New Tryton release 4.2

Publié: 2016-11-28 18:00:00+00:00 release

We are proud to announce the 4.2 release of Tryton.

With this release, Tryton extends its scope to tailored user applications like Chronos and also as backend for webservice. A part of the effort was put also on closing the feature gap between the web and the desktop client. The web client is still a little bit behind in terms of features but at the current rate the gap will disappear in few releases. This release contains many bug fixes and performance improvements. Polish is now an official language of Tryton.

Of course, migration from previous series is fully supported.

Major changes for the user

  • The tabs in list view can now have a counter showing to the user the number of records under them. The feature is activated by default on tabs where the number should tend to zero thus providing some hint to the user about pending tasks.

    Tryton tab domain count Sao tab domain count
  • When creating a new record from the drop down menu of a relation, the form will have the value entered in the field as default value. This helps the user fill the form.

  • The buttons can now be configured to be clicked by a number of different users before being triggered. The user can see on the button how many clicks it already received and on the tooltip who clicked.

    Tryton button rule
  • With the recent Neso retirement the database management from the client has been removed. This improve the security of the system by removing a potential attack vector.

  • It is now possible to define for each record a different color on the calendar view. This allow to group records visually.

    Tryton calendar color
  • The icons of the relation field has been improved. The experiences have shown that the old version had drawbacks which confused some users. The result was that some users thought they were searching for a new record while actually they were editing it.

    Tryton old Many2One

    As a result the editing button has now been put in on the left and a new button to clear the current value has been put on the right of the field.

    Tryton new Many2One

The web client completes its sets of functionalities in order to be closer to desktop client. The new features implemented in this release are:

  • The CSV Import/Export.

    Sao export CSV
  • The calendar view based on the FullCalendar.

    Sao calendar view
  • Support for translated fields.

    Sao translate field
  • The Favorites menu.

    Sao favorite
  • The date picker is now locale aware.

  • Add support for column sorting.

  • Support for confirm attribute on the buttons.

Accounting

  • A comparison amount has been added on Balance Sheet and Income Statement, allowing the amounts to be compared with different date, fiscal year or periods.

    Balance Sheet comparison
  • The second currency of account is now enforced, closing the gap between the documentation and the code. Thus it is possible to compute the balance of such accounts in the account currency.

  • The creation of a tax can be quite complex. To ease the process, a testing wizard has been added allowing to see the result of the computation in order to validate the definition of the tax.

Invoicing

  • The payment term is no longer required. An invoice without payment term will create a single due line at the invoice date.
  • By default, the invoice reports are stored in the database when the invoice is posted to ensure the immutability of the document. But on large setup with a lot of invoices, the database becomes very huge and this can generate on overload and a waste of space for the backups. So a new configuration option has been added to store the invoice reports in the file store instead of the database. The option can be activated on existing databases. If the report is not found in the file store, the system will take the value found in the database as fallback.
  • The process to post invoices has been reviewed in order to have better performance when posting a large number of invoices.
  • The tax identifier of the company is stored on the invoice. This is useful when company has more than one identifier registered. By default, the system will take the first one.

Payments

  • A new group for Payment Approval has been added in order to have finer grained access to the functionalities.
  • The amount to pay of the invoice is now decreased by the amount of the related payments.
  • It is now possible to block the payment of a line.
  • It is possible to configure the module to always use the RCUR option for a SEPA mandate, as this is allowed by the European Payment Council since November 2016.
  • A statement line for an existing payment will mark the latter as succeeded or failed depending on the sign when the statement is validated. This ease the management of the payment state as some banks credit the bank account first and later if the payment fails, they debit it.
  • The statement line can also refer to payment group instead of individual payment. This is useful when the bank statement contains only one operation.

Analytic

  • Many redundant fields with the account lines have been removed on the line. This simplifies the encoding and avoids mistakes.
  • A new type of analytic account has been introduced for distribution. The analytic lines will be divided when used with such account into many lines accordingly to the distribution ratio defined per sub-accounts.
  • The move line has now an analytic state which defines if the amount of the line is correctly set in each analytic axis/roots. This applies by default only on income lines. A menu entry allow to search for all lines that needs analytic correction.
  • The analytic chart enforces now the company consistency. It is no longer possible to attach an account to an axis of a different company.
  • The supplier invoice for a depreciable asset does not create analytic lines on posting. Indeed the analytic lines creation is postponed to depreciation moves.

