[schema] fix composite deletion handling Do not delete component entities if the composite is not deleted in the same transaction. Deletion semantics are thus: if the composite is deleted, the components are deleted. Closes #3463112.

[schema] add composite handling helpers on EntitySchema (related to #3463112) These will help write predicates, hooks, etc.

[server] Handle unique constraint violations under recent sqlite The error message changed from "columns foo, bar, baz are not unique" to "UNIQUE constraint failed: table.foo, table.bar, table.baz". Closes #3564510

[i18n] update de: 1065 translated messages, 1 fuzzy translation, 259 untranslated messages. en: 656 translated messages, 669 untranslated messages. es: 1325 translated messages. fr: 1314 translated messages, 11 untranslated messages.

[i18n] es.po updated

merge 3.18.x in 3.19 branch

3.18 is stable

[schema] explicitly declare 'add' permissions for a couple attributes

Added tag cubicweb-version-3.17.13, cubicweb-debian-version-3.17.13-1, cubicweb-centos-version-3.17.13-1 for changeset 09b4ebb9b0f1

Added tag cubicweb-version-3.18.3, cubicweb-debian-version-3.18.3-1, cubicweb-centos-version-3.18.3-1 for changeset afd21fea201a

Update translations

[pkg] prepare 3.18.3

merge 3.17.13

[ldapfeed] fix encode error during initial user import Closes #3539196.

[web/data] Ignore disabled widgets in cw.utils.formContents() (closes #3544492) 17.12.1 Disabled controls : http://www.w3.org/TR/REC-html40/interact/forms.html#h-17.12.1 When set, the disabled attribute has the following effects on an element: * Disabled controls do not receive focus. * Disabled controls are skipped in tabbing navigation. * Disabled controls cannot be successful. The third one is the important one. 17.13.2 Successful controls : http://www.w3.org/TR/REC-html40/interact/forms.html#successful-controls A successful control is "valid" for submission. Every successful control has its control name paired with its current value as part of the submitted form data set. Bottom line, disable widgets should not be part of the names and values lists returned by formContents().

[etwist] Fix an empty request content after a Twisted processing (closes #3546795). The content of a POST request could be empty when the Twisted server is used.

[web/data] remove images that aren't used anywhere

[web/data] Add missing images from jquery-ui 1.10.3 Closes #3175933

[web/navigation] use add_onload instead of inline javascript href This way our javascript code isn't thrown out by the html cleaner e.g. when using the rql rest directive and a table view. To make things simpler, we now always use ajax URLs for navigation, even when we would previously have used regular links. Closes #3501626

[web/data] fix treeview regression (closes #3526466) Changeset 68cde7431c2c "[js] remove 3.9 bw compat (where apparently unused)" removed the use of form.callback from loadxhtml, which treeview relied on. Update to add a callback on the loadxhtml return value instead.

backout 8f3e963501e2, which is not ready yet

[pkg] also bump it there

[pkg] prepare 3.17.13

[navigation] use add_onload instead of inline javascript href This way our javascript code isn't thrown out by the html cleaner e.g. when using the rql rest directive and a table view. Closes #3501626

[uilib] allow canvas tags in the html cleaner Used by the iprogress cube. Closes #3524254.

[ajax] use a custom tag to handle dynamically loaded js Using <pre class="script"> makes it trivial for a malicious user to inject arbitrary javascript into a html or rest text element (because it looks innocent to the html sanitizer). Using a custom tag we can be sure that it actually comes from our code and not from untrusted user data. IE ignores custom tags, though, so we put it in its own namespace. https://extranet.logilab.fr/1530578

[dataimport] fix comment

[hooks/security, devtools/fill] silence yams 0.38.0 warnings

Drop 3.13 incomplete backward compat in edit controller. It is very old and broken (there is another non-backward-copmpatible usage of `_cw_entity_fields`), better to remove it instead of fixing. Closes #3515223.

[devtools] force locale to C for postgresql test clusters Avoids initdb failure with e.g. iso8859-X locale and utf-8 encoding.

[rql2sql] remove special behaviour of symmetric relation vs DISTINCT 0542a85fe667 replacing SQL OR by hooks for symmetric relations allows that. This involve a single test value change for a border case: when querying a symmetric relation without specifying the subject nor the object, you may get some duplicated result. IMO this is fine to let the user explicitly use DISTINCT or not and to remove the dedicated handling we had which didn't let any choice. Related to #3259713

Typo in comments and error messages

Fix typo in a setup.py comment

[dataimport, migration] more fixes in the spirit of a6c32edabc8d: [entity, metadata] huuum, use resolvable url as cwuri... And fix existing ones. Closes #3390388

[doc] Fix typo in devrepo/fti

[doc/3.19] Clarify repoapi.get_repository usage Followup for 9a62c52d167e.

[server] use a connection instead of a session for user authentication

Use repoapi instead of dbapi for cwctl shell, upgrade and db-init Hopefully nobody uses dbapi-specific API in their migration scripts. I guess we'll find out.

[server/repo] use internal_cnx in init_sources_from_database

[server/session] avoid spurious warnings from Session.close Add internal non-noisy _rollback method.

[server] rename session to cnx in querier and plan They don't actually need a session, so let's make that clear.

[repo] Use a connection instead of a session for repo.stats()

[repo] Use a connection instead of a session for repo.gc_stats()

[repo] Use a connection instead of a session for repo.get_versions()

[webconfig] get_repository moved to repoapi

[schemaserial] Replace 'cursor' with 'cnx' We don't have cursors in rql, since execute is synchronous.

[book] basic documentation for LDAPfeed

[testlib] Use session.sessionid instead of deprecated session.id

Add data/pgdb to hgignore patterns PostgresTestDataBaseHandler uses it as datadir.

[test] make unittest_postgres pass Use PostgresApptestConfiguration which starts a postgresql cluster locally for the duration of the test.

[devtools] make PostgresTestDataBaseHandler start its own postgresql Don't depend on postgresql already running on the system, or on a static config. To use this, set the configcls attribute of your CubicWebTC-derived test class to PostgresApptestConfiguration. Caveats: - this won't work with several tests running concurrently from the same directory, since each would start its own cluster with a shared data directory and stomp on each other's toes - you need initdb/pg_ctl in $PATH, e.g /usr/lib/postgresql/$version/bin on Debian/Ubuntu systems. Closes #3489631

[web/staticcontrollers] create a unique temporary file for concat handling Predictable names means different processes can race against each other. Let's avoid that and use mkstemp to get a real unique temporary file, and atomically rename it when we're done. Closes #3524182

[server/repo] Use session.sessionid instead of session.id Silences deprecation warning.

[server/session] use _free_cnxset instead of free_cnxset to avoid warnings No need to make DeprecationWarning noise for something the user doesn't have any control over.

[server] Use internal_cnx instead of internal_session in init_repository

[server/session] session.id → session.sessionid The former causes deprecation warnings.

English typography Get rid of extra space before `!' and `?'

[repo] restore python 2.6 compatibility Broken in 12dfce15c8ea.

[server] use internal_cnx instead of internal_session in deserialize_schema

[server/schemaserial] rename cursor argument to cnx cursor is a sql concept it has no meaning for rql.

