Release OpenProject 12.2.1

Author: oliverguenther

.github/CODEOWNERS

@@ -0,0 +1,15 @@
+# Frontend rules
+*.js @opf/frontend
+*.ts @opf/frontend
+
+# Backend rules
+*.rb @opf/backend
+
+# docs rules
+/docs/ @opf/doc-writers
+
+# Tech doc rules
+/docs/development @opf/tech-writers 
+/docs/installation-and-operations @opf/tech-writers 
+/docs/system-admin-guide @opf/tech-writers 
+/docs/api @opf/tech-writers @opf/backend

app/helpers/static_links_helper.rb

@@ -37,4 +37,13 @@ def static_link_to(key, label: nil)
             class: 'openproject--static-link',
             target: '_blank', rel: 'noopener'
   end
+
+  ##
+  # Link to the correct installation guides for the current selected method
+  def installation_guide_link
+    val = OpenProject::Configuration.installation_type
+    link = OpenProject::Static::Links.links[:"#{val}_installation"] || OpenProject::Static::Links.links[:installation_guides]
+
+    link[:href]
+  end
 end

app/helpers/warning_bar_helper.rb

@@ -40,7 +40,7 @@ def render_host_and_protocol_mismatch?
   end
 
   def setting_protocol_mismatched?
-    request.ssl? != OpenProject::Configuration.secure_connection?
+    request.ssl? != OpenProject::Configuration.https?
   end
 
   def setting_hostname_mismatched?

app/models/journal.rb

@@ -101,6 +101,14 @@ def previous
     predecessor
   end
 
+  def successor
+    @successor ||= self.class
+                       .where(journable_type:, journable_id:)
+                       .where("#{self.class.table_name}.version > ?", version)
+                       .order(version: :asc)
+                       .first
+  end
+
   def noop?
     (!notes || notes&.empty?) && get_changes.empty?
   end

app/models/setting/aliases.rb

@@ -33,7 +33,7 @@ module Aliases
     ##
     # Restore the previous Setting.protocol now replaced by https?
     def protocol
-      if OpenProject::Configuration.secure_connection?
+      if OpenProject::Configuration.https?
         'https'
       else
         'http'

app/services/journals/create_service.rb

@@ -177,22 +177,25 @@ def create_journal_sql(predecessor, notes)
     def cleanup_predecessor_data(predecessor)
       cleanup_predecessor(predecessor,
                           data_table_name,
-                          :id)
+                          :id,
+                          :data_id)
     end
 
     def cleanup_predecessor_attachable(predecessor)
       cleanup_predecessor(predecessor,
                           'attachable_journals',
-                          :journal_id)
+                          :journal_id,
+                          :id)
     end
 
     def cleanup_predecessor_customizable(predecessor)
       cleanup_predecessor(predecessor,
                           'customizable_journals',
-                          :journal_id)
+                          :journal_id,
+                          :id)
     end
 
-    def cleanup_predecessor(predecessor, table_name, column)
+    def cleanup_predecessor(predecessor, table_name, column, referenced_id)
       return "SELECT 1" unless predecessor
 
       sql = <<~SQL
@@ -204,7 +207,7 @@ def cleanup_predecessor(predecessor, table_name, column)
       SQL
 
       sanitize sql,
-               column => predecessor.id
+               column => predecessor.send(referenced_id)
     end
 
     def update_or_insert_journal_sql(predecessor, notes)

app/views/warning_bar/_host_and_protocol_mismatch.html.erb

@@ -3,12 +3,13 @@
 
   <% if setting_protocol_mismatched? %>
     <p>
-      <strong><%= t 'warning_bar.protocol_mismatch.title' %></strong>
+      <strong><%= t 'warning_bar.https_mismatch.title' %></strong>
       <br/>
-      <%= t 'warning_bar.protocol_mismatch.text_html',
+      <%= t 'warning_bar.https_mismatch.text_html',
             set_protocol: Setting.protocol,
             actual_protocol: request.ssl? ? 'https' : 'http',
-            setting_path: admin_settings_general_path
+            setting_value: request.ssl? ? 'OPENPROJECT_HTTPS=true' : 'OPENPROJECT_HTTPS=false',
+            more_info_path: installation_guide_link
       %>
     </p>
   <% end %>

config/configuration.yml.example

@@ -208,9 +208,6 @@ default:
   #
   # rails_relative_url_root: ""
 
-  # whether to force ssl in production
-  rails_force_ssl: false
-
   # Absolute path to the directory where attachments are stored.
   # The default is the 'files' directory in your OpenProject instance.
   # Your OpenProject instance needs to have write permission on this

config/constants/settings/definition.rb

@@ -381,6 +381,8 @@ def load_yaml(source)
     def cast(value)
       return nil if value.nil?
 
