[ldapuser2ldapfeed] .values -> .iteritems (closes #2542872)

[ldap tests] cleanup in preparation of #2542083

[ldapparser] demote warning level (actually important user info can leak there) (prepares #2542083)

Remove changelog view (closes #2423532)

[dataimport] Allow to replace escape char in the create_copyfrom_buffer

[doc] fix function name FTIRANK

[json] enable jsonexport selection on empty rsets (closes #2544358)

[test] fix req default value handling in CubicWebTC.view (closes #2544376) It's no more than the standard ``if rset`` vs. ``if rset is None`` error.

[ajax] fix attribute lookup (closes #2491038)

[server] add debugging for Hooks & Operations (closes #2470048)

[dataimport] Add SQL Store for faster import - works ONLY with Postgres for now, as it requires "copy from" command - closes #2410822 This store will use: - copy from for massive insertions. - execute from for update. The API of this store is similar to the other stores.

[test] swap order in assert of `test_users_and_groups_non_readable_by_guests` unittest2 order is (expected, got), not the opposite. This help test report readbility.

[test] fix server/querier/build_descr1 test. There is no self.transaction of TestCase. I assumed the test writer meant a session. This seems to make the test pass.

[server] make `test_bfss_fs_importing_transparency` less verbose on failure Dumping the whole content of a file on failure is a bit annoying. We only print the bad version here (it's usually the file path).

[entity] drop redundant cache update This ``cw_attr_cache`` update is redundant, ``_cw_update_attr_cache`` already do this step.

[cw-ctl] silence msgcat and msgfmt (closes #2527594)

Added tag cubicweb-debian-version-3.15.7-1 for changeset c5400558f370

Added tag cubicweb-version-3.15.7 for changeset d8916cee7b70

prepare 3.15.7

[migration] fix crash when adding a new meta relation type. Closes #2532483

[ldapfeed] fix connection leak (closes #2532528)

[zmq] add an introductive docstring on ZMQComm

[server config] on quick start, system source is still activated. Closes #2535714

[web] use `inline` `Content-Disposition` by default (closes #2535734) since known time we have been serving static file with a `filename` parameter on the `Content-Disposition` header. But since d74addac92bb we explicitly serve file as attachment if a filename is provided. However this is valid to have `inline` disposition and `filename` parameter. This changeset revert this part of d74addac92bb, going back to `inlined` by default. `IDownloadable` code explicitly request `attachment` content to preserve expected behavior.

[web] allow configuration of the Content-disposition value The `set_content_type` function now takes and optional `disposition` parameter to control the value of this HTTP header. Use of `Content-disposition: inline` with a filename parameter are valid, so the presence of filename does not allows to choose between `attachment` and `inline`

[downloadable] fix filename HTTP header for simple name with space (closes #2535715) Since d74addac92bb, we export simple ascii filename without any encoding in the `filename` parameter of the `Content-Disposition` header. If this name contains space this will fails, the parameter value will be truncated at the space position. (eg. `filename=jungle babar.txt` read as `jungle`) We need to quote the filename to prevent this (eg. `filename="jungle babar.txt"`). Then literal quote and backslash needs to be escaped too. The new escaping is correct according this extensive test case data base: http://greenbytes.de/tech/tc2231/

merge fixes from stable

Added tag cubicweb-debian-version-3.15.6-1 for changeset b05e156b8fe7

Added tag cubicweb-version-3.15.6 for changeset 0163bd9f4880

prepare 3.15.6

[web] add a digital signature to error form (closes #2522526) Simple (and quite weak) implementation of a digital signature of the content to be submited by email in the error report view generated by ErrorView. The signature is a simple hmac hash computed using a secret key (generated at repository startup) and the "secret" form content to be included in the notification email. The controller can then check this content has not been modified or forged by a malicious user.

[web/views] bugfix: the mime type is text/plain, not text/txt (closes #2526345)

[doc] fix of personnal etc directory in book

[web] add a Forbidden exception This is similar to the Unauthorized exception, but generates a 403 error instead of a 401 (Unauthorized)

[web] add a ``anonymize-jsonp-queries`` option in file configuration (closes #2465388) This option controls connection anonymizing before executing any query for CSRF / safety reason.

