[session] split session creation from default session assignation This is the first step for more independence for Transaction.

[session] make session lock reentrant We are going to use it for other session related business. It is renamed from _closed_lock to _lock in the same move.

[session] document set_tx

[session] rename txstore variable to tx This is a more accurate name

[session] rename `_threaddata` to `_tx` The returned object is a Transaction object.

[session] rename self.__threaddata.txdata to self.__threaddata.tx This is Transaction object now.

[session] rename _tx_data into _txs The object inside are now Transaction object. Not TransactionData object.

[transaction] relocate method building transaction context manager It is in the middle of methods going to be refactored.

[transaction] move RQLRewriter in Transaction This remove the last ``AttributeError`` magic. The ``RQLRewriter`` needs a Session. Its reset is handled in ``Session`` code to handle that

[transaction] initialize security control attribute in Transaction There is no reason to not initialize them in __init__ time. This simplify the Session code.

[session] move security constant out of the class There is no reason for it to not be global. This will ease it use by ``Transaction object``.

[transaction] initialize hook control attribute in Transaction There is no reason to not initialize them in __init__ time. this simplify the transaction code.

[session] Move hook control constants out of the class There is no reason for them to not be global. This will ease they use by Transaction object.

[transaction] initialize transaction data and state related attribute. There is not reason to not explicitly declare and initialize attribute in Transaction.__init__. This change requires the introduction of a Transaction.clear() method to get ride of some wicked ``AttributeError`` based logic.

[transaction] handle ``mode`` default value in Transaction The transaction mode is now explicitly passed at creation time and always read from the Transaction object. Note that there is a slight behavior change. The transaction mode is now set at the creation of the transaction. Changes made to the default value have no longer any effect on existing transaction.

[transaction] explicit Transaction cnxset attribute The Transaction object have a lot more attribute that those previously declared in __init__. They are just dynamically assigned in Session code. This changeset explicit the ``cnxset`` and ``mode`` attribute declaration.

[server] rename TransactionData to Transaction Transaction will become a full featured object.

[doc] update Session documentation A major refactoring of Session/Transaction handling is commit. This is a good occasion to improves the documention.

merge 3.16 fix in default

[devtools] fix a couple issues with xvfb-run xvfb-run didn't quite clean up correctly after itself, because: - dash doesn't run EXIT traps on signals - if we don't run the command in the background, a TERM handler doesn't run until the command exits

[devtools/qunit] don't open-code subprocess.Popen.terminate

[devtools/qunit] get rid of unused variable

[server] *init_repository* lookup the database instead of the schema to drop tables (closes #810743) So, tables are dropped even if the schema was changed. :note: if mssql, drop views before tables. :note: because of table dependencies we try a second drop sequence

[book] remove XXX to an old discussion about appengine

[web publish] in case of error, ensure proper http status is set and Content-disposition header is reseted. Closes #2553066

Add CubicWebRequestBase.content (closes #2742453) This is the body of the HTTP request (stream)

add the match_http_method predicate (closes #2559932) This aim at creating views which are selected on other HTTP methods (PUT, DELETE, ...)

[pkg] the previous commit requires new feature in yams.

add a command to compare db schema and file system schema (closes #464991)

drop typed_eid() in favour of int() (closes #2742462) typed_eid was introduced to abstract the eid type when running on Google AppEngine. It is not used anymore and can be removed. Let's use int() instead.

merge with stable

3.15 is the new old stable

[web] don't link to None in author box (when author has been deleted) (closes #2409855)

dbapi: try to restore compatibility of the connect api with 3.15 A few issues here: - urlparse('foo').scheme is '', not None - cnxprops is an optional argument Regression from 62213a34726e ("[db-api/configuration] simplify db-api and configuration so that all the connection information is in the repository url, closes #2521848") Closes #2754322

3.16 is the new stable After discussion with David Douard I'm merging 3.16.x branches in stable and starting 3.17 feature on default.

