators]
   validators =
   
   [actions]
   action.success = redirect_to:string:../
   action.failure = traverse_to:string:content_edit

2. Open up the /Products/ProcessImprovement/Extensions/Install.py file and do a search for the following:
   

       print >>out,'no workflow install'
   

   immediatly following that line, add the following

       controller = getToolByName(self, 'portal_form_controller')
       addFormControllerAction(self, out,
                                controller, 
                                template = 'validate_integrity',
                                status = 'success',
                                contentType = 'ImprovementSuggestion',
                                button = '',
                                actionType = 'traverse_to',
                                action = 'string:improvementsuggestion_post') 
   

   and add this to the bottom of the file

   def addFormControllerAction(self, out, controller, template, status, 
                                   contentType, button, actionType, action):
       """Add the given action to the portalFormController"""
   
       controller.addFormAction(template, status, contentType, 
                                   button, actionType, action)
       print >> out, "Added action %s to %s" % (action, template)
   
   

3. Now try anonymously creating a ProcessImprovement document.  You should be able to view it after creation, but not edit it and it's state should be "Submitted" instead of the default of "Creating".  Log in as a manager or reviewer and you should be able to progress it down it's workflow.