[serverctl] use repoapi for db-check, add-source, rebuild-fti commands One more step towards getting rid of dbapi.

[devtools] make get_repo_and_cnx return a repoapi ClientConnection And adjust callers accordingly (they need to use it as a context manager to open/close it properly).

[repoapi] Avoid deprecation warnings from session.id Apparently it's called session.sessionid now.

[server] some s/session/cnx/ For merely accessing the database we need a connection, not a session.

Move setting session.mtime from dbapi to web session manager clean_session was broken since the switch away from dbapi on the web side, since session.mtime wasn't being set anywhere.

[web] whitespace cleanup in http_headers.py

[web] implement cross origin resource sharing (CORS) (closes #2491768) Partial implementation that is enough to get started but leaves out some of the advanced features like caching and non-simple methods and headers.

[devtools] add a 'method' argument to RepoAccess.web_request so that one can easily forge a request with any HTTP method. Also a bunch of clone cleanups.

[web] Fix handling of some http headers The generator takes as argument a list of raw string values, and is supposed to return the parsed version. Calling str on that list makes no sense.

[web/request] deprecate user_callback Storing closures in session data considered harmful. Closes #3567793

[doc] undocument user_callback Related to #3567793

Added tag cubicweb-centos-version-3.17.14-1, cubicweb-version-3.17.14, cubicweb-debian-version-3.17.14-1 for changeset fa00fc251d57

[migractions] Better handle removal of RQLConstraint in sync_schema In rdef synchronisation, filter unmodified constraints before processing the sets of old and new constraints. Add a new `constraint_by_eid` method on RelationDefinitionSchema, which eliminates the ambiguity of `constraint_by_type` usage when several constraints of the same type are involved in the same migration. Closes #3633644.

[test] when the config change, we should cleanup sys.path and sys.modules. Closes #3634164 Without this, modules imported within instance home will be messed up.

[wsgi] make sure request.content is available for consumption The wsgi.input stream is not seekable, so make a copy either to memory or disk so it's still available to the user even after we've parsed it (for POST form processing). Closes #3554996

[facet] create a RangeRQLPathFacet (closes #2852512) This facet is a mix between a RQLPathFacet and a RangeFacet, allowing to use the FacetRangeWidget on the RQLPathFacet target attribute

[request] Make sure set_message() actually displays its given message (closes #3003425) The default automatic form sets a standard submit message as session data. However in some cases, such as the cancellation of a form edition, another message is intended to be printed on-screen. This patch makes sure that set_message() really scrubs all previous messages (and ids) from the request object and from the session data.

[pkg] prepare 3.17.14

[hooks/syncschema] do not crash on double removal of a constraint Some complicated migrations may entail a double constraint removal. It is not yet known whether this is a genuine cw bug or the result of a complicated migration story, but we should nevertheless not crash. Rather, emit a CRITICAL warning and proceed. Closes #3595309.

[doc/book] Fix typo in import

[server/session] fix a couple typos in doc strings

[server/migractions] finish migration to repoapi objects Changeset 241b1232ed7f (Use repoapi instead of dbapi for cwctl shell, upgrade and db-init) only did half of the job. It left the migration handler with both a session (cubicweb.server.session.Session) and a cnx (cubicweb.repoapi.ClientConnection) attribute with different ideas of what Connection they were talking to. With this change, we: - make the caller responsible of disabling security on the Connection if it wants to - turn mih.session into an actual attribute, set on __init__ - same for cnx (the client connection) - drop the "lazy connection" logic, and establish the connection up-front - always go through the connection instead of the session when we need to talk to the db

[server] use the ClientConnection directly now that it has more methods available Gets rid of ugly self.cnx._cnx.

[repoapi] add security/hook control and system_sql Just redirect these methods to the repo-side Connection.

[predicates] fix thinko in doc strings Replace "e.g." with more appropriate "i.e.". These are not examples.

[web/basecomponents] remove EtypeRestrictionComponent Closes #3119951

[ldapparser, book] document additional error causes

[js] remove leftover dead code in loadxhtml form.callback support was removed in changeset 68cde7431c2c, but some signs of it remained.

[web] Avoid using an empty dict as default parameter of 'CubicWebRequestBase'. Also update the related docstring of the __init__ method.

[schema] fix composite deletion handling Do not delete component entities if the composite is not deleted in the same transaction. Deletion semantics are thus: if the composite is deleted, the components are deleted. Closes #3463112.