Added tag cubicweb-debian-version-3.15.10-1 for changeset feca12e4a618

Added tag cubicweb-version-3.15.10 for changeset 89bdb5444cd2

prepare 3.15.10

Added tag cubicweb-debian-version-3.16.1-1 for changeset 84fbcdc8021c

Added tag cubicweb-version-3.16.1 for changeset d95cbb7349f0

prepare 3.16.1

[views/primary] some inner sections should use the `limit` by default to avoid a denial of service (closes #2719110) Today, it is possible to call .related and get a huge unlimited database-dos-inducing resultset that will be nevertheless limited a bit further in pure python in the `autolimited` view. While we cannot completely avoid potential denial of services such as these we mitigate the problem with the default ui settings: if the inner vid is `autolimited`, then the relation result sets is computed using the user-defined limit. This change respects the semantics of the `autolimited` view and shouldn't break anything.

[entity] ensure the .related(entities=False) parameter is honored all the way down (closes #2755994) As of today, such a call will always fill the relation cache by calling .entities() on every single related rset entry. As a consequence, the `limit` parameter handling also had to be fixed. It was bogus in the following ways: * not used in the related_rql, hence potentially huge database requests, but also actually * foolishly used in the .entities()-calling cache routine we now bypass (this changeset ticket's main topic) Now: * we set a limit on the rql expression, and * forbid caching if given a non-None limit (as we don't want to make the cache handling code more complicated than it is already) With this, entity.unrelated gets a better limit implementation (so the code in related/unrelated is nice and symmetric) Risk: * _cw_relation_cache disappears completely, which is good, but this is Python, so you never know ...

[test/web] fix invisibly bogus test (prepares #2755994) The test was wrong but that was cancelled out by a cache effect and fuzzy naming. Wiping the entity caches restores sanity: the choices list are the same before and after the SET. Also field.choices uses entity.unrelated but always returns related + unrelated elements. Hence `choice` replaces `unrelated` where it makes sense. AssertIn is used in place of AssertTrue.

[cwconfig] Fix exception handling when building the cube dependency graph UnorderableGraph exceptions do not have a 'cycles' property. A simple cast to str does the job.

[merge] backport stable fixes

[test/sobject] fix test regression Was complaining: - * updated comment #EID (#EID) ? ^^^^ + * updated comment #EID (duh?) ? ^^^^ in sobjects/test/unittest_supervising.

[web/request] Prune extraneous 'pageid' from generated ajax URL parameters (closes #2758130) If 'pageid' is given through extraparams, it is sent twice to the browser. On the JS side, the final URL loadxhtml() will end up using will have 'pageid' set twice which CubicWeb will readily accept as a list. Pruning this parameter makes sure it is exactly once.

[web/component] Use global variable to point to ajax controller (part of #2758254)

[web] Use the new '/ajax' URL path to access the AjaxController (closes #2758254) 5a81fa526b30 took care of all the JS code, this patch cleans up the remaining python bits.

[devtools/httptest] fix syntax error introduced by ce5ae7b80d2c

[component] Fix URL generation for navigation component (closes #2464832)

merge with another default heads

Merge stable into default (NON-TRIVIAL) - dropping __future__ statement added by d2472948da9c - added migration from 407acc41beb5 to migration file for 3.16.1

maintain python2.5 compatibility

[schema/workflow] one more typo fix Also add proper migration.

[devtools] add http_publish to CubicWebTC (closes #2565882) Fakes a http request, without overriding the normal error handling. Returns the request object so the caller can check for errors.

[testlib] url_publish should give url to the request and the rset returned by the path evaluator to ctrl_publish. Closes #2557468 Also, url_publish now accepts a `data` argument to simulate POST of values.

[towards py3k] import reduce() from functools (part of #2711624)

merge stable fix into default

[doc] document dbapi.Connection

[c-c shell] fix command description (-P option is gone long ago)

[hooks/syncschema] do not crash when adding a new entity type (closes #2741643) The previous version assumed META_RTYPES provide relation definitions for all entity types.

