1. 02 Oct, 2019 4 commits
    • Nicolas Wavrant's avatar
      Verify parameters passed to category setters · 3978dba1
      Nicolas Wavrant authored
      This merge request aims to prevent programming errors by raising instead of silently doing nothing (which is a source of bugs).
      
      Currently, if an object as category property for a category "category", 2 families of setters were created :
      
      1. The string setter, following the format ```_setCategory``` and taking a relative URL as the argument.
      2. The value setter, following the format ```_setCategoryValue``` and taking an object as the argument.
      
      The issue is that developers may pass the wrong argument to one of these functions, having for consequences :
      
      1. For case (1), if an object is passed, the code would silently do nothing : nothing is set as relation, but the code doesn't fail. This is the worst case. 
      2. For the second case, passing a relative URL to ```_setCategoryValue``` would "work" (in the meaning the relation is set to the correct object). This may sound like a feature, but in my opinion it is confusing given the way ERP5 developers apprehend these setters nowadays.
      
      For case 1, a test is existing that an exception is raised, but due to coding error the feature disappeared and no one noticed : https://lab.nexedi.com/Nicolas/erp5/blob/b3ed2210ed6b30390b901c8620de6eafcc27a574/product/CMFCategory/tests/testCMFCategory.py#L810-815
      
      For case 2, compatibility code exists in the underlying function ```_setValue``` : https://lab.nexedi.com/Nicolas/erp5/blob/b3ed2210ed6b30390b901c8620de6eafcc27a574/product/ERP5Type/Base.py#L1840-1842
      
      In this MR, the exception caused by case (1) has been restored (so now it fails loudly).
      
      Case (2) has been deprecated, in order to keep backward compatibility.
      
      I have run the tests with the ```DeprecationWarning``` raising an error instead of just a warning,  and fixed the code were the setters weren't used correctly.
      
      Ideally, tests should always run with this ```DeprecationWarning``` being a real error so both cases crash loudly. This won't be part of this Merge Request.
      
      
      /reviewed-on nexedi/erp5!938
      3978dba1
    • Jérome Perrin's avatar
      Connector to annotate commits with test results status on gitlab · b0972239
      Jérome Perrin authored
      This adds a new field on Test Suite Repository to configure a "gitlab connector".
      
      If this is set, then the commit from this repository will be annotated with the test status (failed or success). Gitlab uses these annotations to show that status on the merge request.
      
      At the same time, fix a few minor problems on `erp5_test_result`.
      
      /reviewed-on nexedi/erp5!924
      b0972239
    • Jérome Perrin's avatar
      Fix "incremental check" mode of consistency check alarm · 9a1cb966
      Jérome Perrin authored
      The way consistency check select documents to check at each run when running incremental mode, consistency seems to have issues which leads to documents not checked sometimes.
      
      I noticed two reasons:
      * When Zope runs with a timezone that is not `UTC`, the date comparison to find new documents compares a date in zope local timezone with a timestamp in mysql timezone. First fix is to pass a date to catalog, so that catalog convert it to the catalog timezone (it's a mistake to pass a date as string when using catalog programmatically). Second fix seem that we seem to need to configure mariadb to use `UTC` by default.
      * `alarm.getLastActiveProcess` does not return the latest active process when alarm is executing `activeSense` so we need to pass `include_active=True` in this case.
      
      /reviewed-on !537
      9a1cb966
    • Jérome Perrin's avatar
      Support properties' read permission in the GUI and in getProperty · 6c2435cf
      Jérome Perrin authored
      Because unlike `getFoo()`,  `getProperty('foo')` does not checks the permission defined on the accessor, when a form contain a `my_foo` field, the property would be displayed to the user who can view the form, even if the user does not actually have the permission to get this property. This because getter for default value of fields uses getProperty ( [here](https://lab.nexedi.com/nexedi/erp5/blob/58d4ab8efef748f522b3eaaecba3dc1133c99e72/product/ERP5Form/Form.py#L275) ).
      
      These changes modify behavior of `getProperty`, so that it enforces read permission security of properties and raise when user does not have permission to access properties.
      
      Some notes about implementation:
       * `getProperty` now becomes a bit slower, but it was incorrect before, so I guess it's inevitable.
       * some efforts have been made to keep the impact on performance minimal. This uses the same approach of  in `edit` of computing the set of restricted properties and using `guarded_getattr` only on these properties and using `getattr` on non-restricted properties. The computation of this set was moved  to dynamic class generation time and as a result, `edit` becomes a bit faster.
       * the `expectedFailure` part of `test_PropertySheetSecurityOnAccessors` was moved to another test, but I'm not even sure we want to support this (read-protecting properties with default write permission) as, to me, such configuration does not make much sense. 
       * new performance tests were added. I don't know what to use as min/max values so I just used something that should pass.
       * implementation for `getProperty('*_list')` was changed a lot, I have no idea why this was getting the method on the class and passing self as first argument. Now it we just get method on the instance, like we do for single properties.
      
      /reviewed-on nexedi/erp5!181
      6c2435cf
  2. 01 Oct, 2019 2 commits
  3. 30 Sep, 2019 14 commits
  4. 29 Sep, 2019 1 commit
  5. 27 Sep, 2019 10 commits
  6. 26 Sep, 2019 9 commits