Releases: axelor/axelor-open-platform
v7.2.1
7.2.1 (2024-10-17)
Feature
-
Fix search bar value duplicated in other quick menus
-
Always show tenant selection for non-hosts resolved tenants
-
TagSelect x-color-field attribute is now compatible with hexadecimal color values
-
Add /files/data-export?fileName and /files/report?link endpoints
Add files endpoints accepting filename as query param instead of path param.
This ensures URIs are ASCII only, complying with Shiro InvalidRequestFilter.
Files endpoints using filename as path param are kept for backward compatibility and may be removed
in later versions.
Change
-
Re-enable Shiro global filters
Shiro global filters are re-enabled, now that our endpoints comply with
Shiro InvalidRequestFilter (ASCII-only URIs).User endpoints also need to make sure they use ASCII-only characters in URI.
Fix
-
Fix version issue in editable m2m grid
-
Fix ColorPicker popper to work even with invalid values
-
Fix tenant selection at login when hosts are not specified
Session may exist even if user is not logged in.
Tenant specified from login request should override any session tenant. -
Fix data-description not translated on enum/selection
-
Fix restore items state on save in form view
-
Invalidate session when tenant becomes inactive
-
Fix skip view dirty on editable m2m grid changes
Security
-
Always rely on codes when fetching user from profile
Any extends of
com.axelor.auth.pac4j.AuthPac4jUserService.getUser
should takes
care to rely on fetch users by code only (instead of fetching by code and email).In case your application use SSO authentication, a carefully review is needed.
As we now rely on users codes to retrieve users, make sure the users codes match
the user profile username or email provided by the identity provider (we rely on
pac4j user profile mapping for this). For example, OpenID Connect providers commonly
usepreferred_username
claim as username,but for others such as Azure OpenID Connect
provider, it will use theupn
claim as username. As fallback is will use theemail
claim as email. In case of existing users codes not matching identity providers username
or email, it will not retrieve them and users will not be able to log in. Manually change
will be needed, by updating users codes with their email for example.
v7.1.8
7.1.8 (2024-10-17)
Security
-
Always rely on codes when fetching user from profile
Any extends of
com.axelor.auth.pac4j.AuthPac4jUserService.getUser
should takes
care to rely on fetch users by code only (instead of fetching by code and email).In case your application use SSO authentication, a carefully review is needed.
As we now rely on users codes to retrieve users, make sure the users codes match
the user profile username or email provided by the identity provider (we rely on
pac4j user profile mapping for this). For example, OpenID Connect providers commonly
usepreferred_username
claim as username,but for others such as Azure OpenID Connect
provider, it will use theupn
claim as username. As fallback is will use theemail
claim as email. In case of existing users codes not matching identity providers username
or email, it will not retrieve them and users will not be able to log in. Manually change
will be needed, by updating users codes with their email for example.
v6.1.6
6.1.6 (2024-10-17)
Fixed
- Fix bpm module discovery
- Fix pending actions not launched after notify
Security
-
Always rely on codes when fetching user from profile
Any extends of
com.axelor.auth.pac4j.AuthPac4jUserService.getUser
should takes
care to rely on fetch users by code only (instead of fetching by code and email).In case your application use SSO authentication, a carefully review is needed.
As we now rely on users codes to retrieve users, make sure the users codes match
the user profile username or email provided by the identity provider (we rely on
pac4j user profile mapping for this). For example, OpenID Connect providers commonly
usepreferred_username
claim as username,but for others such as Azure OpenID Connect
provider, it will use theupn
claim as username. As fallback is will use theemail
claim as email. In case of existing users codes not matching identity providers username
or email, it will not retrieve them and users will not be able to log in. Manually change
will be needed, by updating users codes with their email for example.
v6.0.5
6.0.5 (2024-10-17)
Fixed
- Fix dirty view when an editor contain a button
- Fix hidden panels/buttons in editor when the record changes
- Fix details from view attrs reset when reloading from grid/tab
- Fix onnew popup actions called with delay
- Fix tab refresh with HTML dashlet
- Fix auth provider settings
exclusive
andabsolute-url-required
Security
-
Always rely on codes when fetching user from profile
Any extends of
com.axelor.auth.pac4j.AuthPac4jUserService.getUser
should takes
care to rely on fetch users by code only (instead of fetching by code and email).In case your application use SSO authentication, a carefully review is needed.
