for compatibility with Base.checkProperty.

This introduce a `_getProperty` method that's not really part of public
API, but could be called to get a property without security check.
Because some classes were already using internally a _getProperty method
for a different meaning, these methods have been renamed.

This also re-enable parts of test_PropertySheetSecurityOnAccessors that
are supposed to work (security is checked on accessors) and split
what's currently not supposed to work (security on accessors does not
work in the corner case of using the default read permission, 'Access
contents information' as a write permission) to another expected failure
test.

maybe a little to strict. I don't know how we can check that fields does
not display value without checking the markup in a so low level way

Base domain .getRelativeUrl method does not include portal_domains.
See https://lab.nexedi.com/nexedi/erp5/blob/c3f0585cc1ddb888d356b3395b947b90cb188356/product/ERP5/Document/Domain.py#L91

See nexedi/erp5@88f24700
and nexedi/erp5@796c3520

Clone Base_doAction to keep the logic identical.

Reuse Folder_create directly to reduce difference from xhtml_style.
Side effect: the status message is modified from 'Document created.' to
'Object created.'

This works only for medusa, using the same approach as CMFCore's
CookieCrumbler

Also increase test coverage of google/facebook plugins.

/reviewed-on nexedi/erp5!901

What I'm trying to prevent, is that when we have a document with leading/trailing space

![image](/uploads/8a00a1019cdcb5d76bd589917548a515/image.png)

and it's set in a relation
![image](/uploads/925aa9895c7d15f3ef9f3bdc9926d7fd/image.png)

just clicking save will complain that document is not found

![image](/uploads/a559eea23fc8ba0df19c23dfcda26138/image.png)

this is because validator have stripped whitespace and search for `"leading and trailing space"` - and find nothing  (unless title is a keyword key, but that's another story )

/reviewed-on nexedi/erp5!897

Until know, in the preference we defined list of uri for conversion
server, and then we were trying always in the order defined in the
preference. But this is not optimal, when a server start to fail, it's
better to try using another one. So sort list of uri in such a way to
use first server having the most chance to work.

Useful for SolverType._configuration_property_dict but more generally
the whole history should be displayed as this view is used by developers.

erp5_web_renderjs_ui: Don't crash if form has 'Update Action Title' but no 'Form update action' defined.

Even though this is inconsistent form definition, form_dialog gadget should not crash

in MRP, we have manufacturing execution having a mix of lines with
positive and negative values. It must be possible to use split and
defer solver in that case.

For example, Categories in "expired" state.

As a consequence, user is included in cache key.


/reviewed-on nexedi/erp5!899

This works only for medusa, using the same approach as CMFCore's
CookieCrumbler

This function have evolved to something very trivial not accessing anything from database, so caching this no longer really makes sense, also the cache keys are really big.

On a quick benchmark of calling ERP5Site_getTabList 10000 times:
with cache: ERP5Site_getTabList took 12.961781
without cache: ERP5Site_getTabList took 5.395873

Only send line data if the text is not empty and ensure there is no hole
in the uid list.
This will fix the edition when the field already contains some homonyms.

Only append empty input if the latest one is not empty.

Replace verify by assert in the tests.

Fixup nexedi/erp5@18415f4d

When we ignore variations, we should also ignore them when looking
to update existing orders

erp5_web_manifest_test:testManifest leave a -1 activity.

W3Validator seems obsolete now since it does not validate HTML5. nu became the default validator in 417ff1ae.

/reviewed-on nexedi/erp5!786

Add some tests and fix bugs:
* https://nexedi.erp5.net/bug_module/20170426-A3962E
* another bug that columns names were not escaped ( in a project we have a custom table with a column named `use` and this breaks `upgradeSchema`  )

/reviewed-on nexedi/erp5!854

Note that we can't really use " " in test tables, for input selenium
supports ${space} magic that types a space characters, but to check the
values, we cannot just use assertValue which strips the leading/trailing
spaces, so we use a custom assertEval expression.

We want to search for what user entered, if we strip whitespaces we
would not match trailing or leading spaces

Since 8a6c4394 Item_getTrackingList sets
parent and id on brain instead of url.

testItem now passes: https://nexedijs.erp5.net/#/test_result_module/20190625-614B59A1

/reviewed-on nexedi/erp5!898

This will apply to newly created relation fields.

This first work on WSGI is only to stop using ZServer (Medusa),
which is a required step before moving to Zope 4. This means that
Zope should behave almost exactly the same way as before, notably:

- We don't take advantage yet of what WSGI offers, like IPv6.
- There's extra code to handle errors the same way as before
  (this is something we'll have to change for Zope 4).

The most significant change in behaviour is that the chosen WSGI server
(waitress) does some of the HTTP work in worker threads (Medusa does it
entirely in the IO thread), and the biggest consequence concerns the
deadlock debugger that is now run from the worker thread:
- it does not work if all threads are blocked
- doing better would require to patch waitress in a quite ugly way

About TimerService, we simplify things by removing the egg.
In zope.conf, it's possible to import from the product.

/reviewed-on nexedi/erp5!883