[session] hook control context directly use transaction object when applicable Most of the hooks control logic have been moved on Transaction anyway.

[session] move context manager logic in the hook controls context manager The `init_hooks_mode_categories` and `reset_hooks_mode_categories` have no other user that the context manager itself. Having dedicated public function is not useful.

[session] drop the useless set_hooks_mode method It has not external user and trivial code

[session/transaction] move most undo support into transaction A small part that need repo access has not been moved into transaction yet.

[session] simplify mode property We can delegate very thing to transaction utility

[session/transaction] pass the session object to the Transaction __init__ This simplify access to variables. As we are moving more and more logic and states in the Transaction it will greatly helps in future commit.

[session] use a dedicated class to track cnxset We introduce a new CnxSetTracker to track `cnxset` used by Transaction and allows to wait for them. This new class does not use Thread ID not thread joining to work. This allows to use multiple transaction per thread and a transaction in multiple thread. The class itself is totally threadsafe by the Transaction is still not thread safe. The old _threads_in_transaction attribute is dropped in favor of a new logic based on this object. The registration of cnxset used is not done by the Transaction itself. tx.cnset is a property handling the Consistency of its value with the CnxSetTracker instance. Note: The CnxSetTracker instance only track transaction id, not transaction itself, So not reference cycle are created.

[session] cleanup Transaction.cnxset The attribute should always be there. It is None when not cnxset exists.

[session] drop useless getter and setter for security Those function have very few user and does not anything fancy. Internal user now access tx.read/write_security directly. External user have been blessed with a writable property. They are only interested in the write part of they did not used the return of the removed function. They access it through the session since I prefer the external world to not be aware of Transaction yet.

[session/transaction] move read_security subtlety in transaction This is transaction data, itshould be handled by the transaction itself.

[transaction] initialize dbapi_request in __init__ There is not reason to have it implicitly declared. The attribute is renamed to match its public name.

[whatsnew] notify drop of deprecated code

[web/views] extract cube embed (closes #1916015)

[skeleton] Update debian packaging to support only python 2.6 and up

Drop iprogress code (closes #2777628)

[web/views] extract cube sioc (closes #1916018)

[doc] Add 3.17 release notes

[migration] mark all version prior 3.7 as non-migrable API possible used by such old migration script are not supported in recent Cubiweb. Closes #2772958

[dataimport] drop checkpoint backward compat API Deprecated since 3.7. See #2772958 for details.

[dataimport] drop index support deprecated since 3.7 Dropping of pre-3.7 API decided in #2772958

[utils] drop pre-3.7 compat in util Dropping of API deprecated since 3.7 decided in #2772958

[migration] drop pre-3.7 utility Dropping of API deprecated since 3.7 decided in #2772958

[entity] drop pre-3.7 api on session Dropping of API deprecated since 3.7 decided in #2772958

drop dubious comment

[req] drop pre-3.7 api on request Dropping of API deprecated since 3.7 decided in #2772958

[session] drop pre-3.7 api on session Dropping of API deprecated since 3.7 decided in #2772958

[transaction] use set operation in the hook control code We use direct operator on set instead of looping by hand, This simplify the codes.

[session/transaction] move hook management in transaction itself This is transaction level code.

[session] allow writable tx_attr and use it for commit_state This keep clarifying the code.

[session/transaction] move add operation in session code

[session/transaction] move entity life utility on transaction This access transaction related data and therefor should live in transaction.

[transaction] small simplification in ecache code A single assignation is simpler.

[session/transaction] move entity cache management on session A new utility method is added for that. It is similar to the one used for attribute access. code is copy pasted as his. Function documentation is added.

[session] have a nice helper function to forward access to session This allows a lighter and clearer code. This will also ease the addition of deprecation warning in the future.

[session] drop dead code session._tx is never None. New transaction are created if necessary.

[session] use tx.data directly in session code.

