[tryton-announces] Newsletter October 2021
Newsletter October 2021 Red Leaf Trees Near the Road1280×853 332 KB Here are the latest improvements in preparation for the upcoming 6.2 release. Changes for the User The sale module currently provides reporting that displays relevant data grouped by products, categories etc. We now also have a general report that is not grouped but just displays totals. We now support products without a list price. The user will be warned if they try to post an invoice with a date in the future. The web client now has a button to fold/unfold the selected records of a tree. The dunning records now store their own age. New Modules The Product Image Attribute Module adds attributes to product images. Changes for the System Administrator The errors that are raised during non-interactive operations (like scheduled tasks or queued jobs) are now listed in the administration entry. These error can be processed by a user, and once solved the task or the job is submitted again. The trytond-stat command displays the node name on which the process is running. This is useful when the directory that contains the stat socket is shared between multiple machines. On first login the configuration wizard now has a step that makes it easy to activate modules on the system. Changes for the Developer The MPTT behavior has been improved to avoid a full rebuild when creating nested records. It now does a classic update for each level. The ModelStorage class now has a count() method that returns an estimate of the number of records stored. It uses caching and random invalidation to minimize the cost. We now use str instead of repr when constructing the warning keys. This allows the same key to be constructed using proteus. The method remove_forbidden_chars has been added to the tools as it is used by many modules. The ModelSQL.search method optimizes some queries by using a UNION of sub-queries when clauses contain straight columns of the table and columns of a joined table. In these cases the database can use indexes. The context can normally only be modified with the Transaction.set_context context manager. In order to enforce this behavior, the context is now an ImmutableDict. The title of emails generated from a report no longer contain the name of the record from which the report is generated. The value of the Dict field is an ImmutableDict but the values must also be immutable. So we now use a tuple instead of list. The server now uses the bigdecimal type from XML-RPC. For performance reasons we use __slots__ for the classes registered in the Pool. But as this can be broken when one class does not define it we added a generic test which ensures that all the classes in the Pool have __slots__ defined. When proteus is configured to use XML-RPC, it authenticates on each request. This is slow as we are using a slow hashing method for security and to protect against brute-force attacks. Now proteus can be configured to use a session with XML-RPC. The grouping option to format numeric widget can be configured on the view. We unified the way we set email From headers. Tryton now sets the Reply-To and On-Behalf-Of headers when needed. 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-october-2021/4659
[tryton-announces] Release 1.3.0 of python-sql
Release 1.3.0 of python-sql We are proud to announce the release of the version 1.3.0 of python-sql. python-sql is a library to write SQL queries in a pythonic way. It is mainly developed for Tryton but it has no external dependencies and is agnostic to any framework or SQL database. In addition to bug-fixes, this release contains the following improvements: Add GROUPS frame to Window Add exclude to Window Add method for each type of join Support Select queries in conditionals and functions Remove support for Python older than 3.5 python-sql is available on PyPI: python-sql · PyPI 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/release-1-3-0-of-python-sql/4618
[tryton-announces] Release of Relatorio 0.10.0
Release of Relatorio 0.10.0 We are glad to announce the release of Relatorio version 0.10.0. Relatorio is a templating library mainly for OpenDocument using also OpenDocument as source format. This is a minor feature release which: Add relatorio-render script Add templating of meta in opendocument Remove support for Python older than 3.5 The package is available at relatorio · PyPI The documentation is available at Welcome to relatorio’s documentation! — relatorio 0.9.4 documentation 1 post - 1 participant Read full topic URL: https://discuss.tryton.org/t/release-of-relatorio-0-10-0/4612
[tryton-announces] Foundation Budget Update
Foundation Budget Update The Tryton foundation is happy to annouce that we achieved four of the goals from the foundation Budget. With these resources we will be able to: Maintain our infrastructure for the current year. Create an infrastructure overview so it’s possible to get offers for the infrastructure maintenance for next year. Buy a new Mac mini to support Apple Silicon. Improve the contents of the current website, including more detailed explanations of Tryton’s main features. Here’s a photo of the MAC Mini we purchased: imatge1920×1080 80.4 KB The server is already deployed and ready to be used by our development team. We expect that the work on the other topics will soon be started, and we’ll keep you informed about their progress. We are still missing some funds to reach the goal of Building a new code review system but the year has not ended yet So, if you want to help make it happen please make a donation. 2 posts - 2 participants Read full topic URL: https://discuss.tryton.org/t/foundation-budget-update/4563
[tryton-announces] Newsletter for September 2021
Newsletter for September 2021 Green and Gray Scissors1280×853 222 KB We hope that everybody had a nice Summer and enjoyed their holidays. The Tryton team continued working on the ERP and we are back with a resume of the latest improvements. Changes for the User We added a frame around the image widget. This makes the widget cleaner when empty. More party identifiers and tax identifiers have been added for Austria, Ukraine and Vietnam. The rule keywords from statement lines are now stored in such way that they can be used for future matching. This adds a form of learning behavior to the statement rules engine. We added a new wizard to split accounting lines. This is useful to reschedule payable or receivable lines by applying a new maturity date to each new line. The wizard can also be used on dunning and invoice lines to reschedule them. It is now possible to set accounts for taxes of type “None”. This is useful for taxes that are entered manually on the invoice because the account will be filled in automatically. New Modules The Stock Package Shipping Sendcloud Module allows package labels to be generated for shipments made by any of Sendcloud’s supported carriers. The Account Budget Module provides the ability to set budgets for accounts over a defined period of time. These budgets can then be used to track the total amount from relevant transactions against the budgeted amount. The Analytic Budget Module provides the ability to set budgets for analytic accounts over a defined period of time. These budgets can then be used to track the total amount from relevant transactions against the budgeted amount. The Product Image Module adds images to each product and variant. Changes for the System Administrator We improved the error management in the script used to import postal codes. Changes for the Developer We moved and renamed the cost_warehouse from the product_cost_warehouse module to the warehouse in the stock module. By doing this it can now be used by any module that depends on the stock module. The complete locale definition for the user’s language is now