[repo] Use a connection instead of a session in Repository.properties()

[server/sources] replace references to dbapi with repoapi

[doc/3.19] Make repoapi description match code

[serverctl] remove broken schema-sync command As far as I can tell the migration handler hasn't had a cmd_synchronize_schema method since cubicweb 3.2.0.

[server/session] Fix docstring typo for InternalSession

[book] typo

[server] fix TypeErrors With multisource gone, cnxset.reconnect() doesn't take a source argument. Broken since d62e13eba033.

[notification] use an InternalManager object for notifications if we have an (email, lang) tuple The non-uniform handling of CWUser vs (email, lang) tuple has caused too many bugs; this change mostly unifies the two code paths. Closes #3381521

[req] if a user has a None property, fall back to the default This can happen for InternalManager; the normal CWUser implementation of property_value already has a similar fallback. Related to #3381521

[server] Allow setting an InternalManager's preferred language Related to #3381521

merge 3.18.2 into 3.19 branch

[migration/3.18] protect against attributes in db missing from fsschema Happens if a previous migration forgot a drop_attribute. Closes #3471609

[doc] Update copyright date to 2014 (closes #3463136)

[repoapi] Fix typos in doc strings and comments

[cwxml parser] minor pylint fixes

[devtools] make CubicWebTC.login as admin undo previous logins Fixes things when login is not used as a context manager.

[devtools] fix self.session._cnx vs self.cnx._cnx confusion after self.login Make sure the client connection and the session refer to the same server connection.

[devtools] _orig_cnx does not exist any more (missing change)

[c-c schema] option to show single etype (closes #3404831)

[multi-sources-removal] Drop entities.source column Since we remove federated multi-sources support, the same value ('system') is always stored in this column and so could be removed. Also, cleanup repository caches and a few api where the very same useless information could be removed. Closes #2919300, at last [jcr: restore sanity check of etype against schema in checkintegrity.has_eid]

[repo] pylint cleanup, mainly of imports, with a bit of style

[multi-sources-removal] Drop no more used federated ('true') multi-sources related code Related to #2919300 (almost done!)

[multi-sources-removal] Turn ConnectionsSet into simpler ConnectionWrapper also, SqliteConnectionWrapper becomes a subclass. This is allowed since now ConnectionsSet responsability has been reduced to handling the system source only. This changeset also: * drops useless cnxset_set / check_connection api * deprecates former .source / .connection / container api but it renames neither the session's cnxset attribute, nor the related repository method. Related to #2919300

[multi-sources-removal] Drop cnxset_freed from source interface Though a hack is still needed when using sqlite Related to #2919300

[cnxset] add backwards compat for cnxset.source_cnxs It's used at least in a vcsfile migration script.

[multi-sources-removal] Simplify ConnectionsSet internal structures and public methods since it now handles a connection to the system source only Related to #2919300 [jcr: adjust 3.17.11 migration, fix a number of bugs in new ConnectionsSet implementation, fix source.{open,close}_source_connections]

[ldap] simplify connection handling since we deleted ldapuser source, we don't need anymore the get_connection and ConnectionWrapper stuff (that was used to put the ldap connection into the cnxset). Also, we should simply let connection errors propagate so this is properly reported to import logs.

[ldap] merge cw.server.ldaputils back into ldapfeed source we don't need separated modules since ldapuser source has been removed

[config] cleanup/refactor server sources file values handling * kill former `sources` method, misnamed since we've only the system source configuration in the sources file (and some default admin account information) * introduce new system_source_config and default_admin_config properties to access to the two information in this file Then use one or the other when appropriate

[repoapi] drop get_option_value's foreid argument repoapi was introduced in 3.19, so no need to introduce legacy deprecated stuff at the same time.

[multi-sources-removal] Drop foreid argument of repo.get_option_value It doesn't need it anymore. Related to #2919300

[c-c restore] drop useless restore-all option, and related systemonly argument

[multi-sources-removal] Kill repo.sources there is only the system source in there now! Related to #2919300

[multi-sources-removal] Drop no more necessary scleanup (source cleanup) argument Related to #2919300

[multi-sources-removal] drop source location search on glob_*[entity|relation] methods source is now always the system source Related to #2919300 [jcr: fix wrong rebase in symmetric relation removal]

[server test] simplify data-schemaserial test instance's schema

[multi-sources-removal] Drop (dont_)cross relation related code That was only needed for now deleted 'true' multisources. Related to #2919300 [jcr: also remove it from server/test/data-schemaserial/schema.py]

[multi-sources-removal] Simplify repo.delete_info_multi arguments, uri is no more used Related to #2919300

[multi-sources-removal] Drop deleted_entities system table and entities.mtime column since they were only used by the entities_modified_since api of the repository which has been dropped. Along with them, the multi-sources-etypes configuration variable and some sql queries at modification/deletion time of entities. Bon vent ! Related to #2919300

[multi-sources-removal] drop repository entities_modified_since public api actually only used by pyrorql/zmqrql sources which have been dropped. This will allow to drop a bunch of system meta-data (eg deleted_entities) Related to #2919300

[multi-sources-removal] Drop the "true" multi-sources planner Only keep copy-based sources. This will soon allow for greater code simplification. Related to #2919300

[multi-sources-removal] Drop cw.server.sources.extlite no more used for a while, beside an utility class Related to #2919300

[multi-sources-removal] Move cw.server.sources.ConnectionWrapper where it belongs It's only used by the ldap utilities. Related to #2919300

[multi-sources-removal] Drop pyrorql and zmqrql sources After a few years experementing "true" multi-sources, we're now moving to "copy-based" source à la datafeed. As pyro and zmq sources have no more known customers and the related code is in the way of future refactoring of cubicweb's core, we decided to drop support for those sources without backward compatibility. If you're still using a zmqrql or pyrorql source and you want to upgrade, ask support to move it to datafeed using a pre-3.19 version first. Related to #2919300 (first step)

[web/formfields] Make CompoundField inherit needs_multipart from its subfields If there's a FileField within a CompoundField, the latter will not have the enctype multipart set, even though the FileField needs it. CompoundField should inspect its children fields to determine whether it needs multipart. Closes #3406930.

[wsgi/handler] fix api change from 3.18

[req] deprecate get_cache (closes #3181499)

Added tag cubicweb-version-3.18.2, cubicweb-debian-version-3.18.2-1, cubicweb-centos-version-3.18.2-1 for changeset 6880674c1a26

merge 3.17.12 into 3.18 branch

[editcontroller] fix cardinality computation (closes #3120495)

Added tag cubicweb-version-3.17.12, cubicweb-debian-version-3.17.12-1, cubicweb-centos-version-3.17.12-1 for changeset 838d58a30f7e

[debian] move yams max version to Depends And fix a syntax error and wrong package name in the process.

[pkg] prepare 3.17.12

[web] Fix typo in docstring

[test] remove custom implementation of FakeRequest.header_accept_language() (closes #3375021) ``Accept-Language`` should be overridable just as any other request header. Default value is "nothing" since the application should be able the empty header case.

[adapters] fix a name stomping error (entity) Also give proper name to subject (role, not target), and kill unused variable.

