Co-authored-by: Kazuhiko SHIOZAKI <kazuhiko@nexedi.com>

otherwise edit is called with both (new) resource_uid and (old) resource_value.

revealed by erp5_web_renderjs_ui_test:testFunctionalRJSDeveloperMode
with PYTHONHASHSEED: 977 on py2

erp5_workflow_test:testWorkflowAndDCWorkflow PYTHONHASHSEED=872 fails
with:

    ValueError: UID mismatch for <Workflow Script at /erp5_portal_7faf002ae74ecbab0dce45c9fca0f5e1/portal_workflow/testing_erp5_interaction_workflow/script_afterValidate>

Using portal_transforms is not deterministic, because we don't have
direct chain from ods to text, so the conversion is two steps, either
ods=>html=>text or ods=>pdf=>text.

This caused problem with hash randomization, revealed by
testDeferredStyle.TestODSDeferredStyle.test_report_method_access_request
with PYTHONHASHSEED=538 on python2. When using PYTHONHASHSEED=0 , this
was using ods=>html=>text and the assertion from the test was OK, but
when using ods=>pdf=>text the test fails because the words are cut at
end of line.

use a valid image in testERP5ImageProcessor, this test evolved and
became a test for ERP5 behavior with broken images.

This indirectly solves a failure with testERP5ImageProcessor
and PYTHONHASHSEED: 805

  Remove forbidden properties when retrieve the properties from the schema.

      - template and options isn't  part of json schema spec, so it isn't possible to use this feature globally.
      - template also could be used to call callbacks, so despite we block unsafe-eval, it still better remove it.
      - both were removed because it can lead to parameter injection, where by saving the form w/o editing anything, it changes the parameters, it adds non-visible values, which can up to some extend be a security risk.

   Update the description to display the "default" value as a hint, if it was provided into the schema.

constructs like `portal_catalog(title=d.keys())` were allowed on
python2, we can allow them on python3 as well.

With some combinations of worklists using two additional security_uid
columns coming from local role groups, some documents might be excluded
from worklists, without the fix, when running with a random
PYTHONHASHSEED, the test can fail with:

    FAIL: test_worklist_exclusionlist_collision (erp5.component.test.erp5_version.testERP5CatalogSecurityUidOptimization.TestSecurityUidOptimizationWorklist)
    ----------------------------------------------------------------------
    Traceback (most recent call last):
      File "<portal_components/test.erp5.testERP5CatalogSecurityUidOptimization>", line 370, in test_worklist_exclusionlist_collision
        'security_uid_or_alternate_security_uid_draft': 1,
      File "<portal_components/test.erp5.testERP5CatalogSecurityUidOptimization>", line 213, in assertWorklistCount
        expected_count_by_worklist_id,
    AssertionError: {'security_uid_or_alternate_security_uid_draft': 1} != {'collision_worklist': 1, 'security_uid_or_alternate_security_uid_draft': 1}
    - {'security_uid_or_alternate_security_uid_draft': 1}
    + {'collision_worklist': 1, 'security_uid_or_alternate_security_uid_draft': 1}
    ?  +++++++++++++++++++++++++

What happens in sumCatalogResultByWorklist is something like this:

    (Pdb) pp criterion_dict
    {'alternate_security_uid': <ExclusionList [11, 14]>,
     'other_security_uid': frozenset([13L]),
     'portal_type': frozenset(['Person']),
     'validation_state': frozenset(['draft'])}

    (Pdb) pp catalog_result.dictionaries()
    [{'alternate_security_uid': 12,
      'count': Decimal('1'),
      'other_security_uid': 13,
      'portal_type': 'Person',
      'validation_state': 'draft'}]

Depending on the worklists grouped together in grouped_worklist_dict and
the order this dict is iterated, we may reach a situation where
criterion_id_list contains 'alternate_security_uid', because for another
worklist it was not an ExclusionList but a list to be applied, in this
case, this if condition is false:

        for criterion_id in criterion_id_list:
          criterion_value_set = criterion_dict[criterion_id]
          if result_line[criterion_id] not in criterion_value_set:
            is_candidate = False

and the row is not counted in collision_worklist worklist.
Co-authored-by: Jérome Perrin <jerome@nexedi.com>

These are printed like a normal list, so it's a bit hard to figure out
if they are supposed to be excluded when debugging

This refactors security_uid_innodb_catalog test to have the config in a
test business template and include a workflow with some worklists.

This also depends on erp5_worklist_sql, to test worklists when a
combination of erp5_security_uid_innodb_catalog and erp5_worklist_sql
are enabled, which a common situation.

Otherwise we get an error when just adding a worklist

   This business template introduces a way to adjust mariadb and data.fs after restore from backup. In the occasion that the backups are unsync (which is normal) it helps to push both on sync instead of fully reindex the site.

   Select sets "1" and "" as values

    The select must display the value regardless if it is the proper type or not, so we patch setValue to include the value even it is not present on enum (instead drop the value).
    Typecast patch was extended to not modify the data only convert to proper type if possible, otherwise, keep the wrong value.

    The goal is allow the user see the wrong value with the error message.

anyway, what happened is stored in the HTTP Exchange

this BT is to hold code and configuration related to the
Interface with DQE data quality services

  The administrator can enable it back clicking in a button,
  this can prevent massive email sending from unattended sites (development for example)
  related to test failures or average development