[downloadable] fix filename in HTTP header (closes #2522325, #2522324) Before this changeset we use the `filename` header with utf8 encoded filename all the time. However RFC6266 says: The parameters "filename" and "filename*" differ only in that "filename*" uses the encoding defined in [RFC5987], allowing the use of characters not present in the ISO-8859-1 character set ([ISO-8859-1]). Therefore, we alter the code to: 1. Use `filename` and `ascii` encoding whenever possible, 2. use `filename*` with `utf8` encoding otherwise (with a filename fallback for old browser) We also switch the `content-disposition` value to attachement if filename is specified, this will result as a mandatory download according to RFC6266. This mandatory download is the expected behavior. We changes the filename encoding to RFC5987 which is simpler, supported by all and modern browser (including IE from version 6) and does not suffer from the continuation issue. (see ticket #2522324 for details)

docstring typo

[facet] make BitFieldFacet allow special 0 value. Closes #2522697

[doc] ubuntu LTS is now Precise Pangolin

backport stable

[server] implement base_url with secure=True (closes #2508638)

[validation api] properly use yams 0.36 validation error api and update message catalog. Follows bbe0d6985e59 the creation of the `translate` method in the 23a10f049447 yams commit.

[wsgi] saner use of `self.config` instead of `config`

[server] fix repository initialisation Changeset d753d6a6798f was breaking database creation. Dropping the `config.creating` clause lead to trying to load the schema from database even in creation mode. Conditional are a bit altered and reordered to prevent this to happen.

[web test] make unittest_viewselectors work if rdflib isn't available

[js/ajax] documentation of 'reload' is missing an argument

[ldapfeed] move docstring to the class instead of the module

[hook] fix hook base class so access to __registries__ doesn't call check_event, only call it in registered callback. Closes #2517748

[startup hook/looping tasks] separated hook for each looping task to ease modification from cubes. Closes #2517096

[ldaputils] should use entity.eid instead of entity on raising ValidationError. closes #2517095

[dbapi] provide get_option_value over DBAPIRequest (closes #2515522)

Added tag cubicweb-debian-version-3.15.5-1 for changeset 19e115ae5442

Added tag cubicweb-version-3.15.5 for changeset b0e086f451b7

prepare 3.15.5

[entity attr cache] mark attribute as uncacheable in the underlying function else we may miss some changes. Also rewrite a storage test currently failing because cache of the entity created by the test transaction, distinct from the entity created internally and given to hooks and all, has its attributes cache not updated. As this doesn't seems a proper usage, rewrite it as expected. Much probably closes #2423719 definitly.

[repository] move modification of appobject_path to repository initialization code so we can restore it later to avoid side effect on the config. Fix regression introduced in d32ab8570e5d

[req / session] drop is_internal_session (buggy) compat on base request by implementing necessary methods on internal manager

[check integrity] use session consistently

[test] use session commit/rollback to be consistent with the test

[merge] reintegrate that black sheep

[ldapparser] utf-8 uri + unicode emailaddr will crash if the later is not properly encoded (closes #2508515)

backporting

backport stable

fix no more running zmq repository test (closes #2500153)

[dbapi] load_appobjects must attempt to load available cubicweb configurations to avoid error when some object use a persistent propery (CWProperty) defined there. Closes #2497697

dummy merge

[ajax] reload function should set 'processing' cursor. Closes #2503899

[misc/scripts] a slightly experimental script to help repair LDAPUser cwusers suffering from split-brainite (closes #2497108)

[views/boxes] re-establish the proper selector (closes #2496294)

[ldapparser] raise specific error if the configuration is wrong (closes #2498164)

[skeleton] add pypi classifiers in __pkginfo__ and setup.py (closes #2502156)

[c-c shell -H] add verbosity=0 so we are not asked to confirm everything, as when not using -H

mock ``CWUser.prefered_language()`` on InternalManager objects. The recent split of patches for session refactoring broke this.

[session] fix arguments default value and promote usage of security_enabled as session method. Closes #2481820 One should use session method rather than direct usage of the context manager of the same name. Fix default argument values for consistency with the context manager: when one omit an argument, meaning is "keep the current value", not "disable security".

