GitLab

In https://hg.logilab.org/review/cubicweb/rev/8caa109dfe945592a34904bb56971cc57d1c6084 EntityView.w become a method using EntityView._w
In notifications we reset "self.w" for every notifications since we handle multiple streams.

We should set "self._w" to None instead, otherwise subsequent calls to "self.w()" will fail with TypeError: 'NoneType' object is not callable.

This mostly consists in removing the dependency on "six" and updating
the code to use only Python3 idioms.

Notice that we previously used TemporaryDirectory from
cubicweb.devtools.testlib for compatibility with Python2. We now
directly import it from tempfile.

Only expect session on web request, and let the web session/authentication
managers provide them.

Access to cnx.data, which used to return session data, is deprecated: there is
no more access to session data from the repository side, and they should be
access from req.session.data from the web side.

* update some copyright
* drop most __docformat__ declaration
* fix some flake8 warnings / errors

This feature allowing an instance to have both anonymous and authenticated
(https) url is not used anymore, let's drop it.

This will avoid potential information leak due to missed security restriction
and is more compatible with legacy code (pb encountered in some client code).

Closes #10294761

Basically:

mkdir cubicweb
hg mv *.py -X setup.py cubicweb
hg mv dataimport devtools entities etwist ext hooks i18n misc schemas server skeleton sobjects test web wsgi cubicweb

Other changes:

* adjust path to cubicweb-ctl in devtools tests
* update setup.py to avoid importing __pkginfo__ (exec it instead),
  replace os.path.walk by os.walk and prepend `modname` here and there
* update tox.ini to account for new test locations
* update doc/conf.py so that it still finds __pkginfo__.py and CWDIR in
  doc/Makefile

More than one of those can be sent for a given entity, so they shouldn't
all have the same message-id.  Closes #4962712.

Closes #3376252.

When sending notifications, we get each recipient as either an email
address or a CWUser.  In the latter case, we create a temporary session
for that user and use it to send the mail.  However, if we later decided
to not send the mail after all, we'd leak the session and its cnxset.
Add a try block inside the loop to make sure the temporary sessions are
closed properly.

--HG--
branch : stable

The non-uniform handling of CWUser vs (email, lang) tuple has caused too
many bugs; this change mostly unifies the two code paths.  Closes #3381521

Now that notifications use separate sessions, they can't rely on the
original transaction_data being around, so pass the data through view
arguments instead, so the notification view knows what changed on
updated entities.

Closes #2936180

When we create a session for the notification rendering, we need to
1) give it a cnxset
2) commit and close it after we're done
3) restore the original session for subsequent notifications

This changes the ordering of actual mail sending, since there are
several different commits involved, but I don't see a way to fix that
short of restoring hijack_user.

Related to #2934523

Session() takes a user and repo, not repo and user.

The transaction is now commited before notification. We can create a new session
directly and drop `hijack_user` usage.

This prepare #2781782

They are in the same module now.

It has no user outside this module. This enforce serversideness of
notification and allow future cleanup.

No backward compat is set up to prevent circular import. The class has no other user
anyway.

(closes 2845144)

The 3.6 API have been dropped some time ago. Those three lines survived the
purge. One of them is even deprecated since 3.5.

It duplicates feature already provided by
cw.hooks.notification.notify_on_commit function.

Simplify the API on the way.

A new logilab.common.registry module has been created with content from

* cw.vreg (the whole things that was in there)
* cw.appobject (base selectors and all).

In the process, we've done some renaming:

* former selector functions are now known as "predicate", though you still
  use predicates to build an object'selector

* hence `objectify_selector` decorator is now `objectify_predicate`

* the top level registry is now `RegistryStore` (was `VRegistry`)

Also there is no more need for the @lltrace decorator.

On the CubicWeb side, the `selectors` module has been renamed to `predicates`.

There should be full backward compat with proper deprecation warnings.

[pylint] fix pylint detected errors and tweak it so that pylint -E will be much less verbose next time (+ update some copyrights on the way)

--HG--
branch : stable

[cleanup] pylint detected error (among a ton of false positives due to the dynamic nature of cubicweb's code...)

--HG--
branch : stable

This changeset introduces the notion in adapters (as in Zope Component Architecture)
in a cubicweb way, eg using a specific registry of appobjects.

This allows nicer code structure, by avoid clutering entity classes and moving
code usually specific to a place of the ui (or something else) together with the
code that use the interface.

We don't use actual interface anymore, they are implied by adapters (which
may be abstract), whose reg id is an interface name.

Appobjects that used to 'implements(IFace)' should now be rewritten by:

* coding an IFaceAdapter(EntityAdapter) defining (implementing if desired)
  the interface, usually with __regid__ = 'IFace'

* use "adaptable('IFace')" as selector instead

Also, the implements_adapter_compat decorator eases backward compatibility
with adapter's methods that may still be found on entities implementing
the interface.

Notice that unlike ZCA, we don't support automatic adapters chain (yagni?).

All interfaces defined in cubicweb have been turned into adapters, also
some new ones have been introduced to cleanup Entity / AnyEntity classes
namespace. At the end, the pluggable mixins mecanism should disappear in
favor of adapters as well.

--HG--
branch : stable

--HG--
branch : oldstable

--HG--
branch : stable

--HG--
branch : stable

[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.

--HG--
branch : stable

--HG--
branch : stable

* follow yams default branch api changes
* now consider permissions on relation definitions, not relation types.

This is still experimental.

--HG--
branch : reldefsecurity

--HG--
branch : stable

--HG--
branch : stable

--HG--
branch : stable