- 07 Nov, 2022 3 commits
-
-
Gabriel Monnerat authored
-
Jérome Perrin authored
f0808ac6 (workflow: add workflow transition guard for non-user actions as well., 2015-11-18) broke some custom security configurations where doing an action on a document would modify an accounting transaction - but the user doing this action does not have access to accounting. This repairs the situation for accounting, by using the Associate role. The idea is that for such patterns where users "do something which will interact with accounting", the users also need an Associate role on accounting transaction portal types, which is in line with the meaning of Associate.
-
Jérome Perrin authored
To be consistent with slapos.core RSS and default values of fields in ERP5, where we only check the permission on the "context" document and tolerate displaying properties of context document even if accessing some properties of related documents caused an error. See also nexedi/slapos.core!433
-
- 04 Nov, 2022 2 commits
-
-
Xiaowu Zhang authored
-
Vincent Pelletier authored
This reverts commit 035d099a. Installing BTs which do not come from produt/ERP5/bootstrap breaks site creation, except in unit tests. This commit is very desirable, but not ready, so unfortunately I have to revert it.
-
- 02 Nov, 2022 1 commit
-
-
Xiaowu Zhang authored
display service stably
-
- 24 Oct, 2022 2 commits
-
-
Thomas Gambier authored
-
Jérome Perrin authored
Grouping feature checks that the sum of all selected lines == 0, which is often not the case as the values are float. For that, our approach is to round the values with the precision of the accounting currency, since these precisions are usually small (typically 0, 2 or 3), we don't have problems with rounding. Using the section currency is not just a workaround for rounding, it's also correct because we don't consider more precise amounts in accounting transaction lines. The problem with this approach was for the case where no accounting currency is set on the section organisation, in that case we did not round and this sometimes led to "grouping is impossible" errors that are hard to find for users. At this level it's better to use a default rounding precision that would make it possible to use the grouping feature even when section currency is not set.
-
- 21 Oct, 2022 3 commits
-
-
Jérome Perrin authored
Some objects, in our case BTrees.Length.Length in a ZODB connection have a __str__ method that returns unicode on python2: u'<BTrees.Length.Length object at 0x7f850932e0d0 oid 0x1e334 in <Connection at 7f854bc0f190>>' They cause an unicode error in the history view when they are concatenated together with other str (encoded as UTF-8) properties, this can be observed when using history view with a "folderish" document (but not with a File as in test_ZODBHistoryBinaryData). To prevent this issue, we use the fact that ''.format unlike '' % seem to apply a str() on arguments and use it instead. Co-authored-by: Yusei Tahara <yusei@nexedi.com>
-
Yusei Tahara authored
Some objects become unicode when %s is applied and may cause UnicodeDecodeError, thus use %r insead.
-
Yusei Tahara authored
This reverts commit 40fded3e. It is not good to mix unicode and str for UI. Use utf8 str only.
-
- 19 Oct, 2022 5 commits
-
-
Vincent Pelletier authored
-
Vincent Pelletier authored
This should detect any Business Template with non-migrated workflows. Exclude the Business Template which is precisely made to test workflow migration.
-
Vincent Pelletier authored
Migrate oauth2_session_refresh_interaction_workflow to new-style workflows. This time, the migration should be complete.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
This reverts commit e925dc0b. This commit is breaking more than it is fixing. Revert until I have a working version of this migration.
-
- 18 Oct, 2022 1 commit
-
-
Vincent Pelletier authored
Migrate oauth2_session_refresh_interaction_workflow to new-style workflows.
-
- 17 Oct, 2022 5 commits
-
-
Xiaowu Zhang authored
-
Xiaowu Zhang authored
-
Xiaowu Zhang authored
display comment by default check contributor's organisation ealier display corporate name instead of title display web site instead of default document add logo field for leaflet display value used in dialog update css
-
Yusei Tahara authored
-
Yusei Tahara authored
-
- 13 Oct, 2022 1 commit
-
-
Jérome Perrin authored
ValidationFailed is now a "real" class from Products.ERP5Type.Core.Workflow
-
- 12 Oct, 2022 1 commit
-
-
Xiaowu Zhang authored
-
- 11 Oct, 2022 1 commit
-
-
Xiaowu Zhang authored
-
- 07 Oct, 2022 2 commits
-
-
Jérome Perrin authored
See merge request !1676
-
Jérome Perrin authored
this only supported http and never supported https, probably nobody is using this and it makes porting to python3 more complicated
-
- 06 Oct, 2022 3 commits
-
-
Jérome Perrin authored
we had a patch to close <input/> elements, but with HTML5 this is no longer recommended.
-
Jérome Perrin authored
template_keep_path_list, template_keep_workflow_path_list and template_keep_last_workflow_history_only_path_list were not sorted for no reason
-
Jérome Perrin authored
The _getOrderedList approach was not ideal, because the properties were saved when being displayed, so the typical workflow was: 1. enter the property as non sorted 2. click save (property is saved as non sorted) 3. the page displays the property again as sorted 4. click save again so that the property is saved as sorted by sorting the properties at save time, step 1 is enough This change back the accessors to be "standard" accessors, ie. returning lists, like every other list accessors, so a few tests and a few scripts had to be adjusted for the new API.
-
- 05 Oct, 2022 10 commits
-
-
Romain Courteaud authored
Lazy loading img are also not loaded, which speed up page rendering.
-
Jérome Perrin authored
-
Vincent Pelletier authored
This should evolve to become a browser-side OAuth2 client.
-
Vincent Pelletier authored
So every new instance is able to use self-contained oauh2 authentication. In turn, this triggers atomated migration of a few portal types, which cause the coding style tests to fail. So commit these as well.
-
Vincent Pelletier authored
Replace CookieCrumbler's cookie with OAuth2 tokens: - add the notion of authenticated sessions: period from a login action to either a logout or the expiration of tokens - avoids session fixation (knowing one token does not grant near-permanent access to the session) - reduces the per-request cost of authentication (removes the need to compute user's groups, and the need to cache these groups for a fixed period).
-
Vincent Pelletier authored
-
Vincent Pelletier authored
Also, to reliably open login_form, log out.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-