[views/debug] Do not show all web sessions without CNX, just count them (closes #2602161)

[facets js] use $ instead of jQuery and other small cleanups

[devtools/httptest] allow sending other types of requests besides GET

merge with stable

[ext/rest] fix docstring of rql_role()

[web application] Fix missing self. in error_handler

[ldapfeed] all options of a source should be in the same group, else you get AssertionError on c-c add-source. Closes #2538398

[sources] fix classes that inherit from AbstractSource (closes #2718669)

[login] don't redirect to http url if we allow anonymous on https Closes #2583913

Correct typo in example

[testlib] make test_view load the json data Closes #2721472

[etwist] Properly escape traceback output (closes #2712042) Stop using StringIO in the process as well.

[dbapi] Stop shadowing exceptions in get_repository() (closes #2710515) Exceptions are already handled higher up in the stack so there's no reason to handle them here. Furthermore, non-ConnectionError exceptions would get hidden, making debugging harder.

[cwvreg] complete cw.web.uicfg cleanup callback (closes #2718217) 1dd655788ece introduced insufficient backward compat support When cubes directly import uicfg from cubicweb.web (or uihelper) this also creates a reference in the parent cubicweb.web namespace. This must be cleaned up as reloaded cubes will take back this reference and the old versions of its appobjects.

[book] fix typo. remove spurious `i`

[towards py3k] fix bug introduced by 0bb18407c053

[doc] Book entry for the undo functionnality.

[toward py3k] rewrite has_key() (part of #2711624) The `has_key` method is not in Python3K but dict supports __contains__ check for ages.

[toward py3k] rewrite dict.keys() and dict.values() (part of #2711624) Python 3K will only expose iterators. http://docs.python.org/3.0/whatsnew/3.0.html#views-and-iterators-instead-of-lists

[toward-py3k] rewrite to "except AnException as exc:" (part of #2711624) The older form is not necessary since we dropped python 2.5 compability. This will help Python 3.3 experimentation.

[toward-py3k] remove import with_statement (part of #2711624) They are unneeded since we dropped python 2.5 compatibility. This will help Python 3.3 experimentation.

pkg: drop python 2.5 compatibility (closes #2711624) 2.5 is not common anymore. Dropping compatibility will help moving to a code base compatible with Python 3.3

devtools: improve qunit timeout message Make the message clearer, shorter and properly wrapped.

merge default into stable

[devtools] fix broken windmill test case

Added tag cubicweb-debian-version-3.15.9-1 for changeset 29fbc632a696

Added tag cubicweb-version-3.15.9 for changeset 8bfc0753f1da

Added tag cubicweb-debian-version-3.16.0-1 for changeset 853237d1daf6

Added tag cubicweb-version-3.16.0 for changeset 6c7c2a02c9a0

3.15.9

[ldap test] fix bad merge

[merge] backport stable fixes

[cwctl] fix cubicweb-ctl shell command (closes #2583919) * add an uri parsing utility that documents a bit the uri cubicweb supports out of the box * cwctl: use this utility and refactor a bit for clarity (the novelty here being real support for old style 'myapp', or: * 'inmemory://myapp' * 'pyro://pyro-ns-host:pyro-ns-port/myapp' (pyro access through a pyro concentrator) * 'pyroloc://host:port/pyro-instance-id' (direct access to a pyro repository) * 'zmqpickle-tcp://host:port' * dbapi: refactor to sort out some of the complexity and restore functionality lost in 62213a34726e

[ldap test] move the slapd database directory to a tempdir (closes #2583993) This is required to be sure we are not hurt by NFS or such...

[ldap auth] make sure imported passwords from LDAP are encrypted (closes #2583994) When a user is imported from an LDAP source (in ldapfeed or when converting a user from an ldapsource to system one), we may import a clear-text password, which we do not want to do in our system database.