sent to the clients. Proteus now also fills in the wizard actions attribute when the result is an empty list. The number widgets’ width attribute is now also used as its default display width. The currency module defines a new Monetary field. This is derived from the Numeric field by adding a currency attribute which contains the name of the field which stores the currency. The desktop clients render these fields using the monetary format and with the currency symbol by default. It is now also possible to use a string as the digits value on number fields (instead of the usual pair of integers). The string must contain the name of a Many2One field which points to a Model that inherits from DigitsMixin and that provides a get_digits method. This allowed the removal of all the Function fields that provided the currency and unit digits. Another benefit is that clients cache the value for each DigitsMixin record for 1 day by default, so this change also reduces the load on the server. We reduced the number of times we save the cost values when doing multiple moves. We no longer try to read records that were deleted after being instantiated from a browse list. The digits argument to the format_number method of Report is now optional. If it is not specified, or is set to None, it will display all the significant digits. 2 posts - 2 participants Read full topic URL: https://discuss.tryton.org/t/newsletter-for-september-2021/4525
[tryton-announces] Newsletter for August 2021
Newsletter for August 2021 Summer Letter Cube on Soil1280×773 102 KB Development has slowed down a bit during the summer but improvements are still being made. Changes for the User The clients now only use the last menu entry as the label on each tab. A new sales report by customer category has been added. In order to close an accounting period, inactive accounts must now be balanced. New Modules The Account Stock Shipment Cost Module allocates shipment costs based on invoices. Changes for the System Administrator The server will now use argon2 or scrypt to hash passwords by default. Changes for the Developer It is now possible to use a PYSON _expression_ as the key for a PYSON.In with a dict object. 2 posts - 2 participants Read full topic URL: https://discuss.tryton.org/t/newsletter-for-august-2021/4443
[tryton-announces] Newsletter for July 2021
Newsletter for July 2021 Happy woman showing wooden signboard saying open1280×1065 188 KB After the 6.0 release, development has restarted. Here are some changes that have already landed: Changes for the User We always try and automatically reconcile the oldest account move lines first. The desktop client sets the mnemonic keys using the first letter of the label that is available on the user’s keyboard. It is now possible to reset asset depreciations to draft if none of the moves have yet been posted. Binary fields can now be exported or imported by CSV. The data must be encoded into base64. We removed the unique product constraint on Bill Of Materials. When a manual tax is added to an invoice, we now also register a tax line with the base amount for the tax reporting. We allow warehouses to be grouped under a common view location. The commission module gained a report that shows the commission per agent. The web client now has accesskeys for each widget and button. They are displayed using the key combination +. The statement journals can now be deactivated as the company can close its related bank account. Changes for the System Administrator The trytond-console command can now be started with a read-only transaction. Changes for the Developer We implemented the BOOL_AND and BOOL_OR SQL functions in the SQLite back-end. We use the i18n Genshi extension to enable better translations of the gift card emails. We added a unique constraint for the language codes. The clients now search and get Dict keys in a single call for improved performance. We added to res.user.warning a method to format the warning name based on a list of records. 2 posts - 2 participants Read full topic URL: https://discuss.tryton.org/t/newsletter-for-july-2021/4338
[tryton-announces] Tryton's IRC channels are moving to libera.chat
Tryton's IRC channels are moving to libera.chat In what looks like a never ending saga the freenode admins have decided to switch to a new IRC daemon thus effectively removing all the registered nicknames and channels. This move has effectively removed all the remaining reasons that were left to stay on the freenode’s network. Hopefully since the last episode the foundation had taken the steps to prepare the migration of our channels towards libera.chat. So from now on the IRC channels used by the Tryton community will be hosted on the libera.chat infrastructure: ircs://irc.libera.chat:6697/tryton Members of the german community please note that we have use this as the opportunity to migrate from your old #tryton.de channel to #tryton-de. 3 posts - 2 participants Read full topic URL: https://discuss.tryton.org/t/trytons-irc-channels-are-moving-to-libera-chat/4322
[tryton-announces] Tryton Release 6.0
Tryton Release 6.0 Gray Concrete Road Between Green Trees Under White Clouds and Blue Sky1280×853 156 KB We are proud to announce the 6.0 Long Term Support release of Tryton . This release provides many bug fixes and some significant improvements. Among other changes you will find the display of attached documents, reinforced security and many accounting improvements. There are also no more than 11 new modules that include support for things such as Incoterms, Avatars and Product kits. Tryton has now also been translated into Romanian which brings the number of languages to 24. You can give it a try on the demo server, use the docker image or download it here. As usual migration from previous series is fully supported. Some manual operations may be required, see Migration from 5.8 to 6.0. Here is a list of the most noticeable changes: Changes for the User The clients can now display documents inside a form. The supported document formats are dependent on the client. For the web client it is the one supported by the browser (usually images and pdfs). And for the desktop client it is also images and the formats supported by Evince. Attachment with document displayed in web client1918×985 72.3 KB Attachment with document displayed in desktop client×647 33.2 KB Thanks to the document widget, it is possible to display, next to any form, a preview of the attachments. This can be used, for example, when entering a supplier invoice from the attached PDF. Supplier invoice form with attachment preview in web client1918×985 95.9 KB Supplier invoice form with attachment preview in desktop client1436×860 78.1 KB When sending an email from the client, in addition to being able to attach any report, it is now possible to also attach any of the record’s attachments. More The dialog opened under a revision show in their title the revision. When exporting into CSV file a tree, the first column is indented according to its level in the tree. When opening many dialog, the title is now composed of a breadcrumb trail of all the dialog opened before. This avoid to loose the user in his navigation. The name of the tabs opened from the menu is now the name of the menu entry. Web Client The CSV export and import dialog can now be reordered using drag and drop. The web client can now also propose completion for the search input of the xxx2Many and Dict widgets. The email and URL widgets now use the appropriate input type. So that mobile devices can display the best virtual keyboard. More Each selection entry can display its own help text. Desktop Client When printing reports that are single (like the invoice), the server sends a zip file containing one document for each record. The client now recognizes these files and can send each file