As we now rely on users codes to retrieve users, make sure the users codes match
the user profile username or email provided by the identity provider (we rely on
pac4j user profile mapping for this). For example, OpenID Connect providers commonly
usepreferred_username
claim as username,but for others such as Azure OpenID Connect
provider, it will use theupn
claim as username. As fallback is will use theemail
claim as email. In case of existing users codes not matching identity providers username
or email, it will not retrieve them and users will not be able to log in. Manually change
will be needed, by updating users codes with their email for example.
v5.4.23
Release 5.4.23
v7.2.0
7.2.0 (2024-10-07)
Feature
-
Add email widget support in grid view
-
Add onDelete action support in panel-related
This action will be call when removing record in o2m/m2m grid.
-
Add summary view support in tree-grid
-
Add error support on menus response
Beside notify and info response, this also add error response support on menus actions.
-
Support localization with IETF BCP 47 language tags and fall back to primary language subtags
-
Add slider widget
This provides the ability to select a value within a range.
It can be used oninteger
anddecimal
fields. -
Add image field support in relational field
Now we can use x-image-field="fieldName" attribute to show image in
m2o (selection) and m2m (tag-select) for both grid and form views. -
Add onSave action support in editable grid view
This will support onSave for top level grid views and m2m collection grid only.
-
Add search support in image-select widget
-
Add onCopy action support in form-view
This action will be execute after record is copied same as onLoad action in existing record.
-
Allow to configure client polling interval
Client poll menu tags each 10 seconds. On application with a large number of active users
and number of tags, this interval can lead to a number of performance issues.
application.polling-interval
property can be configured to define how often the client polls
in seconds. This isn't recommended to set a value lower than 10 seconds. -
Set quick menus height to fix value
-
Add stepper widget
This provides the ability to indicate progress through a multi-step process similarly to
NavSelect
.
It can be used onselection
,enum
andmany-to-one
fields. -
Improve advance search filters UI
Add search input to hide non matching filters. This will
provides better usage of filters in case many are displayed. -
Add onCopy action support in panel-related
This action will be call after duplicating record in o2m/m2m grid,
It will be used along with x-can-copy="true". -
Add context in search view action
Now in search-view, when click on go button to execute the action,
_searchContext is passed into action data context.Example :
_searchContext: {//All not null search fields
code: 'A',
product: {
id: 1,
name: 'P1',
version: 1
},//Selected search result ids group by model
_results: [
{
model: 'com.axelor.contact.db.Contact'
ids: [1, 2, 3]
},
{
model: 'com.axelor.sale.db.Product'
ids: [1, 2, 3]
}
],//Context params: _view, _source, _action, ...
} -
Add react template support on Help widget
-
Allow kanban onMove action to set values
In order to align with tree view node onMove action behavior,
kanban onMove action values are now taken into account. -
Add search-field support in dashboard
This allow to add search fields on top of the dashboard. Fields
can be filled when the dashboard loads withonInit
event. Fields
values will be add in context of all dashlets. -
Enhance relative time widget display
Relative time widget now displays
Date
data fields in a more
readable format: 'Today' if date is today, 'Tomorrow' if date is tomorrow,
'Yesterday' if date is yesterday, 'dddd' (day name) if date is within next week,
'Last dddd' if date is within last week, and asDateTime
otherwise.Also provide support in grid/tree views as well as in formatter.
-
Add onDelete action support in data views
This will allow to define onDelete action support in grid, form, cards,
kanban and calendar views.
This will trigger actions before the delete process. Any errors or validations
return during these actions should stop or/and suspend the execution. -
Add shortcut to create new sub line in tree-grid
When line is in edit mode, we can create new sub-line through
ctrl + enter to commit current row and add new sub line to it. -
Add support to display help or title on grid header column
On grid header columns, the field help (fallback to column title) will be displayed
as tooltip on mouse over. This is convenient for column with long title but low width. -
Save/Restore grid view state
When view is switched from grid, again back to grid then
state should be restored. -
Add color picker widget
This provides the ability to pick a color in a color picker popover for string data fields.
Supports attributesx-lite
to change the color picker to a basic color palette andx-color-picker-show-alpha
. -
Password reset functionality
Added built-in support for password reset functionality,
allowing users to request a password reset link if they have forgotten their password.Available new properties:
application.reset-password.enabled = true # (enabled by default) application.reset-password.max-age = 24 # (24 hours by default)
-
Add switch select widget
This provides the ability to pick a choice from a multiple-choice list.