[entities] unconditionnally sanitize the html output of printable_value Closes jpl##49466

[doc] Update the debian stable name to wheezy

[i18n] Fix two typos

fix deprecation info

[web error] exception may not have a 'status' attribute, generating an AttributeError that hides the original error. Closes #3381670

[test api] extract a context manager to temporarily disable app.error_handler monkey patch

[views/workflow/tmppng] fix console crash on nth call to this one-shot view The underlying design issue is not addressed here, only a cosmetic and "we understand and document what's happening" note. Related to #3400448.

[dataimport] The subjtype should be the subject of a relation, not the object, closes #3365113

[testlib] Fix assertMessageEqual assertEqual(msg, msg) had a hard time failing.

[doc] Pass field to value callback in FieldsForm example This avoids a deprecation warning when following the documentation.

[pkg] prepare 3.18.2

[migractions] Don't silently ignore errors when installing sql procedures If we're going to ignore errors, at least be loud about it. sqlexec already wraps the sql execution in a try/except block, so we were never going to catch any exceptions in the caller. Check the return value instead. Closes #3459618.

[schema] execute the new stored procs/funcs at migration time (closes #3450368)

[schema/stored procs] fix syntax error (closes #3450362)

Added tag cubicweb-version-3.18.1, cubicweb-debian-version-3.18.1-1, cubicweb-centos-version-3.18.1-1 for changeset 60322cb8636c

[web/data] Update fullcalendar to version 1.6.4 Fixes compat with jquery 1.10 (closes #3445689)

[debian] declare breaks on cubicweb-invoice (closes #3444985) It tries to access a 'state' attribute on an entity without going through the IWorkflowable adapter.

[hooks/security] silence yams warning (closes #3440707) If the rdef is not final, yams will complain.

[migration/3.18] recover from bad CWSource.in_synchronization default value The addition of this attribute in 3.13.8 had default=False, which made no sense, and was fixed in 3.13.9. However no migration was done so apps that ever saw the 3.13.8 code could still have '' as defaultval for this attribute.

[pkg] prepare 3.18.1

[security] Add comment to check_entity_attributes shortcut Make it clear that it is only an optimization. Related to #3444095.

Disable security hooks for internal sessions Fixes semantic change introduced in 96dba2efd16d where internal sessions started to check attribute permissions. Closes #3444095

[migration/3.18] Explicitly delete constraint on defaultval Make sure the SizeConstraint on defaultval is removed, and avoid more unnecessary commits.

[migration/3.18] Idempotency fixes Try to make partially-upgraded instances migrate properly.

[migration/3.18] Fix NameError

[migration/3.18] Add add_permission relation definitions earlier Otherwise sync_schema_props_perms('defaultval') does not work because the later relation is not in schema.

[migration/3.18] Only commit when we did something Avoids countless confirmation prompts. Closes #3438804.

[doc/3.19] fix (mostly) grammar

fix version number: we still target cw 3.19

Fix a couple merge errors

merge 3.18.0 in 3.19 branch

Added tag cubicweb-version-3.18.0, cubicweb-debian-version-3.18.0-1, cubicweb-centos-version-3.18.0-1 for changeset db37bf35a147

[book] drop reference to removed cubicweb.predicates.implements

3.18.0

[i18n] update French and English translations

i18n update

merge stable

[hooks/security] provide attribute "add" permission As of today, the update permission on attributes is checked at entity *creation* time. This forbids using update permissions the proper way. We set it to be checked at entity update time only. We introduce a specific 'add' permission rule for attributes. For backward compatibility, its default value will be the same as the current 'update' permission. Notes: * needs a new yams version (ticket #149216) * introduces two new 'add_permissions' rdefs (attribute - group|rqlexpr) * if the update permission was () and the bw compat kicks in, the rule is not enforced, to avoid un-creatable entity types -- this restriction will be lifted when the bw compat is gone * small internal refactoring on check_entity_attributes * one small pre 3.6.1 bw compat snippet must be removed from schemaserial Closes #2965518.

[server/test] reorganize data/migratedapp/schema.py to allow comparison with data/schema.py Pure reorganization to make it possible to visually compare both schemas.

[schema] move definition of RQLExpression classes before default permission dicts

[server] remove old backwards compat for PropagateSubjectRelation*Hook Those classes were removed from server/hook.py.

[book] replace PropagateSubjectRelation*Hook references PropagateSubjectRelationHook, PropagateSubjectRelationAddHook and PropagateSubjectRelationDelHook were deprecated by PropagateRelationHook, PropagateRelationAddHook, PropagateRelationDelHook respectively in v3.9, and removed in 3.18. Closes #3420672

[doc] update 3.18 release notes

[pkg] bump logilab-common requirement Necessary since 4b3e657d17ab "[source configuration] silent lgc 0.60 deprecation warning"

update jquery to 1.10 (closes #2786674) Includes: * base jquery * jquery.migrate to help for the transition * jquery.ui The jquery.ui.tabs api has slightly changed hance the change in web/views/tabs. The autocompletion widget is slightly adapted to follow an API change and now extends the base functionality in a simpler way.

[notification] Use https url when available in notification view context Closes #3376252.

[req] Return base-url in case https-url is None in base_url() Closes #3376322.

[server/session] fix typo in keep_cnxset_mode docstring

[breadcrumbs] Small breadcrumb components refactoring * use `open_breadcrumbs` and `close_breadcrumbs` methods where applicable in the BreadCrumbEntityVComponent hierarchy * include the first separator related code in `open_breadcrumbs` to avoid code duplication Closes #3223911.

[views/dot] use an inlined svg for schema and workflow graphs These are currently served as "temporary" pngs which are actually consummed immediately. Which means they cannot be requested twice and any further attempt will yield an error in the logs and some end-user surprise. There is no known acceptable workaround for IE-8 (and previous versions). SVGWEB could be workable but it's not trivial to integrate it properly. Closes #3400448.

[release notes] Documents one() and find() addition

[js] noop is undefined in plain javascript (related to #2786674)

[css] drop shadow.gif & use a couple of rules (closes #3381435)

[css] replace old rounded corners hack by css rules Closes #3381426.

[views/templates] provide a modal main template (closes #3274672) The current NonTemplatableViewTemplate may seem to provide the desired feature if a '__notemplate' is provided in the form, unfortunately, it: * wraps the view in a spurious div * calls view.set_stream(), which has the effect of wiping any js/css resource recorded until then by the view, leading to hard-to-track missing resources symptoms

[js/widgets] fix the InOut widget with modern jQuery versions Several things are done there: * reduction in size and complexity of the code * the unused defaultsettings are removed * the initial `unlinked` list is now correctly populated from python-side * the unit test is adjusted because it tested an irrelevant implementation detail which is no longer true (but the widget of course still handles correctly the linkto information) Tested with ie7, ie9, chromium, firefox. Tested with jQuery 1.6 (cw 3.17.x) and 1.10. Closes #3154531.

