1. 19 May, 2024 1 commit
    • Jérome Perrin's avatar
      Security of tester accessors · 63dcec59
      Jérome Perrin authored
      The first commit of this merge request was introduced for zope4py3 branch but it revealed issues on py2 as well, i.e. we don't have roles in auto-generated tester methods.
      
      ```
      ======================================================================
      FAIL: test_method_protection (testSecurity.TestSecurity)
      This test will list all implicitly Public methods in any objects in ZODB.
      ----------------------------------------------------------------------
      Traceback (most recent call last):
        File "/(SR)/parts/erp5/Products/ERP5/tests/testSecurity.py", line 113, in test_method_protection
          self.fail(message)
      AssertionError: 
      The following 7 methods have a docstring but have no security assertions.
      	/(SR)/parts/erp5/product/ERP5Form/PreferenceTool.py:65 isPreferredVcsPushMode
      	/srv/slapgrid/slappart19/t/eiy/soft/8a7759fd7b65b20d9f87713605745d05/parts/erp5/product/ERP5Type/Accessor/AcquiredProperty.py:217 hasTelephoneValidationState
      	/(SR)/parts/erp5/product/ERP5Type/Accessor/Base.py:219 hasViewFormIdList
      	/(SR)/parts/erp5/product/ERP5Type/Accessor/Constant.py:94 isWebDocumentType
      	/(SR)/parts/erp5/product/ERP5Type/Accessor/Content.py:224 hasImage
      	/(SR)/parts/erp5/product/ERP5Type/Accessor/ContentProperty.py:283 hasImageWidthList
      	/(SR)/parts/erp5/product/ERP5Type/Accessor/Translation.py:233 hasFrTranslatedTitle
      
      ----------------------------------------------------------------------
      ```
      
      See merge request nexedi/erp5!1911
      63dcec59
  2. 17 May, 2024 1 commit
    • Jérome Perrin's avatar
      accounting: fix error in Journal report with lines with an acquired node · 2ca25775
      Jérome Perrin authored
      If a transaction is selected but instead of having accounts as
      source/destination on lines it acquires the organisation set as
      source/destination on the transaction, this causes an AttributeError
      getGapList when trying to use this organisation as an account.
      
      To fix this, adjust the getMovementHistoryList parameters to select only
      lines using accounts, by passing node_uid, which is O(n) on the number
      of accounts, but the number of accounts is not supposed to be too large
      and other reports also do this assumption.
      2ca25775
  3. 16 May, 2024 1 commit
  4. 15 May, 2024 3 commits
  5. 14 May, 2024 8 commits
  6. 13 May, 2024 1 commit
  7. 12 May, 2024 2 commits
  8. 10 May, 2024 1 commit
  9. 09 May, 2024 6 commits
  10. 08 May, 2024 2 commits
  11. 07 May, 2024 2 commits
  12. 30 Apr, 2024 1 commit
  13. 29 Apr, 2024 1 commit
  14. 24 Apr, 2024 1 commit
  15. 22 Apr, 2024 1 commit
  16. 16 Apr, 2024 5 commits
    • Rafael Monnerat's avatar
      More fixes for json editor · f2318991
      Rafael Monnerat authored
      See merge request !1919
      f2318991
    • Rafael Monnerat's avatar
      e17a41e5
    • Rafael Monnerat's avatar
      erp5_json_editor: Fixup const and ensureArraySize · 273c120a
      Rafael Monnerat authored
         * const is handled as enum with a single value automatically
         * patch ensureArraySize to not modify the user input, let the user safely slice by himself.
         * Reorganise patches so it is grouped by prototype
      273c120a
    • Vincent Pelletier's avatar
    • Vincent Pelletier's avatar
      Optimise security group generation performance · 354c857e
      Vincent Pelletier authored
      Improvements compared to the previous implementation:
      - avoid looking up the user document again, when the PAS plugin already did
        that job
      - make it possible to call a single script when multiple sources of groups
        are based on the same documents, avoiding iterating unnecessarily on
        those same documents multiple times
      - avoid repeating the same membership value (ex: when a user has multiple
        assignments with a common membership subset)
      - avoid resolving the same relation more than once
      - do not go from document value to relative URL only to go from relative
        URL back to document value at the next step
      - move security group id extraction to unrestricted python, as the security
        overhead was taking a large amount of time
      In a security setup with 8 scripts (all Assignment-based), 6 base
      categories, and 4 Assignments (all valid), this implementation is 10 times
      faster at producing the same group id set as the previous one.
      354c857e
  17. 15 Apr, 2024 1 commit
  18. 13 Apr, 2024 2 commits