v2.31 "Harmajankatu"

Changes

• The location of the success message of a submit has been changed from the top of the page to the Actions block. (#2836)
  This is more consistent with the other actions that provide feedback in the same location. (#2836)
• The application Applicants block has a simple version for the case of a single applicant. (#2836)
• The Decide action button has been changed to primary action, as it usually is for a person in the :decider role. (#2836)

Additions

• Visibility of the PDF and ZIP download actions can now be configured with :show-pdf-action and :show-attachment-zip-action (#3001)
• The Resources block can be hidden from the application view with :show-resources-section. This can be useful if there are few catalogue items. (#3000)
• The application title field, in the application state block is now shown only if the application description is not blank. (#2836)
• Orphan attachments could sometimes be saved, though not in use. They are now removed when an application is submitted. (#3041)
• Extra pages have been enhanced: (#2983, #2589, #3069)
  • They can be shown in top menu, footer, both or not at all with :show-menu and :show-footer
  • You can decide if you want the standard heading or not with :heading.
  • If localization of the file or link is not required, you can define the attributes at top level.
  • Who can see which extras can be tuned with :roles such as :logged-in, :applicant or :handler.
  • See config-defaults.edn for more details.

Fixes

• The previous applications block is now shown only if there are some. (#2836)
• The application Actions block is now successfully hidden, if there are no actions available (#2836)
• The component guide page had accumulated some small errors that are now fixed. (#2836)
• The component guide links to component source code works again. (#3080)
• Saving application no longer crashes when a resource requires DUO:0000024 (MOR) code. This could occur when applicant had not entered a value for the date restriction field. (#3086)

v2.30 "Kellosaarenranta"

Changes

• Some API methods have been unified with the rest by using the command pattern: (#3036)
  • Categories have a new POST /create and a PUT /edit endpoint like the others.
  • User settings have a new PUT /edit endpoint.
  • User has a PUT /edit endpoint, /create remains "create or update".
  • The changes should be backwards-compatible as the old endpoints remain.
  • The non-standard endpoints have been been deprecated and will be removed later.
• The text for saving has been changed "Alice saved a draft." -> "Alice updated the application.". This will be clearer in the future when autosave is enabled (#3045)
• When continuing an old application, the applicant will be shown a warning about problematic fields. (#3045)
• Data Use Ontology (DUO) is no longer shown in application UI if none of the resources contain DUO codes. (#3048)
• Mondo codes have been updated to version v2022-09-06. (#3031)

Additions

• There is an experimental autosave mode that can be enabled. The application is automatically saved soon after the applicant makes a change.
  • Enable it with :enable-autosave true.
  • You may also want to turn on save compaction at the same time with :enable-save-compaction true to show less save events in the event history.
  • In the future, autosave may become the default mode. (#2767)
  • Applications don't yet automatically get reloaded, should another person be viewing the same application.
    This is a potential future feature. (see #2622, #2244)
• Data Use Ontology (DUO) codes are now rendered in application pdf. Rendered pdf styles have also been tuned for more consistent look. (#2857)
• Organization owners are now allowed to edit their own organizations owners. (#2828)

Fixes

• License, create/edit license and create/edit catalogue item administrator views have been updated to display localized fields the same way other administrator views do. (#1334)
• Don't needlessly complain about the config keys that are passed automatically from system properties and the environment. (#2935)
• Application warning and error links were not functioning correctly for attachment fields. This is now fixed. (#2955)
• DUO fields are no longer editable in the UI when application is not in editable state. (#2997)
• Organization edit now requires user to be either owner or organization owner of the organization. (#2828)
• Organization owner is no longer allowed to toggle enable/disable and archive organization actions. These are available only to owner user. (#2828)
• Test/demo data creation now uses configured languages. Mismatch between configured languages and data localizations may cause issues in certain UI components. (#2334)
• Multiselect field is now correctly rendered in application pdf again. More than one selected value resulted in empty field value. (#3059)

v2.29 "Länsisatamankatu"

NB: This release contains migrations!
NB: workflow_licenses table has been removed and the data is migrated to workflow table.

