Provide sufficient context to check 'delete' permission in AjaxEditRelationCtxComponent Call rdef.check only when both fromeid and toeid are available. Though only call it once (for the first encountered related entity). Factorize a bit to keep handling of CSS/JS addition the same. Closes #3670209.

merge 3.19.6 into 3.20 branch

Added tag cubicweb-version-3.19.6, cubicweb-debian-version-3.19.6-1, cubicweb-centos-version-3.19.6-1 for changeset 934341b848a6

[test] missing unittest.main() call in unittest_http_headers.py

[test] make unittest_webconfig independant of CWD if apphome is unset in ApptestConfiguration constructor, this later looks for a 'data' directory in CWD, making this test runnable only from web/test (and pytest do chdir before executing tests, so we did not noticed this problem).

[webctl] do not ask questions if verbosity is at 0 Closes #4641960.

[web] Slight tweak on jQueryUI's colors on links (related to #4564046) Follow up to commit 16f550b48d57 which was somewhat brutal. This change only overrides jQueryUI's CSS rules inside tab panes and leaves actual tab buttons alone.

[view] Remove unused imports

Remove obsolete __future__ imports Generators have been available since 2.3, "with" statements since 2.6.

[devtools] Remove unused local function Unused since cw's first commit.

[uihelper] Fix a possible NameError in meta_formconfig could occur when using FormConfig with a custom uicfg object. Closes #3802298.

[devtools] Avoid db_cache collisions and mis-loading This is done by stopping to share the db_cache between TestDataBaseHandler instances It may seem overkill, but is the only way I could get it to work properly. I think the whole db caching code needs some rework to better work with different db handlers. Closes #4601328

[devtools][pg] Remove a wrong assertion in _backup_database When using pre_setup_database, a repo gets initialised before calling backup_database. Hence self._repo is NOT None it that case.

[pkg] prepare 3.19.6

[merge] backport 3.18 fixes

Accept '==' operator in cubes dependencies '==' is the operator used in the python dependencies specifications. See PEP 440 http://legacy.python.org/dev/peps/pep-0440/#version-specifiers Using the same operator in cubes dependencies allow to make setuptools handle the cubes dependencies while keeping cubicweb happy about the dependencies. Closes #4375144

[session] don't silently ignore commits commits while in the precommit or postcommit phase are silently ignored. This is OK in precommit since there'll be a commit afterwards anyway; OTOH in postcommit it may surprise the developer who didn't read the documentation for postcommit operations carefully enough. Related to #4383922.

[migration/bootstrap] add explicit index removal for sqlserver, be tolerant to migration replay Closes #4618944.

Added tag cubicweb-version-3.18.7, cubicweb-debian-version-3.18.7-1, cubicweb-centos-version-3.18.7-1 for changeset cb96f4403cf2

[pkg] prepare 3.18.7

[migration/3.18] speed up the migration and be a little bit more informative Closes #4619277.

[schemaserial] be robust against duplicated CWUniqueTogetherConstrain entities arising from bug in the pre 3.18 era Closes #4619278.

[server] Handle unique constraint violations under recent sqlite The error message changed from "columns foo, bar, baz are not unique" to "UNIQUE constraint failed: table.foo, table.bar, table.baz". Closes #3564510

[merge] backport 3.17 fixes

Added tag cubicweb-version-3.17.18, cubicweb-debian-version-3.17.18-1, cubicweb-centos-version-3.17.18-1 for changeset cda4b066933f

[pkg] prepare 3.17.18

[source/native] handle newer Integrity error messages from sqlite > 3.7 Similar to a0cf2993b6d3 that was done for 3.18.

[source/native/backup_restore] have a unique tunable blocksize for the dump phase Thus we make memory errors much less likely. Closes #4618949.

[urlpublishing] handle sub-types in RestPathEvaluator Since commit 31a1813d53f3 "[entity/url publishing] fetch_rqlst should use 'is_instance_of' instead of 'is'", the RestPathEvaluator's input rset can have more than one etype, so it can't always use sameetypelist. Related to #3825488

[views] fix ecsvexport selector introduced by e48e5a597ccc Fix the view and make web/test/test_views.py pass again.

Add custom checker for Password values We override the default converter to pass Binary values through, but don't do anything about the checker. This worked previously because yams allowed StringIO instances, although its converter didn't do the right thing for them. Fixing this in yams requires that we properly register a checker.

[component] give Links a __repr__

[debian] move markdown dependency from cubicweb-web to cubicweb-common Pointed out by David Douard.

[web/auth] stop playing games with locals() We only want to know if any retriever found something.

[entity] rather than crashing with an IndexError on entity creation, raise a meaningful exception

[web] partial backout of #8391bf718485 to restore RelatedObjectsVComponent Apparently the intended deprecation did not work, and this component is used in at least the tracker cube.

[server] typo fix

[devtools][pg] Activate the non-durability settings of Postgresql. It speed up the PG tests by a factor of 3. See http://www.postgresql.org/docs/current/static/non-durability.html.

[server] fix LoginPasswordAuthentifier.authenticate some kind of typo there.

[web] Override jQueryUI's colors on links (closes #4564046)

[hooks] Fix precommit event logging message

[service] allow repo_stats for users It's used by the siteinfo view, which is available to managers and users. This change prevents a crash in that view.

[views] Escape class attribute value in CWGroup incontext view

[devtools] use a specific test_db_id when disabling anon The anonymous user is created (or not) in postcreate, which for tests means when creating the cached empty database. The anonymous_allowed=False test classes should thus not share their template db with other test classes, otherwise either they end up with an unexpected anonymous user, or the others miss theirs and things fall apart.

Restrict yams version CW 3.19 is not compatible with yams >= 0.40

[facets] Honor 'start_unfolded' facet attribute (closes #4502799)

[facets] Correctly look for inputs of type "hidden" (closes #4502768) jQuery ':hidden' selector looks at CSS visual properties (eg, 'display', 'visibility'). The intent here was probably to look for inputs of type "hidden", which many facets use to store user selection data (eg, FacetRangeWidget). The problem is that regular text inputs (eg the "has_text" facet which has a '<input type="text"/>') will be picked up by this selector if they are inside a folded facet. Chaos and destruction ensue.

