[hooks/security] Defer entity permission checks to an Operation.
Some of these checks may currently happen twice within the same
transaction and be costly.
This should be semantically safe. If people rely on some internal
transaction ordering to be allowed early (thus pass) while the
condition wouldn't be met at precommit time, their application is
broken. It however seems unlikely to happen in the real life (tm).
Closes #2932033
What's new in CubicWeb 3.15?
New functionnalities
* Add Zmq server, based on the cutting edge ZMQ (http://www.zeromq.org/) socket
library. This allows to access distant instance, in a similar way as Pyro.
* Publish/subscribe mechanism using ZMQ for communication among cubicweb
instances. The new zmq-address-sub and zmq-address-pub configuration variables
define where this communication occurs. As of this release this mechanism is
used for entity cache invalidation.
* Improved WSGI support. While there is still some caveats, most of the code
which as twisted only is now generic and allows related functionalities to work
with a WSGI front-end.
* Full undo/transaction support : undo of modification has eventually been
implemented, and the configuration simplified (basically you activate it or not
on an instance basis).
* Controlling HTTP status code used is not much more easier :
- `WebRequest` now has a `status_out` attribut to control the response status ;
- most web-side exceptions take an optional ``status`` argument.
API changes
* The base registry implementation has been moved to a new
`logilab.common.registry` module (see #1916014). This includes code from :
* `cubicweb.vreg` (the whole things that was in there)
* `cw.appobject` (base selectors and all).
In the process, some renaming was done:
* the top level registry is now `RegistryStore` (was `VRegistry`), but that
should not impact cubicweb client code ;
* former selectors functions are now known as "predicate", though you still use
predicates to build an object'selector ;
* for consistency, the `objectify_selector` decoraror has hence be renamed to
`objectify_predicate` ;
* on the CubicWeb side, the `selectors` module has been renamed to
Debugging refactoring dropped the more need for the `lltrace` decorator. There
should be full backward compat with proper deprecation warnings. Notice the
`yes` predicate and `objectify_predicate` decorator, as well as the
`traced_selection` function should now be imported from the
`logilab.common.registry` module.
* All login forms are now submitted to <app_root>/login. Redirection to requested
page is now handled by the login controller (it was previously handle by the
session manager).
* `Publisher.publish` has been renamed to `Publisher.handle_request`. This
method now contains generic version of logic previously handled by
Twisted. `Controller.publish` is **not** affected.
Unintrusive API changes
* New 'ldapfeed' source type, designed to replace 'ldapuser' source with
data-feed (i.e. copy based) source ideas.
* New 'zmqrql' source type, similar to 'pyrorql' but using ømq instead of Pyro.
* A new registry called `services` has appeared, where you can register
server-side `cubicweb.server.Service` child classes. Their `call` method can be
invoked from a web-side AppObject instance using new `self._cw.call_service`
method or a server-side one using `self.session.call_service`. This is a new
way to call server-side methods, much cleaner than monkey patching the
Repository class, which becomes a deprecated way to perform similar tasks.
* a new `ajax-func` registry now hosts all remote functions (i.e. functions
callable through the `asyncRemoteExec` JS api). A convenience `ajaxfunc`
decorator will let you expose your python function easily without all the
appobject standard boilerplate. Backward compatibility is preserved.
* the 'json' controller is now deprecated in favor of the 'ajax' one.
* `WebRequest.build_url` can now take a __secure__ argument. When True cubicweb
try to generate an https url.
User interface changes
A new 'undohistory' view expose the undoable transactions and give access to undo
some of them.