Some tests (e.g. mail) have expensive and significant DB setup for a
number of small and cheap tests. Using a TransactionCase, the DB setup
far dominates the tests themselves, by up to 10x (mail unit tests take
~130s on my machine, the tests themselves take ~15s).
The SavepointCase introduced here is an hybrid of SingleTransactionCase
and TransactionCase: it uses a single transaction for all tests in a
class, but each test case is isolated by a rollbacked savepoint. This
allows a common DB setup (via setUpClass) while keeping independent
tests.
TransactionCase should remain the primary test case superclass, but
SavepointCase can be a fair optimisation when setup costs far dominate.
Partial backport of commit 093e39bd.
When a flow is stopped by a login redirection, some data (e.g: a product
comment being posted) could be lost. This commit in this case convert
POST request data to GET data (so it is possible to add a GET controller
which after login will terminate the action).
closes#7100
opw-642350
Access rights on messages are derived from the
access rights on the documents they are attached
to. Due to the karma-based nature of the forum
access rights, these do not automatically reflect
on messages, because they are not implemented as
access rules.
The check_mail_message_access() needs to be
overriden to achieve the same effect.
+ allow calling super().check_mail_message_access()
from new API (useful in forward-port)
When a user's karma is driven to a negative value
due to repeated abuse or the posting of spam,
automatically hide all their posts from public
view.
This will reduce the effectiveness of their abuse,
and simplify moderation and cleanup.
For public-facing HTML content provided by the user,
`<style>` tags and `style` attributes should be stripped
automatically, as they can easily be abused to deface
pages for abusive users and spammers.
<style> tags were already stripped, the optional `strip_style`
for fields.html enables the automatic stripping of style
attributes.
This is opt-in because custom style attributes are still
desirable in trusted HTML fields.
The limit on the list of answers and questions posted by
a given forum user is purposely limited to reduce the
performance penalty for displaying them all.
(see 78fa861936)
However seeing the full list is useful for forum moderators
(e.g. when tracking down abuse), and there are only a few
such users with high karma, so enabling it for them is
negligible performance-wise.
Fixes#3955
When comment is created, emails are sent with subject: "Re: False" and footer: "About Forum False".
Now, when the post is a comment, we fallback to the name of the parent (the main forum post).
This is to help forum moderators to fight against
spammers. It was previously difficult as the spammer
profile became unreachable as soon as their karma
went below 1, even if they had other questions
or answers still published.
Use if_dom_contains to check if we need to load js
Fix bug where _tag_to_write_vals was called like old API but model converter was new api
Move IsKarmaValid and Load CKE only in website_forum context