[web] Cache results from 'i18n' ajax controller (closes #4487856) This is a simple transient cache which will be forgotten as soon as the user leaves the current page.

[web] There is no global noop(), use jQuery's instead (closes #4487832)

[server] Add missing import of logilab.database Closes #4469407.

[migration] hackish black magic to bootstrap addition of formula attr during migration Turns out we can't add an attribute to CWAttribute before the attribute exists. add_attribute generates rql with a 'formula' relation, which CW doesn't know about yet, so things get unhappy. Once that is fixed, we need to make the CWAttribute addition operation deal with CWAttribute entities that don't have a formula yet. Finally, move the migration to bootstrapmigration_repository so it happens early on, and use add_entity_type rather than add_relation_type for CWComputedRType.

[server] commit after serializing schema Use separate transactions for schema serialization and postcreate scripts execution, so that the latter can rely on the schema being persistently stored. This matters e.g. if something in a postcreate violates a unique_together constraint, we need the constraint persisted in order to raise a meaningful error. See #4525069.

[book] fix docstrings to please sphinx example rst roles in docstring must be protected (in a literal).

[book] several fixes in the rst files - prevent duplicate markup definitions, - use existing Workflow markup instead of redefining one (in baseschema.rst) - include dataimport - fix non-existant directive autodocfunction - remove the empty 'embedding.rst' file

[book] activate the viewcode extension Automagically make link to class/modules/etc. it finds in the documents.

[book] new theme based on pyramid theme (closes #4291287)

Remove unused lgc.interface imports and leftovers

[repository] provide a .new_session entry point The current .connect only returns a `sessionid` which must be given to repo._get_session(...) to get the real session object. Related to #4151635.

[devtools/testlib] Use actual 'admin' user configuration values Previously ``db-user`` and ``db-password`` configuration values were used to fill ``admlogin`` and `admpassword`` attributes of CubicWebTC. The correct data for these should read from `[admin]` section. Closes #4065070.

[forms] closes #2437859 - Detect and prevent concurrent edition of the same entity. Add the timestamp of form generation to each entity's meta-information fields. On form validation, check that no concurrent change is overwritten and raises a ValidationError in case of concurrent change. A nicer handling with a message and a link to the new version of the entity would be a good thing...

[migration] make sure the repo knows about all constraint types Adding new constraint types is cumbersome. It's easy to forget to do it in a migration script. So sync the constraint types at the beginning of each migration. Closes #3724892

[migration] stop caching the mapping from constraint type name to eid It's not so frequent that a cache seems necessary, and we were not invalidating that cache when adding a new constraint type. Related to #3724892.

[web/json] an empty rset is just fine for ejsonexport The ejsonexport view can just return an empty list for an empty rset. Closes #4005518

[RichString] Add markdown support Supporting markdown requires the 'Markdown' python packages, and since it widely available on the target platforms adding it as a strong requirements will not be a big constraint. Closes #3814302

[ldapfeed] Reduce default value for user-attrs-map option (closes #3824889) This is needed because lgc.configuration.Configuration does not allow removing key/value pairs from the default (due to its use of dict.update() internally). Since CWUser.login is required, users of the add-source command will always be able to override it.

[serverctl] Ask for URL when adding a new source (closes #3824868)

[serverctl] Ask for parser type when adding a new source (closes #3484231) Remove 'quick_start' option to load all AppObjects, including feed parsers.

[doc/3.20] more details on removed code related to #3799117

remove 3.11 bw compat Closes #3799117.

remove most 3.10 bw compat Related to #3799117. The boxes and entityvcomponent objects cannot really be removed as they are still used throughout the code base (and possible cubes). This may be caused by a non-working deprecation and needs some more work.

remove leftover pre 3.9 deprecation warnings

[utils] Remove function-in-the-middle call

[web] set Vary response header to "Accept-Language" when using content negotiation This is slightly annoying because the response actually only varies based on the language we decide to send, which has much fewer possible values than Accept-Language, but that's not in the request, so we can't easily use it. Deployments using varnish or similar and controlling the set of available languages will likely want to override this to allow reasonable amounts of caching. Closes #2105812

[web/cors] don't overwrite other Vary headers Vary is a list of request headers, we shouldn't override others.

[web] add support for HttpOnly cookie flag And use it for session cookies. Closes #4142521.

merge 3.19.5 into 3.20 branch

Added tag cubicweb-version-3.19.5, cubicweb-debian-version-3.19.5-1, cubicweb-centos-version-3.19.5-1 for changeset 3ac86df519af

i18n update 4 strings have disappeared.

[pkg] 3.19.5

[server] hold connection to the db in tx_actions We can be called without a cnxset (e.g. from repoapi).

[wsgi] If multipart cannot parse the POST content, let it pass. multipart can only parse html form data. It the content_type is, for example, "application/json", get_posted_data should not fail but just stop trying to read the content. Closes #4421845

[devtools] Fix JS tests' HTML code

[devtools] "Keep" some temporary files/dirs around to help with debugging The whole QUnitTestCase runs with an @with_tempdir so it's redundant anyway.

[devtools] Fix Firefox launcher in QUnitTestCase (closes #4294727) The main changes are: - stop creating the profile, firefox will create it - point firefox to a profile directory instead of giving it a profile name (this has the added bonus of not polluting the user's profile list) - start firefox once and kill it 5 seconds later to let it finish its profile creation (along with system-wide extensions setup)

[devtools] allow cross-origin requests for qunit We have a mix of file:// html and http:// ajax calls. Which we should at some point fix to all be http, but. Related to #4294727.

merge 3.19.4 in 3.20 branch

[cors] Fix CORS headers generators The Access-Control-Allow-* and Access-Control-Expose-Headers are response headers, not request headers. Hence, we need generators for them. Closes #4412575.

[wsgi] Fix posted files filename reading The filenames are parsed by multipart.parse_form_data, which does the unicode decoding. Trying to re-decode the filename was leading to an error.

[pkg] Depend on Pillow instead of PIL The Pillow library is becoming the de-facto replacement for PIL. It also is way simpler to install with pip than PIL. Closes #4411354.

