The older approach of storing parameters was insecure, and required
eval()ing the unchecked contents of the batch parameter file. This
is a security risk, as a malicious file could leak user information
or damage the system.
So,
- Switch to a newer ".batch" format which uses safe JSON objects
only for serializing parameter values.
- Allow loading the older .json files, but first show a warning
that they are a security risk and require to user to explicitly
agree to open the file
this has been done automatically with the following comand line
./scripts/3to4/3to4.py --only-qgis3-compatible-changes ./python/plugins/
./scripts/3to4/3to4.py --only-qgis3-compatible-changes ./tests/src/python/
actions to the "Autofill" menu
This adds more UI consistency, as currently there's a disconnect
from the autofill options available via the Autofill buttons
vs some options which need to be done from the first rows "..."
button
Previously we would show a warning about these, but then go ahead and try
to run the row anyway (using an empty set of parameters), resulting in
the log being filled with confusing error messages.
Instead, keep the existing warning advising about which values are
invalid, but skip the affected row and don't try to run it at all.
populating batch processing dialog
This option adds news rows using the values from an expression
which returns an array. (As opposed to "Calculate by Expression",
which works only on existing rows).
The intended use case is to allow populating the batch dialog
using complex numeric series, e.g. those created by the "generate_series"
expression function.
For example, adding rows for a batch buffer using the expression
generate_series(100, 1000, 50)
(results in new rows with values 100, 150, 200, .... 1000)
This new option is available under the Autofill menu for a column. Selecting it allows users
to create a new QGIS expression to use to update the value inside that column. Existing
parameter values (including those from other columns) are available for use inside
the expression via @variables.
E.g. this allows setting output file names to complex expressions like
'/home/me/stuff/buffer_' || left(@input, 30) || '_' || @distance || '.shp'
to an explicit widget in the table
The double-click-header action is very hidden, and many users will
not stumble upon this. By moving it to an explicit "Autofill" widget at the
top of the table, we make this important action much more user
discoverable.
It also gives the possibility of other, parameter specific, autofill
actions (e.g. fill by expression, fill by file pattern)
