[workflow] fix potential destination for go back transition

[workflow] finish refactoring introduced by 021035b9a7ab for 'go back' transition: * fix SubWorkflowTransition.destination() prototype (must now take an entity as argument) * fix the change state for to give the entity to the transition's destination() method * we need a new method to draw workflow since we've no entity to give and 'go back' transition usually go back to multiple states

deprecate Transition.set_transition_permissions in favor of set_permissions (after all we know we're on a transition entity)

introduce 'go back' transition: transition without destination state will go to the state we were coming from

fix optimisation with super session that may lead to integrity loss at some point I've decided to stop ensuring ?1 cardinality was respected when adding a new relation using a super session, to avoid the cost of the delete query. That was yet discussable because it introduced unexpected difference between execute and unsafe_execute, which is imo not worth it. Also, now that rql() in migration script default to unsafe_execute, we definitly don't want that implicit behaviour change (which already cause bug when for instance adding another default workflow for an entity type: without that fix we end up with *two* default workflows while the schema tells we can have only one. IMO we should go to the direction that super session skip all security check, but nothing else, unless explicitly asked.

[auto/inline forms] reallow nested inline forms #703910

[reledit] fix #713217: reledit doesn't check 'update' permission on attributes

fix dumb name error

cleanup internal forms parameters in postlogin

grmmbl, bad resolve

missed conflict

backport lost stable head

fix sync_schema_props_perms test

fix create_user function introduced in d6ae30c5d055 for database initialization: messup admin user groups when anon is created due to missing restriction

3.6 api update

fix unittest_hooks: attributes have now update_permission instead of [add/delete]_permission

when modifying a persistent schema, erschema may miss some permissions which wil trigger a key error, but we don't want to crash on such cases

fix #694445: related entity generates weird RQL which in turn generates weird SQL which fails on SQL Server quick fix to reuse modification_date if already retreived by the rql query.

fix 4626:c26b4df9fc90 (#703911): use can't rely on peid since it's not an actual eid when we're creating the parent entity

[form fields] nicer behaviour of the password field: don't put internal field value on edition (triggering validation error if one validation without removing the value, due to confirmation mismatch), and don't show the field as required in such case

minor cleanup: don't use builtin 'id' as variable name

[forms/inline] fix #703911: add new link disappears if inline box removed. Since we've the information, we must specify the target type else we get random cardinality on ambiguous relations

this is not the form renderer responsability to check for update permissions. Move this to autoform editable_attributes relation

turn default logging threshold to warning (we usually want them), and log 'no schema for eid' pb using warning instead of error, so we see them in logs but not during migration

pfff, sorry to keep messing with default/stable...

specify db port on backup/restore commands (require forth comming lgc 0.48.1)

move captcha view to a place where it will be loaded by the registry...

backport stable

[security] allow to call .check on rql expression with a user eid specified

[facet] rqlst should be the select node

oops, should have been in my previous commit

fix table view facet retreival, necessary since 95ccd84c892b. Also some cleanup in facet box

Fix: RangeFacet is selected (valid rset) but without any values

fix the bad rqlst syntax tree usage during facets initialization by copying it

[R] dataimport: refine error detection Consider only None as non-expected value after parsing the input file. False is now allowed because of the boolean yesno checker that returns False by default.

added a function to create admin/anon user during db initialization process so one get a chance to monkey patch it

fix unittest_schema, remove deprecation warning

when creating an instance, ask for cubes specific options properly (fix #607349)

avoid loading twice site_cubicweb files on instance creation

oops

[schema security] fix so that when cheking attributes perms for an entity being created, 'owners' and has_*_permission in erqlexpr are considered satisfied

dont add CUBES_DIR to cubes search path if it doesn't exists

fix dumb name error triggering crash when some directory in cubes search path doesn't exist

remove 3.6 deprecation warning

login form style fixes

proper deprecation of TabedPrimaryView

missing call to toolbox in tabbed primary view

use needs_css so you can change login form css without redefining LogFormView

bw compat

backport fixes done accidentaly in default

use class, not klass, in widget.attrs

specify login form dom id, don't render progress div

backport crypto/captcha utilities from the registration cube

use an actual form for the login form ease customization from external cubes (eg rememberme)

add space between a checkbox and its label

ensure cnx is set first (necessary to introduce of a form object to handle the login form)

don't let set_schema making commit_event fail

use constant

fix permission of the condition permission

fix *_permissions schema: using the same cardinality/composite properties for cwgroup/rqlexpr leads to important pbs...

backport stable

DEFAULT_ATTRPERMS is now public

[inlined formos] don't pop attributes from kwargs, so they end-up in cw_extra_kwargs which is then passed to the edition form

[notification] we should use unsafe_execute here

cleanup

[calendar view] fix related to the date_range mess (max value exclusion). Calendar views authors should check if more similar fixes needed

[forms] fix RelationField bug with pending eids (eg inlined forms): we have to override process_form_value to avoid caching when recomputing is needed

[shell] rql() should use unsafe_execute when possible

[autoform] we should consider role when checking delete permission

don't update modification_date in repairing_mode (eg upgrade or shell)

[security] we should save back edited_attributes in case of multiple modification of an entity during the same transaction

tune startup logging

[schema] fix RelationSchema.has_perm to properly works with attribute relations

[schema] refactor/cleanup check_permissions

use a close_form method for consistency w/ open_form and allow overriding

add version info to deprecation warning

remove debug print

follow yams api change: attributes permissions are now defined for an 'update' action, no more 'add' / 'delete' which makes no sense in such case. fix afs.relations_by_section permissions checking of object relation on the way.

fix dumb name error causing error when non managers try to change his properties

fix typo in deprecation warning

remove crappy basket specific code

[views] toolbox must be rendered before the title to appear at top right

[uicfg] make deprecation message easier to understand

[uicfg] allow autoform_section's formtype parameter to be a tuple Typical usage is: afs.tag_attribute(('X', 'y'), formtype=('main', 'muledit'), section='attributes')

merge

branch oldstable

create oldstable branch, remove 3.5 tag

merge 3.6 default/stable

merge 3.5/stable heads

Added tag 3.5 for changeset a0571ff0cb5d

[http cache/json controller] ensure json_view does proper cache validation #390986

merge

typo fix in help string

use subprocess instead of os.popen to run diff this avoids argument quoting issues (spaces in path, etc)

[migration] abort becomes possible when asked for confirmation before migration script

sort on sortvalue, not dc_title to allow customization

merge

fix bug when value is None

Added tag cubicweb-debian-version-3.6.0-1 for changeset 17e88f2485d1

Added tag cubicweb-version-3.6.0 for changeset 5f957e351b0a

added jquery.ui image files

provides a fallback_on_none_attribute field attribute, allowing to specify default value for attributes of *existing* entities

fix match_transition selector: for instance w/ forge version change state form overiding, we want the form with the publication_date selected by the editcontroller, whatever the transition

split introduced in the wrong place

packaging fix: no more test in common (2).

packaging fix: no more test in common. Should remove test from the hooks subpackage in rules for hardy

drop cubicweb-client package (there was only hercule.py inside)

remove ref to hercule.py

cw 3.6, itself

i18nupdate

i18n msg fix

cleanup 2.5 __future__ imports

update translatable docstring

fix test

rephrase

fix auto-rollback on unauthorized error: * don't rollback if a commit is processing * don't free pool on rollback

fix ldap test, our ldap server name has changed

fix name error introduced by bad merging of stable

fix 'click here to see the created entity' link, which may not appear according to language settings

quick fix for typed formfield validation: accept empty string, split