1. 24 Feb, 2022 6 commits
    • Klaus Wölfel's avatar
      erp5_configurator_standard_solver: Add missing solver_workflow to Quantity Split Move Solver · 20ec2472
      Klaus Wölfel authored
      The missing workflow resulted in a bug when moving quantities multiple times, first to one delivery, then to another delivery. Then the same solver process with same decision was used as for the first time even if the first delivery was already delivered or movement was deleted. The reason was that Quantity Split Move Solver did not change to succeeded state after solving, so Solver Process did not change to solved state.
      20ec2472
    • Xiaowu Zhang's avatar
      2d0c1169
    • Vincent Pelletier's avatar
    • Vincent Pelletier's avatar
      erp5_core_test testERP5Catalog: Do not compare creation_date with modificatoin_date · c06e2069
      Vincent Pelletier authored
      Creation date is defined as the oldest date of any workflow history on the
      considered document.
      Modification date is defined as the newest date of any workflow history
      on the considered document.
      As soon as there is more than one workflow on a given document, these
      values can differ: they are set with the wall-clock time at the moment
      the workflow history of each workflow is initially filled, so one can land
      just before a second change and the other right after.
      So comparing them is meaningless, catalog or not, and just causes this test
      to be unstable.
      c06e2069
    • Jérome Perrin's avatar
      ERP5Security,erp5: simplify EncryptedPasswordMixin.setPassword · b7a60478
      Jérome Perrin authored
      For historical reasons, EncryptedPasswordMixin.setPassword was public
      and did its own security checks, this was the case since 7d0882ef (
      setPassword have to do explicit security checks…, 2007-11-12), this was
      because we wanted to support cases where user can edit the login ("Edit
      portal content" permission), but not changed the password ("Set own
      password" permission).
      
      Also, we wanted to support the case where login is edited through a view
      form, in that case we have a my_password field that is empty and we
      don't want to set the password to None in that case.
      
      For these two reasons the API to set password was very complex and
      behaving differently from other accessors: usually setSomething(None)
      just set something to None, ie. "unset" something, but for passwords it
      was not the case. Also we had to introduce _forceSetPassword method,
      which sets the password without security checks, so that it can be
      called from unrestricted code for cases where user does not have the
      permission to reset password (like in the reset password scenario).
      
      Since d1312cdb ( make edit check the security remove all useless
      security declaration on private method, 2008-05-23), edit supports
      restricted properties, so we can simplify all this and make setPassword
      a more standard accessor, ie:
       - setPassword has a security declaration, so if it is called from
        restricted python the security will apply at `__getattr__` time.
        `edit` method will also check security
       - setPassword(None) reset the password.
       - The logic to not change the password when editing in view mode is now
        `edit` responsability. ie. `login.setPassword(None)` resets, but
        `login.edit(password=None)` does not reset.
      
      This also correct some usage of the lower level API (`pw_encrypt` and
      `pw_validate`) which were never supposed to use `None`:
       - `pw_validate` was called with None when a user without password was
        trying to login, causing a TypeError that was cached by PAS and logged
        with level debug (and refusing login). Now the error is no longer raised.
       - `pw_encrypt` was called with None (but apparently only in the tests,
        when doing `user.newContent(portal_type='ERP5 Login', password=None)`)
        and this was creating a login with password `'None'` with AccessControl 2.
        With AccessControl 4 this was an Error.
      b7a60478
    • Jérome Perrin's avatar
      base: cleanup IEncryptedPassword interface and mixin · b7ce6f99
      Jérome Perrin authored
      reorder methods, make some docstrings a bit more informative and fix
      several typos
      b7ce6f99
  2. 23 Feb, 2022 2 commits
    • Vincent Pelletier's avatar
      ERP5{,Type.Core}.InteractionWorkflow: Deprecate activeScript. · a4ffa1a7
      Vincent Pelletier authored
      Replace it with a method on ERP5Type.Base so these activities get found
      by CopySupport.unindexObject and flushed, rather than remaining on the
      interaction workflow's context and failing when run.
      It seems a lot more likely for a document to be deleted while interactions
      are being spawned than an interaction workflow itself. So this should be
      a net benefit in activity stability.
      a4ffa1a7
    • Vincent Pelletier's avatar
      ERP5TypeFunctionalTestCase: Improve initial login realism. · 95db27a8
      Vincent Pelletier authored
      This currently only works because CookieCrumbler reacts on *all* urls which
      contain the magic login & password fields. But the POST request body lacks
      any value from submit fields, which bypasses the "logged-in" scripts, which
      is harmless with current code but lack realism.
      95db27a8
  3. 22 Feb, 2022 1 commit
  4. 21 Feb, 2022 13 commits
    • Gabriel Monnerat's avatar
      erp5_ingestion: Use script and type based method to add or not published state · 661a3bfe
      Gabriel Monnerat authored
      The initial idea was that publishing documents is something really exceptional, the "attach document" normal use case is typically use cases like attaching a PDF invoice to an invoice document in accounting, ie. most of the time it's with sensitive information that we don't want users to be mistakenly publish on the internet just because they selected a wrong value in the field.
      
