- 24 Oct, 2017 1 commit
-
-
Jérome Perrin authored
RSVP.Monitor no longer exist. Use the gadget's own monitor instead (not sure it is safe)
-
- 17 Oct, 2017 9 commits
-
-
Jérome Perrin authored
Not used in this test, but since it's made to be reusable in projects.
-
Jérome Perrin authored
-
Jérome Perrin authored
do not limit to the first script with errors
-
Jérome Perrin authored
It produces almost same visual result
-
Jérome Perrin authored
they may contain folder containing skins
-
Jérome Perrin authored
Don't test a skin folder twice when business template is present more than once
-
Jérome Perrin authored
-
Jérome Perrin authored
This replaces ERP5Site_checkPythonScriptsWithPyflakes that I guess nobody was using
-
Jérome Perrin authored
This reverts commit 91bb6bec. use pylint, at least here
-
- 10 Oct, 2017 2 commits
-
-
Jérome Perrin authored
Name is unchanged, but it will use Products.ERP5Type.Utils.checkPythonSourceCode which uses pylint.
-
Jérome Perrin authored
-
- 15 Sep, 2017 1 commit
-
-
Jérome Perrin authored
.. except from Draft and Submitted state. Document security should be based on group, site, function defined on document, sometimes publication section and or follow up, but the owner should only be considered in draft state. For conveniance (and compatibility), Owner is also allowed to view in Submitted state. The use case is for when a user submit a document he will not be allowed to see, for example because he made a mistake when choosing properties, user is still allowed to view the document and there's no unauthorized error. We want to allow a user to set properties before publishing a document and later, once the document is no longer draft, the security of the document will be depending on these properties. We want to prevent users to get permissions on a PDF document that would be created by interactions and they are not supposed to see. For exemple when we generate a PDF invoice and store it in document module. In this case, as the interaction runs as the user, this user will have Owner role implicitely. (cherry picked from commit 1664e541)
-
- 14 Sep, 2017 1 commit
-
-
Jérome Perrin authored
This action should only be possible if user have View History permission. erp5_data_protection relies on removing the "View History" permission to make sure users cannot see the properties before protection in the history tab. This was supported by Base_viewHistory, but not by ZODB History (cherry picked from commit d2c08463)
-
- 12 Sep, 2017 1 commit
-
-
Jérome Perrin authored
This way, guarded_getattr is used and accessor permission is applied.
-
- 02 Jun, 2017 8 commits
-
-
Jérome Perrin authored
Abort transaction, we do not need changes made by test to persist. Execute pending activities before removing persons, the pending activities might be relying on the existence of persons.
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
This changes API on a script that some projects have customized, but getActiveUserPreferecnce "should work" even with an old script not returning preferences. In that case, first call to getActiveUserPreference will create preference but not return it, but next time getActiveUserPreference is called, the preference will probably be indexed and will be returned.
-
Jérome Perrin authored
This method creates a user preference if no preference exists.
-
Jérome Perrin authored
We do not need to pre-create user preferences, especially that creating them too early creates one preferences for each person created in person module and does not allow Person_createUserPreference to create preference based on person's assignments are they are not created yet. We do not need to clear cache when deleting user logins anymore. This problem was fixed differently. Adjust tests that was relying on cache being cleared when persons ar deleted: testERP5Web.TestERP5Web.test_15_Check_LastModified_Header was never isolated from test_14. test_14 was filling Base_getWebDocumentDrivenModificationDate cache and this cache got clear when the persons where being deleted during tearDown. When removing this interaction clearing cache, we revealed this weakness. Choosen solution was to clear cache before checking response headers, to make sure we don't get something filled by a previous test.
-
- 11 May, 2017 3 commits
-
-
Jérome Perrin authored
This reverts commit f547e874.
-
Jérome Perrin authored
This reverts commit 814afaf3.
-
Jérome Perrin authored
This reverts commit 7c8082a2.
-
- 09 May, 2017 1 commit
-
-
Gabriel Monnerat authored
The interaction should also be triggered if a Calendar Exception is changed.
-
- 02 May, 2017 13 commits
-
-
Jérome Perrin authored
Especially because we do not need them in predicate table. This applies to many cell portal types.
-
Jérome Perrin authored
Especially because we do not need them in predicate table.
-
Jérome Perrin authored
Especially because we do not need them in predicate table.
-
Jérome Perrin authored
Especially because we do not need them in predicate table.
-
Jérome Perrin authored
predicate_category was already doing this correctly
-
Jérome Perrin authored
Performance is still not optimal, but should be better than before. At least it does not assume that movements will be in predicate table.
-
Jérome Perrin authored
variation_category is implemented
-
Jérome Perrin authored
-
Jérome Perrin authored
If exception happens when contacting google server, just propagate it, PAS will handle it.
-
Jérome Perrin authored
fixup! erp5_oauth_google_login: Set access_type as offline to be possible refresh token in background and automatically refreshing token was not working because of incorrect API usage
-
Jérome Perrin authored
Happens when user has a __ac_google_hash cookie but token cannot be found in token storage. In that case login wouldn't be possible anyway, but we should not pollute the logs.
-
Jérome Perrin authored
-
Jérome Perrin authored
-