[autoform] Allow overridding of permissions checks Closes #3063930

[schema] fix unique together index handling We now provide a more compact indexname, using the schema constraint entity type and the position of the columns set in the entity type unique constraints list. This avoids a nasty name truncation issue. The UniqueTogetherError object is made smarter: it computes the rtypes, abstracting the underlying backend (pg/sqlserver vs sqlite). The `user friendly` adapter is much simplified since there is no longer any truncation issue. Uses a new logilab.database version (ticket #151507) and a new yams version (ticket #189299) Closes #2514939 [jcr: disable hooks when temporarily dropping CWUniqueTogetherConstraint entities]

[pyrorql] deprecate pyrorql source (closes #2919299)

[web/facet] do NOT drop offset/limit of the base rql (closes #3344579)

[webctl] Generate static data directory on upgrade (closes #2167873) - if the folder already exists, ``upgrade`` asks for deletion, - add an option (``generate-staticdir``) to allow skipping this task. - add an option (``staticdir-path``) to specify the static data folder path. The ``gen-static-datadir`` command allows to specify the target folder but there is otherwise no way to retrieve this information during upgrade.

[cwctl] Don't check for old lgc versions Support for check_duplicated_command in CommandLine was added in 2011 for 0.55, and we already depend on 0.59.0.

[migration/3.18] add sanity checks before changing symmetric relations Delete supposedly impossible relations from the db. Related to #3259713.

[migration/3.18] disable all hooks when setting up symmetric relations This operation is semantically a no-op, so it should be invisible for the application. Related to #3259713.

[devtools] bases for instrumenting / debugging standard propagation hooks * a class that helps writing command to check propagation, detecting standard errors and picture the propagation as a graph * a class to instrument sets used to configure standard propagation hooks closes #3171980

instrument cwvreg, so we may know what's being loaded by asking the registry store

set proper PACKAGE information for yams 0.39 Yams 0.39 adds an unobstrusive API to get the package, or cube, defining a part of the schema (entity type, relation type/def). As CubicWeb overrides part of the schema reading process, we have to handle this information on our side so it will be properly set.

[yams] follow yams 0.39 api change introduced by ad95fd2c46de (package attribute on etype/rtype/rdef)

Make the GROUP_CONCAT aggregate function not repeat values (closes #3223975) Work on sets instead of arrays, so if the same value appears twice it's not repeated in the concatenated output. This patch handles the postgresql and sqlite backends, mysql is left alone at this point (seems doable, but I don't have time or motivation to fix and test it).

[mail] allow to specify SMTP's MAIL FROM address to config.sendmails(). Closes #3373620 Also modify testlib.Email so we don't loose this information and may test it.

[mail] format_mail copy/paste fix: we want to test sender-name, not sender-addr

symmetric relations: replace bogus rql2sql translation by a hook The hook ensures X r Y => Y r X iff r is symmetric. The rql-no-hook data importer receives a small amendment but note that: * there exist no test for it * its actual semantics are undefined Hence we cannot prove this hunk breaks nothing, because we cannot prove anything. Closes #3259713.

[migration] fix handling of default value for boolean attributes We can't assert that the old value is 'True' or 'False', because False used to be stored as an empty string in pre-3.18 versions.

[entity/url publishing] fetch_rqlst should use 'is_instance_of' instead of 'is' We usually want to get any subclasses as well (think Training subclass of Workcase). Closes #3210365.

[rewriter] fix latent bug: arbitrary etype may be substituted when using is_instance_of type restriction Note: the test is not deterministic because the bug depends on the iteration order on a set.

[test] drop no more used test data file

[doc] Refer to RsetTableView in EntityTableView docstring instead of TableView

Fix use of vreg.config.anonymous_user() If no anonymous user is declared, anonymous_user() returns 'None, None', not 'None'.

[server] avoid race-condition in timer events With a granularity of one second, there's a good chance calling localtime twice will return the same value. We should consider the event ready immediately if that happens, not wait one second.

[server/pyro] try to shutdown the repository properly If RepositoryServer.trigger_events is not called we might miss a QuitEvent and thus never shutdown the repository and its looping tasks.

[book] remove broken links to web.views.wdoc.ChangeLog{View,Action} ChangeLogView and ChangeLogAction were removed in 3.16.0 (changeset fa044b9157d7, https://www.cubicweb.org/2423532) Closes #3369687

[book] fix Session.{set,free}_cnxset autodoc They're Session methods, not bare functions. Without this building the docs says: reading sources... [ 39%] devrepo/repo/sessions Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/sphinx/ext/autodoc.py", line 326, in import_object obj = self.get_attr(obj, part) File "/usr/lib/pymodules/python2.7/sphinx/ext/autodoc.py", line 232, in get_attr return safe_getattr(obj, name, *defargs) File "/usr/lib/pymodules/python2.7/sphinx/util/inspect.py", line 70, in safe_getattr raise AttributeError(name) AttributeError: set_cnxset Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/sphinx/ext/autodoc.py", line 326, in import_object obj = self.get_attr(obj, part) File "/usr/lib/pymodules/python2.7/sphinx/ext/autodoc.py", line 232, in get_attr return safe_getattr(obj, name, *defargs) File "/usr/lib/pymodules/python2.7/sphinx/util/inspect.py", line 70, in safe_getattr raise AttributeError(name) AttributeError: free_cnxset

cwetype is a *class* property, rename its argument accordingly

typo

[req] New method: RequestSessionBase.find(). This method does what find_entities and find_one_entity did, except it returns the resultset itself. In addition, it accepts 'reverse_' arguments and check that the relations actually exists on the entity before executing the query. Also, reimplement find_one_entity and find_entity based on the new function so they benefit from the more complete implementation, and deprecate them. Note: List of values in kwargs are NOT supported in this initial implementation. Closes #3361290

[rset] New method: ResultSet.one() This method will return exactly one entity while enforcing its existence and unicity. The idea is shamelessly borowed from SQLAlchemy Query.one(). Closes #3352314 [jcr: use len(self) instead of len(self.rows)]

Added tag cubicweb-debian-version-3.17.11-2 for changeset b02e2912cad5

[debian] add lintian override for a false positive

[predicates] allow multiple transition names in on_fire_transition (closes #3013720) Also add a warning about the unimplemented from_state_name argument.

[css] add the entypo font as available ressource (closes #2930356) This provides a standard set of pictograms for use in CubicWeb and cubes. To use a pictogram, the "cubicweb.pictograms.css" must be explicitly loaded (using, e.g. view.add_css(...)).

[skeleton i18n] Add PO-Revision-Date header to make emacs po-mode happy Closes #3276389

[uicfg] give a set_fields_order method to the primary view display control Hence it is nicely symmetrical with the fields kwargs. Closes #2741963.

merge 3.17.11

Added tag cubicweb-centos-version-3.17.11-1, cubicweb-version-3.17.11, cubicweb-debian-version-3.17.11-1 for changeset 7f67db7c848e

prepare 3.17.11

[devtools] write db config through a temporary file Avoids other test processes reading partially written config and exploding in pickle.loads. There are still concurrency issues, presumably with the database itself. Something for another friday.

[server] Add missing indices for undo support (closes #3259691) The tables used by the 'undo' feature were missing some indices, which among other things triggered repeated sequential scans when deleting old transactions.

[sqlutils] fix sqlite group_concat harder (related to #3331906)

[sqlutils] avoid a crash with sqlite when using group_concat (closes #3331906)

[server/initrepo] show failed sql statements and abort if necessary (closes #3308564)

[views/table] use cubicweb.ajax.js for pagination Else we fail in js-land on a "AJAX_PREFIX_URL is not defined". Closes #3329072.

[rset] Fix regression with rset copying (closes #3344410) Don't override passed-in descriptions in ResultSet.__init__, even if they're empty.