Added tag cubicweb-version-3.19.4, cubicweb-debian-version-3.19.4-1, cubicweb-centos-version-3.19.4-1 for changeset c4e740e50fc7

[pkg] 3.19.4

merge 3.18.6 into 3.19

Added tag cubicweb-version-3.18.6, cubicweb-debian-version-3.18.6-1, cubicweb-centos-version-3.18.6-1 for changeset d91501356742

[pkg] 3.18.6

[hooks/security] allow edition of attributes with permissive permissions If an attribute has more permissive security rules than the entity type itself, we should be green and not deny action because of an early global entity permission check (with the more restrictive rules). Only if one attribute with the entity-level permission rules is edited will the global check be performed. Note: * the "if action == 'delete'" check at the entry of check_entity_attributes is a guard for a condition currently not happening in cubicweb itself (but application hooks could conceivably call this function with a 'delete' action) Closes #3489895.

Almost backout afcd46716d6a which breaks _select_best raising an ambiguity exception in debug mode. The problem is, before afcd4, *tests* ran in debug mode and we want this (e.g. we want to show, rather than swallow, select ambigüities). We juste replace the bogus __init__(vreg.config) by __init__(True), which is practically equivalent and also much more clear.

[server] fix anonymous_user predicate in tests devtools' TestServerConfiguration overrides the anonymous_user method, but not the anonymous-user config option, so testing for the latter would give the wrong result. Closes #3996664.

[entities] cw_rest_attr_info() should only consider required attributes (closes #3766717) This prevents CW from choosing unique but non-required attributes. None/NULL is a poor choice for RESTful URIs.

[views] csvexport accept an empty rset (closes #4236928) When you tried to apply the 'csvexport' view on an empty rset, the view couldn't be selected and you got a HTTP 500 error. Also add two new test cases.

[views] Display attributes in entity creation form based on "add" permission Previously, the "update" permission was used. Hence in case the latter is more restrictive that the "add" permission, an user may not be able to set such an attribute, despite she may have "add" permission on it. As a result of the change of permissions action in `editable_attributes` method (add/update depending on whether the entity is being created or modified), the "eid" attribute would have shown up in the edition form. To avoid this, it is moved in the "hidden" section (where it should arguably belong anyways). Closes #4342844.

[datafeed] Commit after all deletions in datafeed parser This avoids misleading validation error because schema constraints could be temporarily broken depending on the deletion order. Closes #4372127.

[schema] CWComputedRType is a schema type Hide it from the default views.

[doc] proofreading CWEP002 section

[CWEP002] document computed relations and attributes Related to #3546717.

[CWEP002 migration] support sync_schema_props_perms for computed attribute

[CWEP002 migration] support drop_relation_type/drop_relation_definition/drop_attribute for computed attributes

[CWEP002 migration] support add_relation_type/add_attribute for computed attributes Related to #3546717.

[CWEP002] properly handle serialization of computed attributes Until this cset, only serialization of computed attribute's formula was handled (thanks to the relation definition's properties dict). We now: * properly serialize/deserialize attribute's formula * test first if the database has been migrated and contains related column or not Related to #3546717

[CWEP002] Add support for computed attribute synchronization Related to #3546717. Test and handle the behaviour with several formulas and identified use cases. To do so add a birth year and a computed attribute age to Person in the test schema.

[CWEP002] Add schema finalization checks for computed attributes ``finalize_computed_attributes`` essentially checks that computed attributes types match with the type declaration of the attribute. Related to #3546717.

[CWEP002] Account for attribute formula in schema bootstrap This isn't enough to have computed attribute support, it is only in order not to crash when yams 0.40 is used. Related to #3546717.

[CWEP002 migration] support sync_schema_props_perms for computed relations

[CWEP002 migration] support add_relation_type for computed relations Related to #3546717.

[CWEP002 migration] support drop_relation_type for computed relations Related to #3546717.

[CWEP002 migration] properly raise exception on (add|drop)_relation_definition for computed relation Related to #3546717

[hooks] do not abuse of inheritance for CWRType hooks Just copy the selector to ease readability.

[schema serial] add some comments

[schema] define full_rql on RQLExpression class without it, we may have an error while displaying error which occured during some expression initialization because this attribute is not yet defined while used in the __str__ method.

[schema] properly raise BadSchemaDefinition when some expression mains variables may not be guessed

[CWEP002] properly handle serialization of computed relations We now: * have CWComputedRelation in the bootstrap schema to store computed relations * properly serialize/deserialize it * test first if the database has been migrated and contains the related table Related to #3546717 [jcr: adjust unittest_querier to pass with the added entity type]

[CWEP002] Plug the computed relation rewriter in the querier Related to #3546717.

[CWEP002] refactor rql read security checking Split 'check_read_perms' into 'check_relations_perms' which checks relations 'read' permissions and 'get_local_checks' which build dictionary of local security checks (rql expression) for variables. This allows to check relations 'read' permissions earlier in the process and so to prepare insertion of the rql rewriter: we want to check permissions of the computed relation, not permissions of relations introduced by the associated rule, to conform to the CWEP. Related to #3546717

[CWEP002] introduce RQLRelationRewriter Refactor existing RQLRewriter for later reuse of rewriting relation as specified by CWEP002. Work is different because we simply want to replace a relation by another rql snippet and we don't have to bother with EXISTS, subqueries and all. This rewriter is not yet plugged into the querier. Depends on yams 0.40 API. Related to #3546717

[CWEP002] Add schema finalization checks for computed relations (rules) Related to #3546717

[schema] add utility function to build a CubicWebSchema from a namespace Will be useful for testing computed attributes and relations.

Fix test migration crash waiting to happen due to inferred relations Avoid crashing when a relation definition which is already known (due to being inferred) gets explicitly added. As explained in a comment, this would deserve more thinking, but at least this fixes a test failure with computed relations.

fix typo in syncschema hooks

[test] Make test_undo_api less random The order in which hooks are run is not predictable if they have the same 'order' attribute, which is the case for SetOwnershipHook and SetInitialStateHook. So don't assume in_state will be set before created_by.

merge 3.17.17 into 3.18 branch

[wsgi] Fix unicode decoding in POST The application/x-www-form-urlencoded sent by firefox or chrome is utf-8 encoded BEFORE being urlencoded. Hence, decoding must urldecode THEN decode the utf-8 string, and not the other way around.

