- 01 Oct, 2017 2 commits
-
-
Gabriel Monnerat authored
-
Gabriel Monnerat authored
erp5_oauth_google_login: Activate google extraction plugin and add assert to check extractCredentials
-
- 28 Sep, 2017 6 commits
-
-
Gabriel Monnerat authored
-
Gabriel Monnerat authored
Google Login follow the same implementation of ERP5 Login(subobject of Person) and with an action in preferences, the user can add Google Login to his person. - A link was add to login page in ERP5 with Google Account and zocial.min.css is used to display it nicely - logout was extended to remove cookie __ac_google_hash if authentication with Google account is enabled - login_form is using ERP5Site_getAvailableOAuthLoginList to know if google login is supported or not. With this, we can extend to other oauth easily. - ERP5ExternalOauth2ExtractionPlugin don't have the responsability of create user in extraction plugin. A more apporpriate place would be a dedicated "signup using oauth" page, relying on erp5_credential for the actual user creation. - portal_oauth is used to store secret_key and client_id from Google - enable PAS plugin through upgrader
-
Boxiang Sun authored
-
Boxiang Sun authored
-
Jérome Perrin authored
When a user triggers `NotificationTool.sendMessage(recipient=user_id)` to a recipient she does not have access permission on, it now causes this problem (the caller context is a custom script with manager proxy role): ``` Module Products.ERP5.Tool.NotificationTool, line 322, in sendMessage person_value = getUserValueByUserId(person) Module Products.ERP5.Tool.NotificationTool, line 291, in getUserValueByUserId return portal.restrictedTraverse(user['path']) Module OFS.Traversable, line 317, in restrictedTraverse return self.unrestrictedTraverse(path, default, restricted=True) Module OFS.Traversable, line 251, in unrestrictedTraverse - __traceback_info__: (['redacted_person_id'], 'person_module') next = guarded_getattr(obj, name) Unauthorized: You are not allowed to access 'person_module' in this context ``` This is a regression caused by 62d8d3ac . That particular case was working before, because the person was looked up using [catalog]( https://lab.nexedi.com/nexedi/erp5/blob/882f0022c7af4f36c2f31643498ac0b5d82c2217/product/ERP5/Tool/NotificationTool.py#L321-322) so the proxy role from the caller script was taken in to account. Now, we can say that the approach suggested here is not correct and document that the current logged in user must have permission to access the person documents involved as sender or recipient in the notification. Then, if we need to send message to persons the current user does not have access permission, instead of using: ```python portal.portal_notifications.sendMessage(recipient=person.getUserId()) ``` just do: ```python portal.portal_notifications.sendMessage(recipient=person) ``` but the later does not allow for using activities. /cc @vpelletier @gabriel /reviewed-on nexedi/erp5!395
-
Vincent Pelletier authored
-
- 27 Sep, 2017 13 commits
-
-
Cédric Le Ninivin authored
-
Kazuhiko Shiozaki authored
-
Boxiang Sun authored
-
Boxiang Sun authored
-
Boxiang Sun authored
This commit contains two main changes: - Add worklist gadget to the homepage. - Remove the child's `changeState` calls in homepage. This was done by using customized `form_list_sr`. Which can let the listbox has same appearance like `form_view` but use same argument passing mechanism as `form_list`.
-
preetwinder authored
/reviewed-on nexedi/erp5!415
-
preetwinder authored
-
preetwinder authored
-
preetwinder authored
[erp5_officejs] Add cachealldocs Storage to cache allDocs call results and then service get requests with them
-
preetwinder authored
-
preetwinder authored
-
Vincent Bechu authored
Test passed : https://nexedijs.erp5.net/#/test_result_module/20170926-4163AF53 /reviewed-on !414
-
Jérome Perrin authored
We don't want users to be able to use the tool and send arbitrary notifications to other users.
-
- 26 Sep, 2017 8 commits
-
-
Vincent Bechu authored
/reviewed-on !409
-
Gabriel Monnerat authored
/cc @aurel /reviewed-on !411
-
Vincent Pelletier authored
To generate (and execute) SQL, use catalog tool.
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
Vincent Pelletier authored
-
- 25 Sep, 2017 4 commits
-
-
Vincent Bechu authored
/reviewed-on nexedi/erp5!408
-
Vincent Pelletier authored
This reverts commit 206fa603 (which was itself a revert commit), re-applying the change now that surrounding code is ready for it.
-
Vincent Pelletier authored
Ignored columns are produced when aliasing a column. For example, aliasing "catalog.reference" as "reference". Before this change, this would cause conditions on "reference" to be rendered non-mapped, which can cause SQL execution issues when there is more than one "reference" column available (catalog.reference and its alias counting as only one), which is the case when catalog-category-catalog joins happen. Instead, render all columns which could be mapped, independently from their "ignored" status. Also, use a different local variable for table aliases than for column aliases. Also, use more "return" statements, and simplify conditional structure.
-
Vincent Pelletier authored
As per Jérome, who implemented the test, it was written to test the current state rather than testing the desired outcome. And it makes little sense to have (and test for) 100 being present in both debit and credit columns ("normal" lines), and 0 to be present in the stat line. Update test to check for a more consistent outcome. Acked-by: Jérome Perrin <jerome@nexedi.com>
-
- 22 Sep, 2017 7 commits
-
-
Tomáš Peterka authored
-
Tomáš Peterka authored
-
Tomáš Peterka authored
Explicitely state which values represent empty values. Coercing to boolean is not sufficient.
-
Tomáš Peterka authored
- Remove field_json.value because that one is never send by ERP5 backend - Set comprehensive initial state and avoid sneaking state variables afterwards - Handle better NaNs which represent empty numerical value - Refactor for shorter and simpler code - Rename "percents" -> "percentage" according to coding style guidelines
-
Tomáš Peterka authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-