General
Security
Please note our Statement regarding the Security Improvements here:
And make adjustments to Permissions for Forms, Actions 2.0, Sections as needed.
Procedure
Please make a backup of your entire configuration this may include the following files. You can download the entire folder directly via <yourInstance.com>/config by rightclick on a folder and select download.
Upload the new icon-badge.png
Shut down the portrait instance via docker-compose down. (stop is not enough)
Update the application-prod.yml - details below
Update the .env file to use the latest version:
Example: (use the latest 7.x that is available) see https://install.portrait.app/ for all versionsBACKEND_TAG=7.0.0 FRONTEND_TAG=7.0.0 PYTHON_RUNTIME_TAG=7.0.0
Startup the instance via docker-compose up -d
RECOMMENDED: Elasticsearch Index Space Optimization
Go to the sources config in the admin view and DELETE all ELO indexes.
Restart Portrait to rebuild the indexes completely
If you have a larger YML Config you could also upgrade smaller parts by commenting out some parts and go from there.
Upload new Icon
We extended the icon sets for push notifications. A new icon ‘logo-badge.png’ has been added.
Download this file and add it to the icons folder. As this icon requires specific formats (format, transparency, …) in order to be correctly displayed by multiple devices we recommend to use the default one we provide.
File:
technical details https://notifications.spec.whatwg.org/#badge-resource
The icon will be shown based on the users os and design. Example on android
Application Config Update (application-prod.yml)
These Guide mainly describes the breaking changes and needed updates in order to migrate old instances. For a full list of new features see our full release notes https://portrait.atlassian.net/wiki/pages/resumedraft.action?draftId=1029117068
Section
Actions:
For Links that were previously build with handlebars in the source. These can now be build with directly in the section. In addition you can specify conditions whenever a link should be displayed for an entry or not.
Details:
Actions for links:
before
- label: 'Manufacturer Info' key: 'CtaManufacturerInfo' type: 'action' icon: 'info' appearance: 'primary' showInTableHeader: false showInDetailList: true
after
actions:
- label: 'Manufacturer Info {{Name}}' # Handlebar
key: 'CtaManufacturerInfo'
type: 'LINK' # [LINK, FORM ]
condition:
- expression: '{{gt Amount 0}}'
value: 'https://www.google.com?q={{ModelCode}}'
icon: 'info' # Handlebar
Actions for triggering forms:
before
- label: 'Bearbeiten'
type: 'form'
key: 'edit_vacation'
icon: 'edit'
showInTableHeader: false
showInDetailList: true
options:
forwardFields:
- key
- VACATION_EMAIL
- VACATION_DATE
- VACATION_STATUS
after
actions:
- label: 'Bearbeiten' # Handlebar
key: 'edit_vacation'
type: 'FORM' # [LINK, FORM ]
condition:
- expression: "{{eq VACATION_EMAIL PORTRAIT_USER_EMAIL}}"
value: 'edit_vacation'
icon: 'info' # Handlebar
forwardFields:
- key
- VACATION_EMAIL
- VACATION_DATE
- VACATION_STATUS
Inline Image in HTML
If you previously used the indexing of Files to display Images inline via HTML you have to set a flag to store the files in the public directory.
Enable Public cache folder
publicCache: true
full example:
sourceSpecific:
mask: Application Entry
files:
publicCache: true
nesting: 1
mask: Application Attachment
Disable File download - optional
In addition you may want to disable the download of these files now:
- name: sectionid disableFiles: true
see
https://portrait.atlassian.net/wiki/spaces/PA7/pages/edit-v2/1029117068#ELO-Sources-Files-Indexing
Example disabledFiles: false (default)
Example disabledFiles: true
Handlebars - Field Processors
ELO GUID
With this version we switch to a more classic approach how ELO uses GUIDS. In ELO the identifier for an SORD is in there form of
Example
BEFORE | AFTER |
|---|---|
value: '{{#if SHARE_PARENT_ELOGUID}}[Open](https://organigram.tuev.at/complete/{{substring SHARE_PARENT_ELOGUID 1 37 }}/hi){{/if}}'
| value: '{{#if SHARE_PARENT_ELOGUID}}[Open](https://organigram.tuev.at/complete/{{SHARE_PARENT_ELOGUID}}/hi){{/if}}'
|
|
|
|
|
A practical example where this is needed is the Orgchart view
additional Helper
We added a bunch of new helpers. Check them out and optimize your config as needed.
https://portrait.atlassian.net/wiki/spaces/PA7/pages/1029114243/Field+Processors#In
Source
ELO Adminbase and Chaosablage
When indexing Elements within the Administrationbase (“Administration” Folder) and “Chaosablage” results are per default now ignored this can be changed with
sourceSpecific:
blacklistChaosablage: false #default, if not set: true
blacklistAdministration: false #default, if not set: true
You can also
Details
SQL Sources
The syntax how parameter are set in SQL changed in this version.
Old Format:
- id: updateCompany
onSubmit:
type: SQL
connection: organigram
query: |
UPDATE DemoOrganigram
SET NAME = '{{name}}', PARENT_LABELS = '{{PARENT_LABELS}}', COUNTRY = '{{COUNTRY}}', REGION = '{{REGION}}', GF = '{{GF}}', SUB_COMPANIES = '{{SUB_COMPANIES}}'
WHERE ID = '{{ID}}';
New Format
- id: updateCompany
onSubmit:
type: SQL
mode: UPDATE
source: demo-organigram # used to get access to ORIGIN_ID for improved security
connection: organigram # the database connection the update statement should run against
fieldProcessor: # Useful for optional fields which otherwise could not be set in the SQL statement
- field: NAME
value: "{{NAME}}"
- field: PARENT_LABELS
value: "{{PARENT_LABELS}}"
- field: COUNTRY
value: "{{COUNTRY}}"
- field: REGION
value: "{{REGION}}"
- field: GF
value: "{{GF}}"
- field: SUB_COMPANIES
value: "{{SUB_COMPANIES}}"
query: |
UPDATE DemoOrganigram
SET NAME = :NAME, PARENT_LABELS = :PARENT_LABELS, COUNTRY = :COUNTRY, REGION = :REGION, GF = :GF, SUB_COMPANIES = :SUB_COMPANIES
WHERE ID = :ORIGIN_ID;
details https://portrait.atlassian.net/wiki/x/pQNXPQ
Forms based on existing Entries - Mode and Scope
We recommend that you rework forms which are updating existing entries to increase security by using Mode Update and Scope Strict. This way input validation will be forced and allows you to get a consistent datastore all the time.