Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr> [Thu, 04 Jul 2013 09:26:59 +0200] rev 9149
[test] typo
Aurelien Campeas <aurelien.campeas@logilab.fr> [Tue, 25 Jun 2013 12:11:42 +0200] rev 9148
[schema,server] add a security debugging aid (closes #2920304)
- Add a DGB_SEC debugging flag (to be used with set_debug/debugged).
- Add a context manager (tunesecurity) to filter security assertions.
Note: this does not address all read-security mecanisms.
Aurelien Campeas <aurelien.campeas@logilab.fr> [Mon, 24 Jun 2013 19:00:40 +0200] rev 9147
[etwist] fix handling of multiple files per field
html5 permits multiple files uploads, which can be expressed as::
<input type='file' multiple='multiple' />
This changeset avoids previous crash. Nothing is changed when a single file is
uploaded (backward compat is thus preserved). When multiple files are uploaded
for a single html input tag, the corresponding web request form key receives a
list of tuples like [('filename-1', IStream1), ('filename-2', IStream2), ...].
closes #2847207.
David Douard <david.douard@logilab.fr> [Tue, 09 Jul 2013 15:58:26 +0200] rev 9146
[merge] start 3.18 development
David Douard <david.douard@logilab.fr> [Tue, 09 Jul 2013 15:11:23 +0200] rev 9145
[pkg] prepare 3.17.3
Julien Cristau <julien.cristau@logilab.fr> [Mon, 08 Jul 2013 20:48:54 +0200] rev 9144
[pkg] Remove obsolete ubuntu hardy packaging
It's been EOL for a while.
Julien Cristau <julien.cristau@logilab.fr> [Mon, 08 Jul 2013 15:24:43 +0200] rev 9143
[book] fix sphinx documentation generation (closes #2991997)
changeset 17994bf95d6a ([doc] update Session documentation) added
cubicweb.server.session.Session autodoc to the book. This caused errors
from sphinx due to a section title not being allowed in the class's
docstring.
David Douard <david.douard@logilab.fr> [Mon, 08 Jul 2013 12:41:08 +0200] rev 9142
[test/ldap] fix ldap tests
- make sure the url is properly updated on database setup (when the test
database already exists and the ldap URI has changed)
- fix the ldapuser test setup process.
David Douard <david.douard@logilab.fr> [Fri, 05 Jul 2013 10:40:57 +0200] rev 9141
[test] fix unittest_schemaserial.py
A spurious add permission has been added in expected result by d988eec2d5d3
David Douard <david.douard@logilab.fr> [Fri, 05 Jul 2013 10:35:14 +0200] rev 9140
[test] make unittest_schemaserial.py runnable with python
used to run fine only when launched using pytest
Sylvain Thénault <sylvain.thenault@logilab.fr> [Mon, 08 Jul 2013 17:38:10 +0200] rev 9139
[facet] use facet name as input name for text widget (eg has_text)
we need to ba able to distinguish between text-inputs so we can write
a widget for a single facet that uses more than one text input.
This fix consists in the diff in cubicweb.facts.js; modifications in
facet.py result from this former.
Sylvain Thénault <sylvain.thenault@logilab.fr> [Tue, 02 Jul 2013 09:36:20 +0200] rev 9138
[web doctype] don't give through reset_xmldecl to avoid double deprecation warning
Sylvain Thénault <sylvain.thenault@logilab.fr> [Tue, 02 Jul 2013 09:35:58 +0200] rev 9137
[web doctype test] don't give reset_xmldecl to avoid deprecation warning
Pierre-Yves David <pierre-yves.david@logilab.fr> [Wed, 03 Jul 2013 14:52:10 +0200] rev 9136
[devtool] randomise available ports search in http test
This lowers the chance of parallel tests to race for the same port.
Katia Saurfelt <katia.saurfelt@logilab.fr> [Wed, 03 Jul 2013 14:48:34 +0200] rev 9135
[facet] don't crash if no title specified on a facet and filtered rset is empty. Closes #2587883
Katia Saurfelt <katia.saurfelt@logilab.fr> [Wed, 03 Jul 2013 14:43:21 +0200] rev 9134
[css, html] add a css_class attribute on Button, allowing to change easily default CSS class for buttons
(think orbui integration)
Katia Saurfelt <katia.saurfelt@logilab.fr> [Wed, 27 Jun 2012 11:53:46 +0200] rev 9133
[view] add 2 missing spaces before the previous link
Julien Cristau <julien.cristau@logilab.fr> [Wed, 26 Jun 2013 09:35:54 +0200] rev 9132
[server/repository] Go through the repo to close pyro sessions
Turns out session.close() doesn't DTRT.
