1. 14 Mar, 2022 1 commit
  2. 11 Mar, 2022 2 commits
  3. 10 Mar, 2022 5 commits
    • Vincent Pelletier's avatar
      CMFActivity.Activity.SQLBase: Factorise validation processing_node threshold · c629ee70
      Vincent Pelletier authored
      Avoid repeating processing_node condition for every single activity
      whose serialization_tag dependency is being checked. This reduces the
      length and execution complexity of produced SQL.
      c629ee70
    • Jérome Perrin's avatar
      Stop including empty items in dialog multilistfields · 9fc690ed
      Jérome Perrin authored
      The meaning of empty items for **multi** list fields for categories is
      not clear for dialogs (if user does not want to apply any filter, then
      the natural way would be to select nothing).
      
      This also caused issues with category fields, when the action script
      uses restrictedTraverse to get the uids corresponding to the category
      but a path is empty, like for example in 
      https://lab.nexedi.com/nexedi/erp5/blob/d51bb0413a806b3db0c5eb69dec06065b9601322/bt5/erp5_accounting/SkinTemplateItem/portal_skins/erp5_accounting/AccountModule_getTrialBalanceReportSectionList.py#L40-48
      
      which does this:
      
      ```python
      # optional GAP filter
      node_uid = []
      gap_uid_list = []
      for gap in request.get('gap_list', ()):
        gap_uid_list.append(portal.portal_categories.gap.restrictedTraverse(gap).getUid())
      if gap_uid_list:
        node_uid = [x.uid for x in portal.portal_catalog(
                                         portal_type='Account',
                                         default_gap_uid=gap_uid_list)] or -1
      ```
      
      If an empty item is selected, then `gap_uid_list` will contain an entry for 
      `portal.portal_categories.gap.restrictedTraverse('').getUid()` which will be the
      uid of the gap base category. Searching with a base category uid nowadays does not
      match any document, but before 95e3eaec (CMFCategory: Do not index any Base Category
      as a related document., 2016-12-21), it was matching all documents having a relation
      from this base category and in the case of this trial balance report it was matching all
      accounts.
      
      This was a problem for old instances with accounts created before 95e3eaec, because when
      they were first indexed, they had the record in category table, so they were matched, but
      once they get re-indexed, they no longer had the record, so the result of this report when
      selecting the empty item became different, because accounts were no longer included.
      
      Looking back at this, maybe when updating to get 95e3eaec, we should have ran a migration
      to delete all these records (re-indexing every document in the background should be enough)
      so that if there's a problem, the problem happens right now and not after a few months
      after accounts are modified and re-indexed.
      
      When looking at this from end user level, theses empty items not only cause this problem,
      but also does not have a clear behaviour and are not needed, so the changes here are about
      removing these empty items.
      
      In accounting reports, there was a multi listfield showing all gap categories, "grouped" by
      chart of account - but the name of the chart of account was not displayed. This change to
      use a None item, which is rendered as disabled to display the chart of account name, but to
      do this we had to fix a bug in Formulator, these disabled items were only working properly
      for single item widgets, not multiple items widgets.
      
      See merge request nexedi/erp5!1572
      9fc690ed
    • Jérome Perrin's avatar
      Fix logins not published · 7b3839a5
      Jérome Perrin authored
      This addresses a regression from !1561 changing the class hierarchy caused Login to loose its docstring and became no longer publishable.
      
      This was problematic because it was not detected by the test suite, so HTML test is changed to use zope publication instead of calling the view on the context.
      
      Another notable point is that this behaves differently in ERP5JS, the Logins were still visible in ERP5JS. Because we don't actually rely on "no docstring on the class" to prevent publication, this is not changed.
      
      See merge request !1571
      7b3839a5
    • Jérome Perrin's avatar
      corporate_identity: fix markup in table of content · 1a5c5ace
      Jérome Perrin authored
      There was opening and closing tags mismatch:
          <div><a href="#references1_anchor">References</div></a>
      1a5c5ace
    • Jérome Perrin's avatar
      Localizer: drop support for dtml-gettext tag · ba8750a2
      Jérome Perrin authored
      This seems to be used only in Localizer's ZMI. This is not compatible
      with newer version of DocumentTemplate, but because we don't use, it's
      better to remove the functionality
      ba8750a2
  4. 08 Mar, 2022 8 commits
  5. 07 Mar, 2022 7 commits
  6. 03 Mar, 2022 4 commits
  7. 02 Mar, 2022 1 commit
  8. 28 Feb, 2022 2 commits
  9. 24 Feb, 2022 10 commits
    • Xiaowu Zhang's avatar
      2d0c1169
    • Vincent Pelletier's avatar
    • Vincent Pelletier's avatar
      erp5_core_test testERP5Catalog: Do not compare creation_date with modificatoin_date · c06e2069
      Vincent Pelletier authored
      Creation date is defined as the oldest date of any workflow history on the
      considered document.
      Modification date is defined as the newest date of any workflow history
      on the considered document.
      As soon as there is more than one workflow on a given document, these
      values can differ: they are set with the wall-clock time at the moment
      the workflow history of each workflow is initially filled, so one can land
      just before a second change and the other right after.
      So comparing them is meaningless, catalog or not, and just causes this test
      to be unstable.
      c06e2069
    • Jérome Perrin's avatar
      configurator: create account matching constraint · f14403d5
      Jérome Perrin authored
      Because we want to check consistency on all documents created by
      configurator, we also need documents created during the test to be
      consistent (or deleted)
      f14403d5
    • Jérome Perrin's avatar
      *: fix trade phase duplication in erp5_simulation_test and erp5_configurator_standard_categories · 416c6212
      Jérome Perrin authored
      We had trade phase duplication:
       - `trade_phase/default/*` were provided by erp5_simulation_test
       - `trade_phase/trade/*` are provided by erp5_configurator_standard_categories
      
