Commits · 40d752f4c1fb2559998bbd7683eee0d3b519dc98 · Roque / erp5

13 Dec, 2024 6 commits

oauth_google_login: support refresh when refresh_token is still valid · 40d752f4

Jérome Perrin authored Dec 12, 2024

When refresh_token is still valid google's endpoint does not include the
current refresh token in the response when refreshing the token, we need
to keep the current one.
This fixes user logout every one hour.

40d752f4

core: set "Manager bypass guard" by default on ERP5 workflows · 130047f0
Jérome Perrin authored Nov 21, 2024

130047f0

base: add Notification Message in document portal type group · 687d9a93

Jérome Perrin authored Nov 20, 2024

So that version view works as expected, see b415abbb (dms: add version
view on notification messages, 2024-06-19)

687d9a93

PDM: transformation type · 64c4c520
Jérome Perrin authored Dec 13, 2024
```
See merge request !2011
```
64c4c520

erp5_core: Improve BaseExtensibleTraversableMixin._forceIdentification · c7a4958f

Vincent Pelletier authored Dec 13, 2024

Fix bugs:
- Fix an acquisition context bug: the user found here would be wrapped in
  the acquisition context of self, and as a result SecurityManager.validate
  may consider the user to be outside of the acquisition path of the
  document being checked (ex: when accessing a module while publishing a
  web section).
- While unusual, there may be multiple users matching a given request,
  which is handled by ZPublisher but was skipped here.

Also:
Document:
- Why this method is needed.
- assumptions made to get simpler code.
Improve performance:
- portal_membership._huntUser looks the user up twice, which is expensive.
  Stop using this method.
- When the request is a fake request (from restrictedTraverse) nothing can
  nor should be done, so bypass the entire logic that case.
- Assorted tiny improvements: do not retrieve security manager twice, avoid
  extraneous local assignments, ...
Improve coding style:
- Stop accessing portal_membership's underware.
- Stop accessing PluggableAuthenticationService's underware.
- Simplify disabled cache support: this is exceedingly rare, optimise for
  when it is enabled.
- Do not hardcode log level, also increase the severity: this really is a
  warning.
- Do not try to decode Basic-auth, this is the job of the user folder.
  This removes duplicated code.

c7a4958f

ods_style: Fix column length. Revert to the previous behavior. · 76bd4921
Yusei Tahara authored Dec 13, 2024
```
Set table:number-columns-spanned to each cell outside listbox/matrixbox.
```
76bd4921

06 Dec, 2024 1 commit

erp5_json_editor: Always drop the default · 1cffe324

Rafael Monnerat authored Dec 06, 2024

  Like it is done for option, remove default from schema after append the value into decription.

1cffe324

21 Nov, 2024 1 commit
- Multicopter API · 0236f68b
  Léo-Paul Géneau authored Nov 21, 2024
```
See merge request !2004
```
  0236f68b
20 Nov, 2024 2 commits
- erp5_officejs_drone_simulator_test: update tests to support multicopter API · 37a38939
  Léo-Paul Géneau authored Nov 06, 2024
  
  37a38939
- erp5_officejs_drone_simulator: use multicopter API · b9cae114
  Léo-Paul Géneau authored Nov 06, 2024
  
  b9cae114
18 Nov, 2024 2 commits
- erp5_officejs_drone_simulator: update script to not depend on initial coordinates · 1631641c
  Léo-Paul Géneau authored Jun 20, 2024
  
  1631641c
- erp5_officejs_drone_simulator: limit decimals in logs · 65fe6abf
  Léo-Paul Géneau authored Jun 25, 2024
```
Limit printed decimals in flight log file for readability.
```
  65fe6abf
15 Nov, 2024 1 commit
- Stock view optimization · 036f0c50
  Nicolas Wavrant authored Nov 15, 2024
```
See merge request !2017
```
  036f0c50
14 Nov, 2024 1 commit

erp5_pdm: speed up the Stock view of products · d1c141da

Nicolas Wavrant authored Nov 07, 2024

By pre-fetching some catalog entries to retrieve objects UIDs that can directly
be used in the inventory query, to avoid needless (costly) joins and hinting
the catalog to use the resource_section_node_uid index of the stock table.

d1c141da

12 Nov, 2024 9 commits
- Remove useless fulltext indexation for some line/cell · 43b37458
  Xiaowu Zhang authored Nov 12, 2024
```
See merge request !2012
```
  43b37458
- erp5_officejs: fix issue on submit · 42491c4d
  Roque authored Nov 12, 2024
```
See merge request !2016
```
  42491c4d
- erp5_officejs: fix issue on submit · 573ecd88
  Roque authored Nov 12, 2024
  
  573ecd88
- Formulator: fix FormToXML with a form encoding on py3 · c1a277b7
  Jérome Perrin authored Nov 11, 2024
```
The test from 6316d9bb (Formulator: test form serialization with non
ascii elements, 2024-10-24) revealed that form with an encoding other
than UTF-8 are not supported.
```
  c1a277b7
- core: fix TextDocument.getData with empty text content · 8c562ebb
  Jérome Perrin authored Nov 11, 2024
  
