[server] refactor cleanup() code used by "cubicweb-ctl delete" Try to make each logical step (i.e. "delete database" and "delete user") a bit more visible and explicit. This is a preparatory work to easily plug the "delete namespace" feature.

[views] visual refactorings (closes #3803685) - pageContent: - remove the shadow - add a light border - slightly round the corners - left column: - ensure width make it aligned with the logo (header) - ensure the top border of the first box is aligned with the pageContent div - do not use serif font for box headers

[web] everything old is new again Kill the "new" cubicweb.css, and move cubicweb.old.css back in its place. Closes #4763360.

[pkg] bump version to 3.20.0

[views] use icons for user menu and login (header) (closes #3803684) - use icons from the embedded pictograms font for: - authenticated user menu (userActionsBox) - login (CookieLoginComponent) - do not display "anonymous" when not logged in

[utils] provide a function to return an admin connection from an appid Closes #4723580.

[debian] Install wsgi directory in cubicweb-web package Closes #4752375.

[test] fixes to make tests pass with recent lxml lxml (on jessie at least, ie. 3.4.0) does not remove endlines anymore.

[server] Remove useless 'is None' checks 'pb' is never none since 3386fd89c914 when support for the 'APYCOT_ROOT' env var was removed.

[security] check attributes: dispatch on the "add" action if entity was just created cw_set on a just-created entity (i.e. created in the same transaction) should behave the same as setting the attribute directly on creation: check the 'add' permissions, not 'update'. Closes #4740310.

[doc] Add BigInt to the list of built-in types

[devtools] call turn_repo_off in tearDown (closes #4673491) lets it catch leaked sessions even when running a single test

[book] typos / clarifications in create-instance section Clarify that cubicweb-ctl upgrade needs to be run whenever cubicweb or a cube is upgraded. Related to #2632425.

[repository] don't mangle the stack trace on exception

[pkg] Make twisted recommended only It's not necessary when using wsgi or pyramid. Closes #4639508

[devtools] Use the pause_trace context manager instead of pause_tracing/resume_tracing The later were deprecated in logilab-common 0.63.1

[serverctl] rename remove_cube to drop_cube (closes #4545093) For the sake of consistency, since commands are currently named: - add_{cube,entity,attribute,relation} - drop_{entity,attribute,relation} - remove_cube

[wsgi] add tornado http server

[wsgi] add message about the active interface Similarly to what done in "stdlib".

[cwctl] rewrite wsgi method choices This will help devs to add new choices by adding their callback to WSGI_CHOICES. Note: ``options`` becomes a property because ``wsgichoices()`` should be evaluated at the last-minute.

[skeleton/debian] use dh_python2 instead of dh_pysupport for new cubes The former is deprecated.

[web] Add source for jquery.qtip.js Downloaded from https://github.com/Craga89/qTip1/raw/master/1.0.0-rc3/jquery.qtip-1.0.0-rc3.js Related to #3851121.

[web] Replace minified copy of jquery.flot.js 0.6 with non-minified version Related to #3851121

[web] Update jquery-treeview to the latest version Files copied from commit 61f230828ace1b54c2cc54bc549ece261b11842e of https://github.com/jzaefferer/jquery-treeview

[web/css] move jquery.treeview.css override to a separate file Patched embedded code copies are a maintenance disaster (even more so than plain embedded code copies). Let's not do that.

[web] Stop patching jquery.treeview.js This logically reverts part of e9b7cd2e9012 "allow treeview to work correctly in a tab #345293". The treeview and ajax code have suffered a number of changes since then, this change doesn't seem to be necessary anymore. It is most likely unneeded since f65208c9dbdc "[javascript] use jQuery.one('ajax-loaded') instead of jQuery.bind() in add_onload to avoid multiple callback executions".

[web] Beautify jquery.treeview.js Fully mechanical, just whitespace changes.

[entities/wfobjs] add missing `DBG_SEC` debugging informations and a new `transition` capability

[warnings] put an end to warnings in the sqlite driver over `str` being sent instead of unicode strings

[web/request] clearly mark user_callback-related methods as deprecated The deprecated decorator not only emits a warning at run-time but above all makes the deprecation immediately apparent in the source. closes #3567793.

[book] document __unique_together__, remove bad RQLUniqueConstraint example RQLUniqueConstraint should be avoided whenever possible. Related to #3753250.

[schema] stop using RQLUniqueConstraint (closes #3753250) The last uses are replaced with unique together constraints.

[dataimport] Have ucsvreader's API match that of csv.reader (closes #3705701) 'separator' and 'quote' are replaced with 'delimiter' and 'quotechar'.

[utils] Add a '_cwtracehtml' GET parameter to trace self._cw.w() calls (closes #4601327) The core of this patch is in UStringIO.write(). When tracing is enabled, write() doesn't just append the 'value' argument to the underlying list. Instead, a stack trace is recorded and a special HTML "source" is formatted. The output with tracing enabled is an HTML page, with the original HTML escaped, and made clickable to show the stack trace when the write() call was done. This allows answering the recurring question: "who wrote this tag here?!"

[datafeed] Add a raise_on_error parameter to DataFeedSource.extid2entity And pass the option from various `process_` methods in existing parsers. This makes debugging in tests easier. Closes #4601191.

[test/view forms] use the official, undeprecated API

[rset] kill the rset._rqlst cache Right now it "works" for the standard, internal uses. However when we will fold ClientConnection and Connection, it will hurt, because suddenly we get more cache hits, and the following situation would become commonplace: * there is an un-annotated _rqlst given by the querier * some view (e.g. facets) requests the .syntax_tree, which takes a copy of _rqlst * the view actually expects the rql syntax tree to be annotated, but it was not, hence we crash. Related to #3837233.

[source/native] session -> cnx Also swap process_results arguments order to make cnx come earlier.

[hookstests] change got/expected order

[config] kill a getattr

[tests/web] switch previous commit (136b5f995f8) to the new test api Related to #3670209.

[web] remove unused argument from treeview._init_headers

[doc/3.20] mention CWEP-002

[web] stop accepting the magic __message form parameter This has been deprecated for a while, and replaced by _cwmsgid, which doesn't allow arbitrary content.

[web/request] add security_enabled method Just forward to the underlying repo connection. This can be useful in the ORM when dealing with a "code-only" attribute, i.e. something that shouldn't be directly user-visible but must be accessible from a web request.

[dataimport] Fix use of _create_copyfrom_buffer() (related to #3845572) This is used indirectly by SQLGenObjectStore when running on a PostgreSQL database. Regression introduced by commit 70056633085c.

[c-c configure] make it possible to specify the section for sources configuration (closes #3477678)

[server] fix 'cnx' variable confusion in DBG_SQL exception case The rollback handling expects 'cnx' to be the cubicweb Connection, but the DBG_SQL block was replacing it with an sql connection, leading to lulz down the line. Also remove obsolete getattr (the sqlite wrapping is now done at the cnxset level, so cnx.cnxset.cnx should be the right thing already).