[ldapfeed] don't crash if one specify an unexisting group in the configuration. Closes #2538399

[doc/ldap] update the ldap chapter wrt the ldapfeed source type (closes #2551863)

prepare 3.16

[doc/3.16] complete description of what changed

[rql sources] uses an URL as remote host address for pyro/zmq rql sources, instead of extra configuration parameters. Follows modification of dbapi.connect api. Closes #2539822

[repo sources] move handling of source's url into abstract source as this becomes shared by most sources prepare #2539822

[db-api] rename repo_connect into _repo_connect to mark it private. Closes #2521848

[repository sources] copy source configuration: source's __init__ modify it while config.sources() return a cached dictionary which shouldn't be modified This causes pb since f8aa87a773b2 (though it's unclear why it hasn't been a problem before). Closes #2521848

cleanup repository connect doc: cnxtype is now deprecated / base_url has never been given that way. Follow #2521848

prefix "tcp://" zmq uris with "zmqpickle" (closes #2574114) * it turns "tcp://" into "zmqpickle-tcp://" * will leave room for future non-pickling communications using zmq

[db-api/configuration] simplify db-api and configuration so that all the connection information is in the repository url, closes #2521848 eg no more specific option of pyro ns host, group, etc. This also fixes broken ZMQ sources. Changes: * dropped pyro-ns-host, pyro-instance-id, pyro-ns-group from client side config, in favor of repository-uri. No migration done, supposing there is **no web-only config** in the wild. Also stop discovering the connection method through the repo_method class attribute of the configuration, varying according to the configuration class. This is a first step on the way to a simpler configuration handling. Notice those pyro options are still available for repository only / all-in-one configurations as they are needed to configure the pyro server. * stop telling connection method using ConnectionProperties, this is so boring. Also, drop _cnxtype from Connection and cnxtype from Session. The former is replaced by a is_repo_in_memory property and the later is totaly useless. * deprecate in_memory_cnx which becomes useless, use _repo_connect instead

[ldap test] ensure slapdd launch went fine and move ldapfeed setUp to parent class, as all ldap sources deal with url

[web/uihelper,uicfg] transform uihelper functions into uicfg objects methods (closes #2543949)

make ui configurations selectable (closes #2406609) * introduce a new 'uicfg' registry (storing instances) * use the relevant new APIs from lgc.registry to manage the new registrable uicfg objects * cw event manager useage is gone; instead thze standard registry reloading mechanism is used * ensure i18n commands still work (devctl) * introduce dynamic uicfgs use whenever possible (various views), even though sometimes the classic 'static' usage remains

[uicfg] uicfg.py moves from web/ to web/views/ (prepares #2406609) We are about to make uicfg selectable. Registrable / selectable views and helpers live in web/views. Hence the move. Backward compat is put in place. However CubicWeb imports of uicfg are updated to the new location.

[appobject] introduce RegistrableObject base class (prepares #2406609)

[cwvreg] introduce lgc version 0.59 and remove unneeded method redefinition (prepares #2406609) The new logilab.common.registry makes this moot.

[BFSS] mark fs_imported value as uncachable This will finally fix the `test_bfss_fs_importing_transparency` pass again. Regression was introduced by 4ba11607d84a

[entity] add a "repo_side" parameter to `_cw_dont_cache_attribute` This parameter (defaulting to `False`) is used to inform cubicweb that we really really do not want to cache a value during creation or update. This will be used by a storage that may do very specific processing on attribute values that result in a stored value different than the provided one (e.g. BFSS `fs_importing` mode).

[merge] backport stable fixes

[entities] fix test failures introduced by fixes in workflow related message strings (completes 9bb93efa1952)

[doc/book/] Corrected typo in en/tutorials/base/customizing-the-application.rst, for the add_cubes function call

[entity,views/json] backout 353bbd17a8b6 (reopens #2559931) Calling .complete() unconditionnally from the json encoder is unsafe since on entity creation validation: * an eid may have been drawn (hence even .has_eid() would not help) while processing form data in the edit controller * a ValidationError may have been raised and the entity-creating transaction rollbacked This leads to a crash on the return path from the validation to the browser, where the json_dumps((status, args, entity)) call will stumble upon the .complete() call which will fail because the entity does not (any more) exist in the database.

[schemas] fix typo

merge with stable

[appobject] cleanup module (prepares #2406609) * remove unused imports * break long lines

[uicfg] remove pre 3.6 bw compat structure (prepares #2406609) This should have been done in a673d1d9a738.

[testlib] test_view now parse json data, closes #2557467

Improve entity json export (closes #2559931) Make output from __json_encode__ predictable; use it in the ejsonexport view.

