Upgrading to 10.1
New Features
Workflow Changes
- New Workflow Functions
- Workflow Debugger Changes
Calendar Changes
Security Compliance
Changes
Updates

Upgrading to 10.1

Software Requirements

To run Calpendo version 10.1, you should use:

Java 8 or Java 11
MariaDB 10.0 or later (with 10.1.2 or later recommended)
- MariaDB 10.1.2 introduced millisecond time precision which is used in system events and the workflow debugger.
An alternative to MariaDB is MySQL 5.7.6 or later.
- MySQL 5.7.6 introduced generated columns which are a required feature
Tomcat 7.0, 8.0, 8.5 or 9.0 (Tomcat 10.0 and later are not supported)

It is also recommended that you do not run your database with the default value of innodb_buffer_pool_size, which is 128MB. This is because we can run out of database locks which causes issues. Increasing innodb_buffer_pool_size means this is less likely to be a problem.

You should have a setting like this:

innodb_buffer_pool_size = 2G

applied in your MySQL or MariaDB settings. The actual figure you use will need to depend on the amount of RAM you have, and so won't necessarily be the 2GB shown.

See the MySQL or MariaDB documentation.

Before Upgrading To Version 10.1

If you are upgrading from version 9.0.x or earlier, then:

It is essential that you read the upgrade instructions in the 10.0 release notes.
You can upgrade directly from 9.0.73 or later to the latest version of 10.1.
You should upgrade to the latest 9.0.x before upgrading to 10.1.

If you are upgrading from version 10.0.x to 10.1, then:

This is considered a small upgrade that is very quick (taking seconds).
You can upgrade from any version of 10.0.x to 10.1

How To Perform The Upgrade

Upgrading from any version to the latest (including applying bug fix updates) should be done with the following procedure:

Stop tomcat
For major upgrades, you must create a backup of your database before proceeding. For minor upgrades, it is recommended to create a backup, but it is less important. After having stopped tomcat, the typical command required is:
```
mysqldump -u USERNAME -p calpendo > calpendo.sql
```
or, depending on your system:
```
sudo mysqldump calpendo > calpendo.sql
```
Save the hibernate.cfg.xml and log4j.properties files from your existing webapps/Calpendo/WEB-INF/classes directory
Take the Calpendo directory from the tar.gz download, and replace your existing webapps/Calpendo with it.
Put the saved hibernate.cfg.xml and log4j.properties files into the new directory.
Make sure you do not have both old and new versions in the webapps directory at the same time, unless they point to a different database. Booting multiple versions of Calpendo that point to the same database will cause problems and is best avoided.
Restart tomcat

Downgrading between major releases is not normally supported, and downgrading from 10.1 to 10.0 is not supported. The general procedure for downgrading is:

Stop tomcat
Drop the calpendo database and recreate it
Rebuild the calpendo database from a backup
Change the Calpendo directory under tomcat to be the previous version
Restart Calpendo.

Do not merely load an old database on top of an upgraded or partially upgraded database and run an old Calpendo. It will break things, but possibly not until you come to do another upgrade, by which time it may be too late to fix things easily.

If Things Go Wrong

Locate The Log File

Upgrades from 10.0.x are unlikely to go wrong. If you're upgrading directly from 9.0.x, then there is a greater chance of an error during the upgrade as it performs many changes to the data.

The most useful thing to do is to be able to locate the log file generated during the upgrade. If you're using Linux, then it may be in one of these directories depending on your distribution:

/var/log/tomcat*
/usr/share/tomcat*/logs

The name of the file will depend upon the setting in your WEB-INF/classes/log4j.properties file that you might have customised when first installing Calpendo. The default name is "calpendo.log", which means the log file may be in /var/log/tomcat*/calpendo.log (with the exact name of the directory depending upon your distribution and the version of tomcat installed).

Please send a copy of the log file to support@exprodo.com so that we can help diagnose and fix the problem.

Database Restarts During Upgrade

If the database server stops and restarts during the upgrade, then it may be that MySQL/MariaDB require a large buffer pool size. This requires a similar to this:

innodb_buffer_pool_size = 4G

See the MySQL or MariaDB documentation.

New Features

Clinical Trials Management System (CTMS)

This is a new module that provides support for running clinical trials with Calpendo.

This means that all the behaviour that was present in Calpendo's sister application, Exprodo SDM (Study Data Management), has been incorporated into Calpendo as a module, but this goes further.

This means:

Calpendo helps manage the processes that happen on the day of a visit so that it can track which patients have arrived, who they are now with, whether they have left etc.
For longitudinal studies, you can specify the visits each subject is expected to have, as well as the tasks to be undertaken at each visit.
Subjects can be enrolled into a study, and their tentative appointments automatically created at the appropriate dates.
Optionally, each study can set up relationships between tasks and visits so that a change to the date/time of an appointment can change the date/time of subsequent appointments.
Appointments appear on the bookings calendar so you can see them alongside everything else.
Each task can have an ancillary resource that should be booked along with the task so that where rooms, scanners or people etc are required for each task, they can be linked to the appointment.

Formatting Numbers

You can now put a format specifier on any numeric property in a layout and also in the bakery.

This allows you to use a format like $#,###.00 to force a number to have a certain number of decimal places and a thousands separator.

If you don't specify a format in a layout, then the format (if any) in the bakery will be used.

When data is displayed on screen in a report, then the format in the bakery will be used.

The layout format is not used for reports.

Page History

There's now a page that will show the history of recent pages that you've visited. You can reach the page by selecting the new menu item Help->Page History or by clicking the link in the top-right corner of every page that shows the name of the current page.

Note that this history is not saved to the database, and it is not shared between browser tabs.

Database Analysis

When one logs in as a root user, you can now see an additional tab of the bakery's database analysis tool that provides foreign key constraint analysis.

All foreign key constraints are checked to see if they appear to be properly defined and required. Any that appear erroneous have a button that can be clicked to delete them.

After deleting foreign key constraints, one should click the "Update DB Schema" button so that new foreign key constraints can be generated, if they are required.

The part of the database analysis tool that shows the tables and columns has also has its accuracy improved. This includes separating the information on the property name associated with each database column into two columns. One for the name of the property, and one for a description. The description of a property is sometimes text generated by the tool to describe it, and sometimes the label for a user-defined property.

Layout Changes

The layout editor has a new option for how to display a tab of properties.

The old option "Simple table" has been relabelled "Standard table", but is otherwise unchanged.

There's a new option "Plain unstyled table" that behaves the same as "Standard Table", but does not show alternate rows with a different background colour, or change the row highlight as your mouse passes over it.

This means it is a simple table that you can style, or not, as you desire.

Custom Permissions Messages

Historically, we have always had a "permission denied" standard message when an action has been prevented due to permissions. There are some specific scenarios in which a custom message is provided, but there was no way to configure a permission to provide a particular message to users. We now allow such messages.

The messages can be used in two ways:

When a button is greyed out because of a permission, then the button's tooltip may contain the message from the defining permission.
When a "Permission denied" message is displayed, then the defining permission's message may be included in the message.

Note that this is not a perfect system for displaying messages that explain why you cannot do something. There are several reasons for this:

The permissions may apply in an order that means a different permission was the "definitive" one. That is, the one that was chosen as the cause of the final choice to deny you permission.
You might be denied permission because no permissions apply that would otherwise grant you the right to do something. In other words, you might find a "fallback" permission is the definitive one, and it is not normally useful to define a message on a fallback permission.
Some permissions may be quite generic in nature, and may not be a good candidate for providing a message.

Another thing to notice is that if you wish to provide good messages to people, then it may be that you should create more permissions than you would otherwise require.

For example, if you want to prevent somebody from deleting any instance of a particular data type, then you might do so with a fallback permission that applies to many data types.

However, you might add extra permissions specifically targeted at that data type just so that you can provide a custom message for what somebody sees when trying to delete an instance.

If you have many permissions, and you want to avoid or delay setting a good message on all of them, then there is another option. You can now also arrange for the name of the permission to be displayed when a permission is seen to be the cause of a permission denied error, and there is no custom message specified on the permission itself.

This is not necessarily something you would also want turned on because permission names may not have been configured with this use in mind. As such, the language it uses is probably not the same as you would choose to use as an error message.

Nevertheless, it can be useful for short term debugging situations.

To enable this, follow these steps:

Search for "Verbose" in the general search page.
Add a condition to show those whose name includes "Perm"
Run the report and click on the one whose name is:

com.springsolutions.perms.core.PermissionCache$PermissionsResult

Edit it to set its verbose property to true.
Refresh your browser

If you want this disabled again, then repeat the process, but now set the verbose property to false.

Database Supplied Values

For a very long time, you've been able to mark properties in the bakery as being automated. This means that a value will be set for it somehow, and the user will never be able to provide a value. Typically, you would do this when the value is going to be assigned by a workflow.

There's another class of property though, where no value is set by Exprodo at all, and the value is generated in the database somehow. This might be via a database column defined as an auto-increment, or by an external process that assigns a value through a script or something else.

In these cases, we'd like Exprodo to be told the value is externally provided so that it never allows a value to be written to the database, either by the user or by a workflow.

For this, there is now a new attribute you can set on a PropertyDef in the bakery called"Database Supplied".

If you set this to true, then the property will also be marked as automated. A user won't be able to specify a value for it. A workflow will be allowed to set a value on the property, but that value will not be written out to the database.

A typical scheme would be to set up a column that is an integer that automatically increments each time a new object is created. We used to use this for the id of every biskit. However, the upgrade to version 10 means those ids became 64 bit integers instead of 32 bit integers, and the ids now encode the data and time when the id was generated.

If you want a simple incrementing integer property on a biskit, then you would create an integer property and mark it as database supplied. You would then configure it in the database to be auto-incremented. For example:

alter table YOURTABLE add YOURCOLUMN int(11) not null auto increment unique;

Alternatively, if you have rows in the table that existed before the upgrade to version 10, and you want to make the new auto-increment column have the value of the original id where possible, then you can do so with this:

alter table YOURTABLE add YOURCOLUMN int(11) default null;
update YOURTABLE set YOURCOLUMN=YOURID>>10 where YOURID < 54000000000;
set @number=(select max(YOURCOLUMN) from YOURTABLE);
update YOURTABLE set YOURCOLUMN=(@number := @number + 1) where YOURCOLUMN is null;
alter table YOURTABLE add UNIQUE KEY `UK_YOURTABLE_YOURCOLUMN` (`YOURCOLUMN`);
alter table YOURTABLE change YOURCOLUMN YOURCOLUMN int(11) NOT NULL AUTO_INCREMENT;

In all of the above:

YOURTABLE is the database table being changed
YOURCOLUMN is the name of the column that contains the auto-increment value
YOURID is the name of primary key column in table YOURTABLE

NOTE: If you mark a property as being database-supplied, then you must also mark it as being fully automated. If you do not, then you will be given a validation error on trying to save your changes.

String Column Type

A MySQL/MariaDB table row is limited to the size each row can consume, with different kinds of limits applying. Each column takes up some of this, depending on what type of column it is.

A StringEnum property is defined as a "varchar(255)" and takes 255 bytes, or more if it is defined as a utf8mb4 column.

A String property is defined as a "longtext", which can store more than the 255 characters of a varchar(255), but it only adds 9 to 12 bytes to the space taken in a row because the data is stored in a separate buffer.

This makes longtext properties slower, but the extra space is sometimes required.

We don't recommend using many StringEnum properties, because we prefer to use a MappedInt instead. But if you do, then you will quickly run out of space if you have many StringEnum properties on one biskit.

Also, you might sometimes want a string property that is more cpu efficient, and so defined as a varchar instead of a longtext.

For this, there's a new option in the bakery. For any StringEnum or String property, you can now specify the column type. The options provided are:

Default
Varchar
Text

If you choose "Varchar", then you will get a "varchar(255)" column, unless you also specify a "Maximum Value", and then that will be the length of the varchar instead of 255 (as long as you choose a value more than zero and less than 10000).

If you choose "Text", then you will get a "longtext" column.

If you choose "Default", then you will get a "varchar(255)" on StringEnum properties and "longtext" on String properties.

Dark Theme

There is now a theme to provide a dark mode. You can make this the default for everybody in global preferences, and individuals can turn it on for themselves using the Settings option in the top-right corner of every page.

Go to the "Appearance" tab, and then select the skin called "Themes/Builtin/Dark" and save.

Note that the colours displayed in the background of the bookings calendar and for the bookings themselves are not defined by the theme. To control these, you can go to your personal settings and choose calendar background colours on the "Calendar View" tab. Global colours for this are set in the global preferences on the "Bookings" tab. Also, colours for the bookings themselves are controlled on the calendar.

Themes have been expanded to enable dark mode to work effectively, so that there are now more items that can be set. You will be able to see these in the theme manager. They are:

activityPopup.backgroundColor
activityPopup.color
actualUsage.recorder.backgroundColor
actualUsage.recorder.color
actualUsage.recorder.table.backgroundColor
actualUsage.recorder.table.color
anchor.hover.color
anchor.normal.color
anchor.visited.color
body.backgroundColor
body.color
calpendoRuleValidator.results.color
calpendoRuleValidator.results.backgroundColor
datePicker.day.color
datePicker.days.backgroundColor
datePicker.days.color
datePicker.disabled.color
datePicker.filler.color
datePicker.highlighted.backgroundColor
datePicker.highlighted.color
datePicker.navButton.color
datePicker.today.border.color
datePicker.valueAndHighlighted.backgroundColor
datePicker.valueAndHighlighted.color
datePicker.value.backgroundColor
datePicker.value.color
datePicker.weekdayLabel.backgroundColor
datePicker.weekdayLabel.color
datePicker.weekend.backgroundColor
datePicker.weekend.color
datePicker.weekendLabel.backgroundColor
datePicker.weekendLabel.color
dropDown.backgroundColor
dropDown.buttonBar.backgroundColor
dropDown.buttonBar.color
dropDown.caption.backgroundColor
dropDown.caption.color
dropDown.color
fieldset.borderColor
infoPanel.backgroundColor
infoPanel.color
menu.editor.panel.backgroundColor
menu.editor.panel.color
menu.subMenuIcon.backgroundColor
menu.subMenuIcon.selected.backgroundColor
progressBar.color
progressBar.backgroundColor
progressBar.complete.backgroundColor
progressBar.border.color
report.searchBar.color
suggestBox.backgroundColor
suggestBox.color
tag.backgroundColor
tag.color
textArea.backgroundColor
textArea.color
textArea.placeholder.color
textArea.readOnly.backgroundColor
textArea.readOnly.color
textBox.backgroundColor
textBox.color
textBox.placeholder.color

Workflow Changes

New Workflow Functions

The following new functions have been added that only exist when the CTMS module is loaded:

appointmentWindowCheck checks an appointment to see whether it is within its time window.
- Each visit defines when it is supposed to happen, and also can define a time window.
- Appointments for a particular visit should then be made near to the calculated time, and within the time window.
- This function can be used by a rule to determine whether an appointment complies with this requirement.
fillInMissingAppointments creates missing appointments.
- It can be used after an import has created a subject, but it may be missing some or all appointments.
- The function can then be used to create any missing appointments for a given subject.
- This function temporarily disables time templates, booking rules and resource restrictions about making changes to historical bookings. It should therefore only be used when importing appointments from another system and not in a Calpendo that is in active use.
fillInMissingEvents creates missing events.
- It is intended to be used after an import has created some appointments, but where the appointments are missing events.
- The function will create any missing events given a subject and an appointment.
- This function temporarily disables time templates, booking rules and resource restrictions about making changes to historical bookings. It should therefore only be used when importing appointments from another system and not in a Calpendo that is in active use.
uncoveredRanges looks at a date range and a list of bookings (or other things with date ranges) and produces a list of all the periods of time in the original date range that are not covered by the bookings.
- As well as returning a list of date ranges, it also returns the total number of minutes that are covered, that are not covered, and the total time in the original date range.
eval evaluates an expression exactly like EvaluateExpressionWorkflowAction *For example, if you put into it this:

65/3
- Then it will calculate that and return the value.
- Similarly, you could have something like this:
[INDEXED#11.output]/[INDEXED#12.output]
- and it would extract the two referenced values from the workflow context, and perform the division for you, returning the result.
- This means that you can now generate an expression in a workflow and then evaluate that dynamic expression. Previously, you could only execute an expression that was stored explicitly in an EvaluateExpressionWorkflowAction.

Workflow Debugger Changes

In the workflow debugger, the tree showing all the workflows, events and actions involved in a recording appears in the bottom left corner.

When you click on an action or event in there, it gives a pop-up menu showing "Continue to here" and "Reverse to here".

These were a little confusing and have been renamed.

Also, there are now menu items to go to the first or last time the selected action was executed in the recording.

The options in the pop-up menu are labelled "Go to first call", "Go to last call", "Go to next call" and "Go to previous call"

Browser Refresh Remembers Search Options

When using the workflow debugger, there are times when it's useful to be able to refresh the browser and have it go back to the same search options it had before.

Whenever you now search for recorded workflow frames, the URL updates to reflect your search conditions so that refreshing the browser will rebuild the conditions.

Frames-by-Type Tab

When you have a recording of a workflow, it can be confusing to have an appreciation for the content of the recording and which frames are active for each action.

To help with this, there's now a tab that lets you see things like what biskit update actions are there, and which frames run a biskit update, and which frames run a particular biskit update.

This is a new tab that shows a tree with all the event/action types, then beneath that listing all the instances of that type, and then below that list all the frames for that event or action.

Frame Selection History Tab

When navigating around a recording of a workflow in the debugger, you can find yourself skipping around in different parts of the recording (that is, viewing different frames).

When you do this, it would be useful to be able to go back to a frame you've previously viewed.

To help with this, there's now a new tab that shows the history of all selected frames so you can easily see the history and select something from the history

Recording On/Off Time Limit

In version 10.0, recording was either on or off globally or for individual workflows. This has now been extended so that there is a time limit for how long recording will operate for. Also, you can now turn off recording for individual events and actions if you want to.

The global recording time limit and workflow-specific recording time limit are both set in the workflow debugger.

You can also see and change the workflow-specific recording time limit in the workflow manager by looking at the "Debug" tab for a workflow.

To see and change the settings for an individual event or action, click on it and then look at its "Debug" tab.

The selection of whether to record an event, action or workflow is not a property of the workflow, but is stored separately. This means a change in the recording settings does not result in a new audit log entry for the workflow itself. You will, however, see audit log entries for Workflow Debug Setting, and its three subtypes:

Workflow Debug Global Setting
Workflow Debug Workflow Setting
Workflow Debug Trigger Setting

Calendar Changes

There have been a few changes to the calendar displays.

The month navigator shown in the top-left corner of every calendar page has had a facelift. It now allows direct month and year selection for the displayed calendar month.

If you want to display bookings for a date that's not near to today, then you would previously have had to use a button to move a month at a time.

You can now move a month at a time, or a year at a time, and you have a drop-downs to go directly to the required month or year.

Booking Layout

The booking pop-up on the bookings calendar now displays using a customizable layout.

Use the layout editor to specify the layout to be used for each booking subtype.

There's a default layout for Booking that specifies that it should use a "Plain unstyled table" so that this looks almost identical to the old version of the booking pop-up.

Bookings seen in the search page now display the same as the bookings calendar pop-up.

In previous versions, we have discouraged editing bookings from a search page because it did not work very well, and wasn't the same editor as you saw in the bookings calendar. This is now changing so that you can edit from either place without a problem.

The rule validator currently still uses the old method of display because it is more liberal in the input it accepts.

Booking Colour On The Calendar

For a while now, there's been a property on projects that allows you to set a colour. This colour can now be used on the bookings calendar to display the title bar of bookings.

To enable this option, there's a global preferences option on the Bookings tab in the "Format for Bookings on the Calendar" section.

You can choose between the resource indicating the colour (which is the default and the way it always has been) and using the project's colour.

On resources that do not require a project, it will continue to be the resource colour that is used.

Booking Show On Calendar

Any property that references a booking now has an icon next to which, when clicked, will display that booking on the calendar. These are known as "show on calendar" icons.

If you are not already on the calendar page, then clicking on such an icon will take you to the calendar, display the required resource, and highlight the booking by making it bounce up and down for a few seconds.

Any secondary bookings referenced by that initial booking will also be highlighted. In this case, their border changes colour to show they are related to the bouncing booking. (The colour changes well below the maximum recommended rate to avoid triggering photosensitive epilepsy)

If you are already on the calendar, and click on a booking to show a pop-up with its details, then any bookings referenced from that first one will also display a show-on-calendar icon. In this case, clicking the icon may change the displayed date on the calendar before highlighting the booking.

Note that this now means you can find a booking via the search page, click on it to see the details in a pop-up, then click on the calendar icon to switch from the search page to the bookings calendar with the right date, time and resources selected to highlight the booking.

Resource Show On Calendar

When viewing the details of a single resource, you now have a button labelled "Show on Calendar" which will take you to the bookings calendar configured to show only that one resource.

When viewing a list of resources, you can check one or more resources, and then click the new "Show on Calendar" button that will take you to the bookings calendar configured to display bookings for the resources you had checked.

Booking Display Flags

Bookings on the calendar can now display small icons in the title bar of each booking.

Go to the resource editor, and you will find a new section labelled "Booking Display Flags". Create one or more entries in there. For each one, you choose the flag, the subtype of Booking to which it might apply, and the conditions the booking must pass in order for the flag to display.

You can also set a display order, which is a number used to sort the flags so that you can choose the order in which they appear on the calendar.

Booking Content On Calendar

Previously, there were global preferences options for control the text that is displayed on the calendar for a booking's title on the month view, and also for a booking's title and main body on all other views.

In addition to this, you can now control the displayed content of an all-day booking that displays at the top of the day or week view.

Also, instead of being limited to having all bookings display the same content, you can now make this be different for each resource. Go to the resource editor, and edit a resource and tick the option for custom booking content on the calendar. A new tab appears where you can customise the display of this resource's bookings on the calendar.

Choose Project for Templates on Bookings Calendar

On the bookings calendar, the "Templates" item on the left has changed.

It used to have a single toggle to hide or some templates in the background of the bookings calendar. It now has a three-way choice:

Hide templates
Show templates for a mixture of all your possible projects (this is equivalent to the previous behaviour)
Show templates for your default project.

This last option is the new one that's available. If you select it, then the background of the bookings calendar will show a colour that indicates whether you will be allowed to make a booking for that project.

Your default project is the one that is used by default when you create a new booking, as long as that project is a viable one to choose for the resource in question.

If you select the option to show templates for your default project, then it also shows you a drop-down you can use to choose that project.

This means you can now change your default project in two places - on the "Settings" page, by clicking the link in the top-right corner, or by choosing this template option and using the drop-down.

Show Which Template Applies Now

A template can have a near term, medium term and far term which might apply at various times. It was not obvious which was in effect at the time you looked at the template. This has now been changed by making the body of the template displayed on the templates calendar give the name of the template group that applies.

The title of the calendar item also shows the name of the template group that applies rather than always being the name of the main template group (that is, the medium term template group), which is what it used to do.

Booking Confirmation

Version 10.0 added built-in support for linked bookings, so that one booking might spawn additional bookings for some other resources.

This leads to an issue around the process for confirming bookings.

That is, when there's a whole related set of bookings whose status is tentative or requested, and you want to move it on to the next level.

That is, convert requested bookings to approved, or convert tentative bookings to requested or (if possible) approved.

Since there can be a whole tree of these bookings, then this can be a time consuming thing to do manually. So there's now a button next to the status displayed in the booking pop-up.

The button will display whenever the booking's status is either tentative or requested, and its label will be "Confirm" if the booking is tentative, and "Approve" if the booking is requested.

Pressing it will attempt to convert the booking and any linked bookings to approved, if possible, or requested otherwise.

Security Compliance

There are a raft of changes included that help when your environment requires that you have secure records of all changes, and to be able to prove that the audit log is complete and hasn't been tampered with.

Secure Block Chain Audit Log

The AuditLog has been extended in order to make it harder to tamper with, and easier to detect when it has been tampered with.

Every AuditLog entry has a reference to the next and previous AuditLog entry. Database foreign-key constraints mean you can't delete any AuditLog (apart from the last one) without first modifying the following AuditLog.

Each AuditLog contains a hash checksum of all the data inside the AuditLog, and the calculation includes the hash from the previous AuditLog. This means that if you modify the data in any AuditLog, or remove an AuditLog, then the hash of the following AuditLog will be inconsistent with the remaining data.

This allows, in principle, for detection of AuditLog tampering because we can check that the data is consistent with the hashes, and we could create a backup of the hashes to allow verification that that don't all change.

Prevent Changing Audit Log and Attachments

Version 10.1 introduces a secure block chain to the audit log that makes it much harder to mess with the audit log without it being detectable.

However, it also goes further by including the option in the software's licence key to prevent any modifications at all to the audit log. When this is turned on, not even root can make any changes. The only changes to the audit log are those that are made in the course of recording what data elsewhere has been created, updated or deleted.

There's also a separate licence setting to prevent file attachments being deleted. If you want your audit log to be a faithful representation of everything historical, then attachments should never be deleted. That's because the audit log does not contain a copy of attachments, but only a pointer to them.

These settings might be approriate in two situations:

For those that would like the audit log record of changes to include the data for attachments that used to be attached but have since been removed. (Normally, only the currently attached files are accessible via the audit log).
For those that require all data to remain accessible for regulatory compliance reasons. For example, those doing clinical trials.

Require Reason For Deletion

There's now an option in the software licence to require that whenever anything is deleted, the user is asked for a reason why they are deleting it.

The reason is then recorded in the audit log.

AuditLog Human Readable Export

The distribution (for those that run on their own server) now includes scripts that can export audit log contents to a human readable form. These scripts appear in the INSTALL directory that is a part of the Calpendo distribution.

They serve to support demonstration of compliance with customers requirements for the audit log to be seen to not be tampered with, and be able to examine the details of audit log without having to use a complex system to do so.

The scripts are simple, and can easily be understood by any technically competent person with some understand of bash scripts and MySQL or MariaDB.

See INSTALL/export_audit_log/readme.txt in the distribution for technical details.

AuditLog Search

The history page now has an added option to allow you to search by the change type (create, update or delete).

This means you can look only for when things are deleted, or only when created, or only when updated if you want to.

Recording Emails

You can now record all outgoing emails if you want to. You can choose whether to turn recording off, or record everything, or record all details about outgoing emails apart from the body of the emails.

You also have separate control over the recording of emails that are generated automatically and those that are manually sent.

This is controlled from the Email tab of Global Preferences.

The old global preferences option for a debug mode for email that added a copy of the transaction log with the mail server has been removed. Its functionality is now superceded by this new facility.

