Also, make some existing sanitation happen earlier than before, to store
values in a cleaner format.

With recent changes in CMFActivity, getServerAddress is now used
when setting up the site, before the ZServer is started, which means:
- getServerAddress memoized a wrong return value;
- the test didn't fail with --load.

The button "Subscribe/Unsubscribe from Timer Service" does not clearly 
explain the fact that it determines whether or not Alarms are enabled in
ERP5. It is very counter-intuitive to see Alarms on "enabled" in the 
"Configure Alarms" screen and yet not have them being run because the
Alarm Node is not subscribed to the Timer Service.

/reviewed-on !539

Since the introduction of ERP5 Login, authentication by Access Token is broken, and it is only working if `erp5_login.getReference() == person.getUserId()`

The scriptable part of access token changed, now scripts must return a user object - on which the plugin will call `getUserId` (it was not clear what they should return before, maybe login, but they should return a user id, not a login, as the token plays the same role as a login). To make it clear and to intentionally break compatibility as this is now something different, these scripts have been renamed to be `getUserValue` type based methods.

/reviewed-on !838

(because my editor runs python3 pytlint)

/reviewed-on nexedi/erp5!839

This fallback seems useless in this context, getClientAddr should be
available.

This test does not need to create an actual user as it just check
plugin extract login & password from request.
This test does not need to install the plugin in PAS, the actual check
instanciate another ERP5DumbHTTPExtractionPlugin.

- no longer needed to have same user id and logins.
- upgrader activate the plugin

This keep the current behavior. Invalidating all logins is also a way to
disable login for this user without having to find all tokens and
invalidate them one by one

for compatibility with login/password

Because this was broken, we took the liberty to introduce a breaking
change to fix naming, now type based scripts are *_getUserValue and must
return a user document, with a getUserId method returning the user id.

Make this plugin also an IAuthenticationPlugin which does all the job of
returning the user id.
It does not really make sense to delegate this to default authenticator.
A side effect is that token can still authenticate users with no
assignments, since tokens are scriptable, if this is a requirement, it
can be implemented in scripts.

also update test:

 - plugin must be enabled for IAuthenticationPlugin
 - check complete authentication sequence, not just extraction
 - update scripts to new names
 - simplify transaction management
 - don't set self.person, it was not used anywhere
 - update _createPerson to reindex, as said in docstring
 - merge all tests in on test component

benefit is very small and unusable for user

nexedi/erp5@1f254aa7

This is called when checking access permission on objects, which happens
very often. CachingMethod has a hit cost which is too high for this use.
Instead, generate this method as part of the portal type class, removing
all call-time logic.

It is superseded by __self__, which (where applicable) prevents
acquisition and getattr-based traversal, improving performance.
Patch AccessControl.users.BasicUser._check_context to extend this change
to zope code (and simplify it in the process).
Also, make __ac_local_roles__ accesses consistent with other places in
our own code as well as in PAS & AccessControl.

getRoles is called a lot (on every restricted access, so hundreds of times
per transaction), it is definitely not the right place to do extra
computation, especially when their result does not change from one call
to the next (configuration should only change on process restart, so not
during a transaction - and even if it someday did, it should be fine to
wait for next transaction for it to take effect).
Instead, do the extra work when creating the user (typically once per
transaction).
Also, modernise python syntax (simplifications & style).
Also, reduce code duplication from ERP5Security.ERP5UserFactory.

Simplifies callers, as they then do not have to test for None.
Also, use sort(key=...), which removes the need for internal 2-tuple
wrapping & unwrapping of all result entries.
Also, coding style (helps line-based profiling readability) & better
naming.

Include worklist parameter generation in the scope of existing cache.
Otherwise, it will be generated in pure loss if it is followed by a cache
hit. Most of WorkflowTool change is just indentation change.