Party

  • A more generic address design has been added. It supports as many lines as needed for the streets instead of the previous limitation of two lines. Also the formatting of the address can be configured per country and language. The formats for about 65 countries are preconfigured.
  • A common problem with referential data like party is the duplication. It is common that the same party ended to be created twice in the system. For such issue, Tryton has now a wizard that allow to merge one party into another. The merged party is inactivated to prevent new usage and the remaining one inherits from all the documents. For example, the receivable amount will contain the sum of both parties.
  • SEPA Creditor identifier is now validated and unified into the party identifiers.
  • Phone numbers are automatically formatted now using the phonenumbers library.

Product

  • A new relate from products to variants has been added in order to ease the navigation between them.

Purchase

  • As the payment term is no longer required on the invoice, the same applies also to the purchase.

Request

  • It is now possible to create a purchase request without product. In such case, a description is required and will be used for the creation of the purchase line.
  • When converting request into purchase, the requests containing the same product with the same unit will be merged into the same purchase line. This simplifies the purchase order.

Requisition

A new module for managing purchase requisitions has been added. It allows users to create their purchase requisitions which will be approved or rejected by a member of the Approval group. On approval, purchase requests will be created.

Sale

  • As the payment term is no longer required on the invoice, the same applies also to the sale.

Stock

  • A lead time can be configured for internal shipments between warehouses. In such case the internal shipment uses a transit location during the time between the shipping and the reception.
  • A relate has been added to the location to show lots and their quantities inside the location.
  • The default location defined on the product is used in the output of production. This unifies the behaviour of this feature with incoming shipments.
  • The supply period of a supplier is configurable now. Before it was always 1 day.

Package Shipping

A new set of modules has been published. They provide integration with shipping services for printing labels and store shipping references per packages of shipments.

Two services are currently supported UPS and DPD.

Carrier

  • It is possible to restrict the usage of carriers per country of origin and destination. Other criteria can be easily added. The carrier selection is already enforced by default on sales.

Timesheet

  • A Web-Extension named Chronos has been published. It allows to quickly encode timesheet entries using the new user application API (see below). The application supports to work offline and synchronises when the user is back online.

    Chronos

    It will be available soon on the different browser markets.

  • It is now possible to define a start and an end date for the employees. In such case, they will not be allowed to encode timesheet outside the period.

  • The work has be simplified by removing the tree structure. It was considered redundant with the tree structure of the projects.

Project

  • The timesheet works are created automatically from the project form. This simplifies the management of projects.

Production

  • Thanks to the new lead time per BoM and routing, start dates can be computed for productions. This allows to have a better schedule of the production needs for long running productions.

Following the work on previous versions, the production area has received two new modules to extend its functionalities:

Work Timesheet

It allows to track the time spent per production work.

Split

Similar to the stock_split module, this module allows to split a production into several units.

Major changes for the developer

  • The desktop client support GTK-3 thanks to the pygtkcompat module. The support is still experimental and can be tested by setting GTK_VERSION=3 in the environment. The plan is to switch completely to GTK-3 in one year.
  • The server provides now a way to connect URL rules to a callable endpoint. This feature comes with a set of wrappers to simplify the work of the developer like instantiating the pool of the database name found in the URL or start the transaction with automatic retry on operational error. But the more interesting wrapper is the user_application which allows to authenticate a user with a key for a specific sets of endpoints. This feature allows to create applications that do not need to login on each use. Chronos is an example of such application.
  • The translations now support derivative languages. Most of the main language has been renamed without their country code. This allowed the merge of all the Latin American Spanish translations under one common language deriving from Spanish.
  • It is now possible to configure Binary fields to store the data in file store by setting the attribute file_id to the name of the char column which will contain the file store identifier.
  • A new level of access rights has been added targeting the buttons. It allows to define how many different users must click on the button to actually trigger it.
  • It is possible to configure a different cache than the MemoryCache. It just needs to define the fully qualified name of an alternative class in the cache configuration section.
  • A new widget has been implemented in the clients for the Char field that stores PYSON expression. The widget displays a human readable representation of the expression and uses an evaluated dump of the expression as internal value.
  • The read-only states for the fields xxx2Many is now limited only to the addition and suppression of records. The target records must manage themselves the read-only state for edition. This behavior allows for example to still edit the note field of a line of a validated sale while other fields are read-only.
  • To speed up the tests and especially the scenario, a new option has been added that allows to store clean dumps of database (per module installed). A dump will automatically be loaded instead of creating a new database, this operation is way faster. Of course, the developer is responsible for clearing the cache when the database schema definition has been modified.
  • A new mixin has been added to generalize the common pattern of ordering record with a sequence field. It is named sequence_ordered and can be customized with the name and the label of the sequence field, the default order and if null first must be used.