[session] promote usage of [deny|all]_all_hooks_but session methods rather than hooks_control context manager directly

[web app] move set of status_out into validation_error_handler to ease readability

[workflow test] don't use session.user, subject to internal changes

[db creation test] more testing of db initialization: call build_db_cache and ensure admin user exists

[source synchronization hooks] Fix/enhance system source hooks They are broken if launched during repository initialization (this was not the case yet, but will be soon...). Add additional checks to ensure one doesn't try to store system source config in the database, as it will be ignored in favor of the "sources" file.

[validation error] refactor validation error handling so translation is done on the web side Users should now use cubicweb.validation_error helper function that will activate the feature with other handy behaviours. Also test testing for message in errors should call exception.tr(unicode) before comparing. Using bare ValidationError keep backward compat.

[repo cleanup] drop code moved to querier by 7e264ce34cd4

[repo cleanup] drop code moved to querier by 7e264ce34cd4

Added tag cubicweb-debian-version-3.15.4-1 for changeset 70cb36c826df

Added tag cubicweb-version-3.15.4 for changeset 63260486de89

[facets] add link 'focus on selection' (closes #525277)

[server/utils] catch ValueError from password verification passlib can raise ValueError when it can't recognized a hash. Treat that as a wrong password.

[test] reindent and use request() rather than bare session this avoid error due to implementation details of session

[repo] fix debug code in DBG_REPO mode (closes #2469942)

[datafeed] properly call hooks for inlined relations on entity creation. Closes #2481156

[sources/native] automatically update passwords using deprecated hashes on login Closes #2465904

[repo pyro] fix previous commit: should not import Pyro in remoterql module/base class, it may be missing

massive copyright update to avoid clutering later patches

minor cleanups/typos

[session / querier] reorganize code to building result set descriptions

[web] search state doesn't need cnx, remove useless test

[schema] rename schema permissions function: session may also be a request, use _cw

[repo initialisation] during repo creation, load all hooks and entities code this simplify code and make it more consistent

[request/session] refactor language handling: don't attempt to sync web/repo languages This decouple thing and make code easier to understand. Previous behaviour was fine w/ validation error that were translated on the server side, but isn't satisfying for notification and all. Now: * translations should be done on the ui side (see previous validation error refactoring) * consistent behaviour: each side (web/repo) is responsible to deal with its request/session of language, no weird interaction between them on this topic * drop on the way the 'session properties' api, used only for that matter. -> much simpler/cleaner/saner api The thing missing being a way for user to tell "My favorite language is xxx but I also want cw to consider my http language header)

[config] turn internal configuration methods building appobjects search path into normal method rather than class method as this is useless and make path filters difficult to override (we had to override the class attribute, as instance attributes were not seen). Also rename related methods for consistency with current vocabulary

fix missing import

backport stable

[hooks/syncshema] fix logging level and nicer message (wrong changeset published previously)

[hooks/syncschema] do not crash on DROP of an already dropped index/... (closes #2465393)

[cwctl] show a better diagnostic message on version violation (closes #2464800)

[tabs] fix pb with non-lazy tabs: style isn't properly set due to missing jquery.ui activation. Closes #2465657 also do a small cleanup on the way, and properly implements render_entity rather than cell_call, as one would expect regarding default PrimaryView code.

[migration] fix backward compat for rename_relation

[datafeed] make cnxset handling of datafeed source more robust currently we may run in some cases where the session has no more cnxset depending on errors and parser's handling of the cnxset. Also, free the cnxset and reacquire it later, letting a chance to other threads to run.

don't use rset.rowcount in predicates, this makes them usable with other types such as lists

[c-c db-check] don't skip is/is_instance_of mandatory relation to avoid telling two opposite messages when the relation is missing. Closes #2465659

[ui tabs] avoid duplicate rset argument if already specified in tab kwargs. Closes #2464786

[entity edition] don't remove values from attribute cache on the repository side This follows changesets 552de9f0c46d, 1527b012802f, 25da1e5c7c50 and 4ba11607d84a. closes #2423719 ?

fix ldapuser test

Prepare 3.15.4

migration: replace empty passwords with random ones on upgrade

ldapuser2ldapfeed: create CWUsers with random passwords, not empty ones

[source/native] only system source users should be authenticated by the native source (closes #2465883)

[web test] fix test broken by 199fefe396ab

[fti] add some documentation

[form] add assertion to ensure field has a name when `role_name` is called

Added tag cubicweb-debian-version-3.15.3-1 for changeset 7ad423a5b6a8

Added tag cubicweb-version-3.15.3 for changeset 0e012eb80990

[pkg] prepare 3.15.3 release

[entity edition] stop comparing values as it may trigger exceptions (e.g. timeseries cube tests) Rely on a changes in yams instead where we have guarantee to have only comparable objects. This follows changesets 1527b012802f, 25da1e5c7c50 and 4ba11607d84a, and should definitly closes #2423719

[tabbed view] make tabs optionaly lazy: lazy=False on the tabbed view trigger synchronous tabs. Closes #2443038 This is useful for tabs holding a self-posted form for instance.

