1. 11 Jul, 2024 40 commits
    • Jérome Perrin's avatar
      test: try to explicitly stop HTTP server at the end of tests · c19c2a05
      Jérome Perrin authored
      This prevents tracebacks during shutdown:
      
        Unhandled exception in thread started by <bound method Thread.__bootstrap of <Thread(Thread-1, stopped daemon 139820471113472)>>
        Traceback (most recent call last):
          File "soft/lib/python2.7/threading.py", line 774, in __bootstrap
            self.__bootstrap_inner()
          File "soft/lib/python2.7/threading.py", line 814, in __bootstrap_inner
            (self.name, _format_exc()))
          File "soft/lib/python2.7/traceback.py", line 242, in format_exc
            return ''.join(format_exception(etype, value, tb, limit))
          File "soft/lib/python2.7/traceback.py", line 141, in format_exception
            list = list + format_tb(tb, limit)
          File "soft/lib/python2.7/traceback.py", line 76, in format_tb
            return format_list(extract_tb(tb, limit))
          File "soft/lib/python2.7/traceback.py", line 100, in extract_tb
            linecache.checkcache(filename)
        TypeError: 'NoneType' object is not callable
      
      Also rename the method because this is not longer *Z*server.
      
      This waitress close() API is not public part of API, so we still ignore
      the case where the server thread does not stop after 5 seconds. This
      happens if some HTTP connections are still open at the end of test.
      c19c2a05
    • Jérome Perrin's avatar
      Products/ZMySQLDA: ssl support · 9210e45b
      Jérome Perrin authored
      9210e45b
    • Roque's avatar
      erp5_officejs_drone_simulator: fullscreen feature · 38787e70
      Roque authored
      38787e70
    • Jérome Perrin's avatar
      PythonScript: fix Zope2 compatibility · b0575af9
      Jérome Perrin authored
      There is no zmi_icon on Zope2.
      b0575af9
    • Jérome Perrin's avatar
      82f885b7
    • Rafael Monnerat's avatar
      erp5_accounting&trade&pdm: Missing set ConstraintType on constraints · 670a3d6a
      Rafael Monnerat authored
         This is expected that constraints can call getConstraintType() if they are filtered:
      
          return context.checkConsistency(fixit=1, filter={'constraint_type': 'post_upgrade'},)
        Module Products.ERP5Type.Core.Folder, line 1476, in checkConsistency
          error_list.extend(obj.fixConsistency(filter=filter, **kw))
        Module Products.ERP5Type.Base, line 2714, in fixConsistency
          return self.checkConsistency(fixit=True, filter=filter, **kw)
        Module Products.ERP5Type.Core.Folder, line 1476, in checkConsistency
          error_list.extend(obj.fixConsistency(filter=filter, **kw))
        Module Products.ERP5Type.Base, line 2714, in fixConsistency
          return self.checkConsistency(fixit=True, filter=filter, **kw)
        Module Products.ERP5Type.Core.Folder, line 1462, in checkConsistency
          **kw
        Module Products.ERP5Type.Base, line 2686, in checkConsistency
          for constraint_instance in self._filteredConstraintList(filter):
        Module Products.ERP5Type.Base, line 2739, in _filteredConstraintList
          constraints = [x for x in constraints if x.__of__(self).getConstraintType() in \
      AttributeError: 'RequestContainer' object has no attribute 'getConstraintType'
      670a3d6a
    • Rafael Monnerat's avatar
      erp5_certificate_authority: Fix symbolic link of revogation file · 8f54fa63
      Rafael Monnerat authored
         There is a missing "r" on the link, acording to apache documentation:
      
          Additionally you have to create symbolic links named hash-value.rN. And you should always make sure this directory contains the appropriate symbolic links.
      
