import transaction

def fix_workflow_permissions(ob):
    for name in ob.__dict__:
        if name.startswith('_') and name.endswith('_Permission'):
            delattr(ob, name)
    tool = ob._getWorkflowTool()
    workflows = tool.getWorkflowsFor(ob)
    for workflow in workflows:
        workflow.updateRoleMappingsFor(ob)
        
def main(app):
    portals = app.objectValues('Plone Site')
    for portal in portals:
        story_brains = portal.portal_catalog.search(
            query_request={'portal_type':'Story'}
            )
        for brain in story_brains:
            path = brain.getPath()
            print path
            ob = brain._unrestrictedGetObject()
            fix_workflow_permissions(ob)
            ob._p_deactivate()
    transaction.commit()

if __name__ == '__main__':
    main(app)