A lot of new features land this month along with a few important speed optimizations and a bunch of bug fixes too!! Our journey continues.

Database internals

A big effort optimizing database access that we discussed a few days ago.

Home Page Dashboard

The Home Page Dashboard gets some attention this month. As a consequence of the database internals project, we touched the home page code where we found some errors and added some functionality.

  • fix filter sorting based on the new filter sorting fields we have now
  • redesign the Aggregate Widget because the way it was saving information internally was incorrect. we add support for editing and apply LDS styling
  • add a global variable to block editing. See HomePage_BlockChanges below
  • add a copy Home Page To User functionality for administration users

Copy Dashboard to another user

User Traceability

This month we received a very interesting question from one of our users. They were tracing a change that happened on a record. The audit and tracker logs showed that the change had been made by the admin user but there was no login for that user at that time in the login history. Following the trace and steps in the change, we found that it was a workflow impersonating the admin user as a result of another user action which was identified in the logs.

So, their question was: Since the audit review is not "real" to us because we have not really done anything with the administrator user... Could those automated actions be registered as some "system" or "automatic" user? So we can distinguish what is done with a "human" user versus a system process.

The problem here is that we force administration privileges to avoid restrictions that may apply to the current logged in user. For example, a system implementor may create a workflow to set a value in a field that the current user may not have any access to. That assignment must work despite the user triggering the workflow. So I came up with the idea of creating new users with administration rights and launching each task with a specific user.

First I had to make a change to permit getting a specific user with administration rights by name when calling getActiveAdminUser and getActiveAdminId. Then I modified the code where we search for an administration user to use a specific user in each case. These are the users and their sections:

  • updater: all tasks executed by the application updater
  • scheduler: all tasks executed by the scheduler
  • webservice: all tasks executed by web service operations
  • workflow: all tasks executed by the workflow system
  • external: all tasks triggered from external processes (sendgrid, for example)
  • gendoc: documentation generation operations

So, now, if you create an admin user with any of those names, the tasks for that section will be executed with that user. In other words, if you need to trace the operations of the workflow system you can create a user named workflow with administration privileges and that will be the user that will appear in the logs.

Note that for security and traceability consistency none of these users are permitted to log in to the application. We did that to be sure that if they appear in the logs it is because it was an internal call.

getValue and getSearchListViewEntries refactor

When we started this adventure things were very different. We lived in a world with mixed character sets so we had to do a lot of juggling to save and show information correctly. This caused a lot of extra (and insecure) code and data manipulation. We now have not only a set of defined ways to manipulate the data for it to be shown correctly but also a standard character set (UTF-8) with which we can ensure the correct display of our information. So we have started to eliminate all the old code in favor of a faster and more secure presentation. This past month we migrated the functionality in the popup lists because we were getting a recurrent error in the parsing of the javascript code when selecting some entries. Hopefully, we have fixed this forever now!


GenDoc is constantly getting enhancements as we finally migrate PDFMaker templates due to PHP 8 restrictions in the extension.

  • fix foreach conditions regex which was incorrect and better detection of module
  • fix foreach condition with special characters in the condition comparison string
  • get User information in the correct context of foreach iteration
  • evaluate expressions in the correct context of foreach iteration
  • Generate Document workflow task gets documentation and a folder selection field
    • we introduce a breaking change: now we return IDs of Generate Documents in an array because there are many, not just one
  • You can now export the set of Merge Labels
  • various minor optimizations

Features and Implementor/Developer enhancements

  • support announcement per view type and defining CSS using the Application_Announcement_CSS global variable (see below)
  • Photo2Doc widget gets a new button to switch camera mode from front to back
  • Calendar enhancements:
    • Calendar_Show_UserColor global variable (see below)
    • two-week view
    • color per status