from the zip to the printer. When running the client on UNIX platforms, it is now possible to use the direct print feature. The client will uses the lp or lpr commands and for OpenDocuments it uses soffice. (It continues to use the print command on Windows). Some reports can take a long time to generate so the client runs them with an asynchronous request. This allows the user to still perform other operations while the report is being generated. An interactive search has been added to the list and tree views. It pops up when you start to type on the list and puts the focus on the first line which matches the results. You can jump to the next matching entry with +↓ and previous with +↑. Desktop client quick searching on sale lines1176×396 39.6 KB Accounting The Income Statement and Balance Sheet can now be printed. Only the records that are open in the client are printed. The general journal is now printed from a list of moves. This adds, as a nice side effect, the ability to print a single move if needed. The General Ledger (accounts and lines) can now be filtered by journal. And from the lines it is also possible to perform a reconciliation. The terms on the Aged Balance can now be expressed in weeks and years in addition to the existing days and months. The Spanish accounting module now provides a report for the VAT book. Companies can not always deduct the full amount of the taxes on supplier invoices. We now allow the accountant to set the deductible rate of each invoice line. You can set a default value for the rate on the product category. Some companies can never deduct taxes, thus they can be configured to always use a 0% deductible rate. It is now possible to make the link between invoice lines and stock moves after they have been posted and done. In these cases the unit price is also updated on the stock move, and if needed the cost price will be recalculated. More Account type from balance statement can be marked as debt. So they can be used directly to book invoices. It is now possible to open directly from a party his general ledger accounts. The balance of the general ledger lines start with the start value of the account. The reconciliation sequence can now
[tryton-announces] Newsletter for April 2021
Newsletter for April 2021 Pink Flowers On Trees1280×853 486 KB A lot of development has finally landed, laying a solid foundation for the upcoming 6.0 release. Changes for the User We’ve improved the default ordering for shipments and production orders. It is now based on either the effective date or the planned date. The shipping labels can now be stored in the filestore. Doing this can help to reduce the size of the database. The price list formula can explicitly use the list price of a product. This is useful for some regulated business where the purchase price is fixed based on the public price. The report that shows the quantities of a product by warehouse can now display it for multiple products. We also added a relate from assigned shipments and productions to show the quantities for all the products included in the document. It is now possible to modify the dimension of packages. By default, they are filled in with the value from the package type. The main use case is for pallets where the height is only known after it is filled in. The import and export CSV dialog for the web client now supports drag and drop on the columns to reorder them. Any stock moves that get cancelled are now automatically removed from the package they were linked to. The income statement and balance sheet can now be printed. When exporting tree structures as CSV data the first column is now indented. The client now allows sending emails with any of the record’s existing attachments. The stock packages now display the tracking URL for each carrier. Changes to the shipment cost on shipments has been simplified. This has been done by adding an edit checkbox which helps avoid unexpected re-calculations of the cost when moves are changed. We replaced the “Print General Journal” with a generic report on accounting moves. This provides more flexibility on what content is printed. It is now possible to configure the party identifiers that are available. We removed the unpractical tree structure from companies. The user’s “Main Company” has been replaced by a flat list. It is now possible to define a supplier invoice line as a price correction to update the cost price of its product. When the carrier cost is not fully covered by the shipment cost paid by the customer, the unsold part is added to the outgoing moves as a shipment cost. The return purchases are now linked to the original purchase. The calculated weight of a shipment parcel now also includes the weight of the package used. The general ledger lines display now the cumulative balance starting at the balance of the account. New Modules The Purchase Price List Module allows price lists to be defined for suppliers. The Stock Shipment Cost Module adds a shipment cost to outgoing moves. This cost is added to the product margin reports. The Stock Quantity Issue Module helps to solve stock quantity issues. The Product Cost Warehouse Module allows the cost price of products to be calculated separately for each warehouse. The Stock Quantity Early Planning Module helps reduce stock levels by proposing earlier use of stock. The Incoterm Module is used to manage Incoterms on sales, purchases and shipments. The Autopilot Module stores all user inputs in a blockchain, automatically analyses and predicts the best next logical step in business (yes, AI with tensor flow) and finally act autonomous, e.g. purchase products and sell them, without human interaction. The Avatar Module adds an avatar to each party. Changes for the System Administrator The groups can have now a parent from which they inherit their access permissions. This is useful, for example, when creating “Administration” groups which normally have all the rights from the standard group along with some additional rights. We added a new command trytond-stat which displays the currently processed requests, tasks and jobs for each of the trytond processes on the host. Changes for the Developer We’ve added a method to post invoices by batch. It delegates the numbering to a deferred task. This can be used to reduce contention on the invoice numbering sequence. We’ve added a generic test in the company module that ensures the company context is set on fields that target a company multivalue model. The MPTT update is now only called for affected fields. A new route decorator has been added to allow null as its origin. This is useful for web-extensions like Chronos as browsers now use this origin instead of the extension ID. Model.__access__ is a new attribute which contains the names of a relation field for which the access rights must also be checked. This simplifies the definition of access rights for documents composed of several models like, for example, the invoice with lines and taxes. The actions can now define whether they run on the selected records (as usual) or the listed records. Also if the action is run on a tree structure then a path for each record is sent to the server. The context fields of parent
[tryton-announces] Foundation Budget for 2021
