Julien Cristau <julien.cristau@logilab.fr> [Mon, 15 Sep 2014 10:06:07 +0200] rev 9996
[server] hold connection to the db in tx_actions
We can be called without a cnxset (e.g. from repoapi).
Christophe de Vienne <christophe@unlish.com> [Mon, 15 Sep 2014 17:23:22 +0200] rev 9995
[wsgi] If multipart cannot parse the POST content, let it pass.
multipart can only parse html form data. It the content_type is, for example,
"application/json", get_posted_data should not fail but just stop trying to
read the content.
Closes #4421845
Rémi Cardona <remi.cardona@logilab.fr> [Mon, 01 Sep 2014 14:56:00 +0200] rev 9994
[devtools] Fix JS tests' HTML code
Rémi Cardona <remi.cardona@logilab.fr> [Mon, 01 Sep 2014 10:22:46 +0200] rev 9993
[devtools] "Keep" some temporary files/dirs around to help with debugging
The whole QUnitTestCase runs with an @with_tempdir so it's redundant
anyway.
Rémi Cardona <remi.cardona@logilab.fr> [Fri, 01 Aug 2014 19:28:44 +0200] rev 9992
[devtools] Fix Firefox launcher in QUnitTestCase (closes #4294727)
The main changes are:
- stop creating the profile, firefox will create it
- point firefox to a profile directory instead of giving it a profile name
(this has the added bonus of not polluting the user's profile list)
- start firefox once and kill it 5 seconds later to let it finish its profile
creation (along with system-wide extensions setup)
Rémi Cardona <remi.cardona@logilab.fr> [Thu, 25 Sep 2014 17:38:51 +0200] rev 9991
[devtools] allow cross-origin requests for qunit
We have a mix of file:// html and http:// ajax calls. Which we should
at some point fix to all be http, but. Related to #4294727.
Julien Cristau <julien.cristau@logilab.fr> [Thu, 25 Sep 2014 15:49:13 +0200] rev 9990
merge 3.19.4 in 3.20 branch
Christophe de Vienne <christophe@unlish.com> [Mon, 15 Sep 2014 17:24:18 +0200] rev 9989
[cors] Fix CORS headers generators
The Access-Control-Allow-* and Access-Control-Expose-Headers are response
headers, not request headers.
Hence, we need generators for them. Closes #4412575.
Christophe de Vienne <christophe@unlish.com> [Tue, 09 Sep 2014 22:14:20 +0200] rev 9988
[wsgi] Fix posted files filename reading
The filenames are parsed by multipart.parse_form_data, which does the unicode
decoding. Trying to re-decode the filename was leading to an error.
Christophe de Vienne <christophe@unlish.com> [Tue, 23 Sep 2014 11:18:56 +0200] rev 9987
[pkg] Depend on Pillow instead of PIL
The Pillow library is becoming the de-facto replacement for PIL.
It also is way simpler to install with pip than PIL.
Closes #4411354.
Julien Cristau <julien.cristau@logilab.fr> [Thu, 25 Sep 2014 14:42:00 +0200] rev 9986
Added tag cubicweb-version-3.19.4, cubicweb-debian-version-3.19.4-1, cubicweb-centos-version-3.19.4-1 for changeset c4e740e50fc7
Julien Cristau <julien.cristau@logilab.fr> [Thu, 25 Sep 2014 14:24:20 +0200] rev 9985
[pkg] 3.19.4
Julien Cristau <julien.cristau@logilab.fr> [Wed, 24 Sep 2014 18:04:30 +0200] rev 9984
merge 3.18.6 into 3.19
Julien Cristau <julien.cristau@logilab.fr> [Wed, 24 Sep 2014 17:35:59 +0200] rev 9983
Added tag cubicweb-version-3.18.6, cubicweb-debian-version-3.18.6-1, cubicweb-centos-version-3.18.6-1 for changeset d91501356742
Julien Cristau <julien.cristau@logilab.fr> [Wed, 24 Sep 2014 15:08:44 +0200] rev 9982
[pkg] 3.18.6
Aurelien Campeas <aurelien.campeas@logilab.fr> [Tue, 28 Jan 2014 15:27:59 +0100] rev 9981
[hooks/security] allow edition of attributes with permissive permissions
If an attribute has more permissive security rules than the entity
type itself, we should be green and not deny action because of an
early global entity permission check (with the more restrictive
rules).
Only if one attribute with the entity-level permission rules is edited
will the global check be performed.
Note:
* the "if action == 'delete'" check at the entry of
check_entity_attributes is a guard for a condition currently not
happening in cubicweb itself (but application hooks could
conceivably call this function with a 'delete' action)
Closes #3489895.