GitLab

Introduce the option to create a new party group while placing the quotes in the system.

The checksum part was missing in Windows init-gradle-wrapper.ps1 script

Fixed: Service calls of "createPartyContactMech" now include the needed contactMechTypeId (OFBIZ-12175) (#292)

Fixes PartyServices.java lines too long
Error Description	                        Line
La ligne excède 150 caractères (trouvé 178).	2621
La ligne excède 150 caractères (trouvé 178).	2638
La ligne excède 150 caractères (trouvé 191).	2655

FacilityLocationGeoPoint (OFBIZ-12222)

Adds a service to delete a FacilityLocationGeoPoint

Fixed: Service calls of "createPartyContactMech" now include the needed contactMechTypeId (OFBIZ-12175) (#292)

This was broken by OFBIZ-8358 where, as well explained at OFBIZ-12175, "createPartyContactMech Service has been changed to expect an OUT contactMechTypeId paramter and the call on this end has not been modified."

Forgot to change ListOfSafeObjectsForInputStream to allowList in UtilObjectTests

In SafeObjectInputStream.properties
  Renames listOfSafeObjectsForInputStream to allowList and fixes it
  Introduces a denyList

Adapts SafeObjectInputStream class to new denyList

Prevents generics markup in string type names.

As encountered in OFBIZ-6510, the ModelInduceFromDb does currently not include entity relations and foreign key constraints. Since they are an important part of the database model, we should fix that.

I could track down the problem to an incomplete invocation of the ModelEntity through the constructor used in the DatabaseUtil.induceModelFromDb() Methods. This constructor does not initialize the Relations.

Problem is, that the ModelEntity initialized through the "DB Names Constructor" does not cover references in its current state at all.

While working on an implementation I realized, that the API is not very congruent in this regards. I would expect that I could initialize ModelRelations the same way ModelFields are initialized in this context:

The create() Method takes a ModelEntity, DatabaseUtil.ColumnCheckInfo (respectively a DatabaseUtil.ReferenceCheckInfo) and a ModelFieldTypeReader (that could be left out for references) and creates ModelField (ModelRelation) objects that are added to the ModelEntity.

But that is not the case at the moment. On one hand not all fields that would be necessary are covered in the DatabaseUtil.ReferenceCheckInfo Objects (e.g. "type" is missing), on the other the object is missing public getters to make the values available in the first place.

Thanks a bunch Benjamin, nice add !

Documents that the EntitySync feature is no longer available OOTB.
You need first to re allow the HTTP engine

Removes "DiskFileItem, FileItemHeadersImpl are not serializable" case. It does
not appear in trunk.

Handling with exception Rather than returning null cleans UtilObject class.

Restrict unauthorized deserialisations to java.rmi instead of java.rmi.server

The SOAP and HTTP engines are open doors to security issues.
At https://markmail.org/message/pgtjyh23bazq4s2w I proposed to comment them out
as we did for RMI in the past.
Of cause it must be clearly documented how to use them if needed.

Here is the email content:

    After the recent fix for the CVE-2021-26295[1] we discussed with the security
    team about the opportunity need to comment out the SOAP and HTTP engines
    like we did in the past for RMI[2], this obviously for security reason.

    [1] OFBIZ-12167 "Adds a blacklist (to be
    renamed soon to denylist) in Java serialisation (CVE-2021-26295)"
    [2] OFBIZ-6942 "Comment out RMI related
    code because of the Java deserialization issue [CVE-2016-2170] "

I just put a small comment in webtools controller, it should be enough.

The tests pass

The addImageForProduct  process is not directly uploading a file but renames it
before.So there is a hyphen, and possibly a pair or parenthesis in case of
duplicate files, added to the file name.

In this commit I have also added the possibility to use underscores and spaces
in the original filename

For an unknown reason (I did not dig in), in uploadProductImages
result.productId = parameters.productId must be set at start and not end
because parameters.productId does not exist at end. I guess because of the call
to addMultipleuploadForProduct, but as I said I did not dig in.

Also updateStatusImageManagement did not return productId

Unrelated removes an useless new line in ImageManagementServices.java

1. Navigate to URL: accounting/control/IncomeStatement?organizationPartyId=Company
2. In income statement section click on export as csv button.
3. The exported csv has correct balance but with invalid currency symbol.
4. On screen USD $ symbol is shown and in csv some other currency symbol is shown.

Thanks: Lalit Dashora for report, Praveen Sharma for the fix

Fixed: ChangeReason was not being set on OrderStatus when orderItem was marked cancelled with reason.
(OFBIZ-12210)
Thanks Lalit Dashora for reporting the issue and providing the patch.

Improved: Improve all the service level error messages for missing required field for webtools component.
(OFBIZ-8717)
Thanks Ritesh Kumar for providing the patch.

Fixes an issue reported by 赖涵 <1044309102@qq.com>: "Any file upload and delete
in latest Apache OFBiz"

It was a simple syntax error on my side

Improves the error message for the file name part

Not a big deal but better use java.util.UUID there.

Currently we don't declare any dependency on PDFBox. I guess because it's used
as a 3rd party by another lib. Fortunately it's easily done.