Foundation Budget for 2021 Jar filled with money labeled money640×560 120 KB The Foundation has decided to publish a budget for 2021. This is an exercise in transparency so everyone can see our plans. Note that the income of the foundation comes only from donations so we cannot guarantee that all the things will get done. We have ordered the points by priority. Each point will be done once we get a total amount of donations. Budget points 1700€: Infrastructure maintenance (rental and services to maintain our servers). 2300€: Create a public overview of how all the current infrastructure is setup. 3100€: Buy a new Mac mini to support Apple Silicon 4300€: Improve the contents of the current website by writing more details about supported features and including more sucess stories. 7300€: Build a new code review system The amounts do not represent the amount needed for each individual point but the total amount of donations we need to be able to work on it. The cost of each point can be calculated by subtracting its amount from the amount of the previous point. If you want to help make these things happen please consider donating to the foundation. Any amount will be appreciated. We would also like to thank everyone who has already donated to the foundation. Last but not least, we would like to receive enough in donations to buy the Mac mini before the next Tryton release, scheduled for 3rd of May, so we can include support for new Apple devices. About maintenance and infrastructure cost If you have been following Tryton for some time you will have noticed that the maintenance budget has increased this year from 500€ to 1700€. The main reason for this is that we have agreed to also include all the services related to maintenance in this cost. Until now B2CK have been providing these services for free, but as it is a time consuming task, and sometimes needs to be done in a hurry when something isn’t working properly, we agreed that it should be paid. During this year, we are also relying on B2CK to provide the maintenance services, but our plan is to allow other companies to also offer these services. This will allow us to choose which one is best. For this reason we added the second point on the budget, which will allow everyone to have an overview of what needs to be maintained. 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/foundation-budget-for-2021/3861
[tryton-announces] Newsletter for March 2021
Newsletter for March 2021 Five Bulb Lights1280×853 97 KB Here’s a sneak peak at the improvements that landed during the last month. Changes for the User We now show the carrier on the shipment list so it’s possible to prioritize shipments based on the carrier. We’ve added a wizard to make it easy to add lots to stock moves. The sequence to use for the lot number can be configured for each product. We ensure the unit prices for stock moves are up to date when their invoices are posted or their moves are done. The account move lines created by a statement now have the statement line as their origin. This makes it simpler to audit the accounts. We now use the menu path from which a window was opened as its name. We now warn the user when they try to post a statement with cancelled or paid invoices and then remove them from the statement. A delivery usage checkbox has been added to contact mechanisms just like for addresses. It can be used, for example, to indicate which email address to send notifications related to deliveries. The clients now display the revision on the dialog. This is useful, for example, when opening the party dialog from the invoice when the history is activated. This way the user can see from which date the information is displayed. It is easy to get lost when quickly opening consecutive dialog fields. To improve the situation, the clients now display breadcrumbs in the title showing the browsing path to the dialog. We’ve added the new identifiers from python-stdnum 1.15. We no longer create accounting moves for stock when the amount involved is 0. There is now a scheduled task that can be configured to fetch currency rates at a specific frequency. By default it gets the rates from the European Central Bank. New Modules Changes for the System Administrator We’ve added device cookie support to the clients. This allows these clients to not be affected by the brute force attack protection. Changes for the Developer It is now possible to send emails with different “FROM” addresses for the envelope and header. All the warnings can be skipped automatically by adding a single key named _skip_warnings to the context. We’ve added the trigonometric functions to the SQLite back-end. Any fields that are loaded eagerly are no longer instantiated automatically but instead the id is just stored in the cache. The instantiation is done only if the field is actually accessed. This improves the performance of some operations by up to 13%, but the actual improvements you can expect will depend a lot on of the number of fields the model has. It is now possible to define help text for each selection value. However, at the moment only the web client can display it. We made the ModelView.parse_view method public. This allows the XML that makes up the view to be modified by code before it is sent to the client. It is now possible to group the report renderings by header. As the OpenDocument format only supports a single header and footer definition, this feature renders a different file for each header and places them in a zip file if needed. This is used when rendering company related reports which display the company information in the header/footer. In order to simplify the dependencies in our web client, we replaced tempusdominus with the browser’s native input methods for types date, datetime-local and time when available. In order to make better use of the browse cache, the getter method of Function fields is called with cache sized groups of records. 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-for-march-2021/3810
[tryton-announces] Security Release for issue10068
Security Release for issue10068 Synopsis A vulnerability in trytond has been found by German Dario Alvarez. With issue10068, the WSGI server does not prevent serving files outside the root directory. This allows an attacker to retrieve the content of files for which the trytond user has read access. Impact CVSS v3.0 Base Score: 7.5 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None Workaround It is possible to setup a reverse-proxy in front of trytond that sanitize the request path. Resolution All affected users should upgrade trytond to the latest version. Affected versions per series: 5.8: <= 5.8.3 5.6: <= 5.6.12 5.0: <=5.0.32 Non affected versions per series: 5.8: >= 5.8.4 5.6: >= 5.6.13 5.0: >=5.0.33 Reference Issue 10068: Directory loader can escape root directory - Tryton issue tracker Concern? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security. 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issue10068/3803
[tryton-announces] Improvements on our infrastructure
Improvements on our infrastructure Previously we worked hard to improve the user interface of our bug tracker. We are happy to announce that last month we added two new features to make it more user friendly: We now show the gravatar profile image for each user. We’ve added the ability to link your bug tracker profile to your discuss one and your translate one. In order to make use of this feature we’d like to encourage everyone to set a gravatar for your email and also set the links to your profiles as shown in the following image: imatge733×106 9.63 KB Please give a like to this post to show that you like these new features. If you think there is something else that could be improved please create a new topic in the organization category. 5 posts - 3 participants Read full topic URL: https://discuss.tryton.org/t/improvements-on-our-infrastructure/3743
[tryton-announces] Newsletter for February 2021