It can be used onselection
,enum
andmany-to-one
fields.
It supports icons,x-direction
andx-labels
for hiding labels. -
Add support to reset dummy field value on save
By default all dummy fields values are retain on save in form view,
now with this option we can set x-reset-state="true" on dummy field
in order to reset it's value on save. By default it's false. -
Implement tree-grid widget support for grid view
Add tree-grid widget support for grid view with some limitations that apply to first-level rows:
- You can add a row to the bottom only, not between existing rows.
Ctrl+Enter
to add subitem is not supported.
-
Provide ability to search/filter items in quick menus
When there are more than 10 items in quick menus, a search
input is display on top in order to search/filter the items. -
Add support to display mail messages and followers on custom model
-
Enhance toggle widget display in readonly
-
Add views help link support
Add view help link support (based on
helpLink
attribute). This feature was present
on former version, but wasn't added during React migration.The help link button is now placed on end right side of the toolbar.
-
Add onMove node action support in tree-view
This action can be used to stop moving operation in tree view through sending errors or
it can be useful to set some values before saving the node move modification. -
Implement login customization
Add support for customizing the login page.
application.sign-in.logo = url # absolute or relative url, to have a login logo different from
application.logo
application.sign-in.title = html # translatable sanitized html, shown after logo in form login panel
application.sign-in.footer = html # translatable sanitized html, shown after form login panelapplication.sign-in.fields.username.show-title = true (default) | false
application.sign-in.fields.username.title = translatable text #Username
(default)
application.sign-in.fields.username.placeholder = translatable text # default is empty
application.sign-in.fields.username.icon = none (default) # Bootstrap or Material icon name ornone
to disable, shown as start adornmentapplication.sign-in.fields.password.show-title = true (default) | false
application.sign-in.fields.password.title = translatable text #Password
(default)
application.sign-in.fields.password.placeholder = translatable text # default is empty
application.sign-in.fields.password.icon = none (default) # Bootstrap or Material icon name ornone
to disable, shown as start adornmentapplication.sign-in.fields.tenant.show-title = true (default) | false
application.sign-in.fields.tenant.title = translatable text #Tenant
(default)Extra buttons inside form login panel using custom button names
application.sign-in.buttons..title = text
application.sign-in.buttons..type = button (default) | link # use Button or Link component
application.sign-in.buttons..variant = primary|secondary|success|danger|info|warning|light|dark # for button only
application.sign-in.buttons..icon = icon_name # Bootstrap or Material icon name, shown before title
application.sign-in.buttons..link = url # absolute or relative url with:username
support
application.sign-in.buttons..order = order # number relative to Login button (< 0 for before, >= 0 for after)Use
submit
button name to customize Login submit buttonapplication.sign-in.buttons.submit.title = Sign in
application.sign-in.buttons.submit.type = button
application.sign-in.buttons.submit.variant = primary
application.sign-in.buttons.submit.icon = noneFor translatable texts, you can add your translations to
custom_<language>.csv
files. -
Add support for tracking custom fields
-
Add icon, order, hidden and description support on enumeration.
Change
-
Upgrade Guava from 33.2.0 to 33.2.1
-
Upgrade Undertow from 2.2.32 to 2.2.33
-
Login page layout changes
L...
v7.1.7
7.1.7 (2024-10-07)
Change
-
Fix customize columns in grid view
When we do customize in grid view then
by default hidden columns should be excluded from the columns display list.
Fix
-
Fix inline o2m widget
-
Fix duplicate widget ids that could cause RangeError
-
Fix web services that can have request URI containing non-ASCII characters
-
Fix negative zero conversion
Decimal values between 0 and -1 do not become absolute.
For example, -0.5 is no longer converted to 0.5
v7.1.6
7.1.6 (2024-09-24)
Feature
-
Add views help link support
Add view help link support (based on
helpLink
attribute). This feature was present
on former version, but wasn't added during React migration.The help link button is now placed on end right side of the toolbar.