Julien Cristau <julien.cristau@logilab.fr> [Fri, 31 May 2013 11:13:06 +0200] rev 9131
fix migration from pre-3.13.1 versions (closes #2846978)
Need to check the existence of the asource column before the first call
to eid_type_source.
Aurelien Campeas <aurelien.campeas@logilab.fr> [Wed, 03 Jul 2013 14:33:27 +0200] rev 9130
[constraint] more robust unicity constraint failures reporting for end-users
Postgres or Sqlserver have limits on the index names (around resp. 64
and 128 characters). Because `logilab.database` encodes the `unique
together` constraint rtypes in the index names, we sometimes get
truncated index names, from which it is impossible to retrieve all
rtypes.
In the long run, the way such index are named should be changed.
In the short term, we try to reduce the end-user confusion resulting
from this design flaw:
* in source/native, the regex filtering ``IntegrityError`` message does
not impose an `_idx` suffix, which indeed may be absent (the result being an
UI message that resembles a catastrophic failure),
* also we avoid including a trailing " (double quote) from the error
message
* in entities/adapters, the well-named ``IUserFriendly`` adapter is made a
bit smarter about how to handle missing rtypes.
* the adapter also always produces a global message explaining the
issue (and the fact that sometimes, the user is not shown all the
relevant info)
* i18n is updated
Closes #2793789
Aurelien Campeas <aurelien.campeas@logilab.fr> [Wed, 03 Jul 2013 14:16:21 +0200] rev 9129
[hooks/security] Streamline attributes default permission check.
The current default permission on attributes delegates the check to
the entity permission update policy.
Since this is already checked it can be skipped.
The equality comparison will work, even with a deserialized schema,
because the default update perm is::
('managers', ERQLExpression(Any X WHERE U has_update_permission X, X eid %(x)s, U eid %(u)s))
which will always be deserialized in this order (groups first).
However this is a slight semantic change: entity type level 'update'
permissions can now be effectively used to encode update-time rules if
the default attribute permissions are used (before this change, the
'update' rules at entity type level were fired at creation time).
Closes #2930861.
Aurelien Campeas <aurelien.campeas@logilab.fr> [Wed, 26 Jun 2013 14:22:22 +0200] rev 9128
[test/schemaserial] swap got/expected to get nicer unittest2 diagnostics
Prepares #2965518.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Tue, 02 Jul 2013 17:09:04 +0200] rev 9127
[repository] drop safe attribute on ``internal_cnx``
People that need to disable hook can do it explicitly anyway.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 19:18:54 +0200] rev 9126
[dbapi] deprecated the dbapi
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 19:26:14 +0200] rev 9125
[repoapi] deprecate dbapi compat method
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 19:14:22 +0200] rev 9124
[testlib] deprecated the older api to access the repo.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 19:09:23 +0200] rev 9123
[connection] deprecated free_cnset and set_cnxset
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 19:02:06 +0200] rev 9122
[session] deprecate all Connection related method on session
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 18:53:06 +0200] rev 9121
[session] drop dead _current_cnx_id
Not used anymore for a few commit.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 18:47:08 +0200] rev 9120
[session] privatise get_cnx and close_cnx
The only user, repoapi now use ``new_cnx``
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 18:14:35 +0200] rev 9119
[doc] add documentation for the new API in test
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 15:28:15 +0200] rev 9118
[testlib] add an default testcase.adminaccess (and use it for default session)
This adminaccess is the new offical way to get connection, and request on a
repo.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 18:15:57 +0200] rev 9117
[testlib] introduce a RepoAccess class to easily create connection and request
Each RepoAccess hold a session for a user and three helper function to help
create Connection, ClientConnection of WebRequest related to this session.
related to #2920299
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 15:13:47 +0200] rev 9116
[repoapi] make ClientConnection.__enter__ return self
This allow the standard idiom::
with repoapi.connect(repo, login='babar', passwork='elephant') as cnx:
cnx.execute(…)
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 18:16:06 +0200] rev 9115
[documentation] describe repoapi and web side change.
Short version explaining what object replace what and that BC existes for a few
version.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 12:28:17 +0200] rev 9114
[testlib] use internal_cnx instead of internal_session
internal_session is deprecated.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 14:12:00 +0200] rev 9113
[repository] add an ``internal_cnx`` method to replace ``internal_session``
Accessing the repo through a Session is deprecated. We need an easy replacement
for ``internal_session``.
This API change was a good occasion to stop disabling integrity hook by default.
This is huge source of bug in user-code.
related to #2503918
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 12:02:38 +0200] rev 9112
[connection] enforce that a connection must be open to be used
The same than for ClientConnection, we ensure the connection is used inside a
its context.