+      value = value.call if value.respond_to?(:call)
+
       case format
       when :integer
         value.to_i
@@ -391,11 +393,7 @@ def cast(value)
       when :symbol
         value.to_sym
       else
-        if value.respond_to?(:call)
-          value.call
-        else
-          value
-        end
+        value
       end
     end
 

config/constants/settings/definitions.rb

@@ -666,16 +666,16 @@
       writable: false
 
   # Assume we're running in an TLS terminated connection.
-  # This does not affect HSTS, use +rails_force_ssl+ for that.
   add :https,
       format: :boolean,
-      default: Rails.env.production?,
+      default: -> { Rails.env.production? },
       writable: false
 
-  # Enable HTTPS and HSTS
-  add :rails_force_ssl,
+  # Allow disabling of HSTS headers and http -> https redirects
+  # for non-localhost hosts
+  add :hsts,
       format: :boolean,
-      default: Rails.env.production?,
+      default: true,
       writable: false
 
   add :registration_footer,

config/environments/production.rb

@@ -74,19 +74,30 @@
   # Store uploaded files on the local file system (see config/storage.yml for options)
   # config.active_storage.service = :local
 
-  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  config.force_ssl = ActiveModel::Type::Boolean.new.cast(OpenProject::Configuration['rails_force_ssl'])
+  # When https is configured, Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # Allow disabling HSTS redirect by using OPENPROJECT_HSTS=false
+  config.force_ssl = OpenProject::Configuration.https?
   config.ssl_options = {
     # Disable redirect on the internal SYS API
     redirect: {
+      hsts: OpenProject::Configuration.hsts_enabled?,
       exclude: ->(request) do
+        # Disable redirects when hsts is disabled
+        return true unless OpenProject::Configuration.hsts_enabled?
+
         # Respect the relative URL
         relative_url = Regexp.escape(OpenProject::Configuration['rails_relative_url_root'])
+
         # When we match SYS controller API, allow non-https access
-        request.path =~ /#{relative_url}\/sys\// || request.path =~ /#{relative_url}\/health_checks/
+        return true if request.path =~ /#{relative_url}\/sys\//
+
+        # When we match health checks
+        return true if request.path =~ /#{relative_url}\/health_checks/
+
+        false
       end
     },
-    secure_cookies: true
+    secure_cookies: OpenProject::Configuration.https?
   }
 
   # Set to :debug to see everything in the log.

config/initializers/session_store.rb

@@ -79,7 +79,7 @@ def update_entry_ttl?(session, options)
 session_options = {
   key: config['session_cookie_name'],
   httponly: true,
-  secure: config.secure_connection?,
+  secure: config.https?,
   path: relative_url_root
 }
 