[wsgi] add the --debug / -D option to the wsgi command

[wsgi] Fix multiple variables reading in params Closes #4306081

[wsgi] Set self.vreg Closes #4306049

[wsgi] Add missing import Closes #4305988

[wsgi] Fix https detection - 'HTTPS' is not part of wsgi, it is a CGI variable. The right wsgi variable is 'wsgi.url_scheme' - Force https if url starts with '/https/' (and remove the prefix from the path. Closes #4305985

[wsgi] Re-set the request content after calling the inherited constructor. Closes #4191813

[wsgi] Honor the 'CONTENT_TYPE' wsgi variable See http://legacy.python.org/dev/peps/pep-0333/#environ-variables Closes #4191812

Added tag cubicweb-version-3.17.17, cubicweb-debian-version-3.17.17-1, cubicweb-centos-version-3.17.17-1 for changeset 57e9d1c70512

[pkg] prepare 3.17.17

[web/headers] don't list a request header twice in "Vary"

[test] silence a few more deprecation warnings in unittest_hooks self.session → cnx.

[session] call rollback in Connection.__exit__ If we just free the cnxset and clear the Connection, we're missing the pending operation's rollback_event callbacks, which may be needed for cleanup.

[devtools] pre_setup_database takes a Connection, not a Session

[source/native] cPickle is available in all supported pythons

devtools: deprecate .req_from_url Which uses .request() And instead provide .admin_request_from_url, which is a context manager yielding the request.

[tests] Add a webtest based TestCase class Closes #4002134

[tests] Move 'anonymous_allowed' property from CubicWebServerTC to CubicWebTC The effective set of the property on the config is now done later that before, ie at the end of CubicWebTC.init_config instead of before. It is believed not to have an impact on the test suites that uses `anonymous_allowed`. Related to #4002134

[compat] Remove imports of "any" and "all" from lgc (closes #4306044) They're builtin since python 2.5.

[css] Remove the `div` tag specification of the pendingDelete css rule The HTML tag was changed by e2f96b16c3bd from a div to a span without changing the css rule accordingly. Closes #4285248.

[cwvreg] cleanup the event manager when reloading modules Closes #3848995 The event manager callbacks are not cleaned during reloading. So the callback defined in the reloaded module appears twice (old and new version). This may cause problem when the old version is called.

[test] Add missing attribute 'add' permission in test schema Silences yams warning.

[facet html] Add surrounding div with "facetBody" class to "has_text" facet. This makes its html structure consistent with the other facets and fixes both css and a javascript behaviour (hide the facet body when clicking on its title). Closes #3797501.

[cwctl] don't prompt for cube options in automatic mode Closes #3984223

[serverctl] fix default value for db-init config-level Otherwise cubicweb-ctl db-init --automatic complains that "--automatic and --config-level should not be used together" when they weren't. Closes #3984336

[web] Return useful error messages when exceptions arise in ajax controllers (closes #3932503) The call to super() in RemoteCallException passes 'reason' all the way to python's Exception.__init__() which is then stored in Exception.args. This way, CubicWebPublisher.ajax_error_handler() gets a useful error message when calling unicode(exc). The change to uilib is just to prepend the exception type name. Just a small improvement.

[test] Fix test breakage uncovered by previous changeset Now that Binary.__eq__ doesn't always return true, this test started failing. CWAttribute.defaultval is zpickled, and the description_format attribute is a String, meaning unicode, so adjust the expected test result.

[etwist] use more specific REQUEST_ENTITY_TOO_LARGE instead of BAD_REQUEST When a request body exceeds the configured limit, return 413 to the client instead of a generic 400.

[entities, view] delete dead code The auto_unwrap_bw_compat metaclass calls unwrap_adapter_compat, which was removed in changeset 697a8181ba30 "remove 3.9 bw compat". So this can't possibly work anymore, meaning we can get rid of it.

[book] stop talking about the hg `forest` extension

[book] update sections about dependencies This is probably incomplete, but it's a start.

[web/component] move unicode() call around Makes Aurélien happier.

[web/js] replace callAddOrDeleteThenReload with more generic callAjaxFuncThenReload That's going to be a more useful replacement for callUserCallbackThenReload. Closes #4178566.

[hooks/syncsession] try to remove cnx vs session confusion

Fix Binary.__eq__ (closes #4172701) Due to a typo we always returned true, which was unhelpful.

[dataimport] stop ignoring errors on flush That can only result in database corruption.

[dataimport] don't commit on flush Changeset 26cdfc6dd6f8 introduced this confusion for no apparent reason, and it doesn't make much sense.

[test] Add test for dataimport's RQLObjectStore

[dataimport] Stop swallowing errors from commit/flush Silent DB corruption is not OK. Also drop comment from ObjectStore.commit that I don't understand.

[dataimport] Update RQLObjectStore to Connection API Take a connection instead of a session. Don't play games with set_cnxset.

[dataimport] remove _rql heresy 1) ObjectStore knows nothing about rql, it just drops it on the floor 2) RQLObjectStore has a session, it can run rql that way 3) setting an object's "_rql" attribute is not a reasonable user-facing interface Also drop _commit attribute from base ObjectStore, it doesn't use it.

[dataimport] remove dead code The only caller of ObjectStore._put is ObjectStore.create_entity, which RQLObjectStore overrides (and doesn't call up).