Calendar enhancements

  • support the Export_RelatedField_NameForSearch and fill correct value format for relation (uitype 10) fields in the new export system
  • support for importing read-only fields setting the Import_UseReadOnly_Fields global variable (see below). This can be considered an override of the permission system because any user can effectively write in a read-only field using the import.
  • add an option to define how to update empty columns when importing

Update empty columns import

  • a new event for tax calculations: corebos.filter.TaxCalculation.getInventoryDetailsSQL We detected an error in the tax management modules for calculations done in individual grouping mode that we fixed with this new event. Anyone using these modules should update both the application and the modules.
  • return tax default status
  • add real module name on hover in Module Manager list to help detect incorrect translations

Module name on hover

  • add filter-based question type which permits us to generate a business question from a filter (!)
  • add getFielLabelByFieldName function
  • Update logo to evolutivo

EvolutivoFW Standard Code Formatting, Security, Optimizations, and Tests

  • EvolutivoFW Standard Formatting
  • Documentation: code and wiki.
    • function headers and help messages
    • wiki documentation keeps going
    • SearchUtils: add a comment about the empty group condition
    • Workflow: add inline help for GenDoc task
  • Refactor and Optimize code
    • sonarqube recommendations
    • substitute variables for their value, reduce SQL columns, simplify debug message
    • eliminate useless code and move return value for entries in AuditTrail
    • move the download error function to utils so it can be used anywhere
    • eliminate negative and nested conditional in getTranslatedString
    • simplify Product and Service EditView code and align both files
    • eliminate nested ternary operations
    • use vtws_getEntityName instead of repeating code
    • use the function to get CRMID instead of hardcoded logic
    • apply mandatory changesets optimization: restructure to code to make it easier to add new changesets and optimize the code
  • Security fixes and updates
    • update DOMPurify to 3.1.2
    • eliminate the obsolete/unused Console project: we can do most of it inside the application and the rest we do not use
  • PHP constant updates
  • Unit Tests: keeps getting more and more assertions.

Global Variables

  • Calendar_Show_UserColor: In the calendar, by default, when multiple users are selected, the colors for the events are taken from the user colors, not the event colors. This helps distinguish events from different users. If you prefer to keep the colors of the events you can set this variable to false.
  • Import_UseReadOnly_Fields: Use read-only fields in the import process. Normally read-only fields are not supported in the import because they are read-only. The variable will permit importing the initial values of this type of field.
  • HomePage_BlockChanges: If set to the string "true", it will block all edit and create actions on the home page. By default, they can edit/create.
  • CobroPago_PermitEdit_OnPaid: Set to 1 to permit users to edit blocked payment records.
  • Application_Announcement_CSS: CSS to apply to the marquee HTML element. Try the next CSS to get a fixed red message.
#marquee {
 margin-left: 100px;

announcement CSS


  • set HTML label for and change obsolete HTML font
  • Calendar:
    • skip module events when current user cannot access assigned user field because we cannot be sure if he has access to the event or not
    • use cbCalendar permissions to edit events in the graphical Calendar
  • Colorizer:
    • check if function startColorizer exists in tuigrid mode
    • prevent reload of listview if the user presses enter when searching
  • always return order_by field in the Documents list view
  • correct Email field which is ambiguous in denormalized modules
  • return an empty string on null input to Escaper
  • fix Field Dependency Hiding blocks
  • do not show unavailable actions in Filters
  • GridEditor:
    • decode special characters for assigned user field
    • do not reset user IDs
  • show List View custom links under More Actions in the correct position
  • get the correct content for mail popup
  • removing old code to preserve basic search results for pagination in Popup
  • fix inconsistencies before exporting profiles
  • nicer layout and show the error message in the correct place for Taxes settings page
  • Workflow
    • delete include of inexistent file and conditionally load settings.js
    • eliminate duplicate code which has been moved to Settings.js and is causing conflicts in HTML
    • initialize current workflow module to none on load
  • Translations


April Insights

April May
Sonarqube April Sonarqube May

Thanks for reading.

Previous Post Next Post