1. 31 Aug, 2020 3 commits
    • Jérome Perrin's avatar
      base: restrict changing a user id · 45d16764
      Jérome Perrin authored
      while setting an initial user id should be allowed for any user which can
      create a person, changing an already set user id can have security
      implications, so we protect it with a more strict permission
      45d16764
    • Jérome Perrin's avatar
      core: display login in caption · b9cdfb58
      Jérome Perrin authored
      user_id are technical things that should not be displayed to users.
      
      In the case of tokens, for now we show "something that's not user id / not the
      token secret". That's not ideal but as far as I know whe don't really have use
      cases of tokens to show a page where user caption would be displayed.
      b9cdfb58
    • Jérome Perrin's avatar
      Fix issues with Person.setUserId unicity check · d87bda30
      Jérome Perrin authored
      Person.setUserId is heavy, it serializes person module to prevent concurrency,
      but in some cases we the risk of having duplicate user ids is under control, so
      we don't want to pay the performance price.
      
      See merge request nexedi/erp5!1242
      d87bda30
  2. 27 Aug, 2020 1 commit
  3. 26 Aug, 2020 1 commit
  4. 25 Aug, 2020 3 commits
  5. 24 Aug, 2020 4 commits
  6. 21 Aug, 2020 5 commits
  7. 19 Aug, 2020 8 commits
  8. 18 Aug, 2020 2 commits
  9. 17 Aug, 2020 6 commits
    • Jérome Perrin's avatar
      base: don't check unicity when migrating Person.reference to user_id · 3ee1dfb0
      Jérome Perrin authored
      This activity is spawned on all nodes, which cause too many conflicts.
      We can take the risk here, assuming that references were already OK
      before migration.
      3ee1dfb0
    • Jérome Perrin's avatar
      base: introduce Person.initUserId · f8cd3922
      Jérome Perrin authored
      Person.setUserId does expensive checks to ensure that user ids are
      uniques, but the default id generator already guarantees unicity, so
      when default id generator is used we don't need Person.setUserId unicity
      checks.
      
      Now when generating user ids, we only consider user id conflict with existing
      users, because it's not so expensive and might still happen, for example if
      user ids have been migrated from person references when erp5_users PAS plugin
      was used.
      person.setUserId still performs the expensive checks to prevent duplications
      against other transactions using person.setUserId, but not against other
      transactions using person.initUserId
      f8cd3922
    • Jérome Perrin's avatar
      *: check type based methods are not None · 05fe5e19
      Jérome Perrin authored
      should be same for cases where type based method is a python script, but
      is a bit more explicit/safe and consistent with other usages.
      05fe5e19
    • Jérome Perrin's avatar
      base: rename tests for person property acqusition · c9d1489c
      Jérome Perrin authored
      In 93e30e5e (Person: Store user id in new user_id property., 2016-12-09)
      we adapted this test to the new behavior: title fallback to user_id or
      id, but since persons always have a user_id by default, this test was
      changed to check that title fallbacks to user_id, but the name of the
      test still mention "fallback to id" which became a bit different from
      what was tested here.
      
      Revert testEmptyTitleFallbackOnId to check that title fallbacks on id,
      using persons without user id and introduce new
      testEmptyTitleFallbackOnUserId to describe the new behaviour with user
      id.
      c9d1489c
    • Jérome Perrin's avatar
      l10n_fr: fix typo · cfc9ef81
      Jérome Perrin authored
      cfc9ef81
    • Jérome Perrin's avatar
      accounting: fix typo · 768ec0d6
      Jérome Perrin authored
      768ec0d6
  10. 14 Aug, 2020 4 commits
  11. 13 Aug, 2020 1 commit
  12. 12 Aug, 2020 2 commits