The system events no longer record details about emails sent, and only records the fact that an email was sent, but none of its details. This is instead recorded by a new biskit type. Search for "Recorded Email" and you will find the relevant records.

Protection Against Clickjacking

Clickjacking is the name given to a security exploit that relies on running an application inside a frame, so that invisible elements can be laid over the top.

This means you could then click on invisible things and think that you were clicking on the app showing underneath.

This is described on the OWASP website.

Protection against clickjacking should be more than one thing. We now add some code to protect, as recommended by the above OWASP page. Web servers hosting this should also have other protection against it (the Exprodo production servers do have such protection).

Changes

Formatted ID Time Zone

Whenever a new object is created, it is allocated an ID number that embeds the date and time when it was created within it. The numbers themselves (as explained in the 10.0 release notes) are long, and so to make them more human readable, they are formatted into their various parts. This includes the date and time part.

From version 10.1.6, the date and time are calculated using the UTC time zone.

This avoids ambiguity over the conversion between the raw number value of an ID and its formatted representation.

Linked Bookings

To help with the new booking confirmation support, there are some changes to the way linked bookings work.

Soften the meaning of "template status" in linked booking status rules
- When setting up a linked booking, you can set up rules for how the change of status of a parent booking can cause a change of the child's status.
- The option of "Template Status" has been a hard rule: when the link says the child should be set to the template status, then that's what it gets.
- If there are permissions or booking rules that prevent the child being given the status in question, then it prevents the parent from being changed at all.
- This is not usually what you'd like to happen.
- Particularly if it means that trying to confirm a parent booking (change from tentative to requested) is being prevented by the child booking needing to be marked as approved, when the current user cannot approve the child.
- The new implementation of status rules is this:
  - If the status rule says the child booking should apply template status
  - and the template status is APPROVED
  - and the child cannot be saved (for any reason)
  - then the child will be given REQUESTED status
  - and we will attempt to save the child again
  - and only if the child still fails to save is the parent save aborted
Set default linked booking status rules so approval must flow down
- The new rules mean that when a parent is approved, then the child must be approved as well.
- In other words, you can't approve the parent without also the child being approved. Or, you must approve children before or at the same time as approving their parent.
- This also means that in a long chain of linked bookings, you can tell whether the whole chain is approved just by looking to see whether the root booking is approved.
Add support for retaining relative time between linked parent & child
- When you set up a linked booking, you have some control of the timing of the child booking. You will set a relationship initially, such as the child starting at the same time as the parent, or an hour before.
- You can also control how the times change thereafter by choosing the child's "time independence".
- The previous values you could select are:
  - Keep Value - child not allowed to change
  - Copy when create - child initially set up and then uncontrolled thereafter
  - Copy if was same - child allowed to be changed. If parent changes time, and if the child was at the prescribed time before the parent changed, then the child will be modified to be at the new prescribed time.
  - Always copy - the child time is always set relative to the parent
- There are now two new values you can choose. This is for those occasions where you want to be able to modify the child's time, but if you modify the child's time and then later you change the parent's time, then the child should change so that it keeps the same relative position compared to the parent that it had before the parent was changed.
- These are called:
  - Copy relative start - Changes the child's time so its start keeps the same relative position compared to the parent's start.
  - Copy relative finish - Changes the child's time so its finish keeps the same relative position compared to the parent's finish.

Cancellation Reasons

You've always been able to customise the list of reasons somebody can choose when a resource is configured to require a reason for a cancellation.

In addition to this, you can now choose different cancellation reasons for each resource.

Create all the cancellation reasons in the bakery as before (it's a Mapped Int). But then, on each resource, when you turn on the option for the resource to require a reason for cancelling one of its bookings, then a new tab will appear for a list of cancellation reasons.

If the list is empty, then all possible cancellation reasons will be offered. Otherwise, whatever is in the list are the reasons that will be selectable when somebody cancels a booking for the resource.

Date/Time and Date Range Properties With Seconds

We now support displaying date-time and date range properties with seconds accuracy. Previously, we assumed a date/time only required time to an accuracy of minutes.

In the bakery, each DateTime and DateRange property lets you specify the accuracy of the content (minutes or seconds).

In the layout editor, for any DateTime or DateRange property, you can specify the accuracy that should be used to display a property.

By default, a layout will show a property using the time accuracy specified in the bakery. However, you can override the accuracy in the layout editor. In other words, the accuracy specified in the layout does not have to agree with the bakery version.

When creating variables in a workflow, DateTime and DateRange properties now let you specify the accuracy.

Usage Recorder

The built-in usage recorder now allows you to manually override the start and finish time. Normally, you click a button to indicate when the session started, and again to say when it finished. The times when you clicked the buttons are used as the start and stop times for the resource usage.

You can now change those times. When you've started a session, the usage recorder shows a page with the start time, its current duration, and a button to let you stop the session. You can now click on the start time and modify it.

Also, when you stop the session, the pop-up that asks if everything went well now allows you to modify the finish time if you want to.

The recorder also supports collecting times to a resolution of seconds. If you want this, then change the Time Type of the dateRange property on Resource Usage in the bakery.

There's also now an "overview" panel that displays with the usage recorder when there are multiple resources on which you can record usage. This makes it much easier to see what the overall situation is across multiple resources and also makes it much easier to switch from recording information about one resource to another.

You can jump to the usage for any resource by clicking on it.

If any resource is configured so that the usage recorder can only be used from a particular IP address, then the overview panel will only show that resource if your IP address matches.

Further, if there are no resources or only one resource for which you can record actual usage, then the overview panel will not show.

Control Over Tag Creation

When you configure tags for a property, users were able to enter a value and then that would be automatically made available as a suggestion for use in future.

You now have control over whether tag suggestions will be created automatically, when a new value is used for the first time, or whether it will only happen manually.

This is determined in the bakery. Where you have a string or set of strings and set it to contain a tag, there's a drop-down to choose whether new tags are added automatically or manually.

If set to manual, a user can still modify a property that displays tags tags, and new values the user enters will be stored, but there will not be a suggestion added for future use.

To manually create a tag suggestion, search for the type "Tag", and create an entry for the relevant "Tag Definition".

Approximate Dates

There is a new BiskitDef called ApproximateDate. You can add custom properties of this type to your biskits. If you do so, then you must mark the property as being a component. You will receive an error if you forget to do this.

This will result in storing a new column of type integer which encodes a date.

For example, 3rd February 2021 would store the value 20210203.

This is an approximate date because the day of the month and month of the year can be unknown.

In those cases, the value of the day or month would be stored as zero, so an unknown day in February 2021 would be 20210200, while an unknown day in 2021 would be 20210000.

This number is available as a property called "pseudoDateNumber". There are also properties for day, month and year on an ApproximateDate.

The user interface will display unknown days and months as "Unknown".

If you use a workflow or permissions to access the "day", "month" properties of an ApproximateDate, and they are unknown, then their value will be zero.

Optimisations

There have been various speed improvements made throughout version 10.1.

This applies in particular to some operations with bookings, but also more generally to communication between the browser and server which is now significantly faster.

Any custom reports written using FreeMarker will be substantially faster.

Default Project Status

Version 10.0 introduced draft projects. "Draft" is a new status that can be used when a user wants to save a project, but is not yet ready to indicate it is ready to be approved by making its status "Requested".

However, this introduces a behaviour change for all existing users. So we've now added a new global preferences option to choose what the default project status is. This now defaults to "Requested" so that the 9.0 behaviour is what you get by default.

Anybody that wants users to create draft projects by default should change the global preferences option.

Per-User Default Initial Page

You can now choose a user's default initial page by adding a user login workflow event, and then setting the default initial page token in the response.

The token you must set is the part of the page URL after the # symbol.

If you don't set this, then the value selected in the global preferences will apply.

If you do set it, then it overrides the global preferences setting.

Examples of when this might be useful:

You could give out a URL for people to run a test, and each person would automatically go to the test they had been configured for.
You could check whether somebody's training is out of date, and take them to a page that said that.
You could show some kind of message to only some people
Note that this only changes the default page. In other words, if somebody bookmarks a particular page, then they will go directly to that page and not their custom default page.

Workflow Dynamic Content Pop-ups

Workflows have been able to dynamically generate HTML content for display to the user for some time. This has now been extended so that the content can be displayed in a pop-up if you wish.

To do this, add a Biskit Update action that changes the event's response.popup and at least set the popup's enabled property to true. You can also choose to make the pop-up (nearly) full screen, or a fixed number of pixels wide and high.

If you don't choose a specific size, then it will be sized according to its content. There are some other settings you can choose:

modal means that while the pop-up is displayed, users cannot click on anything that is not in the pop-up.
autoHide means that if the user clicks outside the pop-up, then the pop-up should automatically close.
Add support for dynamic workflow driven pages to show in a pop-up
- Issue: 3299

Running User Workflow From Process Page

A process page (also known as a stepped-edit page) allows you to edit a biskit in a sequence of pages where you click next and previous buttons as you navigate between the various screens.

On each screen, you can configure buttons that appear, such as next and previous, each of which can initiate custom actions in the server by a workflow that is triggered on each button press.

The Process Event's output available in the workflow now includes a "response.userWorflowEvent" that you can set. If you do, then this chooses a User Workflow Event that will be triggered for you.

The user workflow event can display messages or dynamic content. The dynamic content can be in a pop-up, or not, as you prefer.

Now that a user workflow event can trigger a pop-up containing dynamically generated content, it means that you can configure a button on one of the process event pages to trigger a user workflow that shows dynamic content in a pop-up. From the user's perspective, this means they click a button and a pop-up appears with the relevant content.

To use this, from within the workflow triggered for the Process Workflow Event, add a Biskit Update that changes the event's response biskit, and set its userWorkflowEvent property to the user workflow event of your choice.

Stepped Editor New Custom Buttons

A process page is also known as a "stepped editor" because it involves a sequence of pages that (usually) edit a biskit with next & previous buttons.

These allow a set of buttons on each page. You can change the labels on them, and their meaning, but by default they are:

Previous
Next
Reset
Finish
Help

Of these,:

"next" and "previous" usually have to retain their original meaning.
"Help" is displayed as a help button, so can't be used for anything else.
"Finish" is often needed for its original purpose (to exit now).

That often leaves "reset" as the only button that can be customised, and that isn't always enough.

So now there are buttons called "Extra 1", "Extra 2" and "Extra 3". Their meaning is entirely what you make of it, by changing the labels so that they have sensible meaning to the user and configuring a workflow to handle them as required.

The menu editor now lets you specify a CSS class that should be applied to the menu. This means you can change the way the menu bar looks, and this can be different for different users (since they can each have a different menu).

This also means that you can completely hide the menu bar if you want to.

Misc Changes

Make automatic biskit valued drop-down filtering more liberal
- The automatic filtering of drop-downs selecting from a collection of biskits has changed.
- There are now wider scenarios in which you get automatic filtering applied.
- Suppose there is a one-to-many relationship between Biskits called Parent and Child.
- That means Parent.children is a collection of Child, and Child.parent is a biskit of type Parent.
- Suppose further that there is a Biskit called Friend, and Friend.parent is of type Parent, and Friend.child is of type Child.
- Finally, suppose that Friend.parent is marked as being required (so it can't be null).
- Then when building a drop-down for Friend.child, we will only allow those items in Friend.parent.children to be selectable.
- This is similar to the previous scenario, but this has fewer constraints.
Mark Booking.cancellationReason as visible in biskit detail
- There is no longer a reason to hide this - particularly now that bookings are rendered using layouts.
Allow the new 10.0 pop-ups to be moved by dragging
- The new pop-ups that you see, for example when clicking on a row that's displaying a list of items, can now be dragged so you can see what's behind it.
- Note that you still can't click on anything behind it.
- Close the pop-up first to do that (either by pressing Escape or clicking the red Cross close icon in the top right corner).
Add CSS class names to usage calendar items depending on whether currently in progress
- This allows you to change the colours or other attributes with CSS depending on whether an entry on the calendar is currently in progress.
- The classes used are Calpendo_ResourceUsage-active or Calpendo_ResourceUsage-inactive
Add support for custom search pages to handle a range of a double-valued property
- When setting up the descriptor for a custom search page, you can add an entry that allows the user to specify a minimum and maximum value.
- This worked for integer and date properties, but not for double properties.
- This is now supported. So if you have a property called "doubleValue" of type Double, you can add a descriptor like "doubleValue:*" to add a min/max value widget.
Add CSS classes to standard buttons seen when viewing or editing a biskit
- This allows you to add some custom CSS to hide buttons or otherwise style them as you see fit.
- Here's an example of hiding the "Create Copy" button for a biskit of type "X":
  
  .exprodo-BiskitCRUController-readButtons-X .exprodo-BiskitCRUController-createCopy { display: none; }
Improve support for custom booking tooltips that display when you hover over a booking in the calendar.
- You can customise the tooltips displayed when your mouse hovers over a booking on the calendar.
- You've always been able to select a nested path (something like project.thing) rather than a path to something that's not nested (like project).
- However, that could result in the displayed value saying "Hidden", even though permissions said you could see it.
- This should now always work properly, and you should only see "Hidden" when it's due to permissions.
Limit the displayed length of a report's conditions description
- Some reports can have complicated conditions - especially if they are generated by a custom search page.
- When this happens, the text that describes what filtering was applied to the search page can be quite cumbersome.
- This is now limited in length with a "Show more" link to click if there's more to display.
Change label for "last week" on the repeat when set to monthly-by-day
- When you ask for something to repeat monthly-by-day, it shows a description of something like "3rd Monday of the month".
- If you choose a start date that could either the fourth week or the last week, then you can choose whether this should be the last week.
- It did this with a checkbox and the label "last week".
- This label has now changed to "Last week of month" to make it a little clearer.
Remove "Owner's projects" option from user default project setting
- The user's settings page lets a user choose their default project.
- This is the one that will be preselected when creating a booking.
- Any admin that chooses their default project will also see a cog-wheel to configure the choice of projects in the drop-down.
- Either they see all approved projects, or they see their own approved projects.
- There was also an option to see the "Owner's projects".
- This made sense when choosing a project on a booking pop-up, but not when choosing your default project.
- This option no longer appears on the user settings page.
Add support for FreeMarker list reports to access PropertyDef of columns
- This example shows how to produce a list of the labels for the properties selected for a FreeMarker report when you set the dataFormatType on the custom ReportType to "List":
  
  <#list report.columns as columnDef> ${columnDef.propertyDef.label} </#list>
Add auto-incremented simple integer property to Booking and ResourceUsage
- This is called Booking.autoNumber and ResourceUsage.uniqueNumber
- The general name for these properties would be "autoNumber", but ResourceUsage has several automatically generated numbers, and so it is called uniqueNumber.
- This name is chosen to relate to uniqueID which is a copy of the ResourceUsage's ID.
- In version 10, this is now a 64 bit number instead of the 32 bit numbers we used to use.
- ResourceUsage objects that existed before the upgrade have their uniqueNumber set to the value that uniqueID (and id) used to be before the upgrade.
- Bookings that existed before the upgrade have their autoNumber set to the value that their id used to be before the upgrade.
Add user-selectable CSS class to user workflow biskit type button
- When you define a workflow button in the workflow manager, it now has an option for entering space-separated list of CSS class names.
- When the button is created, it will be given each of the CSS class names that you provided.
- Issue: 3272

Updates

10.1.0 November 4, 2020

First released version.

10.1.1 June 18, 2021

BUGFIX: Re-rendering a root layout using vertical tabs doubles up tabs
- If you have a layout for a biskit that uses vertical tabs at the top level, and then from a list of those biskits display their content, then each time you click on one, you get another copy of the tabs showing up.
- Issue: 2763
BUGFIX: Edit a repeating template gives an exception
- Issue: 2801
BUGFIX: Click on JavaEnum in bakery and it gives an exception
- Issue: 2802
BUGFIX: iCal resource requiring project can't display bookings on calendar
- When you configure a resource to load bookings from an external iCal feed, there is no way to pull in project information.
- This means the resource should be configured to not require a project.
- However, if you set it to require a project, then when you display the calendar to see imported bookings, you get an exception.
BUGFIX: Workflow function createAttachment ignores provided name
- Suppose you:
  - create a workflow that calls the workflow function createOSFile
  - take the result of that and create an attachment from it using the function createAttachment
  - choose the version of createAttachment that takes the file path and also the attachment name
- Then the attachment that gets created has a name that is not the text provided in the createAttachment function call.
BUGFIX: AuditLog shows no user when tag added via change to other biskit
- When you create or change a biskit by using a previously unknown tag value, then the new tag value is recorded.
- The audit log entry for that new tag value did not record the user that caused the tag entry to be created.
- The user was instead recorded as null.
BUGFIX: AuditLog show no user for link from booking to service order
- When creating service orders, the service order can specify a booking.
- When this happens, the booking is updated to reference the service order.
- The audit log entry associated with the change to the booking did not record the user that made the change.
BUGFIX: ExprodoLicence written to DB put user as ID 0 in audit log
- Whenever the system boots, and whenever somebody changes the licence, there's a record added to the database of the licence details at that time.
- You can find these by searching for ExprodoLicence (or CalpendoLicence in Calpendo).
- The ID of the user recorded as having entered this was zero.
- This is now the actual user that loads a new licence, or the ID of the system user (which is a user whose ID is also the shard number).
BUGFIX: Failed login attempts generate audit log entry with user id 0
- When there's a failed attempt to log in, the LoginAttempt that is recorded generates an AuditLog entry attached to no user.
- There's some sense to it in this case, but this has now been changed so it's the system user associated with this AuditLog entry.
BUGFIX: A user that self-registers generates AuditLog entry with user 0
- If a user self-registers, then it should be that user that is recorded as being the user that created their own record in the AuditLog.
- This wasn't working properly though and the recorded user ID was always zero.
BUGFIX: History page does not show system user as editor
- If there are entries for which a system user is marked as the editor, then the history page would not show anything for the editor.
- For example, try to log in with the wrong username or password, and there will be an AuditLog entry made by the system user for a LoginAttempt.
BUGFIX: Export BiskitDef makes bad SQL if text-valued props contain quotes
- Exporting some BiskitDef instances would generate SQL that is syntactically incorrect.
- This happens when you put single or double quotes inside any one of various properties on BiskitDef and PropertyDef (detailed below).
- In some cases, adding a single quote will cause a problem, and in others, adding a double quote will cause a problem.
- The affected properties on BiskitDef are:
  - tooltip
  - null label read only
  - null label read-write
- The affected properties on PropertyDef are:
  - label
  - title
  - placeholder
  - formula
  - boolean true text
  - boolean false text
BUGFIX: Layout editor can lose changes to custom boolean true/false text
- If you edit the layout for a biskit that contains a boolean property, then the layout editor lets you assign custom text to represent the true and false values for display.
- If you modify the text value and then immediately click on another property in the layout, then the changes you made to the boolean true/false text would be lost.
- To make the text stick, you had to either hit the enter key or click somewhere that did not cause the boolean property to be taken off screen.
BUGFIX: History page gives exception on old values with changed PropertyDef
- Suppose you have a property that is an integer (for example a mapped integer), and then you make some changes to a biskit so that there is history recorded.
- Then suppose you change the definition of that property so that it's now a Biskit-valued thing.
- Then if you look at the history, you got an exception because it didn't handle very well an integer value in what is now a biskit valued property.
BUGFIX: Free text search had no label
- When you add [free] to a custom search page, it did not have a label to display like other property-based search elements.
- It now uses the text "Free Text Search" as its label.
BUGFIX: Showing history of workflow can sometimes generate exceptions
BUGFIX: Clicking on an overlapping booking can make it move due to redraw
- When there are bookings overlapping, and you click on one to get the menu, there's a redraw which can then put them the other way around.
BUGFIX: Referenced-by condition with number of refs > -1 finds nothing
- It makes no sense to set up a search with a referenced-by condition where you ask to find things where the number of references to it is greater than a negative number.
- However, if you do it, it would find nothing which is wrong since the number of references to something is always at least zero.
BUGFIX: Lazy rendering of repeat widget caused exceptions in booking pop-up
BUGFIX: Changing booking start date does not change repeat week info
- When a booking is edited and assigned a repeat of monthly-by-day, it shows a description of something like "3rd Monday of every month".
- If you change the booking's start date to something else, then the repeat should change accordingly.
- It wasn't doing that, and was always on the first of the month.
BUGFIX: Template tooltip miscalculated status for instant transition
- When a template is set to use an instant transition (rather than rolling) then the template tooltip could erroneously claim that a template was a mixture of terms (eg both near and medium) when it isn't really mixed at all.
- When using an instant transition, it's not possible for more than one of the near, medium and far term groups to apply at once.
BUGFIX: Non-root users cannot run FreeMarker report searching for projects
BUGFIX: PropertyEditor default CSS uses period in biskitDef making useless
- For example, the booking status drop-down in a booking pop-up had CSS class
  
  springsolutions-PropertyEditor-Calpendo.Booking-status
- But the period in Calpendo.Booking means you can't target any CSS at that because the period has special meaning.
- For those cases where the BiskitDef has a period in it, it's now converted to an underscore, so the above is now replaced with the class:
  
  springsolutions-PropertyEditor-Calpendo_Booking-status
BUGFIX: Any duplicated server messages are displayed multiple times
- If the server generates a message it wants to display to the user, and there are multiple such messages, then the client displays them all.
- This is true even if some of the messages are repeated, so you may get them multiple times.
- For example, if you have a workflow that sends multiple emails, but email sending is disabled, then when you do something in the browser that causes that workflow to run, you will see a message in the browser like:
  
  Email sending is disabled; Email sending is disabled; Email sending is disabled
BUGFIX: Booking boolean property ignores true/false text from bakery w/o layout
- If you add a property to a booking subtype, and do not define a layout for that subtype, then the display will ignore any boolean true/false text, number format or time type you define on the property in the bakery.
- Issue: 2994
BUGFIX: Edit Booking BiskitDef and Booking.flags changes to oneToMany
- If you edit the Booking BiskitDef in the bakery and you are NOT in debug mode, and you click on the flags property before you save, then it changes it from a toMany collection into a oneToMany collection.
- On save, it also gives an error, but allows you to save it despite the errors.
- Booking.flags should be a toMany collection and not oneToMany.
- Issue: 1403
BUGFIX: A BiskitTreeEditor menu item with unknown biskit type gives error
- Suppose you:
  - add a menu item that shows a BiskitTreeEditor page
  - add a BiskitDef to display in the tree editor
  - Delete the BiskitDef or change its type
- then the menu item generates a pop-up error with an unfriendly message.
BUGFIX: Compare history of user after adding projects gives exception
- If you add a user to a project, and then view the history of the user and compare the versions before and after adding the project, then you get an exception.
BUGFIX: Group reports with special union properties produce nasty exception
- Some properties are stored in the database in a special way using a union to avoid a proliferation of tables.
- When you try to create a group report that adds a column for one of these properties, then you get a horrible error message that starts:
  
  could not resolve property: applyToBookerUserTypes of: Calpendo.Rule [select b.class, b.id, _select_2_p0_applyToBookerUserTypes, b.version from Calpendo.Rule as b left join b.applyToBookerUserTypes as _select_2_p0_applyToBookerUserTypes ]
You can see this by searching for any of the following: * Rule with a column of applyToBookerUserTypes * Permission with a column pathsInclude * LinkedBookingLink with a column parentResources
- Searching for these things is still unsupported, but it now gives a much better error message.
- Issue: 2958
BUGFIX: Booking popup does not change owner when project changed
- There's a global preferences setting that chooses whether the owner of a booking should default to the owner of the project (when there is a project).
- However, this was being ignored so the booking owner was not changed when it the project changed, even if the global preferences setting was enabled.
- Issue: 2943
BUGFIX: Booking pop-up shows drop-downs of complex named values badly
- If a booking has a biskit-valued property, and the biskit values have their name calculated from a format that incorporates the name of a further biskit, then the drop-down would not include the correctly calculated name.
- Issue: 2896

10.1.2 June 28, 2021

This version includes everything in 10.0.38 and 9.0.86

Changes

Add option in history page to search by change type (crud/update/delete)
- This means you can look only for when things are deleted, or only when created, or only when updated if you want to.
Convert CTMS.Person height, weight and BMI from static to dynamic props
- These properties were static, with height and weight configured for units of centimetres and kilograms.
- If somebody wanted different units, you could not do so.
- So they've been converted to dynamic properties, and they exist even in a newly loaded CTMS module.
- Now they're dynamic, you can change their units. If you do this, then you must also change the formula so that it still calculates the right value.

Bug Fixes

BUGFIX: Booking tooltips handled in the server don't use custom bool text
- You can configure each resource to have tooltips for its bookings to include any data reachable from its bookings. If you choose only data that is a direct property of the booking, then the tooltip will be generated in the browser.
- If any of the properties in the tooltip pick a value from a nested path, so it's a child property of one of the biskits referenced from the booking (for example project.owner instead of just project), then the tooltip will be generated on the server.
- When it's generated on the server, then any boolean properties will only show true or false, and won't use any custom text defined on it in the bakery.
- Issue: 2961
BUGFIX: Click in date box and drop-down could show wrong month
- This could be seen most easily in CTMS when editing an appointment.

10.1.3 July 9, 2021

This includes everything in versions 9.0.87 and 10.0.39

Changes

Optimisation: TemplatedText actions eagerly expanded FreeMarker data model
- You can use FreeMarker within a TemplatedTextWorkflowAction.
- When you do that, it was expanding the data model to its full depth rather than using a lazy model that would expand when it is used.
- This change makes TemplatedText actions that use users, projects or resources much faster.
Prevent accidental change of key licence attributes when updating licence
- When you change the licence, it now checks that you're not changing some things that look like they are likely to be wrong, or that have large consequences.
- In particular, it checks:
  - if the old licence prevented the deletion of attachments, and the new one does not.
  - if the old licence prevented the deletion of audit log entries, but the new one does not.
  - if the old licence required a comment when deleting anything, but the new one does not.
  - If the old licence was for Enterprise, and the new one is not
- When any of these are true, then after entering the new licence, it gives you a strongly worded message about the change you're trying to make, and suggests you don't click Save unless you really want to make the change.
- If you continue and press save anyway, then it asks you whether you really want to do this.
- This is because it is really unusual for any system set up with one of these features to have that feature be removed.
- If it's really what you want, then it will allow it to happen.
Add workflows for getting and testing available fonts when generating PDFs
- In the workflow manager, you can now see an example font under:
- WorkflowBiskit/VersionedWorkflowBiskit/Workflow/Example PDF generation with XMLFO
- There are two new events in there:
  - "List of Available Fonts"
  - "Test your font"
- The first shows all the fonts that exist on the server, and that are capable of rendering some example text.
- The second generates a PDF showing the example text rendered in a selection of fonts.
Add example workflow for generating a PDF with a table to 10.1
- This example workflow was added to an earlier 9.0 release and to new virgin database, but not added to pre-existing 10.1 systems.