Newsletter for February 2021 Colorful air balloons flying over picturesque rocky terrain1280×960 229 KB Improvements to Tryton continue to be made. Here you can find the latest changes which have been included in the last month. Changes for the User Tryton now displays the reconciliation column on the general ledger line so users can use the field as a search filter. It’s also possible to filter the general ledger by journal to only display the ledger for specific journals. We added a new set of reports which display various margins based on the stock moves. You can browse the margins per product or category. Product variants are now automatically deactivated when their template is deactivated. Also the product supplier and customer can be deactivated and are also automatically deactivated when their template is deactivated. The sale complaint creates an invoice correction when the action is to create a credit note. This is needed so that the quantity invoiced is kept coherent with the stock move quantity and to update the unit price. It is now possible to amend a purchase or sale line that does not have a product. A default lead time can now be set on supplier parties. It is used if the product supplier does not have a lead time or if there is no product supplier. It is now possible to define a default lead time for all salable products. It is used if the product has no lead time defined. The desktop client now displays a waiting watch when generating a long report. It is now possible to define a specific payment term date on the invoice. This is useful when entering a supplier invoice so the exact due date is recorded. It works also for customer invoices. New Modules A new module has landed in Tryton that extends the carrier selection to allow use of a country’s subdivision or a zip code _expression_. Changes for the System Administrator All caches are now cleared automatically when a new module is loaded. This means that on multi-server setups, other instances do not need to be restarted if the list of activated modules changes. The pool of other trytond processes are refreshed automatically when new modules are activated. This avoids the need to manually restart those processes. A new option has been added to trytond-admin that runs a validation on a percentage of the records, or all the records, from the listed models and reports any errors. This can be used to probe the database after a upgrade to ensure that everything is still correct. Changes for the Developer The HTML editor supports now the Genshi element directives. This means that users can now, for example, use it to create email templates with directives like for-loop etc. We have removed the foreign key constraint for the sequence used to number the invoice. We detected that the foreign key was a source of lock contention. We improved the execution time of the sale reports by using a Common Table _expression_ for the currency rate. On large database, the time went down from 2m to 1.5s. 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-for-february-2021/3667
[tryton-announces] Newsletter January 2021
Newsletter January 2021 Person Holding A Happy New Year Text On A Black Board1280×1920 352 KB The Tryton team wishes you a happy new year. Here are the changes that the team has already prepared for the next version. Changes for the User To the marketing email we’ve added the same formatting functions that are available for reports. On the desktop client we added an interactive search on words in all the visible cells. As the move number depends on the journal, we made the journal read-only on the move once it has been numbered. We added options to let you choose the product and the format of the label for the DPD carrier. We now support packages for shipping returns. We allow the shipment cost price to be edited. Sale promotions can be applied on the total amount of the sale. The shipment costs are excluded by default from the total amount of the promotion. We’ve added relates from requests to purchases and vice versa. There is now a configuration to set a default customer payment term. If not configured we now use, by default, the payment term and invoice method of the party’s last purchase. We’ve added a summary of the description from the document lines in the lists. This is useful when the line has no product selected and only the description can distinguish it from other lines. The customers on Braintree and Stripe are now updated when their parameters are modified. The sale complaint displays the amount returned or credited for the complaint. Changes for the Developer We’ve removed the #tryton-commit channel. For alternatives see Remove irc notification on #tryton-commit. When trytond generates a default form view, it now also includes all the available buttons. The Python copy module is now supported when you want to copy model instances. The ModelView.button_change now supports dependencies to other methods (like fields.depends). For performance we now eagerly load all the Function fields with the same multiple getter. We’ve added an automated test to check the validity of the long_description of the package. For that we use the twine check command. We’ve removed the check for access right on instances. The clients now support empty values for time-delta converters. These empty converters are ignored when formatting the value. We’ve activated support for Python 3.9. The TaxableMixin has been added to the sale line so amounts with tax included can be calculated. We’ve added a new tool firstline which returns the first non-empty line of some text. We create a cache for the model names. It is used to speed things up when filling in the Reference fields selection. 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-january-2021/3544
[tryton-announces] Newsletter December 2020
Newsletter December 2020 Brown Wooden Arrow Signed1280×1109 310 KB Development restarted straight after release 5.8, as you can see with these changes. Changes for the User You can now deactivate complaint types. This is useful when the company has stopped using certain complaint types. The aged balance report now supports more units of time (“week” and “year”) for the terms. Also the terms are updated to sensible standard values when the unit is changed. The commission date is now based on the invoice date or the payment date. We have unified the PYSON format in all the clients. They do not necessarily generate exactly the same strings but they can be copied between clients. On small screens the tabs on the list view could take too much space on the screen. Now they are forced into a single line with a scrollbar. Also on small screens we no longer display the next/previous buttons so there is now more space available for useful information. We added a relate from parties to their drop shipments like we have for other shipments. The effective date of the drop shipment can now be set manually. This is useful if adding them afterwards. We added a button on the product category that lets you add/remove lots of products from it easily. This is useful when a new category is created and you already have lots of products in the system. Using this you no longer need to edit each product in turn, but can instead add all the selected products in one go. When invoicing projects based on a time-sheet, it is common that you only want to invoice up to a particular date (for example the end of the month). We’ve added to these projects a date field that limits which time-sheet lines get selected when creating the invoice. Changes for the Developer Tryton now makes sure that char fields do not contain white spaces characters, except for normal spaces. It can be confusing for users when they are searching, as the other white spaces characters are not distinct and web browsers replace those white spaces by normal spaces. The caches for customer payment methods (Stripe and Braintree) no longer depend on the context. This increases the cache hit ratio for these values and so avoids unnecessary network requests for those services. The server no longer sets the extra_files attribute for the werkzeug server if it is not running in developer mode. This reduces the startup time by a small amount. 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-december-2020/3454