Authentication

The login process has been reworked to be very customizable. It is now possible to plug any authentication factors without the need to adapt the clients.

SMS

The authentication_sms module allows to send by SMS a code to the mobile phone of the user that he will have to enter to proceed with the login.

Web

The module web_user is the first of a new set of module which aims to provide facilities to developers who want to use Tryton as backend for web development.

Back from Barcelona

Publié: 2016-11-22 10:00:00+00:00 TUB2016

Tryton Unconference Barcelona 2016

The annual Tryton Unconference took place this year in the nice city of Barcelona. The event was locally organized by NaN-tic and hosted at the Mobile world centre.

This edition was a great success with more than 60 participants who followed the 18 talks and participated to the different dinners and about 25 developers for the sprint.

TUB2016

Conference

The conference was divided in two days. The first day was dedicated to business talks where we discovered among others the new features of the release 4.2. We also learned about some use cases about billiard balls manufacture, insurance sector or advocate office etc. The first day closed on the foundation meeting where the accounting of the foundation was presented, followed by discussion on how to improve the mission of the foundation.

The second day was more oriented to the attention of the developers. Many talks were talking about performance with some impressive numbers like the generation of 1 million invoices in 1 hour. Others talks were about how to use some of the new features of Tryton like the distributed transactions, the development of user applications or the new pluggable authentication system.

The videos recorded and the slides of the speakers are published.

/images/tub2016-conference.jpg

Sprint

25 developers joined the NaN-tic office to sprint during 3 days. 11 of them achieved to have at least one patch pushed into the repository and for some of them it was the first one. Others worked on improving the documentation and some blueprints for future new features. Even if the sprint is finished, it still influences the project as many continue to contribute which is the main goal of the sprint: to onboard new developers. Another result of the sprint is the creation of a monthly remote sprint to keep the good spirit.

/images/tub2016-sprint.jpg

Come and join us next year to enjoy the event!

Security Release for issue5795 and issue5808

Publié: 2016-08-31 10:00:00+00:00 release security

Synopsis

Two vulnerabilities in trytond have been found by Cédric Krier.

The CVE-2016-1241 allows an authenticated user to read the hashed password of other users. The exploitation is not easy thanks to the existing protection of Tryton against such leak. Those protections are usage of strong hash method (bcrypt or sha1) and the salt of the password with random data (protection against rainbow tables).

The CVE-2016-1242 allows an authenticated user with write access to report or icon definition to make the server opens any readable file. By default, only the administrator group has such right access.

Workaround

There is no workaround for CVE-2016-1241.

For CVE-2016-1242, the modification rights could be removed to all users for the report and icon records.

Resolution

All users should upgrade trytond to the latest version.

It is recommended that every user changes his password.

Affected versions per series: <=3.2.16, <=3.4.13, <=3.6.11, <=3.8.7 and <=4.0.3

Non affected versions per series: >=3.2.17, >=3.4.14, >= 3.6.12, >=3.8.8 and >=4.0.4

Concern?

Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security.

Tryton Unconference Barcelona 2016

Publié: 2016-08-18 10:00:00+00:00 TUB2016

This year the annual Tryton Unconference will come back to Barcelona from the 17th to 21st of October at the Mobile world centre.

This will be the sixth edition. Users, developers and interested people will have the opportunity to discover or talk about Tryton.

This year the first day will be dedicated to business oriented talks. And the second day will remain more focused on developer talks.

Talk proposals and schedule are managed on Lanyrd.

A Sprint is planned to be organised the 19th, 20th and 21st. The place will be announced later.

Registration is available at TUB 2016.

If you want to request a talk on a specific topic, you can send your request to the Tryton mailing list. If you have question about the organisation, please contact the foundation at foundation@tryton.org.

And don't forget to spread the word! #TUB2016

Neso retirement

Publié: 2016-06-20 12:00:00+00:00 neso
It was decided to stop the development of Neso, our standalone client/server. So the last working version of neso will be 3.8.2. See issue5642 for more details.

Security Announce for issue5570

Publié: 2016-06-15 12:00:00+00:00 security

Synopsis

A missing access right has been found by Cédric Krier for the Model 'product.product-production.bom'. That allows a malicious authenticated user to write, create or delete records of this type (see issue5570).

Impact

Any authenticated user can modify the links between products and BoM's.

Resolution

All users should create manually a default model access which limits to read only and a second model access limited to the group "Production Administration" with full access.

Affected versions: all versions of production module prior to series 4.0 included.

Non affected version: all versions of production module after series 4.0 non-included.

References

Concern?

Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security.

