v7.2.1

7.2.1 (2024-10-17)

Feature

• Fix search bar value duplicated in other quick menus

• Always show tenant selection for non-hosts resolved tenants

• TagSelect x-color-field attribute is now compatible with hexadecimal color values

• Add /files/data-export?fileName and /files/report?link endpoints

  Add files endpoints accepting filename as query param instead of path param.

  This ensures URIs are ASCII only, complying with Shiro InvalidRequestFilter.

  Files endpoints using filename as path param are kept for backward compatibility and may be removed
  in later versions.

Change

• Re-enable Shiro global filters

  Shiro global filters are re-enabled, now that our endpoints comply with
  Shiro InvalidRequestFilter (ASCII-only URIs).

  User endpoints also need to make sure they use ASCII-only characters in URI.

Fix

• Fix version issue in editable m2m grid

• Fix ColorPicker popper to work even with invalid values

• Fix tenant selection at login when hosts are not specified

  Session may exist even if user is not logged in.
  Tenant specified from login request should override any session tenant.

• Fix data-description not translated on enum/selection

• Fix restore items state on save in form view

• Invalidate session when tenant becomes inactive

• Fix skip view dirty on editable m2m grid changes

Security

• Always rely on codes when fetching user from profile

  Any extends of com.axelor.auth.pac4j.AuthPac4jUserService.getUser should takes
  care to rely on fetch users by code only (instead of fetching by code and email).

  In case your application use SSO authentication, a carefully review is needed.
  As we now rely on users codes to retrieve users, make sure the users codes match
  the user profile username or email provided by the identity provider (we rely on
  pac4j user profile mapping for this). For example, OpenID Connect providers commonly
  use preferred_username claim as username,but for others such as Azure OpenID Connect
  provider, it will use the upn claim as username. As fallback is will use the email
  claim as email. In case of existing users codes not matching identity providers username
  or email, it will not retrieve them and users will not be able to log in. Manually change
  will be needed, by updating users codes with their email for example.

v7.1.8

7.1.8 (2024-10-17)

Security

• Always rely on codes when fetching user from profile

  Any extends of com.axelor.auth.pac4j.AuthPac4jUserService.getUser should takes
  care to rely on fetch users by code only (instead of fetching by code and email).

  In case your application use SSO authentication, a carefully review is needed.
  As we now rely on users codes to retrieve users, make sure the users codes match
  the user profile username or email provided by the identity provider (we rely on
  pac4j user profile mapping for this). For example, OpenID Connect providers commonly
  use preferred_username claim as username,but for others such as Azure OpenID Connect
  provider, it will use the upn claim as username. As fallback is will use the email
  claim as email. In case of existing users codes not matching identity providers username
  or email, it will not retrieve them and users will not be able to log in. Manually change
  will be needed, by updating users codes with their email for example.

v6.1.6

6.1.6 (2024-10-17)

Fixed

• Fix bpm module discovery
• Fix pending actions not launched after notify

Security

• Always rely on codes when fetching user from profile

  Any extends of com.axelor.auth.pac4j.AuthPac4jUserService.getUser should takes
  care to rely on fetch users by code only (instead of fetching by code and email).

  In case your application use SSO authentication, a carefully review is needed.
  As we now rely on users codes to retrieve users, make sure the users codes match
  the user profile username or email provided by the identity provider (we rely on
  pac4j user profile mapping for this). For example, OpenID Connect providers commonly
  use preferred_username claim as username,but for others such as Azure OpenID Connect
  provider, it will use the upn claim as username. As fallback is will use the email
  claim as email. In case of existing users codes not matching identity providers username
  or email, it will not retrieve them and users will not be able to log in. Manually change
  will be needed, by updating users codes with their email for example.

v6.0.5

6.0.5 (2024-10-17)

Fixed

• Fix dirty view when an editor contain a button
• Fix hidden panels/buttons in editor when the record changes
• Fix details from view attrs reset when reloading from grid/tab
• Fix onnew popup actions called with delay
• Fix tab refresh with HTML dashlet
• Fix auth provider settings exclusive and absolute-url-required

Security

• Always rely on codes when fetching user from profile

  Any extends of com.axelor.auth.pac4j.AuthPac4jUserService.getUser should takes
  care to rely on fetch users by code only (instead of fetching by code and email).

