[schema/stored procs] fix syntax error (closes #3450362)

Added tag cubicweb-version-3.18.1, cubicweb-debian-version-3.18.1-1, cubicweb-centos-version-3.18.1-1 for changeset 60322cb8636c

[web/data] Update fullcalendar to version 1.6.4 Fixes compat with jquery 1.10 (closes #3445689)

[debian] declare breaks on cubicweb-invoice (closes #3444985) It tries to access a 'state' attribute on an entity without going through the IWorkflowable adapter.

[hooks/security] silence yams warning (closes #3440707) If the rdef is not final, yams will complain.

[migration/3.18] recover from bad CWSource.in_synchronization default value The addition of this attribute in 3.13.8 had default=False, which made no sense, and was fixed in 3.13.9. However no migration was done so apps that ever saw the 3.13.8 code could still have '' as defaultval for this attribute.

[pkg] prepare 3.18.1

[security] Add comment to check_entity_attributes shortcut Make it clear that it is only an optimization. Related to #3444095.

Disable security hooks for internal sessions Fixes semantic change introduced in 96dba2efd16d where internal sessions started to check attribute permissions. Closes #3444095

[migration/3.18] Explicitly delete constraint on defaultval Make sure the SizeConstraint on defaultval is removed, and avoid more unnecessary commits.

[migration/3.18] Idempotency fixes Try to make partially-upgraded instances migrate properly.

[migration/3.18] Fix NameError

[migration/3.18] Add add_permission relation definitions earlier Otherwise sync_schema_props_perms('defaultval') does not work because the later relation is not in schema.

[migration/3.18] Only commit when we did something Avoids countless confirmation prompts. Closes #3438804.

[doc/3.19] fix (mostly) grammar

fix version number: we still target cw 3.19

Fix a couple merge errors

merge 3.18.0 in 3.19 branch

Added tag cubicweb-version-3.18.0, cubicweb-debian-version-3.18.0-1, cubicweb-centos-version-3.18.0-1 for changeset db37bf35a147

[book] drop reference to removed cubicweb.predicates.implements

3.18.0

[i18n] update French and English translations

i18n update

merge stable

[hooks/security] provide attribute "add" permission As of today, the update permission on attributes is checked at entity *creation* time. This forbids using update permissions the proper way. We set it to be checked at entity update time only. We introduce a specific 'add' permission rule for attributes. For backward compatibility, its default value will be the same as the current 'update' permission. Notes: * needs a new yams version (ticket #149216) * introduces two new 'add_permissions' rdefs (attribute - group|rqlexpr) * if the update permission was () and the bw compat kicks in, the rule is not enforced, to avoid un-creatable entity types -- this restriction will be lifted when the bw compat is gone * small internal refactoring on check_entity_attributes * one small pre 3.6.1 bw compat snippet must be removed from schemaserial Closes #2965518.

[server/test] reorganize data/migratedapp/schema.py to allow comparison with data/schema.py Pure reorganization to make it possible to visually compare both schemas.

[schema] move definition of RQLExpression classes before default permission dicts

[server] remove old backwards compat for PropagateSubjectRelation*Hook Those classes were removed from server/hook.py.

[book] replace PropagateSubjectRelation*Hook references PropagateSubjectRelationHook, PropagateSubjectRelationAddHook and PropagateSubjectRelationDelHook were deprecated by PropagateRelationHook, PropagateRelationAddHook, PropagateRelationDelHook respectively in v3.9, and removed in 3.18. Closes #3420672

[doc] update 3.18 release notes

[pkg] bump logilab-common requirement Necessary since 4b3e657d17ab "[source configuration] silent lgc 0.60 deprecation warning"

update jquery to 1.10 (closes #2786674) Includes: * base jquery * jquery.migrate to help for the transition * jquery.ui The jquery.ui.tabs api has slightly changed hance the change in web/views/tabs. The autocompletion widget is slightly adapted to follow an API change and now extends the base functionality in a simpler way.

[notification] Use https url when available in notification view context Closes #3376252.

[req] Return base-url in case https-url is None in base_url() Closes #3376322.

[server/session] fix typo in keep_cnxset_mode docstring

[breadcrumbs] Small breadcrumb components refactoring * use `open_breadcrumbs` and `close_breadcrumbs` methods where applicable in the BreadCrumbEntityVComponent hierarchy * include the first separator related code in `open_breadcrumbs` to avoid code duplication Closes #3223911.

[views/dot] use an inlined svg for schema and workflow graphs These are currently served as "temporary" pngs which are actually consummed immediately. Which means they cannot be requested twice and any further attempt will yield an error in the logs and some end-user surprise. There is no known acceptable workaround for IE-8 (and previous versions). SVGWEB could be workable but it's not trivial to integrate it properly. Closes #3400448.

[release notes] Documents one() and find() addition

[js] noop is undefined in plain javascript (related to #2786674)

[css] drop shadow.gif & use a couple of rules (closes #3381435)

[css] replace old rounded corners hack by css rules Closes #3381426.

[views/templates] provide a modal main template (closes #3274672) The current NonTemplatableViewTemplate may seem to provide the desired feature if a '__notemplate' is provided in the form, unfortunately, it: * wraps the view in a spurious div * calls view.set_stream(), which has the effect of wiping any js/css resource recorded until then by the view, leading to hard-to-track missing resources symptoms

[js/widgets] fix the InOut widget with modern jQuery versions Several things are done there: * reduction in size and complexity of the code * the unused defaultsettings are removed * the initial `unlinked` list is now correctly populated from python-side * the unit test is adjusted because it tested an irrelevant implementation detail which is no longer true (but the widget of course still handles correctly the linkto information) Tested with ie7, ie9, chromium, firefox. Tested with jQuery 1.6 (cw 3.17.x) and 1.10. Closes #3154531.

[autoform] Allow overridding of permissions checks Closes #3063930

[schema] fix unique together index handling We now provide a more compact indexname, using the schema constraint entity type and the position of the columns set in the entity type unique constraints list. This avoids a nasty name truncation issue. The UniqueTogetherError object is made smarter: it computes the rtypes, abstracting the underlying backend (pg/sqlserver vs sqlite). The `user friendly` adapter is much simplified since there is no longer any truncation issue. Uses a new logilab.database version (ticket #151507) and a new yams version (ticket #189299) Closes #2514939 [jcr: disable hooks when temporarily dropping CWUniqueTogetherConstraint entities]

[pyrorql] deprecate pyrorql source (closes #2919299)

[web/facet] do NOT drop offset/limit of the base rql (closes #3344579)

[webctl] Generate static data directory on upgrade (closes #2167873) - if the folder already exists, ``upgrade`` asks for deletion, - add an option (``generate-staticdir``) to allow skipping this task. - add an option (``staticdir-path``) to specify the static data folder path. The ``gen-static-datadir`` command allows to specify the target folder but there is otherwise no way to retrieve this information during upgrade.