- 16 Jun, 2023 4 commits
-
-
Jérome Perrin authored
to indicate success or failure Also add a code comment about the changes from e50e45e4 (erp5_core: Password Tool should not leak info on users, 2020-12-30), because while looking at this code it seems there was a mistake here.
-
Jérome Perrin authored
It was wrongly named password_confirmation in some places and this was silently ignored because the parameter is not used at the moment and because of **kw in the signature. This is a preparatory commit so that we can check that the password and the confirmation match
-
Jérome Perrin authored
Rewrite to not use legacy "Sequence", some python3 fixes, use urllib to assert URLs, use more consistent passwords. Also extend coverage a bit: check that the email contains the key, check that login lookup does not use catalog search syntax.
-
Jérome Perrin authored
There is no zmi_icon on Zope2.
-
- 15 Jun, 2023 1 commit
-
-
Jérome Perrin authored
-
- 07 Jun, 2023 2 commits
-
-
Rafael Monnerat authored
See merge request nexedi/erp5!1791
-
Rafael Monnerat authored
See merge request nexedi/erp5!1789
-
- 06 Jun, 2023 1 commit
-
-
Rafael Monnerat authored
This is expected that constraints can call getConstraintType() if they are filtered: return context.checkConsistency(fixit=1, filter={'constraint_type': 'post_upgrade'},) Module Products.ERP5Type.Core.Folder, line 1476, in checkConsistency error_list.extend(obj.fixConsistency(filter=filter, **kw)) Module Products.ERP5Type.Base, line 2714, in fixConsistency return self.checkConsistency(fixit=True, filter=filter, **kw) Module Products.ERP5Type.Core.Folder, line 1476, in checkConsistency error_list.extend(obj.fixConsistency(filter=filter, **kw)) Module Products.ERP5Type.Base, line 2714, in fixConsistency return self.checkConsistency(fixit=True, filter=filter, **kw) Module Products.ERP5Type.Core.Folder, line 1462, in checkConsistency **kw Module Products.ERP5Type.Base, line 2686, in checkConsistency for constraint_instance in self._filteredConstraintList(filter): Module Products.ERP5Type.Base, line 2739, in _filteredConstraintList constraints = [x for x in constraints if x.__of__(self).getConstraintType() in \ AttributeError: 'RequestContainer' object has no attribute 'getConstraintType'
-
- 02 Jun, 2023 1 commit
-
-
Rafael Monnerat authored
There is a missing "r" on the link, acording to apache documentation: Additionally you have to create symbolic links named hash-value.rN. And you should always make sure this directory contains the appropriate symbolic links. See: https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
-
- 30 May, 2023 1 commit
-
-
Vincent Pelletier authored
This reverts commit 89aa2a6b. The assumption that FOR UPDATE was unnecessary is wrong: when SQLDict reserves similar activities, it will race against these primo-reservations. So this change actually opens the possibility for duplicate activity reservation. Revert this change until (hopefully) a better fix is implemented.
-
- 29 May, 2023 1 commit
-
-
Jérome Perrin authored
In case of network problems, the http requests made to google during login may take too long and cause global unavailability of the ERP5 instance. Today we saw in long request logs: 2023-05-29 07:10:35,662 - Thread 140596157511424: Started on 1685336511.6; Running for 524.1 secs; Same. oauth2client does not expose an API to set a timeout, but it allows passing a custom http instance where we can set a timeout.
-
- 24 May, 2023 1 commit
-
-
Roque authored
-
- 18 May, 2023 4 commits
-
-
Jérome Perrin authored
On Zope2 this method does not exist and this caused a test failure ====================================================================== FAIL: test_method_protection (testSecurity.TestSecurity) ---------------------------------------------------------------------- Traceback (most recent call last): File "parts/erp5/Products/ERP5/tests/testSecurity.py", line 110, in test_method_protection self.fail(message) AssertionError: The following 1 methods have a docstring but have no security assertions. parts/erp5/product/ERP5Type/patches/BTreeFolder2.py:111 manage_delAllObjects
-
Jérome Perrin authored
See merge request nexedi/erp5!1786
-
Jérome Perrin authored
To write a pid file so that logrotate can send us signals. This is still needed for neo storage for now. See slapos!1395
-
Jérome Perrin authored
Loading ZConfig will initialize storage and generally might do things that will cause messages to be emitted. One actual problem is with neo storage, which configure root logger when it's not already configured [1], this was causing all logged messages to be logged in the console when using neo storage. 1: https://lab.nexedi.com/nexedi/neoppod/blob/fd87e153/neo/lib/logger.py#L63-64
-
- 17 May, 2023 3 commits
-
-
Sebastien Robin authored
-
Yusei Tahara authored
It is easy to see contents ordered by id by default in ERP5Site.
-
Yusei Tahara authored
Protect data from human error. There are unbelievable mistakes. ERP5 is a place to store important data that must not be deleted easily.
