Monday, May 23, 2022

Gmail OAuth2 Support

We silently released OAuth2 support for Gmail. In the old days, one could just use their user name and password to log into IMAP. However, this is considered not safe by Google and soon, users will not be able to connect their third party apps like Group Office to Gmail anymore.

A well-known and more secure way to connect to Gmail is through the OAuth2 protocol. This is an industry-wide authorization protocol. As per version 6.6.90, we have built in support for Gmail over OAuth2. 

Setting up Gmail in Group Office, Short Version

  1. Read the documentation on the Google Developer site;
  2. Read our own documentation for the long version of this HOWTO;
  3. Create an App on the Google Developer dashboard;
  4. Configure the OAuth2 client in the Group Office System Settings;
  5. In the email account panel, configure your Gmail account to use the configured OAuth2 client.
Steps 1 through 4 have to be done by the administrator, whereas with the proper permissions, any user can connect to their own Gmail account as long as the Google App allows this.

We decided not to share a Group Office Gmail app. Doing this in the official way requires a draconian number of steps (A movie? Seriously?) and in certain cases costs several thousands of US dollars. Not only do we not have this, it feels a bit like extortion. Keeping these apps small and personal-ish by not using any branding or other customization circumvents this.

Other OAuth2 Clients

In the near future we intend to build support for Microsoft environments as well. Other environments will follow as needed.

Tuesday, February 8, 2022

Group-Office on Ubuntu Impish 21.10 or higher

The latest Ubuntu ships with PHP 8.0. Unfortunately Group-Office is not quite ready for PHP 8 yet. This is because we use some dependencies like Ioncube and an open ID server that are not ready for PHP 8. The Group-Office core code actually runs on PHP 8.1 already but we are waiting for fixes by 3rd parties.

To workaround this problem you can install PHP 7.4 on Ubuntu 20.10 or newer. Open a terminal and follow the steps below.

First become root:

sudo -s

Install this repository for all the PHP versions:

add-apt-repository ppa:ondrej/php

Install PHP 7.4 with the required packages for Group-Office:

apt install php7.4 php7.4-mbstring php7.4-mysql php7.4-xml php7.4-curl \
php7.4-gd php7.4-intl php7.4-xsl

Set PHP 7.4 as default on the system:

update-alternatives --set php /usr/bin/php7.4

Disable PHP 8.0 for apache:

a2dismod php-8.0

Enable PHP 7.4 fort apache:

a2enmod php 7.4

Install the Ioncube loader if needed:

https://www.ioncube.com/loaders.php

Restart Apache2:

systemctl restart apache2


Now Group-Office will run!

Monday, January 24, 2022

How to manually patch Studio-generated modules in 6.6

After migrating from Group Office 6.5 to 6.6, a number of users reported that modules generated with the studio module were triggering exceptions. 

An automated correction script was released in version 6.6.26. This will help most end users. As per version 6.6.33, an administrator can try to patch studio generated modules through the CLI:

  • Open an SSH session or any other CLI session to your container or server.
  •  Navigate to the Group Office installation folder, which is commonly /usr/share/groupoffice or /usr/local/share/groupoffice
  • Run this command with root permissions: php cli.php business/studio/Studio/patch65to66  The output will look somewhat like:

Attempting to patch package studio, module beren...
Updating module class.
Updating model classes.
Updating controller classes.
Attempt successful!


After patching, you may want to check the permissions for your studio generated modules, depending on whether you wish to do some manual tinkering or you simply wish to regenerate the code.

Recent changes in leave days module

In the last six weeks of 2021, we spent a lot of time on the leave days module. This was partly due to recent changes in the code base and partly due to new insights. This post will sum them up for both our administrators and developers. The same goes for leave types. These were refactored into activities as part of the business module.

Under the Hood

As per Group Office 6.5, there has been a number of changes on a code level. This is mainly due to part of the functionality of the module being moved to the new business module. Since employee management was refactored into JMAP entities and properties, we had to refactor yearly budgets as well. A migration script was written in order to convert the old data into new data. We plan on refactoring the leave days module entirely in a later Group Office version. 