Bug Fixes

BUGFIX: Cancelling a future CTMS appointment also changes earlier appntmnts
- If you edit a CTMS subject with multiple appointments, and from the subject page you change the status of one of the appointments to cancelled, then when you save the subject, it updates ALL of the appointments, even though there are no changes to write out for them all.
- If (as would be normal) appointments in the past are configured to not be allowed to be changed, and the subject has an appointment in the past, then the attempt to update all appointments would be prevented.
- This means the subject would not be allowed to be changed.
- Issue: 2970
BUGFIX: CreateVariablesAction export strips away all variables descriptions
BUGFIX: Updating subtype of resource usage on calendar ignores extra props
- If you set up a custom subtype of ResourceUsage that is to be used on a particular resource, and then edit an instance of a ResourceUsage for that resource, then changing any property that is defined on the subtype does not cause the value to be saved.
BUGFIX: Changing resource for a usage does not change the biskit type
- If you set up ResourceUsage subtypes, and have different subtypes of ResourceUsage for each resource, then when you change a resource usage from one resource to another, it should automatically change the biskit type of the resource usage to match the resource's requirement.
- The user interface was showing the desired properties, but on save it was not set to the correct new biskit type.
- Issue: 2975
BUGFIX: Wrong name shown for some biskit-valued props on ResourceUsage
- If you have a ResourceUsage with a property that is a dynamic biskit, and whose name is set to the name of another dynamic biskit, then when the value is shown in a read-only popup on the resource usage calendar, it shows an incorrectly calculated name for it. It shows the biskit type and ID of the biskit rather than the actual value.
- Issue: 2966

10.1.4 July 21, 2021

Changes

Simplify workflow debugger triggers display
- The workflow debugger shows a "triggers" section in the bottom-left corner that represents all the events and actions run in the currently displayed recording.
- Each item used to show a number to the left of the percentage (when the heat map mode is "Time count" or "Run count"). This has now been removed.
- This is because it introduced a different indentation depending on the value of the number, and so it could make it appear as if an event were a child of an action displayed immediately above it.
- The number is not needed anyway as you can see the number as a part of the full details shown when your mouse hovers over the percentage box.
Show feedback on marking CTMS events as complete when appointment complete
- When a CTMS appointment has its appointment status set to complete and there are some events within it that are not yet complete, then you get a pop-up asking whether to mark the remaining items as complete or a reason for cancelling them.
- When you do this from the booking pop-up on the bookings calendar, it could be confusing to people who might think the "Cancel changes" button on the booking pop-up would also cancel the changes made to the appointment status and event statuses. However, these have already been saved to the server by this point, so cancelling changes from the booking pop-up only cancels any other changes you may have made.
- We now show a confirmation pop-up after the statuses are updated to show that the status changes have been saved.

Bug Fixes

BUGFIX: Comparing history versions sometimes gives an error
- Issue: 2983
BUGFIX: Enrolling person into CTMS project gives exception
BUGFIX: Biskit update via properties writes audit log BEFORE apply changes
- If you change something either by using checked-editing from a list, or if a workflow changes something, then the audit log entry written for the update would write out the old value of the data instead of the new value.
BUGFIX: Time counts display incorrect percentages in workflow debugger
- When multiple workflow events are triggered by the same situation (such as two database events triggered by the same data change), then the workflow debugger shows the percentages of time taken for the events as if the total duration were actually the time taken by the first event only.
- So if the second event takes longer to process than the first, it will show as having taken more than 100% of the time, even though the first event might also show as having taken 100% of the time.
BUGFIX: Usage created as wrong biskit type when done from Recorder
- When creating a ResourceUsage by using the built-in usage recorder, then it is always created as the base ResourceUsage type even if custom subtypes have been set up and a custom subtype should be used for the relevant resource.
- Issue: 2975
BUGFIX: Edit CTMS subject with cancelled appointment adds new appointment
- If you choose to cancel an appointment, and then edit the subject, it would automatically add in a new appointment in place of the one you cancelled.
- Issue: 2971
BUGFIX: User registration page disappears immediately with empty drop-down
- If you add a biskit-valued property to a user, but have no values for the drop down so that it is empty, then the user registration page only shows briefly before disappearing.
- A bug with these symptoms was fixed in 9.0.86. However, that fix did not work in 10.1 because of other changes in that caused the same symptoms for additional reasons.
- Issue: 2981
BUGFIX: Wrong labels on AppointmentStatus drop-down on CTMS reception page
- The drop-down value for the Approved option displays as "Confirmed" instead of "Approved".
BUGFIX: Updating CTMS appointment status from reception page can give error
- When you update a CTMS appointment's status on the reception page, it can send the update to the server, and then fire a callback with the old version of the appointment which generates a further server update.
- This secondary update then fails because it has the wrong version number, since it wasn't based on the updated appointment after the status change.

10.1.5 August 10, 2021

This includes everything in version 10.0.40

Changes

Move control over whether DB dumps are allowed from preferences to licence
- 10.1 introduced support for restricting whether the database could be dumped using the user interface. It did this with a global preferences option.
- This has now been moved so it's no longer in the global preferences, but is now an option in the licence instead. This is so that it makes it harder to circumvent the restriction by people who have the ability to change the global preferences.
- This restriction is useful for those that have concerns about the privacy of their data and that want to restrict ways in which their data can be copied.
- Issue: 2984
Convert linked booking choice to a min/max/random triple of values
- Linked bookings did offer you the option of controlling the number of child bookings by selecting one of:
  - Book all
  - As many as possible
  - Try in order
  - Random selection
- This was good, but did not offer as much control as we found was required.
- In particular, there was no way to say that you want any one of the child bookings, and if you can't create any child booking, then you're not allowed to have the parent booking.
- The above choice has now been removed and replaced with three settings:
  - The minimum number of child bookings
  - The maximum number of child bookings
  - Whether to select child booking resources at random
Add support for a single date box for custom search page date conditions
- When you configure a custom search page and add to the descriptor something for a date, date-time or dateRange property, then it would add a "from" and a "to" date or date-time entry boxes.
- It did not matter whether you specified that you wanted a multiple value selector - you always got on (by using two entry boxes).
- This has now changed for date properties only.
- In this case, you now get a single date box.
- If the search page descriptor indicates it wants a multi-value (range) selector for a date property, then you would get the old behaviour of two date entry boxes, but the default for a date property is now a single date entry box.
- Issue: 2993
Auto-select booking drop-down values marked required and one value possible
- If:
  - you have a biskit-valued property on a booking
  - its valid values are filtered in some way
  - the filtering indicates only one non-null value is legal
  - the property is marked in the bakery as required
- Then the drop-down will automatically select the legal non-null value regardless of whether the property is marked as "null allowed", which would mean that a null value is present in the drop down.
- Ticket: 6305
Optimisation: Server-generated booking tooltips could be very slow
- You can customise the tooltips displayed when your mouse hovers over a booking in the calendar. If you do this and one of the property paths you have requested includes a nested property, so the path contains a period that is anything other than resource.type (which is handled specially), then the tooltip will be calculated on the server instead of directly in the browser.
- These server-generated tooltips were sometimes very slow to generate (a time of 4 seconds was observed), so the user did not see a tooltip appear until well after they were expecting it to appear.
- Issue: 3001
- Ticket: 6308
Add frame number to the misc tab in the workflow debugger
- Issue: 3004
Show the run number on the workflow debugger's runs table
- Issue: 3004
Workflows debugger drop-down trigger menu are confusing and incomplete
- In the workflow debugger, the tree showing all the workflows, events and actions involved in a recording appears in the bottom left corner.
- When you click on an action or event in there, it gives a pop-up menu showing "Continue to here" and "Reverse to here".
- These were a little confusing and have been renamed.
- Also, there are now menu items to go to the first or last time the selected action was executed in the recording.
- The options in the pop-up menu are labelled "Go to first call", "Go to last call", "Go to next call" and "Go to previous call"
- Issue: 3007
Allow workflow debugger URL to remember conditions for current search
- When using the workflow debugger, there are times when it's useful to be able to refresh the browser and have it go back to the same search options it had before.
- Whenever you now search for recorded workflow frames, the URL updates to reflect your search conditions so that refreshing the browser will rebuild the conditions.
- Issue: 3009

Bug Fixes

BUGFIX: Cannot create an Exprodo user when reached user licence limit
- If a database has already reached the maximum number of licensed users, then you can't create a new Exprodo user at that point (even though they don't count towards the number of licensed users).
- Issue: 2986
BUGFIX: Upgrading directly from 9.0 to 10.1 fails
- A database upgrade for 10.1.5 did not work properly unless the system had booted any version from 10.0 to 10.1.4 before doing the upgrade to 10.1.5
BUGFIX: Auto-filtering of drop-downs over-zealous with hierarchy biskits
- Suppose you have a biskit that is configured as a hierarchy.
- That means that it has a one-to-many property that stores a collection of children of the same type.
- An example in Calpendo is a Location, which can contain child locations.
- Then when you have a biskit that has a property that stores one of these hierarchy bisktis (like a location), then when you go into edit mode, it automatically filters the contents of the drop-down but it does so incorrectly.
- Whatever is the currently selected value (eg location), then whatever children that value has becomes the set of options available in the drop-down.
- So if you have a currently selected value that has no children, then the drop-down would be empty.
- Ticket: 6290
BUGFIX: Auto-filtering of booking types not working in booking pop-up
- Technical: The auto-filtering was only written to handle a TinBox, but booking type is displayed using a BiskitBox.
- This caused the filtering to be ignored.
- Issue: 2962
BUGFIX: Change of booking owner in booking pop-up does not change projects
- When an admin creates a booking, they can normally make a booking for any project.
- To help make sense of the many projects that may exist, there's an option next to the project drop-down to allow the projects that appear in the drop-down to be changed to match those appropriate for the booking's owner.
- However, changing the booking owner did not change the selection of projects that appeared in the project drop-down.
- Ticket: 6299
BUGFIX: Custom search page string property filter mishandled empty value
- Suppose you configure a custom search page and add a filter to the descriptor for a biskit property by referencing a string property on the biskit, and configure that filter to use a "contains" condition.
- For example, suppose you created a custom search page for bookings and added a descriptor of "{C}project.name:C"
- Then this would not find any values where the biskit property itself was null. In the project.name example, this means it would ignore those bookings for which project is null.
- This is somewhat counterintuitive.
- Also, the description of what the search is looking for would say "project.name contains " which is also somewhat confusing.
- If using "contains" conditions for a search, then it is much more logical that anybody not writing anything into the search box would expect that there is no filtering on that property. Therefore, the description of the search parameters should match that expectation.
- Ticket: 6303
BUGFIX: Directly modify child of "copy if was same" linked booking reverts
- If:
  - you set up a linked booking with a time independence of "copy if was same"
  - you then modify the child so that its time is different from that which the parent says it should have and save it
  - you then modify the child so its time matches what the parent says
- then the child would automatically revert back to the time it had (different from what the parent said)
- Issue: 2991
BUGFIX: Cannot edit time on child of linked booking using booking pop-up
- A child linked booking stores a reference to its parent booking.
- When the booking pop-up edits the child booking, it was forgetting the value of the parent booking.
- So the server then complained because it looked like an attempt to modify a child booking's reference to its parent booking.
- Issue: 2990
BUGFIX: Infinite loop if change start/finish on KEEP_VALUE linked child
- If you set up a linked booking with the child's start/finish times set to KEEP_VALUE, then then you try to manually modify the time on the child, then it would generate an infinite loop in the server (until it crashed a few seconds later).
- Issue: 2994
BUGFIX: Booking tooltips persist on screen without limit
- Suppose you have a custom booking tooltip configured and one of the property paths you have requested includes a nested property, so the path contains a period that is anything other than resource.type (which is handled specially).
- This then causes the tooltip content to be calculated on the server instead of directly in the browser.
- Then if you hover over a booking for the configured time to cause a tooltip to appear, and then move your mouse off the booking before the tooltip has been displayed, then the tooltip would stay displayed forever, or until you click somewhere or mouse your mouse back over and off the booking.
- Issue: 2995
BUGFIX: Error exporting a timed event that repeats every n seconds
- If you have a workflow that contains a timed event that repeats per-second instead of daily or weekly etc, then trying to export the workflow using the workflow manager's export button generates an error.
- Ticket: 6309
BUGFIX: Booking calendar pop-up showed created/modified date's time twice
- The date and time when a booking was created or last modified would show the date once, and then the time twice. For example:
  
  04 Aug 2021 09:26:19 09:26
BUGFIX: Cannot save permissions with conditions referencing meta-properties
- Ticket: 6313
BUGFIX: Couldn't upload attachments from the new user registration form
- The attachments would display on the user biskit.
- However, if you tried to download it later, you would get an empty file back.
- Ticket: 6166
BUGFIX: Exporting a workflow can generate an exception
- Ticket: 6309
BUGFIX: Booking tooltip paths leading to email addresses don't display
- For example, if you customise a booking tooltip to include "booker.email" then the email would display as blank in the tooltip popup.
- Issue: 2999
BUGFIX: CTMS Appointments & Events have null all-day instead of false
- CTMS Appointments and Events do not support being "all day".
- So when editing the bookings, the value of the "all day" setting was set to a fixed value.
- That value should have been "false", but it was set to "null".
- The result is that editing an old appointment (where all day was set to false) would mean that it thought the appointment was being changed, just by virtue of being edited because the all-day value was forced to change.
- Issue: 3000
BUGFIX: Edit/save CTMS subject and select old appointment fails to save
- Edit a CTMS Subject and select an appointment that is in the past, then save without changing anything and the server will complain that you are trying to change a past appointment.
- This happens if there are any dynamic properties on appointment.
- Issue: 3000
BUGFIX: Workflow recorder sometimes gave exception at boot time
- This problem was very rare, and would happen on average once every 65535 boots.
- Issue: 3002
BUGFIX: BookingType comparison conditions display badly in the workflow debugger
- When you have a workflow action or event with a condition that tests a BookingType value, then a recording of a Booking condition like this:
  
  Source #123 New.type equals SomeType
results in the recording showing: " equals " instead of showing something like "TypeA equals SomeType"
- Issue: 3005
BUGFIX: Workflow Debugger's step over did not work (forwards & backwards)
- The workflow debugger provided buttons to step over the current frame until reaching a sibling of that frame. There were two such buttons, one to go forwards and one to go back.
- The backwards one made no sense, and so has been removed.
- The forwards one did not go to the correct frame, but now does.
- Issue: 3008
BUGFIX: Conditions parser does not support JavaEnum values or identity conditions
- Conditions are parsed from a text string in a small number of places. For example:
  
  https://your.calpendo.com/#ba&type=Calpendo.CalpendoUser&action=view&condition=givenName/eq/'Jeremiah'
- This does not support JavaEnum property values or identity conditions.
- The syntax for referenced-by conditions is also a little odd/surprising.
- Referenced-by conditions use a syntax that required this:
  
  referenced-by-SomeBiskitType.some.path/referenced//EQ/1
- The double slash part (referenced//EQ) has now been shortened to "referenced/EQ", although the old syntax is still accepted.
- See Exprodo Railroad Syntax Diagrams
BUGFIX: UI does not reopen workflow actions and events on re-render
- If you display a workflow with multiple events in the workflow manager, and open up more than one event and optionally some of the actions within, then on switching between read-only and read-write mode (in either direction), only the event with the selection action will remain open.
- It keeps all the right actions open within that one event, but only that one event.
- It should reopen all the same events and actions so that the change between read-only and read-write mode is less jarring.
- The same thing applies in the workflow debugger when the heat map mode is changed.
- Issue: 3010

10.1.6 September 27, 2021

This includes everything in version 10.0.41, 10.0.42, 9.0.88, 9.0.89 and 9.0.90

Changes

Add support for permissions to specify a custom permission denied message
- Historically, we have always had a "permission denied" standard message when an action has been prevented due to permissions. There are some specific scenarios in which a custom message is provided, but there was no way to configure a permission to provide a particular message to users. This is an attempt to do that.
- The messages can be used in two ways:
  1. When a button is greyed out because of a permission, then the button's tooltip may contain the message from the defining permission.
  2. When a "Permission denied" message is displayed, then the defining permission's message may be included in the message.
- Note that this is not a perfect system for displaying messages that explain why you cannot do something. There are several reasons for this:
  - The permissions may apply in an order that means a different permission was the "definitive" one. That is, the one that was chosen as the cause of the final choice to deny you permission.
  - You might be denied permission because no permissions apply that would otherwise grant you the right to do something. In other words, you might find a "fallback" permission is the definitive one, and it is not normally useful to define a message on a fallback permission.
  - Some permissions may be quite generic in nature, and may not be a good candidate for providing a message.
- Another thing to notice is that if you wish to provide good messages to people, then it may be that you should create more permissions than you would otherwise require.
- For example, if you want to prevent somebody from deleting any instance of a particular data type, then you might do so with a fallback permission that applies to many data types.
- However, you might add extra permissions specifically targeted at that data type just so that you can provide a custom message for what somebody sees when trying to delete an instance.
- Issue: 3026
Add frames-by-type tab to workflow debugger
- When you have a recording of a workflow, it can be confusing to have an appreciation for the content of the recording and which frames are active for each action.
- To help with this, there's now a tab that lets you see things like what biskit update actions are there, and which frames run a biskit update, and which frames run a particular biskit update.
- This is a new tab that shows a tree with all the event/action types, then beneath that listing all the instances of that type, and then below that list all the frames for that event or action.
- Issue: 3031
Add frame selection history tab to workflow debugger
- When navigating around a recording of a workflow in the debugger, you can find yourself skipping around in different parts of the recording (that is, viewing different frames).
- When you do this, it would be useful to be able to go back to a frame you've previously viewed.
- To help with this, there's now a new tab that shows the history of all selected frames so you can easily see the history and select something from the history to go directly to it.
- Issue: 3032
Hide non-local passwords from UI
- The password and password-reset fields are now only displayed when displaying a local user.
- For non-local users, Calpendo does not use or store the user's password, and so it makes no sense to display a password property for them.
- Issue: 3041
Prevent conversion of user to become an Exprodo except by root/Exprodo user
- Regular users should not normally create a user set to use the Exprodo authentication method, nor modify an existing user to use an Exprodo authentication method.
- There was previously nothing to prevent a user being changed to become an Exprodo user, and now this is prevented except when done by root users or by an existing Exprodo user.
- Issue: 3042
Handle better case when rename biskit type with exists+path permission
- In 9.0, a fix was applied to prevent the server being killed by an exists permission whose targeted biskit type does not exist (along with other settings on the permission).
- In version 10.1, this situation did not affect production, but did prevent logging in on a development server.
- Issue: 3011
Remove "Project Membership Request" menu item from default Calpendo install
- Issue: 3037
Use UTC for time zone of date/time in formatted ID numbers
- Version 10 has changed ID numbers so that they now embed a date/time within them, which represents the time the ID was allocated.
- To make these numbers easier for people to read, the date/time part is formatted into a human readable form.
- Previously, the browser and the server would each use their own timezone to convert between the date/time part of the ID and a formatted version of it.
- This resulted in problems if the browser and the server were in different timezones, then a URL like this one:
  
  https://your.calpendo.com/#search&id=20210813.214615.0.1&autorun=true
would be interpreted incorrectly as the date/time would be converted to the wrong ID number.
- We could not ensure client and server used the same timezone to address this issue because the format used for the date-time in the formatted ID numbers does not specify a timezone, and so it is therefore ambiguous when used on a timezone with daylight savings. In particular, when the clocks go back from 2am to 1am, a time of 1.30am on that day could refer to any one of two times (before or after the clock change).
- To address this and bring in consistency, the date/time is now always formatted in the UTC timezone (GMT).
- Issue: 3020
Add global preference to allow choice of default project status
- Historically, new projects were always created with a default status of "Requested".
- We recently introduced "draft" as an option as well, for people to use when they wanted to save their project, but before they were ready for somebody to approve it.
- In order that existing customers can retain current behaviour, we've now added a global preferences option for the default project status, and this defaults to Requested.
- Anybody who wants to use the new Draft status should change the default project status in the global preferences to Draft.
- Issue: 3049
Allow mapped int & mapped string properties to display with radio buttons
- When you have a property that is a biskit, Java Enum or a String Enum, then the layout editor allows you to choose whether the value should be selected as default, with a drop-down, or by using radio buttons.
- We now extend this to add radio button support for mapped int and mapped string properties.
- Issue: 3052
Remove password hash from all non-local users
- Non-local users previously allowed a password to be entered when creating or editing the user. This was then stored as a hash of that password.
- However, this hashed copy of the password was never used for non-local users.
- The existing stored hash password is now automatically removed from the database and replaced with null for all non-local users.
- Issue: 3051
Require that searches for some date-based data types always filter by date
- If you search for bookings, then you are forced to have search conditions that filter by the booking date.
- There are other data types that, unlike booking which has a date range with a start and finish, have a single date.
- Some of these now enforce a requirement that search conditions must filter by date. This applies to all data types that are inherently date based, and for which searching without a date filter doesn't make sense.
- The affected data types are:
  - AuditLog
  - Calpendo.RemoteProcess
  - Calpendo.RemoteUserLog
  - ExprodoEvent
  - LoginAttempt
  - NetworkMetric
  - RecordedEmail
  - SystemUsage
  - WorkflowJournal
- Issue: 3060

Bug Fixes

BUGFIX: Multiple one-to-many properties with children in same table broken
- Suppose you have:
  - A biskit of type X which a sibling of type Y
  - Both X and Y are stored in the same database table
  - A biskit P which has a one-to-many property x storing a set of X
  - And P also has a one-to-many property y storing a set of Y
- and further suppose that there is NO third sibling Z such that:
  - Z is a sibling type of X and Y
  - Z is stored in the same table as X and Y
  - P has a one-to-many property storing a set of Z
- Then:
  - If an instance of P has anything in its set of X, then those things also appear in the set of Y (even though they shouldn't)
  - and anything in its set of Y would also appear in its set of X
- When you view the P in the UI, the fact that the set of X contains both X and Y, when it's supposed to be a set of X, causes those values to be displayed with lots of text markers.
- Examining the contents via a workflow would show the set of X actually contains an instance of Y (as long as the P has at least one Y, that instance will appear in both the set of X and the set of Y).
- Issue: 3012
BUGFIX: Change owner to null in booking popup and it does not notice
- If you:
  - Click in the calendar to create a booking for a resource that requires a project
  - Choose a project
  - Click on the owner and remove the option there (eg use the delete key)
- Then it does not show a yellow error message in the top-right corner telling you there's no owner (like it would with other sorts of error) and the "Create booking" button is still active rather than greyed out.
- Issue: 3013
BUGFIX: A one-to-many set of Attachments forced to its own layout tab
- When laying out properties on screen, we will put properties in tabs if requested to do so.
- Once its target tab is identified, then it would normally go into a table with all the other properties in that tab.
- However, some properties are considered "too complex" for that to happen, and they are given a tab to themselves.
- For example, a one-to-many that must show all the children.
- Now a one-to-many that is designed for showing attachments was also treated in this way and forced to its own tab, but it should not have been.
- Issue: 3018
BUGFIX: Debugger exception changing frame to one with unloaded parent
- When you search for recorded frames of activity in the workflow debugger, it might be that you specify times for the search that mean you only load part of a recorded run.
- When that happens, the frames you load might have a parent frame that is not present in the browser.
- In that case, stepping through the recording onto such a frame produced an exception.
- Issue: 3027
BUGFIX: System events & workflow debugger without millisecond accuracy
- In the system events page, it shows when events happen. It has support for millisecond accuracy, so long as the database is recent enough to support it.
- However, a new virgin database is not configured to record millisecond accuracy for system events.
- The same is also true for recording the start and finish of each step within a workflow. There is confusion around this though because each trigger records its duration as an integer, and it is a number of milliseconds.
- This can lead to display errors where the debugger knows that an action or event took a certain number of milliseconds, but that the actual start and finish times are recorded without it.
- So it can calculate, for example, that the total time for a fast workflow is zero seconds, and yet know that it was a non-zero number of milliseconds.
- So it may think that the time taken on an event or action is more than 100% of the total time.
- Also, a database that is configured without millisecond accuracy was not automatically updated to support it.
- Note that in order to have millisecond accuracy for system events and workflow recording, you need at least version 5.6 of MySQL 5.6 or MariaDB 10.1.2.
- Issues: 3015, 3029, 3030
BUGFIX: Booking type drop-down filters by permissions when it shouldn't
- Suppose:
  - you create permissions that prevent bookings where the booking's owner is not related to the booking's project.
  - that those permissions do not relate to the booking type at all.
  - that there are other permissions for creating or updating bookings that do relate to the booking type.
- and then suppose you try to create a booking where the booking's owner does not relate to the project.
- In that case, the filtering would use the permissions and believe that all booking types were not allowed, and so remove them all from the booking type drop-down, even though the permissions did not really say that.
- Issue: 3033
- Ticket: 6401
BUGFIX: Change booking value to make current type illegal resets it
- If you change a booking property that means permissions think the currently selected booking type is not allowed, then the currently selected booking type would be changed automatically and with the potential for the user not to notice.
- Issue: 3033
- Ticket: 6401
BUGFIX: Resource-based filtering of booking types defaults to rejecting all
- If you set up a one-to-many property on Resource, where the child contains a BookingType, then the values attached to a particular resource are used to filter the selectable booking types when creating or editing a booking.
- If you set this up, but the selection of values for a resource is empty, then it could default to showing no booking types at all in the drop down.
- This is inconvenient when it comes to adding this resource-based filtering when you already have many resources configured because they would all break until you edited every resource to add the allowed booking types.
- It's more sensible to default to allowing all booking types if none are configured on a particular resource.
- Issue: 3034
BUGFIX: Create booking with resource initially unset makes it unselectable
- There are three ways in which you can show a form to create a booking in which the resource is not initially set in the form.
- Whenever this happens, when you click in the resource box, there are no resources available to select and there's no way to choose a resource.
- The methods of producing a booking form in this state are:
  - Go to a search page and search for bookings. From there, click to create a booking.
  - Go to the bookings calendar with no resources being displayed at all and click in the calendar to create a booking.
  - Go to the bookings calendar with at least one resource being displayed. In the right hand edge of a day column, there's space to click that's not in the column for any particular resource. Click there and it shows a booking pop-up without a preselected resource.
- Issue: 3038
BUGFIX: List report shows repeat bookings as having same start/finish time
- If you have a repeat booking, and show a list report to include multiple instances of that one repeat, then the list report would show them all as having the start/finish time from the first instance.
- Issue: 3044
BUGFIX: Click on repeat booking in list and shows time for first instance
- When a list report shows repeat bookings, then clicking on one of the repeat bookings would show the details for it, but with the date/time of the first in the series of repeats regardless of which instance in the series was clicked.
- Issue: 3045
BUGFIX: Click on repeat booking calendar icon shows first repeat instance
- When you display a booking form for a repeat booking (whether from the calendar or a search page), then you see a calendar icon to the right of its start/finish date/time. When you click it, it takes you to the calendar and it highlights the selected booking.
- However, it always highlights the first instance of a repeating sequence, even if you clicked the calendar icon next to a later instance in the repeating sequence.
- Issue: 3046
BUGFIX: System does not boot if fop.xconf file is missing
- If there's a problem with the deployment procedure such that the file fop.xconf is missing from WEB-INF/classes, then this prevented the system from booting properly.
- This is now handled more gracefully, and generates an error message.
- Issue: 3050
BUGFIX: Non-local users created store a password hash
- If you create a non-local user, then we no longer ask for a password, or allow a password to be entered.
- However, the users table still stores a hashed password, albeit a hash of an empty password.
- This isn't a security error, but it might look like one.
- Issue: 3051
BUGFIX: Exception using back button to return to initial stepped-edit page
- If you edit a biskit that uses stepped-editing, and you choose to edit it in steps, then click a Next button, and click the browser's back button would generate an exception.
- Issue: 3053
BUGFIX: Repeat icons on bookings don't always display when they should
- A problem was introduced along with the 10.1 support for booking display flags.
- Issue: 3054
BUGFIX: Output tab in workflow manager shows "Properties on undefined"
- When you go to the workflow manager, select an action or event, and look at the "Output" tab, it tells you all about the outputs of that action or event.
- This includes all the properties in that output.
- Also, if there are any biskit-valued properties, it shows a child entry for properties on that biskit, using a header of the form "Properties on X", where X is the label of the BiskitDef.
- But some BiskitDefs are dynamically-generated by the workflow manager and don't have a label, and so for those it showed "Properties on undefined" instead of something more sensible.
- For example, a UserWorkflowEvent includes a FormContent and UserWorkflowEventResponse, both of which used to have this problem.
- Issue: 3056
BUGFIX: Scheduled reports can't record full content of outgoing emails
- When recording the full content of outgoing automated emails is enabled, then all automated emails should be recorded. However, something went wrong with scheduled reports that meant the recording failed.
- Issue: 3058
BUGFIX: Authenticating via an Exprodo authentication method logs nothing
- You can set up one Exprodo database to be the authentication source for another.
- When this happens, and a user authenticates successfully or otherwise, there are no records on the authentication source about the attempt.
- There is now a system event for each such authentication attempt.
- Issue: 3061