[web form] refactor Form.__init__ so that extra kwargs are set earlier in the process. Closes #2443040 (eg if you want to use them in .session_key)

[test rql completion] dont limit number of completion, else we've impredicable results. Also should tell rql.parse to not print error on stdout This repairs test introduced by dcd9bc1d1bca which closes #2439846

[entity] fix deprecation warnings (closes #2423719)

merge oldstable in stable

Added tag cubicweb-debian-version-3.14.9-1 for changeset 68c762adf2d5

Added tag cubicweb-version-3.14.9 for changeset 9337812cef6b

[ui] provide an autocomplete RQL bar (closes #2439846)

[ajax] improve backward compatibility for redefined ajax functions (closes #2447189) If an ajax function from stdlib (e.g. js_reledit_form) was redefined in a cube, the cube version should still takes the precedence< => check for existing ajax function on deprecated controller _before_ checking ajax function availability on the new one.

prepare version 3.14.9

[composite] apply composite on new enty too (closes #2450679) Before this changesets, automatic deletion did not applied to entity created in the same transaction. This patch remove this filtering in the dedicated operation. The original filtering where introduced by 5d889b4928bb but no rational where found for this changes. The former behavior is seen as inconsistent and creates bug in some cubes.

[storage] relies on event=='deleted' to detect "delete" event (closes #2450680) When we delete a previously edited entity, it *will* have a cw_edited attribute even if the goal is to delete it. The function get an argument that explicitly contains the "delete" event. The code now uses that instead.

[composite] apply composite on new enty too Before this changesets, automatic deletion did not applied to entity created in the same transaction. This patch remove this filtering in the dedicated operation. The original filtering where introduced by 5d889b4928bb but no rational where found for this changes. The former behavior is seen as inconsistent and creates bug in some cubes.

[storage] relies on event=='deleted' to detect "delete" event When we delete a previously edited entity, it *will* have a cw_edited attribute even if the goal is to delete it. The function get an argument that explicitly contains the "delete" event. The code now uses that instead.

[web navigation] previous / next icons are missing mandatory alt attribute

[testlib] consider rset for template / view selection (closes #2447183) The original code did something like: kwargs['rset'] = rset viewfunc = lambda **k: viewsreg.main_template(req, template, **kwargs) kwargs.pop('rset') return self._test_view(viewfunc, view, template, kwargs) meaning that by the time ``viewfunc`` (i.e. the lambda function) is called, ``rset`` was popped from ``kwargs`` and had no chance to be passed to ``main_template``.

[documentation] fix some ReST compilation problems

[test] remove no more necessary attribute cache manipulation to repair test

[entity] more tweaks for entity attribute cache handling on cw_set/cw_create to fix test regression * when an attribute is listed in dont-cache-attrs, purge any previous value * test value is actually modified in EditedEntity.__setitem__ before adding attribute to dont-cache-attrs

[entity/hooks] fix regression introduced by 4ba11607d84a on create_entity, attributes weren't cached, but they are since 4ba11607d84a and this triggered a bug: used values may be transformed by hooks (e.g. TidyHtmlFields), ending in invalid value in the cache. This is the regression. Now, set_attributes used to update the attributes cache while suffering from the very same pb. This is the now fixed old bug. Transformed attributes are now recorded in a transaction shared variable, and those are omitted from the client cache.

[doc] use :meth: and remove doc to deprecated methods

[doc] add passlib to list of dependencies

Added tag cubicweb-debian-version-3.15.2-1 for changeset 9aa5553b2652

Added tag cubicweb-version-3.15.2 for changeset 2afc157ea9b2

[test] missing future import

[web test] fix tests broken by 8de41063d629

3.15.2

[web login] fix after login redirection: redirect expect an url not a relative path. Breaks on cases like '?vid=aview'. Closes #2423575

[config] load_configuration should not crash because of fs errors. Closes #2286215

[entity api] unify set_attributes / set_relations into a cw_set method. Closes #2423719 Allowing similar usage as create_entity/cw_instantiate. Update cw code base to remove deprecated calls.