  8c562ebb
- AlarmTool: stop using deprecated self.getServerAddress · d6ce75af
  Jérome Perrin authored Nov 10, 2024
  
  d6ce75af
- LongRequestLogger_dumper: tolerates bytes or str when dumping query · a59709c3
  Jérome Perrin authored Nov 09, 2024
```
DB.query accepts either bytes or str on python3. We need to decode the
query here to display it in traceback and we must not fail when we
have bytes with non UTF-8 characters, which can happen with binary
columns
```
  a59709c3
- Base: make getWorkflowStateItemList protected · fd2bccad
  Jérome Perrin authored Nov 12, 2024
  
  fd2bccad
- Base: remove getWorkflowInfo · bb005aea
  Jérome Perrin authored Nov 12, 2024
```
It currently not used and it's better not to have such public method
```
  bb005aea
11 Nov, 2024 1 commit
- web: update testERP5Web now that one-day-max policy is fixed · da91255c
  Jérome Perrin authored Nov 11, 2024
```
ref: 906761ed (erp5_web: change one-day-max policy max-age to 14400s, 2021-09-01)
```
  da91255c
08 Nov, 2024 8 commits
- erp5_web_renderjs_ui: relation field: do not crash in readonly mode · 4c277484
  Romain Courteaud authored Nov 07, 2024
  
  4c277484
- erp5_web_renderjs_ui: jslint · f34ae161
  Romain Courteaud authored Nov 07, 2024
  
  f34ae161
- erp5_osoe_web_renderjs_ui: test the router command · e84973af
  Romain Courteaud authored Nov 07, 2024
  
  e84973af
- erp5_web_renderjs_ui: allow displaying searchable form_list on the access page · 2722400c
  Romain Courteaud authored Sep 25, 2024
```
Using the display router command allows to drop the user search term
when moving from one access page to another.
```
  2722400c
- erp5_web: change one-day-max policy max-age to 14400s · 906761ed
  Romain Courteaud authored Sep 01, 2021
```
Set the max-age value to 4h instead of 10min for the one-day-max policy
(ie, 24h/6, like one-hour-max uses 10min max age).

The idea is to reduce backend access of nearly static web sites,
while still allowing changes without waiting for too long before it is propagated.
```
  906761ed
- erp5_oauth2_authorisation: remove non-implemented method from docstring · 5ca69f88
  Titouan Soulard authored Oct 22, 2024
  
  5ca69f88
- erp5_oauth2_authorisation: fix typos in description fields · ef902c1b
  Titouan Soulard authored Oct 17, 2024
  
  ef902c1b
- erp5_oauth2_authorisation: remove unnecessary access to session · f0e8c162
  Titouan Soulard authored Oct 15, 2024
```
`createSession` method from the OAuth2 Authorisation Server Connector needs
to access client value. Fetching this value from the session is not needed
since it is already stored in a local variable.
```
  f0e8c162
07 Nov, 2024 3 commits
- erp5_invoicing: don't index reference in fulltext which is usually generated... · 78171b2c
  Xiaowu Zhang authored Nov 07, 2024
```
erp5_invoicing: don't index reference in fulltext which is usually generated by system and meaningless

it's like 5.1, 2.4
```
  78171b2c
- erp5_mrp: don't index those lines/cells in fulltext, it's parent we usually look for · e747df6f
  Xiaowu Zhang authored Nov 06, 2024
  
  e747df6f
- erp5_trade: don't index reference in fulltext which is usually generated by system and meaningless · 18a15994
  Xiaowu Zhang authored Nov 07, 2024
```
it's like 5.1, 2.4
```
  18a15994
06 Nov, 2024 4 commits

erp5_oauth2_authorisation: Do not edit OAuth2 Session on every refresh token issuance · 36768696

Vincent Pelletier authored Nov 06, 2024

Malevolent users may decide to only - and repeatedly - present an otherwise
valid refresh token, causing the issuance of a new access tokens everytime,
likely along with new refresh tokens, causing many ZODB writes.
Avoid this by pushing the token expiration date by one lifespan accuracy,
so there can only be one write per session per lifespan accuracy period.

36768696

pdm: add "transformation_type" category on transformations · 3010b8ab

Jérome Perrin authored Nov 06, 2024

For the same purpose as "trade_condition_type" on trade conditions,
to organise the transformation in a way that makes sense to users.

3010b8ab

pdm: move "Reference" to right group on Transformation view · 6f66f648
Jérome Perrin authored Nov 06, 2024
```
for consistency with Trade Condition views
```
6f66f648
pdm: add "Transformation Template" in module's more columns · 250db928
Jérome Perrin authored Nov 06, 2024

250db928

05 Nov, 2024 1 commit

accounting: only allow Assignor to restart accounting periods · d7c0baf1

Jérome Perrin authored Oct 22, 2024

This partially reverts 8a336dc5 (erp5_accounting: Allow
Assignor manage Accounting Periods, 2024-09-16) for the restart
transition, it is intentional that only Assignor can restart
an accounting period that have been closed.
The idea was to support a scenario where re-opening a period
that was closed can not be done directly by the Assignee but
needs validation from the assignor.

d7c0baf1