      so the former was only for testing and the later were actually used in
      instance configured by configurator.
      
      But in some paths from configurator_standard_*template, which are also
      used on configurated instances, were using trade_phase/default (the one
      from test). Some rules were referencing these categories, but apparenlty
      not using them.
      
      To fix this confusion, use trade_phase/trade/* everywhere, and install
      erp5_configurator_standard_categories where needed in tests.
      416c6212
    • Jérome Perrin's avatar
      configurator: fix some BusinessConfiguration methods · d4a9d1c3
      Jérome Perrin authored
      BusinessConfiguration have a resource category, but it's the workflow,
      it's not really a resource, so some APIs from the base Amount class are
      not available. Because they have no meaning on BusinessConfiguration
      anyway, define the broken APIs to return nothing.
      
      This fixes errors trying to use check_consistency alarm on Business
      Configurations.
      d4a9d1c3
    • Jérome Perrin's avatar
    • Jérome Perrin's avatar
      administration: Extend check_consistency alarm to check tools as well as modules · 2bc5d232
      Jérome Perrin authored
      Tools also contain documents, so it makes sense to check them as well
      2bc5d232
    • Jérome Perrin's avatar
      *knowledge_pad: fix some gadget instances properties types · 2e00d49f
      Jérome Perrin authored
      These documents were probably edited before they had correct property
      sheets, because they had local properties as incorrect type, as reported
      by PropertyTypeValidity:
      
          <ERP5Type.ConsistencyMessage for PropertyTypeValidity type_check on portal_gadgets/erp5_persons (message: Attribute gadget_type should be of type lines but is of type <type 'str'>)>
          <ERP5Type.ConsistencyMessage for PropertyTypeValidity type_check on portal_gadgets/erp5_gadget_new_sale_opportunity (message: Attribute gadget_type should be of type lines but is of type <type 'str'>)>
          <ERP5Type.ConsistencyMessage for PropertyTypeValidity type_check on portal_gadgets/erp5_gadget_contact_person (message: Attribute gadget_type should be of type lines but is of type <type 'str'>)>
      2e00d49f
    • Jérome Perrin's avatar
      ERP5Security,erp5: simplify EncryptedPasswordMixin.setPassword · b7a60478
      Jérome Perrin authored
      For historical reasons, EncryptedPasswordMixin.setPassword was public
      and did its own security checks, this was the case since 7d0882ef (
      setPassword have to do explicit security checks…, 2007-11-12), this was
      because we wanted to support cases where user can edit the login ("Edit
      portal content" permission), but not changed the password ("Set own
      password" permission).
      
      Also, we wanted to support the case where login is edited through a view
      form, in that case we have a my_password field that is empty and we
      don't want to set the password to None in that case.
      
      For these two reasons the API to set password was very complex and
      behaving differently from other accessors: usually setSomething(None)
      just set something to None, ie. "unset" something, but for passwords it
      was not the case. Also we had to introduce _forceSetPassword method,
      which sets the password without security checks, so that it can be
      called from unrestricted code for cases where user does not have the
      permission to reset password (like in the reset password scenario).
      
      Since d1312cdb ( make edit check the security remove all useless
      security declaration on private method, 2008-05-23), edit supports
      restricted properties, so we can simplify all this and make setPassword
      a more standard accessor, ie:
       - setPassword has a security declaration, so if it is called from
        restricted python the security will apply at `__getattr__` time.
        `edit` method will also check security
       - setPassword(None) reset the password.
       - The logic to not change the password when editing in view mode is now
        `edit` responsability. ie. `login.setPassword(None)` resets, but
        `login.edit(password=None)` does not reset.
      
      This also correct some usage of the lower level API (`pw_encrypt` and
      `pw_validate`) which were never supposed to use `None`:
       - `pw_validate` was called with None when a user without password was
        trying to login, causing a TypeError that was cached by PAS and logged
        with level debug (and refusing login). Now the error is no longer raised.
       - `pw_encrypt` was called with None (but apparently only in the tests,
        when doing `user.newContent(portal_type='ERP5 Login', password=None)`)
        and this was creating a login with password `'None'` with AccessControl 2.
        With AccessControl 4 this was an Error.
      b7a60478