[web/data] Remove broken jquery-json plugin (closes #3590335) Conversion of Date() objects is somehow broken (don't know why beyond that it's due to jquery-json's monkeypatched Date.toJSON() method). Use the now-standard JSON.stringify() instead. http://caniuse.com/#feat=json says it's supported by all browsers, and even IE going back to version 8.

Add missing relation types items in schema global variables Some of these global variables are used, in particular, to control schema views (web/views/schema.py). While they are currently not properly documented (see #3360868), their definition are currently incomplete (e.g. one could reasonably expect to find ``cw_schema`` in ``SYSTEM_RTYPES``). Closes #3486114.

[web] return 403 for Unauthorized, not 401 401 is reserved to HTTP authentication. Just because it's also called "unauthorized" doesn't mean it's the same as cubicweb's Unauthorized exception. Closes #3648809.

[test] update unittest_repoapi to 3.19 api (sic) [jcr: while at it, fix typos and add missing __main__ section]

[test] update unittest_utils to 3.19 api

[test] update unittest_rset to 3.19 api [jcr: use self.admin_access instead of creating a new one each time]

[test] update unittest_rqlrewrite to 3.19 api

[test] update unittest_req to 3.19 api [jcr: use self.admin_access instead of creating a new one each time]

[test] update unittest_predicates to 3.19 api [jcr: use self.admin_access instead of creating a new one each time]

[web/test] port unittest_reledit to RepoAccess API

[web/test] port unittest_magicsearch to RepoAccess API request created in setUp makes context manager usage painful, so create a context manager to do the setup for each test class.

[web/test] use real_error_handling context manager instead of open-coding it

[web/test] port unittest_idownloadable to RepoAccess API

[web/test] remove useless calls to self.request() from CORS tests

[web/test] port unittest_formfields to RepoAccess API

[web/test] port unittest_form to RepoAccess API

[web/test] port unittest_facet to RepoAccess API

[web/test] move unittest_controller to RepoAccess test API

[web/test] port unittest_breadcrumbs to 3.19 test api

[web/test] avoid deprecation warnings from find_entities()

[web/test] port unittest_application to new 3.19 API

[test] silence warnings for unittest_schema by upgrading to new 3.19 API

[test] silence warnings for unittest_cwctl by upgrading to new 3.19 API

[test] replace some assert{True,False} with more specific method

[test] silence warnings for unittest_entity by upgrading to new 3.19 API

Fix constraint sync during migration - restore constraints lost during merge in test schema. - use constraint_by_eid in BeforeDeleteCWConstraintHook as done in 3.17.14 for BeforeDeleteConstrainedByHook. Fixes handling of multiple constraints of the same type. - make sync_schema_props_perms() delete the CWConstraint entity instead of the constrained_by relation. In 3.19, the latter doesn't automatically result in the former just because the relation is composite. Simplify the constraint migration to delete all removed constraints and recreate new ones even if they share the same type; that optimization made the code more complicated for (AFAICT) no significant reason.

merge 3.18.4 into default server/test/unittest_migractions fails due to interaction between new constraint test (from 3.18) and composite deletion change (in 3.19).

Added tag cubicweb-version-3.18.4, cubicweb-debian-version-3.18.4-1, cubicweb-centos-version-3.18.4-1 for changeset 0176da9bc752

[test/data] Add missing 'add' permission on attribute Silences a warning introduced in 3.18.

[hooks/notification] Fix indentation Follow-up for changeset 1b8552265f3b "[hooks/notification] use a cnx not a session"

[devtools] deprecate CWTC.user()

minor cleanups

some copyright updates

[devtools] properly close open access on tearDown avoiding further warning about living sessions while the repo is turned off. The doc string says: The RepoAccess need to be closed to destroy the associated Session. TestCase usually take care of this aspect for the user. but that wasn't true until now.

[devtools] make comment (a bit) more readable

[devtools] avoid an internal deprecation warning websession and session are now one and the same.

[server/session] undeprecate session.anonymous_session It's not connection-specific.

[web/sessions] use session.sessionid instead of deprecated session.id

[repo] don't set cnxset when getting the session to close it and avoid warning about that. session._cnx.rollback won't do anything if it's not set and a newer connection is now created to run the session_close hook, so there is not need to set cnxset. Notice we have to take care about not trying to rollback the underlying cnx when the session is not 'session_handled' (i.e. bw compat mode). This case only occurs due to hackish things to keep bw compat in testlib.

[repo] handle connection explicitly when calling session open/close hooks

[hooks/syncschema] work with connections not sessions

[server/sources] {before,after}_entity_insertion wants a cnx not a session

[hooks/syncsources] use a cnx not a session

[hooks/notification] use a cnx not a session

[hooks/metadata] use a cnx not a session

[hooks/bookmark] use a cnx not a session

[hooks/workflow] use a cnx not a session

[hooks/email] use a cnx not a session

[hooks/integrity] use a cnx not a session

[hooks/security] let's use a connection, not a session

[server/sources/native] deal with connections, not sessions

[server] eschema_eid needs a connection, not a session

[repository] operations get a connection instead of a session Left extid2eid unchanged because that function scares the shit out of me.

[server/hook] operations get a connection instead of a session

[repository] Use an internal connection in register_user

avoid to internally raise 3.19 warnings

[sources] ensure we have a cnxset in undoable_transactions

[server] move security/integrity hook management away from InternalSession.__init__ and to Repository.internal_{session,cnx} instead. Lets internal_cnx avoid deprecation warnings.

[migration] make 'session' object be a server-side Connection, not ClientConnection I think this better corresponds to the previous behaviour. However, that Connection does not have a cnxset, which should probably be changed (for both interactive_shell and cmd_process_script).

[sources] Skip problematic sources when starting shell instead of crashing. Closes #3670208 At least this gives an opportunity to fix the problem in using c-c shell, which is currently not possible because it crashes during initialization. Notice that since sources are copy based, it should not be a problem at all to have some disabled, beside for services such as authentication sources as ldapfeed.