[tryton-announces] Tryton Release 5.8
Tryton Release 5.8 Person drawing a ghost1280×853 169 KB We are proud to announce the 5.8 release of Tryton. This release provides many bug fixes and some significant improvements. Among other changes you will find big general performance improvements, a new theme for the web client and support for web shops. You can give it a try on the demo server, use the docker image or download it here . As usual the migration from previous series is fully supported. Some manual operation may be required, see Migration from 5.6 to 5.8. Here is a list of the most noticeable changes: Changes for the User Sending a report by email from the client has been completely reworked. We no longer rely on the local email client but now the emails are sent by the server on behalf of the user. It is also possible to setup predefined templates including: the subject, the body, the recipients and the attached reports. Sending sale quotation by email1918×985 75.7 KB The clients can now display, next to a value, the symbol from its unit of measure or its currency. This helps lighten the user interface and avoid confusion. All of Tryton’s forms and lists have been update to use this new feature in the appropriate places. When using a list view that uses this feature you can still search for a particular unit or currency. The administrator can share a user’s existing search bookmark with all the users. In this case the shared bookmarks will only be editable by the administrators. This is useful if you want to setup a common search query that is often performed by many users. The clients update the state of the delete button, and whether records can be edited, based on the dynamic access rules defined in the record rules. This of course compliments the existing rules based on access groups. The clients place copied records at the same position as newly created records. This means that the clients inspect the order applied to the list and deduce the correct place for the new record. More The check boxes on editable list views can’t be checked/unchecked without first selecting the row. The report name, proposed by the client when they are saved, now contains the name of the records on which it was based. The CSV export now formats the duration values. It uses the same locale format as the client, or when the locale option is not activated, it uses the total number of seconds. It is now possible to import a duration value from a CSV file. When a view for a model is opened without a name (e.g. using an URL), the client will use the default model name as its title (instead of nothing). The default colors for graphs and calendars can be configured on the client side. The URL, provided on the export CSV dialog, now includes the current context. Web Client The web client now comes with a default Tryton theme (instead of the default Bootstrap theme) based on Bootswatch Paper. The theme can be deactivated or replaced on installation. Party list on web client1918×985 117 KB Party form on web client1918×985 113 KB Party list on web client with small screen375×812 23.2 KB Party form on web client with small screen375×812 23.2 KB If a user opens multiple browser tabs, all connected to the same server, any changes to the preferences are kept per tab and survive a page reload. This allows the user to change companies on one tab, and if they reload the other tab it will stay linked to the original company. The totals shown at the bottom of a list are now always visible even if the list is longer than the screen. List of time-sheet lines with sum stick to the bottom1393×910 145 KB More Tryton now puts the field name in the input name attribute. This helps the browser suggest smarter auto-completion. CSV exports are now always encoded in UTF-8. This is because browsers do not provide a standard way to use a different encoding format. PYSON expressions can now be written using the .get, .in_ and .contains methods as in the desktop client. Tryton now uses a new library for the date time picker which improves where the popup gets positioned. Accounting It is now possible to open any general ledger accounts that require a party. This shows a breakdown of the balances of the account per party. The tax rule lines now have a start and end date which are used as criteria to determine when they are applied. This is useful, for example, for companies that need to start applying VAT for other European countries (because their turnover has reached the appropriate threshold). Each invoice line can now define a specific tax date. This can be used when a credit note is posted that applies to a previous period during which, for example, the tax rate was different. Now the credit note will have the same tax calculation without the need to change the accounting date of the invoice. The reconciliation wizard now keeps you on the same account/party after each reconciliation if there are still more lines to reconcile. We’ve added some fields on payment
[tryton-announces] Release 1.2.0 of python-sql
Release 1.2.0 of python-sql We are proud to announce the release of the version 1.2.0 of python-sql. python-sql is a library to write SQL queries in a pythonic way. It is mainly developed for Tryton but it has no external dependencies and is agnostic to any framework or SQL database. In addition to bug-fixes, this release contains the following improvements: Add explicit Windows to Select Fix missing Windows definitions in nested expressions python-sql is available on PyPI: https://pypi.org/project/python-sql/1.2.0/ 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/release-1-2-0-of-python-sql/3324
[tryton-announces] Newsletter October 2020
Newsletter October 2020 Yellow Arrow Led Signage1280×719 121 KB We are now on the home straight leading up to the 5.8 release. However, there will be some more changes over the next few weeks. You can already contribute to this new release by helping to translate or testing and reporting issues. Changes for the User The tax rule lines now have a start and end date which are used as criteria to determine when they are applied. This is useful, for example, for companies that need to start applying VAT for other European countries (because their turnover has reached the appropriate threshold). It is now possible to open the general ledger accounts that require a party. This displays the balances of the account per party. Each invoice line can now define a specific tax date. This can be used when a credit note is posted that applies to a previous period during which, for example, the tax rate was different. Now the credit note will have the same tax calculation without the need to change the accounting date of the invoice. We added some French taxes that were missing: Taxes for services purchase outside Europe Base for service sales inside Europe to code 0206 Service sales outside Europe to code 0033 Sometimes you may want to stop using a specific payment journal (e.g. when changing payment provider). So we now allow payment journals to be deactivated. Sending a report by email from the client has been completely reworked. We no longer rely on the local email client but now the emails are sent by the server on behalf of the user. It is also possible to setup predefined templates including: the subject, the body, the recipients and the attached reports. The record names used to generate a report are now added to the report’s file name. The administrators can now share some bookmarks with all the users. New Modules The marketing_email module manages mailing lists. It allows email addresses to be subscribed and unsubscribed from a list. And can be used to send emails to all the subscribed email addresses (with an unsubscribe link included in the email). The