[web/application/test] drop useless code This is already done in CubicWebTC

[test] precheck initial condition

[packaging] Fix search in squeeze cubicweb-documentation package (closes #2558496) Work around broken combination of jquery 1.4 and sphinx 0.6 in squeeze by patching up doctools.js.

[packaging] don't compress txt files (closes #2558496)

[wf/test] fix tests broken by changes from another patch which have slipped there

[merge] backport stable

[web/test] fix stale reference to the changelog view (closes #2423532)

Added tag cubicweb-debian-version-3.15.8-1 for changeset 4ef457479337

Added tag cubicweb-version-3.15.8 for changeset 459d0c48dfaf

[test] fix possible views test (closes #2544358)

prepare 3.15.8

[ldapfeed] if a deactivated user becomes available again in its source, reactivate it (closes #2542776) * cwusers that see their ldap source counterpart disappear are deactivated * until now they were not activated again on reappearance * note this behaviour in the doc

[ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083) * in ldaputils.py, removal of an unneeded method (checking existence of an object in the ldap, but not using the configuration filters) * in the ldapparser, memoize the (filtered) search so as to serve both .process and .is_deleted * add a non regression test for the 'user-filter' source config entry + deletion

[dataimport] new ignore_errors argument to ucsvreader, default to False. Closes #2547200

[ldapsource] keep python 2.5 compatibility (closes #2541602)

[ldapuser2ldapfeed] .values -> .iteritems (closes #2542872)

[ldap tests] cleanup in preparation of #2542083

[ldapparser] demote warning level (actually important user info can leak there) (prepares #2542083)

Remove changelog view (closes #2423532)

[dataimport] Allow to replace escape char in the create_copyfrom_buffer

[doc] fix function name FTIRANK

[json] enable jsonexport selection on empty rsets (closes #2544358)

[test] fix req default value handling in CubicWebTC.view (closes #2544376) It's no more than the standard ``if rset`` vs. ``if rset is None`` error.

[ajax] fix attribute lookup (closes #2491038)

[server] add debugging for Hooks & Operations (closes #2470048)

[dataimport] Add SQL Store for faster import - works ONLY with Postgres for now, as it requires "copy from" command - closes #2410822 This store will use: - copy from for massive insertions. - execute from for update. The API of this store is similar to the other stores.

[test] swap order in assert of `test_users_and_groups_non_readable_by_guests` unittest2 order is (expected, got), not the opposite. This help test report readbility.

[test] fix server/querier/build_descr1 test. There is no self.transaction of TestCase. I assumed the test writer meant a session. This seems to make the test pass.

[server] make `test_bfss_fs_importing_transparency` less verbose on failure Dumping the whole content of a file on failure is a bit annoying. We only print the bad version here (it's usually the file path).

[entity] drop redundant cache update This ``cw_attr_cache`` update is redundant, ``_cw_update_attr_cache`` already do this step.

[cw-ctl] silence msgcat and msgfmt (closes #2527594)

Added tag cubicweb-debian-version-3.15.7-1 for changeset c5400558f370

Added tag cubicweb-version-3.15.7 for changeset d8916cee7b70

prepare 3.15.7

[migration] fix crash when adding a new meta relation type. Closes #2532483

[ldapfeed] fix connection leak (closes #2532528)

[zmq] add an introductive docstring on ZMQComm

[server config] on quick start, system source is still activated. Closes #2535714

[web] use `inline` `Content-Disposition` by default (closes #2535734) since known time we have been serving static file with a `filename` parameter on the `Content-Disposition` header. But since d74addac92bb we explicitly serve file as attachment if a filename is provided. However this is valid to have `inline` disposition and `filename` parameter. This changeset revert this part of d74addac92bb, going back to `inlined` by default. `IDownloadable` code explicitly request `attachment` content to preserve expected behavior.