[doc] Fix a sample request

[tableview] Don't share column renderers between all instances of a table (closes #3351872)

[tableview] Add some unique element to AbstractColumnRenderer.__str__ (related to #3351872) Otherwise different instances look the same which is confusing.

add failing test case related to #3013554

[web] make sign_text unicode aware, avoid crash with non-ascii chars. Closes #3289774

[doc] Use string debug mode in debugged docstring

[rql2sql] fix relation table scope when some variable from subquery is used. Closes #3252270 While it feels weird to drop this explicit ColumnAlias handling, hg history has no clue on its introduction (prior to rev 0) and no older test case fails without it, so let's drop it.

[cwctl] backout 5d5b3a865eb1, which breaks interactive shell usage

[ReST] Implement a rql-table reST directive. Closes #3252856 allowing to call table or derivated view specify headers / cellvids. Also, rql may be split accross several lines which greatly improve readability.

[server] drop support for antediluvian lgdb versions That API was changed in 2010, before logilab-database was moved out of logilab-common.

[doc/book/security] update description of entity update (Related to #2932033)

[test] test can_use_rest_path directly No need to go through the Entity.rest_path if what we want is to unittest that one function.

[ctl] set proper encoding for sys.stdout/sys.stderr. Closes #1669144

[web] typo in config file comment

[book] Typo and formatting fixes in devrepo/entityclasses/application-logic

[cwctl] Only start the instance after upgrade if it was running before Closes #3207676.

[book] Improve match_rtype selector docstring and "Relation modification related events" section

[book] properly escape backslash

[test] use assertIn / assertIsInstance

update pylint extension to astroid API

Fix example in cw_set method

[merge] incorporate cw 3.17.10 fixes

Added tag cubicweb-centos-version-3.17.10-1, cubicweb-version-3.17.10, cubicweb-debian-version-3.17.10-1 for changeset fe0e1863a137

[pkg] prepare 3.17.10

[web] don't rename resources in gen-static-datadir We should use the result from WebConfiguration.locate_resource to know which file to copy, not what name to copy it to. The destination file should be the name of the resource, as the client will request it. This matters in the case of cubicweb.css which locate_resource might rewrite to cubicweb.old.css. Closes #3206129

[notification] avoid leaking cnxsets (closes #3243810) When sending notifications, we get each recipient as either an email address or a CWUser. In the latter case, we create a temporary session for that user and use it to send the mail. However, if we later decided to not send the mail after all, we'd leak the session and its cnxset. Add a try block inside the loop to make sure the temporary sessions are closed properly.

[book] English fix

[serverctl] complete the schema-diff command with options that will fix & enhance it. Notably: - filter out eids (doesn't make sense for the filesystem schema) - handle permissions, trying to detect the default ones Needs yams #174042. Closes #2996547.

[server] deprecate the old multi-source system It is removed in 3.19. Closes #2919299

[doc] document changed attribute default value storage

defaultval migration for sqlite

[schema] store default attribute values in a Bytes field, allowing python objects as default values Notes: * Binary objects grow two methods * we depend on a newer yams version * the code is quite simplified as a result of the whole change * a very old and nasty bug where bool(default values) evaluating to False not being properly migrated is killed Closes #2414591.

[source/native] fix sqlserver pattern matcher for unique constraints (closes #3227593) The matcher is used to parse the low-level error message and extract meaningful information for the end users. If broken, the users see an alarming and bewildering message. A full & definitive fix is scheduled for CubicWeb 3.18.

[dbapi] Fix broken inmemory:// URLs parsing (closes #3225832) ParseResult.path is what comes after the "domain name" in standard URLs. So in the case of 'inmemory://<instance' URLs, it is always empty. ParseResult.netloc contains the "domain name" part that we really want.

[metadata hook] rename an operation for the sake of readability

[book] Typo fix and rephrasing in devrepo/migration

[cwshell] rename history file to .cwshell_history (erudi is dead, long live cw)

[entity] Entity.related(): add a targettypes argument (closes #2957313) This allows to restrict the entity types returned by the method (passed to cw_related_rql). When such an argument is given, no caching happens.

[source configuration] silent lgc 0.60 deprecation warning

[web] remove action "Got Rhythm" (closes #3093362)

[debian] Break old geocoding It wants cubicweb.interfaces.

[wsgi] remove ages old hack to set base_url Its meaning has been lost in the mist of time.

[wsgi] also provide an example using werkzeug (if available) Related to #3005509.

[wsgi] add the simplest possible wsgi (debug) server This server is able to: * serve on a given port using the stdlib SimpleHTTPServer * run looping tasks Closes #3005509.

[querier/security] instrument a bit the querier read security checks Related to #2920304

[book] Improve PostgreSQL configuration section * Do not advice for specific PostgreSQL version (point to meta-packages if available in Linux distros); * First mention packages from Linux distros, put the link to official postgres documentation at the end; Closes #2725302.

[js] add a selector string escaping function will help use id strings in jquery selector expressions, e.g: "foo.[subject]:42" -> "foo\.\[subject\]\:42" Related to #3154531.

[merge] backport stable fixes

[test/ldapsource] backout 192a748550c7 which broke RQL2LDAPFilterTC

[rset] make sure rset.description is always a list It's more consistent, and avoids pylint warning "Instance of 'tuple' has no 'append' member"

[schema] edit syntax tree instead of playing with strings for RQLExpressions Lets us support more complex expressions involving e.g. "HAVING" clauses. Closes #3202855

[py3k] note about future warning on __eq__ vs __hash__ Closes #3179561.

[formfields] py3k kill future compat warning Related to #3179561.

[entity] do not raise an AssertionError if the kwargs given to set_relations/attributes is empty Regression was introduced in 3.16 with the new cw_set API. Old set_relations and set_attributes methods did not crash on empty kwargs. Closes #3104019.

[packaging] setup.py: don't exclude skeleton/debian/* from being installed Closes #3192725.

[tests/hooks/integrity] kill old and empty skipped test

[server/session] demote log to debug It can pollute the log very fast. Closes #3203391.

[test] use assertCountEqual instead of assertItemsEqual

[server] fix a number of typos, mostly in docstrings

[skeleton] Install cubes README in Debian packages (Closes #3171971)

[debian] Build-Depends on python-unittest2 | python (>= 2.7) Closes #3175895.

[doc] typos and reformulation

[doc] additional documentation about pip install under both Windows and Debian

spelling: rollbacked -> rolled back

Added tag cubicweb-version-3.17.9, cubicweb-debian-version-3.17.9-1 for changeset 5668d210e49c

merge two default heads

[pkg] prepare 3.17.9

Use the list of sources instead of an iterator in update-feeds looping task This prevents RuntimeError due to dictionary size change that may occur (as a result of a new source being added) during iteration. Closes #3155843.

[security] fix dumb attribute error when inserting read security. Closes #3196891 This has gone undetected because of erroneous tests...

[entity] give a default reasonnable __eq__ and __hash__ to Entity Using the eid. Closes #3179560.

[debian] add some Breaks for backwards compatibility removal The person and comment cubes used to import the cubicweb.mixins module. The inlinedit cube relied on String.startsWith in javascript.