          See: https://httpd.apache.org/docs/2.4/mod/mod_ssl.html
      8f54fa63
    • Vincent Pelletier's avatar
      Revert "Products.CMFActivity.Activity.SQLBase: Drop "FOR UPDATE"." · acb9097f
      Vincent Pelletier authored
      This reverts commit 89aa2a6b.
      The assumption that FOR UPDATE was unnecessary is wrong: when SQLDict
      reserves similar activities, it will race against these primo-reservations.
      So this change actually opens the possibility for duplicate activity
      reservation.
      Revert this change until (hopefully) a better fix is implemented.
      acb9097f
    • Jérome Perrin's avatar
      oauth_google_login: apply a 10 seconds timeout when connecting to google server · c569620a
      Jérome Perrin authored
      In case of network problems, the http requests made to google during
      login may take too long and cause global unavailability of the ERP5
      instance.
      
      Today we saw in long request logs:
      
          2023-05-29 07:10:35,662 - Thread 140596157511424: Started on 1685336511.6; Running for 524.1 secs; Same.
      
      oauth2client does not expose an API to set a timeout, but it allows
      passing a custom http instance where we can set a timeout.
      c569620a
    • Roque's avatar
      erp5_officejs_appstore_base: fix update alarm · 48398942
      Roque authored
      48398942
    • Jérome Perrin's avatar
      BTreeFolder2: do not patch manage_delAllObjects on Zope2 · 361ee510
      Jérome Perrin authored
      On Zope2 this method does not exist and this caused a test failure
      
      ======================================================================
      FAIL: test_method_protection (testSecurity.TestSecurity)
      ----------------------------------------------------------------------
      Traceback (most recent call last):
        File "parts/erp5/Products/ERP5/tests/testSecurity.py", line 110, in test_method_protection
          self.fail(message)
      AssertionError:
      The following 1 methods have a docstring but have no security assertions.
      	parts/erp5/product/ERP5Type/patches/BTreeFolder2.py:111 manage_delAllObjects
      361ee510
    • Jérome Perrin's avatar
      zopewsgi: new --pidfile option · 5daf8a82
      Jérome Perrin authored
      To write a pid file so that logrotate can send us signals. This is
      still needed for neo storage for now.
      
      See nexedi/slapos!1395
      5daf8a82
    • Jérome Perrin's avatar
      zopewsgi: setup logging before loading ZConfig · be738eef
      Jérome Perrin authored
      Loading ZConfig will initialize storage and generally might do things
      that will cause messages to be emitted.
      One actual problem is with neo storage, which configure root logger
      when it's not already configured [1], this was causing all logged
      messages to be logged in the console when using neo storage.
      
      1: https://lab.nexedi.com/nexedi/neoppod/blob/fd87e153/neo/lib/logger.py#L63-64
      be738eef
    • Sebastien Robin's avatar
    • Yusei Tahara's avatar
      ERP5Site: Disable order support. · 16dceb8d
      Yusei Tahara authored
      It is easy to see contents ordered by id by default in ERP5Site.
      16dceb8d
    • Yusei Tahara's avatar
      BTreeFolder2: Disable manage_delAllObjects · f0b5ca56
      Yusei Tahara authored
      Protect data from human error. There are unbelievable mistakes. ERP5
      is a place to store important data that must not be deleted easily.
      f0b5ca56
    • Yusei Tahara's avatar
      erp5_core: Print indexing document id. · f7ee67ea
      Yusei Tahara authored
      f7ee67ea
    • Xiaowu Zhang's avatar
      4e047db4
    • Xiaowu Zhang's avatar
      erp5_commerce: display translated message · 8bf477be
      Xiaowu Zhang authored
      8bf477be
    • Yusei Tahara's avatar
    • Jérome Perrin's avatar
      ERP5ReportTestCase: getObject before the try/finally · f8cf9d19
      Jérome Perrin authored
      Errors in getObject (typically, unauthorized) were hidden by another
      error in finally block, because popRequest can only be called if
      pushRequest was executed before.
      f8cf9d19
    • Jérome Perrin's avatar
      SecurityTestCase: better assertion failure for transition · ff13f2d2
      Jérome Perrin authored
      The roles were missing
      ff13f2d2
    • Yusei Tahara's avatar
      graph_editor: Support translation. · cbea53c5
      Yusei Tahara authored
      cbea53c5
    • Yusei Tahara's avatar
      Reduce rare AttributeError on Skins Tool. · b8faaeba
      Yusei Tahara authored
      Thanks to Vincent Pelletier for his help on this bug fix.
      b8faaeba
    • Roque's avatar
    • Jérome Perrin's avatar
      forge: show local_role_group in TypesTool_viewRoleInformationList · b2fcde38
      Jérome Perrin authored
      also set hide_rows_on_no_search_criterion to force displaying the list
      even without search, this is a report, we we always want to see records.
      b2fcde38
    • Xiaowu Zhang's avatar
      13c3c7c9
    • Jérome Perrin's avatar
      ProcessingNodeTestCase: also setRequest in processing_node · 8577b183
      Jérome Perrin authored
      This is done on the process running test (by
      ERP5TypeTestCaseRequestConnection) and when using timerserver loop (by
      TimerServer which calls publish_module), but this was never set in
      processing_node.
      