[dataimport] do not use sys.exit() to raise missing argument error Related to #3845572

[dataimport] _create_copyfrom_buffer: add the tests Related to #3845572

[dataimport] _create_copyfrom_buffer: do not ignore columns if data is a list Related to #3845572

[dataimport] _create_copyfrom_buffer: fix datetime converter + add time converter Include second and microsecond in the output instead of dropping them on the floor. The time zone is not supported for now, though. Related to #3845572

[dataimport] _create_copyfrom_buffer: raise ValueError if conversion cannot be performed If the conversion fails, there is no reason to continue execution. One should notify the error. Continuing after a misconverted data could corrupt the database. Related to #3845572

[dataimport] _create_copyfrom_buffer: fix separator check in string converter The empty string is a valid replace_sep. Related to #3845572

[dataimport] _create_copyfrom_buffer: put converters into a list Cleans up the code to avoid a succession of ifs. Related to #3845572

merge 3.19.3 into 3.20 branch

Added tag cubicweb-version-3.19.3, cubicweb-debian-version-3.19.3-1, cubicweb-centos-version-3.19.3-1 for changeset 37f7c60f89f1

[pkg] prepare 3.19.3

merge from 3.18 branch

merge 3.17.16 into 3.18 branch

Remove uses of logilab.common.compat.{all,any} They're just aliases to the builtin ones on python 2.5+. If anyone needs convincing: >>> from logilab.common import compat >>> compat.any <built-in function any> >>> compat.all <built-in function all>

remove references to global environment variable APYCOT_ROOT

Add warning messages when enabling remote pickle-based repository access Warn when starting a pyro or zmq-only repo, or when one of these access methods is enabled. Closes #2919295

[web] Fix expiry of anonymous sessions (closes #4154479) Things like: try: foo except: bar else: baz doesn't work very well if you expect baz to run even in the exception case. Plus, session.cnx.check() is a dbapi remnant, so drop it and just look at session.mtime.

[hooks/syncschema] avoid altering a dropped table If the constraint's rdef is being removed, CWConstraintDelOp doesn't need to do anything. Otherwise it may try to alter a removed table/column. Closes #4154549

[js] fix name error

[devtools] improve error message when postgresql tools are missing By default in at least Debian, some pg tools are not present in the PATH. Or they may not be installed. But the tests tools expects them to be in the PATH, and give an unhelpful 'No such file or directory' backtrace if they're not found. To help devs using the pg tests we improve the error message.

[server] Replace non portable strftime formatter (closes #4132161)

[web/request] use a picklable Counter object for tab index counters Related to #1381328.

[web/auth] The auth retriever's authenticated() callback takes a session, not a cnx We don't have a cnx at that point.

[test] Fix the query-log-file test Testing this functionality in a CubicWebTC is awkward because the wrapping happens in handle_request, which tests basically bypass (they call core_handle directly, and do their own magic for linking the request with a cnx). The test method worked when ran on its own, but not together with the rest of the test class. So use a CubicWebServerTC instead, which goes through the whole stack.

[doc/book] spelling fixes in security tutorial

[doc/book] spelling fixes in "testing" chapter

[datafeed sources] finish the session -> cnx switch Related to #3933480.

[doc/book] update examples, using the new connection api

[test/entities] use the new connection api

[web] restore query logging functionality (closes #3972561) The query-log-file option stopped working when the web stack was moved from dbapi to repoapi.

[cwctl] make cubicweb-ctl versions lighter (closes #4002158) Set config.quick_start to avoid unnecessary appobjects and schema loading.

Added tag cubicweb-version-3.17.16, cubicweb-debian-version-3.17.16-1, cubicweb-centos-version-3.17.16-1 for changeset a979d1594af6

[forms] consider inline creation form information as linkto info. Closes #3161121

[pkg] prepare 3.17.16

[reledit] Fix reledit icons jumpiness (closes #4106867) Introduce an "invisible" class (copied verbatim from Bootstrap) that only sets the "visibility" property. "display: none" is the reason for the whole jumpiness as it actually detaches the element from the rendered layout. "visibility: hidden" only makes it transparent while keeping its original box properties (width, height, etc).

[views] Replace poorly named "invisible" class with "list-unstyled" "li.invisible" actually means "hide bullet". Use a reasonable name instead, such as bootstrap's "list-unstyled" class. This patch also changes the DOM element the class is applied to. "li.invisible" had to be enabled on every "li" tag, whereas the "list-unstyled" class only needs to be applied to the parent "ul" element.

[views] a 'div' with 'display: inline' screams 'span' (grafted from af6e3db801fcfbd6f562c4a7cfdc89f187042792)

[pkg] remove simplejson dependency We no longer use it, the stdlib's json module is fine.

Added tag cubicweb-version-3.19.2, cubicweb-debian-version-3.19.2-1, cubicweb-centos-version-3.19.2-1 for changeset 8ac2202866e7

[pkg] Fix version number Note to self: don't phase -p before coffee.

[pkg] 3.19.2

[webtests] finish to give all self.view(....) a req=req parameter

[tests/syncsession] use the new connection api

[webtests/application] remove unused imports

[webtests/application] .user(...) really wants a request object

[tests/datafeed] use the new connection api (a small leftover) Test assertions get indented because of self.session -> scoped cnx.

[entitiestests/base] don't store an entity on the test case Make do with an eid.

[entitiestests/base] use the new connection api

[testlib] use the new connection api

[exttests/rest] use the new connection api

[webtests/bookmarks] use the new connection api

[hookstests/integrity] use the new connection api

[hookstests/base] use connections instead of web requests

[hookstests/base] use the new connection api

[hookstests/syncschema] use the new connection api

[tests/rqlannotation,querier] use the new connection api

[webtests/web] use the new connection api

[webtests/navigation] use the new connection api

[webtests/basetemplates] use the new connection api

[webtests/basecontrollers] use the new connection api

[testlib] deprecate .remote_call and provide new connection api friendly .remote_calling

[webtests/propertysheet] kill an "import *"

[webtests/breadcrumbs] break long lines

[webtests/views_editforms] use the new connection api

[webtests/urlrewrite] do not store a plain entity on the test, only an eid

[webtests/urlrewrite] use the new connection api

[webtests/urlpublisher] use the new connection api

[webtests/baseviews] use the new connection api

[devtools/testlib,fill] use the new connection api (for auto_populate) Note that this changes API of CubicWebTC's custom_populate and post_populate methods to take a connection instead of a cursor, which may affect some cubes.

[webtests/automatic views tests] use the new connection api

[devtools/repotest] simplify a very small helper

[tests/repotest] use the new connection api

[tests/querier] use the new connection api (part 3/3) Some adaptations to devtools/repotest: * dead code removal * remove session related code In the tests: * many tests actually don't check the querier but some generic rql property -- when such a test needs several statements to complete a commit, switch to session.new_cnx * provide an assertRQLEqual helper

[test/querier] use the new connection api (part 2/3) A couple of tests need a schema constraint to be dropped to pass with `.qexecute`.