config/locales/crowdin/af.yml

@@ -267,14 +267,13 @@ af:
     deletion_info:
       heading: "Delete placeholder user %{name}"
       data_consequences: >
-        All occurrences of the placeholder user (e.g., as assignee, responsible or other user values) will be reassigned to an account called "Deleted user".
-        As the data of every deleted account is reassigned to this account it will not be possible to distinguish the data the user created from the data of another deleted account.
+        All occurrences of the placeholder user (e.g., as assignee, responsible or other user values) will be reassigned to an account called "Deleted user". As the data of every deleted account is reassigned to this account it will not be possible to distinguish the data the user created from the data of another deleted account.
       irreversible: "This action is irreversible"
       confirmation: "Enter the placeholder user name %{name} to confirm the deletion."
     upsale:
       title: Placeholder users
       description: >
-        Placeholder users are a way to assign work packages to users who are not part of your project. They can be useful in a range of scenarios; for example, if you need to track tasks for a resource that is not yet named or available, or if you don’t want to give that person access to OpenProject but still want track tasks assigned to them.
+        Placeholder users are a way to assign work packages to users who are not part of your project. They can be useful in a range of scenarios; for example, if you need to track tasks for a resource that is not yet named or available, or if you don’t want to give that person access to OpenProject but still want to track tasks assigned to them.
   prioritiies:
     edit:
       priority_color_text: |
@@ -1248,7 +1247,7 @@ af:
   error_enterprise_activation_user_limit: "Your account could not be activated (user limit reached). Please contact your administrator to gain access."
   error_enterprise_token_invalid_domain: "The Enterprise Edition is not active. Your Enterprise token's domain (%{actual}) does not match the system's host name (%{expected})."
   error_failed_to_delete_entry: 'Failed to delete this entry.'
-  error_in_dependent: "Error attempting to alter dependent object: %{dependent_class} #%{related_id} - %{related_subject}: %{error}"
+  error_in_dependent: "Error attempting to alter dependent object: %{dependent_class} #%{related_id} - %{related_subject}: %{error}" #%{related_id} - %{related_subject}: %{error}"
   error_in_new_dependent: "Error attempting to create dependent object: %{dependent_class} - %{related_subject}: %{error}"
   error_invalid_selected_value: "Invalid selected value."
   error_journal_attribute_not_present: "Journal does not contain attribute %{attribute}."
@@ -1387,17 +1386,11 @@ af:
     update_info_mail:
       body: >
         We are excited to announce the release of OpenProject 12.0. It's a major release that will hopefully significantly improve the way you use OpenProject.
-
         Starting with this release, we are introducing in-app notifications. From now on, you will receive notifications for updates to work packages directly in OpenProject. You can mark these notifications as read, reply to a comment or even directly modify work package attributes without leaving the notification center.
-
         This also means that we will no longer be using emails for notifications. We think the new notification center is a better place to view and act upon these updates. Nevertheless, if you would like continue receiving updates via email, you can choose to receive daily email reminders at particular times of your choosing.
-
         Please make sure to verify your new default notification settings, and set your preferences for notifications and email reminders via your account settings. You can do this through the “Change email settings” button bellow.
-
         We hope you find in-app notifications useful and that they makes you even more productive.
-
-        Sincerely,
-        The OpenProject team
+        Sincerely, The OpenProject team
       body_header: 'Version 12.0 with Notification Center'
       body_subheader: 'Nuus'
       subject: 'Important changes to notifications with the release of 12.0'
@@ -1612,6 +1605,7 @@ af:
   label_index_by_title: "Indekseer volgens titel"
   label_information: "Inligting"
   label_information_plural: "Inligting"
+  label_installation_guides: 'Installation guides'
   label_integer: "Heelgetal"
   label_internal: "Interne"
   label_introduction_video: "Introduction video"
@@ -2878,10 +2872,10 @@ af:
   warning_protocol_mismatch_html: >
 
   warning_bar:
-    protocol_mismatch:
-      title: 'Protocol setting mismatch'
+    https_mismatch:
+      title: 'HTTPS mode setup mismatch'
       text_html: >
-        Your application is running with its protocol setting set to <code>%{set_protocol}</code>, but the request is an <code>%{actual_protocol}</code> request. This will result in errors! Go to <a href="%{setting_path}">System settings</a> and change the "Protocol" setting to correct this.
+        Your application is running with HTTPS mode set to <code>%{set_protocol}</code>, but the request is an <code>%{actual_protocol}</code> request. This will result in errors! You will need to set the following configuration value: <code>%{setting_value}</code>. Please see <a href="%{more_info_path}">the installation documentation</a> on how to set this configuration.
     hostname_mismatch:
       title: 'Hostname setting mismatch'
       text_html: >

