As already documented in this code, unrestrictedTraverse provides a flat dict
as "request" argument. PAS plugins cannot work with such fake request, so
such _extractUserIds call will not succeed in authenticating the user, and instead
produces (suppressed) exceptions within PAS.
As a result, neither codepaths can be followed:
- PAS cannot find any user, hence "if len(user_list) > 0:" is false
- the "else" codepath starts with "request._auth", which obviously raises when
  request is a dict
So, reorder the code so that the nature of the request is checked before
either codepath is entered, skipping the bulk of this code and avoiding calling
into PAS.

The default soft limit of open file descriptors is usually set to 1024
in order to avoid breaking old software which still uses select. In many
projects we may need a higher limit: particularly in Wendelin based
projects we easily reach this limit. Before this patch it was therefore
necessary to either patch ERP5 in the project specific SR or to manually
increase the limit of the zope processes (or the parent supervisor) with
a tool like prlimit [1]. With this patch it becomes possible to increase the
soft limit to the hard limit with a command line argument of the zopewsgi bin.
This simplifies setting the soft limit for any Wendelin project.

[1] https://man7.org/linux/man-pages/man1/prlimit.1.html

/reviewed-by @vpelletier, @jerome
/reviewed-on !1827

test_suite and tests_require are for the deprecated `setup.py test`
command that we no longer use.

During initial install in most cases we just want to install everything,
showing the listbox to choose install options is not necessary. The
problem is that this listbox is really big when installing multiple
business templates.

This introduces a "detailed install" checkbox, that is unchecked by
default, to make it possible to show the list to choose from anyway.

so that we can view in inline with firefox for Zelenium tests

This was applied manually on http://www.erp5.org/dists/snapshot/test_bt5

See merge request !1830

See merge request !1826

- randomize flag scores and weights
- limit drone message size
- new rule: extra score point for drones that returned to base
- refactor x-y-z / lat-lon-alt method/properies to be consistent
- update api doc

A typical problem which prevents grouping is that the line is used in an
internal invoice and while all the conditions for grouping seems OK for
one side, they are not OK for the other side, because the accounts are
different from the mirror side. By showing the mirror account it should
be a bit easier for users to figure out what is wrong.

FCK Editor is old name

https://ckeditor.com/old/forums/CKEditor-3.x/Should-FCKeditor-change-its-name

This linter is too old and no longer relevant

Note that raster image to SVG conversion no longer works without potrace.

Thanks to Jérôme for digging these resources up.

The way Zope4 logs the authenticated user is radically different from
Zope2, and makes this function useless.
So, unless when running on Zope2, do nothing when this function is called.

So that msec=1 is logged as ",001" and not as ",1".

Because if we have for example a Web Site for which default language is 'fr'
it would not get gadget Web Pages for which the language is 'en'

The scope here is to match as many documents as possible

See merge request !1824

- grid of blocks
- set of block templates
- randomization conditions
- new terrarin texture
- refine enemy drone collision
- more aggressive enemies

- drop import/export json
- API for operator script
- map utils class update
- doc api update
- all visible map parameters are geo
- allow to run twice
- fix default ai drone script distance fn
- fix flag elements position (altitude)
- better error handling

- add a new operator script editor
- update finish rules and scoring system
- refactor map parameters
- map randomization is done now by new class map utils
- update init flag info msg
- import/export script feature
- update web site CSP
- ui: activate js syntax in user script editor
- ui: styles, section titles, etc - doc api update
- fixes/refactoring
-- fix default target coordinates bug
-- control empty/invalid user scripts
-- raise an error on user script syntax error
-- fix onUpdate timestamp parameter (to integer milliseconds)
-- fix drone loiter (based on !1817/)

PDF_viewPDFJSPreview/my_data
Anyway, we are in PDF context, it can work even if content_type is not set

it can happen that getEffectiveModel does not find a model, this
is currently causing activity failures in indexation of
transformations. Tolerate errors here because this is not an error
but just a sign of invalid user data.

Due to some debug code, it never checked anything.

Spin is too much and waste cpu resource.

This is a first step to stop using "unsafe" web sections.

This updates support request app to not require `script-src: unsafe-eval` and `style-src: unsafe-inline` in the CSP.
Dropping `script-src: unsafe-eval` is made possible by using domsugar instead of handlebars for dynamic content. Dropping `style-src: unsafe-inline` by using CSS files instead of inline `style` attributes in the DOM. One minor regression is that the tooltips from the graph on the front page gadget will cause warning because of `unsafe-inline` and not render the series color.

This application was also modernized a bit, it now uses the HTML viewer gadget to display post contents and supports translation.

See merge request !1821

The use case is a listbox method being called for a document A
and returning objects that:
- aren't children of A
- but wrapped with `.__of__(A)`

By using `aq_self` instead of `aq_base`, the listbox could still
acquire from the real parent of the returned object and wrongly access
an attribute directly (e.g. comment) instead of using an appropriate
method (if there's no `comment` attribute, getComment returns '').

See merge request !1820