Like for createGlReconciliation at OFBIZ-10675 it must be that this has never
been tested nor used by anybody. In relation with OFBIZ-10675, took me hours to
understand that it was only missing an INOUT instead of a simple IN :/

https://demo-trunk.ofbiz.apache.org/accounting/control/createGlReconciliation
When entering an amount and submitting the data an error is thrown.

jleroux:
EditFinAccountReconciliation form extends EditGlReconciliation. There
glReconciliationId and reconciledBalance fields are already present.
So adding them in EditFinAccountReconciliation  is wrong. On the other hand the
display of reconciledBalance is better in EditFinAccountReconciliation.
So I moved it there.

Thanks: Pierre Smits for report and Mohammed Rehan Khan for initial patch

See accounting/control/EditFinAccountReconciliations?finAccountId=ABN_CHECKING

Removes the unwanted condition to include duplicate reconciledBalance filed
which was the cause of the issue.

Thanks: Pierre Smits for report, Mohammed Rehan Khan for the fix

Documented:migrated Wiki How to Create the main Company in Party Manager to user-manual (OFBIZ-12065)

Add a link to the video of the tutorial running
Thanks to Aditya Sharma for put it on Youtube

Pre-amble

Currently, unlike many other entities, the Agreement entity does not have the
statusId field defined. Agreements, like the other entities, should have a
status (values that help determine the phase of the lifespan beyond
the start- and end date of the agreement), such as:

    Created
    In Progress
    Approved
    etc.

Flows
    Happy flows:
        Happy flow a) created ->b) submitted (for review) -> c) reviewed ->
                   d) approved -> e) in effect -> f) concluded (ended)
        Same, with more flow: a) created ->b) submitted (for review) ->
                   c) reviewed -> d) adjusted -> e) reviewed -> f) approved ->
                   g) in effect -> h) concluded (ended)
    Unhappy flows:
        Unhappy flow: a) created ->b) submitted (for review) -> c) reviewed ->
                      d) cancelled
        Same, with more flow: a) created ->b) submitted (for review) ->
                      c) reviewed -> d) adjusted -> e) reviewed -> f) cancelled
    Prematurely ended flows:
        Nipped in the bud flow a) created  -> b) cancelled
    flows from approval (in effect or in execution) till the end-of-times
        a) approved -> b) in effect -> c) concluded (ended)
        a) approved -> b) in effect -> c) terminated (prematurely ended)

Party Roles

Following Party Roles are involved:

    Agreement Creator - the party (person) that creates, edit, updates and
                        submits the agreement for review
    Agreement Reviewer - the party (person) that reviews the agreement on its
                         merits and impact for the company/organisation
    Agreement Approver - the party (person) that, based on law, regulations
                         and/or business policies approves (or rejects) the
                         agreement
    Agreement Manager - the party (person) that manages the execution of terms
                        of the agreement after the approval till the end-of-times
    Agreement Owner - the Party (party group with roleTypeId INTERNAL_ORGANIZATIO,
                       and  and registered in PartyAcctgPreference) that is
                       legally bound by the agreement

jleroux: this lacks demo data but can still be useful

Thanks: Pierre Smits

(OFBIZ-12163)

(OFBIZ-11599)

Thanks: Nameet for report and fix and Jacopo for test.

Updates the documentation for Windows and Gradle wrapper download, needs
Powershell

Conflicts handled by hand
  README.adoc

Conflicts handled by hand
  README.adoc

Updates init-gradle-wrapper.bat
  to exit if Gradle wrapper already exists
  to start PowerShell (>=7) in admin mode, this to be able to use Set-ItemProperty

Updates init-gradle-wrapper.ps1
 to removes exit if Gradle wrapper already exists
 to create the gradle/wrapper dir if necessary
 to handle the ConstrainedLanguage mode if necessary

Conflicts handled by hand
  gradle/init-gradle-wrapper.ps1

Conflicts handled by hand
  gradle/init-gradle-wrapper.ps1

(OFBIZ-12192)

Changes script to use the proper Gradle wrapper version. Changes the
download url from Bintray to Gradle GitHub repository and removes the
backup link. Adjusts the sha checksums accordingly.

The Gradle download link pulls a gradle-wrapper.properties file which
references services.gradle.org/distributions/gradle-6.5-bin.zip instead
of a 6.5.1 distribution. This was left this way for consistency.

Fixes wrong C/P done with r1865370

It works if we downgrade Freemarker to 2.3.28 as in R18 and even using 2.3.29,
not 2.3.30.

Handles things at the Groovy level, ie put in context, rather than creating
in Freemarker template.

It's backported, even if it's not a pb but in trunk, because it's a (low)
security issue.

Removes SqlJdbcUtil::deserializeField and its usage

BY accident I formatted the whole. I had to complete it by hand and I think
it's better as is

This due for many years

NOTE DEJ20071022: the use of ByteWrapper is not recommended and is deprecated,
only old data should be stored that way.

I have still to verify the implication of removing
deserializeField() in SqlJdbcUtil.getValue()