[js] remove 3.9 bw compat (where apparently unused) - cubicweb.ajax.js - loadxhtml: form.callback support removal - removal of top-level functions: preprocessAjaxLoad, reloadBox, replacePageChunk, loadxhtml - cubicweb.compat.js: - map is undeprecated (jquery.map being not an acceptable replacement) - removal of noop, contains, findValue, filter, addElementClass, removeElementClass, hasElementClass, KEYS mapping - htmlhelpers.js: use non-deprecated functions cw.urlEncode - cubicweb.js: - removal of startsWith and endsWith monkeypatches - note deprecated but still used stuff (for action) - test_utils.js: use cw.utils.sliceList instead of global function Closes #2782004.

Rename cleanup_interface_sobjects into cleanup_unused_appobjects Interfaces are gone in 3.18 Related to #2782004.

remove cw 3.9 bw compat (bw compat other than the interface -> adapter changes) - cwconfig, doc/admin/setup: docstring adjustment wrt 3.9 & virtualenv - testing/rst: windmill (which is gone from the testing infrastructure) - other docs: "stuff introduced in 3.9" cleanup, as we don't care about the version old features were introduced - server/hooky.py: bw compat for propagation hooks - server/schemaserial.py: pre CWUniqueTogetherConstraint migration support - web.__init__.py: dumps bw import - autoform.py: .action ppty is gone, also deprecate set_action and get_action - baseviews: CSVView.subvid gone long ago, secondary view removal - primary.py: _render_attribute & _render_relation signature change - reledit.py: rvid/default_value bw compat, should_edit_* dropped - webconfig.py: resourcefile is gone - formfields.py: old vocabulary handling - request.py: build_ajax_replace_url, external_resource Related to #2782004.

remove 3.9 bw compat In cw 3.9, interfaces are deprecated and replaced with adapters, yielding a lot of bw compat in many places -- most if this patch is concerned with the interface bw compat - cwvreg: interface cleanup - doc/adapters.rst: interface cleanup - entities/adapters.py, wfobjs.py: interfaces bw compat - entity.py: interfaces bw compat, also get_value, delete, attr_metadata, has_perm, set_related_cache, clear_related_cache, clear_related_cache, related_rql - predicates.py: score_interfaces & implements - interfaces.py & mixins.py: 100% gone - view.py: implement_adapter_compat, unwrap_adapter_compat - calendar.py, editcontroller.py, ibreadcrumbs.py, navigation.py, xmlrss.py: interface bw compat - treeview.py: salvage one function from mixins.py Related to #2782004.

remove 3.8 bw compat - cwconfig: old keys such as depends_cubes and non-dict dependencies - cwctl: fall back to docstring if no short descr, forget 'short_descr' - dbapi: session_data, get_session_data, set_session_data, del_session_data - dbapi & testlib, session: eid_key is gone - migractions: cachekey is gone - doc/datamodel/definition, schemaserial: BoundConstraint -> BoundaryConstraint - formwidgets: separator - primary view: render_entity_metadata Related to #2782004.

[hooks/security] Defer entity permission checks to an Operation. Some of these checks may currently happen twice within the same transaction and be costly. This should be semantically safe. If people rely on some internal transaction ordering to be allowed early (thus pass) while the condition wouldn't be met at precommit time, their application is broken. It however seems unlikely to happen in the real life (tm). Closes #2932033

[schema] drop very old bw compat (pre 3.5.10) Closes #2925085.

[devtools,etwist] rename TwistedConfiguration to WebConfigurationBase (follows #2919310)

remove "twisted" configuration (closes #2919310) This was also known as "web only" instances. Not used in production anywhere today.

merge 3.17.8 into default

Added tag cubicweb-centos-version-3.17.8-1, cubicweb-version-3.17.8, cubicweb-debian-version-3.17.8-1 for changeset 909eb8b584c4

[pkg] prepare 3.17.8

[date picker] revert #ec65ca70aac9 which breaks the date picker (closes #3182844)

[merge] backport 3.17 fixes into the future 3.18

Added tag cubicweb-centos-version-3.17.7-1, cubicweb-version-3.17.7, cubicweb-debian-version-3.17.7-1 for changeset 483181543899

[pkg] prepare 3.17.7

i18n update

fix typos in workflow constraint error messages

[migractions] rschema.final.inlined -> rschema.inlined Closes #3153086.

[server] Make internal sessions not reset 'safe'-ness on first commit Increment the ctx_count when disabling integrity hooks so the next commit/rollback doesn't reset our transaction and magically turn us into a safe session. Closes #3168027

[facets] Correctly replace old 'edit box' HTML on facet-induced page refresh (closes #3161100)

[debian] replace find | xargs rm with find -delete in cube skeleton. Closes #3161797

[debian] don't require (fake)root to run the clean target. Closes #3161797 It works just fine as a normal user.

[debian] Add ${misc:Depends} to cube packaging skeleton. Closes #3161797 Best current practice is to have that in Depends in all packages using debhelper.

[devtools] fix race when creating backupdir If somebody else creates backupdir between our stat() and mkdir() (like, say, another test running in parallel), we shouldn't crash.

[staticcontrollers] Raise Forbidden, not Unauthorized Unauthorized means "log in to get access", as it results in a HTTP 401. Here, the error is pretty much permanent, and returning 401 instead of 403 confuses things terribly. (This seems to be a pretty widespread confusion :/)

[web] allow /data/ url again (closes #2464798) This feature was broken by 65fecbeb9c3a (which fixed another one itself).

[utils] fix typos in make_uid docstring

[c-c i18ncubicweb] fix crash, closes #3096647

[rql2sql] fix bad sql generated when outer joining 'identity' relation and lhs var comes from a subquery. Closes #3099418 The generated SQL was attempting to access table.cw_eid which doesn't exist.

[web] stop using deprecated StatusResponse. Closes #3098215

[deprecation] add (approximate) version number to deprecation message and set proper stacklevel

[schema] fix spurious warning when rqlexpr/constraint mainvars specify a non predefined variable. Closes #3098165

[repository] properly use IUserFriendlyError when UniqueTogetherError is raised during entity update. Closes #3096638

[deprecation] add cw version number to the deprecation message and help user to understand the change

[datafeed] fix crash due to bad http_timeout handling. Closes #3096585

[date picker widgets] properly distinguish DOM id and input name. Closes #3096575

[date picker widgets] use bare jquery expression rather than jqNode

Use return in CnxSetTracker context manager methods Just in case.

[web/views] make PrimaryView.entity_call accept kwargs It's useful when using this view in a different context to have it not crash on random arguments.

[ldapparser] demote some logs from warning to debug (closes #2713671)

[doc] add a what's new file for 3.18

merge stable in default (3.18) branch

Added tag cubicweb-centos-version-3.17.6-1, cubicweb-version-3.17.6, cubicweb-debian-version-3.17.6-1 for changeset 5b9fedf67a29

[pkg] prepare 3.17.6

Do not use cubicweb-card in rest_path tests Card overrides the rest_path method, so it does not make sense to use it in cw tests.

