Skyve 8.2.2 Released

Skyve 8.2.2 introduces a new access control mechanism that improves the security of all Skyve applications. It adds a new Oauth2 login provider (Microsoft Azure Active Directory). It also adds support for multi-tenant offsite backups and new Bizlet lifecycle methods.

Access Control

Before a user can access application resources, Skyve checks that the user has been granted permission via the role-based privelege mechanism. If a user does not have access to a resource via a menu or navigation from a view, they will be prevented access.

A new accesses element has been added to the role metadata per module which allows developers to grant resource access to a role when Skyve cannot determine this automatically.

New Bizlet Lifecycle methods

Two new Bizlet lifecycle methods, postRender and postDelete have been added. These allow developers further opportunities to hook into the rendering pipeline to implement business logic after server-side rendering has been completed, and after deletion of records agianst the persistent datastore.

Multi-tenant Offite Backups

Skyve 6.0 first introduced the ability to perform backups against a cloud provider, but this only worked in single-tenant applications. Skyve 8.2.2 now provides support for multi-tentant applications to Microsoft Azure cloud storage. See the Developer Guide for instructions on how to enable this for your application.

Dev mode changes

Dev mode, which previously did not cache metadata to allow developers to observe changes to views without redpeloying, has now been enhanced to perform more real-time evaluation of changes to metadata. This enables developers to observe additional application changes, such as changes to the menu, without redeploying.

This additional evaluation comes with some performance overhead and should not be used during any production deployment. See Notes for Upgrading for instructions on how to disable this.

Remove button

It was previously possible to configure permissions so that a user had the ability to create a child record, but not delete it, which would leave the user stuck if they decided to back out of creation of a new child record. Skyve now provides a Remove button when creating child records in a grid, allowing users the ability to cancel creation of the record.

Admin

  • Turn off sanitisation for Communication and CommunicationTemplate so that data urls are not stripped out of embedded images in HTML emails
  • Update Registration to handle invalid email addresses by warning the user if the email is invalid and asking the user to confirm their email during registration
  • Update CommunicationBizlet.anonymouslyCommunicationExists to use a DocumentQuery instead of SQL

Framework

  • Add REST content management remoting
  • Remove false from XML document generation
  • Add documentation regarding access control for Map Models
  • Add AccessException as a Subclass of SecurityException
  • Components no longer embed/replace with their targets but reference normalised view fragments by customer and uxui
  • Add Two Factor Email Authentication
  • Create unique model names for inline chart builder metadata
  • Depend on Spring Security 5.7.5
  • Add Bizlet.postRender() callback
  • Add Bizlet.postDelete() callback
  • Update Azure backups to cater for multiple tenants
  • Add fluent builder classes for module role access metadata
  • Switch DataGrid action visibility on document privileges
  • Call Bizlet.resolve() when editing a bean in an edit view
  • Remove derived Router.unsecuredRoutes and move RouterMerger to Router.merge()
  • Update Domain Generation to throw helpful error message when a Document has both persistent strategy="mapped" and a persistent name
  • Support PostregSQL case insensitive indexed searches
  • Add support for Microsoft Azure AD OAuth 2 login

Responsive Renderer

  • Display a Remove action button when the user does not have a delete privilege but the record not is not persisted
  • Fix text wrapping in view rendering

Desktop Renderer

  • Display a Remove action button when the user does not have a delete privilege but the record not is not persisted

Notes for Upgrading

To upgrade your Skyve project to this version, change the Skyve version in your pom.xml to 8.2.2 and perform an assemble.

If you are upgrading from a version older than 8.1.5, please see the previous release notes and also apply those changes.

There are some changes to how devMode operates since the previos release which will have more of a performance impact in production environments. This should only be used for local development and turned off (set to false) for all production systems.

"environment": {
    ...,
    "devMode": false,

There is a new property to specify the URL of the Rest Content Server if this is going to be used:

"content": {
    ...,
    "serverUrl": "<restServerAddress>"

The new access control security is enabled by default in new and existing projects when being upgraded to 8.2.2, but this can be disabled by setting the new property to false.

"environment": {
  ...,
  // Check Skyve URLs and endpoints against the metadata and what can be navigated to
  "accessControl": true,

There are new oauth2 properties to specify tenant and client ids if are enabling Azure AD authentication in your Skyve application:

"account": {
  ...,
  // For Microsoft Azure AD authentication - see portal.azure.com
  // (redirectUrl URL is <Context URL>/login/oauth2/code/github)
  "azureAdAuthClientId": null,
  "azureAdAuthTenantId": null,
  "azureAdAuthSecret": null

See the complete upgrade instructions on GitHub.

releasesBen PetitoComment