- 03 Jun, 2020 14 commits
-
-
Jérome Perrin authored
-
Jérome Perrin authored
This workflow is not really related to security
-
Jérome Perrin authored
-
Jérome Perrin authored
edit method has security definition on the class, gard is not needed here. This cause compatibility issues, in the past it was not necessary to have any permission to call edit from restricted code.
-
Jérome Perrin authored
This action is typically used to add notes in history in scripts, including in cases where user does not have modify portal content permission on the document.
-
Jérome Perrin authored
-
Jérome Perrin authored
Wrapping a method in a workflow method should not change the publishable state the method. If the original method is not publishable, wrapping it in a workflow method should not make it publishable. If the original method is publishable, then the wrapped method should still be publishable. This was always intended to work like this, as we can see in the code comment in `WorkflowMethod.__init__` but was not properly tested and got broken at some point. It's important to restore the behavior, because workflow methods such as `validate` should not be published, users must only be able to use the user interface transitions freely, workflow methods transitions are only available if developer expose them in a script - and perform the necessary consistency and security checks in that script.
-
Jérome Perrin authored
-
Jérome Perrin authored
Only "user action" methods needs a security declaration.
-
Jérome Perrin authored
This can hide bugs, especially when updating business templates. TODO: if we drop this we can also drop the command line flag
-
Jérome Perrin authored
This is not supposed to happen and can hide errors.
-
Jérome Perrin authored
This addresses the problem of https://nexedijs.erp5.net/#/bug_module/20180719-135FAA8 a KeyError raised when some categories in a subtree are modified and some are removed and the corresponding base category is also installed as a base category. The problem was that both CategoryTemplateItem, which is in charge of updating the base category and PathTemplateItem, which is in charge of updating the categories listed as path both use the same ObjectTemplateItem.install method, with the same object_to_update dict. ObjectTemplateItem.install uninstall all objects that are listed in object_to_update and not in self._objects so something like this happened when business template from test_update_business_template_with_category_having_subcategory_tree_modified is updated: 1. PathTemplateItem.install is called for the base category, portal_categories/test_category/modified/removed looks removed, so it is backed up. Because the the parent paths are not parts of self._objects, trash tool will create simple trash folder for portal_categories/test_category/modified 2. PathTemplateItem.install is called for the paths, portal_categories/test_category/modified is modified, so the previous version will be backed up. At this point trash tool looks in the trash bin and the path for portal_categories/test_category is already present, so trash tool sees that path exists and does not return subobjects, so after portal_categories/test_category/modified is modified, the subjects such as portal_categories/test_category/modified/container_in_which_child_is_added are not restored and creating 'added' caused a KeyError('container_in_which_child_is_added') The approach is to make CategoryTemplateItem.install only consider base categories - ie. objects where path is portal_categories/* and not the subobjects, because they don't belong to CategoryTemplateItem but to PathTemplateItem. Co-authored-by: Georgios Dagkakis <georgios.dagkakis@nexedi.com>
-
Jérome Perrin authored
Business template have some logic to keep uids when updating objects: during installation, when an object is modified, business template first remember the uids for this object and all its sub-objects, replaces this object with the new version then recursively set the uid on updated objects, so that updating an ERP5 document by business template does not change its uid because this would break catalog. When an object containing sub-objects is updated, it becomes a new object in ZODB and sub-objects of the previous object are set as child of the new object. This works even if the case of sub-objects being instances of ZODB Broken class, except that the step where we restore the uid fail as it's not allowed to modify a broken object. Instead of unconditionnally setting the sub-objects uids, check that we actually need to set it, because if it's already the expected value then we don't need to touch the object.
-
Jérome Perrin authored
-
- 02 Jun, 2020 3 commits
-
-
Jérome Perrin authored
These new versions contain several small improvements. It seems this version of prettier formats javascript in a way that jslint does not complain about. Also contain some small fixes for our renderjs and rsvp type definitions, so that monaco-editor-gadget.js can typecheck. See merge request nexedi/erp5!1139
-
Jérome Perrin authored
* "Create Skin Folder" action had a typo, so it was not setting the `business_template_skin_layer_priorty` property that business template is using when installing. * "Create Report" was not updated for the new "action title" feature of forms. This time, add the missing tests that should have prevented these problems. See merge request nexedi/erp5!1133
-
Jérome Perrin authored
Enable coding style on erp5_forge, after removing several problematic scripts that did not seem used. See merge request nexedi/erp5!1134
-
- 01 Jun, 2020 8 commits
-
-
Jérome Perrin authored
-
Jérome Perrin authored
In monaco 0.20.0 "peek references" is not properly displayed when automaticLayout is true. This is fixed on master branch so next release should be OK. For now, use a resize event handler to re-layout the editor when size change, then we don't need the automaticLayout.
-
Jérome Perrin authored
document.body is accessed very early in scripts loading, in https://github.com/microsoft/vscode/blob/c6e3a94892eaccbce9995ee02a06febec5492fec/src/vs/editor/contrib/suggest/suggestRangeHighlighter.ts#L106 if we leave body after head, for some reason document.body is null here and loading fail, which leaves an editor where things like Ctrl+Space does not trigger completions Moving body before head is just a workaround, but that was code was removed in https://github.com/microsoft/vscode/commit/f913854bd66362a1350ea43c305ad92c151796bf hopefully when we update to monaco > 0.20.0 that won't be needed again.
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
- Promise signature is different, we have canceller - delay was missing - Queue.push signature was incorrect
-
Jérome Perrin authored
Using https://lab.nexedi.com/jerome/monaco-editor-erp5/ at revision f59a79d15b7cfbb2f76d53fc01d2aab8e9316d40 and running: npm install npm run deploy -- --url=http://host:port/erp5/portal_skins/erp5_monaco_editor/monaco-editor --username=user --password=password then use ERP5Site_setSkinCache to set cache
-
Jérome Perrin authored
-
- 29 May, 2020 15 commits
-
-
Sven Franck authored
erp5_corporate_identity: only images with alt attribute specified will be added to the table with images
-
Georgios Dagkakis authored
-
Georgios Dagkakis authored
-
Jérome Perrin authored
-
Jérome Perrin authored
it was skipped in testXHTML, to enable coding style test for forge we also need to skip it here.
-
Jérome Perrin authored
-
Jérome Perrin authored
this is a 10 lines "maybe useful one day" script, we don't need this
-
Jérome Perrin authored
I don't think anybody still uses this.
-
Jérome Perrin authored
this code is invalid and does not seem used
-
Jérome Perrin authored
this code is full of errors and does not seem referenced
-
Jérome Perrin authored
-
Jérome Perrin authored
the property name had a typo, so it was not correctly used for priorities
-
Jérome Perrin authored
-
Jérome Perrin authored
BusinessTemplate_createReport was broken since this argument was introduced.
-
Jérome Perrin authored
Since commit d2b20acd004441d1cb8d36f33ed7ca112dff0d17 on slapos.git we are using gcc 8.2 which seem to generate slightly faster code, so we adjust the min time because tests were failing because we are now too fast.
-