.. note:: We may rely on that for ClientConnection and remove de dedicated code
in Client Connection but I prefer the current explicite and duplicated
version for now.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Wed, 26 Jun 2013 15:11:22 +0200] rev 9111
use standalone Connection to Client Connection
Pierre-Yves David <pierre-yves.david@logilab.fr> [Wed, 26 Jun 2013 14:46:24 +0200] rev 9110
[session] add a new_cnx factory
Having user-code importing cubicweb.server.session.Connection is inconvenient.
We add a simple factory fonction on the session.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Wed, 26 Jun 2013 14:26:06 +0200] rev 9109
[connection] allow simple instantiation of standalone Connection
Such connection will automatically pick a connection id. Note, They are not
automatically closed on session close. But they will fails to grab new cnxset
once the session is closed.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Wed, 26 Jun 2013 14:35:55 +0200] rev 9108
[connection] handle and explicitly life cycle on Connection
Like ClientConnection, Connection object need to be explicitly started and stop.
They aims to be used as context manager.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Wed, 26 Jun 2013 14:00:32 +0200] rev 9107
[sesion] distinction between Connection handled by the session and other.
Not mixing the new and backward compat approach seems a good idea. Let's enforce
it.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Wed, 26 Jun 2013 11:58:34 +0200] rev 9106
[session] replace _clear_thread_storage with close_cnx
There is not good reason to keep two distinct method.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Wed, 26 Jun 2013 14:01:07 +0200] rev 9105
[session] explicitly take Connection object in close_cnx
Now that ClientConnection explicitly reference and use the Connection object we
do not need to use connectionid here.
We can safely change this signature, ClientConnection is the only use of
close_cnx for now.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Wed, 26 Jun 2013 11:41:53 +0200] rev 9104
[session] drop the Session._clear_cnx_storage method
It is just cnx.clear() now.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Wed, 26 Jun 2013 11:39:41 +0200] rev 9103
[session] wrap too long line
Too long line is too long.
(Confucius 503 BC)
Pierre-Yves David <pierre-yves.david@logilab.fr> [Wed, 26 Jun 2013 11:39:01 +0200] rev 9102
[session] gather close_cnx with get_cnx and set_cnx
They do the same kind of operation and deserve to be grouped together.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 11:13:18 +0200] rev 9101
[client-connection] remove the _srv_cnx usage
It does not do anything special now that we use explicite Connection object with
automatic cnx_set handling.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 11:04:31 +0200] rev 9100
[client-connection] explicitly check that the client-connection is open
The check is also perform by the _srv_cnx property. But we do not need those
property anymore.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 11:02:30 +0200] rev 9099
[client-connection] handle the lack of connection id while not open
the connection id is computed at opening and forgotten when closing. We can't
rely on it in various messages … like the "connection closed" exception.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Wed, 26 Jun 2013 11:21:39 +0200] rev 9098
[connection] transparent cnx_set handling
Connection object while take cares of there cnxset themself (as dbapi connection
does).
The ``set_cnxset`` and ``free_cnxset`` operation are still available for
backward compatibility purpose. The ``_auto_free_cnx_set`` is introduced to
handle mixed usage.
A new context manager ``connection.ensure_cnx_set`` is added for code that
access ``cnx.cnxset`` directly and are not wrapped in any specific
``Connection`` method.
A ``_with_cnx_set`` decorator is used on all Connection method that need a
cnxset.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 10:44:40 +0200] rev 9097
[client-connection] explicit the client part in __repr__
Now that we have real server side connection we need to remove ambiguity.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Tue, 25 Jun 2013 19:50:16 +0200] rev 9096
[ClientConnection] directly use the Connection object to access the database
Now that Connection are a full featured standalone object we can directly
reference and use it in the ClientConnection instead of using the session.
The session object is kept around for a while to perform various utility role.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Tue, 25 Jun 2013 18:15:45 +0200] rev 9095
[connection] invert __init__ parameter
Takes session first. At some point, the connection_id will become optional for Connection
created explicitly.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Wed, 26 Jun 2013 13:43:22 +0200] rev 9094
[service] enforce that Service argument and return are json-serialisable
The call_service API need to be able to run through RPC. So we ensure front
start that it is possible serialise both input and output.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Tue, 25 Jun 2013 18:04:08 +0200] rev 9093
[connection] move call_service on Connection
This is the last step toward standalone transaction.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 11:21:14 +0200] rev 9092
[connection] move the commit method on Connection object
One step closer of standalone Connection!
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 11:21:09 +0200] rev 9091
[connection] move the rollback method on Connection object
One step closer of standalon Connection.
Pierre-Yves David <pierre-yves.david@logilab.fr> [Thu, 27 Jun 2013 11:20:46 +0200] rev 9090
[connection] pass a Connection object to RQLRewriter
RQLRewriter can now directly use a Connection object. No need for specific
handling session side.