Yearly Budgets

Adding to that, one fundamental change was  implemented earlier this year. Whereas in 6.4 versions and earlier, leave hour budgets had to be assigned each year, in 6.5 this was silently abolished. Instead, when an employee is added to Group Office, the yearly budgets merely have to be applied once. Please note that when an employee starts during the year, the budget for that year is adjusted accordingly.

Special Leave

Special leave has been rewritten entirely. Compared to yearly holiday budgets, there are two important differences: 

  1. Special leave is commonly incidental, whereas normal holiday hours are recurring each year.
  2. When an employee gets special leave for a longer period, this is not dependent on a calendar year.
In order to tackle these differences, special leave is now its own activity type and will be treated separately from other leave types. When an employee requests special leave and it is approved, a separate leave budget is created and the employee can use this leave budget for their registration. Alternatively, a manager can define a special leave budget for an employee.

Final Word

Please refer to our documentation pages for the business and holidays modules for further information.

Monday, January 3, 2022

Group-Office 6.6 released

 We're proud to announce Group-Office version 6.6! This release comes with some great new features:

  • Rewritten Tasks module
  • User interface improvements
  • Redesigned notifications
  • Improved security
  • New permission system for modules

Tasks module

The tasks module has been rewritten from scratch. The user interface is responsive so it works on mobile devices and it takes advantage of the new framework features such as custom filters.

Tasks module


It also replaces jobs in the projects module. Tasks are now fully integrated in projects and time tracking:


Tasks replace jobs in projects

User interface improvements

We redesigned the app launcher:

New App launcher


The system settings module page is redesigned and searchable now:




Notifications

A new notification system alerts about new comments, tickets, events etc.:




Module permissions

A new permissions system allows us to create different permission types for modules. It also allows to give partial access to System settings. You can now give users access to manage users, groups and custom fields for example.

Module permissions



We hope you will enjoy these new features and upgrade to the latest version!

Monday, December 13, 2021

Apache Log4j vulnerability "Log4shell"

A very severe security vulnerability named "Log4shell" was found in Apache Log4j. You can read more about it here:

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

We are getting a lot of questions from customers who are concerned if Group-Office is affected by this vulnerability.

Luckily, I can say that Group-Office or it's dependencies never used this software. The Debian package of Group-Office uses the Apache webserver but this is different software.

That said, it might be that you've installed other package on the server that uses it. You can check this with this command:

dpkg -l | grep log4

Note: This makes sure the Debian package is not installed. But it doesn't check if it was installed by other means!




Friday, April 2, 2021

Group-Office 6.5 released

We're proud to announce Group-Office version 6.5. This version brings you various enhancements.

Smaller header bar

A small visual enhancement but with great benefits. We made the top bar smaller by integrating the navigation tabs into it. This gives you more space for the app.


Smarter employee management

Manage all employment settings from the user dialog. Manage activities, holiday hours and fees at one place. Holiday calculations are automatically made based on the employment agreements. The new business module is the base for time tracking, projects and financial modules.

Manage your businesses and activities


Manage the employee and agreements

History module

Get insight in what happened in detail with the new history logging module. It keeps track of everything. Even property changes are supported.

History module showing details of changes

Improved import and export

Import and export supports excel files now too and you can save column presets that you often use.

Various export options

Save your common used columns


New license system

We've made our license system easier. Instead of uploading files you can now register your key inside Group-Office.

Various

Also a lot of smaller changes were made like:
  • Core: Module dependencies are respected when installing
  • Comments: Editable date field
  • Address book: Removed starred functionality for performance reasons
  • Core: New global search design to improve performance on larger databases
  • Documenttemplates: add selectable folder option
  • Core: Default authentication domain is appended automatically when local user isn't available. This allows ldap users to login with their username without appending or selecting a domain. Removed the domain combo because it's no longer needed with this change.

Upgrading is recommended for everyone!