Translation Release for series 4.0

Publié: 2016-05-11 10:00:00+00:00 release

Due to an issue with Pootle, the initial release of series 4.0 is missing many translations. So we decided to make new set of releases with the correct translations even if it breaks rule of no database updates for bug fix releases.

If you have already updated your server to the series 4.0, you need to also update the database for this bug fix release. Sorry for the inconvenient.

New Tryton release 4.0

Publié: 2016-05-02 18:00:00+00:00 release

We are proud to announce the 4.0 release of Tryton.

This is the first release of Tryton that adds support for Python 3. The server and most of the modules support it. The missing modules are mainly the ones using the WebDAV and LDAP. The client will be ported once GTK-3 support is added. The release sees also a large refactoring of the protocol stack which was previously based on the SimpleHTTPServer of Python. Now it uses a WSGI application running on the Werkzeug server by default. Any WSGI server can be used to run Tryton, this removes the design constraint of single threaded process and opens the way for using workers. All modules have been reviewed to enforce the naming convention about the document identification. The name "code" is used for all referential documents like parties, product. The name "number" is used for the internal identification of all operational documents like sales, purchases, invoices etc. And finally, the name "reference" is used for identifications from external systems like the sale order number of the supplier of your purchase. Two new languages are now available on default installation the Lao and the Simplified Chinese.

As Richard Stallman reminded to us, the migration from previous series is fully supported.

Major changes for the user

  • The new note functionality handles the management system for general textual notes on any arbitrary model in Tryton. On click it opens a notes dialog, where the user can maintain notes. The read state of every note is managed per user. Like the attachments, the icon in the tool-bar visualizes when there are notes on a model.

    Tryton note Sao note
  • The CSV import and export has been highly reworked for a better experience. The import dialog now supports drag and drop to order the selected columns like the CSV export wizard. Both wizards are able to use any of the encodings available in Python. It is now possible to configure the CSV parameters for the export result.

    Export CSV
  • The charts provided by the graph view have been improved. Now they use softer colors, thinner lines and smaller arcs. On the background, dash style is used instead normal line for axis representation. A smart transparency value is applied for filling lines to always show through it.

  • A new button in the scheduler allows running a job once, useful to run jobs on demand or to test new settings.

Accounting

  • The report design of the General Ledger, Trial Balance and Aged Balance has been re-worked. They are now based on the new dynamic views. This provides a performance burst and allows to filter the records more precisely. In addition to the previous printable output, they also gain the CSV export which is useful to perform specific operations in a spreadsheet application.

    General Ledger
  • A date field is added to the Aged Balance, to modify the date on which the calculations are based. With this feature, it is possible to generate reports based on a past date as if it would have been generated by ignoring reconciliation that happened after that date.

  • The functionality of Third Party Balance is merged into the Aged Balance. We found that the Third Party Balance computed the same data as the Aged Balance with the type Customers and Suppliers.

Party

  • The Name field on party is no longer required for input. This solves a long standing request to be able to maintain parties where the name is not known on creation.

Product

  • A configuration form is added to the product module with these options:

    • The default value for Use Category fields.
    • The default value for the Cost Price Method.
  • It was not always easy to explain the design of products with the templates, especially when it was not really relevant for the current business. So we have redesigned both views to be very similar and indeed they use the exact same design. The fields, that do not exist on the product, are automatically replaced by the value of the template.

    Product Variant
  • The field Category is replaced by a Categories field, to support the ability of adding many categories to one product. This is very useful for example to create multi-axis categories for web shop.

Classification

This new module defines the reference basis to create different kinds of classifications for products. It adds a generic field Classification on the product form.

Classification Taxonomic

This new module introduces the taxonomic classification of products as an example using the new Classification module. It includes classifications by Taxon and by Cultivar.

Purchase

  • The field Delivery Time on product supplier is replaced by Lead Time which increases the precision from days to microseconds.
  • For each warehouse, it is now possible to define the location where the goods are picked in case of supplier return. If this location is not defined, the default storage will be used.

Request

The purchase request functionalities have been decoupled from stock_supply and sale_supply modules into a new separate module named purchase_request. This is to prepare future work that will use only purchase requests without the need of other stock_supply features.

  • A new state Exception is added to the purchase request. This is useful to manage cancelled purchase when linked to drop shipments.

Sale

  • The field Delivery Date on model Sale Line is renamed into Shipping Date to avoid any confusion.
  • The field Delivery Time on product form is replaced by Lead Time which increases the precision from days to microseconds.
  • The custom history management on Sale Opportunity is replaced by the general revision functionality of the client. This increases its precision and works automatically for any new fields.

