- 03 Oct, 2023 1 commit
-
-
Yusei Tahara authored
-
- 02 Oct, 2023 4 commits
-
-
Roque authored
See merge request nexedi/erp5!1824
-
Roque authored
- grid of blocks - set of block templates - randomization conditions - new terrarin texture - refine enemy drone collision - more aggressive enemies
-
Roque authored
- drop import/export json - API for operator script - map utils class update - doc api update - all visible map parameters are geo - allow to run twice - fix default ai drone script distance fn - fix flag elements position (altitude) - better error handling
-
Roque authored
- add a new operator script editor - update finish rules and scoring system - refactor map parameters - map randomization is done now by new class map utils - update init flag info msg - import/export script feature - update web site CSP - ui: activate js syntax in user script editor - ui: styles, section titles, etc - doc api update - fixes/refactoring -- fix default target coordinates bug -- control empty/invalid user scripts -- raise an error on user script syntax error -- fix onUpdate timestamp parameter (to integer milliseconds) -- fix drone loiter (based on nexedi/erp5!1817/)
-
- 29 Sep, 2023 1 commit
-
-
Yusei Tahara authored
-
- 28 Sep, 2023 2 commits
-
-
Jérome Perrin authored
-
Georgios Dagkakis authored
PDF_viewPDFJSPreview/my_data Anyway, we are in PDF context, it can work even if content_type is not set
-
- 27 Sep, 2023 1 commit
-
-
Georgios Dagkakis authored
-
- 19 Sep, 2023 2 commits
-
-
Jérome Perrin authored
it can happen that getEffectiveModel does not find a model, this is currently causing activity failures in indexation of transformations. Tolerate errors here because this is not an error but just a sign of invalid user data.
-
Jérome Perrin authored
-
- 14 Sep, 2023 2 commits
-
-
Julien Muchembled authored
Due to some debug code, it never checked anything.
-
Yusei Tahara authored
Spin is too much and waste cpu resource.
-
- 12 Sep, 2023 1 commit
-
-
Jérome Perrin authored
This is a first step to stop using "unsafe" web sections. This updates support request app to not require `script-src: unsafe-eval` and `style-src: unsafe-inline` in the CSP. Dropping `script-src: unsafe-eval` is made possible by using domsugar instead of handlebars for dynamic content. Dropping `style-src: unsafe-inline` by using CSS files instead of inline `style` attributes in the DOM. One minor regression is that the tooltips from the graph on the front page gadget will cause warning because of `unsafe-inline` and not render the series color. This application was also modernized a bit, it now uses the HTML viewer gadget to display post contents and supports translation. See merge request nexedi/erp5!1821
-
- 11 Sep, 2023 3 commits
-
-
Julien Muchembled authored
The use case is a listbox method being called for a document A and returning objects that: - aren't children of A - but wrapped with `.__of__(A)` By using `aq_self` instead of `aq_base`, the listbox could still acquire from the real parent of the returned object and wrongly access an attribute directly (e.g. comment) instead of using an appropriate method (if there's no `comment` attribute, getComment returns ''). See merge request nexedi/erp5!1820
-
Julien Muchembled authored
-
Julien Muchembled authored
The purpose is to be able to use the amount generator during indexation. At some point, it executes: if amount.getQuantityUnit(): ... for x in property_dict.iteritems(): amount._setProperty(*x) where `amount.getQuantityUnit()` may getResource before it is set. Any further access to the resource category would be wrong. There may be a way to only change the amount generator but this kind of pitfall is likely to happen in many other places if we keep such a read-only transaction cache for new or temp objects. See merge request !1818
-
- 08 Sep, 2023 8 commits
-
-
Georgios Dagkakis authored
See merge request !1819
-
Jérome Perrin authored
- switch to programmatic creation of DOM element using domsugar instead of using handlebars which needs CSP - use gadget_html_viewer to display post contents - more translation support
-
Jérome Perrin authored
To work 100% this needs "style-src: unsafe-inline" in the CSP, without this the popup on hover does not show the series color - which in our case is better than using the CSP. also drop obsolete appcache, browsers no longer use this. reference: https://github.com/apache/echarts/issues/16610
-
Gabriel Monnerat authored
-
Jérome Perrin authored
it was same as testSupportRequestPanelTranslation, but with less assertion, probably I made a mistake in renaming
-
Jérome Perrin authored
Using "Number" was not good for translations and maybe not so good in english either.
-
Jérome Perrin authored
Using verifyImageMatchSnapshot with 20 is sometimes not enough to detect some significant differences
-
Jérome Perrin authored
these are not used anymore
-
- 07 Sep, 2023 4 commits
-
-
Georgios Dagkakis authored
to new suite, renderjs_ui_autocomplete_attribute_suite
-
Georgios Dagkakis authored
to test the autocomplete attr of fields
-
Vincent Pelletier authored
Base_callDialogMethod may not provide REQUEST nor RESPONSE, and may provide other arguments. Make the former optional, ignore the latter, and fallback on RequestContainer's magic when REQUEST is None.
-
Yusei Tahara authored
<dtml-sqlvar "None" type=nb> should be 'null'.
-
- 06 Sep, 2023 4 commits
-
-
Georgios Dagkakis authored
-
Georgios Dagkakis authored
-
Georgios Dagkakis authored
For TextWidget, PasswordWidget and ListWidget only To define the autocomplete HTML attribute of the field
-
Jérome Perrin authored
Fixes `Uncaught Error: Language id "vs.editor.nullLanguage" is not configured nor known` errors with html using script type handlebars
-
- 04 Sep, 2023 7 commits
-
-
Vincent Pelletier authored
During the response process (especially setBody), HTTPResponse accesses and updates some response headers in its "headers" property (a dictionary). addHeader puts the response headers in a list which will not be updated by HTTPResponse. This is "more correct" from an RFC perspective, as any header specified as being a sequence of values delimited by commas may be split among multiple headers. So, keep using addHeader by default, but special-case some headers which are accessed and must be successfully updated by HTTPResponse itself so that those headers are set using setHeader, which updates the "headers" property.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
For better compatibility, as not all templates may be reconfigured to post in application/x-www-form-urlencoded. Also, tolerate a missing Content-Type request header, treating as an unhandler type instead of raising a KeyError exception.
-
Vincent Pelletier authored
Fernet tokens are urlsafe-base64-encoded, so re-encoding them is useless. This change breaks compabitility with what should be a transient login state (lasting as long as the login form is opened in any browser). So the consequence is that a user failing to authenticate will be redirected to a safe location (ex: the website's home page) instead of getting to the login form again. This should not be worth either a systematic double-decrypting (which could lead to harder to debug decryption errors) or some heuristic trying to guess if the value is in fact double-encoded.
-
Vincent Pelletier authored
For simplicity and readability.
-
Vincent Pelletier authored
When there is no enabled extractor plugin, PAS internally uses the DumbHTTPExtractor class. When installing the OAuth2 resource server plugin, it activates itself as an extractor, disabling this default mechanism. This is most likely unexpected to the admin, so in such situation create & enable the ERP5 plugin which inherits from DumbHTTPExtractor, to preserve basic authentiation. If such plugin exists but is disabled, assume the admin forgot to enable it, and do it for them. If any extraction plugin is already enabled, do nothing new.
-
Jérome Perrin authored
`state_var` is now a compatibility alias calling getStateVariable, which has a default value of `simulation_state`. As a result, this script was attempting to call getSimulationStateTranslatedTitle on credential requests, because they have an interaction workflow in their chain. This fixes by implementing the full logic using new ERP5 workflow API.
-