stock_assign_manual module adds a wizard to shipments and productions that allows you to decide from precisely which locations you want to pick products. Changes for the Developer You can now compare date and datetime values in PYSON statements. We started to use tempusdominus and Popper.js for the date picker on the web client. This fixes some display issues we’d noticed with the popup. The report engine now supports Genshi’s MsgDirective. This is very useful when using HTML templates because it allows you to include the formatting tags in the translation. The report engine no longer uses the relatorio template loader. Instead we keep the parsed report in memory for faster access (and to avoid writing it to a temporary directory). The default report classes, created on the fly, can now also be extended using registered mixins. The web client always exports the CSV file in UTF-8 (because browser does not support any other encoding). But we’ve added the UTF-8 BOM on Windows to ensure that programs like Excel open them correctly. We added a language attribute to the XML tag. This allows its contents to be skipped if the language is not translatable. Initially this has been used to only load the appropriate minimal charts of accounts. The read API has been extended to include the boolean properties _write and _delete that define whether the record can be modified or deleted by the user based on the access rules. This allows the clients to preventatively deactivate the corresponding actions in the user interface. It is now possible to format currency values with a different number of digits than the currency. This is useful, for example, to show unit prices to 4 decimal places. 3 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-october-2020/3192
[tryton-announces] Newsletter September 2020
Newsletter September 2020 Colorful pattern1280×853 113 KB This month we got a major improvement with a new theme for the web client. Contents: Changes for the user Changes for the developer Changes for the User We now set the name attribute of the elements generated by the web client. This allows the browser to provide better auto-suggestions to the user. We now use the original cost price of a product to update the FIFO cost price when it is returned. This gives a more accurate and logical value, especially when there is no stock of the product left. It is now possible to delete or detach a source from a Stripe customer. This is useful if you know that a specific source can no longer be trusted. We added a relate action to the email notifications from any record. So users can easily access, for example, all the notification emails sent for a specific sales order. We added a relate action to the stock moves from a product or variant. This is useful if you want to find the last moves that happened to a product. A dedicated view is now used to show shipment moves. This lets the user focus on the important information only. It is already possible to define a sequence to generate the product variant code. Now we also have a sequence for the product template code. The web client has got a new default theme based on the bootswatch Paper theme. But it is still easy to deactivate it and use your own theme. List of sales on web client1918×985 174 KB Sale form on web client1918×985 133 KB We now automatically fill in the default accounts (like receivable and payable) when creating or updating a chart of accounts if the template only has a single option available. Changes for the Developer We now use the fields.depends to get the carrier context when computing the carrier cost. This makes it simpler to extend this with third-party modules. We fixed a cache ordering issue in ModelStorage which made browsing a large number of records in depth (more than 2k by default) randomly slower than expected. Now the time is roughly constant. The stock assignation method now automatically fills in the grouping value on the assigned move that’s used to compute the quantities. This allows you to easily write modules that set the lot on assignation for example. On busy systems, the queue table can grow quickly. So we’ve added a scheduled task that runs each day which removes completed tasks that are over 1 month old. We now allow a successful or failed payment to be put back to a processing state. This is because, in some cases (like with Stripe payments), you may need to update a payment that has already been successful (e.g. in the case of a refund). The new transition allows you to avoid using the failed state just for the purpose of performing this change. 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-september-2020/3132
[tryton-announces] Newsletter August 2020
Newsletter August 2020 Pile of White and Black Boxes1280×853 78.3 KB This month we kept refining existing features to improve the user experience, smooth workflows and empower users. Contents: Changes for the user Changes for the developer Changes for the User The subject of the marketing automation and notification emails can now be rendered using the value of the record. This way the subject can be more specific which increases the chances of it being opened. We added a view that can be opened from the product that shows the incoming and outgoing stock moves by warehouse. Each move has cumulative quantity fields which help the user adjust their plans in order to avoid shortages. The German federal ministry of finance announced on June 30 a cut in value-added-tax rates from 19% to 16% for the standard rate and from 7% to 5% for the reduced rate. As the tax cut is temporary, lasting from July 1 until December 31, we introduced new tax definitions into the account_de_skr03 module for the periods before, during and after the cut. All the wizard messages have been reviewed and normalized. Now they use proper icons and all the unnecessary exclamation marks have been removed. The default color for the graphs is now managed by the client instead of the server. So the client can be customized to use a color which fits nicely with the theme. The party module has been updated to use the latest version of python-stdnum and so includes more tax identifiers for countries like Andorra, Guatemala, Japan, Moldova, New Zealand, Peru, Paraguay, Uruguay, Venezuela and South Africa. If you are missing a standard identifier, we’d like to remind you that the best way to get it in Tryton, it is to contribute it to python-stdnum. We keep the last average cost price for FIFO products when the quantity in stock is below zero. We automatically remove any carriage returns from the fields in the FEC export as they are not allowed. Any closed accounts are no longer shown when opening the details of the balance sheet. The clients place copied records at the same position as newly created records. This means that the clients inspect the order applied to the list and deduce the correct place for the new record. The stock move assignation wizards have been reworked and merged into a single wizard. This now provides four options if all the moves cannot be assigned: “Cancel” to restore the the moves to their initial state, “Wait” to leave the moves partially assigned, “Ignore” to set the quantity to 0 for non assigned moves and “Force” to force the assignation of all moves. You no longer need to set analytic accounts on the move that balances the non-deferral account when closing the fiscal year. The reconciliation wizard now keeps you on the same account/party after each reconciliation if there are still more lines to reconcile. Changes for the Developer We require the cost price to be filled in for all outgoing and incoming moves now. It was already filled in automatically by the code but this is now enforced to ensure the developer doesn’t forget it. We also require a unit price for drop shipment and customer