Stock

  • The address of the destination warehouse of the Internal Shipment is now displayed on the report.
  • Now it is possible to manually do a move with the new Do button. This is useful for example to get correct accounting when you have long living productions.
  • Supplier return shipments now have a supplier and a delivery address fields. Those fields will be automatically populated for shipments created from purchase.

Production

Routing

This new module defines the routings, steps and operations for productions. A routing is a list of ordered steps and each step is defined by a generic operation.

Work

This new module completes the routing module by creating the Works of a production based on its routing. A Work is linked to a Work Center which defines the cost using one of these two methods: Per Cycle or Per Hour. The cost of a work is computed using the Cycles created on it and later added to the global cost of the production.

Major changes for the developer

  • The domains are now accepting a new parent_of operator which recursively returns all the records that are parents of the searched records. This is the opposite of the existing child_of operator.
  • It is now possible to inherit from a view that already inherits another view from a different model.
  • The new where domain operator is useful when you need to search on a xxx2Many with a full sub-domain instead of separated clauses. It has the advantage to avoid to fetch an intermediary result by using a sub-query.
  • The Transaction design has been reworked to be closer to the design defined by the PEP-0249. This new design allows to support nested transactions. It also supports multiple cursors for the same transaction, reducing the memory consumption when iterating over large result sets.
  • A new context model is introduced, to save the trouble of writing simple wizards for configuring reports by setting some values in the context. With this new design, the developer can define a model for which each field will define the values of the context. The form of this model will be displayed on top of the view and the view will be automatically reloaded when the context is changed.
  • Now its possible to have reports in plain, XML, HTML and XHTML reports. With this change the report infrastructure can be reused for example to design email templates.
  • This release adds support for the Two-Phase commit protocol which allows to coordinate distributed transactions. By default, Tryton uses a single transaction from the database back-end. But when Tryton has to communicate with other systems, it is good to use TPC to keep data integrity. The implementation follows the API of the Zope Data Manager. The data managers of the Zope community can be used within Tryton.
  • Thanks to the two-phase commit protocol now mails can be sent when the transaction is committed, so if something goes wrong and the transaction is rolled back no mails are sent.

Accounting

  • The reconciliation process now stores the date of the reconciliation. By default, it is the highest date of the reconciled lines. This allows to filter reconciled lines based on this date, for example to generate a report with the unreconciled lines before a specific date.

  • The Credit Notes have been merged into the Invoices. They are now standard invoices with negative quantities. This allows to easily group both types into a single document. The numbering can still be differentiated depending on the sign of the lines.

    Note: with the merge of Invoice and Credit Note, the signs of the taxes for Credit Note must be inverted manually.

Product

  • Uom.round is now an instance method which makes more sense according to its signature.

Purchase

  • The Purchase has received a done transition like the Sale to allow extensions to perform some action when this transition is performed.
  • It is now possible to search Purchase Requests using the Purchase field.

WebDAV

WebDAV has been decoupled from trytond into a separate module which improves the modularity of the system. Indeed many setups do not use the WebDAV so it was a little bit bloated to have it into the base. Also dependencies of this module prevented to add the support of Python 3 to trytond. So, for now, the WebDAV protocol is managed by a separated process but it will probably return in the future into the main process.

I Jornadas Tryton in Barcelona - Call for talks

Publié: 2016-03-24 00:51:07+00:00 jornadas

As already announced on the Spanish mailing list, several Spanish companies who provide services around Tryton are organizing the I Jornadas Tryton in Barcelona, which will be held on 23th and 24th May at an excellent location, the Mobile World Centre.

The plan is that the content of the conference will be split between user-oriented on Monday 23th and developer-oriented on Tuesday 24th.

Subscription is already open at Eventbrite.

Yet the event will not succeed without your participation, so it's time to collect your proposals to make a presentation for the event, which will be held in Spanish.

Topics may target users or developers and can include, among others:

Do not hesitate to send us your proposal. We're looking forward to learn about what you know and how Tryton is changing businesses around you.

Just send an e-mail to jornadas.tryton@gmail.com before 17th April with a short explanation of what your talk will be about.

Tryton Unconference 2016 - Call for locations

Publié: 2016-03-23 14:05:31+00:00 TUL

After last year's excellent Tryton Unconference in Buenos Aires, the Tryton Foundation already started to think about this year's unconference, which will be held just after 4.2 release due in autumn.

If you're interested as an individual or organization to host TUx 2016 (our sixth unconference already!) do not hesitate to send your application to foundation@tryton.org before 30th April.

Which city will follow Liège, Barcelona, Leipzig and Buenos Aires?