[transaction] rename transaction_data to data Transaction.transaction_data is redundant. A transaction_data property is left for backward compatibility. Deprecation mechanism will come in later changeset

[session] document Session._tx

[session] split session creation from default session assignation This is the first step for more independence for Transaction.

[session] make session lock reentrant We are going to use it for other session related business. It is renamed from _closed_lock to _lock in the same move.

[session] document set_tx

[session] rename txstore variable to tx This is a more accurate name

[session] rename `_threaddata` to `_tx` The returned object is a Transaction object.

[session] rename self.__threaddata.txdata to self.__threaddata.tx This is Transaction object now.

[session] rename _tx_data into _txs The object inside are now Transaction object. Not TransactionData object.

[transaction] relocate method building transaction context manager It is in the middle of methods going to be refactored.

[transaction] move RQLRewriter in Transaction This remove the last ``AttributeError`` magic. The ``RQLRewriter`` needs a Session. Its reset is handled in ``Session`` code to handle that

[transaction] initialize security control attribute in Transaction There is no reason to not initialize them in __init__ time. This simplify the Session code.

[session] move security constant out of the class There is no reason for it to not be global. This will ease it use by ``Transaction object``.

[transaction] initialize hook control attribute in Transaction There is no reason to not initialize them in __init__ time. this simplify the transaction code.

[session] Move hook control constants out of the class There is no reason for them to not be global. This will ease they use by Transaction object.

[transaction] initialize transaction data and state related attribute. There is not reason to not explicitly declare and initialize attribute in Transaction.__init__. This change requires the introduction of a Transaction.clear() method to get ride of some wicked ``AttributeError`` based logic.

[transaction] handle ``mode`` default value in Transaction The transaction mode is now explicitly passed at creation time and always read from the Transaction object. Note that there is a slight behavior change. The transaction mode is now set at the creation of the transaction. Changes made to the default value have no longer any effect on existing transaction.

[transaction] explicit Transaction cnxset attribute The Transaction object have a lot more attribute that those previously declared in __init__. They are just dynamically assigned in Session code. This changeset explicit the ``cnxset`` and ``mode`` attribute declaration.

[server] rename TransactionData to Transaction Transaction will become a full featured object.

[doc] update Session documentation A major refactoring of Session/Transaction handling is commit. This is a good occasion to improves the documention.

merge 3.16 fix in default

[devtools] fix a couple issues with xvfb-run xvfb-run didn't quite clean up correctly after itself, because: - dash doesn't run EXIT traps on signals - if we don't run the command in the background, a TERM handler doesn't run until the command exits

[devtools/qunit] don't open-code subprocess.Popen.terminate

[devtools/qunit] get rid of unused variable

[server] *init_repository* lookup the database instead of the schema to drop tables (closes #810743) So, tables are dropped even if the schema was changed. :note: if mssql, drop views before tables. :note: because of table dependencies we try a second drop sequence

[book] remove XXX to an old discussion about appengine

[web publish] in case of error, ensure proper http status is set and Content-disposition header is reseted. Closes #2553066

Add CubicWebRequestBase.content (closes #2742453) This is the body of the HTTP request (stream)

add the match_http_method predicate (closes #2559932) This aim at creating views which are selected on other HTTP methods (PUT, DELETE, ...)

[pkg] the previous commit requires new feature in yams.

add a command to compare db schema and file system schema (closes #464991)

drop typed_eid() in favour of int() (closes #2742462) typed_eid was introduced to abstract the eid type when running on Google AppEngine. It is not used anymore and can be removed. Let's use int() instead.

merge with stable

3.15 is the new old stable

[web] don't link to None in author box (when author has been deleted) (closes #2409855)

dbapi: try to restore compatibility of the connect api with 3.15 A few issues here: - urlparse('foo').scheme is '', not None - cnxprops is an optional argument Regression from 62213a34726e ("[db-api/configuration] simplify db-api and configuration so that all the connection information is in the repository url, closes #2521848") Closes #2754322

3.16 is the new stable After discussion with David Douard I'm merging 3.16.x branches in stable and starting 3.17 feature on default.