-
- 16 May, 2023 4 commits
-
-
Yusei Tahara authored
-
Xiaowu Zhang authored
-
Xiaowu Zhang authored
-
Yusei Tahara authored
-
- 15 May, 2023 2 commits
-
-
Jérome Perrin authored
Errors in getObject (typically, unauthorized) were hidden by another error in finally block, because popRequest can only be called if pushRequest was executed before.
-
Jérome Perrin authored
The roles were missing
-
- 12 May, 2023 2 commits
-
-
Yusei Tahara authored
-
Yusei Tahara authored
Thanks to Vincent Pelletier for his help on this bug fix.
-
- 08 May, 2023 2 commits
-
-
Jérome Perrin authored
also set hide_rows_on_no_search_criterion to force displaying the list even without search, this is a report, we we always want to see records.
- 03 May, 2023 2 commits
-
-
Roque authored
-
Xiaowu Zhang authored
See merge request nexedi/erp5!1781
-
- 02 May, 2023 7 commits
-
-
Jérome Perrin authored
This is done on the process running test (by ERP5TypeTestCaseRequestConnection) and when using timerserver loop (by TimerServer which calls publish_module), but this was never set in processing_node. Before 3b874e49 (ERP5Type/tests: review requests in tests, 2023-04-19) getRequest could find a request anyway, because the test pached getRequest to find a request from the app, but after this change executing activities in an instance running with runUnitTest without test specified failed with: Module importlib, line 37, in import_module __import__(name) Module Products.ERP5Type.dynamic.component_package, line 412, in load_module return self.__load_module(fullname) Module Products.ERP5Type.dynamic.component_package, line 379, in __load_module erp5.component.ref_manager.add_module(module) Module Products.ERP5Type.dynamic.dynamic_module, line 75, in add_module self.add_request(get_request()) Module Products.ERP5Type.dynamic.dynamic_module, line 53, in add_request self.setdefault(last_sync, (WeakSet(), set()))[0].add(request_obj) Module _weakrefset, line 86, in add self.data.add(ref(item, self._remove)) TypeError: cannot create weak reference to 'NoneType' object ( maybe we remove processing_node and use only timerserver, these two methods are more or less equivalent for simple cases and timerserver is closer to what a "real" zope does )
-
Xiaowu Zhang authored
-
Jérome Perrin authored
unittest executes the cleanups after `tearDown`, after the ZODB connection is closed, so accessing database objects cause errors. According to python unittest documentation, it is safe to call `doCleanups` ourselves when we need the cleanup to be executed earlier, this is a typical case where we want the cleanup to be called before closing the database connections.
-
Jérome Perrin authored
ID is not something we like to show to users, modification date and validation state can be better - this assumes that most of the relation are made to nodes, which typically have a validation state and not a simulation state.
-
Jérome Perrin authored
The general idea of this patch is that now that we are using zope.globalrequest, we no longer need to patch get_request, we can simply call zope.globalrequest.setRequest with the request from the test and restore the "real" request afterwards. To achieve this, we reuse Testing.ZopeTestCase.connections.registry, which already has the logic of cleaning up resources in the right place and use a "Request" resource that calls setRequest(test_request) and setRequest(real_request) when closed, so that: - test runs with an independant request - this test request is closed at the end - the real request is restored at the end This also fixes a bug with self.publish when runnning ERP5TypeLiveTestCase from portal_components of a running instance, after a call to self.publish the current request was lost. The testing for this revealed that ERP5TypeLiveTestCase.publish way of dealing with zope.security interaction was not always correct: when running a live test inside runUnitTest (like we do here in testDynamicClassGeneration), there is no security interaction. This was reviewed to use the high level API instead of changing directly the internal storage.
-
Jérome Perrin authored
This can be useful when making a report on movements and when we list properties of the movements that depend on the side but are not directly exposed on MovementHistoryListBrain. One use case was `Movement_getSpecificReference`, which shows `source_reference` when the brain is for the source and `destination_reference` otherwise. With this new approach, instead of guessing we record the "is_source" information at indexing time, when we know this for sure. This also simplifies `MovementHistoryListBrain.date` and `MovementHistoryListBrain.mirror_date` which no longer need to guess the side and fix a problem that because this guessing was done using `movement.getSourceUid()` - which cause security errors when users can not access the source of the movement.
-
Jérome Perrin authored
When editing a state permission mapping the roles were not sorted, because WorkflowState_getPermissionMatrixContext uses a set. Sort before setting the attribute, to prevent useless diffs in ZODB history and business template.
-
- 27 Apr, 2023 2 commits
-
-
Jérome Perrin authored
default activate() behavior is to not queue the activity if another activity with the same path/method_id already exist. We don't want this here.
-
Jérome Perrin authored
We don't even use the new updateLocalRolesOnSecurityGroups instead, because roles are supposed to be applied by an interaction workflow.
-