Python script to hide ploneformgen form after user has filled it out. (For Plone-4.3.2-64.)

Question

After a user has filled out a (ploneformgen) form , I would like to use a custom script adapter to call a python script to change the user’s local role so that they can’t see th

Answer 1

I worked out what was going on, but I'm not sure how to describe it precisely. Basically, I found that by calling the script as a Custom Success Action (form > edit > overrides), I don't get the problem. So I think that by calling the script as custom script adapter I was trying to change the user's permission while they were still engaged with the form and that is impossible, even with the Manager proxy role.

I hope that helps. And if anyone has a more precise description of the problem, that would be appreciated.

Answer 2

For granting and revoking the permissions to submit a form, you could:

1. Create a group (e.g. with the ID "Submitters") and assign the chosen users to it
2. Make sure the form-folder has the state 'private' and grant View-permissions via the sharing-tab of the form-folder to the group
3. Add a content-item of type 'Page' in the form-folder's parent (e.g. with the ID 'submitted') and set its state to 'public'
4. Add a content-item of type 'Custom Script Adapter', select 'Manager' in the field 'Proxy role', and insert the lines below into the field 'Script body':

# Remove current user of group and redirect to [FORM_PARENT_URL]/landing_page_id'.
# If user is not in group, fail silently and continue.
# Fail if landing_page_id does not exist in form-folder, or one of its parents.
#
# Assumes a page with the ID as declared in `landing_page_id` lives in the
# form-folder's parent (or one of its grand-parents, first found wins),
# and holds the state 'public', so users can view it regardless of their
# group-memberships.
#
# Ment to be used after submission of a PloneFormGen-form with private-state and
# a locally assigned Reader-role for the group, so only group-members can view and
# submit the form.

from Products.CMFCore.utils import getToolByName


group_id = 'Submitters' # change as needed

landing_page_id = 'submitted' # change as needed

portal_groups = getToolByName(ploneformgen, 'portal_groups')

user_id = ploneformgen.memberId()

parent_url = '/'.join(ploneformgen.absolute_url().split('/')[:-1])

redirect_to_url = parent_url + '/' + landing_page_id

# Revoke current user's group-membership:
portal_groups.removePrincipalFromGroup(user_id, group_id)

# Let user land in userland:
request.response.redirect(redirect_to_url)

Tested with Plone-4.3.11 and Products.PloneFormGen-1.7.25

Answer 3

Ugly ugly way to handle this may be to access to the data saver field's download method and parse its output to find data to check. For example, if username is the second pfg field added into form, a custom script adapter that prevents furthers fillings by a user may be

alreadyInDB = False
savedData = ploneformgen.savefield.getSavedFormInputForEdit()
username = request.AUTHENTICATED_USER.getId()

usersInDB = [x.split(',')[1] for x in savedData.split('\r\n') if len(x)>0]

if username in usersInDB:
    alreadyInDB = True

if alreadyInDB:
    return {'username': 'No way man!'}