Additions

• Application list in UI can now be configured to hide certain columns using config option :application-list-hidden-columns. (#2861)
• Mondo codes have been updated to version v2022-08-01. (#3031)
• Licenses can now be added to workflows through user interface and API. Workflow licenses are included in applications, similar to resource licenses. (#2158)

Fixes

• License, create/edit license and create/edit catalogue item administrator views have been updated to display localized fields the same way other administrator views do. (#1334)
• Don't needlessly complain about the config keys that are passed automatically from system properties and the environment. (#2935)

v.2.28 "Porkkalankatu"

NB: This release contains migrations!
NB: One of the migrations fixes organizations, that could be broken by previous features.

Additions

• Application UI view is now visually more compact for non-handler users. State and members blocks are collapsed initially, and can be expanded to show more details. (#2871)
• The packaged fonts are now only in WOFF and WOFF2 formats, as is required for extensive support these days. (#2592)
• Various improvements should improve performance:
  • Gzip compression has been enabled for the server, so it is more feasible to use REMS as a standalone server without a reverse-proxy / load-balancer.
  • Logo images are preloaded automatically as they are almost always required.
  • Initial data is injected to the initial HTML instead of separate requests afterwards. (#2958)
  • Some dependencies have been dropped resulting in a smaller bundle.
• Default metadata for the HTML index has been added under description and keywords tags. These can be overridden using extra translations (:t.meta/description, :t.meta/keywords) (#2679)
• Default robots.txt has been included that indexes everything but the /api. NB: the bots are not able to index most pages as they are behind the login. (#2680)
• HTTP/2 (and others) can be configured, see :jetty-extra-params in config-defaults.edn.
• Validate organization when adding or editing it. (#2964)
• Consecutive save events are compacted into one. This does not affect old save events. This is turned off by default, until the whole autosave feature is finished. (#2767)
• Application licenses are now rendered alphabetically in UI and PDF render. (#2979)
• Custom stylesheets can now be added using :extra-stylesheets configuration option. This can be used to include custom fonts, for example. Example stylesheet is included in config-defaults.edn and is located in example-theme/extra-styles.css. (#2869)
• Example custom stylesheet example-theme/extra-styles.css is included in Docker images built using Dockerfile and docker-compose-config.yml, so that default REMS fonts are automatically included when running REMS for the first time, for example. (#2869)

Fixes

• Add missing migration to remove organization modifier and last modified from the data. (#2964)
• Read-only checkbox should look different from editable checkbox yet again. (#2974)
• Applicant member details now always have border in application user interface, even when there are no other members. (#2975)
• Version number is shown again in browser console instead of message "Version information not available". This was due to change in build logic introduced by Shadow-CLJS. (#2984)

v2.27 "Lauttasaaren silta"

NB: This is the first release with a new build tool – Shadow-CLJS.

Additions

• Shopping cart can now be enabled or disabled in user interface with configuration option :enable-cart, which defaults to true. (#2720)

v2.26 "Lauttasaarentie"

NB: This release contains migrations!

NB: The login has changed to allow more configurable user identity and other attributes. Consider this a big change worth some manual testing to see that everything works.

NB: New feature, reminder email for application expiration uses new email template. If you enable the feature and you use customized email templates, please check :t.email.application-expiration-notification/subject-to-member and :t.email.application-expiration-notification/message-to-member.