[workflow ui] fix state/transition edition form on existing entity. Closes #2423531 It should not return unrelated entities only in case where the entity exists. Also fix a deprecation warning, vocabulary values should be an unicode string.

[predicates] fix predicates that erroneously evaluate the entity passed as a parameter as a boolean, instead of testing its existence in the keyword arguments -using the kwargs.get('entity') idiom instead of 'entity' in kwargs or similar- ; closes #2424288

[book] fix build warnings/errors. Closes #2430042

[ldap feed] add missing future import

[ldap feed] fix error since with read security activated, password value is not selecteable (closes #2406597). Also add a note in the book about packages required to connect to an ldap server

[config] Set CWDEV, aka dev mode, according to presence of the i18n directory, not .hg

[book] Some tweaks to fix cubicweb-documentation package generation - Fix up PYTHONPATH setting to make sure sphinx can find cubicweb modules - Add a few missing build-dependencies

[webconfig] debug mode should not be special wrt data_url handling (closes #2405487)

[test] missing future import

[ldap] allow working connection to some ADs (closes #2408829)

[entity] fix unrelated_rql for creation form vocabulary for relation with specific permissions (closes #2423854)

[form widgets] fix JQueryDatePicker and JQueryTimePicker so they consider widget custom attributes. Closes #2423720

[web app] handle Redirect raised during session establishment, as this may be used by eg openid authentication. Closes #2430018

backport stable

[ldapuser2ldapfeed] fix confusing script structure and decode the extid to avoid an UnicodeDecodeError (closes #2413437)

[migraction] rename rename_relation method to rename_relation_type for consistency

[web app] only log tb when explicitly asked

typo

[views/tables|css] show actions in small tabs instead of menu indirection (closes #2004109)

stable is now 3.15

oldstable is now 3.14

[test] update server security test using login and new temporary_permissions context managers

[testlib] introduce temporary_permissions context manager Fix a test failure due to cached method on the way as usage of the context manager enforce proper interaction with schema objects

[rql2sql] remove debug print and fix bug introduced in 8469:69ad9a509bc3

[html form] use __linkto url parameter value as a default value of the corresponding field in a creation form (closes #2407770)

[rql2sql] fix generated SQL when an attribute relation with a variable is ored with another attribute relation. Closes #2410405

[repository] drop unused argument

[ui] actions box should be displayed if there are some actions, not if context is an entity. Closes #2419040

backport stable

[packaging] bump rql dependency to 0.29 (closes #2410042) Needed for add_eid_restriction with 4 args, usage of which was introduced in changeset aed065b97f12 (refactor entity fetch_rql method to use a RQL syntax tree instead of RQL strings)

[rql security] fix rql bug when using yams inheritance and read permissions (closes #2410156) problems occurings when querying using is_instance_of while a subtype has some permissions not shared by the parent type

[c-c schema] devtools: the output file for cw-ctl schema is not supposed to exist When using the 'file' type, logilab-common errors out if the file doesn't exist. Which, if the option refers to an output file, is not so useful. Use 'string' instead.

[fti] allow usage of custom RQL to fetch entities to index (closes #2410509)

[fti] make db-rebuild-fti accept etypes on command line (closes #2410508)

backport stable

[fti] drop entity cache once an etype is indexed (closes #2410507)

[server/utils] add_looping_task can be used any time (closes #2408814)

[formrenderers] if a tag object gets there, it blows (closes #2410462) - cwtags monkeypatches cubicweb's UStringIO's .write and .getvalue methods - but it cannot monkeypatch list.append ...

[login] redirect to real instance root if no postlogin_path is provided When not postlogin_path is provided, the login form issue a redirect to "/". The instance root may not be at "/" on the server. Then issuing a redirect to "/" send the user to the wrong location. We now redirect to "." which works fine because the "login" controller a direct children of instance root (http://babar.com/instance/login). All other redirection of the login controller use relative path too and then rely on this relative path from the login controleur to the instance root. This mechanism may be considered fragile and may deserve a proper fix. but this is to be discussed and implemented in another changeset.