[inlined form field] fix regression introduced in 3.16.4/570208f74a84. Closes #3064653 In the above changeset, we changed ordered entities to be edited according to mandatory inlined constraints, though this leads to unpredictable order in cases where there are no constraint. This leads to case where inlined relation field may think there is no value related to a mandatory relation, while this is simply because there is a value specified but to an entity that will be created later (together with the relation). To fix this, we've to use the fact that the RelationField.process_form_value return None in cases where there is some entity to be created, while an empty set when there are no linked entity. The new no_value() method allows to differentiate between those different notion of 'no-value'.

[testlib] temporary_appobjects should call __registered__ if it exists. Closes #3064075

[entities] properly escape in EmailAddress.printable_value when format is html. Closes #3064025

Added tag cubicweb-version-3.17.5, cubicweb-debian-version-3.17.5-1, cubicweb-centos-version-3.17.5-1 for changeset 15dd5b37998b

[pkg] prepare 3.17.5

[pkg] fix debian packaging (closes #3058542) - remove useless Python 2.4 reference, - simplify dh_install configuration to install files consistently instead of having half in /usr/lib/pythonXX and half in /usr/share/pyshared, - incidentally, this makes the package work on squeeze. Regression from eaa58d1c7d5f

[testing] add missing generate_bigint method to ValueGenerator. Closes #3059327

[rql / querier] fix bad interpretation of some RQL SET query when some neged relation is involved. Closes #3058527.

merge stable in default (3.18) branch

Added tag cubicweb-version-3.17.4, cubicweb-debian-version-3.17.4-1, cubicweb-centos-version-3.17.4-1 for changeset c7ba8e5d2e45

[i18n] cleanup dead code also fix small bug introduced in b0f6e8c14e7f

[i18n test] hack to make i18n tests run using a Python interpreter they used to work fine when executed via pytest only. This should be removed as soon as logilab.common.registry is fixed.

[i18ncube] fix crash due to duplicated messages in generated schema.pot Add a test case and fix regression introduced in e713c47a993d. Relates to #2811282

[i18n test] load_po: fix bug in case of multi-lines msgid and ensure there are no duplicated messages

[i18n test] simplify test cube a bit by only providing a views module, no package

[web] consider inlined relations in has_editable_relation. Closes #3049970 In some cases where the user can only add/edit inlined relations (though actually edit perms of the inlined relation doesn't seem checked), the "modify" action doesn't appear while it should.

[web test] silent 3.13 warning

[editcontrollers] Account for role in the ordering of entities (Complements #3031719) Only role='object' was correctly accounted for by 570208f74a84

[migration.sync_schema_props_perms] ensure all participants to a unique together constraint are there before adding CWUniqueConstraint. Closes #3038345

[session commit] save back exception context to avoid potentiel cluttering if some revert operation raise an exception

[pkg] python-central has been removed from Debian

[pkg] prepare 3.17.4

[pkg] merge centos 3.17.1-2 in stable (prepare 3.17.4)

Added tag cubicweb-centos-version-3.17.1-2 for changeset 965f894b63cb

[rqlrewrite] fix rqlrewrite unpredictability vs relation sharing. Closes #3036144 The relations index used to determine if relation may be shared only considered a single relation node per relation type. So when the same relation type occurs several time, dict order give unpredictable result. We shall properly consider all relations instead. Tentative test case included (but bug reproduction is by definition unpredictable...)

[rqlrewrite] rewrite doesn't need a solutions argument, always use the Select'ones Also, do a copy systematically else it may lead to empty solutions depending on the rewrite path. Test case tentative included in the following changeset.

[rql rewrite] equivalent but much simpler flow

[pkg] Prepare a new RPM release

[pkg] Add log directory to rpm

[repo] normalize ValidationError on edited entity (closes #2509729) In CubicWeb, ValidationError.entity MUST be the eid of the involved entity, not the entity iteself (as done by yams).

[doc] one must now manipulate the req.session.data dict (closes #2842345) instead of deprecated get/set/del_session_data methods.

[datafeed] add a timeout config option (closes #2745677) So a HTTP GET do not hang forever in the datafeed looping task.

[dataimport] ucsvreader should skip empty lines unless specified otherwise. Closes #3035944

[querier] Add timings to debug prints (DBG_RQL) this may ease to spot some problematic queries

[editcontrollers] Ensure entities are created in an order satisfying schema constraints. Closes #3031719 changes below are also necessary to make the whole thing works: * stop considering InlinedFormFile as eidparam field since they don't hold any value * rework 'pendingfields' handling to have separate processing of inlined fields whose subject entity is created during the edition

[editcontroller] extract RQLQuery.set_attribute/set_inlined methods from handle_field/handle_inlined_relation

[editcontroller] req=self._cw makes things easier to read

[facets,js] fix bogus checkbox icon appearing after the first interaction (closes #2790332) This is because of the hardcoding of the data/ url.

fix typos in docstring, doc and comments

[debian] remove workaround for broken sphinx/jquery combination sphinx in squeeze was updated: http://packages.qa.debian.org/s/sphinx/news/20130112T154737Z.html

[schema] mark CWDataImport as an internal type. Closes #3025536

[pkg] remove deprecated dependency on pysqlite2

Fix two crashes in db-check (closes #3024964) Also improves various debugging messages.

[rql rewrite] may_be_shared_with should consider relation's scope (closes #3024730) When a relation's scope is not the current statement, it must not be shared (instead of comparing the statement).

[rql rewrite] fix may_be_shared_with method so that it actually considers all variable infos and not only the first one

[schema/security] add __hash__ to rql expression. Closes #3013535 This is required so that when some rql expression participate to a dictionary key, only the expression is considered (consistent with comparison). This behaviour is expected in security at least, see the related bug for instance. This scramble msplanner unit tests a bit.

[rql rewrite] move some code from querier to rqlrewrite where it makes more sense. Also, make some minor cleanup/refactoring on the way and try to enhance docstrings. Relates to #3013535

Do not compute actions list in TableLayout view when display_actions attribute is unset Closes #3007281

Use the list of cubes from the filesystem when reading the schema from the filesystem Closes #3007259

[migration] when adding a cube, skip infered relations (closes #3005576) Skipped infered relations are recalculated later.

[3.17 migration] when some cube is missing, add_cube raise ConfigurationError, not ImportError. Closes #2981477

[migraction] rename_entity_type simply warn if old entity type isn't in the schema. Closes #3004069

[deprecation] fix uihelper deprecation warning, use the rtag name, not the class, so it may be copy/pasted

[test] makes fti test order-agnostic (closes #3005633)

[web/views/staticcontrollers] Make ConcatFilesHandler write to a tempfile In order to be more resistant to errors such as ENOSPC, and against different threads accessing the same static data, we: - concatenate data files to a temporary file, and rename it once we're done - delete the tempfile in case of errors - protect the creation of the cache_concat file with a lock Closes #3005547

[test] make unittest_schema.py compatible with cubicweb-file 0.14

merge 3.16.6 branch in 3.17

Added tag cubicweb-centos-version-3.16.6-1, cubicweb-debian-version-3.16.6-1, cubicweb-version-3.16.6 for changeset b4ccaf13081d

Prepare 3.16.6

[devctl] properly generate i18n messsages for cubes that uses uicfg instances (closes #2811282)

[test/devctl] add a test case for i18ncube command

Protect against crash in the `relation_possible` predicate with ambiguous relations. It was still possible to get a KeyError when using relations that are ambiguous at both ends, like (Executable, version_of, Program) & (Version, version_of, Project). Closes #3010148.