10.1.7 September 29, 2021

Bug Fixes

BUGFIX: No cancellation reasons are selectable if resource specifes none
- If a resource has no cancellation reasons listed (which is normal in 10.0 and earlier) and somebody tries to cancel a booking, then there are no reasons selectable.
- One should take a lack of reasons in the resource to mean all reasons apply.
- This bug was introduced in 10.1.1.
- Issue 3062
BUGFIX: Flags shows as editable field when creating a booking
- Flags should never be manually edited because they are automatically calculated depending on how you configure what flags should exist on which bookings in the resource editor.
- Flags are intended for viewing directly on the calendar, so they are now hidden completely in the booking pop-up.
- Issue: 3064
BUGFIX: Upgrade from 9.0 to 10.0 does not convert all initial page URLs
- When the global preferences setting for the default initial displayed page references an ID number, it handled the case where the URL included something of the form "&id=NNN&" where NNN is a number.
- It would then correctly modify that to something that referenced the same ID but after the 10.0 conversion of ID numbers has taken place.
- However, if the URL ended with "&id=NNN", which it sometimes does, then this was not converted.
- We now handle both situations.
- Issue: 3063

10.1.8 September 29, 2021

Bug Fixes

BUGFIX: Booking biskit-valued drop-down filtering sometimes over eager
- Suppose you have two properties A and B that you add to Booking that store references to a user (in addition to the static/built-in properties).
- Suppose you have a permission that denies the right to create a booking when A is not a member of some user group X.
- Suppose you have another permission that denies the right to create a booking when B is not a member of some user group Y.
- Then what should happen is that the drop-down for A should only show those users in user group X, and the drop-down for B should only show those users in user group Y.
- But what is happening is that both drop-downs would offer no values at all.
- Issue: 3066
BUGFIX: Registering new user for external proxy auth gives NPE exception
- If you have an authentication method that works via shibboleth, then attempting to register a new user generates an exception.
- This bug was introduced in 10.1.6
- Issue: 3067

10.1.9 November 8, 2021

Changes

Allow workflow debugger recording for a specified time limit
- The way you turn on and off the recording of workflows has changed.
- The global recording all workflows is no longer a simple on/off switch, but is instead something with a time limit.
- This means that when you turn it on, you will do so for a limited period of time so that if you forget about it, it will automatically stop recording when the time limit you have set expires.
- Similarly, when you turn on recording for individual workflows, then this will also be for a time limit that you must set.
- Finally, each individual event and action can have its recording enabled or disabled. When recording is enabled for a workflow, then its events and actions are only recorded if they are each set to enable such recording. Events and actions enable recording by default, but the workflows themselves have recording disabled by default which means nothing is recorded unless you turn it on.
- The global recording time limit and workflow-specific recording time limit are both set in the workflow debugger.
- You can also see and change the workflow-specific recording time limit in the workflow manager by looking at the "Debug" tab for a workflow.
- To see and change the settings for an individual event or action, click on it and then look at its "Debug" tab.
- The selection of whether to record an event, action or workflow is not a property of the workflow, but is stored separately. This means a change in the recording settings does not result in a new audit log entry for the workflow itself. You will, however, see audit log entries for Workflow Debug Setting, and its three subtypes:
  - Workflow Debug Global Setting
  - Workflow Debug Workflow Setting
  - Workflow Debug Trigger Setting
Disable recording of system events for newly created workflow events
- System events will be off for any new workflow events created unless one manually turns them on.
- In general, recording via the workflow debugger is much preferable as a means of working out what a workflow is doing.
- Issue: 3077
Add better error message when permissions reference a deleted property
- Suppose you:
  - set up a permission to deny EXISTS on a biskit X
  - add a condition in the permission on property X.foo
  - go to the bakery and rename or delete X.foo
  - update the schema, reload the database and refresh the browser
  - go to Search->Search and search for X
- then you get an exception complaining about X.foo but it doesn't tell you anything about where that reference is (ie that it was a permission or which permission it was).
- The message now tells you which permission is at fault.
- Issue: 3079
Allow XSLT stylesheets to access anything in context
- Suppose you want to apply a transformation to some XML generated from a list of biskits.
- The XML you would get would not include full details of any biskit-valued properties, but would instead tell you the type and id of them instead.
- If you want your output to include properties of those child biskits, then you would need to merge in a second XML file that includes the data you want.
- You can do this in an XSL stylesheet containing something like this:
<xsl:variable name="types" select="doc('exprodo://INDEXED16.list')//root/item/biskit"/>
- where action #16 is something that has a list of biskits.
- Then you can reference a property on those biskits with something like this:
<xsl:value-of select="$types[id=$typeid]/properties/name"/>
- This picks out the item from the "types" variable that has the ID given by $typeid, and then pulls out its name property.
- None of this worked before now because a stylesheet would fail when trying to use this:
<xsl:variable name="types" select="doc('exprodo://INDEXED16.list')"/>
- Issue: 3091
Add CSS classes to allow biskit pop-ups to have CSS targeted at biskit type
- When you click on a row in a list of biskits, you get a pop-up.
- That pop-up now has CSS classes on it that reference the biskit type, and so you can change the display for a particular biskit type using CSS.
- Issue: 3092
Add number of calls to the frames-by-type tab in workflow debugger
- The frames-by-type tab in the workflow debugger now shows how many times each action has been called, and how much time was spent in it.
- Issue: 3100

Bug Fixes

BUGFIX: database analysis tool misreports table actual_usage_cache as unused
- The table actual_usage_cache is used for providing a temporary cache of incoming actual usage information, for example when using CAR (Calpendo Activity Recorder).
- But the database analysis tool in the bakery erroneously claimed this table was unused.
- Issue: 3075, 3081
BUGFIX: Database analysis tool fails if optional tables do not exist
- The tables virgin_config and _warnings might exist in some systems.
- virgin_config is used when a new system is first created.
- Its contents are not needed after that point.
- _warnings is sometimes created during a major upgrade of the system to record warnings related to the upgrade. Again, it's not needed after the upgrade has completed.
- So these tables may or may not exist. However, the database analysis tool in the bakery fails if they do not exist.
- Issue: 3069
BUGFIX: "JSON parsing failed" error message after parsing iBoot data
- Suppose you use the fromJSON workflow function to parse some JSON, and you don't have a BiskitDef that describes what it contains.
- Suppose further that you give it some JSON which contains somewhere within it a JSON object that contains only one value.
- Then in that case the parsing will fail and generate an error message "JSON parsing failed".
- Issue: 3073
BUGFIX: xmlEscape workflow function included broken help text
- The help text tried to show the kind of changes to XML that it would perform.
- However, ironically, the XML was not properly escaped and so did not display properly.
- Issue: 3078
BUGFIX: Upgrade 9.0 to 10.1 fails when using MySQL
- When using MySQL rather than MariaDB, the upgrade from 9.0 to 10.0 or 10.1 fails because of various syntactical differences between them.
- Issue: 3076, 3080, 3082, 3083, 3084, 3085, 3086, 3087
BUGFIX: Upgrade 10.0 to 10.1 mishandles function to add/remove long to list
- If you have a workflow function call to add a long value to a list of long values, or to remove a long value from a list of long values, then the upgrade does not work properly because the function signature has changed slightly, and it does not recognise old calls as being to the same function.
- In version 10.1, long-valued properties now have a sub-type that says whether they store a primary key or not.
- This means the function signature now indicates the returned list is of the same type as the one passed in.
- Issue: 3088
BUGFIX: Typecast action's biskit.id unusable as argument to long function
- Suppose:
  - You create a workflow with a User Workflow Event
  - you add a Typecast action that casts the event's biskit to something BiskitDef (eg Booking)
  - You add a function action that calls formatpk(Long) (or indeed any function that takes a long value)
- Then you can't select the Typecast action's biskit.id as an argument for the function. It isn't offered on the drop-down.
- Issue: 3090
BUGFIX: Cannot reset default project back to none from bookings calendar
- The bookings calendar lets you choose how to display templates in the background.
- One of the options is to show the templates as they would look for your default project.
- It also lets you change your default project.
- However, while it lets you change your default project, if you tried to reset to having no default project from this same drop down, then it would have no effect.
- Issue: 2992
BUGFIX: Upgrades from 9.0 do not notice calls to custom func with pk param
- If you have a custom function that in 9.0 is defined to take an integer parameter that is declared to contain a primary key, then on upgrading to 10.0 or later, the function parameter is converted to a long primary key.
- However, any actions calling this function become disconnected.
- This is not thought to be a common problem, and so the upgrade has been changed to generate warnings in this situation so that whoever does the upgrade will be aware of the problem and take suitable action.
- Issue: 3095
BUGFIX: ForEach actions show their time incorrectly in the workflow debugger
- When a ForEach action runs, particularly one whose child actions take a long time, then the debugger will show that the time for the ForEach action itself is LESS than the time taken for the ForEach action plus its children.
- This was clearly nonsense.
- The recorded information was incorrect. It thought the time taken in the ForEach was only the time taken for the last iteration in which it ran.
- Issue: 3099
BUGFIX: Showing references to a biskit can give an error
- Suppose:
  - you have a biskit of type X
  - A biskit of type Y has a reference to an instance of X
  - Y.foo is a property that stores a biskit (of any type)
  - The sort property on Y is set to foo
- Then when you select this instance of X and click the "References" button, it gives an error.
- Issue: 3101
- Ticket: 6768
BUGFIX: Edit property-level permission can forget property it applies to
- When a permission says it applies to a particular property, then when you first edit it, the property says the type of biskit the permission applies to is not set (even when it is).
- If you save the permission in this state, then the property it applies to is forgotten so that the permission will then apply not to the previously selected property, but to the whole biskit.
- Issue: 3074
- Ticket: 6629
BUGFIX: Workflows exported from 10.0.3 to 10.1.8 not loadable in 10.1.9
- Version 10.0.3 added a recording_enabled column to the workflows table.
- This is no longer required in 10.1.9 and later.
- However, removing the column meant that workflows exported from 10.0.3 to 10.1.8 would result in that workflow not being importable.
- We now support the presence of the recording_enabled column despite it being unused, with this being purely for backwards compatibility reasons.
- The bakery's database analysis tool shows this column as being present for this reason.
- Issue: 3102

10.1.10 November 26, 2021

Changes

Change booking calendar background template display resolution to 15 mins
- The calendars (booking, template and resource usage) have all been changed so that instead of displaying the background boxes with a resolution of 30 minutes, they are now every 15 minutes.
- This means that the background templates displayed on the bookings calendar will also now be shown to a 15 minute resolution.
- Issue: 3103
Add to workflow recordings whether failure was caused by children
- When an action fails and generates an exception, a workflow recording records that exception as having happened in the action.
- It also records the exception as having happened within the parent action as well.
- This made it difficult to tell which action was the cause of the exception.
- There's now a new property in the recording called "childrenFailed".
- This is true when the children of an event or action had a failure of some sort.
- This can be used to tell whether an exception on an event or action has come from the event or action itself, or from one of its child actions.
- Issue: 3115
Add filter to the workflow debugger's frames-by-type tab
- This allows you to filter the displayed items so that you might more easily find things from the recording that has been loaded.
- This allows you to search for frames where:
  - The conditions were true/false/maybe
  - The first-child-only limitation was applied (or not)
  - It is marked as having an error (which includes child actions having error), or not
  - It ran okay, or not
  - The child actions has a failure, or not
  - Some free text you enter can be found in the various text properties in the frame.
- Issue: 3113;

Bug Fixes

SECURITY BUGFIX: Permissions to deny READ on some projects fails
- Create a permission that denies READ on some projects, and then refresh your browser and go to a list of projects and it shows all the details in the list.
- A group report would show the details as hidden.
- This problem was discovered specifically for projects. The report itself was running correctly. That is, the report ran and correctly hid the information it should hide. When the data reached the browser, it linked in with data that was already in the browser, and that is what produced a display of data it should not have done.
- The actual problem was that the initial data download performed at login time included information that should have been hidden.
- This was a bug specific to properties that store a set of other biskits, and while this problem has only been observed with project data, it is possible that it was also affecting other data.
- This bug did not affect projects in Calpendo 9.0 because of a difference in behaviour that meant the buggy code was not used for projects. This is actually a very old bug that has been exposed by the change of behaviour relating to users and projects in Calpendo 10.
- We have not seen any evidence of the problem manifesting in any other situation, but it is possible that it may have done so.
- This means that where some data is stored as a set of objects attached to something else (like projects is stored as a set related to a user), and permissions indicate the contents of that set should be hidden in some way, then it is possible that an existing user on your system could have seen more information than they were meant to.
- Issue: 3112
BUGFIX: Bakery error on validate if Config not set id column in database
- If the database entry for the BiskitDef of 'Config' is set up such that it does not specify which column is used to store the ID of the config, then clicking the "Validate Biskits" button in the bakery generates a warning message that says:
  No effective id column name found for Config
- Issue: 3097
BUGFIX: Force logout on password change only applied if change own password
- There's a global preferences option that lets you choose whether a user's password being changed should force them to log out.
- This was only applied when a user changed their own password, using the standard password reset facility.
- It was not applied when their user record was edited and the password changed that way.
- This means that an admin might change somebody's password, and existing sessions were not automatically ended.
- You can always work around this by deleting the Exprodo Session for the user. This is how you force-logout a user.
- Issue: 2879
BUGFIX: Workflow permissions roles ignored when checking booking templates
- Workflow actions can all specify user roles and a user type that should be used when checking permissions during the action. This will cause permissions to be checked both for the actual user running the workflow and a pseudo user created with the role/type specified.
- When a workflow creates or updates a booking, then the templates are checked.
- However, the roles specified on the workflow action were not used when checking templates (since they're not strictly permissions).
- This has now been changed so that if a biskit create action or a biskit update action specifies roles or a user type, and if the templates reject the booking, it now checks templates again using a temporary pseudo user created with the roles and user type specified on the workflow action.
- Issue: 3104
- Ticket: 6791
BUGFIX: Storing an attachment on a dynamic biskit in a workflow fails
- If you set up a workflow to create a new attachment and then store it onto a newly created biskit (that is not a built-in biskit type), then saving the biskit fails.
BUGFIX: CustomTreePage mishandles click on empty bit-set group
- Suppose you have at least one user with no roles at all and you create a new menu item that shows a Custom Tree Page of users broken down by role.
- Then it will show a tree of all users, with the roles at the top level and below it the users containing that role.
- Where you have users with no role, it will show "(No roles set)", with the users with no roles below that.
- However, if you click on "(No roles set)", then it gives an exception.
- This applies whenever you should a Custom Tree Page and break down the biskits by a bit-set property for which at least one biskit has none of the values in the bit-set.
- Issue: 3117

10.1.11 December 7, 2021

Bug Fixes

BUGFIX: Edit Biskit create or update action with error generates exceptions
- Suppose you have a biskit create or a biskit update action that has an error in it.
- For example, it is configured to write an integer value to a string property, or trying to store a biskit of one type into a property that requires a biskit of another type.
- If you then edit this workflow, you will see an error relating to this problem (as expected).
- If you then click on this create/update action, you see an error again (as expected).
- However, if you then click on any other event or action in the workflow, then you will see an exception message pop-up.
- Issue: 3122
BUGFIX: Booking report showing lastRepeat gives exception on non-repeats
- If you create a report that shows bookings and it includes displaying a column for the lastRepeat property, then whenever there are non-repeating bookings present in the report, it gives an exception.
- Issue: 3019
BUGFIX: Converting a Repeat booking into a non-repeating one causes an exception
- Issue: 3119
BUGFIX: Converting non-repeat booking to repeat asks which repeats affected
- If you edit a non-repeating booking and add a repeat to it, then it asks which repeating instances should be affected by the change, with a choice of this item, this and later items or all items.
- The question is bogus and should not be asked in this context.
- Issue: 3123
BUGFIX: Store BiskitDef value in property expecting a BiskitDef gives error
- Suppose you create a workflow that does this:
  1. Create a "Define Constants Workflow Action" that includes a value that stores a BiskitDef.
  2. Add a child action "Create BiskitDef Workflow Action" that generates a BiskitDef on-the-fly.
  3. Add a child action "Biskit Update Workflow Action" that assigns that generated BiskitDef to the constant.
- Then when you click on the update action, or when the workflow is rendered (eg on save or on edit or when clicking on it) then it displays an error that complains that you are assigning a non-BiskitDef value to a property that stores a BiskitDef.
- Issue: 3125
BUGFIX: Subroutine outputs not initialised to default values specified
- If you create a subroutine in a workflow, and the definition of the outputs from the subroutine include setting a default value, then you would rightly expect that those outputs would be initialised to the values you specify.
- However, this is not happening so that the initial values of all outputs from a subroutine was always null.
- Issue: 3126
BUGFIX: Database dump fails on some systems
- An attempt to dump the database was found to fail on one customer installation.
- This has been modified so that it works on that system as well as others.
- The error message was:
  
  No such column: 'Table'. 'table' must be in [, view, .create view, character_set_client, create view, .character_set_client, .collation_connection, .view, ., collation_connection]
BUGFIX: Save workflow and it sometimes displays the old version
- When a workflow contains a Call Subroutine action and the Define Subroutine action that it references, then sometimes (depending on the order in which events in a workflow are written out) you can edit the workflow, and while it saves correctly, it then displays the old version of the Call Subroutine Workflow Action.
- If you were not to notice this, and edit and save again, then the old version of the Call Subroutine would be saved in place of the correct one.
- Issue: 3127
BUGFIX: Bookings do not show the title property
- Bookings have a "title" property.
- In version 9.0 and earlier, this property was almost always hidden because the name does not reflect a valid purpose for a booking.
- However, some Calpendo systems were configured to use this property with an alternative display label.
- In version 10.1, the title property was forcibly hidden instead of relying on a layout to choose or, when using the default layout, relying on the visibility settings in the bakery for this property.
- For most customers, this doesn't matter. For those few that were using this property, it does matter.

10.1.12 December 9, 2021

Changes

Add support for import to parse ISO formatted date times
- When importing using both the file import utility and the Import Workflow Action, we can now parse date-time strings like:
  - 2021-12-02T08:45:31.123Z
  - 2021-12-02T08:45:31.123+0200
  - 2021-12-02T08:45:31.123+0430
  - 2021-12-02T08:45:31.123+02
  - 2021-12-02T08:45:31.123-0230
  - 2021-12-02T08:45:31.123-02:30
- This is useful for those external systems that format dates in ISO format.
- Issue: 3132
Add support for workflows to typecast a list as well as a single biskit
- Type Cast Workflow Action is one which you give a BiskitDef and a Biskit.
- If the Biskit is of the type indicated by the BiskitDef, then the child actions will be run, and the output of the typecast provides the Biskit and allows you to use it as the BiskitDef declared in the action.
- This has now been extended so that you can now optionally provide a list of biskits instead of a single biskit, and it will filter the list so that the resulting list will contain only those biskits of the declared type.
- The child actions are run if any of the biskits are of the desired type.
- Issue: 3134
Make long single-line text easier to read in workflow debugger output
- When the output of an action includes a string value that only contains a single line, but it is very long, then we now display it using the same widget that displays multiple lines so that it displays better.
- This applies to string values that are longer than 80 characters.
- Issue: 3135
Improve labels on BiskitDefs generated by Create BiskitDef action
- When you add a Create BiskitDef action to a workflow, it will generate a new BiskitDef, and assign it the represented biskitType that you specify in the action.
- You don't get an opportunity to specify your preferred labels for the BiskitDef. These were automatically created to be like "Generated 274".
- If you use the generated BiskitDef in the workflow, so that an action produces a biskit of that type, then the "Output" tab shows it to be a biskit of type "Generated 274" or similar. This is counter-intuitive, and not very helpful.
- The labels are now auto-generated based on the represented BiskitType that you assign in the Create BiskitDef action.
- Issue: 3136

Bug Fixes

BUGFIX: Import Workflow Action does not auto-convert source string values
- When using the file import facility, the source is always a CSV file, and therefore is always comprised of string values.
- It then converts these appropriately to allow the import to work.
- However, the Import Workflow Action deals with conversion of biskits from one form to another, and it was not configured to use the same conversion as the file import utility when the source properties are strings.
- This should now work properly.
- Issue: 3131
BUGFIX: Type Cast Action output doesn't work well with generated BiskitDef
- If you use a Create BiskitDef action to create a BiskitDef, and perhaps store it in a Define Constants action, and use the generated BiskitDef as the type to cast a biskit to in a Type Cast action, then the UI would not treat the resulting type of the Type Cast output as the generated type.
- Instead, it would only treat it as having whatever type the generated BiskitDef's supertype was.
- For example:
  - Given any pre-existing BiskitDef "Foo" available in the bakery
  - Use a CreateBiskitDef action to extend Foo and add one or more properties
  - Put that CreateBiskitDef inside a Define Constants action
  - Somewhere else, use a Get Constants action to fetch the value of the constants so that the generated BiskitDef is available
  - Add a Type Cast action as a child of the Get Constants, and use the generated BiskitDef in the constants as the type to cast the biskit to.
  - Now anything that uses the output of the Type Cast action will treat the cast biskit as if it were a Foo, and would not treat it as having the additional properties that were added to it in the Create BiskitDef action.
- Issue: 3133
BUGFIX: Manually run timed event writes unformatted PK to system event
- If you go to the workflow manager, click on a Timed Workflow Event, and click "Run Now", then an entry is written into the system events.
- It gives the primary key of the workflow event, but it's not formatted the way all IDs are in version 10, and it doesn't show the workflow information or the name of the event.
- Issue: 3139
BUGFIX: one-to-many properties on bookings prevent creating booking
- If you add a one-to-many property to a booking, and then create a booking and add some items to the one-to-many collection and save the booking, then you get an exception.
- Ticket: 6923
- Issue: 3140

10.1.13 December 10, 2021

Changes

Increase number of custom properties allowed in Lite from 15 to 20
- Issue: 3148

Bug Fixes

BUGFIX: Error viewing bookings if permissions hide booker or project
- This is a temporary fix, with full fix to come in 10.1.14
- Issue: 3141
- Ticket: 6933
BUGFIX: Booking pop-up prevents save due to unset type even after set it
- If the type is required on a booking, and it's the last thing you change before wanting to finish creating the booking, then Calpendo would not let you save the booking.
- It would instead tell you that the type needed to be set, even though you already had. It hadn't noticed that you had already chosen a value for it.
- Issue: 3144
- Ticket: 6934
BUGFIX: Booking.title property being displayed when unassigned in layout
- Properties marked as not visible in the bakery should not be displayed when the layout does not specifically have an entry for that property.
- In other words, when the property appears in the "unassigned properties" list, it should not be displayed if it is marked as not visible.
- This applies either when marked not visible or not visible in biskit detail.
- Issue: 3145
BUGFIX: Calendar grid and hours misalign if choose odd pixels per 30 mins
- Now that the calendar grid shows 15 minute markers, it means the calendar is drawn with a set number of pixels per 15 minutes.
- But the settings lets you choose a number of pixels for 30 minutes.
- This means the value actually in use is half what you enter.
- However, the hours listed to the left of the calendar use exactly the number you enter without halving it.
- That meant there was a misalignment if the number of pixels you entered was an odd number rather than an even number.
- Issue: 3142
- Ticket: 6918
BUGFIX: Create copy of project assigns status to draft, not global pref
- Global preferences allows you to choose whether a newly created project should have a status of Draft or Requested.
- When you create a copy of an existing project, it was assigning it a status of Draft, regardless of the global preferences setting.
- Issue: 3138
BUGFIX: Drop-downs can show only ID numbers instead of proper names
- There were circumstances under which a drop-down of items could show the ID numbers for each item instead of the correct name for it.
- Issue: 3137
- Ticket: 6876
BUGFIX: View old ExprodoLicence instances gives an exception
- Old licences did not have a value for whether to prevent attachments from being deleted, or whether to require a comment when deleting data or whether to prevent deletions from the audit log.
- Consequently, if you search for Exprodo Licence, and then click on an old value, it would display an error.
- Issue: 3146