Breaking changes

• The actor of the command API (for applications) is now always validated. Previously, there was a chance that a non-existent user could be sent (used mostly by our internal tests). (#2771, #2824, #2772, #2821)
• User attributes are not saved on every request, only when logging in. (#2829)
• The :oidc-userid-attribute config has been renamed to :oidc-userid-attributes and has new options to allow internally renaming an attribute from IdP to REMS db. (#2771, #2821)
• Users are required a name, and optionally an email from the IdP to be allowed in. These can be configured, see docs/configuration.md. (#2889, #2929)
• User attributes have been renamed internally. If you directly accessed the database, please note that eppn -> userid, commonName -> name and mail -> email. (#2377)
• Application expiration notification can now be configured to send reminder email to applicant and members before expiration. This requires a change to the configuration option :application-expiration. Please read docs/bots.md section on Expirer bot. (#2906)

Additions

• You can configure the OIDC attributes for name and email (see configuration.md)
• User in the API can be an internal REMS id or any of the :oidc-userid-attributes (provided that the user has logged in once and we have stored the identity. (#2821 #2772)
• Fake login page has been improved to include descriptions of the different users. (#2896)
• Errors are now handled in oidc-callback by redirecting to an error page. (#2856)
• Mail settings can be configured with the :smtp config including authentication. (#2895)
• More configurable logout. You can now override the redirect with :oidc-logout-redirect-url, as well as unset :oidc-perform-revoke-on-logout. See configuration.md. (#2916)

Fixes

• API-key validity is not checked unless it is actually sent. (#2785)
• API-Keys are cached for a minute for a slight performance improvement. (#2785)
• Resources can be filtered in the API by resid (#2852)
• Hide applicant column and reduce font size to avoid previous applications to become too wide (#2855)
• Duplicated forms have been removed. Previously, if a workflow form was the same as a catalogue item form, that form would be duplicated. (#2853)
• An owner that is also an organization owner can now properly edit organization ownerships. (#2850)
• An owner could sometimes see a disabled catalogue item in the catalogue tree. (#2800)
• The column names in the tables and the field names in create/edit pages of the administration now match.
• Improve the accessibility of the small navbar. (#2907)
• Load config overrides from system properties and env (#2917)
• Application draft can now be saved even if there are validation warnings. (#2766)
• New application page no longer displays "Application: Success" message. (#2838)
• Blacklist API now returns HTTP 422 status if user or resource does not exist when adding or removing blacklist entry. (#2835)
• Add missing migration that slims down organization owners in the DB to just the id. (#2939)
• Only fetch the catalogue tree (or table) if it is shown (or otherwise needed). (#2930)
• Fix the catalogue tree nodes sometimes being empty when fetching it from the API (#2931)

v2.25 "Meripuistotie"

NB: This release contains migrations!
NB: Trying to roll back by migrating down will likely not work as dropped column data can't be restored.

Breaking changes

• The columns owneruserid and modifieruserid have been removed as the audit_log effectively serves the same purpose. They were not consistently used. For the attachments the column has been renamed to userid. This is a breaking change for the API as some of these were exposed, but likely not used or useful. (#2823)

Additions

• Bona fide pusher script for pushing bona fide status to Elixir. (#2513)
• Validate GA4GH claims by the public key from trusted issuer jku (instead of OIDC configuration). Configure :ga4gh-visa-trusted-issuers if needed. (#2798)
• Pollers have been made more robust, including timeouts for email sending (#2841)
• SSL certificate can now be configured and SSL enabled. HTTP port can be disabled. (#2844)
• rename-user will not bother reloading the application cache anymore (since it is usually run in a separate process from the server).

v2.24 "Heikkiläntie"

Fixes

• Workflow forms persist even if changing resources.

Melkonkatu

Additions

• The change applicant command is now possible for the handler even for returned applications.
• There is a new experimental CLI command rename-user to handle the case where a single user's identity has changed. After running this command, one should also refresh the caches of the application server by restart.

Vattuniemenkuja

Additions

• (Experimental) Catalogue items can be assigned one or more categories and the catalogue shown as a tree grouped by category. There is an admin UI where categories can be created. See (#2768, #2764, #2770, #2769)

Breaking changes

• The API used to return disabled items for all users, but in the future only for administrative users. The disabled items were never visible to normal users in our UI. This may technically break the usage of the catalogue API if a regular user or public catalogue is used.