      Before 3b874e49 (ERP5Type/tests: review requests in tests, 2023-04-19)
      getRequest could find a request anyway, because the test pached
      getRequest to find a request from the app, but after this change
      executing activities in an instance running with runUnitTest without
      test specified failed with:
      
          Module importlib, line 37, in import_module
            __import__(name)
          Module Products.ERP5Type.dynamic.component_package, line 412, in load_module
            return self.__load_module(fullname)
          Module Products.ERP5Type.dynamic.component_package, line 379, in __load_module
            erp5.component.ref_manager.add_module(module)
          Module Products.ERP5Type.dynamic.dynamic_module, line 75, in add_module
            self.add_request(get_request())
          Module Products.ERP5Type.dynamic.dynamic_module, line 53, in add_request
            self.setdefault(last_sync, (WeakSet(), set()))[0].add(request_obj)
          Module _weakrefset, line 86, in add
            self.data.add(ref(item, self._remove))
        TypeError: cannot create weak reference to 'NoneType' object
      
      ( maybe we remove processing_node and use only timerserver, these two
      methods are more or less equivalent for simple cases and timerserver is
      closer to what a "real" zope does )
      8577b183
    • Jérome Perrin's avatar
      tests: execute `addCleanup` cleanups with ZODB connection · 14622b18
      Jérome Perrin authored
      unittest executes the cleanups after `tearDown`, after the ZODB
      connection is closed, so accessing database objects cause errors.
      
      According to python unittest documentation, it is safe to call
      `doCleanups` ourselves when we need the cleanup to be executed earlier,
      this is a typical case where we want the cleanup to be called before
      closing the database connections.
      14622b18
    • Jérome Perrin's avatar
      core: "better" default columns in Base_viewRelatedObjectListBase · 6fc2a1e9
      Jérome Perrin authored
      ID is not something we like to show to users, modification date and
      validation state can be better - this assumes that most of the
      relation are made to nodes, which typically have a validation state
      and not a simulation state.
      6fc2a1e9
    • Jérome Perrin's avatar
      ERP5Type/tests: review requests in tests · 89422a6b
      Jérome Perrin authored
      The general idea of this patch is that now that we are using
      zope.globalrequest, we no longer need to patch get_request, we can
      simply call zope.globalrequest.setRequest with the request from the
      test and restore the "real" request afterwards.
      
      To achieve this, we reuse Testing.ZopeTestCase.connections.registry,
      which already has the logic of cleaning up resources in the right place
      and use a "Request" resource that calls setRequest(test_request) and
      setRequest(real_request) when closed, so that:
       - test runs with an independant request
       - this test request is closed at the end
       - the real request is restored at the end
      
      This also fixes a bug with self.publish when runnning
      ERP5TypeLiveTestCase from portal_components of a running instance,
      after a call to self.publish the current request was lost.
      