10.1.14 December 11, 2021

Bug Fixes

BUGFIX: Error viewing bookings if permissions hide booker or project
- This is the complete fix that was started in version 10.1.13.
- Version 10.1.13 left it so that when the booker, owner, type, title or description on a booking was supposed to be hidden, according to permissions, then it would simply display as blank on the booking form.
- This now displays the word "Hidden" instead.
- Also, if you should want to permit somebody to edit a booking despite not being able to view the value of any of these five properties, then you can now do that. You just can't modify any of the hidden properties.
- Issue: 3141
- Ticket: 6933

10.1.15 December 13, 2021

Bug Fixes

BUGFIX: Filtering dynamic booking drop-downs can display nameless values
- Suppose you have a custom booking property that stores a biskit value
- and suppose there is some filtering on that (for example by the resource having a collection of allowed values)
- then it is possible that the drop-down will show items with the ID of each item and not their correct name.
- Ticket: 6947
- Issue: 3149

10.1.16 December 16, 2021

Optimisations

Optimisation: Booking update from workflow slow when permissions apply to project.users
- If you have UPDATE permissions on bookings that apply (or don't apply) to project.users
- and if you have a reasonably large number of users and projects
- and you have a workflow that updates a booking after the booking ha been created
- and you create a booking for a project that has 20 or so users
- then it takes a long time to create the booking
- This was fixed with an optimisation in the code that should cause no side-effects other than making it faster.
- Issue: 3130
- Ticket: 6845
Optimisation: Avoid unnecessary load from database to determine biskit type
- The server deals with objects that are not fully loaded from the database.
- Sometimes, it tries to work out what the biskit type is, and this can force the biskit to be loaded from the database.
- However, in some circumstances, it's possible to work out the answer without paying the price of loading from the database.
- Issue: 3150
- Ticket: 6933
Optimisation: Avoid unnecessary naming of Booking.projectResourceSettings
- When bookings are sent to the browser, each of the biskit-valued properties on there have their name calculated in the server so that the browser can properly display them.
- However, this name calculation can be disproportionately slow for the Booking.projectResourceSettings property as it can require loading projects and users from the database.
- Moreover, the name of this property is not normally displayed in the browser.
- So we now avoid calculating the name of this booking property and this makes things faster.
- Issue: 3150
- Ticket: 6933

Bug Fixes

BUGFIX: Booking content shows badly for biskit whose name is another biskit
- Suppose:
  - You have a biskit-valued property on a booking
  - and you arrange for this property to display in the body or title of a booking on the calendar
  - and that biskit-valued property gets its name from a biskit-valued property it contains
- Then the calendar will show the name using a type and ID number rather than using a proper name.
- Issue: 3151
- Ticket: 6948
BUGFIX: Exception if add variable for an abstract workflow action type
- This problem is only evident when you are in debug mode.
- In a Define Constants Workflow Action or a Create Variables Workflow Action, if you add a new variable of type Biskit, and then type "Bi" for the type, it will default to BiskitCreateOrUpdateWorkflowAction.
- This then shows an error.
- Issue: 3152
BUGFIX: Bookings that should have no project sometimes assigned one anyway
- When a user makes a booking and there's only one project that can possibly be used, then that project is automatically selected.
- As soon as there are multiple possible projects selectable, then no project is auto-selected unless the user also has a default project set in their user settings.
- When a project is auto-selected in one of these two ways, this happens all the time - even if the resource being booked is one that should not have a project associated at all.
- Issue: 3154
- Ticket: 6944
BUGFIX: Save workflow and it might not save all changes
- This problem relates to something supposedly fixed in 10.1.11 which was not yet right. It relates to changes to workflow actions that are in a DefineConstants, DefineSubroutine or DefineInterface or in any of their child actions.
- Changes made to a DefineConstants might not get saved.
- The earlier problem was one in which a change did take place, but the UI showed the old version.
- Both of these are related to the order in which items are written out into the JSON message sent over the network.
- In particular, it relates to situations in which you have something in JSON which stores only a biskit type and ID, and then later on in the JSON it provides the full detail of the biskit.
- This should now be properly handled with a general solution to the problem of how to parse data written in this order.
- Issue: 3127
BUGFIX: View old ExprodoLicence instances gives an exception
- Old licences did not have a value for whether to prevent attachments from being deleted, or whether to require a comment when deleting data or whether to prevent deletions from the audit log.
- Consequently, if you search for Exprodo Licence, and then click on an old value, it would display an error.
- This was partially addressed in version 10.1.13, but the problem still remained.
- Issue: 3146
BUGFIX: The Booking pop-up shows the "title" property read-only
- The property Booking.title is seldom used.
- The information shown in the title bar of a booking is auto-generated and not related to the Booking.title property.
- This property would be removed, but some people are using it.
- However, this property is currently always displayed read-only, even when it's supposed to be read-write.
- Issue: 3161
BUGFIX: Month calendar navigator jumps 2 months if click on bottom row
- On a calendar page, there is a month navigator in the top left.
- This lets you quickly select the month you're interested in.
- The first few days of next month are shown in grey at the bottom.
- If you click on one of these, then the calendar switches to the correct date, but the month navigator jumps forward two months instead of one.
- Issue: 3159
BUGFIX: Cannot save UserSettings with custom integer property added to it
- Issue: 3162
BUGFIX: User setting for first day of week ignore for calendar month nav
- The month navigator in the top-left of the bookings calendar, as well as every date drop-down ignores the user's setting for the first day of the week.
- It was, however, using the global preference setting for the first day of the week.
- Issue: 3158
BUGFIX: Copy a booking to new resource and it doesn't auto-change resource
- If you copy a booking in the calendar, and then click in the column for another resource, it should show you a booking form for the new resource, but pre-populated with values from the booking you copied.
- However, it was leaving the resource set to the original resource instead of the resource whose column you clicked in.
- Issue: 3157
BUGFIX: TypeCast action gives an exception when biskit not of desired type
- When a TypeCast action runs, and you use it to test a single biskit rather than a list, then when you give it a biskit that is not of the desired type, it generates an exception.
- This bug was introduced in version 10.1.12
- Issue: 3163
BUGFIX: Unable to create repeat bookings
- When trying to create a repeat booking, it gave an exception.
- This bug was introduced in version 10.1.11
- Issue: 3156
BUGFIX: Giving wrong old password when forced to reset it tells you nothing
- If you have a local account and it has been changed to indicate you must reset your password, then when you log in, you are shown a password change popup.
- If you enter the wrong old password, then it would not tell you anything was wrong, but would show an extra password-change popup right over the top of the previous one, with a message saying "Updating password...", so it looked like the update had hung.
- Issue: 3165
BUGFIX: Relogin after forced password change leaves page blank
- If you have a local user account and your account is configured so that you must reset your password, then if you try to log in, you will be forced to reset your password. You enter your old password a new password, and apply the change.
- When that happens, it then leaves the whole page completely blank.
- If you were to refresh the browser, then you would find that the password change had happened.
- Issue: 3166
BUGFIX: Create & save to DB a new biskit of a temporary BiskitDef exception
- Suppose:
  - you have a workflow that uses a "Create BiskitDef" action
  - You add a Create Biskit action, and tell it the type of biskit you want to create is the BiskitDef created in the previous step
  - You also configure the CreateBiskit action so that it saves the new biskit to the database
- Then this will produce an exception with an unfriendly message.
- The problem is that since the BiskitDef is temporary, there won't be a table for its biskits in the database.
- That means any attempts to save instances of biskits of that type would fail.
- Issue: 3167

10.1.17 December 17, 2021

Bug Fixes

BUGFIX: Booker and Owner showed as "null ()" on bookings for some systems
- For some systems, the booker and owner show up incorrectly in read-only mode on the bookings calendar.
- Elsewhere they show correctly.
- This is a display problem only and not a problem with the data.
- Issue: 3169

10.1.18 December 21, 2021

Changes

Show the "Create" button consistently for all report types
- When running a report, the appearance of a button for creating a new item varies depending on which type of report you're running.
- A list report and single report would both have a create button show as soon as you select the report type.
- Whereas:
  - a group report and summary report would only show a create button after you'd run the report and clicked on one of the displayed groups
  - and a Kanban report would never show a create button
- This all happens consistently now. As soon as you select the report type, a create button appears.
- This means you can always create a new item without first having the run the report.
- Issue: 3172
Add to bakery "Validate Biskits" to check whether names might include hidden values
- You can choose how a biskit's name is generated.
- This can be from a single property (using the name-property-name setting) or from multiple properties (using a format specifier).
- When a name comes from one or more properties, and there are permissions that sometimes hide one of those properties from some people, then it might be that the formatted name includes something that should be hidden.
- This wasn't previously a problem.
- However, there are now some optimisations in place that mean it is possible in some circumstances for this to generate a data leak.
- That is, a biskit's name might be generated and include some property that is later hidden from the user.
- Specifically excluded from this check are any READ permissions that target the user ical_viewer (and only that user).
- The iCal feed is quite careful about these things, so it is not believed that there can be a security leak with a biskit name using hidden values in the iCal feed. For example Calpendo by default hides the resource name from ical_viewer. This results in the booking being hidden from the iCal feed.

Security Bug Fixes

SECURITY BUGFIX: Users can sometimes read data they should not be able to
- This bug means that valid users who can log in but are not normally allowed to see some data can, under some circumstances, see data they should not be able to.
- This depends on your configuration whether this might have affected a real system.
- Further details withheld to allow everybody to upgrade their systems.
- Issue: 3174
SECURITY BUGFIX: Users can sometimes read data they should not be able to
- Similar to the previous problem, although this problem has only existed since version 10.1.13
- Further details withheld to allow everybody to upgrade their systems.
- Issue: 3175

Bug Fixes

BUGFIX: Repeat bookings and templates show in calendar only once per view
- When you have a repeating bookings or templates that should show up in the calendar more than once, then it would only show once.
- Issue: 3170
BUGFIX: Exception on save workflow if add fixed value of abstract variable
- Suppose you:
  - Create a workflow
  - Add a CreateVariables action
  - Add a variable of type "Biskit", and choose any abstract biskit type (for example BiskitCreateOrUpdateWorkflowAction)
  - Enter a name for the variable
  - Select that you want the initial value to be set from a "fixed" value
  - Select something for the fixed value from the drop down
  - Save the workflow
- Then on save, you would get an exception.
- Issue: 3173
BUGFIX: Group reports showing column for shallow biskit has unformatted id
- Suppose you set up a group report to show a column containing a biskit-valued property, and that you deny READ permission for the biskit type that is shown in that reference.
- Then the report shows you the type and ID of the referenced biskit, as it should.
- However, it does not use the version-10 method of formatting ID numbers, and instead shows it as a simple number.
- This is now formatted correctly.
- Issue: 3176
BUGFIX: Workflow function fromJson failed on string value for mapped int
- If you define a BiskitDef to include an integer property that is a mapped int, then when converting JSON to a Biskit, it should be able to parse a string value for a mapped int property.
- However, it generated an error complaining that the value was a string and not an int.
- In the same way, parsing of time of day formatted strings for a time of day property (both integer and double) failed, and parsing of a boolean property that uses custom text in the BiskitDef for true and false failed.
- Finally, a long property whose value was formatted like a primary key was also failing.
- Issue: 3177

10.1.19 January 12, 2022

Changes

Add new workflow functions for adding missing CTMS appointments and events
- These are both intended to be used after an import and created a subject or an appointment, and there are missing appointments or events:
  - fillInMissingAppointments
  - It can be used after an import has created a subject, but it may be missing some or all appointments.
  - The function can then be used to create any missing appointments for a given subject.
  - fillInMissingEvents
    - It is intended to be used after an import has created some appointments, but where the appointments are missing events.
    - The function will create any missing events given a subject and an appointment.
- A workflow can choose which subjects should have missing appointments created, and which appointments should have missing events created.
- Issue: 3178
Add auto-incremented simple integer property to Booking and ResourceUsage
- This is called Booking.autoNumber and ResourceUsage.uniqueNumber
- The general name for these properties would be "autoNumber", but ResourceUsage has several automatically generated numbers, and so it is called uniqueNumber.
- This name is chosen to relate to uniqueID which is a copy of the ResourceUsage's ID.
- In version 10, this is now a 64 bit number instead of the 32 bit numbers we used to use.
- ResourceUsage objects that existed before the upgrade have their uniqueNumber set to the value that uniqueID (and id) used to be before the upgrade.
- Bookings that existed before the upgrade have their autoNumber set to the value that their id used to be before the upgrade.
- Issue: 3184
Add support for dynamic properties whose value is generated by the database
- There is a new attribute you can set on a PropertyDef called "Database Supplied".
- If this is true, then we will never attempt to write a value for this property to the database, and we will expect to be able to read a value for it from the database.
- This can be used together with any mechanism you might set up in the database for providing a value.
- A typical scheme would be to set up a column that is an integer that automatically increments each time a new object is created.
- For more details on how to set this up, see the section above, Database Supplied Values.
- NOTE: If you mark a property as being database-supplied, then you must also mark it as being fully automated. If you do not, then you will be given a validation error on trying to save your changes.
- Issue: 3183
- Ticket: 7066
Add option in bakery for choosing flavour of string column
- You can now have some control over what kind of string column will be created or expected to exist for String and StringEnum properties.
- You can do this by setting a value for the "Column Type" in the bakery.
- See String Column Type for details and reasons when and why you might want to do this.
- Issue: 3189
- Ticket: 6715, 6905
Optimisation: Reduce the number of conditions checked when we have a result
- Suppose you have a sequence of conditions like this:
  
  All of the following are true: foo1 equals 1 foo2 equals 2 foo3 equals 3 foo4 equals 4 foo5 equals 5
- Then if the first condition (foo1 equals 1) turns out to be false, then there's no need to check the others since they are joined with a logical AND.
- We did have a short-cut like this, but it was faulty in that it would not stop after the first condition, but could stop after subsequent conditions.
- So if the conditions were evaluated in the above order, and they were all false, then it would check foo1 and foo2, even though it could have stopped after foo1.
- Similarly, if you have this:
  
  Any of the following are true: foo1 equals 1 foo2 equals 2 foo3 equals 3 foo4 equals 4 foo5 equals 5
- and foo1 is true, then it could immediately stop.
- But as with the above situation, it would always check at least two of the conditions.
- Issue: 3194

Bug Fixes

BUGFIX: Workflow recordings don't handle non-Latin characters
- If there is a workflow action whose output includes a character not in the latin1 character set, then it doesn't save the recording properly.
- Some databases might already be set to store workflow recordings in UTF8, but many are not.
- When loaded into a database which is not already using UTF8 for its workflow records, this fix will destroy all existing recordings and change the character set to UTF8.
- If the database does already use UTF8, then this update does nothing.
- Issue: 3188
BUGFIX: Usage recorder records zero for value of uniqueId in session ID
- If you define the usage session ID template for a resource to include the value of "uniqueID", then the value for it that is generated is always zero.
- Ticket: 7065
BUGFIX: Booking list report exception if perms hide Booking.prs from other
- If a permission hides Booking.projectResourceSettings from any user, then running a booking list report gives an exception.
- We now ignore permissions that don't relate to the user running the report.
- Issue: 3185
- Ticket: 7063
BUGFIX: Booking list report exception if perm hides Booking.prs from you
- If a permission hides Booking.projectResourceSettings from you, and you try to run a list report of bookings, then you would get an exception.
- Issue: 3186
- Ticket: 7063
- This is similar to the above fix for issue 3185. In this case, the permissing does apply, but should not cause a problem.
BUGFIX: Booking list report exception if permission hides when prs is null
- Suppose a permission is configured to deny READ access on a booking when the bookings projectResourceSettings property is null.
- Then a booking list report would generate an exception.
- Whether or not this is a sensible permission to set up is beside the point.
- This is an example of a class of problems that is easily tested.
- This is similar to the issues 3185 and 3186 above, but those were triggered by a property-level permission, and this is triggered by a permission with a condition.
- Issue: 3187
BUGFIX: No selectable projects when edit booking if no create bookings perm
- Suppose you have a regular (non-admin) user that cannot create any bookings, but is allowed to edit any bookings (or just a single one).
- Then when editing a pre-existing booking that has a project set, the booking pop-up will show no project, and offer no selectable projects.
- Calpendo is filtering the projects that can appear in the drop-down.
- What it should be doing is:
  - Allow the current project to be selectable under all circumstances
  - Allow other projects to be selectable that are either owned by the user, or that are one of the user's projects, and for which they have permission to update the booking by changing to that project.
- However, the filtering is going wrong.
- Issue: 3190
BUGFIX: Usage recorder finishes session started yesterday on wrong day
- If you have a usage session that started yesterday, and use the session recorder to close the session, then it when you close it, it tries to set the finish time on the session to be the current time but yesterday's date.
- For example, suppose a session started at 11:00 on Jan 5, and you are closing this session at 07:00 on Jan 6.
- Then it would assign the session finish time to be 07:00 on Jan 6.
- This would then be rejected because it is before the session start.
- If the session started at 07:00 on Jan 5, and you close the session at 11:00 on Jan 6, then it would assign the finish time 11:00 on Jan 5.
- This would be saved, but wrong by a whole day.
- You can choose the time of day that the session finished when you close it.
- So if the current time is just after midnight, and you want it to have ended just before midnight, then it would get the finish time correct.
- Issue: 3191
BUGFIX: Resource editor hides custom all-day title text if it's the only custom text set
- If you edit the custom calendar text for a resource and set ONLY the custom text for all-day booking title, then once saved, it does not display the custom all-day booking title text.
- Issue: 3192
BUGFIX: ResourceUsage properties marked not editable remain editable
- Issue: 3196
BUGFIX: Booking drop-down filtering based on user group membership gives empty drop down
- Suppose:
  - You have a property on Booking called Booking.someUser that stores a user
  - There is a permission that denies the right to create a booking when Booking.someUser is a not member of some user group G
  - User group G contains at least one user
- Then when you try to create a booking, the drop-down for Booking.someUser is empty, as if Calpendo thinks user group G is empty.
- Issue: 3195, 3197

10.1.20 January 20, 2022

Changes

Add "Information Pages" module
- This is a new module that provides support for a set of pages designed for giving people information about a facility or anything else.
- On loading the module, it adds biskit definitions, menu items and sets the default initial page when the module is loaded.
- Issue: 3147
Auto update PDF generation when database base URL changed
- When a PDF is generated and includes an image that is located using a relative URL, then it relies on our knowledge of the URL at which to find the database in order to convert it from relative to a usable absolute URL.
- However, when the system is booted with the wrong base URL and then it is modified, it did require the system to be rebooted before relative image URLs can work when generating PDFs.
- This system reboot is no longer required.
- Issue: 3153
Changed project and booking IDs appearing in iCal feeds to be formatted
- Version 10 now has much larger values for ID numbers, so the raw number is not as human readable as it used to be.
- These values are now formatted when displayed so that it can be more easily read.
- The values appearing in an iCal feed did not format them, but this now happens.
- Note:
  - ID numbers now embed the date/time when the ID number was allocated.
  - That means that by seeing the ID number, then you know when it was created.
  - Formatting the number does not expose more data than was previously available, since one could always have converted the value if one knew how.
  - If you don't want information about when a project was created to be exposed in an iCal feed, then you should either deny EXISTS on the project to the special user ical_viewer, or deny READ on the property Booking.project.
  - If you don't want information about when a booking was created to be exposed in an iCal feed, then you should deny EXISTS on the booking to the special user ical_viewer so that the booking does not appear in the feed at all.
- Issue: 3201
Allow resource usage to be used from any IP address
- Each resource can have an IP address stored that limits the use of the usage recorder to that IP address.
- However, this also had the effect of preventing any changes to a resource's usage unless it was done from that same IP address.
- This isn't quite what was intended, as the IP address was only ever meant to be a limitation on the built-in recorder.
- So we now use the IP address, where set, to limit the recorder, but not any other way of changing usage records.
- Issue: 3200
- Ticket: 7116
Add auto-incremented simple integer property to Service Order
- This is called ServiceOrder.autoNumber
- The upgrade to version 10 changed the values of all ID numbers, with newly allocated ID numbers (after the upgrade) being much larger as a part of a move from using 32 bit ID numbers to 64 bit numbers.
- The autoNumber property gives you back the original values that used to exist, and also continues to provide a simple integer sequence.
- Issue: 3204
- Ticket: 7129
Limit selectable booking projects for regular users to match selected owner
- When a regular user makes a booking, the projects they see in the drop-down are those that are:
  - approved
  - authorised for the current resource (or resource accepts any project)
  - owned by this user or this user is one of the project's users
- We now go a step further by only include projects in the drop-down if the selected booking owner is related to the project, either as its owner or one of its users.
- Issue: 3209
- Ticket: 7117
Reduced number of IcalImporter system events generated unless set verbose
- The iCal importer generated a system event every time it checked for there being something to import (every 15 minutes), regardless of whether it found anything.
- It will now create no events by default unless it finds new bookings to import, at which point it will create the same system event it would have done before.
- The Calpendo log file was also written to by the iCal importer, and will now contain fewer entries.
- Both of these can be put back to their original behaviour by setting the iCal importer into verbose mode. You can do this by going to the search page and searching for Verbose, and looking for the instance whose name includes "ICalImporter", and setting it to be verbose.
- Issue: 3212
Hide hashed password from list of users
- Some old systems are set to show the hashed password in a list of users.
- This is pointless because users don't get to see the value (as it stays in the server), and even if it didn't, it doesn't mean anything to the user anyway.
- Issue: 3216
Prevent disallowed pages from being directly accessed without menu
- Some pages apply checks that prevent them appearing on the menu for some users.
- However, if you know the URL fragment that the page is at, you can still go directly to it.
- Such pages now refuse to display even if you go directly to it.
- For example:
  - dbdump Database Dump page checks whether the user has permission to dump the database.
  - newProject The create project page checks whwther the user has
    permission to create projects.
  - nurs - The page that is triggered in response to an emailed link for
    approving or denying a new user request checks whether the user accessing the page has permission to update users.
  - perms - The permissions editor page checks whether the user has
    permission to create or update permissions.
  - myProjectsUsage - Search for your project's actual usage checks whether
    the user can read actual usage data and whether actual usage collection is enabled.
  - myUsage - Search page for your actual usage does the same checks as
    for #myProjectsUsage
  - usageSearch - Search page for actual usage does the same checks as
    #myProjectsUsage.
  - usageCalendar - Actual usage calendar does the same checks as
    #myProjectsUsage.
  - usageRecorder - Actual usage recorder checks whether actual usage
    collection is enabled
  - myProjectsOrders - Search page for your project's service orders checks
    whether services are enabled and whether you can read service order data.
  - myOrders - Search page for your service orders checks the same things
    as #myProjectsOrders.
  - orderSearch - Search page for service orders checks the same things
    as #myProjectsOrders.
- Issue: 3218
Prevent the send email page from loading if it's not on your menu
- Previously, if your menu did not include the Send Email page, you could still reach the page and send emails if you set your URL to end
- Issue: 3219
Add support for specifying which file types are accepted for attachments
- When you set up a property in the bakery to store an attachment or a set of attachments, you can now specify what type of files should be accepted.
- This is in the form of a comma-separated list of items, each of which can be:
  - A valid case-insensitive filename extension, starting with a period (".") character. For example: .jpg, .pdf, or .doc.
  - A valid MIME type string, with no extensions.
  - The string audio/* meaning "any audio file".
  - The string video/* meaning "any video file".
  - The string image/* meaning "any image file".
- For example, an image might be specified as:
  
  .png, .jpg, .jpeg
or
```
  image/*
```
while a Word document might be
```
  .doc,.docx,application/msword,application/vnd.openxmlformats-officedocument.wordprocessingml.document
```
- See https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file for more.
- Issue: 3220
Restrict files uploaded for Resource picture to be image files
- Issue: 3223
Added recommendation for innodb_buffer_pool_size larger than default 128MB
- These release notes now have an entry at the top under Software Requirements for an increase of innodb_buffer_pool_size beyond the default, which is 128MB in both MySQL and MariaDB.
- We have seen issues running out of database locks when generating the audit log hashes, and an increase to innodb_buffer_pool_size should make that problem less likely.
- Issue: 3224
Allow project with hidden resources in settings to be edited without loss
- Suppose:
  - a user is denied EXISTS on a resource
  - and the user can edit a project which includes that resource in its project resource settings
  - then on saving the project, it will now retain the entry for the hidden resource.
- Previously, this wasn't even an option because one could not even view such a project, let alone modify it.
- Issue: 3225
- Ticket: 7127
Hide resource usage pages when user has no EXISTS permission
- If you deny READ permission on ResourceUsage to a user, then they are prevented from accessing the following pages:
  - My Projects Resource Usage Search
  - My Resource Usage Search
  - Resource Usage Calendar
  - Resource Usage Search
- We now also prevent the user from accessing the above pages if they are denied EXISTS permission on ResourceUsage.
- This means if you deny them either READ or EXISTS, then they can't see the above pages.
- Also, users were able to get to the Resource Usage Recorder page as long as resource usage collection was enabled.
- This has now changed so that if the user is denied READ or EXISTS permission on resource usage, then they won't be able to see the resource usage recorder page.
- Issue: 3227
Add button to go from workflow debugger to workflow manager
- This makes it a little easier to jump from the debugger to the workflow manager since this is something one might often do from the debugger.
- Issue: 3232
Add support for retaining relative time between linked parent & child
- When you set up a linked booking, you have some control of the timing of the child booking. You will set a relationship initially, such as the child starting at the same time as the parent, or an hour before.
- You can also control how the times change thereafter by choosing the child's "time independence".
- The previous values you could select are:
  - Keep Value - child not allowed to change
  - Copy when create - child initially set up and then uncontrolled thereafter
  - Copy if was same - child allowed to be changed. If parent changes time, and if the child was at the prescribed time before the parent changed, then the child will be modified to be at the new prescribed time.
  - Always copy - the child time is always set relative to the parent
- There are now two new values you can choose. This is for those occasions where you want to be able to modify the child's time, but if you modify the child's time and then later you change the parent's time, then the child should change so that it keeps the same relative position compared to the parent that it had before the parent was changed.
- These are called:
  - Copy relative start - Changes the child's time so its start keeps the same relative position compared to the parent's start.
  - Copy relative finish - Changes the child's time so its finish keeps the same relative position compared to the parent's finish.
- Issue: 3229
Change CTMS project report of enrollable people to default to group report
- With CTMS loaded, if you go to a project then there's a button you can press to see a report of enrollable people. This displays a list of people.
- With production data, this can be a problem because there may be many thousands of people, so this should instead default to a group report.
- Issue: 3233
Add CTMS properties firstName and lastName to Person
- This makes it consistent with the report that shows enrollable people, which assumes the existence of these properties even though they only existed as dynamic properties before now.
- Issue: 3234