Added tag cubicweb-debian-version-3.15.10-1 for changeset feca12e4a618

Added tag cubicweb-version-3.15.10 for changeset 89bdb5444cd2

prepare 3.15.10

Added tag cubicweb-debian-version-3.16.1-1 for changeset 84fbcdc8021c

Added tag cubicweb-version-3.16.1 for changeset d95cbb7349f0

prepare 3.16.1

[views/primary] some inner sections should use the `limit` by default to avoid a denial of service (closes #2719110) Today, it is possible to call .related and get a huge unlimited database-dos-inducing resultset that will be nevertheless limited a bit further in pure python in the `autolimited` view. While we cannot completely avoid potential denial of services such as these we mitigate the problem with the default ui settings: if the inner vid is `autolimited`, then the relation result sets is computed using the user-defined limit. This change respects the semantics of the `autolimited` view and shouldn't break anything.

[entity] ensure the .related(entities=False) parameter is honored all the way down (closes #2755994) As of today, such a call will always fill the relation cache by calling .entities() on every single related rset entry. As a consequence, the `limit` parameter handling also had to be fixed. It was bogus in the following ways: * not used in the related_rql, hence potentially huge database requests, but also actually * foolishly used in the .entities()-calling cache routine we now bypass (this changeset ticket's main topic) Now: * we set a limit on the rql expression, and * forbid caching if given a non-None limit (as we don't want to make the cache handling code more complicated than it is already) With this, entity.unrelated gets a better limit implementation (so the code in related/unrelated is nice and symmetric) Risk: * _cw_relation_cache disappears completely, which is good, but this is Python, so you never know ...

[test/web] fix invisibly bogus test (prepares #2755994) The test was wrong but that was cancelled out by a cache effect and fuzzy naming. Wiping the entity caches restores sanity: the choices list are the same before and after the SET. Also field.choices uses entity.unrelated but always returns related + unrelated elements. Hence `choice` replaces `unrelated` where it makes sense. AssertIn is used in place of AssertTrue.

[cwconfig] Fix exception handling when building the cube dependency graph UnorderableGraph exceptions do not have a 'cycles' property. A simple cast to str does the job.

[merge] backport stable fixes

[test/sobject] fix test regression Was complaining: - * updated comment #EID (#EID) ? ^^^^ + * updated comment #EID (duh?) ? ^^^^ in sobjects/test/unittest_supervising.

[web/request] Prune extraneous 'pageid' from generated ajax URL parameters (closes #2758130) If 'pageid' is given through extraparams, it is sent twice to the browser. On the JS side, the final URL loadxhtml() will end up using will have 'pageid' set twice which CubicWeb will readily accept as a list. Pruning this parameter makes sure it is exactly once.

[web/component] Use global variable to point to ajax controller (part of #2758254)

[web] Use the new '/ajax' URL path to access the AjaxController (closes #2758254) 5a81fa526b30 took care of all the JS code, this patch cleans up the remaining python bits.

[devtools/httptest] fix syntax error introduced by ce5ae7b80d2c

[component] Fix URL generation for navigation component (closes #2464832)

merge with another default heads

Merge stable into default (NON-TRIVIAL) - dropping __future__ statement added by d2472948da9c - added migration from 407acc41beb5 to migration file for 3.16.1

maintain python2.5 compatibility

[schema/workflow] one more typo fix Also add proper migration.

[devtools] add http_publish to CubicWebTC (closes #2565882) Fakes a http request, without overriding the normal error handling. Returns the request object so the caller can check for errors.

[testlib] url_publish should give url to the request and the rset returned by the path evaluator to ctrl_publish. Closes #2557468 Also, url_publish now accepts a `data` argument to simulate POST of values.