[qunit] remove unused 'data_files' parameter Its use was removed when we stoppped pointing firefox at file:// web/test/jstests/ajax_url2.html has never actually been used, it's only been ever mentioned in a QUnit comment.

[urlpublish] RESTPathEvaluator now use vid_from_rset This avoid cases where vid may be unexpectedly overwritten. For instance when you define a custom vid for a mime type in VID_BY_MIMETYPE, it will currently be overriden by the URL publisher when you access to /<etype> with the proper Accept header. To do so, a new 'check_table' argument is introduced, which may cause bw compatibility problems if the function has been monkey-patched. Also pep8 a bit the tests. Closes #5705835

[server/sources] use decode_extid in datafeed

[server/sources] add decode_extid method avoids having the same dance in both eid_type_source variants

[server/repo] kill repo.pinfo() session.cnxset is dead, this can't work.

[web/sessions] simplify session cleanup session.cnx.check() is no longer a thing. It dates back to dbapi.

[server/repo] fix typo

[server/sources] AbstractSource.__ne__ Seems confusing to have __eq__ but not __ne__.

[server/sources] fix docstring for eid_type_source

[views] fix ProcessInformationView: SESSION_MANAGER can be None (closes #5753280) eg. with pyramid.

[server/migractions] drop mock_object It doesn't seem to have ever been used.

[test] kill unused lgc.testlib imports

[server/migractions] raising SystemExit sounds like a bad idea Simply skip the action (rename_relation_type) with an early return.

[server/storage] rename 'session' variables to 'cnx' We no longer deal with Session objects here.

[migration] remove repo_connect and use config.repository() instead One less more redundant path to the repo. Related to #3933480.

[repoapi, cwconfig] give a convenience method to get a repository from a config This is a very common need. The private repoapi._get_inmemory_repo becomes config.repository(...)

[cwconfig] remove unused method Not to be confused with serverconfig.migration_handler.

[captcha] Port to io.BytesIO

[web/sessions] the session managers are definitely not components Component (or AppObjects) take a _cw at __init__ time. The session managers want a repository. Related to #1381328.

[web] the AuthenticationManager is no more an appobject It is now explictly instanciated by the session manager. Related to #1381328.

[hooksmanager] remove very old unused module

[devtools] fix CubicWebTC.assertDocTestFile (closes #5930028)

Added tag 3.21.1, debian/3.21.1-1, centos/3.21.1-1 for changeset a8a0de0298a5

[pkg] Let dh_installdocs deal with doc-base

[pkg] various debian packaging fixes - stop using *.install.in files, just use wildcards in *.install - switch to X-Python-Version (preferred for dh_python2) - also call dh_python2 for /usr/share/cubicweb, not just public modules - drop long obsolete ginco and erudi migration code from cubicweb-ctl.postinst - fix cubicweb-ctl cleanup: purge code belongs in postrm, not prerm - don't compress changelog.html

[pkg] 3.21.1

[web] fix AbstractSessionManager.clean_sessions (closes #5757240) sessions were not closed if "last_usage_time = session.cnx.check()" actually raises an AtributeError.

[migration/3.21] ask fewer questions Several questions per table is just unreasonable.

[server] typo fix

[test] check that we reject an rqlexpression in computed relation perms

Fix (de)serialization of ComputedRelation read permissions For normal relation types, permissions don't need to be stored since they're just default values for the relation definitions. However, computed relations are serialized (as CWComputedRType), while their relation definitions are added at schema finalization time, and are only in memory. So add the 'read_permission' relation to CWComputedRType, and the appropriate hooks to save and restore those permissions. To avoid having to touch yams, we drop the 'add' and 'delete' permissions from the default computed relation permissions; this should probably be backported there. The actual permissions (set on the relation definitions) are hardcoded in finalize_computed_relations anyway. In deserialize_schema, the CWComputedRType handling needs to be delayed a little bit, until after we've called deserialize_ertype_permissions. The rql2sql test is adjusted because CWComputedRType has a 'name' attribute and the 'read_permission' relation, which generates ambiguity vs CWEType. We add an explicit CubicWebRelationSchema.check_permission_definitions, since we need to check both that computed and non-computed rtypes are defined properly. Based on report and initial patch from Christophe de Vienne (thanks!). Closes #5706307

Copy read permissions on ComputedRelation rdefs Closes #5694110