  In case your application use SSO authentication, a carefully review is needed.
  As we now rely on users codes to retrieve users, make sure the users codes match
  the user profile username or email provided by the identity provider (we rely on
  pac4j user profile mapping for this). For example, OpenID Connect providers commonly
  use preferred_username claim as username,but for others such as Azure OpenID Connect
  provider, it will use the upn claim as username. As fallback is will use the email
  claim as email. In case of existing users codes not matching identity providers username
  or email, it will not retrieve them and users will not be able to log in. Manually change
  will be needed, by updating users codes with their email for example.

v5.4.23

Release 5.4.23

v7.2.0

7.2.0 (2024-10-07)

Feature

• Add email widget support in grid view

• Add onDelete action support in panel-related

  This action will be call when removing record in o2m/m2m grid.

• Add summary view support in tree-grid

• Add error support on menus response

  Beside notify and info response, this also add error response support on menus actions.

• Support localization with IETF BCP 47 language tags and fall back to primary language subtags

• Add slider widget

  This provides the ability to select a value within a range.
  It can be used on integer and decimal fields.

• Add image field support in relational field

  Now we can use x-image-field="fieldName" attribute to show image in
  m2o (selection) and m2m (tag-select) for both grid and form views.

• Add onSave action support in editable grid view

  This will support onSave for top level grid views and m2m collection grid only.

• Add search support in image-select widget

• Add onCopy action support in form-view

  This action will be execute after record is copied same as onLoad action in existing record.

• Allow to configure client polling interval

  Client poll menu tags each 10 seconds. On application with a large number of active users
  and number of tags, this interval can lead to a number of performance issues.
  application.polling-interval property can be configured to define how often the client polls
  in seconds. This isn't recommended to set a value lower than 10 seconds.

• Set quick menus height to fix value

• Add stepper widget

  This provides the ability to indicate progress through a multi-step process similarly to NavSelect.
  It can be used on selection, enum and many-to-one fields.

• Improve advance search filters UI

  Add search input to hide non matching filters. This will
  provides better usage of filters in case many are displayed.

• Add onCopy action support in panel-related

  This action will be call after duplicating record in o2m/m2m grid,
  It will be used along with x-can-copy="true".

• Add context in search view action

  Now in search-view, when click on go button to execute the action,
  _searchContext is passed into action data context.

  Example :
  _searchContext: {

  //All not null search fields
  code: 'A',
  product: {
  id: 1,
  name: 'P1',
  version: 1
  },

  //Selected search result ids group by model
  _results: [
  {
  model: 'com.axelor.contact.db.Contact'
  ids: [1, 2, 3]
  },
  {
  model: 'com.axelor.sale.db.Product'
  ids: [1, 2, 3]
  }
  ],

  //Context params: _view, _source, _action, ...
  }

• Add react template support on Help widget

• Allow kanban onMove action to set values

  In order to align with tree view node onMove action behavior,
  kanban onMove action values are now taken into account.

• Add search-field support in dashboard

  This allow to add search fields on top of the dashboard. Fields
  can be filled when the dashboard loads with onInit event. Fields
  values will be add in context of all dashlets.

• Enhance relative time widget display

  Relative time widget now displays Date data fields in a more
  readable format: 'Today' if date is today, 'Tomorrow' if date is tomorrow,
  'Yesterday' if date is yesterday, 'dddd' (day name) if date is within next week,
  'Last dddd' if date is within last week, and as DateTime otherwise.

  Also provide support in grid/tree views as well as in formatter.

• Add onDelete action support in data views

  This will allow to define onDelete action support in grid, form, cards,
  kanban and calendar views.
  This will trigger actions before the delete process. Any errors or validations
  return during these actions should stop or/and suspend the execution.

• Add shortcut to create new sub line in tree-grid

  When line is in edit mode, we can create new sub-line through
  ctrl + enter to commit current row and add new sub line to it.

• Add support to display help or title on grid header column

  On grid header columns, the field help (fallback to column title) will be displayed
  as tooltip on mouse over. This is convenient for column with long title but low width.

• Save/Restore grid view state

  When view is switched from grid, again back to grid then
  state should be restored.

• Add color picker widget

  This provides the ability to pick a color in a color picker popover for string data fields.
  Supports attributes x-lite to change the color picker to a basic color palette and x-color-picker-show-alpha.

• Password reset functionality

  Added built-in support for password reset functionality,
  allowing users to request a password reset link if they have forgotten their password.