[test/querier] use the new connection api (part 1/3) In devtools/repotest, we provide a simple `.qexecute` with autocommit, and we use it (where possible) in unittest_querier. Note that the .session object is a real session, not the magic property found in CubicWebTC test classes.

[dbapi] allow talking to a pre-3.19 remote repository Closes #4071285

[migration] don't add new elements to config._cubes in remove_cube We're expanding dependencies based on the current versions of the cubes, which may well not be the same as the ones known by the db (we're in the middle of an upgrade, after all). Listing them in config._cubes prevents us from calling add_cube() later to actually add them. Closes #4002156

[web test] repair test broken by 0872ac2a1db0 after the above cset, during test instance's url is set before the creation of core entities (ie created at database initialization), hence they have now a valid cwuri.

[dataimport] Drop reference to the 'source' column (closes #4067694). CW 3.19 drops the multi-source support. This column does not exist in 3.19.

[notification] drop on commit sending of message feature of NotificationView It duplicates feature already provided by cw.hooks.notification.notify_on_commit function. Simplify the API on the way.

[datafeed parser] enhance retrieve_url to support POSTing data and custom HTTP headers Closes #3682069

[datafeed parser] fix retrieve_url to always return urllib2.urlopen compatible output as one should expect to be able to call geturl/getcode/info on the returned object whatever the url he gave. Related to #3682069

[datafeed parser] factor out retrieve_url method from DataFeedXMLParser.parse Related to #3682069

[datafeed] Allow to override use_cwuri_as_url in configuration of a datafeed source This is necessary because in some case one will want to write parser which create entities not one-to-one related to entities from the distant source (for instance see the `vcrs` cube which create entities holding statistics for code review, while not importing review entities themselves). Ideally we should provide a way to the parser to indicate the source that cwuri should not be used, but that's a start... Closes #3670210

merge from 3.19 branch

[entity/rset] replace scary warnings about ambiguous rdefs by XXX in the code users can't do anything about that and shouldn't see those warnings.

[web/js] Deprecate baseuri() and replace with BASE_URL (closes #3955372) Added by commit 8bf2337a6f3b and publicly available since 3.11.2 released more than 3 years ago.

[request] Ensure base_url() always has a trailing '/' (closes #3955093) Just as an example, cubicweb.ajax.js is clearly written under the assumption that BASE_URL/baseuri() - which simply contains req.base_url() - has a trailing /.

[schema] spelling fixes in doc strings

[views] a 'div' with 'display: inline' screams 'span'

[views] Rewrite cw.utils.formContents() with jQuery (closes #3747244) Use jQuery's serializeArray() method instead. Just keep a bit of compatibility with FCKEditor...

[web/data] Remove broken backward compatibility function popupLoginBox() was deprecated in favor of cw.htmlhelpers.popupLoginBox() However, the use of cw.utils.deprecatedFunction() is broken. In firebug: >>> popupLoginBox() TypeError: newfunc is undefined cubicweb.js:113 (ligne 13) This function was modified back in 2010, so it's been broken for 4 years. Let's just get rid of it. Closes #4042978

[repoapi] make ClientConnection call RequestSessionBase's init Not calling up means we're missing some attributes, like encoding.

[webtests/views_staticcontrollers] use the new connection api

[webtests/views_selectors] use the new connection api

[webtests/views_json] use the new connection api

[webtests/views_errorform] use the new connection api

[webtests/views_actions] use the new connection api

[webtests/views_xmlrss] use the new connection api

[webtest/pyviews] use the new connection api

[tests/sqlutils] use the new connection api

[tests/postgres] use the new connection api

[tests/repository] use the new connection api (part 2/2) Some notes: * module imports cleanup * the unimplemented `test_transaction_interleaved` is wiped

[repository,tests] use the new connection api (part 1/2) `add_info` should not play with the cnxset nor the mode. Static analysis showed that: * add_info is an internal api called with a non-none cnx.cnxset and also in write mode * only the altered test violated this assumption, which is now somewhat documented

[book] fix various parts of the rql section * syntax error * erroneous query * bad sphinx :func: usage

[repository] session -> cnx renaming (already done in the source object)

[tests/session] remove unused import

[tests/datafeed] use the new connection api

[tests/checkintegrity] use the new connection api * serverctl: the db-check command also uses an internal connection object, which makes more sense in the context of `checkintegrity`. * checkintegrity: rename srvcnx to just cnx (a bit because in the near future, there will be one cnx to rule them all)

[tests/schemaserial] kill star import

[tests/schemaserial] break long lines

[tests/ldap] don't leak sessions

[tests/ldap] use the new connection api

[test/migration] fix crash on execution This assertion is there for unclear reasons. ===================== unittest_migration.py ======================= -> creating tables [====================] -> inserting default user and default groups. -> storing the schema in the database [====================] -> database for instance data initialized. F ====================================================================== FAIL: test_db_creation (unittest_migration.BaseCreationTC) make sure database can be created ---------------------------------------------------------------------- Traceback (most recent call last) File "/home/auc/confs/forges/logilab/common/testlib.py", line 661, in _proceed testfunc(*args, **kwargs) File "/home/auc/confs/forges/cubicweb/test/unittest_migration.py", line 106, in test_db_creation handler.build_db_cache() File "/home/auc/confs/forges/cubicweb/devtools/__init__.py", line 469, in build_db_cache self.init_test_database() File "/home/auc/confs/forges/cubicweb/devtools/__init__.py", line 729, in init_test_database init_repository(self.config, interactive=False) File "/home/auc/confs/forges/cubicweb/server/__init__.py", line 217, in init_repository repo = Repository(config, vreg=vreg) File "/home/auc/confs/forges/cubicweb/server/repository.py", line 197, in __init__ self.init_cnxset_pool() File "/home/auc/confs/forges/cubicweb/server/repository.py", line 220, in init_cnxset_pool config.bootstrap_cubes() File "/home/auc/confs/forges/cubicweb/devtools/__init__.py", line 176, in bootstrap_cubes super(TestServerConfiguration, self).bootstrap_cubes() File "/home/auc/confs/forges/cubicweb/server/serverconfig.py", line 279, in bootstrap_cubes self.init_cubes(self.expand_cubes(splitstrip(line))) File "/home/auc/confs/forges/cubicweb/cwconfig.py", line 1022, in init_cubes super(CubicWebConfiguration, self).init_cubes(cubes) File "/home/auc/confs/forges/cubicweb/cwconfig.py", line 798, in init_cubes assert self._cubes is None, repr(self._cubes) AssertionError: ('card', 'file', 'localperms', 'tag')