Fix
-
Validate URL without escaping it on grid
-
Prevent going into edit mode when clicking on an URL on editable grid
-
Change expand icon in tree-grid widget
- Use
>>
for items which contains children items - Use
>
for items which doesn't have any children
- Use
-
Fix updating custom fields having roles
-
Fix action-attrs column attributes for tree-grid widget
-
Fix show errors for custom fields
-
Fix translation and extraction of x-tree-field-title attribute
-
Fix o2m items version conflict when duplicating record
Security
-
Ask to retype current password on change password page
Instead of passing current password in state after login, ask to
retype current password on change password page.
v7.1.5
7.1.5 (2024-08-08)
Change
-
Always retain filters in grid view action context
On actions executed from grid views, we can fetch current filters applied
on the view usingrequest.getCriteria()
. it was initially only available if
there are no records selected. To be consistent, it should also be available
whatever records are selected or not. This shouldn't have any impact. Selected
records are available thought_ids
in context, the current filter through
request.getCriteria()
. -
Model field preferred over custom field when setting value
When a custom field has same name of model field, action called from
form view was updating field in form but action called from json editor
was updating field in the json editor. This was creating confusion
depending on where the action was called. To uniformize behavior, form
field gets preference over custom field (if same name). This can be
breaking change, but use a custom field name same as the model field one
isn't recommended.
Fix
-
Fix title not displayed on custom collection fields
-
Fix reload not triggered after notify if pending actions
-
Improve reference field data for json fields
-
Fix auto add new row in editable grid
-
Fix prefer hideIf over showIf in expression evaluation
When widget defines both expression i.e. showIf and hideIf then
it will first eval hideIf expression, if it returns true then
it is considered to be hidden true else it will take and eval result of showIf expression. -
Fix set custom fields attributes
This fixes updating custom fields attributes in views.
Custom field that are part of the default
attrs
json field, attributes can be updated either without prefix
(<attribute for="test" name="hidden" expr="eval: true"/>
) or without prefix
(<attribute for="attrs.test" name="hidden" expr="eval: true"/>
), no matter where the action is triggered in the
view. This means that whether the action is triggered from a field event or a button in the main form or from a field
event or button inside a json field, it works same.For custom fields that are part of other json fields, attributes have to be updated with their respective prefix
(<attribute for="myOtherJsonField.test" name="hidden" expr="eval: true"/>
) or if the action is executed inside the
json field, attributes can also be updated without prefix (<attribute for="test" name="hidden" expr="eval: true"/>
). -
Fix query domain on relational custom fields
-
Fix call save only when record is changed in popup editor
When form contains dummy fields or x-dirty="false" items then when record is saved
by clicking on ok, it should save record when those fields get changed regardless of
form is not dirty. -
Fix dirty issue for non-changed number value through action
-
Fix js expressions and attributes priority
js expressions have the priority over attributes set with action-attrs.
-
Fix selection-in support for radio/checkbox select
-
Fix hide columns through action-attrs in collection
-
Fix ensure m2o value for json fields
-
Fix kanban column title writing mode
When written vertically, multiline text should grow from right to left.
-
Fix details view should close on multiple selection of record
When multiple records are selected in grid view then
details view should be not open and should be close if opened. -
Fix canEdit/canView on TagSelect widget
Security
- Fix XSS vulnerability with message thread
v7.1.4
7.1.4 (2024-07-18)
Fix
-
Fix flashing issue on viewer in form view
Viewers are rendered when the form is ready, means that record is fetched.
This avoids flashing issue, especially withImage
inside viewers. -
Fix update custom fields
This fixes updating custom fields in views.
Custom field that are part of the defaultattrs
json field can be updated either without prefix
(<attribute for="test" name="value" expr="eval: "some""/>
) or without prefix
(<attribute for="attrs.test" name="value" expr="eval: "some""/>
), no matter where the action is triggered in the
view. This means that whether the action is triggered from a field event or a button in the main form or from a field
event or button inside a json field, it works same. For custom fields that are part of other json fields, they have
to be updated with their respective prefix :<attribute for="myOtherJsonField.test" name="value" expr="eval: "some""/>
.
Bothaction-attrs
andaction-record
are supported. -
Fix grid view pagination
When we switch between grid to form and form back to grid,
first time prev/next was having no effect. -
Fix search-fields panel frame in search view
-
Fix set action attrs value with attribute
-
Fix original value for json field in form view
-
Fix popup should not open on click of expand in tree-grid/expandable
-
Add expression attribute support in tree view button
Add support of readonly, hidden, hideIf, showIf, readonlyIf on tree-view button.
-
Fix entities updated/deleted in BeforeTransactionComplete observer