  Available new properties:

  application.reset-password.enabled = true # (enabled by default)
  application.reset-password.max-age = 24 # (24 hours by default)

• Add switch select widget

  This provides the ability to pick a choice from a multiple-choice list.
  It can be used on selection, enum and many-to-one fields.
  It supports icons, x-direction and x-labels for hiding labels.

• Add support to reset dummy field value on save

  By default all dummy fields values are retain on save in form view,
  now with this option we can set x-reset-state="true" on dummy field
  in order to reset it's value on save. By default it's false.

• Implement tree-grid widget support for grid view

  Add tree-grid widget support for grid view with some limitations that apply to first-level rows:

  • You can add a row to the bottom only, not between existing rows.
  • Ctrl+Enter to add subitem is not supported.

• Provide ability to search/filter items in quick menus

  When there are more than 10 items in quick menus, a search
  input is display on top in order to search/filter the items.

• Add support to display mail messages and followers on custom model

• Enhance toggle widget display in readonly

• Add views help link support

  Add view help link support (based on helpLink attribute). This feature was present
  on former version, but wasn't added during React migration.

  The help link button is now placed on end right side of the toolbar.

• Add onMove node action support in tree-view

  This action can be used to stop moving operation in tree view through sending errors or
  it can be useful to set some values before saving the node move modification.

• Implement login customization

  Add support for customizing the login page.

  application.sign-in.logo = url # absolute or relative url, to have a login logo different from application.logo
  application.sign-in.title = html # translatable sanitized html, shown after logo in form login panel
  application.sign-in.footer = html # translatable sanitized html, shown after form login panel

  application.sign-in.fields.username.show-title = true (default) | false
  application.sign-in.fields.username.title = translatable text # Username (default)
  application.sign-in.fields.username.placeholder = translatable text # default is empty
  application.sign-in.fields.username.icon = none (default) # Bootstrap or Material icon name or none to disable, shown as start adornment

  application.sign-in.fields.password.show-title = true (default) | false
  application.sign-in.fields.password.title = translatable text # Password (default)
  application.sign-in.fields.password.placeholder = translatable text # default is empty
  application.sign-in.fields.password.icon = none (default) # Bootstrap or Material icon name or none to disable, shown as start adornment

  application.sign-in.fields.tenant.show-title = true (default) | false
  application.sign-in.fields.tenant.title = translatable text # Tenant (default)

  Extra buttons inside form login panel using custom button names

  application.sign-in.buttons..title = text
  application.sign-in.buttons..type = button (default) | link # use Button or Link component
  application.sign-in.buttons..variant = primary|secondary|success|danger|info|warning|light|dark # for button only
  application.sign-in.buttons..icon = icon_name # Bootstrap or Material icon name, shown before title
  application.sign-in.buttons..link = url # absolute or relative url with :username support
  application.sign-in.buttons..order = order # number relative to Login button (< 0 for before, >= 0 for after)

  Use submit button name to customize Login submit button

  application.sign-in.buttons.submit.title = Sign in
  application.sign-in.buttons.submit.type = button
  application.sign-in.buttons.submit.variant = primary
  application.sign-in.buttons.submit.icon = none

  For translatable texts, you can add your translations to custom_<language>.csv files.

• Add support for tracking custom fields

• Add icon, order, hidden and description support on enumeration.

Change

• Upgrade Guava from 33.2.0 to 33.2.1

• Upgrade Undertow from 2.2.32 to 2.2.33

• Login page layout changes

  L...

v7.1.7

7.1.7 (2024-10-07)

Change

• Fix customize columns in grid view

  When we do customize in grid view then
  by default hidden columns should be excluded from the columns display list.

Fix

• Fix inline o2m widget

• Fix duplicate widget ids that could cause RangeError

• Fix web services that can have request URI containing non-ASCII characters

• Fix negative zero conversion

  Decimal values between 0 and -1 do not become absolute.
  For example, -0.5 is no longer converted to 0.5

v7.1.6

7.1.6 (2024-09-24)

Feature

• Add views help link support

  Add view help link support (based on helpLink attribute). This feature was present
  on former version, but wasn't added during React migration.

  The help link button is now placed on end right side of the toolbar.