[web] allow configuration of the Content-disposition value The `set_content_type` function now takes and optional `disposition` parameter to control the value of this HTTP header. Use of `Content-disposition: inline` with a filename parameter are valid, so the presence of filename does not allows to choose between `attachment` and `inline`

[downloadable] fix filename HTTP header for simple name with space (closes #2535715) Since d74addac92bb, we export simple ascii filename without any encoding in the `filename` parameter of the `Content-Disposition` header. If this name contains space this will fails, the parameter value will be truncated at the space position. (eg. `filename=jungle babar.txt` read as `jungle`) We need to quote the filename to prevent this (eg. `filename="jungle babar.txt"`). Then literal quote and backslash needs to be escaped too. The new escaping is correct according this extensive test case data base: http://greenbytes.de/tech/tc2231/

merge fixes from stable

Added tag cubicweb-debian-version-3.15.6-1 for changeset b05e156b8fe7

Added tag cubicweb-version-3.15.6 for changeset 0163bd9f4880

prepare 3.15.6

[web] add a digital signature to error form (closes #2522526) Simple (and quite weak) implementation of a digital signature of the content to be submited by email in the error report view generated by ErrorView. The signature is a simple hmac hash computed using a secret key (generated at repository startup) and the "secret" form content to be included in the notification email. The controller can then check this content has not been modified or forged by a malicious user.

[web/views] bugfix: the mime type is text/plain, not text/txt (closes #2526345)

[doc] fix of personnal etc directory in book

[web] add a Forbidden exception This is similar to the Unauthorized exception, but generates a 403 error instead of a 401 (Unauthorized)

[web] add a ``anonymize-jsonp-queries`` option in file configuration (closes #2465388) This option controls connection anonymizing before executing any query for CSRF / safety reason.

[downloadable] fix filename in HTTP header (closes #2522325, #2522324) Before this changeset we use the `filename` header with utf8 encoded filename all the time. However RFC6266 says: The parameters "filename" and "filename*" differ only in that "filename*" uses the encoding defined in [RFC5987], allowing the use of characters not present in the ISO-8859-1 character set ([ISO-8859-1]). Therefore, we alter the code to: 1. Use `filename` and `ascii` encoding whenever possible, 2. use `filename*` with `utf8` encoding otherwise (with a filename fallback for old browser) We also switch the `content-disposition` value to attachement if filename is specified, this will result as a mandatory download according to RFC6266. This mandatory download is the expected behavior. We changes the filename encoding to RFC5987 which is simpler, supported by all and modern browser (including IE from version 6) and does not suffer from the continuation issue. (see ticket #2522324 for details)

docstring typo

[facet] make BitFieldFacet allow special 0 value. Closes #2522697

[doc] ubuntu LTS is now Precise Pangolin

backport stable

[server] implement base_url with secure=True (closes #2508638)

[validation api] properly use yams 0.36 validation error api and update message catalog. Follows bbe0d6985e59 the creation of the `translate` method in the 23a10f049447 yams commit.

[wsgi] saner use of `self.config` instead of `config`

[server] fix repository initialisation Changeset d753d6a6798f was breaking database creation. Dropping the `config.creating` clause lead to trying to load the schema from database even in creation mode. Conditional are a bit altered and reordered to prevent this to happen.

[web test] make unittest_viewselectors work if rdflib isn't available

[js/ajax] documentation of 'reload' is missing an argument

[ldapfeed] move docstring to the class instead of the module

[hook] fix hook base class so access to __registries__ doesn't call check_event, only call it in registered callback. Closes #2517748

[startup hook/looping tasks] separated hook for each looping task to ease modification from cubes. Closes #2517096

[ldaputils] should use entity.eid instead of entity on raising ValidationError. closes #2517095

[dbapi] provide get_option_value over DBAPIRequest (closes #2515522)

Added tag cubicweb-debian-version-3.15.5-1 for changeset 19e115ae5442

Added tag cubicweb-version-3.15.5 for changeset b0e086f451b7

prepare 3.15.5

[entity attr cache] mark attribute as uncacheable in the underlying function else we may miss some changes. Also rewrite a storage test currently failing because cache of the entity created by the test transaction, distinct from the entity created internally and given to hooks and all, has its attributes cache not updated. As this doesn't seems a proper usage, rewrite it as expected. Much probably closes #2423719 definitly.