return moves. We’ve added model, record and records attributes to the wizards these are filled in using values from the active context. This simplifies and normalizes writing wizards. Tryton also checks that the user has read access to the records before executing the wizard. We have added a test to ensure it is possible to try and assign a move with unsaved values. This behavior is interesting because it allows you to set the value on the move as an assignation parameter while keeping the original values unchanged for the remaining quantities. In order to minimize the data sent to the client, we now send only explicitly declared fields from actions instead of just excluding some. This is because we have found, over time, when a new field is added to the actions, we often forget to exclude it if it is not needed by the clients. A common pattern used in Tryton to create grouped records is to use a list of tuples composed of key-value pairs. In order to use the itertools.groupby we need to sort the list. But sometimes it includes None values and in Python 3 it is not possible to order lists containing None. So we’ve added a tool sortable_values which takes care of this by providing a key function which can be used to order the list of values that may contain None. It is now possible to define a keyword action that applies to any model. This is useful when creating a generic action which uses the active_model value. We added an option to sendmail to raise an exception if it fails. With this it is possible to tie a transaction’s success to the sending of an email. To the tools we’ve added a function to escape wildcards from strings. It is now possible to define default values on routes. This can be used, for example, to set a default database on a simple route. The session reset now uses an autocommit transaction which avoids
[tryton-announces] Security Release for issue9453
Security Release for issue9453 Synopsis A vulnerability in sao has been found by Cédric Krier. With issue 9453, the web client does not escape the HTML tags from user data in translated richtext widgets. This allows cross-site scripting attacks which can result in session hijacking, persistent phishing attacks, and persistent external redirects to a malicious source. Impact CVSS v3.0 Base Score: 4.6 Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None Workaround There is no existing workaround. Resolution All affected users should upgrade sao to the latest version. Affected versions per series: 5.6: <= 5.6.4 5.4: <= 5.4.10 5.2: <= 5.2.18 5.0: <=5.0.26 Non affected versions per series: 5.6: >= 5.6.5 5.4: >= 5.4.11 5.2: >= 5.2.19 5.0: >= 5.0.27 Reference issue9453 Concern? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security . 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issue9453/3005
[tryton-announces] Newsletter July 2020
Newsletter July 2020 Sea Waves Splashing1280×1599 251 KB Development has reached cruising speed. A major improvement has landed which reduces memory usage on the server by between 30% and 40% and increases its speed by around 15%. Contents: Changes for the user Changes for the system administrator Changes for the developer Changes for the User The web client keeps the context on reloads even if the user preferences were changed in another tab. So this means that you can open one tab for each company and if you reload one of them by mistake, it stays logged in to the same company. We have a rule engine that automatically fills in the analytic accounts on accounting move lines. But sometimes the rule engine is not properly configured or new cases get added. So, we’ve added a button on the lines with missing analytic accounts to reapply the rules after they have been fixed. An optional shipping date has been added to the sale order. It allows the shipment to be postponed to on or after this date. An employee criteria has been added to the selection of the commission agent. The employee used is the one who does the quotation for the sale. This, for example, allows rules to be created that provide commission to the employees that generate the sales. The products and variants are now ordered using code and name by default. We’ve added some fields on payment group to show aggregate information like the amount and the amount succeeded etc. Until now a promotion was only applied if the price of all of the lines was reduced. But now it is always applied on every line for which the price is reduced. It is now possible to credit an invoice without keeping the agent. Companies may not want to request reimbursement of commission that has already been given. The stock moves unit price is now automatically updated based on the posted invoices when it is done. This helps keep a more accurate cost price calculation and ensures better reporting. The taxes of the German chart of account have been updated to follow the new rates between the 1st July 2020 and the 31st December 2020. The patch should be applicable on previous series if you need it. Changes for the System Administrator We added the inherited name or type to the view record name. This makes it easier to select the correct view when creating an extension from the administration interface. Changes for the Developer The name of “cancelled” state has been unified across the whole application. The scripts written using Proteus now also support the TRYTOND_DATABASE_URI environment variable the same way as the trytond commands. Records are now stored internally using a custom class instead of a generic dictionary. This has reduced memory usage for records by between 30% and 40%. We have also improved the average access time for field values by around 15% by using a shorter execution path. The hash method used with records has been improved to reduce collisions between unsaved records. This speeds up the calls to ModelStorage.save when used with new records. We now provide a cached_property decorator in the tools. By default it is the new decorator from the Python stdlib with a fallback to the Werkzeug version. Tryton will not write to existing targets when re-adding them on xxx2Many fields. This is an operation that the clients always sent when the field was modified because they didn’t know if the records were existing targets. This change prevents access errors from being raised when the operation is not allowed. The Python evaluation of domain with a None value now always returns None. This implements the same behavior as the SQL evaluation. We’ve added a parameter to the Stripe payment so they can be charged on-session. This is useful when implementing a checkout form using the sale payments. We now support the webhook payment_intent.cancel event. This is useful if you give your customers the option to cancel their payment intents. 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/newsletter-july-2020/2837
[tryton-announces] Security Release for issue9394
Security Release for issue9394 Synopsis A vulnerability in sao has been found by Cédric Krier. With issue9394, the web client does not escape the HTML tags from user data. This allows cross-site scripting attacks which can result in session hijacking, persistent phishing attacks, and persistent external redirects to a malicious source. Impact CVSS v3.0 Base Score: 3.5 Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None Workaround There is no existing workaround. Resolution All affected users should upgrade sao to the latest version. Affected versions per series: 5.6: <= 5.6.3 5.4: <= 5.4.9 5.2: <= 5.2.17 5.0: <=5.0.25 Non affected versions per series: 5.6: >= 5.6.4 5.4: >= 5.4.10 5.2: >= 5.2.18 5.0: >= 5.0.26 Reference issue9394 Concern? Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security . 2 posts - 1 participant Read full topic URL: https://discuss.tryton.org/t/security-release-for-issue9394/2947