      Now we have a project with use cases where the attached documents needs to be published, we did not change our mind that publishing an attached document is an exceptional case, but we want to make it possible to configure so that in certain contexts, publishing documents is possible.
      
      So we reuse the existing configuration by type based method idea and when the getPreferredAttachedDocumentPublicationState returns "published" we make it possible to publish by default.
      661a3bfe
    • Jérome Perrin's avatar
      SecurityTestCase: fix username / user_id confusion · 9371393b
      Jérome Perrin authored
      Theses methods have always been using user_id, but where written at
      a time where there was not such disctinction
      9371393b
    • Jérome Perrin's avatar
      SecurityTestCase: minor simplifications · 913e0ba7
      Jérome Perrin authored
      913e0ba7
    • Jérome Perrin's avatar
      SecurityTestCase: update assertion failure message for new workflow API · 08f88c59
      Jérome Perrin authored
      This test case tries to provide message helpful for debugging in case
      of assertion failure for assertUserCanPassWorkflowTransition, but
      this was not correctly using new workflow API and in case of failure
      there was an error like this:
      
        File ".../custom/test.py"
          self.assertUserCanPassWorkflowTransition(user, 'stop_action', packing_list)
        File "product/ERP5Type/tests/SecurityTestCase.py", line 237, in failUnlessUserCanPassWorkflowTransition
          if wf_transition.trigger_type == TRIGGER_USER_ACTION:
      AttributeError: 'NoneType' object has no attribute 'trigger_type'
      
      The previous implementation was using getGuardSummary, which no
      longer exist in new workflow, so we implement similar logic here.
      
      The new message changes a bit, it now look like this:
      
          AssertionError: User X can NOT pass stop_action transition on Internal Packing List at /erp5/internal_packing_list_module/20220218-22A38 (draft on delivery_causality_workflow, draft on internal_packing_list_notification_workflow, started on packing_list_workflow).
           Roles: [Owner, Member, Authenticated, Associate]
           Available transitions:
                    deliver_action[packing_list_workflow]
                          Expression:
                          Permissions:
                          Groups:
                  * stop_action[packing_list_workflow]
                          Expression: python: not(state_change['object'].getPortalType() == "Sale Packing List" and state_change['object'].getSimulationState() == "confirmed")
                          Permissions:
                          Groups:
      08f88c59
    • Jérome Perrin's avatar
      SecurityTestCase: type annotations · eacea55f
      Jérome Perrin authored
      eacea55f
    • Jérome Perrin's avatar
      tests: fix counting selenium failures · 20408c24
      Jérome Perrin authored
      1b1dbf60 (tests: also consider python unittest failures in
      functional tests, 2021-06-16) was not counting properly the cases
      where we have selenium failures. In that case we only want to count
      selenium failures, if we add with the python failures from
      status_dict, we report one extra failures.
      
      The correct approach is to count selenium failures if any and otherwise
      count python failures
      Co-authored-by: Vincent Pelletier's avatarVincent Pelletier <vincent@nexedi.com>
      20408c24
    • Vincent Pelletier's avatar
    • Vincent Pelletier's avatar
    • Vincent Pelletier's avatar
      testOfficeJSSDKConfigurator: Get core business template list from portal. · c87a57b1
      Vincent Pelletier authored
      Avoids duplicating items from that list.
      c87a57b1
    • Vincent Pelletier's avatar
      Base_getUpgradeBusinessTemplateList: Include core business templates. · 92684364
      Vincent Pelletier authored
      Both so that changes to the list of core business templates are applied on
      upgrade, and to avoid uninstalling core business templates, if no other
      maintained-up-to-date business templates depend on them.
      Also, improve the documentation of the erp5_upgrader version of this
      script.
      92684364
    • Vincent Pelletier's avatar
      Products.ERP5.ERP5Site: Declare getCoreBusinessTemplateList public. · abb6a210
      Vincent Pelletier authored
      But make it non-publishable.
      abb6a210
    • Vincent Pelletier's avatar
      erp5_configurator: Refactor PortalTypeConfiguratorItem. · 63b1b1ac
      Vincent Pelletier authored
      The main reason is to use portal type setters, and not set the properties
      directly: setting the properties directly bypasses interactions which
      trigger type refresh, which hence prevents such changes from being applied
      to the types until something else would cause a reload.
      While at it:
      - modify the property sheet list once only instead of once per added
        property sheet
      - only modify the property sheet list when fixit is true
      - improve constraint message to actually tell what is being detected
      - do not report a constraint error when no change is necessary
      - follow naming conventions: avoid abbreviations, variables holding
        documents must end in "_value"
      - avoid single-use local variables
      63b1b1ac
    • Vincent Pelletier's avatar
      Revert "Products.CMFActivity.ActivityTool: Remove dependency on portal_catalog owner." · d2821caa
      Vincent Pelletier authored
      This reverts commit 77b3f202.
      For some obscure reason, this affects unit tests related to inventory
      unit conversion. There seems to be too much code to cleanup to keep this
      patch for now, so drop it.
      d2821caa
  5. 18 Feb, 2022 2 commits
  6. 17 Feb, 2022 7 commits
  7. 16 Feb, 2022 9 commits