Security Bug Fixes

SECURITY BUGFIX: Audit log hash calculation sometimes fails
- This is marked as a security fix because it represents a weakness in our ability to detect changes to the audit log. This does not mean that unauthorised changes to the audit log were thought to be likely, just that the detection mechanism had a flaw.
- Audit log biskits are written out to the database with an entry in the audit_log table to say who/when/what type and id affected, with the contents of the underlying biskit that was created/updated/deleted going into the audit_log_chunks table.
- Every 10 minutes, plus a minute after every write to the audit_log table, we kick off a process of writing hashes to the audit_log table.
- This means each row is assigned a hash that encompasses all the data in that row, and also the hash from the previous row.
- This means you can't change the audit log without causing all subsequent hashes to be incorrect. As such, this makes it harder to modify the audit_log without it being detected.
- However, there is a problem with the way the hash is calculated that sometimes occurs depending on the data being stored in the audit log.
- When this happens, the hash calculation fails so that every 10 minutes it tries and fails to calculate the hashes.
- This has not yet been observed in production systems, only test systems.
- The fix to this problem is achieved by a slight change to the algorithm for calculating the hashes. This means that the fix starts by destroying all hash values previously calculated so that they can be recalculated using the new algorithm.
- This also means that upgrading to this version can take quite some time, depending on how large your audit log data is.
- Issue: 3205

Bug Fixes

BUGFIX: PDF generation sometimes fail to show images
- Some servers can reject a request to include an image in a PDF file if the image is fetched without a user agent being specified.
- Issue 3153
BUGFIX: Built-in usage recorder always makes all properties writeable
- When entering data related to a new resource usage using the built-in recorder, it shows a page where it asks for information about the session.
- Sometimes, you might have properties on the resource usage that should not be displayed as read-write, because they should be entered only by certain people.
- You can set up permissions for this, and these work elsewhere, but not in the usage recorder.
- Issue: 3198
- Ticket: 7087
BUGFIX: Add dynamic "self" formulaic property and create-copy creates two
- Suppose you add a formulaic property in the bakery to almost any biskit type, and make it store a biskit using the formula "id".
- Then this will always be the same biskit as the one that owns the property so that it is a self-referential link.
- Such properties are usually named "self", and some biskit types have a "self" reference built-in, and others don't.
- When you add one in the bakery to a biskit, and then use the "Create Copy" facility to create a copy of one of these biskits, then you will end up with two copies being made.
- Issue: 3171
- Ticket: 6979
BUGFIX: Exception viewing project with resource without EXISTS permission
- If you deny EXISTS permission on a resource
- and a project contains that resource in its resource settings
- and a user (to whom the permissions apply) views the project
- then you get an exception.
- Issue: 3203
- Ticket: 7127
BUGFIX: Copy & Paste CTMS visit fails if visit task has a cohort on it
- Suppose:
  - you have the CTMS module loaded for clinical trials support
  - you edit a project which has a visit
  - that visit has a task which has a cohort configured on it
  - you copy and paste the visit and then save the project
- then you get an exception
- Issue: 3199
BUGFIX: Custom page searches via date-property miss out the start day
- Suppose:
  - You have a biskit with a date-valued property
  - You set up a custom search page and ask it to show a pair of date values so you can search across a range of dates
- Then whatever date you enter for the first date in the range is excluded from the search, which is not what one would expect.
- Issue: 3202
- Ticket: 7098
BUGFIX: CTMS workflow function fillInMissingAppointments duplicated appointments
- Issue: 3178
BUGFIX: Bakery DB analysis tool shows ctms_tasks.name column as unused
- When using CTMS, if you mark CTMS.Task.name as automated, then the name is not a free-text value, but it calculated from the task type selected from a drop-down.
- This means the column in the ctms_tasks table is sometimes unused.
- However, showing it as such can be confusing. So we now change this so that it shows the column as "special" since it is handled in an unusual manner.
- Issue: 3179, 3210
BUGFIX: Ask for history on a very old permission gives an exception
- There was a time when Calpendo did not write out the full details of a biskit being modified to the audit log.
- If you now ask for the history on a permission in version 10 that is old enough to have audit log entries that are missing details on the conditions, then the history request gives an exception.
- Issue: 3211
BUGFIX: Downgrading from 10.1.19 to 10.1.5 produces a system that does not work
- Issue: 3217
BUGFIX: CTMS Workflow function fillInMissingEvents does not recalc app time
- When you call the workflow function fillInMissingEvents to add missing events to an appointment, the appointment's duration should be recalculated, but it wasn't.
- Issue: 3221
BUGFIX: CTMS workflow function fillInMissingAppointments duration wrong
- When you call the workflow function fillInMissingAppointments to add missing appointments for a CTMS subject, the appointments are populated with the events expected (according to the subject's cohort).
- However, the duration calculated on the appointment is incorrect, and reflects what it would have been had all events been added rather than a subset (because of the cohort chosen).
- Issue: 3222
BUGFIX: Loading CTMS module into virgin database failed
- Issue: 3228, 3230
BUGFIX: Linked bookings system events typo "Insifficient number of children"
- When you try to create a booking that requires linked bookings, and something prevents the specified minimum number of child linked bookings from being created, then a system event is generated to record the fact.
- The event was created with a category that had a typo.
- Issue: 3231
BUGFIX: Filtering of booking types not working
- In the booking pop-up, there's a drop-down that lets you choose the booking type for the booking.
- You can arrange for this to show a different set of options for each resource, but this wasn't working.
- Issue: 3214

10.1.21 April 1, 2022

Changes

Disable LinkedBookingManager when there are no booking links
- If there are no linked bookings configured at all, then the LinkedBookingManager was still listening out for every booking change in case there was anything for it to do.
- It is now disabled as long as there are no booking links configured so that it doesn't waste any resources.
- It stays awake enough to watch for a booking link being created, but otherwise will do nothing now when no links exist.
- Issue: 3250
Change User and Project id allocation to be compatible with Enterprise
- Changes are required for the multi-facility version of Calpendo, currently called Enterprise, so that users and projects may be shared (aka exported) to different facilities.
- In particular, the values of the IDs allocated to users and project follow a more restrictive pattern than other biskit types.
- This is being introduced now so that this removes one of the obstacles to anybody wanting to upgrade to a multi-facility system in the future.
- For those interested in the technical details, here they are.
- All IDs allocated store the shard number that allocated the ID in the bottom 10 bits of the ID. The next 12 bits are used to store a "sequence number", with the higher bits indicating the second in which the ID was allocated.
- The user and project IDs are further restricted so that the bottom 10 bits of the sequence number also store the shard number.
- This means users and projects only have 2 bits for a sequence number, and so you can only ever create a maximum of 4 per second.
- Issue: 3251
Add INFORMATION and CONFIGURATION messages types to RemoteLogType
- When Calpendo ActivityRecorder (CAR) sends Calpendo information about what's happening on a remote machine, there are different types of message it can send.
- We now extend this to an extra two types of message. One is for sending Calpendo a record of all the configuration settings used by CAR, and the other is for CAR to send any general information that it wants recorded.
- The configuration settings are useful to provide a centralised view of how all the various CAR computers are configured.
- The general information message will be used initially whenever we detect a problem reading from or writing to the CAR log file that's used to record activity when in an offline mode.
- Issue: 3252
Upgrade from mariadb-java-client from version 2.7.4 to 2.7.5
- This is the driver used to connect to the database.
- We're upgrading to the latest version because it fixes a bug (CONJ-896) with connecting to the database.
- See the release notes for version 2.7.5 for more details.
- Issue: 3253
Optimisation: avoid sending multiple identical tag suggestion requests
- Suppose you have a biskit with a property that stores a string tag property, and that you have displayed a list of such biskits.
- Then if you click on the list to get a biskit in a pop-up and then edit and save that biskit, there is one tag suggestion sent to the server for each of the biskits in the list.
- These are now aggregated so that fewer server requests are required. * Issue: 3245
Optimisation: Avoid fetching referenced status after a save
- When you view a biskit, it sends a message to the server asking if it's referenced.
- When you edit a biskit, it does the same.
- However, there are two issues with this:
  1. Since you've just modified this biskit, it may be destroyed a cache in the server so that the server might be busy recreating it. So asking about the biskit immediately after modifying it might be slow.
  2. The referenced status is really unlikely to have changed from when you viewed the biskit. So there's not much point in asking for it.
- So this issue is about preventing the request going to the server to ask if a biskit is referenced when the biskit is saved and then displayed in read-only mode again.
- If you refresh your browser on a page that goes directly into edit mode, and then save and go to read-only mode, then it will not have a cached notion of whether the biskit is referenced, and so it will ask the server.
- So the optimisation only applies when you view in read-only mode, then edit, then save.
- Issue: 3254
Optimisation: Fetching reports and search were slower than they could have been
- When the browser fetches a list of all the reports that can be run, via a GetReports request, the server uses two sessions to talk to the database when it could be done in one.
- Similarly, when a search is run using the Search request to the server, then the server runs the report on one database session and then removes anything the user isn't allowed to see on a separate database connection.
- Both of these examples should be done with a single database connection to make it faster.
- Note that the regular search page does NOT use the Search request. It is used by:
  - biskit approvals pages (eg user requests page, booking requests page, project requests page)
  - Global preferences and user settings pages - to find the top-level menus
  - Find by URL page - for example #find&searchType=Calpendo.CalpendoUser&givenName=Paul
  - User Group page - for example #userGroup&name=Foo
- Issue 3255
Optimisation: auto-rebuild cache after delay so users don't wait for it
- The server caches some things in memory for faster access. For example, users, projects and resources.
- If you do something that invalidates the cache, such as saving a project, then the cache was rebuilt immediately.
- This meant that any work done in the immediate aftermath of saving a project would have to wait for the cache to rebuild, which made it slower.
- We now delay the cache rebuild so that actions in the immediate aftermath do not need to wait for the rebuild (which they generally don't require anyway).
- This avoids a cache rebuild while a user is waiting.
- Issue: 3256
Optimisation: use a single database session when handling update/create
- When creating or updating something, the server uses more database sessions that necessary, so it is slower than it could be.
- Issue: 3258
Optimisation: Make project load referenced data lazily
- When a project is loaded from the database, it was pro-actively loading all user information as well as its resource settings and service settings.
- The user information in particular is a problem because it forces project information to load, so you end up with a large volume of data being loaded when there are many projects and users, potentially loading the whole data tree.
- This causes some speed issues.
- Issue: 3259
Optimisation: History page slow when many items changed by a workflow
- Suppose you run a workflow that changes many biskits, or that changes one biskit many times.
- Then you will generate many audit log entries that show they were caused by a workflow.
- When you view that in the history page, each of the entries in the search results that reference a workflow will initiate its own request to the server before it can work out how to display it.
- Consequently, this is extremely slow when there are many.
- Issue: 3286
Change internal request handler API to allow response conversion to JSON with open session
- This is an internal change that helps us to avoid one class of problems when building a JSON response being sent back to a browser.
- Issue: 3257
Add overview to resource usage recorder page
- The resource usage recorder page allows you to record actual usage by providing a page that has a start and a stop button, and allows you to provide other information about the usage as well.
- This page was designed to work specifically for an MRI facility, in which a computer outside the scan room would be used to enter the actual usage information.
- In this scenario, it would be very rare to change which resource was the target of the usage being recorded.
- However, in other scenarios, it may be that the resource will be changed frequently. For example, one could use Calpendo to record time spent on activities, with resources representing different things that you might do.
- In this scenario, changing from one resource to another was unacceptably long winded.
- To make this kind of scenario work better, the usage record now shows an "overview" panel, which provides a list of all the resources that record usage, and their current status.
- You can jump to the usage for any resource by clicking on it.
- If any resource is configured so that the usage recorder can only be used from a particular IP address, then the overview panel will only show that resource if your IP address matches.
- Further, if there are no resources or only one resource for which you can record actual usage, then the overview panel will not show.
- Issue: 3260
Add a new theme to support a dark mode
- There have been changes to our support for themes, with many more items being under control of the theme so that we can provide a dark theme.
- See Dark Theme for more details.
- Issue: 3261

Add STARTER licence to be used instead of LITE

There's now a new type of licence called "Starter". This is similar to the old Lite licence. We will no longer sell Lite licences, but instead will replace it with Starter for those that need something simple.
Existing customers using Calpendo Lite can continue to use Lite, or change to Starter or a full Calpendo if they wish.
The limits in Calpendo Lite have been put back exactly as they were before a recent change.
The limitations of the licence types are:

Description	LITE	STARTER
Maximum non-email workflow actions	4	10
Maximum custom properties	15	20
Maximum template groups	3	4
Maximum rules	4	4
Maximum advanced rules	0	0
Standard number of users	300	100

Issue: 3262

Add CSS class name to biskit pop-ups that use the current page token
- This allows you to control the look of a pop-up based on the page that caused the pop-up to display.
- The CSS class name used is "exprodo-ExplorerPopup-for-" followed by the part of the URL token after the # and up until any non-alphanumeric character.
- Issue: 3271
Add user-selectable CSS class to user workflow biskit type button
- When you define a workflow button in the workflow manager, it now has an option for entering space-separated list of CSS class names.
- When the button is created, it will be given each of the CSS class names that you provided.
- Issue: 3272
Allow menu editor to set custom tree page initial width without selecting child biskits
- When you add a Custom Tree Page to the menu, then you should be able to specify the width in pixels of the left pane of the custom tree page.
- However, it would only show you the option to specify the width if you also chose that the page showed child biskits.
- It should not have been like that because it's common that a custom tree page would have child menu items, each of which may (or may not) themselves choose to have dynamically added child nodes. Whereas the main menu item for the custom tree page often would not have that.
- Issue: 3269
Prevent attempts to create PropertyDef instances outside the bakery
- There's now a default permission that denies the right to create a PropertyDef instance.
- This means that when you search for PropertyDef, the Create buttons you will see will all be greyed out.
- The bakery will still allow PropertyDef instances to be created as part of a BiskitDef.
- Issue: 3276
Add warning when installing a licence with a reduced number of users
- There's also a warning if the name of the company in the new licence is different from the old one.
- These changes are to prevent accidentally installing the wrong licence.
- Issue: 3277
Add support for permission denied msg perm name to provide when no msg set
- When there is a permission denied exception, then there is sometimes now a message displayed that comes from the permission in question.
- You must specify a message on the permission for this to work.
- However, this won't always produce a sensible result because it might be that you are denied permission because some other permission did not kick in and allow you to do something.
- If a permission does not specify a message, then it won't contribute to displaying a message to the user when permission is denied.
- However, there's now an option to configure permissions without a message to display the name and number of the permission instead.
- See Custom Permissions Messages for details.
- Issue: 3287
Treat references through an illegal path as non-error with value null
- Some permissions are targeted at a particular type of biskit, and then might have a condition like this:
Old value of foo equals new value of foo
- However, if this is an update that also involves mutating a biskit from one type to another, then only one of old value and new value might be of the requisite type.
- We've always treated references through illegal paths as an error. However, somebody could easily drag a booking from one column to another, thereby mutating it to a different type, and triggering the kind of permission condition described above.
- There is no protection in permissions for dealing with these things, and it seems like the most straightforward thing to do is to treat this as not an error.
- Where an illegal path is because of a configuration error (such as a permission referencing a path that no longer exists because a property has been deleted) then this means there should be good checks on deleting a property to make sure such paths are not used.
- Issue: 3288
Add workflow function "eval" to work like EvaluateExpressionWorkflowAction
- There's a workflow action called EvaluateExpressionWorkflowAction.
- It evaluates an expression. For example, if you put into it this:
65/3
- Then it will calculate that and return the value.
- Similarly, you could have something like this:
[INDEXED#11.output]/[INDEXED#12.output]
- and it would extract the two referenced values from the workflow context, and perform the division for you, returning the result.
- The eval workflow function now does the same thing, and is an alternative way of evaluating an expression.
- Issue: 3289
Add support for double-evaluated expressions
- Expression Workflow Action that can be used to generate values from an expression.
- While it can be used to have values plugged in from the context (values from earlier in the workflow), it can't have whole expressions that come from the context.
- That is, you can't build up an expression and then evaluate it.
- For example, suppose you have a string in the output from an action that evaluates to "65/3", and then you reference that in an expression action something like this:
[INDEXED#11.output]
- then the result of that will be the text string "65/3".
- So it won't treat that like another text string with an expression to evaluate.
- Now that there's a new workflow function called "eval" that can evaluate an expression in a string, then this means an EvaluateExpressionWorkflowAction should be able to be given something like this:
eval([INDEXED#11.output])
- so that the value of [INDEXED11.output] is resolved first (to "65/3" in this example) and then the eval function would calculate the value of that expression.
- Issue: 3290
Allow workflow buttons to be exported
- When you click on a workflow button in the workflow manager, it now shows an "Export" button to allow it to be exported to SQL.
- This requires that you can load the SQL into another system, and also that the user workflow it references exists in the target system (as identified by the name of the workflow and user event, and the main type of the workflow).
- Issue: 3281
Add support for per-user default initial pages set by workflow
- You can now choose a user's default initial page by adding a user login workflow event, and then setting the default initial page token in the response.
- The token you must set is the part of the page URL after the # symbol.
- If you don't set this, then the value selected in the global preferences will apply.
- If you do set it, then it overrides the global preferences setting.
- Examples of when this might be useful:
  - You could give out a URL for people to run a test, and each person would automatically go to the test they had been configured for.
  - You could check whether somebody's training is out of date, and take them to a page that said that.
  - You could show some kind of message to only some people
- Note that this only changes the default page. In other words, if somebody bookmarks a particular page, then they will go directly to that page and not their custom default page.
- Issue: 3298
Add support for dynamic workflow driven pages to show in a pop-up
- Issue: 3299
Allow boot to continue if bootstrap script for formatpk/parsepk sf fails
- When a system first boots, it tries to load some bootstrap scripts. Two of those are for creating stored procedures called formatpk and parsepk respectively.
- On MySQL databases, this requires the SUPER privilege, or the database to have been started with the setting log_bin_trust_function_creators=1 in one of the mysqld configuration files.
- Without that, the upgrade scripts fail. But this failure should not cause the boot to fail since the system can run without formatpk and parsepk stored functions being in place (they're there principally to help those that manually access the database).
- This problem has not affected MariaDB databases, only MySQL.
- Issue: 3301
Allow a process button press to call a user workflow event
- You can now request that a user pressing a button on a process (stepped-edit) page should run a user workflow event, and display any messages or dynamic content that user workflow creates.
- If the user workflow configures a pop-up for the generated content, then that will work as expected.
- If you configure the user workflow to generate dynamic content without a pop-up, then when called from within the process page, the page will completely change to the one generated by the user workflow.
- Issue: 3305
Disable Booking confirmation button when permissions don't allow edits
- Issue: 3304

Security Changes and Bug Fixes

SECURITY FIX: Disable session auto-refresh from download of attachments
- A user's session is automatically extended every time the session is used.
- The exception to this is that any client action that is initiated from an automated process should not extend the session.
- Rather, it should only be things that are manually driven by a person.
- Attachment downloads are normally driven by a person, but not always.
- There are two circumstances where this is not so:
  1. Where somebody deliberately makes an automated request from an external program. We've not seen this happen, and it requires access to your session ID, but it is possible.
  2. When viewing a Calpendo bookings calendar page. In this case the request for bookings that occurs to update the calendar does not auto-refresh the session. However, there is a repeated request for the resource picture, and this does keep the session alive.
- To close both of these, a user's session is no longer extended by the download of any attachment.
- Issue: 3264
SECURITY BUGFIX: CTMS Booking updates applied even if permission denied
- If you change the time in the calendar to a CTMS appointment, and this results in a permission denied error being returned by the server, then as well as seeing the "permission denied" pop-up, the time change to the appointment would still be applied when it should not.
- This affects only CTMS versions of Calpendo.
- Issue: 3292
Add protection against clickjacking by breaking out of a frame
- Clickjacking is the name given to a security exploit that relies on running an application inside a frame, so that invisible elements can be laid over the top.
- This means you could then click on invisible things and think that you were clicking on the app showing underneath.
- This is described on the OWASP website.
- Protection against clickjacking should be more than one thing. This change adds some code to protect, as recommended by the above OWASP page. Web servers hosting this should also have other protection against it (the Exprodo production servers do have such protection).
- Issue: 3297

Bug Fixes

BUGFIX: Condition formatting of second value path is weird ("Value.path")
- Suppose you set up a condition of the form:
  
  value of X equals value of Y
and then view it in a read-only context.
- For example, create a permission with a condition like the above, and then view the permission after saving it.
- Then the condition displays as:
  
  Value of X equals Value.Y
- The "Value.Y" part of unexpected, inconsistent and could be better.
- It will now instead appear as "Value of Y" so that the whole thing makes more sense in English.
- Issue: 3236
BUGFIX: Resource Usage session ID is long ID number if not specify template
- If you don't specify any particular template in a resource to use for the resource usage instances generated for that resource, then when using the built-in recorder, it gets assigned a session ID that is the usage's ID number.
- This is reasonable, but it's not formatted like ID numbers are elsewhere, so the session ID is hard to read.
- This is now changed to be a formatted version of the ID number.
- Issue: 3242
BUGFIX: You can't edit an in-progress resource usage without outcome
- If you edit a ResourceUsage entry on the usage calendar while it is in progress, with the intention of leaving it in progress, then you are prevented from changing it unless you also set an outcome.
- When the usage is still active, it is wrong to force an outcome to be selected at that time.
- Issue: 3241
BUGFIX: Could not edit a currently active usage on the calendar
- If a usage is currently active and finishes in the future, changes were prevented, with a message saying you can't have a currently active usage in the past.
- Any edit of a usage in which the finish was in the future was prevented. It now accepts a usage whose finish is up to 5 minutes in the future.
- Issue: 3302
BUGFIX: Permission denied in a workflow doesn't show custom perm message
- You can add a custom message to a permission that denies the right to do something.
- Usually the message will be shown when that permission causes permission to be denied.
- However, this was not happening when a workflow was refused permission to change something.
- Issue: 3249
BUGFIX: Creating PropertyDef from search page gives "Unexpected..." error
- You're not allowed to create a PropertyDef from the search page. You can only do it from the bakery.
- If you go to a search page, search for PropertyDef, and then click the "Create" button, it gives a pop-up error message telling you you can't create a PropertyDef outside the bakery.
- However, it also shows a nasty error pop-up that says
  
  "Unexpected exception: java.lang/RuntimeException"
along with a stack trace.
- You now only see the first, must nicer, pop-up.
- Issue: 3243
BUGFIX: Database dump fails on MySQL using the MySQL driver
- If you use the MySQL driver to connect to a MySQL database (not the MariaDB driver and not a MariaDB database) then the database dump fails.
- Issue: 3265
BUGFIX: SystemEvent ID shown on popup is different from group report
- Version 10 introduced 64 bit values for ID numbers. Newly allocated ID numbers are much larger than they used to be, as they encode the date and time when the ID allocation took place.
- Any ID numbers that were in use before version 10 were also modified.
- This modification was in a systemic and predictable way so that one could always work out what the original number was is required.
- Audit logs and system events both store additional data in a JSON form that is compressed in the database. For audit logs, it's the underlying biskit that has been created, updated or deleted that is stored in JSON.
- For system events, it's additional non-standard information that the particular flavour of system event chooses to store beyond the standard set.
- Audit logs and system events are not read very often, so when the upgrade to version 10 was done, none of the encoded JSON was modified.
- This means that when the encoded JSON is decoded, any references to the ID number of a biskit would use the old format. Consequently, old-format ID numbers are converted on-the-fly as the compressed JSON is read from the database.
- This process worked perfectly for audit logs.
- However, for system events there was a problem. The conversion of ID numbers was applied to the system event's ID number instead of the extra, non-standard data it contains.
- This bug could be seen as follows:
  - Go to the general search page and search for system events
  - Search with a group report for something old, which means it was created before the upgrade to version 10 was done. (Typically before around October 2021). Add a column to the group report to show the ID number of the events found.
  - Click on one of the groups, and then click on a system event shown in the table so that it generates a pop-up.
  - In the title bar of the pop-up, it shows the event's ID number.
  - Compare the ID number in the title bar and the ID number in the group report and it is different.
  - Consequently, if you try to delete the event from here, it will either fail (because it's trying to delete an event using the wrong ID number and that event does not exist) or it will delete the wrong event (if the ID number happens to match something that exists).
- Issue: 3266
BUGFIX: The owner field not always filtered on booking form as it should be
- If you set up permissions to disallow the creation of a booking when there is a particular owner on the booking, then that owner should not appear in the drop-down of owners on the booking form.
- One might use this to restrict the drop-down so it doesn't show users that are no longer active on the system.
- However, this filtering wasn't always happening properly.
- Issue: 3267
BUGFIX: Create button at top of search page not greyed out by permissions
- When permissions say you can't create something, then the "Create" button on a search page should be greyed out.
- The permissions were still being applied to prevent the creation, but only after the user had gone through trying to create it.
- Issue: 3244
BUGFIX: Create copy of a custom search page report and it forgets page
- A report that was created by a custom search page knows which custom search page created it so that when you run the report, it loads into that same custom search page.
- However, you can modify the report conditions such that the report is no longer compatible with the custom search page. When that happens, it automatically shifts to being displayed in general search page.
- Now when you create a copy of a report generated from a custom search page, then the resulting copy should open in that same custom search page. However, it wasn't.
- This is a bug that was introduced in fixing an earlier issue (3171).
- The fix to that bug changed how copies of biskits containing formulaic
- or automatic properties were handled. It was a little too zealous and wiped the value of all such properties on creating a copy, when it should have only addressed the situation it was trying to fix in issue 3171.
- Issue: 3171, 3270
BUGFIX: Adding a set property causes an exception
- If you edit a BiskitDef in the bakery and add a property, then when you change the property type to "Set", it gives an exception.
- You can work around this issue by setting it initially as a property that stores a Biskit, then specify which type of Biskit it is, and then change the property to be a Set.
- This bug was introduced in 10.1.20 as part of issue 3220 which added support for being able to specify which file types are accepted for attachments.
- Issue: 3279
BUGFIX: Run user workflow page within CTP was taking over whole page
- Suppose:
  - you configure a custom page on the menu as a child of a custom tree page
  - you configure that custom page to run a workflow so that the page shows the dynamic content generated by the workflow
- Then when you click on the node in the custom tree to display the dynamic workflow page, it should show on the right hand pane so that the custom tree is still visible. However, it was taking over the whole page.
- Issue: 3283
BUGFIX: Audit log does not indicate workflow was cause of indirect changes
- When a workflow causes a change in the database directly, by calling a BiskitCreate, BiskitUpdate or BiskitDelete workflow action, then the audit log would record which workflow and action made the change.
- However, sometimes changes are made indirectly by a workflow and those were not recording the workflow details in the audit log.
- For example, if you send an email, then the RecordedEmail instance created would not record which workflow action had done it.
- Also, if you call the CTMS workflow function fillInMissingAppointments, then it might create some bookings, but it wouldn't record which workflow and action was involved.
- Issue: 3284
BUGFIX: Getting tag suggestions would sometimes fail for some of them
- When a string property that uses tags is displayed, a request is sent to the server to get suggestions for what to select.
- A recent change has aggregated these requests so that when there are many for the same tagDef, they only require one server message.
- However, the response from the server was then delivered to all that asked for it except the very first one.
- Issue: 3285
BUGFIX: CTMS function gives misleading error message about booker not set
- If you configure CTMS so the Appointments and Events resources do not allow old bookings, and run the fillInMissingAppointments function in a way that means it tries to create historical appointments, then you get a misleading error message about booker not being set.
- Whereas the real problem is that it was prevented from creating a historical booking.
- Issue: 3291
BUGFIX: Enrolling somebody into a project fails in CTMS
- Trying to enroll a CTMS person into a project caused an exception about trying to load ProjectResourceSettings and failing.
- Issue: 3293
BUGFIX: Appointments with newly created events given wrong start/finish
- The start and finish of an appointment is calculated from the time covered by all of its events. When you add more than one new event to an appointment at the same time, then the way the calculation is done is wrong so that only one of those new events was taken into account when working out the appointment's start and finish.
- Issue: 3294
BUGFIX: Using 'Member Of' in condition with a null list creates exception
- If you have a condition that results in a database search (possibly on a booking rule, permission, workflow or report) that uses a "member of" test, and it tests whether a user is a member of a list, where the list evaluates to null, then this would produce an exception.
- Similarly, "not member of", "contains member" and "does not contain member" fail in a similar way. They should all behave as if the list which evaluates to null is simply empty.
- Issue: 3296
- Ticket: 7312
BUGFIX: Surprising calendar resource selection behaviour when filtering
- When you choose which resources are displayed in the calendar by using the resource selection pop-up, one of its features is that it can filter out resources by type or location.
- It was generally a surprise to most people that when you filter out some resources and then change the selection, the filtered-out resources are automatically deselected.
- This has now changed so that the hidden resources that are selected will remain selected regardless of what happens to the selection of the visible resources.
- To help make it clear what is going on, there's now a label at the bottom that shows how many resources are selected, and how many hidden resources are selected.
- You can also hover your mouse over the label to see a full list of the selection - both visible and hidden.
- Issue: 3295, 3316, 3317
BUGFIX: CTMS workflow functions for filling in missing bookings fails on old bookings
- The CTMS workflow functions fillInMissingAppointments and fillInMissingEvents are intended as a helper to import bookings from other systems. They work by looking at what has already been imported, and adding appointments and events that are missing that should be there.
- The problem is that it is normal to have rules in place that prevent historical appointments and events from being changed, and the import is generally about importing historical appointments and events.
- These two workflow functions are now allowed to circumvent the normal rules about creating and modifying old bookings. This means they must be used very carefully and only really as a way of bootstrapping a system.
- Issue: 3300
BUGFIX: Bakery resets "Share super type table" to true for subtypes
- This is a bug that means a BiskitDef may switch whether it shares a table with its super-type when you edit it, without you necessarily noticing that it's happened.
  1. Create a dynamic BiskitDef A. Mark it as abstract and allow it to share its table with subtypes.
  2. Create a dynamic BiskitDef B, as a subtype of A.
  3. Mark B as NOT sharing its supertype's table and save it.
  4. While viewing B, refresh your browser.
  5. The option that says whether it shares its supertype's table is not displayed (issue #1)
  6. Edit the BiskitDef B, and the option does appear, but it now says it DOES share its supertype's table (issue #2)
  7. Save the BiskitDef B, and it now changes to sharing its supertype's table - even though you never changed that option
- Issue: 3314
BUGFIX: Creating linked booking child for a variable resource fails
- Issue: 3322