[test] give a non-ambiguous order to sync_schema assertion (closes #3001959) Sorting by ordernum alone is unstable since several values have the same ordernum. ordernum + name should be stable.

Added tag cubicweb-version-3.17.3, cubicweb-debian-version-3.17.3-1, cubicweb-centos-version-3.17.3-1 for changeset 32b4d5314fd9

[test] typo

[schema,server] add a security debugging aid (closes #2920304) - Add a DGB_SEC debugging flag (to be used with set_debug/debugged). - Add a context manager (tunesecurity) to filter security assertions. Note: this does not address all read-security mecanisms.

[etwist] fix handling of multiple files per field html5 permits multiple files uploads, which can be expressed as:: <input type='file' multiple='multiple' /> This changeset avoids previous crash. Nothing is changed when a single file is uploaded (backward compat is thus preserved). When multiple files are uploaded for a single html input tag, the corresponding web request form key receives a list of tuples like [('filename-1', IStream1), ('filename-2', IStream2), ...]. closes #2847207.

[merge] start 3.18 development

[pkg] prepare 3.17.3

[pkg] Remove obsolete ubuntu hardy packaging It's been EOL for a while.

[book] fix sphinx documentation generation (closes #2991997) changeset 17994bf95d6a ([doc] update Session documentation) added cubicweb.server.session.Session autodoc to the book. This caused errors from sphinx due to a section title not being allowed in the class's docstring.

[test/ldap] fix ldap tests - make sure the url is properly updated on database setup (when the test database already exists and the ldap URI has changed) - fix the ldapuser test setup process.

[test] fix unittest_schemaserial.py A spurious add permission has been added in expected result by d988eec2d5d3

[test] make unittest_schemaserial.py runnable with python used to run fine only when launched using pytest

[facet] use facet name as input name for text widget (eg has_text) we need to ba able to distinguish between text-inputs so we can write a widget for a single facet that uses more than one text input. This fix consists in the diff in cubicweb.facts.js; modifications in facet.py result from this former.

[web doctype] don't give through reset_xmldecl to avoid double deprecation warning

[web doctype test] don't give reset_xmldecl to avoid deprecation warning

[devtool] randomise available ports search in http test This lowers the chance of parallel tests to race for the same port.

[facet] don't crash if no title specified on a facet and filtered rset is empty. Closes #2587883

[css, html] add a css_class attribute on Button, allowing to change easily default CSS class for buttons (think orbui integration)

[view] add 2 missing spaces before the previous link

[server/repository] Go through the repo to close pyro sessions Turns out session.close() doesn't DTRT.

fix migration from pre-3.13.1 versions (closes #2846978) Need to check the existence of the asource column before the first call to eid_type_source.

[constraint] more robust unicity constraint failures reporting for end-users Postgres or Sqlserver have limits on the index names (around resp. 64 and 128 characters). Because `logilab.database` encodes the `unique together` constraint rtypes in the index names, we sometimes get truncated index names, from which it is impossible to retrieve all rtypes. In the long run, the way such index are named should be changed. In the short term, we try to reduce the end-user confusion resulting from this design flaw: * in source/native, the regex filtering ``IntegrityError`` message does not impose an `_idx` suffix, which indeed may be absent (the result being an UI message that resembles a catastrophic failure), * also we avoid including a trailing " (double quote) from the error message * in entities/adapters, the well-named ``IUserFriendly`` adapter is made a bit smarter about how to handle missing rtypes. * the adapter also always produces a global message explaining the issue (and the fact that sometimes, the user is not shown all the relevant info) * i18n is updated Closes #2793789

[hooks/security] Streamline attributes default permission check. The current default permission on attributes delegates the check to the entity permission update policy. Since this is already checked it can be skipped. The equality comparison will work, even with a deserialized schema, because the default update perm is:: ('managers', ERQLExpression(Any X WHERE U has_update_permission X, X eid %(x)s, U eid %(u)s)) which will always be deserialized in this order (groups first). However this is a slight semantic change: entity type level 'update' permissions can now be effectively used to encode update-time rules if the default attribute permissions are used (before this change, the 'update' rules at entity type level were fired at creation time). Closes #2930861.

[test/schemaserial] swap got/expected to get nicer unittest2 diagnostics Prepares #2965518.

[repository] drop safe attribute on ``internal_cnx`` People that need to disable hook can do it explicitly anyway.

[dbapi] deprecated the dbapi

[repoapi] deprecate dbapi compat method

[testlib] deprecated the older api to access the repo.

[connection] deprecated free_cnset and set_cnxset

[session] deprecate all Connection related method on session

[session] drop dead _current_cnx_id Not used anymore for a few commit.

[session] privatise get_cnx and close_cnx The only user, repoapi now use ``new_cnx``

[doc] add documentation for the new API in test

[testlib] add an default testcase.adminaccess (and use it for default session) This adminaccess is the new offical way to get connection, and request on a repo.

[testlib] introduce a RepoAccess class to easily create connection and request Each RepoAccess hold a session for a user and three helper function to help create Connection, ClientConnection of WebRequest related to this session. related to #2920299

[repoapi] make ClientConnection.__enter__ return self This allow the standard idiom:: with repoapi.connect(repo, login='babar', passwork='elephant') as cnx: cnx.execute(…)

[documentation] describe repoapi and web side change. Short version explaining what object replace what and that BC existes for a few version.

[testlib] use internal_cnx instead of internal_session internal_session is deprecated.

[repository] add an ``internal_cnx`` method to replace ``internal_session`` Accessing the repo through a Session is deprecated. We need an easy replacement for ``internal_session``. This API change was a good occasion to stop disabling integrity hook by default. This is huge source of bug in user-code. related to #2503918

[connection] enforce that a connection must be open to be used The same than for ClientConnection, we ensure the connection is used inside a its context. .. note:: We may rely on that for ClientConnection and remove de dedicated code in Client Connection but I prefer the current explicite and duplicated version for now.

use standalone Connection to Client Connection

[session] add a new_cnx factory Having user-code importing cubicweb.server.session.Connection is inconvenient. We add a simple factory fonction on the session.

[connection] allow simple instantiation of standalone Connection Such connection will automatically pick a connection id. Note, They are not automatically closed on session close. But they will fails to grab new cnxset once the session is closed.

[connection] handle and explicitly life cycle on Connection Like ClientConnection, Connection object need to be explicitly started and stop. They aims to be used as context manager.

[sesion] distinction between Connection handled by the session and other. Not mixing the new and backward compat approach seems a good idea. Let's enforce it.

[session] replace _clear_thread_storage with close_cnx There is not good reason to keep two distinct method.

[session] explicitly take Connection object in close_cnx Now that ClientConnection explicitly reference and use the Connection object we do not need to use connectionid here. We can safely change this signature, ClientConnection is the only use of close_cnx for now.

[session] drop the Session._clear_cnx_storage method It is just cnx.clear() now.

[session] wrap too long line Too long line is too long. (Confucius 503 BC)

[session] gather close_cnx with get_cnx and set_cnx They do the same kind of operation and deserve to be grouped together.

[client-connection] remove the _srv_cnx usage It does not do anything special now that we use explicite Connection object with automatic cnx_set handling.