[web] Remove unreachable and broken code

[testlib] call init_config once the config has been properly bootstraped This should be done right after repository instantiation and as such involves giving CWTC.init_config as a callback to the test database handler (which will itself gives it to the repository initialization function). This unfortunatly requires to pass the init_config method to the server.init_repository function because it has to be called after the config has been initialized (which is done in Repository.__init__) but before the migration handler is instantiated (which will call 'server_maintainance' hook, hence may require the proper config). Another way to fix this would be to change the initialization sequence, but this is another story. Closes #3749378

[devtools] even better: use a plain Connection (server-side) object for pre_setup The previous commit switched from passing a Session to a ClientConnection. This fixes unittest_ldapsource's pre_setup_database, which relied on a server-side object to get at the repo.

[devtools] pre_setup_database should take a connection object

[tests/migration] use the new connection api

[tests/undo] use the new connection api

[js/ajax] deprecate user-callback support Related to #3567793.

EditRelationMixIn: stop using user_rql_callback Add generic add_relation/delete_relation ajax functions and use those. Related to #3567793

[tests/storage] use the new connection api

[tests/security] use the new connection api

[htmlwidgets] Remove unreachable code

Remove redundant __nonzero__ methods From https://docs.python.org/2/reference/datamodel.html#specialnames : When this method is not defined, __len__() is called, if it is defined, and the object is considered true if its result is nonzero. Also helpful for an eventual migration to py3k, as __nonzero__ has been replaced with __bool__, which also defaults to looking at __len__ if undefined.

[etwist] Remove unused host_prefixed_baseurl()

[basetemplate] Remove misleading comment The <base> tag was removed in commit 8bf2337a6f3b back in 2011.

[tests/security] break lines > 100 chars

[doc/3.19] Mention [gs]et_shared_data deprecation

[hooks] internal_session -> internal_cnx (including a typo)

deprecate get/set_shared_data API Session or transaction data must be used instead. We must forward .transaction_data to web/request from which it was missing (this is indeed a _cw object API). Closes #3799036.

[migration] Stop setting session.data['rebuild-infered'] It's no longer read anywhere since fe267b7336f3 "[migration] always rebuild infered relation"

Import PIL modules from the PIL namespace to be Pillow-compatible Closes #3924726

merge two stable heads

merge 3.18.5 into 3.19 branch

merge 3.17.15 into 3.18 branch

[vreg] fix bad super call to lgc.registry.Registry() Registry() expects a debugmode parameter, ovbiously not a cubicweb config object.

Added tag cubicweb-version-3.18.5, cubicweb-debian-version-3.18.5-1, cubicweb-centos-version-3.18.5-1 for changeset 5071b69b6b0b

[pkg] prepare 3.18.5

[sobjects] update notifications system to 3.19 api

[connection] set language on new Connection for the internal manager For regular users this is handled by _set_user, but for internal connections (e.g. used for notifications) we need something else.

Added tag cubicweb-version-3.19.1, cubicweb-debian-version-3.19.1-1, cubicweb-centos-version-3.19.1-1 for changeset 1fe4bc4a8ac8

[pkg] Add missing data files to MANIFEST Fonts and svg were missing from web/data.

[pkg] prepare 3.19.1

[views] new cubicweb logo (closes #3803681) - add the new CubicWeb logo - use it as a css (background-image) - change the color of the header bar (gradient made with css)

[serverctl] rename 'add-source' to 'source-add' for consistency's sake (closes #3732169)

[test/hook] use the new connection API

[testlib] complete the RepoAccess object (closes #3843614) It was missing the open_session call.

[debian] version cubicweb-bootstrap Breaks Apparently 0.6.x is OK with cw 3.19.

[wsgi] Delete unused instance_uri and get_full_path methods on CubicWebWsgiRequest

[test] drop unused import

[sobjects] silent 3.19 warnings in sobjects/supervising.py

[test] update entities/test/unittest_wfobjs to cw 3.19 api

[test] Add missing import to fix old yams warning

[dataimport, migration] silence find_entities / find_one_entity warning Deprecate associated methods to unify the API

[repo] fix extid2entity to ensure connection's has a cnxset else we'll call source.doexec, which attempt to access to cnxset.cu, and crash in some case (eg unittest_cwxmlparser in sobjects/test). Also, manually switch to 'write' mode to ensure cnxset is not released until commit/rollback when some entity is inserted.

[test] update sobjects/test/unittest_cwxmlparser to cw 3.19 api

[repo] make it clear in internal_cnx that security is disabled as explained in its docstring. It was previously relying on internal connection's fake user (InternalManager) for read security and on disabling security hooks for write security. Using the security_enabled context manager is more readable and more reliable: while the older implementation works thanks to the InternalManager associated to the session, custom hooks should rely on session.[read|write]_security being correctly set. This change also allows selecting Password attributes in internal connections without explicitly disabling read security.

[datafeed] update datafeed internals to use connection instead of session

[test] update sobjects/test/unittest_notification to cw 3.19 api

[test] simplify setup of sobjects/test/unittest_supervising.py

[test] update sobjects/test/unittest_supervising to cw 3.19 api

[test] update sobjects/test/unittest_email to cw 3.19 api

[wsgi] the spec says wsgi.url_scheme *must* be provided No need to be defensive, anything else is a bug in the gateway.

[shell] provide autocompletion for rql queries in cubicweb-ctl shell (closes #3560541) Use the ``rql.suggestions`` component to complete user's input - readline calls the ``complete`` method with user's input, - the ``complete`` method asks for each known completers if it can suggest completions for user's input.