[repository] move modification of appobject_path to repository initialization code so we can restore it later to avoid side effect on the config. Fix regression introduced in d32ab8570e5d

[req / session] drop is_internal_session (buggy) compat on base request by implementing necessary methods on internal manager

[check integrity] use session consistently

[test] use session commit/rollback to be consistent with the test

[merge] reintegrate that black sheep

[ldapparser] utf-8 uri + unicode emailaddr will crash if the later is not properly encoded (closes #2508515)

backporting

backport stable

fix no more running zmq repository test (closes #2500153)

[dbapi] load_appobjects must attempt to load available cubicweb configurations to avoid error when some object use a persistent propery (CWProperty) defined there. Closes #2497697

dummy merge

[ajax] reload function should set 'processing' cursor. Closes #2503899

[misc/scripts] a slightly experimental script to help repair LDAPUser cwusers suffering from split-brainite (closes #2497108)

[views/boxes] re-establish the proper selector (closes #2496294)

[ldapparser] raise specific error if the configuration is wrong (closes #2498164)

[skeleton] add pypi classifiers in __pkginfo__ and setup.py (closes #2502156)

[c-c shell -H] add verbosity=0 so we are not asked to confirm everything, as when not using -H

mock ``CWUser.prefered_language()`` on InternalManager objects. The recent split of patches for session refactoring broke this.

[session] fix arguments default value and promote usage of security_enabled as session method. Closes #2481820 One should use session method rather than direct usage of the context manager of the same name. Fix default argument values for consistency with the context manager: when one omit an argument, meaning is "keep the current value", not "disable security".

[session] promote usage of [deny|all]_all_hooks_but session methods rather than hooks_control context manager directly

[web app] move set of status_out into validation_error_handler to ease readability

[workflow test] don't use session.user, subject to internal changes

[db creation test] more testing of db initialization: call build_db_cache and ensure admin user exists

[source synchronization hooks] Fix/enhance system source hooks They are broken if launched during repository initialization (this was not the case yet, but will be soon...). Add additional checks to ensure one doesn't try to store system source config in the database, as it will be ignored in favor of the "sources" file.

[validation error] refactor validation error handling so translation is done on the web side Users should now use cubicweb.validation_error helper function that will activate the feature with other handy behaviours. Also test testing for message in errors should call exception.tr(unicode) before comparing. Using bare ValidationError keep backward compat.

[repo cleanup] drop code moved to querier by 7e264ce34cd4

[repo cleanup] drop code moved to querier by 7e264ce34cd4

Added tag cubicweb-debian-version-3.15.4-1 for changeset 70cb36c826df

Added tag cubicweb-version-3.15.4 for changeset 63260486de89

[facets] add link 'focus on selection' (closes #525277)

[server/utils] catch ValueError from password verification passlib can raise ValueError when it can't recognized a hash. Treat that as a wrong password.

[test] reindent and use request() rather than bare session this avoid error due to implementation details of session

[repo] fix debug code in DBG_REPO mode (closes #2469942)

[datafeed] properly call hooks for inlined relations on entity creation. Closes #2481156

[sources/native] automatically update passwords using deprecated hashes on login Closes #2465904

[repo pyro] fix previous commit: should not import Pyro in remoterql module/base class, it may be missing

massive copyright update to avoid clutering later patches

minor cleanups/typos

[session / querier] reorganize code to building result set descriptions

[web] search state doesn't need cnx, remove useless test

[schema] rename schema permissions function: session may also be a request, use _cw

[repo initialisation] during repo creation, load all hooks and entities code this simplify code and make it more consistent

[request/session] refactor language handling: don't attempt to sync web/repo languages This decouple thing and make code easier to understand. Previous behaviour was fine w/ validation error that were translated on the server side, but isn't satisfying for notification and all. Now: * translations should be done on the ui side (see previous validation error refactoring) * consistent behaviour: each side (web/repo) is responsible to deal with its request/session of language, no weird interaction between them on this topic * drop on the way the 'session properties' api, used only for that matter. -> much simpler/cleaner/saner api The thing missing being a way for user to tell "My favorite language is xxx but I also want cw to consider my http language header)