Because this was broken, we took the liberty to introduce a breaking
change to fix naming, now type based scripts are *_getUserValue and must
return a user document, with a getUserId method returning the user id.

Make this plugin also an IAuthenticationPlugin which does all the job of
returning the user id.
It does not really make sense to delegate this to default authenticator.
A side effect is that token can still authenticate users with no
assignments, since tokens are scriptable, if this is a requirement, it
can be implemented in scripts.

also update test:

 - plugin must be enabled for IAuthenticationPlugin
 - check complete authentication sequence, not just extraction
 - update scripts to new names
 - simplify transaction management
 - don't set self.person, it was not used anywhere
 - update _createPerson to reindex, as said in docstring
 - merge all tests in on test component

benefit is very small and unusable for user

1f254aa7

This is called when checking access permission on objects, which happens
very often. CachingMethod has a hit cost which is too high for this use.
Instead, generate this method as part of the portal type class, removing
all call-time logic.

It is superseded by __self__, which (where applicable) prevents
acquisition and getattr-based traversal, improving performance.
Patch AccessControl.users.BasicUser._check_context to extend this change
to zope code (and simplify it in the process).
Also, make __ac_local_roles__ accesses consistent with other places in
our own code as well as in PAS & AccessControl.

getRoles is called a lot (on every restricted access, so hundreds of times
per transaction), it is definitely not the right place to do extra
computation, especially when their result does not change from one call
to the next (configuration should only change on process restart, so not
during a transaction - and even if it someday did, it should be fine to
wait for next transaction for it to take effect).
Instead, do the extra work when creating the user (typically once per
transaction).
Also, modernise python syntax (simplifications & style).
Also, reduce code duplication from ERP5Security.ERP5UserFactory.

Simplifies callers, as they then do not have to test for None.
Also, use sort(key=...), which removes the need for internal 2-tuple
wrapping & unwrapping of all result entries.
Also, coding style (helps line-based profiling readability) & better
naming.

Include worklist parameter generation in the scope of existing cache.
Otherwise, it will be generated in pure loss if it is followed by a cache
hit. Most of WorkflowTool change is just indentation change.

Also, do some minor optimisations/simplifications in patchess.DCWorkflow.
Some comments:
- Guard_checkWithoutRoles return value is evaluated as a boolean, so no
  need to cast to int before returning based on boolean evaluation...
- DCWorkflowDefinition.worklists is always true, even when empty.
- Listing portal types per workflow requires checking all workflows, so
  build the whole mapping and cache it instead of caching for each workflow
  type individually (many more cache hits, fewer redundant computations)
- getVarMatch is expensive just for a fallback and a wrap, bypass it to
  reduce redundant work.

Backward-compatibility path does not need to be fast. Optimise for sane
folders.

This improves performance when unset protected properties are being
accessed.

In contrary to the ParentDeliveryPropertyMovementGroup for property, it has
never actually checked the parent Delivery but the current one.

This also avoids KeyError exceptions when Activities have already been processed
in the meantime.

These extensions does not seem to be used.

/reviewed-on nexedi/erp5!845

Test was never ending processing activities:

```
2019-03-11T03:09:20 WARNING CMFActivity invalid after_path_and_method_id value: ('/erp5/organisation_module/2', 'immediateRecusriveReindexObject', 'immediateReindexObject')
Traceback (most recent call last):
  File "product/CMFActivity/Activity/SQLBase.py", line 319, in getValidationSQL
    validate_list.append(' AND '.join(method(v, quote)))
  File "product/CMFActivity/Activity/SQLBase.py", line 345, in _validate_after_path_and_method_id
    path, method_id = value
ValueError: too many values to unpack
2019-03-11T03:09:20 WARNING CMFActivity invalid after_path_and_method_id value: ('/erp5/organisation_module/2', 'immediateRecusriveReindexObject', 'immediateReindexObject')
Traceback (most recent call last):
  File "product/CMFActivity/Activity/SQLBase.py", line 319, in getValidationSQL
    validate_list.append(' AND '.join(method(v, quote)))
  File "product/CMFActivity/Activity/SQLBase.py", line 345, in _validate_after_path_and_method_id
    path, method_id = value
ValueError: too many values to unpack
2019-03-11T03:09:20 WARNING CMFActivity invalid after_path_and_method_id value: ('/erp5/organisation_module/2', 'immediateRecusriveReindexObject', 'immediateReindexObject')
Traceback (most recent call last):
  File "product/CMFActivity/Activity/SQLBase.py", line 319, in getValidationSQL
    validate_list.append(' AND '.join(method(v, quote)))
  File "product/CMFActivity/Activity/SQLBase.py", line 345, in _validate_after_path_and_method_id
    path, method_id = value
ValueError: too many values to unpack
2019-03-11T03:09:20 ERROR CMFActivity message uid 7256619472683296857L has a circular dependency
 ```

Fix this failing test by using the proper `after_path_and_method_id` syntax and also some other small changes to make the test fail earlier in case of problems.

/reviewed-on nexedi/erp5!844

erp5_ui_long is too long for user to use fast input for the following scenario:
1. user create purchase order
2. user use fast input to enter product with reference 324214(a missing product)
3. user type 324214 in fast input, it found nothing in Product or Service
4. then user create such product 324214
5. then user go back to purchase order and type again 324214
since previous result is still cached for one hour and user still can't find it.

in one hour, user is not available to add such product

The fixes a missing rename in
commit cee3e728.

Check that global and local roles (which are not supposed to be used) actually
do not affect permissions.

For consistency with ERP5TypeTestCase.tic for server side unit test, use
timeShift to simulate a progress in time so that activities scheduled
for executation at a later time ( using activate(at_date=...) ) are
executed.

Otherwise in the worst case we sleep for 1000 seconds.

verify* style assertion continue test execution, whereas assert* mark test as failed.
If something went wrong, better to exit early.

Update relation field input value only on demand,
changing the state of a relation_input gadget with value_text = ""
now updates the field.

You can reproduce by doing :
- open an object in tab "View" with a relation field (eg my_successor_title) filled
- open a new tab, and edit the field to make it empty
- from the first tab, refresh the view by click on the left panel "View" tab
- the relation field should be emptied.

Prevent "cannot read property of undefined" errors on the JS side.

Follow nexedi/erp5@1664e541

This is not a notebook (as it does not provide a "live" editing functionnality).

It is only used to trigger the calculation and view the result.

Except for the JSMD format, this code is not related to iodide.

Python plugins are not supported for now.

This is unreadable

Allow to query the catalog with the group_by parameter.

Better have no highlight than incorrect one

This is much more convenient to understand stock value at a given point in time

As leaving close_fds=False can result in subtle bugs (see
http://zderadicka.eu/subtle-evil-of-close_fds-parameter-in-subprocess-popen/ )
close descriptors before launching anything with ProcessManager, especially
useful for starting things like supervisord.

/reviewed-on nexedi/erp5!841

    
This solves the race condition that leaves stdout as a StringIO when
this is executed twice in parrallel ( #20180928-1D89375 )

But this prints
  No config file found, using default configuration
on sys.stderr at every execution, but that's acceptable.

Once we update pylint, we can disable this warning by setting
verbose=false ( this is not yet available on pylint 1.4.4 )

/reviewed-on nexedi/erp5!758

supervirord when stopping might need several seconds to kill
properly sub processes. So give him some time before killing
more brutaly with killall.

This should solve issue with functional tests are not working
due to apache not starting. Apache when killed to brutally
let unclosed semaphore, and after some time, we have too many
semaphore to start new apache, making functional tests failing.