Fix

• Validate URL without escaping it on grid

• Prevent going into edit mode when clicking on an URL on editable grid

• Change expand icon in tree-grid widget

  • Use >> for items which contains children items
  • Use > for items which doesn't have any children

• Fix updating custom fields having roles

• Fix action-attrs column attributes for tree-grid widget

• Fix show errors for custom fields

• Fix translation and extraction of x-tree-field-title attribute

• Fix o2m items version conflict when duplicating record

Security

• Ask to retype current password on change password page

  Instead of passing current password in state after login, ask to
  retype current password on change password page.

v7.1.5

7.1.5 (2024-08-08)

Change

• Always retain filters in grid view action context

  On actions executed from grid views, we can fetch current filters applied
  on the view using request.getCriteria(). it was initially only available if
  there are no records selected. To be consistent, it should also be available
  whatever records are selected or not. This shouldn't have any impact. Selected
  records are available thought _ids in context, the current filter through
  request.getCriteria().

• Model field preferred over custom field when setting value

  When a custom field has same name of model field, action called from
  form view was updating field in form but action called from json editor
  was updating field in the json editor. This was creating confusion
  depending on where the action was called. To uniformize behavior, form
  field gets preference over custom field (if same name). This can be
  breaking change, but use a custom field name same as the model field one
  isn't recommended.

Fix

• Fix title not displayed on custom collection fields

• Fix reload not triggered after notify if pending actions

• Improve reference field data for json fields

• Fix auto add new row in editable grid

• Fix prefer hideIf over showIf in expression evaluation

  When widget defines both expression i.e. showIf and hideIf then
  it will first eval hideIf expression, if it returns true then
  it is considered to be hidden true else it will take and eval result of showIf expression.

• Fix set custom fields attributes

  This fixes updating custom fields attributes in views.

  Custom field that are part of the default attrs json field, attributes can be updated either without prefix
  (<attribute for="test" name="hidden" expr="eval: true"/>) or without prefix
  (<attribute for="attrs.test" name="hidden" expr="eval: true"/>), no matter where the action is triggered in the
  view. This means that whether the action is triggered from a field event or a button in the main form or from a field
  event or button inside a json field, it works same.

  For custom fields that are part of other json fields, attributes have to be updated with their respective prefix
  (<attribute for="myOtherJsonField.test" name="hidden" expr="eval: true"/>) or if the action is executed inside the
  json field, attributes can also be updated without prefix (<attribute for="test" name="hidden" expr="eval: true"/>).

• Fix query domain on relational custom fields

• Fix call save only when record is changed in popup editor

  When form contains dummy fields or x-dirty="false" items then when record is saved
  by clicking on ok, it should save record when those fields get changed regardless of
  form is not dirty.

• Fix dirty issue for non-changed number value through action

• Fix js expressions and attributes priority

  js expressions have the priority over attributes set with action-attrs.

• Fix selection-in support for radio/checkbox select

• Fix hide columns through action-attrs in collection

• Fix ensure m2o value for json fields

• Fix kanban column title writing mode

  When written vertically, multiline text should grow from right to left.

• Fix details view should close on multiple selection of record

  When multiple records are selected in grid view then
  details view should be not open and should be close if opened.

• Fix canEdit/canView on TagSelect widget

Security

• Fix XSS vulnerability with message thread

v7.1.4

7.1.4 (2024-07-18)

Fix

• Fix flashing issue on viewer in form view

  Viewers are rendered when the form is ready, means that record is fetched.
  This avoids flashing issue, especially with Image inside viewers.

• Fix update custom fields

  This fixes updating custom fields in views.
  Custom field that are part of the default attrs json field can be updated either without prefix
  (<attribute for="test" name="value" expr="eval: "some""/>) or without prefix
  (<attribute for="attrs.test" name="value" expr="eval: "some""/>), no matter where the action is triggered in the
  view. This means that whether the action is triggered from a field event or a button in the main form or from a field
  event or button inside a json field, it works same. For custom fields that are part of other json fields, they have
  to be updated with their respective prefix : <attribute for="myOtherJsonField.test" name="value" expr="eval: "some""/>.
  Both action-attrs and action-record are supported.

• Fix grid view pagination

  When we switch between grid to form and form back to grid,
  first time prev/next was having no effect.

• Fix search-fields panel frame in search view

• Fix set action attrs value with attribute

• Fix original value for json field in form view

• Fix popup should not open on click of expand in tree-grid/expandable

• Add expression attribute support in tree view button

  Add support of readonly, hidden, hideIf, showIf, readonlyIf on tree-view button.

• Fix entities updated/deleted in BeforeTransactionComplete observer