Also, do some minor optimisations/simplifications in patchess.DCWorkflow.
Some comments:
- Guard_checkWithoutRoles return value is evaluated as a boolean, so no
  need to cast to int before returning based on boolean evaluation...
- DCWorkflowDefinition.worklists is always true, even when empty.
- Listing portal types per workflow requires checking all workflows, so
  build the whole mapping and cache it instead of caching for each workflow
  type individually (many more cache hits, fewer redundant computations)
- getVarMatch is expensive just for a fallback and a wrap, bypass it to
  reduce redundant work.

Backward-compatibility path does not need to be fast. Optimise for sane
folders.

This improves performance when unset protected properties are being
accessed.

In contrary to the ParentDeliveryPropertyMovementGroup for property, it has
never actually checked the parent Delivery but the current one.

This also avoids KeyError exceptions when Activities have already been processed
in the meantime.

These extensions does not seem to be used.

/reviewed-on nexedi/erp5!845

Test was never ending processing activities:

```
2019-03-11T03:09:20 WARNING CMFActivity invalid after_path_and_method_id value: ('/erp5/organisation_module/2', 'immediateRecusriveReindexObject', 'immediateReindexObject')
Traceback (most recent call last):
  File "product/CMFActivity/Activity/SQLBase.py", line 319, in getValidationSQL
    validate_list.append(' AND '.join(method(v, quote)))
  File "product/CMFActivity/Activity/SQLBase.py", line 345, in _validate_after_path_and_method_id
    path, method_id = value
ValueError: too many values to unpack
2019-03-11T03:09:20 WARNING CMFActivity invalid after_path_and_method_id value: ('/erp5/organisation_module/2', 'immediateRecusriveReindexObject', 'immediateReindexObject')
Traceback (most recent call last):
  File "product/CMFActivity/Activity/SQLBase.py", line 319, in getValidationSQL
    validate_list.append(' AND '.join(method(v, quote)))
  File "product/CMFActivity/Activity/SQLBase.py", line 345, in _validate_after_path_and_method_id
    path, method_id = value
ValueError: too many values to unpack
2019-03-11T03:09:20 WARNING CMFActivity invalid after_path_and_method_id value: ('/erp5/organisation_module/2', 'immediateRecusriveReindexObject', 'immediateReindexObject')
Traceback (most recent call last):
  File "product/CMFActivity/Activity/SQLBase.py", line 319, in getValidationSQL
    validate_list.append(' AND '.join(method(v, quote)))
  File "product/CMFActivity/Activity/SQLBase.py", line 345, in _validate_after_path_and_method_id
    path, method_id = value
ValueError: too many values to unpack
2019-03-11T03:09:20 ERROR CMFActivity message uid 7256619472683296857L has a circular dependency
 ```

Fix this failing test by using the proper `after_path_and_method_id` syntax and also some other small changes to make the test fail earlier in case of problems.

/reviewed-on nexedi/erp5!844

erp5_ui_long is too long for user to use fast input for the following scenario:
1. user create purchase order
2. user use fast input to enter product with reference 324214(a missing product)
3. user type 324214 in fast input, it found nothing in Product or Service
4. then user create such product 324214
5. then user go back to purchase order and type again 324214
since previous result is still cached for one hour and user still can't find it.

in one hour, user is not available to add such product

The fixes a missing rename in
commit cee3e728.

Check that global and local roles (which are not supposed to be used) actually
do not affect permissions.

For consistency with ERP5TypeTestCase.tic for server side unit test, use
timeShift to simulate a progress in time so that activities scheduled
for executation at a later time ( using activate(at_date=...) ) are
executed.

Otherwise in the worst case we sleep for 1000 seconds.

verify* style assertion continue test execution, whereas assert* mark test as failed.
If something went wrong, better to exit early.

Update relation field input value only on demand,
changing the state of a relation_input gadget with value_text = ""
now updates the field.

You can reproduce by doing :
- open an object in tab "View" with a relation field (eg my_successor_title) filled
- open a new tab, and edit the field to make it empty
- from the first tab, refresh the view by click on the left panel "View" tab
- the relation field should be emptied.

Prevent "cannot read property of undefined" errors on the JS side.