10.1.22 April 25, 2022

Security Fix

SECURITY BUGFIX: failed attempt to create or update local users stores password
- If you try to create a local user and it fails for any reason, then a system event will be created to record the failure.
- That stores a copy of the initial request to create the user (in JSON) which has the password that was entered embedded within it, in clear text.
- This only is a problem while creating local users, and then only if the creation fails, for example due to not providing a login name.
- Issue: 3331

Bug Fixes

BUGFIX: Save change to user sometimes takes a long time and then fails
- Log in and then edit and save your own user record, and it can take a long time and fail.
- Issue: 3328
BUGFIX: Non-admin users get exception when try to create resource usage
- When a non-admin user tries to create a ResourceUsage from the built-in session recorder, they can receive an error message that says:
  Failed to create resource usage: failed to lazily initialize a collection of role: Calpendo.Project.users, could not initialize proxy - no Session
- Issue: 3329
- Ticket: 7563
BUGFIX: Closing usage session from recorder fails when workflow triggered by the change
- If a resource usage session is closed by using the built-in usage recorder
- and there was a booking associated with the usage
- and the booking had a project
- and a workflow is triggered by the closure of the resource usage
- then an exception would prevent the session from being closed.
- Issue: 3327
- Ticket: 7562
BUGFIX: CTMS workflow functions to fill in missing appointments & events broken
- These are functions fillInMissingAppointments and fillInMissingEvents.
- There were several problems with these functions:
  - fillInMissingAppointments was also creating events on the newly created appointments, but in such a way that no linked bookings were evaluated for the events.
  - One uses these functions only as part of importing data from a pre-existing system. In that case, it is inappropriate for booking rules and templates to prevent the creation of the bookings these functions want to create. So they have now been changed to disable templates and booking rules while they run. This in turn means that these functions must only be used for an import from a pre-existing system because it's the only way it makes sense to disable templates and booking rules.

10.1.23 May 20, 2022

Changes

Add extra buttons to process pages
- A process page is also known as a "stepped editor" because it involves a sequence of pages that (usually) edit a biskit with next & previous buttons.
- These allow a set of buttons on each page. You can change the labels on them, and their meaning, but by default they are:
  - Previous
  - Next
  - Reset
  - Finish
  - Help
- Of these, "next" and "previous" usually have to retain their original meaning. "Help" is displayed as a help button, so can't be used for anything else. "Finish" is often needed for its original purpose (to exit now).
- That often leaves "reset" as the only button that can be customised, and that isn't always enough.
- So now there are buttons Extra 1, Extra 2 and Extra 3.
- Their meaning is entirely what you make of it, by changing the labels so that they have sensible meaning to the user and configuring a workflow to handle them as required.
- Issue: 3310
Add CSS class to menus
- The menu editor now lets you specify a CSS class that should be applied to the menu.
- This means you can change the way the menu bar looks, and this can be different for different users (since they can each have a different menu).
- This also means that you can completely hide the menu bar if you want to.
- Issue: 3320
Create system event when Exprodo auth fails due to inability to contact server
- If a firewall (or other reason) means the Calpendo server cannot contact proxy.exprodo.com, then that will mean that Exprodo staff cannot log in using our preferred authentication method. This is one which uses a single-sign-on method where passwords are stored on proxy.exprodo.com.
- Previously, when this happened there would be no feedback to indicate why the login failed.
- End users still don't see anything about this - unless you can log in and see the system events where it will now tell you.
- Issue: 3337
Add a "Show on Calendar" button for a resource or list of resources
- When viewing the details of a single resource, you now have a button labelled "Show on Calendar" which will take you to the bookings calendar configured to show only that one resource.
- When viewing a list of resources, you can check one or more resources, and then click the new "Show on Calendar" button that will take you to the bookings calendar configured to display bookings for the resources you had checked.
- Issue: 3307

Security Bug Fixes

SECURITY BUGFIX: Some booking tooltips could show information it shouldn't
- You can customise the tooltips displayed when your mouse hovers over a booking on the calendar.
- If:
  - you set a custom tooltip for a resource
  - and if you add properties to the tooltip that include a "." in the path (apart from just resource.type)
  - and if you create a permission that denies read access to one of the properties displayed in the tooltip
- then that property will be visible in the tooltip.
- The property would remain hidden in other contexts.
- This all means that while there is a security issue, it only applies to properties that are sensitive enough to require permissions that hide them, and properties that you configure to display in the booking tooltip.
- Issue: 3348

Bug Fixes

BUGFIX: Validation error on refresh workflow using constants
- If you have a workflow where there's a search action that searches for a type specified by a BiskitDef that is in a constants action, then you can get a validation error when refreshing the browser that does not appear later.
- There was a problem with the timing whereby the browser could validate the workflows before the constants had been retrieved from the server.
- Issue: 3308
BUGFIX: Search action fails when the type to search for comes from constants
- Issue: 3308
BUGFIX: Output of search for type defined by constants is wrong
- When you have a search action that searches for a type specified by a constants action, then the "output" tab of the search action shows that it generates a list of BiskitDef instead of showing that it generates a list of biskits of whatever type came from the constants.
- Issue: 3308
BUGFIX: Calling a custom function from an Evaluate Expression fails
- If you try to call a custom function from an Evaluate Expression action then when it runs, it gives the error message:
  
  "You cannot call the standard function apply(...) method on CustomWorkflowFunction"
- Issue: 3311
BUGFIX: Bad message if workflow calls a disabled custom function
- If you create a custom function, and disable the action that creates it, and then call that from an Evaluate Expression action or a function action, then the message it gave did not tell you anything about which action was calling the function.
- Issue: 3312
BUGFIX: Exprodo auth fails if case of login name different on each system
- When you log in, the login name you use is case insensitive. It was always like that, apart from a brief period where it caused trouble because users will sometimes switch the case of what they use.
- When using an Exprodo authentication method, that means there are two Exprodo-based systems, and the password is stored in one of them, and that system is used to authenticate users in another Exprodo system.
- However, if those two systems disagree about the case of a login name, then the authentication fails.
- Issue: 3313
BUGFIX: Delete a dynamic note and message shows unformatted primary key
- Issue: 3336
BUGFIX: Failure within UserLoginWorkflowEvent can prevent login by anyone
- If you configure a workflow to run when people log in, using a UserLoginWorkflowEvent, and that workflow fails in some way, then it can prevent people from logging in.
- For example, if you were to modify a historical booking for a resource that does not allow historical bookings to be modified, this would trigger the error. (I know this sounds like a silly example, since nobody would want to do it, but this actually happened.)
- Issue: 3319
BUGFIX: Firewall blocking haveibeenpwned prevents new user creation
- If you have password checking via the internet service haveibeenpwned (which is on by default and recommended), then whenever a new user is created or a password is set, then it will be checked to see whether the password has been exposed in a worldwide security breach.
- This is controlled by a global preferences option in the security tab.
- However, if this is enabled, but a firewall prevents access to https://api.pwnedpasswords.com/ then new user creation would simply block until Apache timed out.
- At this point, the user would receive an error message saying there was a proxy error, but the thread would still be blocked in the server.
- Trying to create multiple users would then block multiple request threads until eventually they would be starved and the system would become unresponsive.
- Issue: 3330
BUGFIX: Automated properties do not support fixed conditions in search
- Suppose:
  - A biskit of type X has a property y
  - Property X.y is marked as automated in the bakery
  - You create a search for instances of X
  - You add a condition where you want to look for instances of X where the value of y is a particular fixed
- Then when you select that you want to select a "Fixed" value, then it does not display a means of entering a value.
- This problem also applies for workflows. For example, if you try to create an instance of X, then you cannot assign a fixed value to X.y.
- The same problem occurs in many workflow actions, and not just creating a new biskit.
- Issue: 3332
BUGFIX: Unset required MappedInt and MappedString properties not marked as errored
- When you mark a property as required in the bakery, then you must provide a value for it.
- Normally, properties that are required display with a red border when no value is provided.
- However, MappedInt and MappedString properties, when marked as required do not display with any indication of an error when no value is provided.
- Issue: 3303
BUGFIX: Menu item for "Calpendo User Guide" points to the wrong URL
- Issue: 3323
BUGFIX: Cannot view rule editor if denied EXISTS on project type used rule
- If you have a rule which references a project type, and there is a permission to deny EXISTS to some user, then when that user tries to open the rule editor, they get an exception.
- Issue: 3338
- Ticket: 6983
BUGFIX: Error if Booking resource change requires Booking BiskitDef change
- If you have two resources configured so that they require Bookings with a different BiskitDef, then changing the resource in the booking pop-up on a calendar between those resources causes an exception.
- Issue: 3339
BUGFIX: Permissions checks sometimes fail on project users
- Project.users are now loaded lazily from the database to avoid the need to load them in some cases.
- This caused a problem when checking permissions.
- Issue: 3340
- Ticket:7659
BUGFIX: Clicking on hyperlink to booking from group report gives exception
- Suppose you have a biskit which stores a reference to a booking, and then generate a group report of that biskit where you add a column to show a link to its booking.
- Then the group report will show links to bookings. Click on one of those, and you get an exception pop-up.
- Issue: 3343
BUGFIX: Clicking link in a list report produces two pop-ups
- When a list report contains a hyperlink, one would expect that clicking the link would take you to whatever it represents, and nothing else should happen.
- However, clicking on any row in a list report would show a pop-up with the biskit in that row.
- So you would actually get the pop-up generated by the link, and then over the top of that, the pop-up for the biskit in the row.
- This was confusing and counter-intuitive.
- The same problem occurred in a group report, whereby clicking on a link would both show the contents of that group below the group report, and also show the pop-up for the link. This was less troublesome, but still unexpected.
- In both cases, whenever you now click in a cell in a list report or group report where the cell contains a hyperlink, then the normal response for clicking in the cell is suppressed so that you only get the result of clicking on the link.
- This does mean that if you carefully click within a cell that contains a hyperlink, but manage to avoid clicking the hyperlink itself, then nothing will happen.
- Issue: 3344
BUGFIX: Change confusing global prefs label and tooltip for timeline height
- Global preferences has an option in the Bookings
- In global preferences, there is an item on the Bookings tab under "Bookings Calendar Start and Finish" that is labelled "Vertical timeline day height".
- The tooltip says: "The number of pixels to display for the height of a day in a vertical timeline".
- The value you select for this is not a number of pixels, but rather a period of time such as 24 hours or 20 weeks etc.
- This just doesn't make sense.
- User settings has an equivalent property that can be used to override the global setting. The label and tooltip it uses are much better.
- The label says "Time displayed in a vertical timeline" and the tooltip "The number of pixels to display within a vertical timeline view).
- These are now replicated in global preferences.
- Issue: 3345
BUGFIX: The horizontal and vertical calendar views were broken when zoomed out
- You can change the zoom level on these calendars by two factors in both global preferences and user settings:
  - The starting and ending hour of the day. These default to 0 and 24 respectively, but you can change these so that less time is displayed on the calendar. While these are aimed principally at the day and week views, they are also reflected on the horizontal and vertical timeline views.
  - The amount of time to be displayed in a vertical timeline.
- When these are zoomed in such that it is no longer possible to display templates down to the level of each 15 minutes (which is the default), then various things went wrong and the whole thing behaved badly.
- Issues: 3342, 3346
BUGFIX: Server-generated booking tooltips show null values as "Hidden"
- When a resource's booking tooltip is customised and defined to contain references to nested paths (contains any item including a period apart from just resource.type) then the tooltip content is generated by the server and not the browser.
- When the tooltip is generated by the server, and any property being shown on the tooltip is null, then it is displayed as "Hidden".
- Any property whose value is hidden by permissions is also displayed as "Hidden".
- This means that the two situations are indistinguishable to a user looking at a tooltip on the calendar.
- We now change this so that values that are not hidden by permissions but which are null, and now displayed blank instead of using the word "Hidden".
- Issue: 3324
BUGFIX: custom property on booking can show as
on change resource
- Suppose:
  - you have a calendar bookmark which contains resources that use two different Booking BiskitDefs.
  - both Booking BiskitDefs contains a property of the same name
  - the first one marks that property as not visible in the bakery or is on a hidden tab in its layout).
  - the second Booking BiskitDef has the property visible
- Then if you click in a column for the first resource to create a booking, but in the booking pop-up you change the resource to the second one mentioned above, then the property that have in common will be displayed as so that you can't enter a value for it.
- Issue: 3335
BUGFIX: Infinite loop on enter search page from custom search page
- From some custom search pages, if you refresh your browser, and then go to Search->Search, you trigger an infinite loop. The browser sits there for a while and then shows an error like "Maximum call stack size exceeded".
- Issue: 3347
BUGFIX: CTMS reception page gives exception fetching data from server
- Issue: 3349
BUGFIX: Avoid CTMS automatic cancel when edit subject with old appointments
- If you are running the CTMS module, and have a subject with historical appointments that should not have happened according to the subject's cohort setting, then editing the subject would automatically cancel that historical appointment.
- This doesn't make sense, and so it no longer happens.
- Issue: 3350
BUGFIX: Updating CTMS subject with some historical appointments rejected
- If you edit a subject that has any historical appointments, then you would not be allowed to save it. That's because it was trying to save the appointments as well, and it doesn't like it when you save an old appointment.
- It refused even if you didn't actually make a change to one of the old appointments.
- This has changed so that if you save a subject, then any appointments or events whose change would break the restrictions on changing old bookings would simply be ignored.
- Issue: 3351
BUGFIX: booking drop-down filtering using user.biskit.children can fail
- One of the ways in which you can arrange filtering of booking biskit-valued drop-downs, is when the booking references a biskit (Booking.foo of type Foo) and there is a biskit on the USER that contains a one-to-many property of the same type (Foo in this example).
- So that means:
  - Booking.foo is a biskit of type Foo
  - User.bar is a biskit of type Bar
  - Bar.foos is a collection of Foo
- Then in this case, the selectable instances of Foo when filling in the booking form are only those Foo that are in the user's bar.foos.
- There is a problem with this scheme if it happens that the browser has not downloaded all the data for User.bar, so that User.bar.foos is not available in the browser.
- This situation is now detected and the missing data fetched from the server as required.
- Issue: 3357
BUGFIX: Relative time events fails updating parent of linked booking
- If there's a relative time event triggered for a booking, and that results in the booking being modified, and the booking is the parent of another booking due to a linked booking configuration, then the update of the booking fails.
- System events show a message:
  
  "Caught exception while firing event to listeners: failed to lazily initialize a collection of role: Calpendo.LinkedBookingLink.statusRules, could not initialize proxy - no Session"
- Issue: 3356
BUGFIX: Calpendo is not compatible with MariaDB 10.6.0 or later
- The column called "offset" in table "units" is not allowed in MariaDB 10.6.0 as "offset" is now a reserved word.
- This has now been renamed to "offset_value".
- Issue: 3364

10.1.24 May 23, 2022

Bug Fixes

BUGFIX: booking's month view waits forever until it returns proxy error
- Issue: 3370

10.1.25 June 23, 2022

Changes

Automatically notice and fix problems with server cache
- There have been some issues lately where a server cache that holds frequently accessed data, has been poisoned.
- This happens when something that is correct at the time it was created is added to the cache, but later becomes inaccessible thereby making the cache broken.
- While we have fixed errors that cause this problem, we now have a self-healing process in place that notices this situation, and causes the cache to be rebuilt.
- The behaviour of the self-healing process can be modified using two flags.
- In both cases, you would need to search for instances of Verbose (either in the general Search->Search page, or in the special
- To allow problems found to be fixed, find and enable the Verbose instance with the name:
  
  com.springsolutions.exprodo.core.server.persistence.LiveCacheHealth:autoFix
- This is enabled by default.
- Normally, the server cache is checked every 30 minutes and, if there's a problem, it will then fix it. Alternatively, you can modify the the period of the check to every minute by enabling the Verbose instance with the name:
  com.springsolutions.exprodo.core.server.persistence.LiveCacheHealth:highFrequencyChecks
- Issue: 3414

Bug Fixes

BUGFIX: Create copy of biskit with one-to-many properties can give exception
- Issue: 3368
BUGFIX: Error if view old repeat booking where old changes not allowed
- If you have a booking that is in the past, and which has repeat information set on it, and editing old bookings is disallowed, then viewing this booking in the search page pauses for some time and then gives an exception like "Maximum call stack size exceeded".
- Issue: 3371
BUGFIX: Generate calendar invitation from workflow produces no invitation
- If you use the workflow function createCalendarInvite to generate an iCal file, and add it into an email, then the email contains a message like:
  
  "Could not load data: Uploaded file cannot be found: JhGuja_RbdAfg-9v-444879784121345"
instead of the appropriate content.
- Issue: 3372
BUGFIX: View user after creating bookings can give error
- It was found when a user created a booking that also caused a linked booking to be created, and then if you go to a list of users and look at any user, it would give an error.
- But this depended on the user performing these actions having limited permissions.
- This bug is a consequence of a fix to an earlier bug (issue 3306) in 10.1.21.
- Issue: 3398
- Ticket: 7807
BUGFIX: Timed events creating biskit with auto-creator fail on update
- Suppose:
  - you have a workflow that creates a biskit
  - that biskit has an automated property to record who created it
  - you have a workflow run by a timed event that creates such a biskit
  - after creating the biskit, the workflow assigns it as a value on another biskit
- Then the update fails with an exception.
- This was caused by an earlier optimisation in 10.1.21 (issue 3259) that made loading a user's projects happen lazily.
- Issue: 3400
BUGFIX: Sort biskits by a string value and you can't save default weight
- If you create a Sort Workflow Action, and select a randomisation type of "Sorted", and then choose a weight path that leads to a string property, then you should be able to set a default weight that is used whenever the weight found at the given path is null.
- However, for string-valued properties, when you save the action, the default weight always defaults back to null.
- Issue: 3401
- Ticket: 7833
BUGFIX: Sort biskits by a string value that's sometime null gives exception
- If you set up a workflow and have it sort a list of biskits, where the sorting is by a string valued property that is null for at least one of the biskits, then the action fails with an exception.
- Issue: 3402
- Ticket: 7833
BUGFIX: Iterate over double-map with FreeMarker gives an exception
- If you have a workflow that includes a Map action, and it includes at least two keys, and then you feed that into a Templated Text action that uses FreeMarker to iterate over the the entries in the resulting map, then you get an exception.
- Issue:3403
- Ticket: 7833
BUGFIX: Repeat bookings that slip into the past not being handled
Whenever a repeat booking's time goes into the past, then something should come along (by default every hour) and create a non-repeat instance to represent what happened, and then modify the repeating instance to reset its start time to the next repeating instance.

This had stopped working, generating an exception with the message:

 "illegally attempted to associate a proxy with two open Sessions"

Issues: 3406, 3359
BUGFIX: Select bookings calendar bookmark from menu shows exception
- If you have a menu item that shows calendars by location, and from the template page, you select one of those calendars from the menu, then it takes you to the right page, but also showed an error in the corner of the screen briefly to say something went wrong on the server.
- Issue: 3355
BUGFIX: Confirming booking when no changes are required gives exception
- If you confirm a booking, and then (perhaps in another tab where you already had the booking displayed) you ask to confirm it again, then you get an exception the second time.
- Issue: 3409
BUGFIX: Exception when hover over booking in calendar to show tooltip
- Displaying tooltip by hovering over booking in calendar can cause server data to get corrupted, resulting in exceptions.
- As a bonus, fixing this has been done in such a way that makes it run much faster.
- Depending on configuration, it could take a few seconds for the server to generate tooltip. Now it takes a fraction of a second in the cases tested.
- Issue: 3412
BUGFIX: Exceptions follow after workflow generated linked bookings
- This bug would not affect most customers. It would be most likely to occur when there are many custom biskit types that have been created that reference users or projects or resources, or groups thereof, and when there are workflows that update anything referencing any of the above.
- When the problem occurs, the actions it takes work without problem, but it "poisons" a cache held on the server so that it will generate errors at some later time when the poisoned part is used.
- The poisoning happens through a deep data traversal and modification process of historical origin whose original purpose no longer exists.
- Consequently, it has now been removed.
- Issue:3398, 3412
BUGFIX: CustomTreePage miscounts items when using multiple nesting levels
- If you add a menu item to show a custom tree page, and you configure it to show dynamic nodes using two or more property paths to group biskits by, then the count displayed of the number of items would be wrong.
- Issue: 2980

10.1.26 June 24, 2022

Bug Fixes

BUGFIX: Bookmark resource type filter shows wrongly formatted names
- On the bookings calendar, if you click "Bookmarks" and then "Edit resources to display", then it shows a pop-up where you can choose which resources should be displayed on the calendar.
- To help filter what's here, you can choose some resource types.
- However, the names of the resource types were formatted incorrectly.
- In a default configuration, you would not notice.
- But if you changed the BiskitDef for Resource (not Resource Type) and made it use a name property other than "name", or set a format that used name plus something else, then the resource type filter would try to display the names of the resource types using the Resource format.
- Issue: 3407

10.1.27 July 6, 2022

Bug Fixes

BUGFIX: Exception when workflow updates biskit with "updator" property set
- If you have a biskit that is set in the bakery to automatically record who updated it last, and then a workflow updates such a biskit, then this generates an exception.
- Issue: 3472

10.1.28 July 23, 2022

Security Fixes

Replace log4j 1.2.17 with real4j 1.2.22
- There are some security issues with log4j 1.x.
- These are not related to the log4shell problems with log4j 2.x (known as Log4Shell) but log4j 1.x has its own issues.
- Log4j 1.x will not be fixed. However, real4j is a project that forks log4j 1.2.17 and has fixed the issues.
- So we now switch from log4j to real4j.
- Issue: 3479

Bug Fixes

BUGFIX: Day/week bookings calendar "colour by project" miscolours titles
- If you configure global preferences so that bookings display a title bar whose colour is indicated by the project, rather than the resource, then the colour displayed can change on refreshing the calendar so that the colours don't always reflect the project colour.
- Issue: 3458
BUGFIX: When one resource has bad URL for ical feed, none of them work
- You can put a URL onto a resource so that it will import its bookings from that URL in ical format. If you put a malformed URL
- Issue: 3410
BUGFIX: Repeat booking starts on wrong day if schedule today after now
- If a daily repeat booking is created to start yesterday (at a time that is later than the current time of day today), then today's booking is created as a non-repeat booking, where it should be the first of the sequence of repeats.
- Issue: 3418
BUGFIX: FreeMarker templated text fails on map action entry keys
- If you run a Map Workflow Action, and then use a FreeMarker-enabled Templates Text Workflow Action that expands the keys, then the result generates an exception.
- Issue: 3461
BUGFIX: A user event configured with a pop-up response ignores given title
- When a workflow runs a User Workflow Event, it can configure a response that should be shown in a popup by:
  - Updating the event's response to set the message and message type
  - Updating the event's response's popup to set the title and other attributes
- However, whatever you specify for the title, it always shows as "Message".
- Issue: 3462
Property references do not include booking display flag conditions
- Suppose you create a Booking Display Flag and add a condition that mentions some properyu 'X' on Booking
- Then if you go to the bakery and search for references to that property 'X', it will not find the reference to it from the Booking Display Flag conditions.
- Issue: 3478