config/locales/crowdin/ar.yml

@@ -267,14 +267,13 @@ ar:
     deletion_info:
       heading: "Delete placeholder user %{name}"
       data_consequences: >
-        All occurrences of the placeholder user (e.g., as assignee, responsible or other user values) will be reassigned to an account called "Deleted user".
-        As the data of every deleted account is reassigned to this account it will not be possible to distinguish the data the user created from the data of another deleted account.
+        All occurrences of the placeholder user (e.g., as assignee, responsible or other user values) will be reassigned to an account called "Deleted user". As the data of every deleted account is reassigned to this account it will not be possible to distinguish the data the user created from the data of another deleted account.
       irreversible: "This action is irreversible"
       confirmation: "Enter the placeholder user name %{name} to confirm the deletion."
     upsale:
       title: Placeholder users
       description: >
-        Placeholder users are a way to assign work packages to users who are not part of your project. They can be useful in a range of scenarios; for example, if you need to track tasks for a resource that is not yet named or available, or if you don’t want to give that person access to OpenProject but still want track tasks assigned to them.
+        Placeholder users are a way to assign work packages to users who are not part of your project. They can be useful in a range of scenarios; for example, if you need to track tasks for a resource that is not yet named or available, or if you don’t want to give that person access to OpenProject but still want to track tasks assigned to them.
   prioritiies:
     edit:
       priority_color_text: |
@@ -1045,7 +1044,6 @@ ar:
     errors: "خطأ"
     project_custom_fields: 'Custom fields on project'
     x_objects_of_this_type:
-      zero: 'No objects of this type'
       one: 'One object of this type'
       other: '%{count} objects of this type'
     text:
@@ -1316,7 +1314,7 @@ ar:
   error_enterprise_activation_user_limit: "Your account could not be activated (user limit reached). Please contact your administrator to gain access."
   error_enterprise_token_invalid_domain: "The Enterprise Edition is not active. Your Enterprise token's domain (%{actual}) does not match the system's host name (%{expected})."
   error_failed_to_delete_entry: 'Failed to delete this entry.'
-  error_in_dependent: "Error attempting to alter dependent object: %{dependent_class} #%{related_id} - %{related_subject}: %{error}"
+  error_in_dependent: "Error attempting to alter dependent object: %{dependent_class} #%{related_id} - %{related_subject}: %{error}" #%{related_id} - %{related_subject}: %{error}"
   error_in_new_dependent: "Error attempting to create dependent object: %{dependent_class} - %{related_subject}: %{error}"
   error_invalid_selected_value: "Invalid selected value."
   error_journal_attribute_not_present: "Journal does not contain attribute %{attribute}."
@@ -1455,17 +1453,11 @@ ar:
     update_info_mail:
       body: >
         We are excited to announce the release of OpenProject 12.0. It's a major release that will hopefully significantly improve the way you use OpenProject.
-
         Starting with this release, we are introducing in-app notifications. From now on, you will receive notifications for updates to work packages directly in OpenProject. You can mark these notifications as read, reply to a comment or even directly modify work package attributes without leaving the notification center.
-
         This also means that we will no longer be using emails for notifications. We think the new notification center is a better place to view and act upon these updates. Nevertheless, if you would like continue receiving updates via email, you can choose to receive daily email reminders at particular times of your choosing.
-
         Please make sure to verify your new default notification settings, and set your preferences for notifications and email reminders via your account settings. You can do this through the “Change email settings” button bellow.
-
         We hope you find in-app notifications useful and that they makes you even more productive.
-
-        Sincerely,
-        The OpenProject team
+        Sincerely, The OpenProject team
       body_header: 'Version 12.0 with Notification Center'
       body_subheader: 'الأخبار'
       subject: 'Important changes to notifications with the release of 12.0'
@@ -1680,6 +1672,7 @@ ar:
   label_index_by_title: "فهرسة حسب العنوان"
   label_information: "معلومات"
   label_information_plural: "معلومات"
+  label_installation_guides: 'Installation guides'
   label_integer: "عدد صحيح"
   label_internal: "داخلي"
   label_introduction_video: "Introduction video"
@@ -1993,19 +1986,15 @@ ar:
   label_x_closed_work_packages_abbr:
     one: "1 مغلقة"
     other: "%{count} مغلق"
-    zero: "0 closed"
   label_x_comments:
     one: "1 comment"
     other: "%{count} تعليقات"
-    zero: "no comments"
   label_x_open_work_packages_abbr:
     one: "1 open"
     other: "%{count} مفتوح"
-    zero: "0 open"
   label_x_projects:
     one: "1 project"
     other: "%{count} مشاريع"
-    zero: "no projects"
   label_yesterday: "الأمس"
   label_role_type: "النّوع"
   label_member_role: "دور المشروع"
@@ -2960,10 +2949,10 @@ ar:
   warning_protocol_mismatch_html: >
 
   warning_bar:
-    protocol_mismatch:
-      title: 'Protocol setting mismatch'
+    https_mismatch:
+      title: 'HTTPS mode setup mismatch'
       text_html: >
-        Your application is running with its protocol setting set to <code>%{set_protocol}</code>, but the request is an <code>%{actual_protocol}</code> request. This will result in errors! Go to <a href="%{setting_path}">System settings</a> and change the "Protocol" setting to correct this.
+        Your application is running with HTTPS mode set to <code>%{set_protocol}</code>, but the request is an <code>%{actual_protocol}</code> request. This will result in errors! You will need to set the following configuration value: <code>%{setting_value}</code>. Please see <a href="%{more_info_path}">the installation documentation</a> on how to set this configuration.
     hostname_mismatch:
       title: 'Hostname setting mismatch'
       text_html: >