[book] avoid '~' in all-in-one.conf, it is not expanded Closes #3753213

[book] uicfg moved from web to web.views a while ago

[wsgi] look at wsgi.url_scheme to decide if we're on https The server/gateway is supposed to fill it in for us.

[web] Fix HEAD request handling (closes #3677949) Don't special-case HEAD in CubicWebRequestBase.is_client_cache_valid so we don't return garbage. HEAD is supposed to return the actual headers that a GET would return, which we can't do if we bypass all the normal cubicweb logic. In particular, we no longer always return 200, and return the right Content-Length/Content-Type/...

[wsgi] avoid reading the entire request body in memory Import POST form handling code from https://raw.github.com/defnull/multipart/master/multipart.py to avoid reading arbitrary amounts of data from the network in memory. NOTES: - In the twisted case we limit the max request content-length to 100MB (by default), which seems kind of arbitrary, but avoids this issue - werkzeug.formparser has suitable code as well, but I don't know if we want to add it as a dependency

Added tag cubicweb-version-3.17.15, cubicweb-debian-version-3.17.15-1, cubicweb-centos-version-3.17.15-1 for changeset ee413076752b

[pkg] also bump __pkginfo__

[pkg] prepare 3.17.15

[cache] fix a cache issue with an entity created without relation cache prefill Prefilling the relation cache has its benefits sometimes, but for massive imports it may be a memory hog. The caches should be kept coherent even if there was no prefill. Closes #3828155.

[web/test] add a test for some http response codes Related to #3648809

[views] remove reference to the MAPPING_CHECKERS dict (closes #3810219) Was removed by by the changeset 65d93a4fd11c ([multi-sources-removal] Drop pyrorql and zmqrql sources)

[web/ajax] Always return a json dict with a 'reason' key in case of ajax errors Sending sometimes a bare unicode string and sometimes a json-encoded dict seems like a bad idea.

[web/ajax] don't override any status code with 500 in ajax_error_handler If the request produced an error such as Unauthorized or NotFound, core_handle sets an appropriate status_out. Which is then overridden by the ajax error handler.

[web] Add asserts to the raw header conversion functions This API is terrible, but at least this might help us catch some errors in our conversion definitions.

[view] Delete dead(?) code from ReloadableMixIn Nothing seems to ever call user_callback on the Component, only on the request. Related to #3567793

Add a db-statement-timeout option for postgresql sources Use that new option to set the statement_timeout option when creating connections, except for maintenance operations (shell and upgrade). Closes #2547026

[test] use assertNotIsInstance instead of assert_(not isinstance(...))

[services] register_user now returns the new CWUser Closes #3804444

[server/session] remove json dumps around call_service This backouts changeset b151beea9cb6. With call_service being in-process and synchronous, there's no RPC use case.

[req.find] Use vreg.schema.eschema for eschema lookup If an etype is non-existant, using vreg.schema[etype] raises a confusing error complaining about a non-existing relation. This is because of the implementation of vreg.schema.__getitem__ that look first in entities and then in relations. Using directly vreg.schema.eschema restrict the lookup to etypes only, hence raises a meaningful error when the etype does not exist.

[doc] Typo

[formfields] Handle 'placeholder' attribute for text and textarea See #636930. Closes #3406713.

[forms] Add autocomplete attribute for formrenderers If you set form.autocomplete = False, the form renderer in the open form tag will add the html option 'autocomplete=off'. It allows to disable the functionality of some browsers to fill in some forms automatically (for instance a profile with login/password) Closes #3747294

[widget] Addition of EmailInput Simple input widget with type = 'email' Closes #3741921

close branch

Added tag cubicweb-version-3.19.0, cubicweb-debian-version-3.19.0-1, cubicweb-centos-version-3.19.0-1 for changeset 1141927b8494

[debian] set release date

[entity] add a new `cw_linkable_rql` method * the new method returns the entities that are or may be related to the current one by the relation passed as an argument. Closes #3738011.

[schema] fix buggy composite_rdef_roles and associated test it should only look at rdefs involving the considered entity type. Closes #3712982

[doc] update 3.19 release notes

[login form] Fix BaseLogForm.form_action() The method implementation was calling super() with the wrong class

[migration] move 'entities' table changes from 3.19.0 to bootstrap script The 'mtime' and 'source' columns need to go away before we attempt to do anything else with the repo, otherwise any addition of an entity is going to explode.

[server/session] add missing rollback when freeing a db connection When we let go of a cnxset and give it back to the pool, we need to make sure it's not in the middle of a transaction. We got bitten by a migration where the connection used by admin's repo.connect was not rolled back before attempting the migration, causing a deadlock because it had a lock on a table. This could potentially also be an issue for e.g. hooks or looping tasks that didn't explicitly rollback before calling free_cnxset or moving out of a ensure_cnx_set block.

[debian] add Breaks on cubicweb-bootstrap Need to be versioned once we know which version fixes https://www.cubicweb.org/ticket/3728939

Drop duplicated content in ITreeAdapter docstring

an -> a (misc)

an utf-8 -> a utf-8

an URI -> a URI

an unicode string -> a unicode string

an URL -> a URL

Remove a misleading comment about self.render() behavior. The former comment suggested that View.render called with 'row' or 'col' would set cw_row or cw_col, which is not (anymore ?) accurate. Related to #3696871.

[migractions] add sanity check in rename_relation_type If the relation is still present in the fs schema, we probably shouldn't be renaming it (because it's still in use somewhere, possibly in a different cube). Closes #3608172

[dataimport] Add safety belt on "gen_rtype" in MetaGenerator, closes #3712892 Some cubes may well add to the META_RTYPES set, hence crashing the gen_<somecubemeta> call.

[dataimport] Correctly serialize datetime objects in _create_copyfrom_buffer, closes #3712885

[dataimport] Prevent ucsvreader from skipping the first line when ignore_errors is True (closes #3705791)

[dataimport] Avoid double unicode decoding in ucsvreader (closes #3705752)

[doc] Document the user_data dictionnary content

[debian] break old cubicweb-vcsfile We removed call_service's async argument, which it used.