- 08 Nov, 2024 35 commits
-
-
Romain Courteaud authored
This reverts commit 689e242c.
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Romain Courteaud authored
Prevent generating wrong urls for now
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Romain Courteaud authored
romain_dev: forum romain_dev: forum use html viewer romain_dev: forum improve post rendering romain_dev: thread reader use page language inqtead of local romain_dev: forum set expected link on the listbox cells romain_dev: thread fixup romain_dev: thread use line separator instead of background color romain_dev: thread paginate romain_dev: forum link to last page romain_dev: thread simplify conf from erp5form romain_dev: forum attachment romain_dev: thread force white background
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Romain Courteaud authored
This reverts commit e50d05af.
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Romain Courteaud authored
Do not access form submission REQUEST from the listbox list method, as it is rendered asynchronously in ERP5JS
-
Romain Courteaud authored
-
Romain Courteaud authored
Allow edition in the new UI
-
Romain Courteaud authored
-
Romain Courteaud authored
This make everything slow as hell and prevent to quickly save.
-
Romain Courteaud authored
Example: <h2 class="foo">bar</h2> => <h3 class="foo">bar</h3>
-
Romain Courteaud authored
-
Romain Courteaud authored
erp5_web_renderjs_ui: keep previous focus color
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Romain Courteaud authored
Set the max-age value to 4h instead of 10min for the one-day-max policy (ie, 24h/6, like one-hour-max uses 10min max age). The idea is to reduce backend access of nearly static web sites, while still allowing changes without waiting for too long before it is propagated.
-
Romain Courteaud authored
If user group are recalculated before changing the workflow state, it will only return the same security group See nexedi/erp5@c00c3636
-
Romain Courteaud authored
-
Romain Courteaud authored
-
Titouan Soulard authored
-
Titouan Soulard authored
-
Titouan Soulard authored
`createSession` method from the OAuth2 Authorisation Server Connector needs to access client value. Fetching this value from the session is not needed since it is already stored in a local variable.
-
- 06 Nov, 2024 1 commit
-
-
Vincent Pelletier authored
Malevolent users may decide to only - and repeatedly - present an otherwise valid refresh token, causing the issuance of a new access tokens everytime, likely along with new refresh tokens, causing many ZODB writes. Avoid this by pushing the token expiration date by one lifespan accuracy, so there can only be one write per session per lifespan accuracy period.
-
- 05 Nov, 2024 4 commits
-
-
Jérome Perrin authored
This partially reverts 8a336dc5 (erp5_accounting: Allow Assignor manage Accounting Periods, 2024-09-16) for the restart transition, it is intentional that only Assignor can restart an accounting period that have been closed. The idea was to support a scenario where re-opening a period that was closed can not be done directly by the Assignee but needs validation from the assignor.
-
Jérome Perrin authored
The check was made on the blob response type, which is set from the Content-Type header returned by the server, but Safari has a different interpretation of the charset parameter from the mime type, with a content type set to application/json;charset=utf-8 like Base_redirect does today, safari creates a blob with type application/json;charset=utf-8 and this was not detected as redirection and the json returned by Base_redirect was downloaded. Fix this by checking only the essence of the type. This also revealed a potential problem when actually downloading json files, in that case we also check that we have the X-Location header, that is supposed to be set by Base_redirect before interpreting the json and when it's not present we force download.
-
Jérome Perrin authored
Follow up of ff624fd2 (ERP5Workflow: newly added permission should be acquired for all existing states., 2024-11-04) and cbef6282 (ERP5Workflow: make sure not create duplicate permissions, 2024-11-05)
-
Jérome Perrin authored
Fix a problem introduced in ff624fd2 (ERP5Workflow: newly added permission should be acquired for all existing states., 2024-11-04), visible in a test failure
-