      The testing for this revealed that ERP5TypeLiveTestCase.publish way
      of dealing with zope.security interaction was not always correct: when
      running a live test inside runUnitTest (like we do here in
      testDynamicClassGeneration), there is no security interaction. This
      was reviewed to use the high level API instead of changing directly the
      internal storage.
      89422a6b
    • Jérome Perrin's avatar
      core: expose `is_source` on `MovementHistoryListBrain` · e35e45fe
      Jérome Perrin authored
      This can be useful when making a report on movements and when we list
      properties of the movements that depend on the side but are not
      directly exposed on MovementHistoryListBrain. One use case was
      `Movement_getSpecificReference`, which shows `source_reference` when
      the brain is for the source and `destination_reference` otherwise.
      
      With this new approach, instead of guessing we record the "is_source"
      information at indexing time, when we know this for sure.
      
      This also simplifies `MovementHistoryListBrain.date` and
      `MovementHistoryListBrain.mirror_date` which no longer need to guess
      the side and fix a problem that because this guessing was done using
      `movement.getSourceUid()` - which cause security errors when users can
      not access the source of the movement.
      e35e45fe
    • Jérome Perrin's avatar
      worklfow: save state permissions sorted · 7c9fa6f1
      Jérome Perrin authored
      When editing a state permission mapping the roles were not sorted,
      because WorkflowState_getPermissionMatrixContext uses a set. Sort
      before setting the attribute, to prevent useless diffs in ZODB history
      and business template.
      7c9fa6f1
    • Jérome Perrin's avatar
      stripe: use SQLQueue to prevent dropping activities · b741cf46
      Jérome Perrin authored
      default activate() behavior is to not queue the activity if another
      activity with the same path/method_id already exist. We don't want this
      here.
      b741cf46
    • Jérome Perrin's avatar
      project: don't use deprecated assignRoleToSecurityGroup · fa59da75
      Jérome Perrin authored
      We don't even use the new updateLocalRolesOnSecurityGroups instead,
      because roles are supposed to be applied by an interaction workflow.
      fa59da75
    • Jérome Perrin's avatar
      calendar: set "proxy listbox ids" on some relation fields · 67c6876a
      Jérome Perrin authored
      to make it easier to find related documents
      67c6876a
    • Jérome Perrin's avatar
    • Jérome Perrin's avatar
      accounting: use MovementHistoryListBrain.mirror_section_title directly · efc71453
      Jérome Perrin authored
      This compatibibility script was guessing the side, but this is exposed
      in brain
      efc71453
    • Nicolas Wavrant's avatar
      erp5_core: fix addToDate when removing a month · 696331ba
      Nicolas Wavrant authored
      The way addToDate was working with dates was not good, and creating
      confusion when removing 1 month from the last days of a 31-day month, as
      the previous day had less days than the current month:
      
      date = DateTime(2023, 5, 31)
      print date
      print addToDate(date, month=-1)
      > 2023/05/31 00:00:00 GMT+2
      > 2023/05/01 00:00:00 GMT+2
      
      This was even more confusing in March, with february having only 28
      days:
      
      date = DateTime(2023, 3, 31)
      print date
      print addToDate(date, month=-1)
      > 2023/03/31 00:00:00 GMT+2
      > 2023/03/03 00:00:00 GMT+2
      
      The new behavior is to, when removing a month, if the new day of the new
      month is more than the number of days in month to default to the last
      day of the month. For exemple, removing one month from 31/05 becomes
      30/04, and from there it will add/remove the days as necessary.
      
      The real issue being that removing a month is ambiguous and can mean
      a different thing for different people.
      
      For reference, the reference implementation of timedelta in python
      doesn't support adding months:
      
      https://docs.python.org/3/library/datetime.html#datetime.timedelta
      
      I hope my solution will make the more sense in ERP5's context.
      696331ba
    • Jérome Perrin's avatar
      open_api: support requests with "something" in the request path · 28a4b64f
      Jérome Perrin authored
      For zope, a request to /erp5/person_module/person1 or
      /erp5/organisation_module/person_module/person1 can both be resolved
      and are (more or less) equivalent. This change brings support for
      similar request paths for Open API Connectors.
      28a4b64f