1. 06 Oct, 2023 1 commit
  2. 04 Oct, 2023 2 commits
  3. 03 Oct, 2023 1 commit
  4. 02 Oct, 2023 4 commits
    • Roque's avatar
      Capture the flag game new features · 3a9d947c
      Roque authored
      See merge request !1824
      3a9d947c
    • Roque's avatar
      erp5_officejs_drone_capture_flag: new map randomization strategy · 36b5ce60
      Roque authored
      - grid of blocks
      - set of block templates
      - randomization conditions
      - new terrarin texture
      - refine enemy drone collision
      - more aggressive enemies
      36b5ce60
    • Roque's avatar
      erp5_officejs_drone_capture_flag: app display using dialog steps pattern · 26d6772a
      Roque authored
      - drop import/export json
      - API for operator script
      - map utils class update
      - doc api update
      - all visible map parameters are geo
      - allow to run twice
      - fix default ai drone script distance fn
      - fix flag elements position (altitude)
      - better error handling
      26d6772a
    • Roque's avatar
      erp5_officejs_drone_capture_flag: new script operator feature and more · cbf008fa
      Roque authored
      - add a new operator script editor
      - update finish rules and scoring system
      - refactor map parameters
      - map randomization is done now by new class map utils
      - update init flag info msg
      - import/export script feature
      - update web site CSP
      - ui: activate js syntax in user script editor
      - ui: styles, section titles, etc - doc api update
      - fixes/refactoring
      -- fix default target coordinates bug
      -- control empty/invalid user scripts
      -- raise an error on user script syntax error
      -- fix onUpdate timestamp parameter (to integer milliseconds)
      -- fix drone loiter (based on nexedi/erp5!1817/)
      cbf008fa
  5. 29 Sep, 2023 1 commit
  6. 28 Sep, 2023 2 commits
  7. 27 Sep, 2023 1 commit
  8. 19 Sep, 2023 2 commits
  9. 14 Sep, 2023 2 commits
  10. 12 Sep, 2023 1 commit
    • Jérome Perrin's avatar
      Update officejs support request app for strict CSP · 2dc9f19a
      Jérome Perrin authored
      This is a first step to stop using "unsafe" web sections.
      
      This updates support request app to not require `script-src: unsafe-eval` and `style-src: unsafe-inline` in the CSP.
      Dropping `script-src: unsafe-eval` is made possible by using domsugar instead of handlebars for dynamic content. Dropping `style-src: unsafe-inline` by using CSS files instead of inline `style` attributes in the DOM. One minor regression is that the tooltips from the graph on the front page gadget will cause warning because of `unsafe-inline` and not render the series color.
      
      This application was also modernized a bit, it now uses the HTML viewer gadget to display post contents and supports translation.
      
      See merge request nexedi/erp5!1821
      2dc9f19a
  11. 11 Sep, 2023 3 commits
    • Julien Muchembled's avatar
      ListBox: fix possible unexpected acquisition · 8e3d2599
      Julien Muchembled authored
      The use case is a listbox method being called for a document A
      and returning objects that:
      - aren't children of A
      - but wrapped with `.__of__(A)`
      
      By using `aq_self` instead of `aq_base`, the listbox could still
      acquire from the real parent of the returned object and wrongly access
      an attribute directly (e.g. comment) instead of using an appropriate
      method (if there's no `comment` attribute, getComment returns '').
      
      See merge request nexedi/erp5!1820
      8e3d2599
    • Julien Muchembled's avatar
      ListBox: simplify code · 5803f7b6
      Julien Muchembled authored
      5803f7b6
    • Julien Muchembled's avatar
      Ignore read-only transaction cache when getting a category from a new or temp object · 9053cc93
      Julien Muchembled authored
      The purpose is to be able to use the amount generator during indexation.
      At some point, it executes:
      
              if amount.getQuantityUnit():
              ...
              for x in property_dict.iteritems():
                amount._setProperty(*x)
      
      where `amount.getQuantityUnit()` may getResource before it is set.
      Any further access to the resource category would be wrong.
      
      There may be a way to only change the amount generator but this kind
      of pitfall is likely to happen in many other places if we keep such
      a read-only transaction cache for new or temp objects.
      
      See merge request nexedi/erp5!1818
      9053cc93
  12. 08 Sep, 2023 8 commits
  13. 07 Sep, 2023 4 commits
  14. 06 Sep, 2023 4 commits
  15. 04 Sep, 2023 4 commits
    • Vincent Pelletier's avatar
      erp5_oauth2_authorisation: Store more HTTPResponse headers using setHeader · b680b016
      Vincent Pelletier authored
      During the response process (especially setBody), HTTPResponse accesses
      and updates some response headers in its "headers" property (a dictionary).
      addHeader puts the response headers in a list which will not be updated by
      HTTPResponse. This is "more correct" from an RFC perspective, as any header
      specified as being a sequence of values delimited by commas may be split
      among multiple headers.
      So, keep using addHeader by default, but special-case some headers which
      are accessed and must be successfully updated by HTTPResponse itself so
      that those headers are set using setHeader, which updates the "headers"
      property.
      b680b016
    • Vincent Pelletier's avatar
    • Vincent Pelletier's avatar
      erp5_oauth2_authorisation/logged_in_once: Tolerate multipart/form-data request encoding · c5410570
      Vincent Pelletier authored
      For better compatibility, as not all templates may be reconfigured to post
      in application/x-www-form-urlencoded.
      Also, tolerate a missing Content-Type request header, treating as an
      unhandler type instead of raising a KeyError exception.
      c5410570
    • Vincent Pelletier's avatar
      erp5_oauth2_authorisation: Drop login retry URL double base64-encoding · 915b20c4
      Vincent Pelletier authored
      Fernet tokens are urlsafe-base64-encoded, so re-encoding them is
      useless.
      
      This change breaks compabitility with what should be a transient login state
      (lasting as long as the login form is opened in any browser). So the
      consequence is that a user failing to authenticate will be redirected to a
      safe location (ex: the website's home page) instead of getting to the login
      form again.
      This should not be worth either a systematic double-decrypting (which could
      lead to harder to debug decryption errors) or some heuristic trying to
      guess if the value is in fact double-encoded.
      915b20c4