10.1.29 August 17, 2022

Changes

Add 'echoArguments' workflow function (for use in testing)
- This is a workflow function that takes an argument of every PropertyType, and returns them all unchanged.
- The function does nothing with them but return them.
- This is intended for testing purposes only and is probably not of any other practical use.
- This is here to help test the export of function action arguments of various types.
- Issue: 3485,3486

Optimisations

Clicking on project to display it is sometimes slow
- When displaying a project, one of the things that happens is that each of the biskits it references must have a name calculated so that it can be displayed easily in the browser.
- When you have a property that holds a file attachment, then Calpendo was loading the whole of the data contained in the attachment, even though it irrelevant to the name, which is stored as a separate property.
- This optimisation improves things by loading only the necessary data when calculating the name of anything.
- Issue: 3481
- Ticket: 8013

Bug Fixes

BUGFIX: Re-saving custom search page report makes it load as general search
- If you create a report from a custom search page (such as the booking search page) and add some conditions, and save it, then editing the report in the report manager generates this message:
  
  You have changed the conditions beyond the point where they will be recognised by the page that originally created them. This report will now be loaded by the general search page.
- Loading the report no longer loads it into the custom search page it was created from, but the general search page, and the conditions show as much more complicated than the originals.
- Issue: 3334
BUGFIX: Workflow with function actions taking fixed values not exportable
- Workflows can be exported to a SQL file so that they can be copied from one Calpendo to another.
- A fix to issue 3461 in version 10.1.28 meant that some workflows could no longer be exported.
- This affected any workflows containing a function action where at least one of the arguments to the function was specified as a "Fixed" value rather than "Variable" or "Null".
- Issues: 3485, 3461
BUGFIX: Shallow exception editing ServiceOrder with layout without autoNumber
- If you add a layout for ServiceOrder, then any change to a ServiceOrder gives an exception about a shallow autoNumber.
- Issue: 3491
- Ticket: 8154
BUGFIX: Repeat widget description doesn't initially set correct date
- Suppose you create a new booking from the calendar so that you're on the booking form.
- Then add a repeat. It can be of any type except 'Daily' for this bug. Suppose you choose "Monthly by Date"
- Then repeat description will read "Repeat on the 1st of every month" regardless of the date of the booking.
- For example if you created your booking on the 15th it should read: "Repeat on the 15th of every month".
- The other repeat types also have a similar effect not reflecting the initial date of the booking.
- You can work around this by changing the start date or time of the booking date range and the repeat description will update itself to display the correct date.
- Note that this bug is visual only. It does not affect the data that's actually saved.
BUGFIX: Repeat widget shows description for a different type of repeat
- If you change the type of a repeat (eg from "Monthly by Day" to "Monthly by Date") then the description sometimes shows the wrong content (describing a previous repeat type).
- Note: this bug is visual only. It does not affect the data saved, only the way the repeat description is displayed while editing a booking.
- Issue: 3488
BUGFIX: Repeat widget sometimes shows description with end date when there is no end date
- The description of a repeat booking can indicate the repeat has an end date when it does not.
- To replicate this, create a booking, make it repeat and give the repeat an end date.
- Then if you remove the end date, the repeat description still shows the old end date.
- Note: this bug is visual only. It does not affect the data saved, only the way the repeat description is displayed while editing a booking.
- Issue: 3489
BUGFIX: You can't change repeat start date back to its original date after changing it
- If you create a booking and make it repeat "Monthly by Date", "Monthly by Day" or "Annually", then every time you change the booking start date, the description is only updated if you don't choose the original start date.
- Note: this bug is visual only. It does not affect the data saved, only the way the repeat description is displayed while editing a booking.
- Issue: 3490
BUGFIX: Create a booking in the calendar and the history shows it was created by the system user
- Issue: 3492
- Ticket: 8159

10.1.30 September 6, 2022

Bug Fixes

BUGFIX: Saving large file on process update gives exception
- Suppose you add an attachment property to a biskit and then create it via a process.
- On the second stop in the process (so after having created it), add an attachment larger than 320KB in side, and save that step of the process.
- This gives an exception, saying:
  
  "object references an unsaved transient instance - save the transient instance before flushing: Attachment"

10.1.31 September 19, 2022

Bug Fixes

BUGFIX: Workflow becomes uneditable if it includes a custom function with a JavaEnum argument
- Suppose you create a workflow, add a Macro Workflow Event and add a custom function to it.
- Then, add an input parameter to the function of type JavaEnum.
- Select any of the types of JavaEnum available and give it a name.
- Save the workflow.
- Then whenever you try to view the workflow, or click on the Macro event of custom function, you get an exception complaining about a shallow property.
- Issue: 3499
- Ticket: 8257

10.1.32 October 20, 2022

Changes

Sort locations on the menu bar in alphabetically order
- When you add a "Calendar By Location" page to the menu, then it generates submenu items for each defined resource location, with each menu item showing a calendar for the resources in that location.
- These menu items were not always sorted by name, as one would expect.
- Issue: 3514
Optimisation: FreeMarker slow when dealing with users and projects
- Suppose you have a workflow that runs a TemplatedText action, and the template accesses some property of a user (but not the projects or projectsOwned properties).
- Then when the workflow runs, it will prepare the data from the user for consumption by FreeMarker, and this will include projects and projectsOwned - even if they are never accessed.
- If these things are large, which they can be, then this can mean a lot of work unnecessarily.
- Issue: 3513

Security Bug Fixes

SECURITY BUGFIX: Exceptions from automated requests keep session alive
- If you view the bookings calendar, and leave your browser like that, then it will automatically refresh every now and then.
- These automatic refreshes do not cause your session to be extended - that requires manual intervention so that your login session period is extended only when you are actually doing things.
- However, if one of these automatic refreshes were to generate an exception, then that exception would be registered with the server, and that registration message could extend your session.
- This has now been changed so that an exception generated from an automated request is itself treated as automated.
- Issue: 3512

Bug Fixes

BUGFIX: Login download can include bookings (and so cannot log in if bookings table missing a column)
- Suppose you set up this situation:
  - There is a biskit type X that has a property storing a Booking
  - Booking has a property storing an instance of X
  - X is marked as enumerable
  - One or more properties are added to Booking without clicking Update DB Schema so that the bookings table is missing at least one column
  - You click Reload DB Config
  - Then if there are any instances of X that reference a booking, you cannot log in
- This scenario has been seen when setting up invoicing and having a Line Item that references a booking, and allowing a booking to reference a Line Item.
- Issue: 3503
BUGFIX: Exception message triggered switching to 'no repeat' type
- Issue: 3502
BUGFIX: Exception running user workflow without awaiting outcome
- If you create a user workflow event and configure a workflow button or menu to run it and not to await the result, then a Templated Text action will generate an exception.
- Issue: 3507
BUGFIX: First login after un-suspending user can fail
- A user's status can be "SUSPENDED". This means they are not counted towards the licensed number of users, but they can still log in.
- When they do log in, then it means their status changes to "NORMAL", and they do count towards your licensed number of users.
- When a user that is suspended tries to log in, then that first login can fail, forcing them to refresh their browser to continue.
- Issue: 3511
BUGFIX: Menu-run workflow events never wait for completion even if told to
- When you configure a menu item to run a workflow, there's a setting where you can choose whether the UI will wait for the completion of the workflow.
- Regardless of what you selected, it would not wait.
- Issue: 3519

10.1.33 January 4, 2023

Bug Fixes

BUGFIX: Exception on the calendar if the number of vertical pixels set to 1
- You can choose the resolution of the calendar display, and one does this by setting a number of pixels that should be displayed for each 30 minute block.
- If you were to set this to one, then it would result in an error complaining about a divide by zero.
- Issue: 3504
BUGFIX: Trying to create a new theme gave an exception
- Issues: 3501, 3508
BUGFIX: ServiceOrder permission broken in recently loaded module
- Issue: 3509
BUGFIX: Copy/paste a templated text does not renumber freemarker loops
- If you have a workflow that includes a TemplatedText action, then when you copy and paste something that includes it, then any references within the template to outputs from earlier actions may need renumbering to reference the new values.
- This was not happening for FreeMarker loops. For example:
  
  <#list source290.biskits as biskit> </#list>
- In this case, where this TemplatedText is inside an action #290, and that it copied elsewhere so its number changes, then the 290 inside the template should change in a corresponding manner.
- Issue: 3475
BUGFIX: Execute System Command actions can provide args in random order
- An Execute System Command workflow action allows a workflow to make a call to a script or executable on the server.
- You may pass arguments to that script, and the UI takes care to make sure that those arguments are displayed in a consistent order.
- However, the order of the arguments is not guaranteed to be the same when it calls the script.
- This fix ensures that the order shown in the UI is what is presented to the script.
- Issue: 3535
BUGFIX: Hidden formulaic prop on child of one-to-many causes save exception
- Suppose:
  - you have a one-to-many property from PARENT to many CHILD
  - CHILD.value is a formulaic property
  - CHILD.value is marked as not visible and not visible in biskit detail in the bakery
- Then if you try to create an instance of PARENT, and add at least one CHILD to it, then the save yields an error message saying "ClassCastException".
- Issue:3522
BUGFIX: Condition on user "self member of" shows list of user not group
- If you search for users, and add a condition of the form:
  
  self member of
- then you should see a drop-down with a list of user groups so that the condition checks whether the user is in the selected user group.
- However, it was instead showing a drop-down with a list of users, which makes no sense.
- Issue: 3515
BUGFIX: Cannot set default value for automated property
- If you mark a property as automated in the bakery, then the editor for the default value displays read-only.
- If the property is string-valued, then a read-only version of the string means it looks like the editor has disappeared.
- Issue: 3496
BUGFIX: Update newly created project fails with custom one-to-many prop 1/2
- If you add a one-to-many property to Project, and then create a project and immediately edit and save that project, then the update fails with an exception.
- Issue: 3483
BUGFIX: Workflow copy function fails on biskits of a generated BiskitDef
- Suppose you:
  - Add a Create BiskitDef action to a workflow
  - Create an instance of the biskit represented by that BiskitDef
  - Add an action to call the "copy" function that copies that instance
- Then this fails with an exception.
- Issue: 3536
BUGFIX: Select booking owner using mouse sometimes does not work
- When there are more than 20 users to select from, selecting the user that is the owner of a booking using the mouse will sometimes result in the owner being unset.
- Issue: 3420
BUGFIX: Index Out Of Bounds exception when using Multi Column table in booking layout
- Add a multi-property column table to a booking layout, and displaying a booking would give an Index Out Of Bounds Exception.
- Issue: 3532
BUGFIX: Props on subtabs of Booking Layout not filtered based on resource
- If you add properties to a booking layout, where those properties include a biskit drop-down whose values offered in the drop-down should be filtered depending on which resource is selected
- then that filtering does not work when the properties are placed into a nested tab.
- Issue: 3531
BUGFIX: Exception viewing linked booking link if child resource is subtype
- Suppose:
  - You create a subtype of resource
  - Create an instance of that resource
  - Add that resource as a child resource of a linked booking link
- Then on viewing the linked booking link, it gives an exception.
- Issue: 3530
BUGFIX: Export workflow and some action types don't export fixed values
- This affects:
  - BiskitCreateOrUpdateWorkflow
  - CallSubroutineWorkflowAction
  - CreateBiskitDefWorkflowAction
  - CreateVariablesWorkflowAction
  - CustomFunctionWorkflowAction
  - DefineConstantsWorkflowAction
  - DefineInterfaceWorkflowAction
  - ExecuteSystemCommandWorkflowAction
- and also
  - StepUser
- Issue: 3534
BUGFIX: Occasional exception when click on "References" button in bakery
- This problem will show up only if you customise layouts and configure a "one to many import header" on a one-to-many property.
- Issue: 3537
BUGFIX: Biskit Create action loses StringEnum values on save
- If you create a workflow that involves a Biskit Create or Biskit Update action that sets the value of a StringEnum property to a fixed value, then when you save the workflow, the display does not show the value it is being set to.
- The value is saved to the database, but not displayed.
- Issue: 3539
BUGFIX: Exporting a ProcessDef makes their steps forget their editors
- If you create a ProcessDef, and specify who is allowed to be an editor at one or more steps, then on exporting and importing the ProcessDef, it forgets who those editors are.
- This applies regardless of whether you defined editors using a fixed or variable value.
- Issue: 3540
Workflow copy function bad error message if try to save biskit of a generated BiskitDef
- Suppose:
  - You create a subtype of resource
  - Create an instance of that resource
  - Add that resource as a child resource of a linked booking link
  - Use a version of the "copy" function that lets you specify whether to save the biskit
  - Specify you want to save the biskit in the copy
- Then this shows an error message, and on that looks like a server error.
- However, it should show a nicer error that points to the copy function action, and tells you that you can't save a biskit for a temporary BiskitDef.
- Issue: 3542
BUGFIX: Export ProcessDef and initial step property is lost on import
- Suppose you create a ProcessDef, with at least one step, and then assign something as the initial step.
- Then when you export the ProcessDef to SQL, there's a bug in the generated SQL such that on loading it, the recreated ProcessDef will not have anything as the initial step.
- The SQL gets confused between the name of the step and the name of the ProcessDef.
- You can work around this bug by assigning the initial step the same name as the name of the ProcessDef. That would mean the import would work as expected.

10.1.34 January 19, 2023

Changes

Increased limit controlling nesting depth of actions in a workflow
- Previously, if you added nested actions in a workflow to a depth of about 50, then the workflow manager would stop being able to display any workflows at that point.
- We have now doubled the limit to support around 100 nested actions.
- Issue: 3559

Bug Fixes

BUGFIX: Emails sometimes fail when initiated from a workflow
- Suppose a user modifies an email, and there is a database event that is triggered by it, and it triggers an action that sends an email to the booking's booker.
- Then if the database event is configured with "vetoable" set to false, so that it runs after the update has been committed to the database, then sometimes the email fails to be sent.
- Issue: 3563

10.1.35 February 20, 2023

Bug Fixes

BUGFIX: Booking pop-up drop downs sometimes empty when they should not be
- The booking pop-up will filter options available in some drop-downs so that it will only include those values that will be allowed.
- However, following a change in 10.1.32 to fix a different problem (issue 3503), there are some circumstances in which this auto-filtering is broken which results in there being no values to display in a drop down.
- See the notes for 10.1.32 to see the circumstances of that issue, as it is the same situation that is broken here.
- Issue: 3578
BUGFIX: Parsing a version 9 ID greater than 2,097,151 produces a bad result
- If a version 9 system is upgraded to version 10, and some of the ID numbers were larger than 2,097,151 then you can't search for those items by their formatted ID number.
- That's because the code that handles parsing the formatted ID numbers generates an internal overflow when given something that had an old value above the 2,097,151 limit.
- Issue: 3587

10.1.36 March 7, 2023

Bug Fixes

BUGFIX: Workflow changes to one-to-many child of project lost by browser
- Suppose that:
  - you have a one-to-many property on project called x, with it being a biskit of type X.
  - you then have a one-to-many property X.y, with it being a biskit of type Y.
  - you have a workflow triggered by creating a project and the workflow creates an instance of X and Y for the project.
- Then if the user were to create a project, and immediately edit and save without a refresh of the browser in between, then the X and Y would be deleted.
- Issue: 3592
- Ticket: 8916
BUGFIX: Lazy Initialization Exception in FreeMarker post-transaction report
- Suppose you create a Database Workflow event that is triggered from a change to a project, and mark it as not vetoable (so it runs after the project change has been committed to the database)
- Add a Templated Text action (with FreeMarker enabled) with this as the template:
```
  <#if source1.New.users?size != 0>
  There are some users on this project
  <#else>
  There are no users on this project
  
  
```
- then if you edit/save a project, the workflow will generate an exception.
- Note that, since this is not vetoable, and it runs after the transaction has been committed to the database, it means that the user triggering this change will not see any indication of a problem.
- There will instead be a problem shortly afterwards, which could be seen in the log file or system event.
- Issue: 3593
- Ticket: 7825
BUGFIX: Warning logged about 'RepeatableBiskit' when edit booking
- If you enable verbose mode for 'com.springsolutions.exprodo.core.server.ExprodoInternalServiceImpl:validate'
- and then modify a booking, then the logs contain this (benign) warning:
```
  WARNING: Could not find BiskitDef 'RepeatableBiskit'
  
```
- The warning is a false positive, and should not have been generated.
- This message does not make it into the system events - only the log file in the tomcat logs directory.
- Issue: 3600
BUGFIX: Adding biskit to SET property results in error (LIST/SET confusion)
- Suppose you create a workflow that defines a variable that is a set of biskits.
- Suppose further that you use the "add" workflow function to add a biskit to that set, and then use a Biskit Update action to assign the result back to the variable.
- Then doing that sequence twice will fail with an error saying
  
  "Cannot convert value of property of type List to type Set"
- Issue: 3602
- Ticket: 9045

Optimisations

OPTIMISATION: Avoid fetch from database when conditions compare biskits directly like "a == b"
- Suppose a booking is updated, and it triggers a workflow.
- Then you run a Search Workflow Action where you search for ProjectResourceSettings with a condition:
```
  value of project equals DatabaseEvent#1.New.project
  
```
- That is, you're searching for ProjectResourceSettings for the project used by the booking.
- Then the project does not need to be fully fetched from the database to do this, because it only requires a comparison of primary keys.
- However, this fetch was being done.
- This optimisation is being done because it also avoids a bug that was discovered in production.
- Issue: 3598
- Ticket: 9013

10.1.37 March 21, 2023

Bug Fixes

BUGFIX: Long-running busy Calpendo breaks workflow manager UI
- If you have a particularly busy Calpendo, or one that is running for a long time between reboots, then Calpendo can get itself into an error state.
- While in this state, viewing the workflow manager will display errors for any workflow that contains a Create Variables action or a Function action.
- The workflows will continue to run perfectly okay, but they can't be viewed or edited properly.
- Issue: 3413
BUGFIX: Infinite loop if biskit update sets non-existent variable to vars [WIP - needs release notes & change#]
- Suppose:
  - You create a workflow and add a Create Variables action
  - Do not add any variables to the action
  - Add a Biskit Update action
  - Have the biskit update update the output of the variables
  - Add to the biskit update a request to set one property value
- Now there are no variables, and so when selecting which property will be modified, there is nothing to choose.
- In the case, the property drop-down says "There are no selectable properties".
- Suppose you now choose that this "unknown" property has its value set to the output of the create variables action, and then save the workflow.
- If you try to run it, then it gives an infinite loop and an exception.
- If you arrange for this workflow be triggered by something at boot time, then it will prevent Calpendo from booting properly.
- Issue: 3617
BUGFIX: Trouble if one-to-many children share table with another BiskitDef [WIP - needs release notes & change#]
- If you have a one-to-many relationship, and the child biskit is stored in the same database table as another biskit, then viewing the parent can show more children than it ought to.
- This is caused by confusion between the different types that are stored in the same table.
- Issue: 3616

10.1.38 June 9, 2023

Changes

Change booking pop-up close button label
- The button that closes the booking pop-up has a label that is slightly different depending on whether you are creating, editing or viewing a booking.
- There has always been a difficult line to treat between the general concepts of cancelling a pop-up and cancelling a booking, and trying to choose button labels that cause the least confusion.
- This is another attempt to make this less confusing and more obvious.
- The current labels used are:
  - "Cancel Pop-up" (when creating a booking)
  - "Cancel Changes" (when editing a booking)
  - "Cancel Pop-up" (when viewing a booking)
- These are now changing to:
  - "Close Without Saving" (when creating a booking)
  - "Close Without Saving" (when editing a booking)
  - "Close Pop-up" (when viewing a booking)
- Issue: 3660
- Ticket: 9373

Bug Fixes

BUGFIX: Set report schedule start date into future causes it to never send
- Suppose you have a report that is scheduled to run every month on the 10th of the month and repeat forever.
- With the report already saved, edit it. Whatever the start date on the repeat, set a different start date that is more than one month in the future, and save it again.
- Then you should see that the "Next Send" date will show "nothing scheduled", and if you wait for the report to be sent, it won't ever be sent again.
- Issue: 3662
- Ticket: 9396
BUGFIX: Select "last week of month" for monthly repeats by day fails
- If you make a booking repeat monthly by day (for example on the third Monday, or the last Tuesday), and you tick the checkbox that chooses the last week of the month, then the booking would appear to not have the last week selected, and would behave like it didn't.
- However, the information was stored correctly in the database, but was not being read and handled properly.
- Issue: 3657
- Ticket: 9429
BUGFIX: System events cannot be deleted (if they have child chunked data)
- System events sometimes have additional data to record beyond the standard minimal set. When this happens, the additional data (which can potentially be large) is stored in a separate table where it is split into chunks (so each row can have limited size).
- However, any system event which has this child chunked data cannot be deleted.
- We now automatically delete the child chunked data whenever its system event is deleted.
- Issue: 3516
- Ticket: 8398
BUGFIX: Cannot book for some projects if owner defaults to project owner
- If the owner of a booking defaults to the owner of the selected project (which is the default value), then the set of projects from which you can choose for your booking will exclude any project that is not related to the currently selected booking owner.
- For example, suppose:
  - a user has two projects, A and B
  - these projects have two different owners, OA and OB
  - OA is not a user of B and OB is not a user of A
- Then when you select either project, A or B in the booking pop-up, the other project would not be included in the drop-down of selectable projects.
- Issue: 3653
- Ticket: 9361
BUGFIX: Booking confirmation button is enabled in cases where it should not
- The booking pop-up has a button labelled "Confirm", which appears next to the current status.
- This button will attempt to promote a tentative booking to either requested or approved, and to promote a requested booking to approved.
- If the booking is neither tentative nor requested, then the button does not show.
- The confirm button ought to be enabled when the user has permission to change the booking's status to requested or approved.
- However, it was being enabled when the user had permission to change the booking's status to anything.
- This meant that the button would be enabled for a requested booking if you had the right to cancel the booking, but not to approve it.
- Issue: 3665
BUGFIX: Booking Confirm button greyed-out when it should be enabled
- When you edit a booking request, and the booking has a custom property storing a user, then the Approve button is greyed out.
- This applies even if you have permission to approve the booking.
- As a work-around, you can view the booking request instead, and from there, the Approve button works properly.
- Issue: 3664
- Ticket: 9450
BUGFIX: If a user's settings has no menu at all, then they cannot log in
- If for some reason a user's settings has no menu assigned to it at all, then the user is prevented from logging in by a nasty error message.
- Issue: 3668
BUGFIX: If permissions hide menus then new user get no menu
- If you have permissions set so that non-admins cannot know about menus, then trouble follows.
- In particular, if you create a new user and they try to log in, they will find they have no menu at all.
- Issue: 3667

10.1.39 August 29, 2023

Changes

Add code to help debug CreateVariables bug
- There's a bug that appears as though CreateVariables has no variables.
- This is only a display bug, as workflows continue to work normally while in this error state.
- This change is here to provide additional information the next time this error state occurs in order to help identify the cause of the problem
- Issue 3711
- Ticket 9900

Bug Fixes

BUGFIX: Contacts boot-time failure logged when APIServlet verbose setting not in DB
- The "Contacts" Exprodo application generates an exception at boot time if there isn't a verbose setting stored in the database for the APIServlet class.
- This problem does not affect Calpendo, only the Contacts app.
- Ticket: 9150
- Issue: 3678

10.1.40 7th September, 2023

Changes

Prevent the system user from being added to permission 'Applies To' tab
- Issue: 3716

Bug Fixes

BUGFIX: System broken if a permission set to apply to a system user
- If you configure a permission so that either the 'Applies To' or 'Does Not Apply To' tabs contain the system, then it causes mayhem.
- Only root users can log in, and the root user only sees an error when trying to view the permissions page.
- Issue: 3715

10.1.41 12th December, 2023

Bug Fixes

BUGFIX: Child linked bookings updated even when they break bookings rules
- Suppose you have a linked booking configured, and you have a parent booking and a child booking (or child bookings), and then you change the time of the parent such that one of the children would clash with a pre-existing booking, thereby contravening a double booking rule.
- Then the user would be shown an error message telling them the child had broken the rule, but all children would still be modified.
- In other words, it would allow the child to break the double booking rule (or in fact any rule).
- Issue: 3706
BUGFIX: Authentication buttons don't appear in order set by drag & drop
- You can change the order of authentication methods by using drag & drop in the authentication method editor.
- However, the order that you then set is not reflected in the order of the displayed buttons on the login page.
- Issue: 3777

Release Notes 10.1

March 13, 2024

Table Of Contents

Upgrading to 10.1

Software Requirements

Before Upgrading To Version 10.1

How To Perform The Upgrade

If Things Go Wrong

Locate The Log File

Database Restarts During Upgrade

New Features

Clinical Trials Management System (CTMS)

Formatting Numbers

Page History

Database Analysis

Layout Changes

Custom Permissions Messages

Database Supplied Values

String Column Type

Dark Theme

Workflow Changes

New Workflow Functions

Workflow Debugger Changes

Triggers Tree Drop-Down Menu

Browser Refresh Remembers Search Options

Frames-by-Type Tab

Frame Selection History Tab

Recording On/Off Time Limit

Calendar Changes

Date Navigation On The Calendar

Booking Layout

Booking Colour On The Calendar

Booking Show On Calendar

Resource Show On Calendar

Booking Display Flags

Booking Content On Calendar

Choose Project for Templates on Bookings Calendar

Show Which Template Applies Now

Booking Confirmation

Security Compliance

Secure Block Chain Audit Log

Prevent Changing Audit Log and Attachments

Require Reason For Deletion

AuditLog Human Readable Export

AuditLog Search

Recording Emails

Protection Against Clickjacking

Changes

Formatted ID Time Zone

Linked Bookings

Cancellation Reasons

Date/Time and Date Range Properties With Seconds

Usage Recorder

Control Over Tag Creation

Approximate Dates

Optimisations

Default Project Status

Per-User Default Initial Page

Workflow Dynamic Content Pop-ups

Running User Workflow From Process Page

Stepped Editor New Custom Buttons

Menu Custom CSS

Misc Changes

Updates

10.1.0 November 4, 2020

10.1.1 June 18, 2021

10.1.2 June 28, 2021

10.1.3 July 9, 2021

10.1.4 July 21, 2021

10.1.5 August 10, 2021

10.1.6 September 27, 2021

10.1.7 September 29, 2021

10.1.8 September 29, 2021

10.1.9 November 8, 2021

10.1.10 November 26, 2021

10.1.11 December 7, 2021

10.1.12 December 9, 2021

10.1.13 December 10, 2021

10.1.14 December 11, 2021

10.1.15 December 13, 2021